Skip to content

Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies:   Nakedsecurity Sophos Blogsite

This is the important part:

1. Hackers hack and penetrate your systems, including customer databases

2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)

2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.

3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.

 

So what just happened?

A. your server inattention has caused your customers their data and the relationship with you is now harmed.

B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.

cryptolocker-ransomwaremessage  This is a Cryptolocker2.0 message

We must figure out how to restore before the hack.

How do you know? Test, test, and test keep your datapoints

We are all about  testing here at Fixvirus.com   Contact us to help you in this new cybersecurity environment

 

Here is the Fixvirus Security Show explaining this and Risk Management problems.

The video expounds on the Risk Management failure as well (in tip of day segment)

That was started on our blog post:  http://oversitesentry.com/?p=1400 "Risk Management does not work"

 

Brian Krebs has updated his Blog: and his famous picture (how much is your hacked computer worth):

http://krebsonsecurity.com/2015/01/fbi-businesses-lost-215m-to-email-scams/

becstats IC3 data - Internet Crime http://www.ic3.gov /about/default.aspx  ic3-banner4

The BEC is a global scam with subjects and victims in many countries. The IC3 has received BEC complaint data from victims in every US state and 45 countries. from 10/1/2013 to 12/1/2014 the following stats were reported(now look at image above):

total US victims: 1198

total US dollar loss: $179mil

total nonUS victims: 928

total nonUS dollar loss: $35mil

combined victims: 2126

combined dollar loss: $214mil

So Brian Krebs has updated his how much is your computer worth to hackers image:

HE-1-Krebsonsecurity.com

So Brian reviews what can happen to your email account if somebody is able to take it over and use it for their own money making schemes.

If I attempted to put a small dollar amount on these accounts, how much is your email account worth?

Google: $2

Facebook: $2

iTunes: $3

Amazon: $3

Walmart: $3

Netflix: $2

Dropbox: $2

Salesforce: $2

Fedex:$1.50

UPS: $1.50

Bank acct: $4

Steam:$2.50

Total:  $28.50 ? or more?

this is my image:

tonyz-hackedemailacctworth

 

My list is only a partial one, but I am trying to make it more personal - and give the hack a certain dollar amount. I am trying to create awareness, also note the comments in BrianKrebs post:

briankrebscomments

You can click on the image or go to Brian's site to read them, but I qwant to transcribe one of them in specific(bottom one):

"Almost word for word what happened to an affiliate company of ours. Slightly altered domain name appearing as someone’s VP, email request to wire funds, funds were sent, fund transfer frantically reversed at the 11th hour."

This attack is used in a manner that was not even a hacked email account, just a slightly modified domain name with a wire transfer fund using the name of the VIP. What are the odds that 2 comments similar in nature one after the other? Criminals are preying on our good graces and naivety.

 

If you need help in working on your compliance on passwords, or testing other aspects of your security policy, i can help with the Omega Scan service:

http://oversitesentry.com/solutions/omega/

Omega-Logo-819x1024  It is a unique service.

 

Here is the video to go along with this post

Pentesting every 3 months for entities with more than 20k transactions

annually for less than 20k transactions.

Why do you need to pentest?

Because things happen, and it is good to review your security profile

 

Have some Philotimo -


philotimogreekbreathing
  philotimopeterpappas

philotimohuffingtondo the right thing - defend your site by scanning. http://oversitesentry.com/solutions/

Philotimo video:

Today's Fixvirus Security Video:

Also discussing the Oversitesentry blog post about QWERTY keylogger: http://oversitesentry.com/?p=1351

 

We are explaining a little more about pentesting and the service that we have (Sigma Scan) in tip of day.

In News of day we discuss #OpFrance where the political hackers are trying to attack various French Websites including France24:

anonopSaudiX2 Here is a tweet from "Anonymous Saudi hacker" off Twitter

Video:

SigmaScan info on Oversitesentry:  http://oversitesentry.com/solutions/sigma/

What will be your solution to potential attacks on your machines? will it be to trust in your provider that they are doing everything they can? or will you be proactive and do some testing (like the Sigma Scan)

 

Contact Us as we can help you test your website to reduce the likelihood of hacker penetration and exploits.

 

Created a SVAPE & C only video as well:

 

"Do the right thing" = Philotimo

PCI compliance best practices(from page 13 PCI DSS 3.0 doc):

  1. Monitoring of security controls—such as firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), file-integrity monitoring (FIM), anti-virus, access controls, etc.—to ensure they are operating effectively and as intended.
  2. Ensure all failures in security controls, such as firewalls and IDS/IPS, file integrity monitoring, anti-virus.
  3. Review changes to environment
    1. Determine impact to PCI DSS scope
    2. Identify PCI DSS requirements applicable to item affected by the change
    3. Update PCI DSS scope and implement security controls as appropriate
  4. Changes to organizational structure (adding offices, mergers, etc)
  5. Periodic reviews and communications
  6. Review HW and SW at least annually that is continued to be supported by the vendor.

Fixvirus.com Alpha scan  helps you review your systems.

We need a permission document

then we nmap scan your systems.

If you have certain ports open then I may perform vulnerability scan using tools.

I write a report - if problems exist

Your IT department fixes the problem

I run another scan to see if the problem was fixed.

Will write another report and discuss with you.$500/ip address for external IPs, if internal ips (requires onsite visit) then an onsite fee is assessed

 

hospitalshacked

http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/   CNN story of 4.5 mil records of Community Health Systems - why would hackers want these records?

Because the records have ss#, names and addresses.

" But this time, the hackers stole patient data instead. Hackers did not manage to steal information related to patients' medical histories, clinical operations or credit cards. "

The patient data is supposedly protected by HIPAA, but it is only as good as the hospital network overseers.

http://oversitesentry.com/?p=1166

And if the people in charge do not do the right things, like testing:

We test your systems to reduce your Security risks with our 4 service products (listed below: A,ΣΩ, and Ψ)

Then it does not matter... One has to have a Security policy with stringent controls, physical and electronic. Wireless and wired, Internet and corporate network, Cloud and office. It must all work towards the goal of protecting your data.

Here is one of the latest on http://fortune.com/2014/12/20/sony-pictures-entertainment-essay/  the Nork story.

My Fixvirus  Dec23 show video:

Some of posts I discussed on the show:

http://oversitesentry.com/cyberattack-lessons/    Here is what happened in Home Depot hack (56 mil emails harvested as well as 53 mil cc numbers)
http://oversitesentry.com/digital-security-in-risk-assessment/   Here is where the current environment is assessed, including the new 25 Billion Internet of things to come on line in the next year.

Do you really think the world will get less dangerous?

fixvirusshowdec23cyberattack   You must do something about this threat 🙂
http://oversitesentry.com/spoe-second-pair-of-eyes/  What you should be doing is testing your systems, making sure that your computers are not vulnerable (or at least as low as possible

 

Oh yes - Merry Christmas

Merry_Christmas_in_red_star

 

Is risk management philosophy as we know it good enough?

What do we know in the current risk management philosophy? Categorize all systems and set up a level of risk number. Then set up an "important data" ranking number.

Following is an example with number system from 1 being low 5 being highest level.

SystemA  risk number 5  important data 5

SystemB risk number 2 important data 2

SystemC risk number 4 important data 4

 

Risk management philosphy/strategy says that in a limited resources environment we have to do what we can and focus on SystemA since it is valued higher.

The problem is that in the 2014 risk environment SystemB will get hacked, and eventually SystemC will get hacked and now that the criminals are in the network we will get hacked in SystemA as well.

 

So what has risk management bought us? It has ensured that we got hacked, since we deliberately did not spend the time and resources in defending the whole network.

So from now on defend it all and up your game or just save all your money and get ready for the lawsuits.

 

Oversitesentry Blog post discussing a new security environment

Contact Us  to discuss the security of your network in the new 2014 security risk environment (in a few days it will be 2015 security risk environment).

 

Today's show discusses News of day in the Threatpost blog about Coolreaper:

A backdoor is when software runs a piece of code that you are not aware of, and so CoolReaper phones seem to have malware built into the phones, which unknowingly install apps on their own.

The Tip of Day has a segment on the Red team versus Blue team concept as well as what scanning consists of in the OSI layer representation of the network stream.

We perform Alpha scans and Sigma scans and where they consist in the OSI layer.

Contact us for help scanning your computers and network.

Threatpost blog post: http://threatpost.com/microsoft-recalls-patch-tuesday-exchange-update/109844

about the exchange server patch rollback (uninstall).

 

The TipofDay is about PCI compliance - security policy must be created.

some parts of the PCI DSS3.0 standard is not very specific (since there are many different types of environments.