News of Day: The Rowhammer and this week is Patch Tuesday.
In tip of Day segment we have a serious problem, as Rowhammer opens a new security angle which cannot be patched for some machines.
Some RAM has a bit-flipping problem in certain situations which can cause an escalation of privilege, so if the hacker is on the computer, they can get admin or root access.
We need to realize that today's researchers develop exploits that then criminals use to attack our computers, and then the script kiddies use to attack the people who don't know how to use computers.
So we have to develop a new method of thinking - security must be built into our processes and methods. Compliance means security first. Otherwise we will get blindsided by the newest researcher attacks.
Remember our systems were not built for security first, the internet was not built with security in mind. So we will have many other attacks and eploits to keep in mind.
This is why you need a security department, somebody who is thinking about the security angle all the time.
To listen and educate yourself on the Netneutrality is:
Interesting economist (Professor Hazlett of economics) explains the Nuts and bolts of the net neutrality
Minute 44 is DSL sales growth and usage in the telecom industry.
I saw the Internet industry grow and change like Hazlett is talking about from 1996 until today
Minute 51 had an example of a Net neutrality violation (Metro PCS streaming Youtube but not others - like Netflix or Hulu)
At about an hour questions start.
As in my video - even after listening to Hazlett discuss this for an hour, I still think it will depend on the political power of the various factions. Of course the law is going to come down on NetNeutrality as well.
Hmmm there are a 1000 phone companies in America (2-4 we can name) the rural companies get government subsidies.
There is malware that can infect hard drive firmware and then perform other tasks
At page 23 #14 says:
23
"14.
What C&C infrastructure do the Equation group implants use?
The Equation group uses a vast C&C infrastructure that includes more than
300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.
All C&C domains appear to have been registered through the same two major
registrars, using “Domains By Proxy” to mask the registrant’s information.
Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."
C&C means command & control.
The infected hard drive means nothing without being able to "phone home". So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.
Contact Usto help you with setting up your IPS or purchasing an IPS system that works for you.
First we made a special short video on what an Ethical hacker does:
Second the Video for the Fixvirus Security show:
News of Day is about this week's patch Tuesday, there are several critical patches for Microsoft software and your IT department should patch multiple patches, as they are remote code execution (and thus very dangerous). Hackers can create attacks any time now, and if you do not patch your machine then it will be hacked by criminal Hackers.
Tip of Day: We need to move to a Six Sigma IT methodology - which means we need to
A. Define
B. Measure
C. Analyze
D. Improve
E. Control
So we need to test your IT environment to ensure it is performing as prescribed.
The only way to create an environment where only 1 mistake in a million can occur is if you are constantly testing from the outside.
Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies: Nakedsecurity Sophos Blogsite
This is the important part:
1. Hackers hack and penetrate your systems, including customer databases
2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)
2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.
3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.
So what just happened?
A. your server inattention has caused your customers their data and the relationship with you is now harmed.
B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.
This is a Cryptolocker2.0 message
We must figure out how to restore before the hack.
How do you know? Test, test, and test keep your datapoints
We are all about testing here at Fixvirus.com Contact usto help you in this new cybersecurity environment
Here is the Fixvirus Security Show explaining this and Risk Management problems.
The video expounds on the Risk Management failure as well (in tip of day segment)
The BEC is a global scam with subjects and victims in many countries. The IC3 has received BEC complaint data from victims in every US state and 45 countries. from 10/1/2013 to 12/1/2014 the following stats were reported(now look at image above):
total US victims: 1198
total US dollar loss: $179mil
total nonUS victims: 928
total nonUS dollar loss: $35mil
combined victims: 2126
combined dollar loss: $214mil
So Brian Krebs has updated his how much is your computer worth to hackers image:
So Brian reviews what can happen to your email account if somebody is able to take it over and use it for their own money making schemes.
If I attempted to put a small dollar amount on these accounts, how much is your email account worth?
Google: $2
Facebook: $2
iTunes: $3
Amazon: $3
Walmart: $3
Netflix: $2
Dropbox: $2
Salesforce: $2
Fedex:$1.50
UPS: $1.50
Bank acct: $4
Steam:$2.50
Total: $28.50 ? or more?
this is my image:
My list is only a partial one, but I am trying to make it more personal - and give the hack a certain dollar amount. I am trying to create awareness, also note the comments in BrianKrebs post:
You can click on the image or go to Brian's site to read them, but I qwant to transcribe one of them in specific(bottom one):
"Almost word for word what happened to an affiliate company of ours. Slightly altered domain name appearing as someone’s VP, email request to wire funds, funds were sent, fund transfer frantically reversed at the 11th hour."
This attack is used in a manner that was not even a hacked email account, just a slightly modified domain name with a wire transfer fund using the name of the VIP. What are the odds that 2 comments similar in nature one after the other? Criminals are preying on our good graces and naivety.
If you need help in working on your compliance on passwords, or testing other aspects of your security policy, i can help with the Omega Scan service:
Patch Management is when you decide with risk based analysis which patches get installed to your environment over time.
Tools can be used to improve the time and resources used to implement.
Because as the blog post and video discuss, 169 Oracle, 62 Chrome, 9 Firefox, and at least 2 Adobe patches cause quite a resource issue. You must have a plan in place as this is just the first month (there were over 7000 vulnerabilities last year).
the image is from the Cisco Security report that just came out.
What will be your solution to potential attacks on your machines? will it be to trust in your provider that they are doing everything they can? or will you be proactive and do some testing (like the Sigma Scan)
Contact Usas we can help you test your website to reduce the likelihood of hacker penetration and exploits.