By Bradley Susser’s Blog bot24.blogspot.com
Science papers direct link
I like Back to Basics where the paper reviews our bad security model – which used to work as networks were small and fixed computers on the inside protected from systems on the Internet.
Today our security model is where new devices get set up internally, or malware is on the inside network which are not secure and could be compromising the Internal network. Or the cloud has permissions and could be compromised in new ways.
The network is no longer a fixed type, there are a lot of grey areas. The suggestion is to increase the granularity of the network building blocks where security can be tested or builtin. Sort of like testing the network traffic packet by packet. They are also discussing building blocks in the virtual machine area, where each application is tested.
the idea is to get people thinking closer to 100% secure environments, rather than the risk based models today.
The Kill chain discussing the Target data breach is also on this site. The details of the target 40 mil credit card number stealing.
default account name on BMC software was one of the culprits, one needs a good testing plan, both internal testing and external independent audits/or scans.
(We can do an independent audit /scan of your network)
There are many other good papers.
CBS local in New York has an audio spot
$14mil in 2 days in 17 countries on 15000 ATM devices.
Apparently JPMorgan Chase processed debit card transactions for the American Red Cross.
The hackers increased the withdrawal limits on the debit cards and then used the card information to withdraw money all over the world.
It took 2 years for the authorities to prosecute Qendrim Dobruna (Albanian). Apprehended in 2012, and on 7/11 he pled guilty.
Arstechnica has an old story that I thought was interesting:
From 2005 – 2012 there were multiple break -ins thus the hacker “owned” the various company sites.
The overwhelming attack vector sued was SQL -injection.
Her is an excerpt that I want to emphasize:
“NASDAQ is owned,” Aleksandr Kalinin, a 26-year-old resident of St. Petersburg, Russia, allegedly reported in a January 2008 instant message after finally obtaining administrative access to the stock exchange’s network. Like a rock climber slowly scaling a craggy cliff, he spent months methodically escalating his access into the highly sensitive system. In an instant message he sent six months earlier, after initially gaining less-privileged access, he said, “30 SQL servers, and we can run whatever on them, already cracked admin PWS but the network not viewable yet. those dbs are hell big and I think most of info is trading histories.” “PWS” and “dbs” are presumed to be shorthand for passwords and databases respectively.
Notice the methodology and thinking of the hacker they find vulnerabilities by probing networks and database servers with many different methods. Eventually the prosecutors found that they had stolen $160 million. the hackers are very sophisticated and motivated. today this is big business the attack on your database servers is a big business operation.
Malware campaign is using some old and new methods.
One email claims to be from Maersk shipping line and the attachment (word doc) opens a backdoor connection to two hacker command and control servers
The dropbox domain is also referenced, the links attempt to contact londonpaerl (. )co (. )uk and selombiznet(.)net (I added the parantheses so it is harder to copy and paste these malware sites.
It is always good to keep up on the latest attacks and update anti-malware software.
This information is from a threatpost.com blog post
Information Systems & Supplies(ISS) has a letter to all of its customers
They discovered a breach through their remote access software, where customer data could have been stolen.
this is a travesty – so how do you know if a company you frequent has ISS there may have been a breach Here is a list of potential breaches:
dairy Queen, TacoTime, Laurelwood, Buffalo Wild Wings, Flat Tail Brewing, BarrelRoom, Atrium Lounge, and others….
Ask your restaurant if they use ISS as their software to handle transactions.
Or ask us and we will ask them.
Here is the FuturePOS software that was potentially breached