Temple University

Uncategorized

1 4 5 6 7 8 12

Week 9: Reading summaries, Question, and News of the Week…

Zeltser, L. (2014). “Ouch! What Is Malware,” The Monthly Security Newsletter for Computer Users, The SANS Institute.   This reading provides a short high-level overview of malware, its sources, and protecting against it.

Hardikar, A. (2008). “Malware 101 – Viruses,” Information Security Reading Room, SANS Institute.   The paper provides an excellent introduction to: malware, complementary virus classification systems, and SANS’ six-step incident handling process.  The technical overview of malware types and the deeper dive offered by the classification systems provides motivation and insight into the nature and objectives of each step of the malware handling processes.  The article effectively couples the need for organizational security awareness training with the need for an Incident Handling Escalation Matrix.

Question for the class:  What criteria would you use to determine when an organization is justified in having an incident handling team?

News of the Week: Jack Daniel, “SWAMP, the SoftWare Assurance MarketPlace”, September 20, 2015. SWAMP is a free suite of 16 practical and useful software security analysis tools for assessing and testing applications coded in C/C++, Java, Java on Android, Ruby, and Python. SWAMP was developed by an academic research consortium with funding from U.S. Department of Homeland Security for the broader community of software and software tool developers. SWAMP’s tools are integrated within a centralized, cloud-based software security testing platform of 700 processing cores, 5TB of RAM, 104 TB of HDD and display their results within an inter-operable results viewer to simplify vulnerability analysis and remediation.  Work is underway to add support for JavaScript and PHP. http://blog.uncommonsensesecurity.com/2015/09/swamp-software-assurance-marketplace.html

Week 9 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

1A. Regarding more recent malware developments, hackers have been using “cryptolocker” malware to infect & encrypt all files on more high-value networked computer targets, and then demanding $$$ ransoms in exchange for decrypted files. Best defense against malware is a knowledgeable computer user, and using updated computer software (OSes & AV.)

1B. Again regarding malware, “worms” are the most common & cause maximum damage (no host required & self-replicating.) Also an excellent reported set of methods, used to prevent future malware attacks, are the following from the SANS Institute: preparation, identification, containment, eradication, recovery, lessons learned (involves a good combination of policies, procedures, technology, and people.)

  1. Question to classmates (facilitates discussion) from assigned reading…

2A. What is another way that an online global organization can work to help prevent malware attacks on their networked business computer systems?

*Answer: The organization can utilize on-going “anti-malware practices” training for all employees as these type threats evolve.

  1. Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Cyber Attack on America’s Thrift Stores exposes credit card numbers (malware-driven security breach which originated from a third-party service provider’s software to process credit card payments)…

http://www.ehackingnews.com/2015/10/cyber-attack-on-americas-thrift-stores.html

Malware reading

Malware is like an umbrella term used for all malicious software to fall under. Viruses, Trojans, worms, etc all fall under the umbrella of Malware. The Sans Six incident handling model was suggested by the reading as a way to handle malicious software. Under this model there are 6 steps, preparation, identification, containment, eradication, recovery and lessons learned. Preparation and identification are constantly happening. Since there are so many viruses they can be broken into 4 subgroups, memory based, target based, Obfuscation Technique Based and payload based.

My question would be what type of malware do you think is the easiest to protect against and what could do the most damage?

Article:  http://www.zdnet.com/article/yahoo-latest-at-kill-the-password-alter/

Yahoo is looking to do away with passwords and instead go with a login that sends a push notification to the phone of the account owner to approve or deny an attempt to access an account.

Week 9 Takeaways

Reading Summary: Malware

Malware infection is becoming very popular nowadays, ranging from Trojans, Backdoors, Zero-Days, Virus, Worms, and Polymorphic malware. Each organization has its way of handling such an infection, however each has an Incident Handling procedures in place that assists for dealing with various types of malware. More importantly, it helps the security personnel to quickly handle the malware and reduce any impact or any disruption it might cause the business as a whole. SANS introduces the Six Step Incident Handling Process as the following: preparation (policies and procedures), identification, containment, eradication, recovery, and lessons learned. In addition, the most important skills/attributes to have when handling an incident are:

  1. Preparation: prevent the entry point of malware into the network.
  2. Patience: formulate an effective strategic solution instead of taking quick un-prepared steps.
  3. Persistence: analyze the malware sample regardless of its difficult and complex design.

In the news: New zero-day exploit hits fully patched Adobe Flash [Updated]

Adobe has acknowledged that there is an unpatched flaw in Flash that is being actively exploited. The acknowledgment comes one day after Adobe’s monthly security update; the issue was not addressed in that update. The flaw affects Flash version 19.0.0.207 and earlier for Windows, Mac, and Linux. Adobe plans to issue an emergency patch for the flaw next week. However, in the meantime, this zero-day exploit is targeting government agencies (i.e.: Russian politicians) as part of a long-running espionage campaign carried out by a group known as Pawn Storm. In addition, it has also infected the iOS devices of Western governments and news organizations.

For additional information regarding this article, please click here.

Question for the class:

Have you been a victim of a zero-day attack or have experienced any malware/virus in your personal workstation or that at work? If so, how was it executed and how did you resolve the infection?

Week 8 Topic and New Article Regarding Social Engineering

“Social Engineering” is underestimated as a likely security threat to many organization; the likely assumption by many is that it is not going to happen to me. However, recent trends and studies support that the weakest link in organizations still remains the human factor. Thus it will pay dividends to educate your human capital on how to prevent, detect and correct behaviors that make it easier hackers to social engineer you and your organizations.

Social Engineering, also referred to “People Hacking” (Harl) is an art, which does involve deception. Many would say that the end justifies the means when it comes to Social Engineering; the attacker usually follows the same pattern to ensure effecient infiltration into an organization. Starts by obtaining data/reconnaissance, then developing relationships and/or developing an asset which will be used at a future date to exploit. Upon exploitation, the attacker ensures that the deception is successfully executed.

Motivation for committing social engineering attacks are numerous. They vary from monetary gains, social as well psychological causes.

Techniques for carrying out such attacks are numerous; it is varied and is dependent on opportunity and ability realized and possessed by the attacker. Opportunity can present itself in a form of shoulder surfing among other means such as dumpster diving, mail-outs, etc. If abilities are there then the attacker may choose in performing forensic analysis on hard drives, removable media such as memory sticks, DVD/CDs, etc.

Only by understanding the significance of Social Engineering threat and the ways it can be manifested, can then begin to set different safeguards and counter-measures to protect you and your organization.

Article on Social Engineering. Article from SC Magazine confirms that 2015 phishing attacks are on the rise; being that
it only requires low-effort methods proving to be lucrative for cybercriminals.
For further information, please refer to the link below.
http://www.scmagazine.com/social-engineering-will-ramp-up-in-2015/article/389169/

Week 8 reading and article

Social engineering is an often overlooked form of security threat for an organization. In some cases you could probably argue that social engineering might be the easiest way to launch an attack on an organization.

Social engineering attacks generally have 4 steps to the cycle. Information gathering, developing relationship, exploitation, execution. Like anything in Cyber Security these lines tend to blur and there can be different steps but for the most part these 4 are always present.

Examples of social engineering can be as simple as getting to know an administrator and asking for a password or taking advantage of a nice employee who holds a door open to a data center giving you the benefit of the doubt that you should have legitimate access.

Question for the class: Have you ever been placed in a position where you had to be conscious of potential social engineering attacks?

Article: http://www.zdnet.com/article/here-is-how-internet-experts-plan-to-fix-poor-security/

This is about a plan frown up by 260 internet experts with the goal of making routers more secure and as a result the internet more secure. The full proposals sent to the FCC is found here https://www.fcc.gov/article/fcc-15-92a2 .

The summary given in the article:

“The experts said routers should be open-source so their code should be made public and available for review. Additionally, manufacturers should assure that any router firmware updates are under the owner’s control rather than the manufacturers and they should allow for a 45-day patch window for vulnerabilities for five-years after the device ships.

If, say the experts, the companies fail to comply, the FCC could decertify existing products or, in severe cases, bar new products from that vendor from reaching the market.”

Week 8 Summary

Social Engineering

Social Engineering is bad, mm’kay? It takes advantage of the weakest link in security, which are the people. Th systems can be secure, but people have the need and desire to help others or follow the rules of authority. Social engineering has the malicious actor act as either someone in need, someone in authority, or they can act as tech support in a reverse social engineering attack. This forces the average hacker to be social instead of a lurking troll in their basement who lacks people skills.

A reverse social engineering attack occurs when the malicious actor advertises his false credentials and skills as tech support. After an attack from the hacker, people will call the hacker thinking he is tech support, and thus give him their passwords.

Non technical social engineering involves dumpster diving, piggy backing, tailgating, should surfing, or just talking to employees at the smoke pit. Technical social engineering involves phishing, and creating fake websites for employees to foolishly enter their credentials. The strongest counter measure against social engineering is user education, policies, incident response strategy, and strong physical security.

News Article: China arrests hackers that were wanted by the US.
http://techti.me/2015/10/10/china-arrests-hackers-of-us-government-on-behalf-of-the-us/

Week 8 Reading Summary, Question, and In The News…

Allen, M. (2006). “Social Engineering: A Means To Violate A Computer System”, SANS Institute Reading Room.  Allen’s article provides a good introduction and overview of social engineering. It covers definitions, workflow (or “Cycle”), motivation and traits of the social engineer, counter measures and controls to social engineering risks, and reviews and attack simulation to maintain preparedness.  Allen describes the following 8 core controls that organizations can implement: Management buy-in, Security policy, Physical security, Education/Awareness, Good security architecture, Limit data leakage, Incident response strategy, and Security culture.  He goes on to report that social engineering testing is unpopular among many organizations, leaving simulated attack the least common among the approaches to maintaining preparedness.

Question for Class: Are senior citizens more easy targets for social engineering than younger people?  Why or why not?

In the News:  “Amazon Downplays Cloud Breach Threat”, Referring to the research article “Seriously, Get Off My Cloud! Cross-VM RSA Key Recovery in a Public Cloud”, Mathew Schwartz reports that security researchers at Worcester Polytechnic Institute were able to breach one co-located virtual machine within Amazon Web Services’ Elastic Compute Cloud (EC2) machine to hack into another virtual machine.  The researchers demonstrated that “colocation can be achieved, and detected by monitoring the last-level cache in public clouds. More significantly,” they “present, a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a co-located instance.”  http://www.databreachtoday.com/amazon-downplays-cloud-breach-threat-a-8581.

Week 8 Summary

Social Engineering, Encoding, and Encryption

Social Engineering can be described as human psychological or behavioral technique that allows to gain trust of a targeted victim. For example, pretending to be an employee of an organization can reveal certain information leading to a data compromise if proper behavioral techniques are used. To avoid such issues, proper CIA triage controls as well as thorough training must be implemented and revisited to ensure users are aware of potential attacks, able to sense a common pattern in attacker’s behavior, and have knowledge of dealing in this situations.

Question for the class

Do you think Phycology Courses as part of human behavior training would stop Social Engineering attacks?

In the News

Hillary Clinton’s private email server, which stored some 55,000 pages of emails from her time as secretary of state, was the subject of attempted cyberattacks originating in China, South Korea and Germany after she left office in early 2013, according to a congressional document obtained by The Associated Press.

Server was located at Clinton’s house in NY between 2009 and 2013. IPS got installed by SECNAP company in October 2013, so before that time a server was most likely vulnerable. In Feb 2014, SECNAP found a malicious software originated from China was running on server.

New revelations underscore the extent to which any private email server is a target, raising further questions about Clinton’s decision to undertake sensitive government business over private email stored on a homemade system

FBI is still investigating this issue.

Read details at: http://abcnews.go.com/Technology/wireStory/clinton-subject-hack-attempts-china-korea-germany-34327812

 

1 4 5 6 7 8 12
Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 12 other subscribers