Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages. The discovery was reported to Google, and the malware – dubbed FlixOnline – has been removed from Google Play. Still, the researchers expect the methodology to return and be reused in other malware.
The researchers found the malware hidden in the FlixOnline app that claims to allow its users to view any Netflix content, anywhere in the world, free for two months on their mobiles. The WhatsApp response sent out was a fake Netflix site that phished for users’ credentials and credit card information in the campaign discovered by Check Point Research.
The Under Armour Hack Was Even Worse Than It Had To Be
WHEN UNDER ARMOUR announced that its nutrition app MyFitnessPal had suffered a data breach impacting the information of roughly 150 million users, things actually didn’t seem so bad. Of course, it’s never good when personal data ends up online, much less that of so many people, but it seemed like Under Armour had at least taken reasonable precautions. But it turns out Under Armour only sort of got things right. Under Armour also said that it had used the well-regarded password hashing function “bcrypt” to convert most of the passwords it stored into chaotic, unintelligible assortments of characters. When implemented properly, this cryptographic process makes it incredibly resource and time-consuming for attackers to attempt to “crack” the passwords and revert them to their useful form—after bcrypt hashing, a strong password can take decades to break, if not longer. As a result, even when hashed passwords leak they are still. While Under Armour says it protected “the majority” of the passwords with bcrypt, the remainder weren’t nearly so lucky. Instead, in a Q&A site about the breach, Under Armour admitted that some proportion of the exposed passwords were only hashed using a notoriously weak function called SHA-1, which has had known flaws for a decade and was further discredited by research findings last year. https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/
Hire and Train a Cyber Incident Response Team in Healthcare
This article calls out the need for the healthcare industry to hire and train for cyber incidents. They recommend three steps towards building a better incident response team.
Step number one is build clear communication strategies. It’s important to know how to communicate both internally and externally when incidents occur. Step two is to practice detecting and responding to threats. It’s important to be able to understand what steps to take once incidents occur. By practicing, you’ll be better prepared to response to incidents. The last recommended step is develop and provide resources for the team(s). By allowing the team to have resources to help detect and respond to incidents, the healthcare company can be prepared to identify, respond, and mitigate incidents.
Prioritizing data backup to defend against ransomware threats
Recent guidance from the Cybersecurity and Infrastructure Security Agency recommended that agencies should routinely backup systems, reinforce basic cybersecurity awareness and education and revisit cyber incident response plans. Organizations must develop a data strategy with security and recovery performance in mind — to avoid system down time. This strategy helps prevent the devastating effects of cyber-attacks that could reduce productivity, cost millions, threaten mission-critical work or interrupt essential citizen services. One such strategy involves backing up files through frequent snapshots and other data-protection methods.
Not only does data require a backup, but needs to be protected from intentional deletion. The backup system needs to be simple, reliable and immutable. Immutability is the ability of a system to prevent changes or deletion of an object after it is created. Secondly, a backup system must also be able to restore rapidly in order to avoid major impact. Like data, time is extremely valuable when restoring from an attack. Failed backups, corrupted data and slow restoration hurt agencies even more. Evolving ransomware attacks that target backup data, backup catalogs and even storage array snapshots force agencies to go through the reconfiguration of backup solutions even before recovering the data. Organizations must evolve their expectations around backup and restore speeds. Backup storage must recover as fast as possible, and also must be done at scale. When a single database may require 10 hours to restore, recovering from a widespread attack could take months. Consistent, real-time access to data is critical for agencies, and in the event of an attack, they must be able to recover data at scale, as quickly as possible. The backups themselves must be both valid and usable. Modern data protection is fast, simple, and cost-effective and can help prevent the devastating effects of cyber-attacks that could reduce productivity, cost millions, threaten mission-critical work or create a lapse in essential citizen services.
CISA Releases Tool to Detect Microsoft 365 Compromise
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool named Dubbed Aviary, it is a dashboard that makes it easy to visualize and analyze output from Sparrow, and help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.
With Sparrow, defenders can look out for domain authentication or federation modifications, find new and modified credentials in logs, detect privilege escalation, detect OAuth consent and users’ consent to applications, identify anomalous SAML token sign-ins, and check the Graph API application permissions for service principals and apps in the environment, among others.
Colorado’s Eagle County has used Google Docs, Drive, Chat, and Maps, and they are mobile, secure, and easy for many users to use in its emergency management. When there occurs an emergency incident, the emergency operations center (EOC) will create an individual Google Doc to report the detail of the situation and workflow. The officers can keep updating and access it anywhere on any device, and the responders and the relevant officials can view the status of the emergency response and answer questions from the public. (So they can make improve the emergency management) Although Google Doc provides a convenient reporting application, EOC uses just-in-time communication to respond, and it also uses Maps to implement a three-dimensional view of a wildfire and represent the threatened infrastructure and resources, which could help it to mitigate the risk. Additionally, EOC creates a much large emergency management community via Google Workspace. After EOC applies these flexible applications, they can gather information in real-time during and immediately after the incident. They do not need to keep any unnecessary hardware with a cloud service, and they only need to have an internet connection to maintain their work.
“Cyber Attack Closes Hillsborough Schools Monday”
All Hillsborough schools are closed Monday due to a cyberattack on the district’s system. The schools also went to all-virtual Tuesday as result. Due to the nature of the cyber attack and potential instability of the network, the district was unable to pivot virtual learning. As a result, all schools were closed Monday and the Board of Education meeting is canceled and may be rescheduled. The district is currently working with its technology department and local and federal law enforcement agencies to isolate the issues as soon as possible. https://patch.com/new-jersey/hillsborough/cyber-attack-closes-hillsborough-schools-monday
Malware and threats during the COVID-19 pandemic has steadily been increasing. A report from McAfee shows that there are on average 588 attacks per minute and 648 threats per minute in Q4 of 2020. Many of these attacks use PowerShell as a Trojan to gain access to systems. The most famous of these is Donoff, which is a trojan downloader that utilizes macro commands to bypass virus detection programs. Other threats include malware that targets the Microsoft Office suite, as well as selling remote access to breached systems. The advice from a lead analyst from McAfee includes securing remote access systems with patch-management, having strong access policies, and two-factor authentication.
There is a zero-data remote code execution vulnerability that affects current versions of Google Chrome and potentially other browsers such as Microsoft Edge. Security researchers developed exploit code during a bug contest last week and when executed, successfully ran code on the computer’s operating system. In their proof of concept, an HTML and JavaScript file was loaded into Google Chrome and opened the Windows Calculator app. However, attackers would still need to escape the Chrome Browser sandbox to perform the attack. A patch expected sometime on Tuesday, April 13th. The security researchers were rewarded with $100,000
Cyber-attacks against global financial institutions have been rising as more and more of the attacks have been targeting for destructive intent. The attackers have been getting increasingly better at evading incident response, with that occurring about 63% of the time based on the 120 CISO’s interviewed. More than half have stated there has been a destructive attack. Another finding was that attackers are looking to supply chains to enter and avoid the main corporate security (this is similar to the target case study we did). Wire transfer fraud was listed as the main end goal for 57% of firms responding and following that was brokerage account takeovers.
Michigan State University (MSU) has been impacted by a data breach stemming from a cyber-attack on an Ohio law firm. Bricker & Eckler LLP which is associated with MSU Title IX contractor was hit with ransomware in January 2021. An unauthorized party had gained access to certain Bricker internal systems and Bricker was able to retrieve the data and delete it. Data that was exposed included named, addresses, medical records, education records, driver’s license numbers, social security numbers. MSU informed its faculty, students, and staff regarding the breach and connected them with the proper resources.
Security Experts found new DNS vulnerabilities that could impact over 100 million IoT devices used by users and enterprises. These vulnerabilities are called Name: Wreck, and can affect popular IT software FreeBSD and IoT/OT firmware IPnet, Nucleus NET, and NetX. Although Forescout claimed that not all devices running the software are vulnerable, it can still impact as many as 100 million devices globally. These bugs can enable either remote code execution or denial of service, with sectors including government, enterprise, healthcare, manufacturing, and retail at risk. These attackers can leverage the exploits to “extort payments from victim organizations by sabotaging critical functions in manufacturing plants, hospitals, hotels, and retail facilities”. They can also monetize these attacks by using exploits to access private enterprise and government networks leading to data theft. Network segmentation is recommended to limit vulnerable devices, patches have been issued for FreeBSD, Nucleus NET, and NetX.
Food Shortages at Dutch Supermarkets After Ransomware Outage
Netherlands’ largest supermarket chain recently after a ransomware attack on a key logistics supplier. The supermarket company suffered a severe food shortage after conducting a cyber attack on the main supplier Bakker Logistiek. the IT department shut down the entire online system. This means that the order will not enter the warehouse, nor will it be completed in the warehouse, because the entire process is usually highly automated to achieve maximum efficiency. The company has been working hard to bring the system back online, and the inventory has finally been shipped. https://www.infosecurity-magazine.com/news/food-shortages-dutch-supermarkets/
61 percent of employees fail basic cybersecurity quiz
This was one of the leading findings of a research study – conducted by TalentLMS on behalf of Kenna Security – that sought to understand the cybersecurity habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.
Nearly 70% of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic.
Despite the common frustrations brought out in the survey, companies still need to train, because it’s one of the best first-line defenses against an attack,
Company should make the training engaging [and] interactive and provide users with an emphasis on protecting their passwords, watching out for phishing links and what it takes to protect the organization as much as the IT and infosec departments https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/?web_view=true
Well go figure! Our government fails too. Three years running and the Department of Health and Human Services information security program is rated as “not effective” rating for several issues, including contingency planning weaknesses in operating divisions in the most recent audit. EY did an independent audit against FISMA for fiscal year 2020 and found the department lacking in its contingency planning efforts.
A few of the key findings:
– Four operating divisions have not allocated resources in a risk-based manner for stakeholders to effectively implement system contingency planning activities.
– Four operating divisions did not employ automated mechanisms to thoroughly and effectively test system contingency plans.
– Four operating divisions did not incorporate the results of organizational and system-level business impact analysis into strategy and do not plan development efforts consistently.
– Two operating divisions did not communicate to relevant stakeholders the metrics on the effectiveness of recovery activities and did not ensure that the data supporting the metrics was obtained accurately, consistently and in a reproducible format.
– Two operating divisions did not consistently implement their processes, strategies and technologies for information system backup and storage, including the use of alternate storage and processing sites.
– One operating division did not manage its information and communications technology supply chain risks related to contingency planning activities.
Further, in addition to contingency planning shortcomings, the report noted issues in several other areas, including identity and access management as well as incident response.
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.
After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers.
In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Unfortunately, many organizations were not able to patch systems and/or remove associated malware that was installed.
In what appears to be the first known operation of its kind, the FBI “removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.”
https://www.businessnewsdaily.com/1428-recovering-september-11-terrorist-attack.html
This article lays out what happened to businesses 10 years after 9/11, which firms had zero interruption in business and which firms no longer exist. The difference between the organizations that thrived versus those that did not tie back to preparation and planning. A thorough incident and disaster recovery plan that has been tested and has humans familiar with bringing a business back on line is necessary for any firm.
Techniques To Bypass An IDS (Intrusion Detection System).
This article talks about different techniques used by attackers to bypass or evade Intrusion detection systems. These techniques are:
Insertion attack
Denial of Service Attack
Obfuscating and encoding
Session splicing and fragmentation
Invalid packets
polymorphic shellcodes
Zibai Yang says
Fake Netflix App Luring Android Users to Malware
Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages. The discovery was reported to Google, and the malware – dubbed FlixOnline – has been removed from Google Play. Still, the researchers expect the methodology to return and be reused in other malware.
The researchers found the malware hidden in the FlixOnline app that claims to allow its users to view any Netflix content, anywhere in the world, free for two months on their mobiles. The WhatsApp response sent out was a fake Netflix site that phished for users’ credentials and credit card information in the campaign discovered by Check Point Research.
https://www.securityweek.com/fake-netflix-app-luring-android-users-malware?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Ting-Yen Huang says
The Under Armour Hack Was Even Worse Than It Had To Be
WHEN UNDER ARMOUR announced that its nutrition app MyFitnessPal had suffered a data breach impacting the information of roughly 150 million users, things actually didn’t seem so bad. Of course, it’s never good when personal data ends up online, much less that of so many people, but it seemed like Under Armour had at least taken reasonable precautions. But it turns out Under Armour only sort of got things right. Under Armour also said that it had used the well-regarded password hashing function “bcrypt” to convert most of the passwords it stored into chaotic, unintelligible assortments of characters. When implemented properly, this cryptographic process makes it incredibly resource and time-consuming for attackers to attempt to “crack” the passwords and revert them to their useful form—after bcrypt hashing, a strong password can take decades to break, if not longer. As a result, even when hashed passwords leak they are still. While Under Armour says it protected “the majority” of the passwords with bcrypt, the remainder weren’t nearly so lucky. Instead, in a Q&A site about the breach, Under Armour admitted that some proportion of the exposed passwords were only hashed using a notoriously weak function called SHA-1, which has had known flaws for a decade and was further discredited by research findings last year.
https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/
Jonathan Castelli says
Hire and Train a Cyber Incident Response Team in Healthcare
This article calls out the need for the healthcare industry to hire and train for cyber incidents. They recommend three steps towards building a better incident response team.
Step number one is build clear communication strategies. It’s important to know how to communicate both internally and externally when incidents occur. Step two is to practice detecting and responding to threats. It’s important to be able to understand what steps to take once incidents occur. By practicing, you’ll be better prepared to response to incidents. The last recommended step is develop and provide resources for the team(s). By allowing the team to have resources to help detect and respond to incidents, the healthcare company can be prepared to identify, respond, and mitigate incidents.
https://healthtechmagazine.net/article/2021/03/hire-and-train-cyber-incident-response-team-healthcare
Anthony Messina says
Prioritizing data backup to defend against ransomware threats
Recent guidance from the Cybersecurity and Infrastructure Security Agency recommended that agencies should routinely backup systems, reinforce basic cybersecurity awareness and education and revisit cyber incident response plans. Organizations must develop a data strategy with security and recovery performance in mind — to avoid system down time. This strategy helps prevent the devastating effects of cyber-attacks that could reduce productivity, cost millions, threaten mission-critical work or interrupt essential citizen services. One such strategy involves backing up files through frequent snapshots and other data-protection methods.
Not only does data require a backup, but needs to be protected from intentional deletion. The backup system needs to be simple, reliable and immutable. Immutability is the ability of a system to prevent changes or deletion of an object after it is created. Secondly, a backup system must also be able to restore rapidly in order to avoid major impact. Like data, time is extremely valuable when restoring from an attack. Failed backups, corrupted data and slow restoration hurt agencies even more. Evolving ransomware attacks that target backup data, backup catalogs and even storage array snapshots force agencies to go through the reconfiguration of backup solutions even before recovering the data. Organizations must evolve their expectations around backup and restore speeds. Backup storage must recover as fast as possible, and also must be done at scale. When a single database may require 10 hours to restore, recovering from a widespread attack could take months. Consistent, real-time access to data is critical for agencies, and in the event of an attack, they must be able to recover data at scale, as quickly as possible. The backups themselves must be both valid and usable. Modern data protection is fast, simple, and cost-effective and can help prevent the devastating effects of cyber-attacks that could reduce productivity, cost millions, threaten mission-critical work or create a lapse in essential citizen services.
https://gcn.com/articles/2020/12/21/ransomware-defense.aspx
Wenyao Ma says
CISA Releases Tool to Detect Microsoft 365 Compromise
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool named Dubbed Aviary, it is a dashboard that makes it easy to visualize and analyze output from Sparrow, and help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.
With Sparrow, defenders can look out for domain authentication or federation modifications, find new and modified credentials in logs, detect privilege escalation, detect OAuth consent and users’ consent to applications, identify anomalous SAML token sign-ins, and check the Graph API application permissions for service principals and apps in the environment, among others.
The tool is now available on GitHub.
https://www.securityweek.com/cisa-releases-tool-detect-microsoft-365-compromise
Cami Chen says
Colorado’s Eagle County has used Google Docs, Drive, Chat, and Maps, and they are mobile, secure, and easy for many users to use in its emergency management. When there occurs an emergency incident, the emergency operations center (EOC) will create an individual Google Doc to report the detail of the situation and workflow. The officers can keep updating and access it anywhere on any device, and the responders and the relevant officials can view the status of the emergency response and answer questions from the public. (So they can make improve the emergency management) Although Google Doc provides a convenient reporting application, EOC uses just-in-time communication to respond, and it also uses Maps to implement a three-dimensional view of a wildfire and represent the threatened infrastructure and resources, which could help it to mitigate the risk. Additionally, EOC creates a much large emergency management community via Google Workspace. After EOC applies these flexible applications, they can gather information in real-time during and immediately after the incident. They do not need to keep any unnecessary hardware with a cloud service, and they only need to have an internet connection to maintain their work.
https://statetechmagazine.com/article/2021/04/local-officials-harness-cloud-capabilities-emergency-management
Haozhe Lin says
“Cyber Attack Closes Hillsborough Schools Monday”
All Hillsborough schools are closed Monday due to a cyberattack on the district’s system. The schools also went to all-virtual Tuesday as result. Due to the nature of the cyber attack and potential instability of the network, the district was unable to pivot virtual learning. As a result, all schools were closed Monday and the Board of Education meeting is canceled and may be rescheduled. The district is currently working with its technology department and local and federal law enforcement agencies to isolate the issues as soon as possible.
https://patch.com/new-jersey/hillsborough/cyber-attack-closes-hillsborough-schools-monday
Krish Damany says
Malware and threats during the COVID-19 pandemic has steadily been increasing. A report from McAfee shows that there are on average 588 attacks per minute and 648 threats per minute in Q4 of 2020. Many of these attacks use PowerShell as a Trojan to gain access to systems. The most famous of these is Donoff, which is a trojan downloader that utilizes macro commands to bypass virus detection programs. Other threats include malware that targets the Microsoft Office suite, as well as selling remote access to breached systems. The advice from a lead analyst from McAfee includes securing remote access systems with patch-management, having strong access policies, and two-factor authentication.
https://threatpost.com/mcafee-covid-rpowershell-malware-surge/165382/
Anthony Wong says
There is a zero-data remote code execution vulnerability that affects current versions of Google Chrome and potentially other browsers such as Microsoft Edge. Security researchers developed exploit code during a bug contest last week and when executed, successfully ran code on the computer’s operating system. In their proof of concept, an HTML and JavaScript file was loaded into Google Chrome and opened the Windows Calculator app. However, attackers would still need to escape the Chrome Browser sandbox to perform the attack. A patch expected sometime on Tuesday, April 13th. The security researchers were rewarded with $100,000
https://threatpost.com/chrome-zero-day-exploit-twitter/165363/
Austin Mecca says
https://www.infosecurity-magazine.com/news/destructive-attacks-2020-financial/
Cyber-attacks against global financial institutions have been rising as more and more of the attacks have been targeting for destructive intent. The attackers have been getting increasingly better at evading incident response, with that occurring about 63% of the time based on the 120 CISO’s interviewed. More than half have stated there has been a destructive attack. Another finding was that attackers are looking to supply chains to enter and avoid the main corporate security (this is similar to the target case study we did). Wire transfer fraud was listed as the main end goal for 57% of firms responding and following that was brokerage account takeovers.
Priyanka Ranu says
Consulting Firm Data Breach Impacts MSU
Michigan State University (MSU) has been impacted by a data breach stemming from a cyber-attack on an Ohio law firm. Bricker & Eckler LLP which is associated with MSU Title IX contractor was hit with ransomware in January 2021. An unauthorized party had gained access to certain Bricker internal systems and Bricker was able to retrieve the data and delete it. Data that was exposed included named, addresses, medical records, education records, driver’s license numbers, social security numbers. MSU informed its faculty, students, and staff regarding the breach and connected them with the proper resources.
https://www.infosecurity-magazine.com/news/consulting-firm-data-breach/
Mei X Wang says
Name: Wreck Bugs Could Impact 100M IoT Devices
Security Experts found new DNS vulnerabilities that could impact over 100 million IoT devices used by users and enterprises. These vulnerabilities are called Name: Wreck, and can affect popular IT software FreeBSD and IoT/OT firmware IPnet, Nucleus NET, and NetX. Although Forescout claimed that not all devices running the software are vulnerable, it can still impact as many as 100 million devices globally. These bugs can enable either remote code execution or denial of service, with sectors including government, enterprise, healthcare, manufacturing, and retail at risk. These attackers can leverage the exploits to “extort payments from victim organizations by sabotaging critical functions in manufacturing plants, hospitals, hotels, and retail facilities”. They can also monetize these attacks by using exploits to access private enterprise and government networks leading to data theft. Network segmentation is recommended to limit vulnerable devices, patches have been issued for FreeBSD, Nucleus NET, and NetX.
https://www.infosecurity-magazine.com/news/namewreck-bugs-could-impact-100m/
Junhan Hao says
Food Shortages at Dutch Supermarkets After Ransomware Outage
Netherlands’ largest supermarket chain recently after a ransomware attack on a key logistics supplier. The supermarket company suffered a severe food shortage after conducting a cyber attack on the main supplier Bakker Logistiek. the IT department shut down the entire online system. This means that the order will not enter the warehouse, nor will it be completed in the warehouse, because the entire process is usually highly automated to achieve maximum efficiency. The company has been working hard to bring the system back online, and the inventory has finally been shipped.
https://www.infosecurity-magazine.com/news/food-shortages-dutch-supermarkets/
Zhen Li says
61 percent of employees fail basic cybersecurity quiz
This was one of the leading findings of a research study – conducted by TalentLMS on behalf of Kenna Security – that sought to understand the cybersecurity habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.
Nearly 70% of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic.
Despite the common frustrations brought out in the survey, companies still need to train, because it’s one of the best first-line defenses against an attack,
Company should make the training engaging [and] interactive and provide users with an emphasis on protecting their passwords, watching out for phishing links and what it takes to protect the organization as much as the IT and infosec departments
https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/?web_view=true
Vanessa Marin says
Well go figure! Our government fails too. Three years running and the Department of Health and Human Services information security program is rated as “not effective” rating for several issues, including contingency planning weaknesses in operating divisions in the most recent audit. EY did an independent audit against FISMA for fiscal year 2020 and found the department lacking in its contingency planning efforts.
A few of the key findings:
– Four operating divisions have not allocated resources in a risk-based manner for stakeholders to effectively implement system contingency planning activities.
– Four operating divisions did not employ automated mechanisms to thoroughly and effectively test system contingency plans.
– Four operating divisions did not incorporate the results of organizational and system-level business impact analysis into strategy and do not plan development efforts consistently.
– Two operating divisions did not communicate to relevant stakeholders the metrics on the effectiveness of recovery activities and did not ensure that the data supporting the metrics was obtained accurately, consistently and in a reproducible format.
– Two operating divisions did not consistently implement their processes, strategies and technologies for information system backup and storage, including the use of alternate storage and processing sites.
– One operating division did not manage its information and communications technology supply chain risks related to contingency planning activities.
Further, in addition to contingency planning shortcomings, the report noted issues in several other areas, including identity and access management as well as incident response.
Government isn’t perfect!
https://www.govinfosecurity.com/hhs-information-security-program-still-not-effective-a-16381
Xinyi Zheng says
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.
After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers.
In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Unfortunately, many organizations were not able to patch systems and/or remove associated malware that was installed.
In what appears to be the first known operation of its kind, the FBI “removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.”
https://www.securityweek.com/fbi-agents-secretly-deleted-web-shells-hacked-microsoft-exchange-servers
Heather Ergler says
https://www.businessnewsdaily.com/1428-recovering-september-11-terrorist-attack.html
This article lays out what happened to businesses 10 years after 9/11, which firms had zero interruption in business and which firms no longer exist. The difference between the organizations that thrived versus those that did not tie back to preparation and planning. A thorough incident and disaster recovery plan that has been tested and has humans familiar with bringing a business back on line is necessary for any firm.
Prince Patel says
https://www.yeahhub.com/top-6-techniques-to-bypass-an-ids-intrusion-detection-system/
Techniques To Bypass An IDS (Intrusion Detection System).
This article talks about different techniques used by attackers to bypass or evade Intrusion detection systems. These techniques are:
Insertion attack
Denial of Service Attack
Obfuscating and encoding
Session splicing and fragmentation
Invalid packets
polymorphic shellcodes