Blog|Login|中文Deutsche日本語
36 posts from November 2011
November 20, 2011
 Recycled Medical Records Wind Up as Coloring Paper
Pin It

Not as severe as the water system being attacked in Illinois, but certainly more entertaining:

Detailed medical information discovered on the back of a first-grader’s school drawing sent Minneapolis school officials scrambling.

Jennifer Kane was tidying her dining room when she found the drawing by her daughter, Keely, who goes to Hale Elementary School. On the back of the paper was the name, birth date and detailed medical information for a 24-year-old St. Paul woman named Paula White.

The paper was being used as scrap paper for an after school program at the elementary school.

 

 

November 18, 2011
 Norway Breached
Pin It

From the AP:

Data from Norway's oil and defense industries may have been stolen in what is feared to be one of the most extensive data espionage cases in the country's history, security officials said Thursday.

The agency said in a statement that this type of data-theft was "cost-efficient" for foreign intelligence services and that "espionage over the Internet is cheap, provides good results and is low-risk."

For context, Norway's national oil company, Statoil, is the 13th largest company in the world by revenue in 2010 according to Fortune.  Norway's government owns 67% of Statoil.

Given Norway's size and stature in energy production, today's announcement should come as no surprise. Cyber espionage is quickly becoming the #1 security priority for many organizations worldwide and today's announcement highlights why.

 

November 17, 2011
 SMBs in the Crosshairs
Pin It

A Symantec global survey of nearly 2,000 SMBs showed that 50 percent did not consider themselves an attack target. Looking at today’s threat landscape, this is a big misconception. If a site is online, regardless of its popularity, it will be targeted.

Why are SMBs attractive to hackers?
Hackers are going after low hanging fruits. These are the companies who are less security aware and do not have the proper defenses in place. According to the 2011 Verizon Data Breach Investigations Report, hackers are increasingly targetting smaller, softer, less reactive organizations since these provide a lower-risk alternative to better-defended financial institutions.

Why would someone want to hack an SMB site (an application or server)?

  • Data retrieval. Nearly all data may considered of value to any hacker who can later exchange this data on the cyber-underground. Hot commodities include the usual: credit card numbers, employee details, login credentials.
  • Malware hosting. Hackers hack legitimate sites to host malware on them. Visitors to these compromised sites may then unknowingly download the malware. The benefit to hackers is that they do not need to setup their own server. More importantly, since these sites are legitimate, it avoids the suspicions raised from dubious sites.
  • Compromising the company’s servers. A server under the hacker’s control, can be used to carry out further attacks against other targets. The hacker gains a couple of advantages. First, the hacker does not attack the target directly thus concealing their identity behind a legitimate server. Second, attacks originating from servers are powerful. In fact, as we've described in the past, one compromised server is equivalent to 3,000 compromised PCs under the hacker’s control.

How do hackers find an SMB site to hack?
Hackers are increasingly leveraging search engines such as Google, Yahoo! or Bing to scan the Web for vulnerable sites. With a list of potentially vulnerable resources, the attacker can create, or use a ready-made, script to exploit vulnerabilities in the pages retrieved by the search campaign. In August 2011 USA Today reported that 8 million websites, mostly belonging to small companies, were infected and hosting malware. In this case, the hackers used the technique of “scan and exploit” in order to conduct such a massive attack campaign within such a short period of time.

How can SMBs protect their sites?
Attacks today are completely opportunistic in nature. Organizations can overcome these threats, by introducing different security measures into the systems:

  • Placing security devices on site. For example, placing a Web Application Firewall (WAF). A WAF is a device which inspects incoming traffic targeted at the application and alerts on malicious traffic. WAFs may or may not be combined with application vulnerability scanners which test the application itself for known vulnerabilities. However, these tools usually prove to be too costly for SMBs.
  • Building secure application code. This will solve the root cause of the issues. However, many SMBs are reluctant to choose this path as returning the code to development is expensive: it requires developers who are more experienced with security, delayed releases, and is a never-ending process.
  • Using the cloud to provide security. Different offerings exist which allow traffic to be re-routed via a security offering in the cloud. These services sift out the bad traffic from the good so that eventually only the good traffic arrives at the application. This is usually the preferred choice for SMBs as cloud offerings are cheaper and are usually provided as subscription-based services based on traffic throughput. 

 

November 16, 2011
 Human Error
Pin It

Great cartoon that an Imperva sales rep scanned and sent to me (click to BIGGIFY):

Human Error

 

 Top 11 Data Breaches from 2011: #1
Pin It

To see the other breaches that made the list:
#11
#10
#9
#8
#7
#6 
#5 
#4 
#3 
#2 

 

#1:  Cyber espionage attacks

Summary:  The major effort attack US and other countries to steal data and IP had catapulted cyber espionage to the top of many companies' priority list.

Details:  Several countries, notably China, are using cyber espionage to catch up with Western competitors as well as establish military parity.  In a rare interview, SkyNews UK captured on film a Chinese businessman who described how he works with the government to hack his Western competitors:

The conference also highlighted the murky connections between hackers and the Chinese government.

One man who identified himself as a policeman said: "We're here to see if they have anything we can use. If there is, then we'll get in touch with them, and take the next step."

The cost has been tremendous.  In fact, this will likely go down as quote of the year:

Exploitation of sensitive data has generated "the greatest transfer of wealth that's gone on in history," Gen. Keith Alexander, chief of U.S. Cyber Command.

Significance:

File:Unconditional warfare.jpg

  • Governments, especially China, are living up to their objectives which were outlined in "Unrestricted Warfare" (cover above).  One of the key components of the book was "network warfare."
  • The cost has been tremendous.  The office of Counter Intelligence released a report saying that between $2 and $400 billion in losses occurred due to cyber espionage.  (We detailed this report previously).

 

 

 

 Using Stolen Certs To Bypass Detection
Pin It

Once more we are seeing an example of the growing trend in the theft of issued certificates by cyber-criminals.

This time, F-Secure published an analysis of a widespread malware strain which used a stolen certificate belonging to the Malaysian Agricultural Research and Development. By using the stolen certificate, the malware appears to the operating system as a legitimate application and thus evades detection.

We can expect to see more stories of stolen certificates in the upcoming year, as hackers have come to understand that the weakest link in SSL is the Public Key Infrastructure (PKI). PKI deals with all aspects of digital certificates – and hackers are launching a brutal attack against it. Attackers have repeatedly compromised various Certificate Authorities (CA) organizations this year including DigiNotar and GlobalSign.

This is a direct consequence of the commoditization of certificates as smaller, less competent organizations are taking larger pieces of the certificate market. At the same time, any CA can issue a digital certificate for any application not having to receive consent from application owner. When hackers gain control on any CA they can use it to issue fraudulent certificates and masquerade any website.

The same is true for code signing certificates:  stealing the organization's code signing certificate is like stealing its rubber stamp. A stolen rubber stamp enables the attacker to sign checks and fill in an arbitrary amount and recipient. The bank will trust the check since it's signed. A stolen code signing certificate enables the attacker to sign on whatever code they like. The browser will trust the downloaded code since it is properly signed. Therefore, code signing certificate is, and will continue to be, a prime target for malware distributers.

 

November 15, 2011
 Top 11 Data Breaches from 2011: #2
Pin It

This week, we begin our countdown of the 11 most interesting breaches of 2011.  Imperva will host a webinar detailing these breaches on Nov 16th.  To sign up, click here.

To see the other breaches that made the list:
#11
#10
#9
#8
#7
#6 
#5 
#4 
#3 

 

#2:  Military and Government Websites Up For Sale

Slbrche1
(Click to BIGGIFY).

SummaryHacker builds a business on SQL injection vulnerabilities alone. 

Details:  Tons of websites were constantly scanned for SQL injection vulnerabilities.  Dozens of sites were exploited and the admin credentials were sold to other hackers.  For example, for the price of an iPad, $499, you could have access to a military website.

Why Significant?  SQL injection has proved to be the costliest, most prevalent vulnerability in history.  This site best illustrates this just how widespread SQL injection has become as a hacker developed a way to monetize the vulnerability. 

 

 Top 11 Data Breaches from 2011: #3
Pin It

This week, we begin our countdown of the 11 most interesting breaches of 2011.  Imperva will host a webinar detailing these breaches on Nov 16th.  To sign up, click here.

To see the other breaches that made the list:
#11
#10
#9
#8
#7
#6 
#5 

 

#3:  Sony

Sony

Sony stock performance:  Nov 2010-Nov 2011.

SummaryHacktivists broke into Sony worldwide, stealing about 100M data records (about 12M unencrypted).

Details:  Sony's video game online network was breached which led to the theft of names, addresses and credit card data.

Why Significant? 

  • By volume, the largest data breach of the year.
  • Has kept a permanent drag on Sony’s stock.
  • SQL injection made it onto the agenda of board rooms worldwide.
  • This breach forever shifted the purpose of hacktivism from defacement to data theft.  The hacker's intent wasn’t to embarrass a company, but rather to bring it down.

 

November 14, 2011
 Top 11 Data Breaches from 2011: #4
Pin It

This week, we begin our countdown of the 11 most interesting breaches of 2011.  Imperva will host a webinar detailing these breaches on Nov 16th.  To sign up, click here.

To see the other breaches that made the list:
#11
#10
#9
#8
#7
#6 
#5 

 

 

 #4:  Phone Hacking in the UK


Summary:  Reporters from the UK’s News of The World hacked into the voicemail of several people, including a murder victim, to gather information.

Detailshttp://en.wikipedia.org/wiki/News_International_phone_hacking_scandal

Why Significant?  Insiders became hackers and brought down a newspaper and seriously damaged the News Corporation.  More importantly, this episode showed how hacking becomes part of our everyday lives--reminding us that hacking doesn't require strong knowledge of computer systems.

 

 

 Top 11 Data Breaches from 2011: #5
Pin It

This week, we begin our countdown of the 11 most interesting breaches of 2011.  Imperva will host a webinar detailing these breaches on Nov 16th.  To sign up, click here.

To see the other breaches that made the list:
#11
#10
#9
#8
#7
#6 

 

 

#5: PBS

Frontline

Summary: Hacktivists broke into the PBS website and exposed thousands of usernames and passwords as well as defaced the news site, resurrecting dead rapper Tupak Shakur.

Details: We dissected this breach when it happened.

Why Significant: Brought hacktivism to the media, hacking wasn’t just a “corporate” issue anymore. Anyone could be a target. After this event, hacktivism was no longer a temporary blip on the radar, it became something that had staying power.  Anonymous was anything but.

 

 

Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Authors
Monthly Archives
Email Subscription
Sign up here to receive our blog: