Mapping FinFishers Surveillance Spyware

This is some great research done by CitizenLab.org on the FinFisher surveillance spyware. Check it out here. Great job, guys. 

Cyber Horror Stories From the Past Year

The eerie cyber season is upon us now, the time of year when the cyber ghouls are out looking for our data. This past year has been exceedingly spooky with major organizations being taken advantage of the cyber undead.  With this being Cyber Awareness Month we’d like to review a few of these attacks with you so that they can become part of your zombie security survival guide when the cyber apocalypse is pointed in your direction. Stay alert; you never know when these monstrosities will come after you next. Here are a few stories from the past year that will give you goosebumps.

We’ve noticed that 2015 is the year of the healthcare breach. These monsters have targeted healthcare over the past 12 months with wild abandon. Whether it is Anthem, Blue Cross, UCLA or any other casualty, these monsters have the taste for healthcare and want more of it. The industry as a whole has taken this very serious after seeing their peers eaten alive and is making strides to securing what they can before it’s too late. There is never a safe place from these beasts, but over the past 12 months the sea change in thinking for healthcare has been eye-opening. The entire industry is putting in defenses today that wouldn’t have been there if not for these vicious attacks. The carnage of these assaults has sparked a flame in healthcare, one that will hopefully continue to shine brightly. Otherwise, they’ll be the next ones to the stake.

The government has also become, or should I say always was, a favorite target for cyber witches that continue to plague their security. We noticed some advanced witchcraft thrown out the government this year in the forms of the OPM and IRS hacks. The enchantresses behind these breaches were sophisticated and able to craft unstoppable spells over the government networks who weren’t ready for their potent effect of data lose. These attacks were used to gain more insight into government employees and could only be the beginning of their spells. The stolen data these witches stole will probably be used later on to create a more refined incantation using this pinched data as an ingredient in their cauldron for an even greater conjuring of evil towards the government and their employees. The government as a whole needs to wake up and start making changes that will protect themselves from these types of attacks. They’re the biggest target to these overseas witches and will be for years to come.

 Something interesting we saw this year, that we don’t see every day, was a group of cyber fiends being hunted down by what seems like a another individual to usurp them from their evil throne. This of course was the “Hacking Team” hack, where the group “Hacking Team” was selling surveillance and malware to countries to spy on their people. The zombie hunting Phineas Fisher, who’s could play both hero and villain, defended these countries by exposing “Hacking Team” for what they really were. It’s interesting to watch these cyber vigilantes come right after evil, while toeing the line of becoming exactly what they’re fighting against. This battle for cyber purity is one that can swallow up a person, or group for that matter, if they’re not careful.

My dear friends, it’s been a terrifying 2015 and one that gives us reason to worry. Let’s use this Cyber Awareness Month as a way to educate others against ghouls on the internet lurking in the dark webs ready to pounce. Constant diligence and education will keep us safe, because you never know when they’ll strike. Let us be like Ghost Busters and team up together to let everyone know that “We ain’t afraid of no ghosts!”

Best Practices to Prepare for a Cyber Attack

The war is coming and it's a matter of time before you're attacked, assuming you aren't already under attack which you most likely are, and if you're not actively preparing for this event you'll be destroyed when it happens. There needs to be a plan of action, there needs to be training, there needs to be assigned roles, or you'll be scrambling during an incident. This article I wrote helps explain a few areas that should be done now in preparation of an incident. It's better to be prepared, rather than making it up in the heat of the moment. Knowing is only half the battle.

http://blog.algosec.com/2015/10/10-best-practices-to-help-you-prepare-for-a-cyber-attack.html

Don't Mess with Brian Krebs

If you mess with the Krebs you get the horns. Great article. 

Review of some best #CyberAwareTips

Tripwire recently correlated a few of the better cyber security awareness advice from the hashtag #CyberAwareTips for National Cyber Security Awareness Month (NCSAM). You can check out mine and others advice on this aggregated blog from Tripwire:

http://www.tripwire.com/state-of-security/security-awareness/cyber-aware-tips-how-to-stay-safe-online/

How NOT to be a Victim of Social Engineering [Cyveillance]

Here's a great infographic from Cyveillance about "How NOT to be a Victim of Social Engineering. To read the entire blog post please take a look here. Well done, Cyveillance.

New Amazon Application Security Services

Okay, the cloud is dangerous and everyone should stop using it before it rains down your data upon all those it wasn't intended for, right? We'll, not really. There are times when keeping data in house is an ideal solution, but there are other times when pushing data to the cloud is completely viable approach. This is all about knowing your security risk appetite and understanding the data that's being hosted in the cloud and the security of the cloud provider. With this being said, Amazon has taken great strides in helping ease the "security of the provider" concern. Take a look at the following two products that Amazon recently released recently:

• Amazon WAF: https://aws.amazon.com/blogs/aws/new-aws-waf/
• Amazon Inspector: https://aws.amazon.com/blogs/aws/amazon-inspector-automated-security-assessment-service/

These two services assist greatly with running any type of web application off Amazon's AWS service. Many startups and lower income businesses are using Amazon to run their applications, as well as many very large companies, but for those without the revenues to purchase these services elsewhere Amazon has really created a secure ecosystem to keep clients from outgrowing their services from a security standpoint. This is a huge step forward for them and I'm personally very excited about seeing where they're going in the future. 

Building a cybersecurity culture in the workplace

We all know that attackers are coming after your users, this shouldn't be a surprise. We need to find better ways to have security awareness sink into their minds, because they're the first line of defense. They are the weakest links in your networks and systems. If they're not trained you're at even more of a risk of data breaches. It's really that simple. Also, all groups shouldn't be trained the same and having the dedicated training per group (administrators, marketing, finance, etc) will assist with getting a focused education and assist with better protection of your users.

Here's an article I collaborated with the good folks at Tripwire regarding some other cybersecurity culture training tips for the workplace.

http://www.tripwire.com/state-of-security/security-awareness/3-tips-on-how-to-create-a-cyber-security-culture-at-work/

Comparing MDM Solutions (IMO)

Here's my thoughts on how to compare mobile device management (MDM) when looking to purchase a system to manage your mobile devices. As the mobile market grows so does the risk of your data and internal networks being compromised on these devices. Here's a few criteria on how to make an educated decision on which MDM is right for your organization:

http://searchsecurity.techtarget.com/feature/Comparing-the-best-mobile-device-management-products

Who let the data out?! Time for effective egress filtering!

We've seen way to many organizations have data breaches due to not having proper egress filtering configured. Many places are still only worried about what's making it's way into the network and aren't concerned about what's leaving the network. This could be the difference between an attacker making it into your network and an attacker leaving with your data. If they aren't able to get data out, there's no data loss and this limits the risk of the compromise.

http://blog.algosec.com/2015/09/dont-let-the-data-out-tips-for-effective-egress-filtering.html

Security Metrics Crowdsourced Blog

If you're building a security dashboard with metrics for executives, or anyone for that matter, take a look at this blog assembled by Tripwire regarding "Top 10 Tips for Building an Effective Security Dashboard". Tip #6 is especially interesting ;)

http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/the-top-10-tips-for-building-an-effective-security-dashboard/

Cyber Security Awareness Month #CyberAwareTips

October has been deemed "Cyber Security Awareness Month" by many major security companies and it's something, that if used correctly, could be of great assistance to those that might not be as cyber-savvy. I've been posting a few tips to Twitter with the hashtag #CyberAwareTips, along with many others. Let's see how much traffic we can generate with this hashtag and get the word out this month.