DOCSLIB.ORG

Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide ;

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide ; ; 1 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide CONTENTS CYBER WARNINGS Published monthly by Cyber Defense Magazine and distributed electronically via opt-in Email, HTML, PDF and From the Editor’s Desk .................................................... 4 Online Flipbook formats. Not Ocean’s 14 ............................................................... 5 PRESIDENT An Alan Turing-Inspired Solution to the Cybersecurity Stevin Miliefsky [email protected] Labor Shortage ............................................................... 8 EDITOR WHY BIOMETRICS IS A SECURITY ESSENTIAL…AND SO IS DISABLING IT ASAP .......................................... 12 Pierluigi Paganini, CEH [email protected] 5 Keys to Protecting your Company’s Online Finances 16 ADVERTISING Don’t be an Easy Target ............................................... 18 Jessica Quinn [email protected] The CIO discuss information security leadership .......... 22 KEY WRITERS AND CONTRIBUTORS WannaCry/Ransomware? Secure your Enterprise Using Charles Parker, II Blockchain-Enabled Cybersecurity................................ 24 Xuyen Bowles Doug Ramos Dixie Somers The challenges of interference within modern industrial Michael Ryan systems ......................................................................... 26 Myles Suer Narayan Neelakantan Milica D. Djekic Hacking: Cheaper than a Nando's chicken. .................. 30 Jonathan Stock Lee David Painter Daniel Jetton Don’t Become Another Data Breach Statistic ................ 42 Jerald (Trip) Nine Asher de Metz Fernando Cuervo The Internet of Things ................................................... 45 Kurt Long Ryan Orsi Is Your Company’s Data Being Sold on the Dark Web? 51 Hunter Bannister Pascal Bergeot François Amigorena Five tips for educating your employees on cyber security Rodrigo Ruiz Rogério Winter ...................................................................................... 53 Hannah Elias (Lou) Manousos Yet Another Case for Viable Back-Ups and Testing...... 57 Jami Mills Vibbert Interested in writing for us: WannaCry ‘Remedies’: The Second Wave of Attacks .. 59 [email protected] The Risks (and Prevention) of Crime-as-a-Service in CONTACT US: Healthcare ..................................................................... 63 Cyber Defense Magazine Toll Free: +1-800-518-5248 Fax: +1-702-703-5505 Part III: Current and Future IoT Threats ........................ 66 SKYPE: cyber.defense Magazine: http://www.cyberdefensemagazine.com Post-Quantum Information Security .............................. 71 Copyright (C) 2017, Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC The intelligent control systems and their perspectives .. 76 848 N. Rainbow Blvd. #4496, Las Vegas, NV 89107. EIN: 454-18- 8465, DUNS# 078358935. All rights reserved worldwide. [email protected] Reducing the attack surface: how to empower your staff while keeping your network secure ............................... 80 Executive Producer: Gary S. Miliefsky, CISSP® How context-aware security adds layers of protection to single sign-on services .................................................. 82 2 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide 5 ways small businesses can be affected by a cyber National Information Security Group Offers FREE security breach .............................................................. 86 Techtips ....................................................................... 118 Lazarus: Data Leakage With Cryptographic System ..... 95 Job Opportunities ........................................................ 119 Legal Steps of Action to Take If Your Privacy Has Been Free Monthly Cyber Warnings Via Email ..................... 119 Compromised by the State ............................................ 97 Cyber Warnings Newsflash for June 2017 .................. 122 Trump’s Cybersecurity Executive Order: A Promising Start to Securing Digital Infrastructure...But Don’t Forget What’s Beyond the Firewall ......................................... 101 State Cybersecurity Regulation: Another Patchwork Approach? ................................................................... 104 NK is the new Iraq? ..................................................... 109 NSA Spying Concerns? Learn Counterveillance ......... 114 Top Twenty INFOSEC Open Sources ......................... 117 3 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide From the Editor’s Desk Dear Readers, Here at Cyber Defense Magazine, we are all about continuing to focus on best practices and solutions for you. Cyber Warnings monthly e-magazine covers hot INFOSEC topics with some of the best advice from industry experts. In 2017, we should focus on best practices at logging, encryption of data at rest and in transit, and system hardening through vulnerability remediation. Our future depends upon the cyber security skills of teens and college students entering our field. Let’s continue to share a wealth of information with each other to stay one step ahead of the next cyber threat. To our faithful readers, Enjoy Pierluigi Paganini Pierluigi Paganini, Editor-in-Chief, [email protected] 4 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide Not Ocean’s 14 Casinos are also an e-Target by Charles Parker, II Casinos are no different than an accounting firm, hospital, or manufacturer in at least one sense when cybersecurity is the common thread. These entities hold data that people want to steal. This data is then sold or otherwise leveraged for their own uses to generate revenue or simply sold. One industry not researched at length has been the casinos. These businesses tend to focus more on the physical security as the workers handle mass amounts of cash, the chips, and playing cards. Granted this is exceptionally important. Without a robust physical security program in place, the physical items of value would simply walk out. The risk of a physical theft is a completely viable area to secure, as much as possible. As part of the overall security program, data security also should be addressed and implemented. Although the risk of a physical theft is present, the data security risk is ever present. The person(s) do not have to be physically present on site to steal money or to sabotage the system. This attack may be exercised from virtually anywhere in the world with an adequate internet connection. Attack Casinos are just as likely as other entities to be a victim of a breach. This was the case with the Grey Eagle Casino in Calgary when their employee data was compromised. The entry point for the attack was a computer in the Human Resources office that had been compromised. The data and information stolen consisted of confidential letters, and files. These did have dozens of employee’s names and personal information. To authenticate this, the data was posted online from approximately 12 documents affected over 12 employees. Although the entry point was a Human Resources computer, the method utilized, by the attacker, was phishing attack. The form was a phishing email with a malicious link or the user ended up logging into a malicious website. Although this compromise was embarrassing enough, this compromise could have been much worse. This incident was isolated with one system. In theory, it would have not been too far of a bridge for the attackers to branch out and infect other computers on the network or the servers. Other data could have been harvested. The casino could also have been a victim of widespread ransomware. 5 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide Remediation This was a serious attack with serious consequences. To work towards this not occurring any time soon, the casino may implement employee training sessions. These would need to be regular and applicable. If videos were to be used, these would not consist of the same bland ones shown for the last ten years. This attack made it rather apparent that the email system’s security was rather out of date or just not functioning well. The filter for phishing, spam and other malware should red flag and quarantine these. To further decrease the opportunity for this to happen again, phishing campaigns should also be completed. With these in place, the user will increase their awareness in the last a bit, which in certain instances, all that is needed. This may be accomplished with training, videos being viewed, and other methods. The business may also send emails with written training with a questionnaire at the end of the email to verify the material was read and understood. Attacks will come from many sources throughout the globe. At times, if the attackers know there is a vulnerability, the business will have a rather large bulls-eye on it and attacks would only increase. Resources Globalnews.ca. (2017, January 27). Security experts call grey eagle casino security breach wake up call. Retrieved from https://reportca.net/2017/01/security-experts-call-grey- eagle-casino-security-breach-a-wakeup-call/ Sosiak, M. (2017, January 25). Grey eagle casino employees information leaked in major privacy breach. Retrieved from http://www.newslocker.com/en-au/region/casino/grey-
Load more

Recommended publications
  • Iot Threats, Challenges and Secured Integration
    IoT Threats, Challenges and Secured Integration Christian Shink, p. eng., CSSLP System Engineer • Why IoT Devices? • Bot Attacks • 3 Botnets fighting over IoT Firepower • Secure IoT integration Why IoT Devices Internet of Things Internet working of physical devices, vehicles, buildings, … Devices embedded with electronics, software, sensors, actuators Network connectivity Any Path Any Service Any Network Anytime Any Business Any context Anyone Machinery Anybody Building energy Anything Management Any Device Healthcare Retail A Rapidly Growing Number of Connected Devices Copyright © 2017 Radware. All rights reserved. IoT is Highly Susceptible to Cyber Attacks IoT devices run an embedded or stripped-down version of the familiar Linux operating system. 1 Malware can easily be compiled for the target architecture, mostly ARM, MIPS, x86 internet-accessible, lots of (I)IoT and ICS/SCADA are deployed without any form of 2 firewall protection Stripped-down operating system and processing power leaves less room for security 3 features, including auditing, and most compromises go unnoticed by the owners To save engineering time, manufacturers re-use portions of hardware and software in different 4 classes of devices resulting in default passwords and vulnerabilities being shared across device classes and manufacturers Internet Security Trend report 2015 by Nexus guard: IoT is becoming a soft target for cyber-attack Copyright © 2017 Radware. All rights reserved. From the News “D-Link failed to take reasonable steps to secure its routers and IP cameras, potentially compromising sensitive consumer information” “The cameras aren’t designed to receive software updates so the zero-day exploits can’t be patched.” “We believe that this backdoor was introduced by Sony developers on purpose” Sources: 1.
    [Show full text]
  • Curriculum Vitae Laurent Mottron
    CURRICULUM VITAE LAURENT MOTTRON Table des matières SECTION I - IDENTIFICATION ET POINTS SAILLANTS DE CARRIÈRE ........................................... 3 SECTION II - FORMATION, DIPLÔMES ............................................................................................. 4 Diplômes .......................................................................................................................................... 4 Études post-doctorales ..................................................................................................................... 4 SECTION III – HONNEURS ................................................................................................................. 5 Bourses de formation et soutien salarial ........................................................................................... 5 Prix et distinctions ............................................................................................................................. 5 SECTION IV - CARRIÈRE ACADÉMIQUE .......................................................................................... 7 Poste de professeur .......................................................................................................................... 7 Poste de direction ............................................................................................................................. 7 SECTION V – EXPERTISE PROFESSIONNELLE .............................................................................. 8 1. Comités de pairs nationaux
    [Show full text]
  • Výroční Zpráva 2018
    Výroční zpráVa 2018 V národním ústaVu pro autismus, z. ú. poskytujeme od roku 2003 širokou nabídku služeb pro lidi s poruchou autistického spektra (pas) a jejich rodiny z celé české republiky. a 15 let pomáháme sVětu porozumět autismu a lidem s autismem porozumět sVětu stručně o poruchách autistického spektra (pas) co je autismus? dinný život. I přes různá možná nadání a silné živých situací, vztahy v rodinách bývají napjaté ních dovedností, nebo analyzují a řeší prob - Autismus je vrozená neurovývojová porucha stránky všem osobám s touto diagnózou a jednotliví členové rodiny jsou vystaveni vel - lémové chování . Někteří pracovníci poskytují způsobující deficit v sociálních a komunikač - komplikuje autismus život. Dopad autismu na kému stresu, který často může vést až k roz - odborné poradenství pobytovým zařízením ních schopnostech, která ovlivňuje mnohé člověka a na jeho rodinu lze považovat za zá - padu rodiny a psychickým obtížím souro - sociální péče, které mají v péči klienty s PAS. oblasti života a navenek se projevuje nestan - važný a handicapující. zenců. Založili jsme sociální podnik – Nakladatelství dardním, často sociálně problémovým (spíše PASPARTA , který zaměstnává lidi s autismem. problematickým) chováním. Osoby s autis - jaký problém Ve společnosti řešíme? co děláme pro zlepšení žiVota lidí Podporujeme také činnost tzv. sebeobhájců – mem mají sice mnoho společného, ale záro - Výskyt autismu v populaci je cca 1–2 %. Autis - s autismem a jejich rodin? lidí s PAS, kteří se snaží prosazovat své názory veň se od sebe i výrazně odlišují. Mezi poruchy mus ovlivňuje nejen život lidí s touto diagnó - Poskytujeme komplexní nabídku služeb pro a svá práva ve společnosti. Máme ucelený sys - autistického spektra (PAS) spadá kromě dět - zou, ale také jejich rodiny a širší okolí.
    [Show full text]
  • Specialisterne & SAP: a Partnership for Access to Markets, Multiple
    Boosting Social Enterprise Development Good Practice Compendium © OECD/European Union, 2017 Chapter 19 Specialisterne & SAP: A partnership for access to markets, multiple countries/ Denmark Specialisterne and SAP have established a partnership that aims to harness the special skills of people with autism, and provide them with training and work- integration opportunities. To this end, they have implemented the “Autism at Work Programme”. This chapter describes the partnership’s objectives, rationale and key activities, together with the challenges faced in implementing it and the impact it has achieved to date. It concludes with the lessons learnt and the conditions for transferring this practice to another context. Summary While people with autism spectrum disorder (ASD) have unique skills – for example, an outstanding memory or a remarkable eye for detail, a structured way of working, the ability to think outside the box and perform repetitive tasks with ceaseless enthusiasm – they struggle with social interaction and personal communication. Specialisterne (“The Specialists”) is a social enterprise established in Denmark in 2004 to pioneer new ways of harnessing the untapped skills of people with ASD and empower them by matching them with businesses in need of information technology (IT) experts. An impact assessment of Specialisterne concluded that its consultants have become valuable contributors to the labour market and solid taxpayers, less reliant on social-welfare contributions. In 2008, Specialisterne Foundation (SPF) was established to scale the Specialisterne model and impact, with the objective of creating one million jobs globally for people with ASD by 2025. To this end, it has developed partnerships with international 215 19.
    [Show full text]
  • Webinar Transcript
    ROUGH EDITED COPY CONFERTEL CONFERTEL-RESPECTABILITY 6269025 JULY 27, 2016 * * * * * This is being provided in a rough-draft format. Communication Access Realtime Translation (CART) is provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. * * * * >> Good afternoon, everybody. And welcome to the Respectability webinar for July 27, 2016. I'm delighted to be here with you today, one day after the 26th anniversary of The Americans with Disabilities Act. We're excited to be joined today by Thorkil Sonne. If you've been working on the employment issues with people with disabilities, you probably heard the name Thorkil come up. And that is with some very good reason. He's been doing amazing, innovative work with employment opportunities, high technology jobs with people in the Autism Spectrum. We're delighted to be here today to share his experiences to show-- what it does and we always with these webinars, we want to bring in the leaders and game changers who are at the frontlines with jobs with people with a wide variety of disabilities. We're glad to be here with Thorkil. Our webinar is possible by the wonderful support of JP Morgan Chase. After this webinar, in a couple of days, we shall be posting a recording of this session as well as a copy of the PowerPoint slides that we're going to be going through today. And after Thorkil has gone through his, we'll have a time for questions and answers. We'll have the operator tell you how to dial in.
    [Show full text]
  • The National Autism Project: Aims and Objectives
    The National Autism Project: aims and objectives The National Autism Project: Address for correspondence aims and objectives E-mail: ian@ nationalautismproject. org.uk C Ian Ragan, London Editorial comment Dr Ian Ragan is the director of the National Autism Project (NAP), launched in April 2015 and funded by The Shirley Foundation. In this paper, he describes the key aims of the project and the advisers and organisations who are contributing to this work. He makes the case that the spending on autism, relative to other conditions, is very low and that this has limited the progress on identifying the most effective interven- tions. It is hoped that data will be gathered on the cost-benefit of different services and strategies which can then be used strategically to inform future practice in health, education and social care and the voluntary sector. Readers of the GAP Journal who would like to read more about NAP or contribute to its work can visit the website www.nationalautismproject.org.uk. Note: The term autism is used throughout this paper to denote all individuals on the autism spectrum, including those with Asperger syndrome. Introduction All charities face the issue of deciding how best to spend for young people and adults? Can we be sure that ‘ben- their money and to justify their existence to their donors, efits’, as normally defined by the neurotypical majority, supporters and beneficiaries. They can augment their are really meeting the needs of the autistic minority? in-house expertise with the opinions of independent It was to try and find answers to such questions that experts but every organisation still needs to develop Dame Stephanie (Steve) Shirley with others developed its own strategy, its future direction, and its goals and the idea of the National Autism Project (NAP) which was ambitions.
    [Show full text]
  • Internet Infrastructure Review Vol.34
    Internet Infrastructure Review Mar.2017 Vol. 34 Infrastructure Security Ursnif (Gozi) Anti-Analysis Techniques and Methods for Bypassing Them Technology Trends The Current State of Library OSes Internet Infrastructure Review March 2017 Vol.34 Executive Summary ............................................................................................................................ 3 1. Infrastructure Security .................................................................................................................. 4 1.1 Introduction ..................................................................................................................................... 4 1.2 Incident Summary ........................................................................................................................... 4 1.3 Incident Survey ...............................................................................................................................11 1.3.1 DDoS Attacks ...................................................................................................................................11 1.3.2 Malware Activities ......................................................................................................................... 13 1.3.3 SQL Injection Attacks ..................................................................................................................... 17 1.3.4 Website Alterations .......................................................................................................................
    [Show full text]
  • Dragon Con Progress Report 2021 | Published by Dragon Con All Material, Unless Otherwise Noted, Is © 2021 Dragon Con, Inc
    WWW.DRAGONCON.ORG INSIDE SEPT. 2 - 6, 2021 • ATLANTA, GEORGIA • WWW.DRAGONCON.ORG Announcements .......................................................................... 2 Guests ................................................................................... 4 Featured Guests .......................................................................... 4 4 FEATURED GUESTS Places to go, things to do, and Attending Pros ......................................................................... 26 people to see! Vendors ....................................................................................... 28 Special 35th Anniversary Insert .......................................... 31 Fan Tracks .................................................................................. 36 Special Events & Contests ............................................... 46 36 FAN TRACKS Art Show ................................................................................... 46 Choose your own adventure with one (or all) of our fan-run tracks. Blood Drive ................................................................................47 Comic & Pop Artist Alley ....................................................... 47 Friday Night Costume Contest ........................................... 48 Hallway Costume Contest .................................................. 48 Puppet Slam ............................................................................ 48 46 SPECIAL EVENTS Moments you won’t want to miss Masquerade Costume Contest ........................................
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • Training & Conferences
    WWW.ISSA - COS.ORG VOLUME 6 NUMBER 6 J U N E 2 0 1 7 Training & Conferences olleagues, Our first Security+ Exam Prep Review Seminar, held on April 1 and 8, was another Hard to believe, but we’re almost huge success – as it always is – thanks to C half-way through the year. Our the exceptional work by Susan Ross and our impressive team of volunteers has volunteer instructors. And our second dedicated much time and effort to bring a Security+ Seminar kicks off in just a few variety of events to our membership. This days! Each of these seminars provides a 12- chapter hosts a lot of amazing events, all hour comprehensive due to the efforts of our review of the CompTIA volunteers. Security+ exam material. Our first conference of A Note From Over 50 students the year, the Cyber Focus registered for these Day (CFD), was a huge Seminars! success! We had over 200 Our President We held eight people attend the one-day membership meetings, in conference, earning seven Jan, Feb, Apr, and May, continuing education units. four at lunchtime and four If you weren’t able to in the evening. If you attend CFD this year, you haven’t made it to our missed some great presen- monthly meetings, here’s tations! what you missed so far: Our Training Commit- tee held two Mini- By Ms. Colleen Murphy Airport Security, by Seminars, providing three Dr. Shawn Murray continuing education opportunities for each What Constitutes mini-seminar, with more Mini-Seminars on Reasonable Security?, by Mr.
    [Show full text]
  • 10Th European Feminist Research Conference Difference, Diversity, Diffraction: Confronting Hegemonies and Dispossessions
    10th European Feminist Research Conference Difference, Diversity, Diffraction: Confronting Hegemonies and Dispossessions 12th - 15th September 2018 Georg-August-Universität Göttingen, Germany BOOK OF ABSTRACTS IMPRINT EDITOR Göttingen Diversity Research Institute, Georg-August-Universität Göttingen, Platz der Göttinger Sieben 3, 37073 Göttingen COORDINATION Göttingen Diversity Research Institute DESIGN AND LAYOUT Rothe Grafik, Georgsmarienhütte © Cover: Judith Groth PRINTING Linden-Druck Verlagsgesellschaft mbH, Hannover NOTE Some plenary events are video recorded and pictures may be taken during these occasions. Please notify us, if you do not wish that pictures of you will be published on our website. 2 10th European Feminist Research Conference Difference, Diversity, Diffraction: Confronting Hegemonies and Dispossessions 12th - 15th September 2018 Georg-August-Universität Göttingen, Germany BOOK OF ABSTRACTS 10TH EUROPEAN FEMINIST RESEARCH CONFERENCE 3 WELCOME TO THE 10TH EUROPEAN FEMINIST RESEARCH CONFERENCE ”DIFFERENCE, DIVERSITY, DIFFRACTION: WELCOME CONFRONTING HEGEMONIES AND DISPOSSESSIONS”! With the first European Feminist Research Conference (EFRC) in 1991, the EFRC has a tradition of nearly 30 years. During the preceding conferences the EFRC debated and investigated the relationship between Eastern and Western European feminist researchers (Aalborg), technoscience and tech- nology (Graz), mobility as well as the institutionalisation of Women’s, Fem- inist and Gender Studies (Coimbra), borders and policies (Bologna), post-communist
    [Show full text]
  • Прогнозы На 2018 Год Kaspersky Security Bulletin: Прогнозы На 2018 Год
    Kaspersky Security Bulletin: ПРОГНОЗЫ НА 2018 ГОД KASPERSKY SECURITY BULLETIN: ПРОГНОЗЫ НА 2018 ГОД СОДЕРЖАНИЕ Введение .......................................................................................................3 APT-угрозы по прогнозам глобального центра исследования и анализа угроз (GReAT) ........................................4 Введение ..................................................................................................5 Оглядываясь назад ...............................................................................6 Чего ждать в 2018 году? ....................................................................7 Вывод ......................................................................................................20 Прогнозы по отраслям и технологиям ......................................21 Прогнозируемые угрозы в автомобильной отрасли ...... 22 Прогнозируемые угрозы в отрасли «подключенной» медицины ........................................................ 27 Прогнозируемые угрозы и мошеннические схемы в финансовой отрасли ......................................................31 Прогнозируемые угрозы в сфере промышленной безопасности ..................................................................................... 36 Прогнозируемые угрозы для криптовалют ...........................41 2 KASPERSKY SECURITY BULLETIN: ПРОГНОЗЫ НА 2018 ГОД ВВЕДЕНИЕ В 2017 году опытные злоумышленники и хактивисты продол- жили серию дерзких атак и краж, которые прогремели на весь мир. Но в этом году внимание СМИ было приковано
    [Show full text]