; 1 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide CONTENTS CYBER WARNINGS Published monthly by Cyber Defense Magazine and distributed electronically via opt-in Email, HTML, PDF and From the Editor’s Desk .................................................... 4 Online Flipbook formats. Not Ocean’s 14 ............................................................... 5 PRESIDENT An Alan Turing-Inspired Solution to the Cybersecurity Stevin Miliefsky [email protected] Labor Shortage ............................................................... 8 EDITOR WHY BIOMETRICS IS A SECURITY ESSENTIAL…AND SO IS DISABLING IT ASAP .......................................... 12 Pierluigi Paganini, CEH [email protected] 5 Keys to Protecting your Company’s Online Finances 16 ADVERTISING Don’t be an Easy Target ............................................... 18 Jessica Quinn [email protected] The CIO discuss information security leadership .......... 22 KEY WRITERS AND CONTRIBUTORS WannaCry/Ransomware? Secure your Enterprise Using Charles Parker, II Blockchain-Enabled Cybersecurity................................ 24 Xuyen Bowles Doug Ramos Dixie Somers The challenges of interference within modern industrial Michael Ryan systems ......................................................................... 26 Myles Suer Narayan Neelakantan Milica D. Djekic Hacking: Cheaper than a Nando's chicken. .................. 30 Jonathan Stock Lee David Painter Daniel Jetton Don’t Become Another Data Breach Statistic ................ 42 Jerald (Trip) Nine Asher de Metz Fernando Cuervo The Internet of Things ................................................... 45 Kurt Long Ryan Orsi Is Your Company’s Data Being Sold on the Dark Web? 51 Hunter Bannister Pascal Bergeot François Amigorena Five tips for educating your employees on cyber security Rodrigo Ruiz Rogério Winter ...................................................................................... 53 Hannah Elias (Lou) Manousos Yet Another Case for Viable Back-Ups and Testing...... 57 Jami Mills Vibbert Interested in writing for us: WannaCry ‘Remedies’: The Second Wave of Attacks .. 59 [email protected] The Risks (and Prevention) of Crime-as-a-Service in CONTACT US: Healthcare ..................................................................... 63 Cyber Defense Magazine Toll Free: +1-800-518-5248 Fax: +1-702-703-5505 Part III: Current and Future IoT Threats ........................ 66 SKYPE: cyber.defense Magazine: http://www.cyberdefensemagazine.com Post-Quantum Information Security .............................. 71 Copyright (C) 2017, Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC The intelligent control systems and their perspectives .. 76 848 N. Rainbow Blvd. #4496, Las Vegas, NV 89107. EIN: 454-18- 8465, DUNS# 078358935. All rights reserved worldwide. [email protected] Reducing the attack surface: how to empower your staff while keeping your network secure ............................... 80 Executive Producer: Gary S. Miliefsky, CISSP® How context-aware security adds layers of protection to single sign-on services .................................................. 82 2 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide 5 ways small businesses can be affected by a cyber National Information Security Group Offers FREE security breach .............................................................. 86 Techtips ....................................................................... 118 Lazarus: Data Leakage With Cryptographic System ..... 95 Job Opportunities ........................................................ 119 Legal Steps of Action to Take If Your Privacy Has Been Free Monthly Cyber Warnings Via Email ..................... 119 Compromised by the State ............................................ 97 Cyber Warnings Newsflash for June 2017 .................. 122 Trump’s Cybersecurity Executive Order: A Promising Start to Securing Digital Infrastructure...But Don’t Forget What’s Beyond the Firewall ......................................... 101 State Cybersecurity Regulation: Another Patchwork Approach? ................................................................... 104 NK is the new Iraq? ..................................................... 109 NSA Spying Concerns? Learn Counterveillance ......... 114 Top Twenty INFOSEC Open Sources ......................... 117 3 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide From the Editor’s Desk Dear Readers, Here at Cyber Defense Magazine, we are all about continuing to focus on best practices and solutions for you. Cyber Warnings monthly e-magazine covers hot INFOSEC topics with some of the best advice from industry experts. In 2017, we should focus on best practices at logging, encryption of data at rest and in transit, and system hardening through vulnerability remediation. Our future depends upon the cyber security skills of teens and college students entering our field. Let’s continue to share a wealth of information with each other to stay one step ahead of the next cyber threat. To our faithful readers, Enjoy Pierluigi Paganini Pierluigi Paganini, Editor-in-Chief, [email protected] 4 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide Not Ocean’s 14 Casinos are also an e-Target by Charles Parker, II Casinos are no different than an accounting firm, hospital, or manufacturer in at least one sense when cybersecurity is the common thread. These entities hold data that people want to steal. This data is then sold or otherwise leveraged for their own uses to generate revenue or simply sold. One industry not researched at length has been the casinos. These businesses tend to focus more on the physical security as the workers handle mass amounts of cash, the chips, and playing cards. Granted this is exceptionally important. Without a robust physical security program in place, the physical items of value would simply walk out. The risk of a physical theft is a completely viable area to secure, as much as possible. As part of the overall security program, data security also should be addressed and implemented. Although the risk of a physical theft is present, the data security risk is ever present. The person(s) do not have to be physically present on site to steal money or to sabotage the system. This attack may be exercised from virtually anywhere in the world with an adequate internet connection. Attack Casinos are just as likely as other entities to be a victim of a breach. This was the case with the Grey Eagle Casino in Calgary when their employee data was compromised. The entry point for the attack was a computer in the Human Resources office that had been compromised. The data and information stolen consisted of confidential letters, and files. These did have dozens of employee’s names and personal information. To authenticate this, the data was posted online from approximately 12 documents affected over 12 employees. Although the entry point was a Human Resources computer, the method utilized, by the attacker, was phishing attack. The form was a phishing email with a malicious link or the user ended up logging into a malicious website. Although this compromise was embarrassing enough, this compromise could have been much worse. This incident was isolated with one system. In theory, it would have not been too far of a bridge for the attackers to branch out and infect other computers on the network or the servers. Other data could have been harvested. The casino could also have been a victim of widespread ransomware. 5 Cyber Warnings E-Magazine – June 2017 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide Remediation This was a serious attack with serious consequences. To work towards this not occurring any time soon, the casino may implement employee training sessions. These would need to be regular and applicable. If videos were to be used, these would not consist of the same bland ones shown for the last ten years. This attack made it rather apparent that the email system’s security was rather out of date or just not functioning well. The filter for phishing, spam and other malware should red flag and quarantine these. To further decrease the opportunity for this to happen again, phishing campaigns should also be completed. With these in place, the user will increase their awareness in the last a bit, which in certain instances, all that is needed. This may be accomplished with training, videos being viewed, and other methods. The business may also send emails with written training with a questionnaire at the end of the email to verify the material was read and understood. Attacks will come from many sources throughout the globe. At times, if the attackers know there is a vulnerability, the business will have a rather large bulls-eye on it and attacks would only increase. Resources Globalnews.ca. (2017, January 27). Security experts call grey eagle casino security breach wake up call. Retrieved from https://reportca.net/2017/01/security-experts-call-grey- eagle-casino-security-breach-a-wakeup-call/ Sosiak, M. (2017, January 25). Grey eagle casino employees information leaked in major privacy breach. Retrieved from http://www.newslocker.com/en-au/region/casino/grey-
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages126 Page
-
File Size-