This week in the J2 CSC, How Lucrative is Cybercrime? SPY V. SPY, the Infosec Marshmallow and Early bird always catches the worm!

My 18 year old son recently decided to become a scuba-diver. Not a hobbyist scuba-diver, a full-blown professional. His journey starts here at the south western tip of Africa where the wild and unforgiving Indian and Atlantic oceans meet. Not only that, his want is to be the best scuba-diver in the world - Ever! Astronaut good. He dives every day, and every week-end to the point where he complains about the aches and pains that goes with frequent diving activities. There are a few home truths about scuba-diving, you cannot do it by yourself, you need a buddy. Every day he learns and improves his techniques and goes out as crew on boats from Simons Town, Kommetjie or Hout Bay harbours. Yes, I know what you’re thinking, some of the biggest and “bitiest” sea creatures and sharks existing within this part of the ocean. This does not deter him, he is fearless in his quest, and relentless in perusing his passion.

This made me reflect on my peers and the cybersecurity industry; can we say the same for our tenacity and passion? Do we hold ourselves up to the same high standards. To achieve high standards for ourselves or as part of a team, we must proactively communicate realistic beliefs within ourselves about how hard things are and are going to be – something that I believe each of us face each and every day. Some of us more successfully than others.

Learn from my son.
With this in mind, enjoy our roundup of stories for this week…

How Lucrative is Cybercrime, anyway?

The volume boggles the mind, I found this intriguing perspective. If cybercrime was a country, it would have the 13th highest GDP in the world.
Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.

Cybercrime Economy Generates $1.5 Trillion a Year |  Kelly Sheridan


SPY V. SPY

Spy vs. Spy is a wordless meme before memes were memes Published in Mad magazine. As a kid, I was always fascinated by their antics. Basically the cartoon features two agents involved in stereotypical and comical espionage activities. One is dressed in white, and the other in black, but they are otherwise identical, and are particularly known for their long, beaklike heads. The pair are constantly at war with each other, using a variety of booby-traps to inflict harm on another. The spies usually alternate between victory and defeat with each new strip.
This brings me to an NSA leak that revealed the agency's list of enemy hackers.

Spy v. Spy: an NSA leak reveals the agency's list of enemy hackers | Andy Greenberg


The InfoSec Marshmallow

The marshmallow experiment, is based on a delayed gratification test conducted back in the 1970s at Stanford University.  It was designed to see if children who exercised delayed gratification would end up (many years later) performing better on aptitude tests as well as other positive life outcomes. I wonder how some of us in the InfoSec community would have fared if we were subjects of that experiment.  Given the various InfoSec personality types, here are some of Bob’s comical thoughts about how we would potentially measure up.

The InfoSec Marshmallow | Bob Covello


Cyber protection for SMEs

According to the South African Banking Risk Information Centre (SABRIC), SA ranks third highest in the world for cyber-attacks. Whilst there do not appear to be stats on the local SME sector, internationally a report by Deloitte reveals that in Holland, cybercrime costs the Dutch SME sector 1 billion Euro each year. At today’s exchange rate, that equates to R16704 250 000,00. The figure for the Dutch economy as a whole is put at around €10 billion, or 1,3% of that country’s GDP.

Cyber protection for SMEs | Technews
SA Ranks World’s Third Highest Cybercrime Victims | Business Media MAGS
Cybercrime costs Dutch SME sector €1 billion each year | Deloitte NL


Worm Resurfaces

(Guest Post by my friend and colleague Jarred Reid-Robertson)
Over the past week, I have seen an upsurge in alerts across the customer base; whereby a worm has been seen surfacing introduced by removable media devices.

Let me give a short boring description of what a computer worm is “A computer worm is a form of malware computer program that replicates itself in order to spread to other computers with the ability to change itself to avoid being detected by signature based anti-viruses”.

This worm is doing the rounds and seems to exploit the windows autorun.ini feature which automatically execute the worm. It spreads to the computer which in turn could infect files such as “google chrome.ink” and if left unchecked your entire environment.

I have two pieces of advice:

The First One, check your antivirus solutions and confirm with your managed service providers and teams that they are aware and ensuring the latest antivirus detection rules and latest patching levels.  As my team and I continuously monitor these types of threats, please contact me for advice and support. 

The Second piece of advice I can give is to review the autorun feature within your IT environments and enforce centralised policy. I always, as a rule, disable them within managed IT environments and as a policy we block this feature.

Does your Anti-Virus still only do signature-based Detection? | Rakesh Sharma
Worm:Win32/Autorun.gen!inf | Microsoft

 

  • Hits: 234

J2SECOPS WEEKLY NEWS: This week in the J2 CSC, Human error, data breach investigations reports and poor hygiene; Oh and Ransomware has doubled year over year again!

In this week’s news roundup I am always intrigued and mildly bemused by the  annual Verizon reports. Information security, Data breaches, firmly on the board agenda, is the problem everyone has to deal with and not the only problem that IT and security professionals have to deal with anymore. Ongoing impacts are continuously felt across the whole business and its eco systems—from Business Continuity and Disaster Recovery Planning to legal teams, tied up in perpetual firefighting mode in term of advisory, seeking external opinion in terms of litigation, to your coalface employees, who can’t execute on the day to day operational activities they need to do their jobs. Everyone is an integral part in managing the risks and issues, people make mistakes and are not always malicious in intent. Visibility is key to understanding the problem, and then, and only then, can decisive action can be taken!

Verizon 2018 Data Breach Investigations Report

Verizon released the 11th version of their Data Breach Investigations Report (DBIR) for 2018 on the 10th of April.
The headline for this year’s report is ransomware, present in 39% of malware related cases.
Beyond ransomware, other highlights from the report include:

  • 53,308 reported security incidents, 2,216 data breaches, 65 countries, 67 contributors
  • 76% of reported breaches were financially motivated
  • 72% of reported attacks were perpetrated by outsiders
  • 50% of reported attacks were perpetrated by organized crime groups
  • Pretexting incidents nearly tripled from last year
  • Companies are 3x more likely to be breached by social attacks than vulnerabilities

2018 Data Breach Investigations Report | Verizon


Unpatched Vulnerabilities Are The Source Of Most Data Breaches

It is all and well that we are all in the same boat in terms of keeping the lights on within all our own respective enterprises; by 2018 I had an expectation, as a starry eyed kid, that we would be commuting for home to work in flying cars and have automatons as personal assistants enhancing every aspect of our daily lives. The reality for most of the aforementioned enterprises, is that we cannot get the basics right, like patch management, let alone focus on innovation.

Here is an insightful report that the Ponemon Institute and ServiceNow put together detailing how much of a problem we are all facing.
Some of the insights include the concept of “patching paradox”, whereby the idea of hiring more people will improve security hygiene. Though in reality it doesn’t. 64% of companies are planning to hire more dedicated people to handle
vulnerabilities, accounting for a 50% increase in headcount – this alone will not improve their security posture if they don’t fix broken patching processes. The study shows that firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. As stated previously due to the manual patching process 61% admit that this manual approach to patching puts them at a disadvantage, and 55% note that they spend more time dealing with internal processes than managing the vulnerabilities. All agree that more than 12 days are lost coordinating between teams to get patches applied. Some key Insights include:

  • 73% have no common view of assets and applications across security and IT
  • 57% admit that patches slip through the cracks due to emails and spreadsheets used to manage the process
  • 62% have no easy way to track whether vulnerabilities of being patched in a timely manner
  • 65% say they find it difficult to prioritize what needs to be patched first

Today’s state of vulnerability response: patch work demands attention | Ponemon Institute and ServiceNow


Brian Krebs angers userbase of pr0gramm.com for a good cause


Your Old Bitcoin addresses can be stolen so move now!

All Bitcoin addresses generated using the BitAddress client-side wallet pre-2013 and Bitcoinjs pre-2014 are affected.
Bitcoin users who generated Bitcoin addresses using affected tools are advised to generate new Bitcoin addresses with a new tool and move funds from old accounts to the new ones.

Old JavaScript Crypto Flaw Puts Bitcoin Funds at Risk | Bleeping Computer


How does Facebook make money anyway?

Revenues from Facebook’s two largest markets – North America and Europe - are expected to be affected as a result of the fallout from the Cambridge Analytica scandal. Both are extremely lucrative markets for Facebook. In 2017, Facebook earned an average of $84.41 from each North American user and $27.26 from each user in Europe. In contrast, each user in Asia was worth $7.61. Good news for Facebook investors is that the company is making significant inroads into new markets, such as Africa and Asia. While it does not contribute much to overall revenue, WhatsApp has become a runaway hit with users in Asia and South America. Other services, such as Instagram, are also making inroads into new markets.

How Does Facebook Make Money? | Rakesh Sharma

  • Hits: 466

J2SECOPS WEEKLY NEWS: This week in the J2 CSC, Cyber being a domain of conflict, Cold war “And they’re both correct.” as we explore unique perspectives.

During one of my binge-induced Netflix comas I discovered an “interesting” show: “The Same Sky” which basically plays out in East Berlin and West Berlin during the Cold War, whereby the premise of the story being the Soviets sending over an undercover officer who does nothing but seduce, steal information and manipulate information against the west. This made me think about how everyone knew this was happening and played many political games, almost tongue in cheek, at the cost of many lives; fast forward to today, the same is happening virtually everywhere with the same disregard, nay, contempt of peoples ignorance of todays version of the “Digital Berlin Wall”.

With this in mind, enjoy our roundup of stories for this week…


Cyber, is a domain of conflict

@thegrugq recently posted a tweet highlighting “A very succinct version of my keynote on cyber conflict”, I found this to be a very engaging perspective.

Cyber, the short version | the grugq, Medium


Nothing is at it seems

Netflix seems to be one of those companies that always seems to find its way into the technology news for the right reasons. They have been running, with some level of success, their private vulnerability disclosure program since 2013, resulting in 190+ issues being discovered and addressed. Recently the public at large have been invited to participate through the Bugcrowd bug bounty program.

Launching the Netflix Public Bug Bounty Program | Netflix, Medium
Netflix bug bounty program | Bugcrowd


Security scammers

There are many different types of scammers that operate on the internet. Security scammers approach website owners with claims that their website is infected or vulnerable and offer to fix the issues for a fee. A Scammer Tried to Scare Troy Hunt into Buying Their Security Services - Here's How It Went Down

A Scammer Tried to Scare Me into Buying Their Security Services - Here's How It Went Down | Troy Hunt


YARA!

Speak to any security professional, that does any searching, analysing, and alerting.  It underpins almost any keyword that can be uses to describe the actions taken during security work. Outlining what it can do at a high level is simple to express, but it’s unreasonable to expect that you are as familiar with YARA as I am.  If you are up for a little exploration, dive into the details for a minute or two.

YARA Rules for Finding and Analysing in InfoSec | Monty St John


Spotlight: John McLoughlin, Managing Director, J2 Software

Get to know our commander in chief, whom has made much personal sacrifice to change the perception of our industry over the past 15 years.
Having worked with many Titans of industry, I am yet to meet anyone more knowledgeable and experienced with a passion or dedication to the ideology of “Doing things differently” and “Getting it Done!” -  Meet John McLoughlin…

Get to Know: John McLoughlin, Managing Director, J2 Software | Paul Rogers, Intelligent CIO

 

  • Hits: 274

J2SECOPS WEEKLY NEWS

 J2SECOPS WEEKLY NEWS:

This week in the J2 CSC, Most things are grey as gamers, at least according to some, will save cybersecurity

The fast pace of our daily goings on; does not afford us the time to think and read as much as we should. The past couple of weeks have afforded me the slightly higher than normal opportunity to think, and catch up on all outstanding reading, and think and read I did… all while performing the usual monthly cybersecurity threat analysis for our client base…
A few stories have been swimming around my mind and I thought I would take you on the journey.

Let’s get to it then!

Blacklist, Greylists and Whitelists

Blacklists in general terms are items on a list that denies access. The opposite is a whitelist, which means only items on the list are let through whatever gate is being used.
A Greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.
Looking for a free blacklist of domains? The Anti-Social engineer has a great start.

The Anti-Social Engineer Blacklist | The Anti-Social Engineer


Gamers, the Saviours of Cybersecurity

As an avid enthusiast of the RTS genre I enjoyed the insights that Grant Bourzikas, McAfee's chief information security officer (CISO), swore by and how gamification as one of the key ways to invest in and retain security talent. His own companys adoption of building out its security operations centre in the wake of its spin-off from Intel, and new data from a study by Vanson Bourne on behalf of McAfee found that nearly three-quaters of organizations believe hiring experienced video gamers is a solid option for filling cybersecurity skills and jobs in their organizations.

How gamers could save the Cybersecurity skills gap | Dark Reading


“AI AI, Captain!”

Microsoft in its quest for staying ahead of the curve, is establishing training courses available to the public for anyone wanting to learn how to AI.

Microsoft’s AI training efforts range from internal offerings tailored to employees on specific teams and product groups, such as software engineers at LinkedIn, to external ones designed for a variety of expertise levels.

The Microsoft AI Residency Program and Microsoft NERD Artificial Intelligence Program recruit people to learn AI by working alongside researchers, designers and engineers who are developing AI capabilities and serve as a pipeline of talent into the company.

Aiming to fill skills gap in AI, Microsoft makes training courses available to the public | Microsoft


Ransomware impacting incident response

The report, which is based on the analysis of data from hundreds of millions of protected endpoints and servers across nearly 100 countries, also reveals that there was a 424% increase in breaches related to misconfigured cloud infrastructure, largely due to human error.

Ransomware puts pressure on incident response | Computer Weekly


 

  • Hits: 158

J2SECOPS WEEKLY NEWS: This week in the J2 CSC, we bring you everything from IP Theft to the Cloud that rains data…

Intellectual Property Stolen! Again…

Too often I hear of intellectual property being stolen by competitors. A far less common practice is the theft of IP from an IT Security vendor – becoming more and more common...

I found this developing story of interest and thought you might enjoy it. CyberByte was using Malwarebytes’ IP to augment its AV engine. So Malwarebytes laid a trap to prove its theory.

Key take-away: how “honey” -tokens, -words and -pots can be used to catch someone with their hand in the proverbial cookie jar.

CyberByte steals Malwarebytes’ intellectual property | Malwarebytes


Why I (still) don’t trust Self-Driving Cars

March 18th, a dark day for Humanity and AI; when an Uber self-driving car struck and killed a woman pedestrian in Tempe, Arizona.
The accident took place while the car was in autonomous (self-driving) mode, marking this the first death caused by a self-driving vehicle in the world.

Uber Self-Driving Car Strikes and Kills Arizona Woman | Bleeping Computer


(In)security (Mis)conceptions

I’ve been in the industry for a while now, and although sloppy security reporting is far too common, with common sense far too uncommon these days, nothing riles me more than idiots with opinions.

I discovered this little gem by one of my favourite bloggers, Javvad Malik on CSO Online.

Information Security Misconceptions | CSO Online


♪ I Can See Clearly now that the Rain is Gone ♫ – with my data…

The Cloud, it brings convenience, rain and plenty of storms; in this case it was used to store unprotected database files containing sensitive customer data online in the form of a vulnerable Amazon S3 bucket, which in 2018 is astonishing, and it is completely inconceivable that a company would store passwords in plain text instead of encrypting them…

Open AWS S3 bucket managed by Walmart jewellery partner exposes info on 1.3M customers | SC Magazine


Protecting Diddums aka DNS

When DNS is brought up in polite conversation, or in the hushed catacombs of the bowels of the IT dungeons, words like: “address protocol”, “packet priority”, “DNSSEC” and “Net Neutrality” are used in hushed tones. So, why do we care about “Diddums” - DNS?
DNS basically runs the Internet. Imagine, your mobile address book only with numbers in it without any names, strings of numbers are just simply not how humans identify information. They help, but in reality, words linked to numbers are what separate us from our impending “AI” masters.


Here is the definitive DNS Checklist to assist in slowing the AI advance

  • Set up and maintain your own internal DNS.
  • Block external DNS requests on port 53 (or any port).
  • Created exceptions to DNS requests only to port 53, with RNDC keys. Revolving them often.
  • Set low TTL value; like 30 minutes. A poisoned cache will only impact you for the duration of time you have selected.
  • Protect the “Hosts File” wherever you use it and make sure its disabled if not used.
  • SMTP traffic must be protected, don’t ever use defaults. Create and properly maintain your PTR zones, especially the local zones.
  • Use STUB zones for commonly accessed domains.
  • Use DNS forwarders ONLY to verified DNS servers. Learn how to use “dig” and use it often.
  • Block DHCP on the firewall, obviously other than yours - Prevent "rogue" proxies with DHCP and DNS on your network.
  • Skill yourself up on DNS, this is still one of the weakest links I a vast IT ecosystem and still one of the least understood.
  • Protect your DNS from DDOS attacks by subscribing to an online service that also comes with built-in load-balancing, automatic failover, rate-limiting, and filtering.
  • Hits: 217
Copyright © 2018 J2 Software