I’m pleased to introduce myself to the Security Bistro community and hope that you welcome this video blog with open arms. The Corero Network Security team and I are excited to introduce a reoccurring monthly video post that aims to dissect and analyze the various cyber attack types that are infiltrating network environments across the globe. Read more
I came across a blog post the other day that really angers me. British IT consultant Jason Huntley wrote the detailed article LG Smart TVs logging USB filenames and viewing info to LG servers in mid November. He outlines how he discovered that his LG brand smart TV was collecting private data about his viewing habits and using it to serve customized ads. This was after Huntley supposedly turned off the option for LG to collect this information.
Huntley notes that the permission to collect his television viewing information is “on” by default and the smart TV owner has to find the option in a menu to turn it “off.” Huntley set the permission to “off” meaning no collection of data was permitted by him. Read more
By now practically every information security professional and thousands of unfortunate victims are aware of CryptoLocker, the dangerous malware that encrypts all of a victim’s files and holds them for ransom. Security experts say it’s relatively easy to remove the malware itself but the damage is done when entire file systems cannot be decrypted without the key that is held by the perpetrators. CryptoLocker has been called “evolutionary” as malware goes and it has been highly successful in its mission to get money for the attackers, so we are likely to see more attacks of this nature in the future.
OpenDNS is one company that has been able to recognize and block CryptoLocker from infecting its customers. OpenDNS operates a DNS lookup service that simply blocks traffic attempting to go to nefarious sites. The company uses predictive analytics to understand what sites to block.
Small and medium businesses (SMBs) often don’t pay enough attention to cybersecurity, but they are no less vulnerable than their enterprise counterparts are to data breaches and attacks. In fact, attackers might consider SMBs to be an easier path into larger enterprises that are the real target.
In his blog post “Are Small Business IT Environments Virtual Gateways to Larger Enterprises?” Jon Karl of the fraud prevention company iovation wrote:
While small businesses may be less lucrative for cyber crooks, they see them as a means to an end — with the prime target being larger organizations with much deeper pockets and valuable corporate assets. For online offenders, less conspicuous suppliers that partner with larger organizations hold the key to the digital doors of larger corporations. Those keys come in the form of customer information and intellectual property, which can be valuable to the right buyer in the digital black market. This data can also be used as a starting point for getting a foot in the door to commit affiliate fraud and other more sophisticated scams against big companies.
The National Computer Forensics Institute Trains U.S. Law Enforcement Professionals on Digital Evidence
In 2011, young mother Casey Anthony went on trial for the murder of her two year old daughter Caylee. You may recall some of the lurid details from the case. In June 2008, the mother reported her child as missing. Caylee’s skeletal remains were found by a utility worker in December 2008. Prosecutors felt they had enough evidence to charge Casey with capital murder. The case was carefully laid out over the course of a month, but in July 2011, the jury found Casey Anthony not guilty of the most serious charges against her: first degree murder, aggravated child abuse, and aggravated manslaughter of a child. She was, however, found guilty of providing false information to law enforcement.
Many people were stunned at the outcome of this trial, having expected that Casey Anthony would be found guilty of murder. The disappointment reached a crescendo when it was revealed in 2012 that investigators overlooked – and thus never presented – key evidence that could have completely changed the outcome of the murder trial.
Recently I needed to download some software to my PC and, being the security-conscious person that I am, I made an attempt to read the software provider’s terms and conditions (T’s & C’s). I’ll admit that I got just so far in really reading the script. Then I started skimming the words, and then skipping entire sections. I finally scrolled down and just clicked on “I agree” to get my software.
That probably wasn’t a very wise thing to do. As reported in a blog post by Brandon Cook at Skyhigh Networks, software vendors sometimes put some pretty sneaky provisions in their T’s & C’s. You may think that a vendor is out to protect you with its T’s & C’s, but the real reason that legalese exists is to protect the vendor’s interests. And sometimes those interests mean asserting the vendor’s right to use your content, your code or your likeness any way it wants to.
Official Memo Says the Lack of End-To-End Testing Poses “A High Risk” for the Federal Healthcare Exchange
In an earlier post, I speculated that the systems behind the healthcare exchange marketplace known as the Federally Facilitated Marketplace (FFM) and hosted on Healthcare.gov were not tested end-to-end and could not be trusted to ensure data security and privacy. My speculation a few days ago is now totally confirmed by the people in charge. (See What’s the Word from Healthcare.gov? “Trust Us With Your Most Sensitive Data.”)
CNN has posted a “decision memo” that is directed to Marilyn Tavenner, Administrator of the Centers for Medicare and Medicaid Services (CMS), the organization largely responsible for implementing the Affordable Care Act (ACA). The memo comes from James Kerr, Consortium Administrator for Medicare Health Plans Operations and Henry Chao, Deputy Chief Information Officer & Office of Information Services Deputy Director. In other words, these are the guys who know the true status of the FFM and Healthcare.gov.
In an article posted on BankInfoSecurity.com, Gartner Research vice president Avivah Litan confirms that some of the DDoS attacks that have rippled through the banking industry over the past year have been a cover-up for fraud. While bank cyber security personnel were distracted in combating the denial of service attacks, hackers were busy executing account takeover and other fraudulent schemes.
In the worst of the cases, the fraudsters took control of a banking institution’s payment switch during the midst of a DDoS attack. With access to this switch (which is just a piece of software), the criminals could siphon off money from multiple accounts at a time. Litan speculates that at least $10 million was stolen from multiple banks in this fashion.