Social Media Part I: Threats
|
|
- Marcia Cook
- 8 years ago
- Views:
Transcription
1 Social Media Part I: Threats ThreatScape Enterprise November 04, :40:32 PM CST, Intel , Version: [1]
2 Executive Summary This report details some of the basic threats that propagate via social media or that use information contained on social media sites that may impact an enterprise environment. These threats include direct and indirect data loss, exploitation, brand abuse and the targeting of company resources. Enterprises should be aware of the potential risks to their environment. Key Points Direct and indirect data loss, exploitation, brand abuse and the targeting of company resources via social media are all possible risk factors for enterprises, regardless of company use policies. Enterprises should be aware of their interests in third-party social media sites and of the threats that may impact those environments. We expect social media to continue to function as an attack enabling vector for the foreseeable future. Threat Detail Threats via Social Media The use of social media poses various threats to enterprise environments, including unintentional data loss; the compromise of social media sites; exploitation that occurs through third-party sites; or applications, brand abuse and company account takeover. Unintentional Data Loss Social media provides opportunities for the unintended disclosure of corporate information through active disclosure (i.e., content that employees may post about a company in forums they believe to be safe) or passively (i.e., through the analysis of connections between individuals or other information that is not directly provided by the user). There are three primary ways in which unintentional data loss can directly harm an enterprise: the direct exposure of company 2014 All rights reserved. isight Partners, Inc. 2
3 information by employees, the indirect exposure of information than can be mapped to aid enterprise targeting and the unintentional loss of information that can be used to bypass knowledge-based forms of two-factor authentication (2FA). Targeted Use of Information Employees can unintentionally release information about company policies and practices without realizing they are doing so and may not accurately use privacy settings to limit to whom their information is visible. The names of individuals who associate or work with one another, their role in the company, the names of key decision makers or upcoming negotiations can all be used to generate targeting data for attackers as they work through the reconnaissance phase of an attack or create a targeted spear-phishing . Indirect Social Network Mapping Employees may also passively expose corporate information through their links to others via social networks. Social network mapping can be used to map corporate environments relatively thoroughly, particularly through websites such as LinkedIn, where corporate contacts are more likely to be highlighted, and through other social networks that always enable user contacts to be visible (i.e., Google Plus, which gives users limited control over who includes them in their circles). Malicious actors can leverage a number of online tools to rapidly develop sophisticated maps of social networks as part of a reconnaissance phase when attacking a corporate entity. Tools like Maltego, which enables rapid social networking analysis, often have limited free-use versions (i.e., Maltego Community Edition or Maltego Casefile), which can be combined with open-source projects (i.e., malformity) or custom scripts to quickly map networks. isight Partners has previously discussed this tool and its use by Arabic-speaking actors for this purpose specifically (for more information, see isight Partners. "'Maltego CaseFile' Tool Could Increase Use of Social Network Mapping Among Malicious Actors," Intel Dec. 16, 2011; and "Arabic-Language Underground Actors Posting Tutorials for Maltego Social Network-Mapping Software," Intel March 23, 2012). Simply by virtue of being digitally connected, users can give attackers a great deal of information about who works for a company and in what positions-information that can give attackers with targets and fodder for creating targeted spear-phishing messages. Knowledge-Based Authentication Unintentional data loss can also enable attackers to defeat two-factor knowledge-based authentication (KBA) to gain account access. Questions meant to authenticate users in addition to an initial password often include questions that may be found through social media (e.g., mother's 2014 All rights reserved. isight Partners, Inc. 3
4 maiden name, the first street a user lived on, their pet's name, etc.), and users may not realize that their activity on social media sites may inadvertently publicize this information. Underground marketplaces exist for information on users that can answer these questions. For example, ssndob.ms (formerly ssndob.ru) is a large underground marketplace dealing in KBA answers that are sold to be paired with other credentials for identity theft purposes. The markets for this kind of information can be extremely lucrative, and innovative actors that can rapidly scrape information from public-facing profiles can quickly monetize that information (for more information on SSNDOB, see isight Partners. "Operators of PII Resale Site 'SSNDOB' Allegedly Compromised Companies with Large Databases of PII; Accessed Source Code for Adobe Products," Intel Oct. 8, 2013). Similarly, information that links personal and corporate accounts can become a target. For example, in 2009, Twitter released a public notification that a significant amount of company information had been accessed by an attacker who compromised an employee's personal account and used the information contained in that account to gain access to the employee's corporate Google Docs account, which in turn contained information on the company's finances. Poor security of personal accounts can allow attackers to gain information that may answer secondary KBA mechanisms or that may be linked to joint resources. As a result, companies should encourage employees to always use proper passwords, even on personal accounts, and should avoid using KBA as a secondary authentication measure when better alternatives are available. The Impact of Unintentional Data Exposure Overall, unintentional data loss can lead to a loss of competitive advantage and brand degradation and enable more advanced attacks against an enterprise environment (such as spear phishing) to succeed. This in turn can lead to financial loss, data loss or exposure, corporate espionage, the loss of intellectual property or valuable negotiating information, unintended access, privilege escalation or other undesirable results. Data Exfiltration and Corporate Compromise Data compromise can impact enterprises in a variety of ways depending on what type of account or user has been compromised. The following section discusses the impact of various kinds of compromises depending upon the surface (i.e., employee, corporate or otherwise) that experiences an attack. Other resources, such as corporate computers, can also be compromised or otherwise abused through social media platforms. All of these risks fall under the category of "compromise" and are discussed below All rights reserved. isight Partners, Inc. 4
5 Exfiltration of Employee Data Data compromise is always a risk with third-party entities whose security measures are not necessarily clear to the companies or individuals using them. Unfortunately, the "brand name" factor associated with many major social networking sites often substitutes for a clearly communicated and effective security strategy. Many social networking sites are not contractually obligated to protect data entrusted to them and the majority actually protect themselves from liability through end user licensing agreements. Enterprises should be aware of what rights are held by social networking sites to which they entrust any of their information and should always assume that any information released via or contained in a third-party social networking site is available to the public. isight Partners has seen extensive targeting of social media sites, with a number of successful compromises that could impact enterprises and/or their employees. For example, In February 2013, a white hat security researcher named Nir Goldshlager publicly released proof-of-concept (PoC) code detailing a vulnerability that he responsibly disclosed to Facebook earlier that year. We observed this same code being reposted amongst malicious actors. The code demonstrated a vulnerability in OAuth, an open protocol used by Facebook for secure authorization, that targets the "app_id" and "next" query strings to give an application user full access to user accounts (for more information, see isight Partners. "Security Researcher Publishes Proof-of-Concept Code that Grants Full Control of Facebook Accounts," Intel Feb. 28, 2013). The same researcher also reported on similar flaws in the Facebook Graph API that would allow an application developer to exploit token exchanges to query restricted user data, including geolocation and hashed password, which we also saw in circulation (for more information, see isight Partners. "'Mauritania Attacker' Releases Potentially Exploitable Vulnerability in Facebook's Graph API," Intel May 31, 2013; and "Actors Observed Discussing Facebook Application Spoofing Technique; Attack Method Valid but Limited," Intel June 5, 2013). Enterprises should be aware that any information contained in a social media profile is vulnerable to compromise, and that the security of the information contained in that account is entirely within the jurisdiction of the site to which it has been provided. Information gleaned from compromising social networking sites can allow for the same kinds of use as information garnered through scraping publicly available data, including furthering spear phishing and the defeat of KBA challenge questions. In addition, data compromise may reveal more secure or restricted information that employees only intended to share with their close contacts, including sensitive personally identifiable information (PII). As a result, data gleaned from account compromise is even more likely to be damaging to a corporate environment All rights reserved. isight Partners, Inc. 5
6 Corporate Accounts and Third-Party Resources Company resources can also be targeted and used to redirect users to malicious content or to defame an enterprise's image. Many web application attacks, such as cross-site scripting (XSS), SQL injection (SQLi) and conventional password bruteforcing, can lead to attackers gaining control over company accounts with a third-party service. We frequently see this phenomenon associated with Twitter, where hacktivist attackers will target a well-known figure's Twitter account to post defacements or pivot into other accounts. For example, the Syrian Electronic Army (SEA) has proven very adept at targeting a significant number of media organizations, leveraging information gleaned from social media to craft targeted spear-phishing s. In April 2013, the SEA compromised the Associated Press (AP) and The Guardian's twitter accounts, using the AP's twitter account to post a false report that the President had been injured in a bombing at the White House, a statement that resulted in an immediate 130 billion dollar drop in the Dow Jones Industrial Average (for more information, see isight Partners. "Syrian Electronic Army Continues Highly Effective Phishing Campaign Targeting Media Organizations; Compromises AP and Guardian Twitter Accounts," Intel May 1, 2013). Events like these can severely harm a targeted institution's brand image and may result in significant financial harm. Such access may also result in data loss (hacktivist actors will often delete accounts that serve as password reset sources for the accounts they target, which may result in significant data loss), privilege escalation (as hackers use one account to compromise others) and data exfiltration by actors that remove sensitive corporate or personal information from accounts they compromise. Traditional XSS and SQLi can also impact social media sites in unexpected ways. For example, we have seen actors releasing video PoCs demonstrating XSS vulnerabilities in Facebook's interaction with applications, which tends to be frequently targeted (for more information, see isight Partners. "XSS Vulnerability in Facebook's API May Enable Application Session Hijacking," Intel Oct. 9, 2013). Attacks like this can enable attackers to make an otherwise reliable application execute arbitrary code, allowing for redirection, man-in-the-middle (MiTM) attacks, defacement or data exfiltration. Other enterprise resources, such as applications created for promotional reasons that interact with or are integrated into social media sites can also be targeted for takeover or abuse. Cyber criminals can use compromised accounts or other means to drive traffic to or from a given page, skewing promotional applications that involve prizes for referrals or entries. Any such contests or promotions should be designed to handle just this potentiality All rights reserved. isight Partners, Inc. 6
7 Direct Exploitation of Corporate Machines Actors frequently abuse social media, primarily Facebook and Twitter, to distribute malicious links and redirect users to exploit kits delivering malicious payloads. Twitter is frequently targeted because of the ubiquitous use of URL-shortening services that naturally obfuscate destination URLs, a feature that makes targets less wary of potential malicious content when it is packaged in a limited-character microblog or short Facebook post. For example, in May, 2013, isight Partners reported on the use of an actor-controlled Twitter account used to target USAID workers. The account, which featured pictures of a female soccer player re-purposed to spoof a USAID aficionado, consistently posted pro-usaid messages with a shortened URL leading to a Dropbox download entitled "this is my pic.scr" that installed Poison Ivy, a remote access Trojan (RAT) and a suggestive screensaver. A second connection referrer was identified associated with the same campaign linking to a Facebook profile that was also effectively delivering Trojans while mimicking a girl interested in USAID. Fake Facebook posts used for malware dissemination (eromang.zataz.com) This campaign was linked to other U.S. Government targeting, including the U.S. Department of Labor (DoL) compromise that occurred around the same time (for more information, see isight 2014 All rights reserved. isight Partners, Inc. 7
8 Partners. "USAID Poison Ivy Campaign Through Social Media Linked to Department of Labor Compromise," Malware Report # May 22, 2013). Cyber criminals also frequently leverage social networks to expand their target pool. Actors will generally use compromised accounts to spread links that direct to an exploit kit or other malicious payload, allowing for the perpetration of click fraud, pay-per-install (PPI) activity or credential theft and then use the same compromised accounts to send further phishing messages, seeking to compromise new user accounts. Compromised accounts can also be used to access organizational data (for more information, see isight Partners. "Facebook-Themed Lures; Risk Posed to Organizational Data," Intel March 14, 2013; and "Dorifel Malware Spreading via Facebook Messenger; Threat Posed to Organizational Data," Intel April 9, 2013). We have also seen significant use of Facebook-themed lures in conventional spam messaging. For example, the UPS/DHL group was responsible for a significant number of spam messages that propagated via Facebook using parcel-themed lures in 2010 and 2011 (for more information, see isight Partners. "Facebook- and USPS-Themed Spam Campaigns Likely Executed by the Same Pay-Per-Install Service," Intel Nov. 17, 2011; and "Recent Spam Exploiting the Facebook Brand May Be Tied to a Group Known as the UPS/DHL Group," Intel Sept. 22, 2010). We continue to see similar activity now targeting the mobile marketplace that may be using similar methods (for more information, see isight Partners. "Spam Campaign Spreading Asprox and Mobile Malware Simultaneously; Represents Expansion of Known TTP into Mobile Marketplace," Intel Oct. 28, 2013). Brand Abuse Brand abuse is another threat posed by social media that is unique from the other threats discussed. Organizations should be attentive to how their brand name is used on social media sites, as actors may attempt to defame sites for financial or activist reasons. For example, in 2011 we observed actors using Google Plus to inflict reputational damage on financial institutions, notably Bank of America (for more information, see isight Partners. "Google Plus Account Attempts to Cause Reputational Damage Against Bank of America," Intel Nov. 16, 2011). We have also observed a number of financially motivated schemes that have impersonated namebrand sites or accounts to distribute malware. For example, in August, 2013, we reported on the use of the SourceForge brand to deliver various malware payloads (for more information, see isight Partners. "SourceForgery: SourceForge Brand Used to Distribute Malware Cocktails,"Intel Aug. 26, 2013). "Typosquatting," the practice of purchasing domains that look very similar to popular sites to catch inattentive typists, has also been used by malicious actors seeking to 2014 All rights reserved. isight Partners, Inc. 8
9 spoof legitimate pages or install malicious payloads (for more information, see isight Partners. "Updates on Typosquatting Campaign Identified in July; Changes to URLs, Infrastructure and Propagation Mechanisms," Intel Oct. 25, 2013). Brand abuse is much more difficult to track than an organization's legitimate accounts since the possibility of impersonating a given site is limited primarily to attackers' creativity. Organizations should be proactive about brand-image monitoring and aware that attackers seeking to defame an organization can leverage social media. Outlook and Implications We assess that social media will continue to offer companies benefits and increased security risks. Enterprises should inventory possible threats to their business in their industry and determine which threats are most likely to impact their operations. Various mitigation options are available to prevent or decrease the impact of each of the threats discussed in this report (for more information and mitigation strategies, see isight Partners. "Social Media Part II: Mitigation," Intel Nov. 4, 2013). Information Cut-Off Date: Nov. 4, 2013 Threat Intelligence Tags Intended Audience: Executive/Policymaker Language: English This message contains content and links to content which are the property of isight Partners, Inc. and are protected by all applicable laws. This cyber threat intelligence and this message are solely intended for the use of the individual and organization to which it is addressed and is subject to the subscription Terms and Conditions to which your institution is a party. Onward distribution in part or in whole of any isight proprietary materials or intellectual property is restricted per the terms of agreement. By accessing and using this and related content and links, you agree to be bound by the subscription terms of service All rights reserved. isight Partners, Inc. 9
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationSPEAR-PHISHING ATTACKS
SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationCYBERCRIME AND THE HEALTHCARE INDUSTRY
CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationUsing big data analytics to identify malicious content: a case study on spam emails
Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationHow To Hack A Corporate Network
PRODUCT WHITE OVERVIEW PAPER How Malware and Targeted Attacks Infiltrate Your Data Center 54% of breaches involve compromised servers Advanced targeted attacks are more focused and persistent than ever
More informationPublic-Facing Websites: A Loaded Gun Pointing at Customers, Partners and Employees
Public-Facing Websites: A Loaded Gun Pointing at Customers, Partners and Employees The Importance of Incorporating Digital Property Security Into Your IT Strategy Public-Facing Websites: A Loaded Gun Pointing
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationBad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationThe risks borne by one are shared by all: web site compromises
The risks borne by one are shared by all: web site compromises Having your company web site hacked or compromised can be a costly experience for your organisation. There are immediate costs in responding
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More information2015 TRUSTWAVE GLOBAL SECURITY REPORT
2015 TRUSTWAVE GLOBAL SECURITY REPORT Rahul Samant Trustwave Australia WHY DO CYBERCRIMINALS DO WHAT THEY DO? 1,425% Return on Investment (ROI) Estimated ROI for a one-month ransomware campaign Based on
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationPolicy for Social Media Usage in Catawba County
Policy for Social Media Usage in Catawba County Adopted March 1, 2010 Revised September 7,2010 1. PURPOSE The role of technology in the 21 st century workplace is constantly expanding and now includes
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationThreat Landscape. Threat Landscape. Israel 2013
Threat Landscape Threat Landscape Israel 2013 Document Control Document information Version Title Creation Date Revision Date 1.4 Threat Intelligence / Israel 2013 17 January 2014 27 January 2014 Contact
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationEMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER
EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information
More informationNorth Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources
North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources Best Practices for Social Media Usage in North Carolina December
More informationExecutive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3
GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationSix Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business
6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationMembers of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems
Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationSocial Media: What It Means to Corporate s Risk Profile
Social Media: What It Means to Corporate s Risk Profile Social media continue to grow across the globe, and Corporates in Pakistan are no exception. The corporate users are actively and increasingly using
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationFSOEP Web Banking & Fraud: Corporate Treasury Attacks
FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationIBM Security Systems Trends and IBM Framework
IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1 Agenda IBM X-Force 2013 Mid Year Trend
More informationEvaluating DMARC Effectiveness for the Financial Services Industry
Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC
More informationSecurity Intelligence. Information Sharing Strategies Using Trusted Collaboration
Security Intelligence Information Sharing Strategies Using Trusted Collaboration Executive Summary Human-source intelligence (HUMINT) has been used for thousands of years by adversaries to thwart an enemy
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationTHE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationOWASP AND APPLICATION SECURITY
SECURING THE 3DEXPERIENCE PLATFORM OWASP AND APPLICATION SECURITY Milan Bruchter/Shutterstock.com WHITE PAPER EXECUTIVE SUMMARY As part of Dassault Systèmes efforts to counter threats of hacking, particularly
More informationINDUSTRY OVERVIEW: FINANCIAL
ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationActive Threat Control
Active Threat Control Proactive Protection Against New and Emerging Threats Why You Should Read this White Paper The unprecedented rise of new threats has deemed traditional security mechanisms both ineffective
More informationWEB 2.0 AND SECURITY
WEB 2.0 AND SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationPhishing The latest tactics and potential business impacts
WHITE PAPER: Phishing White paper Phishing The latest tactics and potential business impacts Phishing The latest tactics and potential business impacts Contents Introduction... 3 Phishing knows no limits...
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationM 3 AAWG Compromised User ID Best Practices
Messaging, Malware and Mobile Anti-Abuse Working Group M 3 AAWG Compromised User ID Best Practices Table of Contents 1. Executive Summary... 1 2. Scope of this Document... 2 3. Definitions... 2 4. How
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationAdvanced Security Methods for efraud and Messaging
Advanced Security Methods for efraud and Messaging Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise,
More informationMonitoring mobile communication network, how does it work? How to prevent such thing about that?
Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?
More informationSECURING IDENTITIES IN CONSUMER PORTALS
SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationRisk Management in Global Operating Industry
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationA Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014
A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationSOCIAL MEDIA SECURITY MITIGATIONS
SOCIAL MEDIA SECURITY MITIGATIONS Version 1.1 12/3/2009 VERSION HISTORY Version # Implemented Revision Approved Approval Reason By Date By Date 1.0 05/22/2009 Initial Draft 1.1 07/30/2009 Page 2 TABLE
More informationDon t Spill Your Candy in the Lobby
Don t Spill Your Candy in the Lobby Managing the Corporate Infosec Risks From Open Source Intelligence (OSINT) For Countermeasure 2014 Scott Wright Chief Security Researcher & Security Coach Security Perspectives
More informationStaying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.
Managing business infrastructure White paper Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. September 2008 2 Contents 2 Overview 5 Understanding
More informationPreventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks
Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks Nick Merker, CISSP, CIPT Stephen Reynolds, CISSP, CIPP/US Nick Reuhs Attorneys at Ice Miller LLP IceonFire Fund Transfer
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationSecurity tips for the use of social media websites
CYBER SECURITY OPERATIONS CENTRE NOVEMBER 2012 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationAdvanced Persistent Threats
Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More information