Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

10 Lessons Learned from Breach Response Experts

Posted on by

SAN FRANCISCO—As hacking collectives target both the public and private sectors with a wide range of motivations, one thing is clear: Destructive attacks where hackers destroy critical business systems, leak confidential data and hold companies for ransom are on the rise. In a presentation here at the RSA Conference, the nation’s largest cybersecurity summit, Charles Carmakal and Robert Wallace, vice president and director, respectively, of cybersecurity firm Mandiant, shared an overview of some of the biggest findings about disruptive attacks from the company’s breach response, threat research and forensic investigations work.

In their Thursday morning session, the duo profiled specific hacking groups and the varied motivations and tactics that characterize their attacks. Putting isolated incidents into this broader context, they said, helps companies not only understand the true nature of the risk hackers can pose even in breaches that do not immediately appear to target private industry.

online pharmacy tobradex with best prices today in the USA

One group, for example, has waged “unsophisticated but disruptive and destructive” against a number of mining and casino enterprises in Canada. The hackers broke into enterprise systems, stole several gigabytes of sensitive data and published it online, created scheduled tasks to delete system data, issued ransom requests, and even emailed executives and board members directly to taunt them about the data exposed and increase the pressure to pay. Further increasing that pressure, the group is known to contact journalists in an attempt to publicize the exposed data. Victims have endured outages for days while trying to recover data from backups, and some have paid the ransoms, typically requested in the range of $50,000 to $500,000 in bitcoin.

Mandiant refers to this group as Fake Tesla Team because the hackers have tried to seem a more powerful and compelling threat by claiming they are members of Tesla Team, an already existing group that launches DDoS attacks. As that group is thought to be Serbian, they have little reason to target Canadian entities, and indeed, the bits of Russian used by Fake Tesla Team appears to be simply translated via Google.

In all of the group’s attacks that Mandiant has investigated, the hackers had indeed gained system access and published data, but they exaggerated their skills and some of the details of access. Identifying such a group as your attacker greatly informs the breach response process based on the M.O. and case history, Mandiant said. For example, they know the threat is real, but have seen some companies find success in using partial payments to delay data release, and they have found no evidence that, after getting paid, the collective does anything else with the access they’ve gained.

Beyond considerations of specific hacking groups or their motivations, Carmakal and Wallace shared the top 10 lessons for addressing a breach Mandiant has distilled from countless investigations:

  1. Confirm there is actually a breach: make sure there has been a real intrusion, not just an empty threat from someone hoping to turn fear into a quick payday.
  2. Remember you face a human adversary—the attacker attempting to extort money or make other demands is a real person with emotional responses, which is critical to keep in mind when determining how quickly to respond, what tone to take, and other nuances in communication. Working with law enforcement can help inform these decisions.
  3. Timing is critical: The biggest extortion events occur at night and on weekends, so ensure you have procedures in place to respond quickly and effectively at any time.
  4. Stay focused: In the flurry of questions and decisions to make, focus first and foremost on immediate containment of the attack.
  5. Carefully evaluate whether to engage the attacker.
    online pharmacy zydena with best prices today in the USA

  6. Engage experts before a breach, including forensic, legal and public relations resources.
    buy vardenafil online https://galenapharm.com/pharmacy/vardenafil.html no prescription
  7. Consider all options when asked to pay a ransom or extortion demand: Can you contain the problem, and can you do so sooner than the attack can escalate?
  8. Ensure strong segmentation and control over system backups: It is critical, well before a breach, to understand where your backup infrastructure is and how it is segmented from the corporate network. In the team’s breach investigations, they have found very few networks have truly been segmented, meriting serious consideration from any company right away.
  9. After the incident has been handled, immediately focus on broader security improvements to fortify against future attacks from these attackers or others.
  10. They may come back: If you kick them out of your system—or even pay them—they may move on, perhaps take a vacation with that ransom money, but they gained access to your system, so remember they also may come back.

Delta Outage Spotlights Technology Risks

Posted on by


Delta’s computer outage on Jan. 29 was over by midnight, but its effects have extended into the week, not only resulting in 170 cancelations on Sunday, but grounding more than 100 flights on Monday and causing many delays. Adding to the frustration was the fact that the company’s mobile apps were also not working.

This latest incident follows another computer outage for Delta in mid-August, when flights were canceled for two days, leaving thousands of passengers stranded.

Such outages can be costly. A Southwest Airlines outage in July caused more than 2,000 flights to be canceled and cost about $54 million. The August Delta outage, which involved a fire, resulted in cancellation of 2,300 flights over three days and cost the airline $150 million in lost revenue, according to USA Today.

Jim Corridore, an analyst at CFRA Research, told USA Today on Monday that Delta’s computer outage puts a “spotlight on risks of airline technology infrastructure, much of which is old and patched with differing systems.” He said that airlines build new programming over old software, especially after a merger, when computer languages may differ. Programmers’ assumptions about how software will work are sometimes wrong.

While large companies such as Delta would have fewer outages with more testing of their systems, this is an expensive proposition.

online pharmacy suhagra with best prices today in the USA

According to USA Today:

Gil Hecht, CEO of Continuity Software, which tests computer systems for large banks and insurers, compared the construction of complex computer systems to a layer cake, with web servers, database software, storage and possibly interaction with other systems such as government computers that check whether passengers are allowed to fly.

“Testing should be done by every single layer and every single business service that participates in the critical infrastructure, and some of them are simply not under the airline’s control,” Hecht said.
buy silvitra online https://royalcitydrugs.com/silvitra.html no prescription

He compared one way of testing to running a car into a tree to see whether the airbags work, which isn’t possible while keeping a computer system working. Instead, testing for a large financial institution or airline must confirm that each layer is configured to work well with all the others, he said.

online pharmacy abilify with best prices today in the USA

“In order to do that, critical infrastructure operators must do much more testing, whether it’s manual by humans or by technology or by any means possible,” Hecht said. “Yes, it costs money. Quite a lot. But if more money and more effort will be driven into testing, we will have far less down time and data-loss events.”

Organizational Complexity Poses Critical Cyberrisk

Posted on by

According to a recent survey on IT security infrastructure, 83% of businesses around the world believe they are most at risk because of organizational complexity.

“Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in their preferred manner,” noted the Ponemon Institute’s “The Need for a New IT Security Architecture: Global Study,” sponsored by Citrix. “It is no surprise that shadow IT is on the rise because employees want easier ways to get their work done.”

Shadow IT, the information technology systems built and used by an organization without explicit approval, has largely cropped up because employees feel official tools are too complex or otherwise difficult and inefficient. As a result, company data is being put on personal devices and official business is conducted on platforms that enterprise security teams can not monitor or secure.

online pharmacy cipro with best prices today in the USA

Nearly three-quarters of respondents said their business needs a new IT security infrastructure to reduce risk.

online pharmacy mobic with best prices today in the USA

With increasing amounts of sensitive data stored, new technology like the internet of things adopted, and new cyberrisk threats constantly emerging, addressing individual security challenges may be impossible, Citrix Chief Security Officer Stan Black told eWEEK. Rather, companies should focus on larger issues like controlling complexity, developing and maintaining strong incident response plans, and rigorously vetting vendors with access to systems or responsibility for storing data.

online pharmacy ventolin with best prices today in the USA

Check out more of the report’s findings in the infographic below:

organizational complexity cyberrisk

Fraud Incidents Rise in 2016, Kroll Finds

Posted on by

Reports of fraud have risen in the past year. In fact, incidences of every type of fraud have reached double-digit levels, according to the Kroll Global Fraud & Risk Report 2016/2017. Overall, 82% of executives reported falling victim to at least one instance of fraud in the past year, up from 75% in 2015.

Theft of physical assets remained the most prevalent type of fraud in the last year, reported by 29% of respondents, up 7 percentage points from 22% of respondents in the last survey. Kroll reported that vendor, supplier, or procurement fraud (26%) and information theft, loss, or attack (24%) were the next two most common types of fraud cited, each up 9 percentage points year-over-year.

Kroll found that most threats come from within an organization, with current and ex-employees being the most frequently cited perpetrators of fraud, cyber, and security incidents over the past 12 months. External parties were also identified as active perpetrators.

In the United States:
Kroll-fraud

• On the complexity of fraud risks, the majority (60%) of executives who reported suffering fraud incidents identified some combination of perpetrators, including current employees, ex-employees, and third parties, with almost half (49%) involving all three groups.

• Almost four in 10 respondents (39%) who were victims experienced fraud perpetrated by a junior employee, 30% by senior or middle management, 27% by ex-employees, and 27% by freelance/temporary employees. Agents and/or intermediaries were also cited by 27% of respondents as involved in carrying out fraud.

• Insiders were cited as the main perpetrators of fraud, and also identified as the most likely to discover it. Almost half (44%) of respondents said that recent fraud had been discovered through a whistleblowing system and 39% said it had been detected through an internal audit.

Among anti-fraud measures, the widest adoption—reported by 82% of executives surveyed—focused on information, such as IT security and technical countermeasures. The converse of the finding is concerning: nearly one out of five respondents (18%) have not adopted such protections.
kroll fraud risk

According to the report:

80% of respondents in the U.S. experienced fraud in the past 12 months, an increase of 5 percentage points on the previous year. This figure is 2 percentage points below the reported global average of 82%. Intellectual property (IP) theft, piracy, or counterfeiting is a clear threat to companies in the U.S., which was reported by just over a quarter (27%) of U.S. participants, almost twice the reported global average. The U.S. was the only country where IP theft was the most common type of fraud reported. Information theft, loss, or attack was the second most mentioned type of fraud impacting companies in the U.S., followed by conflicts of interest in the management team. The main perpetrators of fraud were reported to be insiders. Where fraud had been discovered, 36% of executives in the U.S. reported that junior employees were responsible, and 32% named senior or middle management. Respondents in the U.S. were most likely to have adopted IT security measures, followed by financial controls and asset security as their top three ways to mitigate fraud risk. In the U.S., the most common way fraud was detected was not through a whistle-blower, as it was for most of the other countries surveyed, but through an internal audit. Nearly half (49%) of U.S. participants said it was the most common detection mechanism.