Brian Krebs recently wrote an article titled “$1.5 million Cyberheist Ruins Escrow Firm” who details a cyberheist that put a California escrow firm out of business. This article details the activities of an unknown group of individuals who diverted funds away from a legitimate organization by way of a computer trojan installed on an an account computer.
Businesses: I’d recommend picking up the phone and calling the bank you use. Ask questions, have documented conversations regarding security precautions. If they do not offer the necessary protections, expose it and make a decision. Commercial accounts are not FDIC insured and from what I know only a single digit number of banks are covering deposits lost in this manner.
The bottom line is Banks need to start protecting the money or they might find it will be going out to entities in foreign countries much faster than it will be coming in.
An interesting read from the SANS Reading Room can be found here “Protecting Small Business Banking” and covers a broad number of Banking Fraud related topics with a deep dive into the mechanisms used to exploit banking customers. This is a good read and I would high recommend reviewing the paper.
A number of topics are covered including:
Risks to the Small Business
Lack of FDIC Insurance
Banking Site Security
Attack Vectors (Zero Day Vulnerabilities, Trojans)
Securing systems using Third Party Tools (Trusteer Rapport)
The future of fraud trends is discussed with regard to digital transactions and authentication measures used by banks.
Online financial transactions are increasing exponentially; online attacks that attempt to capture credentials, intercept information, and divert f unds from small businesses are as well. Small business owners are being increasi ngly targeted for financial base d online crimes. Even worse, they are typically ill prepared and unable to take appropriate actions against the perpetrators of these crimes to recoup their losses. The current legal environment in the United States leaves these small businesses and thei r owners without the ability to obtain reimbursement from banking institutions resulting from these losses as well as unable to take the necessary legal actions against their attackers. It is therefore imperative to investigate ways to provide protection from these risks, and balance the needs of the business to continue to engage in online financial transactions.
(Protecting Small Business Banking – http://www.sans.org/reading-room/whitepapers/ecommerce/protecting-small-business-banking-34277 6/20/2013)
- Sound Business Practices for Financial Institutions to Mitigate Corporate Account Takeover
- Sound Business Practices for Businesses to Mitigate Corporate Account Takeover
- Sound Business Practices for Third-Party Service Providers to Mitigate Corporate Account Takeover
- Corporate Account Takeover: What You Need to Know, April 25, 2011
- Gaining Organizational Empowerment Over Corporate Account Takeover (webinar handout) March 3, 2011
- NACHA Board of Directors Policy Statement on the Importance of Sound Business Practices to Mitigate Corporate Account Takeover (PDF), October 21, 2010
- Fraud Advisory for Businesses: Corporate Account Takeover (PDF) (US Secret Service, FBI, IC3 and FS-ISAC) (PDF), October 2010
- Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams (PDF), October 2010
- Alternatives for Managing Commercial Payments Risk (FDIC Symposium Presentation) (PDF), May 11, 2010
- Better Business Bureau’s Data Security Made Simpler Program
- Corporate Account Takeover: How to Protect Your Institution, Small Business, and Municipal Customers (teleseminar handouts), March 23, 2010
U.S DISA overhaul plans to eliminate Firewalls
In a comment to the armed forced media, the U.S Defense Information Systems Ageny (DISA) is planning an overhaul that could mean the end for conventional firewalls.
US Airforce Lt General Ronnie Hawkins Jr. was quoted as saying that that the US military’s IT service wanted to move from a mesh of firewalls towards a design based on protecting data instead of packets.
In the past, we’ve all been about protecting our networks—firewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. We’ve got to remove those and go to protecting the data. You can move that data in a way that it doesn’t matter if you’re on a classified or unclassified network, depending on someone’s credentials and their need to know,” he declared.
“We want to be able to normalize our networks to where you can have the collaboration and information moving over our networks and you don’t have to have the different firewalls, the separate networks, to get those things done,” he added. Additionally, the department can realize significant savings in instrumentation—for example, by moving from “hard phones” to “soft phones,” he said.
“Yes, firewalls are important. They help solve network security problems by creating barriers that prevent unwanted network access. But they do not control data access,” he said.
That’s why I find DISA’s new approach so fascinating. It’s based on the realisation that the threats have changed. Hackers want data like IPs, PINs, credentials, proprietary information, and more. And it’s very easy for them to steal data due to poor security controls or outright mismanagement.
Shteiman said he believed that DISA would most likely move to role-based data access, and content control, auditing and monitoring.
We are building up resources on the latest version of Exchange released by Microsoft which is 2013. At this time we are forming an article with basic visual diagrams and troubleshooting information. If you are running Exchange 2010, you will find other articles on this site for that platform.
Exchange Network Port Reference
Here are a number of links to literature that is key for any current or upcoming infosec professionals.
These titles are popular for job roles such as Security Engineer, Security Analyst, Vulnerability Engineer, Network Security Engineer and a variety of other roles.
A Note on the Confinement Problem, Butler Lampson
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Mark Dowd
Ceremony Design and Analysis, Carl Ellison
Computer Security in the Real World, Butler Lampson
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Cliff Stoll
End-to-End Arguments in System Design, J. H. Satlzer, D. P. Reed, D. D. Clark
Expert C Programming: Deep C Secrets, Peter van der Linden
Hacking: The Art of Exploitation, Jon Erickson
History and Timeline of UNIX, collaboration
The Jargon File, Collaboration
Practical Cryptography, Neil Ferguson, Bruce Schneier
The Protection of Information in Computer Systems, Jerome Saltzer, Michael Schroeder
Reflections on Trusting Trust, Ken Thompson
Security Engineering, Ross Anderson
Smashing the Stack for Fun and Profit, Aleph One
With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988, Mark Eichin and Jon Rochlis
(Zip file version, portable for the on-the-go professional)
Additionally, there are some more large, somewhat textbook-style works that those new to the space should consider adding to their personal bookshelves:
The Art of Computer Virus Research and Defense, Peter Szor
The IDA Pro Book, Chris Eagle
Practical Malware Analysis, Michael Sikorski, Andrew Honig
Reversing: Secrets of Reverse Engineering, Eldad Eilam
TCP/IP Illustrated Volume 1, W. Richard Stevens (note: 1st edition, not the 2nd)
Windows Internals, 6th Edition, Russinovich et al
UNIX Power Tools, Tim O’Reilly et al
(Courtesy of VRT)
Dexter Malware (POS Systems Attack)
In an article titled “Dexter – Draining blood out of Point of Sales” an Israel-based security firm Seculert has identified Malware programmed to attack POS systems. The targeting of POS systems appears to help attackers extract card data from aggregation points versus targeting end-user machines or physically installing a skimmer.
Dexter has reportedly targeted systems in 40 countries over the past 2-3 months.
According to Spiderlabs, a team of ethical hackers working for security-software analysis firm Trustwave, Dexter has an unusual nature. Spiderlabs blogger Josh Grunzweig noted: “I can’t remember the last time I saw a piece of malware that targeted Point of Sale systems that had a nice C&C structure to it.”
Bank Fraud had evolved to a billion dollar industry world wide and Dexter is just another example of how attackers are choosing the targets with the most lucrative cyber bounty.