Two recent breaches highlighted the importance of safeguarding the personal information of minors. VTech, a manufacturer known for the production of toys, experienced a data breach that exposed the personal information of 6.4 million children and 4.9 million adults.
In an unrelated incident, the data of 3.3 million users of the Hello Kitty and Sanrio Town online communities, many of whom are children, was also compromised.
Manufacturers are keen to innovate and create new products that take advantage of the Internet and the Cloud. However, any personal data collected needs to be properly secured. Attackers are constantly searching for weaknesses in systems, which can be exploited in order to gain access to personal information.
Breaches involving children’s personal data are problematic for many reasons. One issue is that fraud detection algorithms partly rely on previous activity in order to detect fraudulent transactions. Children who have yet to participate in economic activity have not built up a history of transactions from which to establish normal activity. Hence, their data may provide criminals with ideal identities to steal in order to conduct fraud.
Organizations that wish to secure personal data need to find and fix vulnerabilities in their systems. Nevertheless, organizations must remain vigilant for the presence of attackers, checking logs and network activity in order to resolve intrusions before they can cause harm.
This month, it was reported that Iranian hackers accessed the control systems of a dam in Rye, New York during 2013. The incident came to light while U.S. intelligence agencies were monitoring the computers of an Iranian hacking gang believed to be targeting U.S. companies. Although the dam is small, and the attackers did not apparently operate the controls, the possibility that unauthorized individuals can gain access to the controls of physical infrastructure is of great concern.
Many industrial control systems set up to control physical infrastructure were installed with the intention of lasting decades before replacement and before cyber security became the concern that it is today. Consequently, the security of these systems may not be adequate.
Infrastructure such as dams may not be of interest for criminal gangs since it is difficult to monetize attacks against these systems. However, the major consequences of a successful attack could be attractive to nation state threat actors or malicious individuals holding a grudge.
To date, the industrial control systems attack with the largest environmental consequences took place in Maroochy Shire, Australia in 2000. A disgruntled individual with insider knowledge was able to access control systems to pump 800,000 liters (211,338 Gallons) of raw sewage into local parks and rivers, causing widespread environmental damage.
Deploying access protection and suitable security infrastructure should be priorities; in addition, system monitoring by security staff for attacks or unexpected access is vital to ensure long-term security for control systems.
Two vulnerabilities have recently been discovered in ScreenOS, the operating system for Juniper’s NetScreen firewalls. One is due to the presence of a password hard coded into the firmware of vulnerable devices, which allows anyone with knowledge of the password to remotely login as an administrator. The other is a weakness in the random number generator used to encrypt VPN traffic with the Dual EC algorithm. This weakness potentially facilitates the decryption of VPN traffic by well-resourced attackers.
The issues were identified during a code review by Juniper, and patches have been released. The VPN vulnerability is exploitable only by attackers with nation state like capabilities. However, the hard coded password has been published and is easily exploitable by anyone.
Attackers have been observed attempting to use the disclosed password to gain access to firewalls. Organizations should apply the released patches to affected firewalls as soon as possible. Additionally, network traffic signatures are available to detect and block attempts to use the password to gain access to systems.
Reference: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755, CVE-2015-7756) | Attackers Attempt to Exploit Juniper Backdoor | Researchers confirm backdoor password in Juniper firewall code
Ransomware continues to be a strategy exploited by cyber crime gangs. In these attacks, malware placed on a victim’s device encrypts the contents of the hard disk and holds these to ransom against the victim.
The latest version of Cryptowall includes the instructions not to affect any computer using the following local languages: Russian, Kazakh, Ukrainian, Uzbek, Belarusian, Azeri, Armenian, Kyrgyz, or Georgian. This suggests that the software is designed not to infect users in the countries where those are native languages.
So that the ransom demand can be displayed to the victim, the malware also refuses to encrypt file types like .exe files that are involved with the operating system and starting the computer.
Backing up computers so that unencrypted files can be restored, coupled with the use of antivirus software, are excellent mitigations against the malware. The malware does not begin to encrypt files until it connects to the command and control server and receives the encryption key. Blocking this connection prevents the malware from encrypting files and causing havoc.
In a recent poll, 65% of companies were concerned with cyber security as part of cloud migration. 69% were afraid of unauthorized access of their data in the cloud, with 43% concerned about the hijacking of cloud data.
Only companies that are conscious of the various risks associated with cloud environments and how these differ from the on-premise environment will be able to deploy the protection necessary to mitigate these threats.
Organizations that wish to adopt the cloud securely should consider the cloud as a
series of technological layers, ranging from a physical layer of hardware and cables to an application layer of software facing the end user.
In almost all cloud systems, access protection and application security will be the responsibility of the customer. A web application firewall can protect the application layer, while network protection and system monitoring can help protect access systems.
Far too often, organizations fail to recognize that they are responsible for the security of key parts of their cloud systems, partly because they are not aware of the consequences of a lack of protection.
Reference: Cloud Security Concerns Persist
This month marks the 25th anniversary of the first website. The invention of the Internet dates to the late 1960s; however, the invention of HyperText Transfer Protocol (HTTP) and HyperText Markup Language (HTML) was required to describe how web pages could be requested and written before the first website could be created in 1990.
Websites were envisaged as a method for sharing physics research data among researchers. The open, collaborative atmosphere in which the Web was born provided the ideal environment, allowing it to grow and for websites to become primary means for disseminating information. Over time, the Web grew in size and scope to support the many applications that we take for granted today.
The academic origin of websites helps to explain many of the issues that we face today. Security was not a requirement for the first websites since they were created for the open sharing of data. The ability to authenticate cryptographically the identity of websites and their visitors was not a priority before the web became to be used for ecommerce. As the Web grew, the tools and techniques necessary to protect the transactions and data generated by websites had to be invented and retrofitted.
As we look forward to the next 20 years of website development, security is emerging to be one of the most important factors enabling the growth of the Web. Now, any website must consider security as a primary requirement in order to assure the confidentiality of any data collected by the website, the integrity of the website and its contents, as well as the availability of the website to remain online in the face of attack.
|126.96.36.199 - NEW|
|188.8.131.52 - NEW|
|184.108.40.206 - NEW|
|220.127.116.11 - NEW|
|18.104.22.168 - NEW|
|22.214.171.124 - NEW|
|126.96.36.199 - NEW|
|188.8.131.52 - NEW|
|184.108.40.206 - NEW|
|220.127.116.11 - NEW|
|18.104.22.168 - NEW|
|22.214.171.124 - NEW|
|126.96.36.199 - NEW|
|188.8.131.52 - NEW|
|184.108.40.206 - NEW|
|220.127.116.11 - NEW|
|18.104.22.168 - NEW|
|22.214.171.124 - NEW|
|126.96.36.199 - NEW|
|root/ (blank password)|
|445||Microsoft Directory Service|
|22||Secure Shell (SSH)|
|3389||Remote Desktop Protocol|
|139||NetBIOS Service Session|
|8080||HTTP Alternative (Proxy)|
|1433||Microsoft SQL Server|
|5000||Universal Plug ‘N Play (UPnP)|
|1900||Universal Plug ‘N Play (UPnP) Discovery|
|445||Microsoft Directory Service|
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.