Eradicate the Bots in the Belfry

At the upcoming Information Security Summit, I will be presenting on the topic, “Eradicate the Bots in the Belfry.”┬á Bots are used for a variety of malicious activities including sending spam and conducing DDoS (Distributed Denial of Service) attacks such as those recently in the news.┬á Ymy network is probably hosting bots right now.┬á A recent study showed that 40 percent of computers have one or more pieces of malware on them and this malware could be attacking other companies or disclosing important company or customer data.

So how can you immunize your business against this threat?  First, obtain a baseline of the activity on business computers so that unusual activity can be identified.  Set up monitoring and metrics to alert you to unusual activity and create an incident response plan to handle infections and data breaches.  Attend the summit for more information on how to protect business and others.

Small business survey reveals significant security gaps

A recent survey of small business owners showed that while 77 percent believe that security is important for their companyÔÇÖs brand, many secure practices are not implemented in these businesses.┬á Here are some details from the study.┬á Only 59 percent of small businesses surveyed have a contingency plan in place for protecting against data breaches.┬á 23 percent have established social media policies, 14 percent have a written cyber-security plan and 38 percent have a privacy policy outlining how customer or employee information should be handled.

DataBreachSMB

More troubling is the fact that small businesses are satisfied with their security and they are not concerned about the threat of a data breach.  86 percent of those surveyed said they are satisfied with the security they provide.   47 percent believe that if a breach were to occur, it would be an isolated incident with no impact on their business and 66 percent are not concerned with the threat of data theft from a hacker, employee or contractor.

Despite this belief, the Ponemon institute found that 78 percent of organizations had at least one data breach in the last two years.  According to Business News, these breaches cost on average $200,000, a sum that most small businesses would not consider insignificant.  This cost includes investigation, notification, remediation and lost revenue and reputation.

This month is cyber-security awareness month so please consider the threat of a data breach and the controls you can put in place to reduce this threat.

Security questions from Senator John Rockefeller IV

Last month, Senator John D. Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science and Transportation, sent the following questions to the CEO’s of Fortune 500 companies:

  1. Has your company adopted a set of best practices to address its own cybersecurity needs?
  2. If so, how were these cybersecurity practices developed?
  3. Were they developed by the company solely, or were they developed outside the company? If developed outside the company, please list the institution, association, or entity that developed them.
  4. When were these cybersecurity practices developed? How frequently have they been updated? Does your companyÔÇÖs board of directors or audit committee keep abreast of developments regarding the development and implementation of these practices?
  5. Has the federal government played any role, whether advisory or otherwise, in the development of these cybersecurity practices?
  6. What are your concerns, if any, with a voluntary program that enables the federal government and the private sector to develop, in coordination, best cybersecurity practices for companies to adopt as they so choose, as outlined in the Cybersecurity Act of 2012?
  7. What are your concerns, if any, with the federal government conducting risk assessments, in coordination with the private sector, to best understand where my nationÔÇÖs cyber vulnerabilities are, as outlined in the Cybersecurity Act of 2012?
  8. What are your concerns, if any, with the federal government determining, in coordination with the private sector, the countryÔÇÖs most critical cyber infrastructure, as outlined in the Cybersecurity Act of 2012?ÔÇØ

So, how would you answer these questions?

Chinese Computer Fraud | China Resource Network

The next conference for business in China is going to include a topic on cyber fraud and JURINNOV will be presenting the case study.

The conference is held by the organization “China Resource Network” – which has been around close to 10 years now, offering two conferences a year, seminars during the year (on technical topics – labor law, VAT calculations, incorporation, etc).

Bots and Denial of Service (DoS) used against banks

 

Did you know that computers often become infected with virus-like programs called “bots” causing “denial of service” incidents on websites? Similar to the large data centers that comprise cloud based computing services, hackers have been creating botnets, large networks of infected computers that can operate collectively to perform malicious tasks. Portions of these networks are leased out to others who use them to launch attacks against web sites, among other things.

The recent bank attacks are examples of what can be done easily with the power of a botnet and nefarious schemes. For more information on the recent incidents, read my quotes from the Cleveland.com article, “KeyCorp, U.S. Bank web sites hit in the latest cyber attack against nation’s largest banks.”

Changing the local administrator password with a boot disk

Many people have asked me how to reset their Windows password so I decided to write this blog about it.  There are quite a few free Windows password reset tools.  They are mostly Linux boot disks that interface with your Windows drive to rewrite portions of the Windows registry that contain the passwords for your Windows accounts.  The tool listed below will read the data from the registry and provide you with a list of users to either reset the password or blank out the password.  I find it is easiest to blank out the password, log in and then set the password to something you can remember.

Offline NT Password & Registry Editor

Here are the steps you should follow:

  1. Go to the website above and download the CD image.
  2. Decompress the zip file using WinZip, 7Zip or some other decompression program.
  3. Burn the ISO to a CD. (You can use CD Burner XP Pro, a free tool to burn the ISO.  Here are instructions)
  4. Start your computer and boot from CD.  If your computer does not automatically boot to CD, go into the BIOS and modify your boot order.
  5. The program will have you load drivers, select the disk that contains your Windows drive, select the path and which part of the registry to load but don’t worry.┬á The defaults work for most systems so just press enter at each prompt.
  6. Once you see the user accounts, select one by pressing the number associated with that account and then choose to either blank the password or set it to a new one.

Disturbing security requirements you should never accept

Every once in a while, a web site will try to convince you to change your security settings.┬á I was looking for blinds the other day and I found a web site that had a great deal.┬á When I tried to customize the blinds, I was presented with this web page informing me that I needed to modify my cookie settings for first and third-party cookies in order for the site to work. I tried the site in a few browsers and this page came up each time I tried to modify my selection. This should be a red flag to leave the site immediately.┬á It doesn’t really matter what the reason is, possibly outdated code or incorrect security settings.┬á Either way, changing your security settings can make your machine vulnerable to attack.┬á┬á I’ll leave the name of the company out but here is a screenshot of the page. ┬á I sent the company an email about this four days ago but I have not received a response.

BlindSecurity

Here is a copy of the email I sent them. I have to tell you that I am extremely displeased with your┬á web site.┬á I wanted to get a quote for blinds from you but I was presented with a page that requested I modify my browser security settings.┬á I tried it on Firefox and IE on my PC and neither worked so I tried it Firefox and Safari on my mac and it still did not work with my settings.┬á There is a reason why computers block the content you have on your site and that is because it is a security risk.┬á For you to force people to modify their security settings to use your┬á site makes all your customers unsafe and I think it is very reprehensible.┬á It opens them up to an attack or loss of privacy from future sites they may visit even if your own site has no malicious intent.┬á I would strongly encourage you to update your site so that it does not require this feature. You are doing a disservice to your customers.┬á Sincerely, Eric Vanderburg ┬á Don’t let a site intimidate you into changing your browser security settings just to use the site.┬á It may look like a good deal but there could be some “hidden fees” such as personal information harvesting.┬á Just go to another site instead.┬á Companies, protect company data and your employees by enforcing browser security controls through group policies.┬á This way users will not be able to modify their browser security even if a web site tries to convince them to make a change.

Computer Forensics: First Responder Training

Timothy Opsitnick, Senior Partner,  John Liptak, Forensic Investigator and I explained the role of computer forensics and the first responder to an incident in this training session.  Contents included:

  • Understanding Computing Environments
  • Collecting Electronically Stored Information
  • Forensic Analysis Demonstration
  • Types of Cases When Forensics Are Useful

Zero day exploits for sale at bargain prices

Earlier this month I introduced the sale of zero-day exploits. The Zero-day exploit trade is a new market; increasingly becoming larger each day, giving hackers an incentive to exchange perfectly legal, but secretive zero-day exploited information for a substantially greater commission than if they were to report the flaws or take on consulting positions.

ForbesÔÇÖ estimated price list of zero-day exploits ranges from $5,000 – $250,000.┬á Pricing is based on the complexity, modernization, and how widely the target software is used.┬á Interestingly enough, Apple’s IOS falls in the highest price range.

It is clear that vulnerabilities carry a high price tag and many countries and hacker groups would like to purchase them.┬á To keep yourself safe, don’t rely only on a vendor’s security.┬á Create multiple layers of defense and audit activity on your equipment.

Trading vulnerabilities is an industry by itself

The phrase “Knowledge is power” has never before become so clear and scary.┬á Knowledge that is kept secret can be even more dangerous.┬á Dangerous for U.S. citizens, their privacy while browsing on the Internet, people overseas, and all companies worldwide.┬á This is because there are bugs within their software that can be exploited and these bugs or vulnerabilities are being sold to government agencies who can then exploit them at a later date.

The type of vulnerabilities being sold are called “zero-day exploits.”┬á This means the original software builder and company using the software has no idea there is a problem and has no way to protect themselves from an attack.

These researchers make their living my finding these flaws.┬á The kicker is that they don’t tell the company using the software of the bug in order to fix it, as was the case a couple years back where they could fix the problem at hand and make the software more secure, but now they are keeping this information secret and selling it to other companies who can exploit it later.

With the growing market of selling vulnerabilities, U.S. security and the security of all citizens are at greater risk.  The long term repercussions could be devastating as this information is sold and kept secret.  It could be another way of spying, destroying defense systems, bank systems, and identities.