CCleaner – Trusted Application Compromised

September 18, 2017 at 4:16 pm | Posted in Cyber Security | Comments Off on CCleaner – Trusted Application Compromised
Tags: , , , , , ,

Cisco’s cyber threat intelligence division TALOS released details today of a major exploit that it has discovered within popular PC clean up program CCleaner.

TALOS’s investigation began last week when they noticed that the latest installation of CCleaner was triggering Cisco’s Advanced Malware Protection systems indicating that the software was malicious.
Further investigations indicated that within the download for CCleaner there was a hardcoded commander and control request to download malicious software through a Backdoor.

Cisco immediately informed the manufacturers of CCleaner of the exploit and a fresh version has been released.

If you have CCLeaner 5.33 please do download the latest version immediately as this has fixed the potential issue.

The bigger concern is that millions of people could have downloaded this application from a trusted supplier since the exploit was installed by the attacker and shows the importance of cyber security in order to maintain brand reputation as like Neytra attack earlier this year this is a trusted application.

for further reading check out TALOS’ blog
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

Advertisements

Email remains the Top threat Vector – The Crown Prince of Nigeria has died

September 13, 2017 at 4:23 pm | Posted in Cyber Security | Comments Off on Email remains the Top threat Vector – The Crown Prince of Nigeria has died
Tags: , , , , ,

It is one of the oldest methods of attack that still functions on the internet. The email, you all know the email that I am referring too. The email stating that the Crown prince of Nigeria has died, that he was your long lost relative, and if you wire some money into a holding account you can inherit £123,456,789.00

This scam has been going for a long time even dating back to letters but it reinforces a point that the bad guys got smarter.

Many of the most prominent Data Breaches in the last decade have come from a compromised email. With Social Media it is incredibly easy to find out if someone is a HR manager and to email him or her a file called “Recruiting target Q3” while pretending to be their boss.

This is Phishing and it is one of the more common ways to compromise a network.

Email security is an area that not only requires diligence and protection but also vast resources, as the data from TALOS shows over 85% of all email traffic is still currently spam but that despite it being filtered there are still billions of emails that are legitimate.

August email report

That is still a large haystack in which to hide needles that are phishing emails.
And it only needs one for someone to get into a network and for the network to be compromised.

Returning to Normal Schedule – Intuitive Networks

August 29, 2017 at 4:17 pm | Posted in Cyber Security | Comments Off on Returning to Normal Schedule – Intuitive Networks
Tags: , , ,

For the majority of the last few weeks I have been abroad in the United States attending a conference with work to discuss strategies for the upcoming financial year but also to learn more about what is coming up.

There is a lot coming up in terms of technology and strategy from Cisco but for the time being I think the best way to see what is coming is to ask Peter Dinklage.

Innovation and intuition is the most human element of all, we learn and we adapt we go from there.

Time to Detection – Going Down but still a Gap

July 28, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on Time to Detection – Going Down but still a Gap
Tags: , , ,

Another area discussed within the Cisco Mid-Year cyber security report is the time to detection of a breach.

In Security terms, the time taken from a breach happening to it being detected is now one of the key metrics that the industry prides itself in. In order to ensure that the attackers have as little time as possible in order to cause damage the time to detect needs to be as low as possible.

In immature security environments, it is entirely possible for attacks to remain undetected for months before it is realised that there has been a breach at all. Alternatively, even worse another party informs a company of a breach after discovering data on the internet.

In more mature security environments the time to detection is down to weeks rather than months but it is the cyber security industry and cisco in particular’s goal to get this number down to hours.

The most mature security environments are now down to around three and a half hours, which is a dramatic improvement of the nearly forty hours when Cisco started this research. However, there is still work to do as four hours is a long time for attackers to compromise a network and get what they want.

Leaving Burglars four hours to ransack your home is unacceptable and the same applies in cyber security.

Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Comments Off on Cisco Mid-Year Security Report – Exploits Down Spam Up
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

NYETRA/PETYA/NOT PETYA – Cyber Attack Update

July 3, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on NYETRA/PETYA/NOT PETYA – Cyber Attack Update
Tags: , , , , ,

Last Week a new Cyber Attack began to make itself known. Originating in the Ukraine this particularly vicious piece of Malware managed to take down numerous Ukrainian organisations before spreading outside of Ukraine and affecting other companies around the globe.

The impact was significant on several levels with Cargo ships unable to unload at ports around the globe and entire companies taken off line. Rather than encrypting individual files, NYETRA encrypted the operating system.

The Spread however, was not as wide scale as WannaCry.

The reason was the delivery method, while both NYETRA and WannaCry used the same exploit system their original delivery and latter spread was different. As Netyra only spread from a compromised application on the internal network as opposed to also spreading on the external network like WannaCry did.

There is also currently debate as to whether this was a Ransomware attack or was an attacked designed to wipe data from targets. The Ransom and clean-up elements of NYETRA were considerably weaker than WannaCry.

I am leaning towards the Wiper opinion on this latest Cyber Attack personally.

Once again I urge readers to ensure that their PC’s are up to date as this attack could once again been prevented if the march update from windows had been installed.

WannaCry should have been a warning.

Fool me once shame on you, Fool me twice shame on me.

For further in depth reading on this latest attack, do check out Cisco Talos’ Blog
http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

Note: This Blog is my own thoughts and are in no way associated to those of my current employer.

The encryption traffic conundrum solved?

June 22, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on The encryption traffic conundrum solved?
Tags: , , , ,

A challenge that has risen in recent years is the rise of encryption on internet communication traffic. Many websites are now HTTPS, especially if you submit any private details.

It also means that many cyber criminals have also adopted encrypted traffic communication in order to protect themselves and make it harder for traditional security solutions to spot malware meaning that Malware spread through encrypted traffic has become a major source of data breaches.

Currently in order to deal with this threat vector the solution is to decrypt all files resulting in a potential trade-off between security and privacy.

Cisco however, has just announced a new approach by using analytics to analyse the intent of encrypted traffic and assess whether an encrypted file is in fact malicious. This is achievable by using Cisco Talos’ intelligence of current and suspected attack vectors.

Early trials are showing it to be extremely effective and I look forward to seeing it in person and in action soon as this could solve several issues that currently are challenges to the security industry.

Create a free website or blog at WordPress.com.
Entries and comments feeds.