Monday, July 27, 2015

Internet of Things Security Immaturity

Hi Anything Cyber community,
It's the end of the month and things are getting hot in the South. What better time than to discuss the immaturity of Internet of Things (IoT) security and provide an example, Jeeps getting hacked. The last few months, I've briefed local companies regarding the lack of security surrounding most IoT technologies. A few reasons for the lack of security include: hard to configure security controls; use of same encryption keys for all devices produced by a given manufacturer; and lack of security updates. Although the convenience of accessing your car via the web is very cool, hackers feel it's also cool to cause havoc. Chrysler has issued a patch to correct the zero-day vulnerability allowing Jeeps to be remotely hacked and cause dangerous safety situations for drivers.

It's a good thing that the media is covering this Jeep hacking story to bring awareness to other auto manufacturers that IoT security is just as important as IoT availability and functionality.

Jimmie Walker

Sunday, June 28, 2015

Locker ransom ware author comes clean

The author of Locker expressed his sorrow for infecting computers and released the decryption keys which can be used to decrypt files on infected computers. It is good to know that ethical hackers really do exist.

Jimmie Walker

Saturday, May 30, 2015

"Locker" ransom ware on the prowl

Hi Anything Cyber community,

Another variant of ransom ware is rearing it's destructive head. A sleeper ransom ware called "Locker" is in the wild. It works similar to CryptoWall which I discussed in an earlier post. The main difference is that Locker's ransom request is only about $20-$30 versus a starting ransom of $500 for CryptoWall. A much smaller bounty might increase the odds that victims will pay to get their files unencrypted. Another twist to locker is a warning in the ransom note that the private key used to encrypt victim files will be destroyed if attempts are made to circumvent the encryption. In other words, don't even think about reverse engineering "Locker" ransom ware or you will pay severely.

While it isn't clear of the exact infection vehicle used by "Locker" to compromise victim computers, typical vectors for ransom ware include phishing emails and malvertising.

Thursday, April 30, 2015

A password doesn't cut it for corporate social media accounts

If a password is compromised for a corporate social media presence like Facebook, LinkedIn, or Twitter, a cybercrimnal can spread spam or malware to all followers. Therefore, it's imperative to enable multi factor authentication for corporate public facing accounts. A simple compromised password is practically useless with multi factor authentication enabled.
Jimmie Walker

Tuesday, March 31, 2015

Malvertising

Hi Anything Cyber Community,


When malware meets advertising, malvertising is the offspring. Yes folks. Black Hat hackers have learned how to push their malware using non-traditional means, advertisements on web sites. What's really scary about this attack vector is that a victim can be infected without even clicking on the link. Just by mousing over the ad can cause infection.

Ramsom ware such as CryptoWall versions 2 & 3 have adopted malvertising as an attack vector to go along with the traditional phishing email. Once CryptoWall infects a Windows-based computer, it encrypts the contents of folders such as 'My Documents' so that the computer will still function to provide the victim with a ransom note. The ransom note will describe what happen and how much the victim must pay (typically $500) to get their personal files back unencrypted.

To overcome ransom ware such as CryptoWall, it's critical to keep off-line backups of computer hard drives. Ransomware such as CryptoWall has the intelligence to detect attached external hard drives or network shared drives and encrypt those as well.

Anyone out there been hit with CryptoWall, share your experience.

Jimmie Walker

Monday, February 23, 2015

No Anthem didn't store PHI in the clear

Hi Anything Cyber community,

I'll definitely welcome an early Spring in the South. I've had just about enough ice for the winter. While all the details of the recent cyber breach at Anthem still unfold, Wall Street Journal reported that the approximately 80 million records of patient data or patient health information (PHI) was not encrypted on company servers. While encrypting sensitive data on servers is not a firm requirement per HIPAA, it is a requirement to implement the an alternative to encryption if it's not feasible.

I've heard the excuses that it's complicated to maintain an encryption infrastructure for PHI contained on a server. Well, security usually isn't an easy fix and I'm sure Anthem (and all of their compromised patients) wish the extra mile was taken to secure PHI. A simple Google search shows numerous solutions to encrypt server data and the difficulty of the process can be outsourced to competent third party vendors.

From my experience as an Information Assurance Manager ensuring the security of various computer systems, if a security safeguard (i.e. data encryption) is not required but a good to have in many cases valid excuses are always found to not implement the safeguard. If we're going to be serious about securing patient data, at a minimum secure alternative safeguards to server data encryption must be required of covered health providers and insurance companies.

Jimmie Walker

Friday, January 23, 2015

MAC Forensics Certified and SOTU reaction

Hi Anything Cyber community, It's a new year and a new certification under my belt. I just completed a 6 day course in Mac Forensics (FOR 518) taught by SANS. A Mac convert for over 10 years, I now know the inner workings of all of my Apple devices. The course covered the forensics of OS X, iPhone, and iPad. Lectures were backed up by very detailed exercises to reinforce what was learned. It's amazing how much evidence a perpetrator can leave behind on their computers or smartphones and not even know it. The secret is knowing how to access the information. I highly recommend this course to others.

As far as the SOTU is concerned, I get goose bumps whenever the President mentions Cybersecurity in the SOTU. It reinforces to me the importance of learning about the topic and being an expert in the field. Recent attacks such as the hacking of the Twitter and YouTube accounts for US Central Command further validate the importance of Cybersecurity. From what I see in my career on a daily basis, it seems that private industry is taking Cybersecurity seriously and on a path to make the necessary investments to mitigate the risk of Cyber breaches. Jimmie Walker