- Monitoring logons 'the most effective way to detect data breach' -
Monitoring corporate logins described as the most effective way to
detect a data breach within an organisation.
Recent phishing attacks reportedly capitalize on Office 365 security
holes - Researchers from cloud security company Avanan have reported
finding two ways that phishers are evading Microsoft Office 365
Security protections: one using "hexidecimal escape characters" to
conceal coding and links, and the other by compromising SharePoint
Defray Ransomware demands $5,000, then suggests victims backup their
data - A just-documented ransomware strain called Defray is making
some minor inroads by targeting firms in the healthcare, education,
manufacturing and technology fields, that contains a ransom note
that taunts the victim's IT department.
VW engineer sentenced to 40 months in prison for role in emissions
cheating - German automaker asked its US employee to perfect the
cheat code, and he did it.
American Pacific Mortgage files lawsuit against insurer to reclaim
losses due to BEC attack - American Pacific Mortgage (APM) has filed
a breach of contract suit against Aspen Specialty Insurance Company
disputing the latter's decision to not cover losses incurred from a
business email compromise attack.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
- Business Email Compromise phishing scam found targeting diverse
array of industries - An organized phishing scam operation likely
based out of West Africa has been attempting to steal the business
email credentials of users across a broad spectrum of industries, in
hopes of compromising their accounts and leveraging them for even
more targeted spear phishing scams.
Ukraine Fears Second Ransomware Outbreak as Another Accounting Firm
Got Hacked - Ukrainian authorities and businesses are on alert after
a local security firm reported that another accounting software
maker got hacked and its servers were being used to spread malware.
106,000 Mid-Michigan Physicians clinic patient records exposed -
About 106,000 patients of the Mid-Michigan Physicians clinic may
have had their patient records exposed when a third-party server was
Google routing blunder sent Japan's Internet dark on Friday - Last
Friday, someone in Google fat-thumbed a border gateway protocol
(BGP) advertisement and sent Japanese Internet traffic into a black
Real Madrid Twitter accounts hacked shortly after FC Barcelona
account breach - Grey hat hackers pranked soccer fans by hacking the
Real Madrid Twitter accounts and posting tweets announcing the
signing of rival player Lionel Messi along with video of the player
scoring for Barcelona against Real Madrid.
Hackers leak pics of actress Dakota Johnson - The same hackers
behind the unauthorized access of celebrities' iCloud accounts and
the subsequent postings of photographs are believed to be behind the
recent leak of photos of “Fifty Shades” actress Dakota Johnson.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
OCC - Threats from
Fraudulent Bank Web Sites - Risk Mitigation and Response Guidance
for Web Site Spoofing Incidents (Part 3 of 5)
PROCEDURES TO ADDRESS SPOOFING - Information
After a bank has determined that it is the target of a spoofing
incident, it should collect available information about the attack
to enable an appropriate response. The information that is
collected will help the bank identify and shut down the fraudulent
Web site, determine whether customer information has been obtained,
and assist law enforcement authorities with any investigation.
Below is a list of useful information that a bank can collect. In
some cases, banks will require the assistance of information
technology specialists or their service providers to obtain this
* The means by which the bank became aware that it was the target
of a spoofing incident (e.g., report received through Website, fax,
* Copies of any e-mails or documentation regarding other forms of
communication (e.g., telephone calls, faxes, etc.) that were used to
direct customers to the spoofed Web sites;
* Internet Protocol (IP) addresses for the spoofed Web sites
along with identification of the companies associated with the IP
* Web-site addresses (universal resource locator) and the
registration of the associated domain names for the spoofed site;
* The geographic locations of the IP address (city, state, and
the top of the newsletter
FFIEC IT SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
INSURANCE (Part 1 of 2)
Financial institutions have used insurance coverage as an effective
method to transfer risks from themselves to insurance carriers.
Insurance coverage is increasingly available to cover risks from
security breaches or denial of service attacks. For example, several
insurance companies offer e - commerce insurance packages that can
reimburse financial institutions for losses from fraud, privacy
breaches, system downtime, or incident response. When evaluating the
need for insurance to cover information security threats, financial
institutions should understand the following points:
! Insurance is not a substitute for an effective security program.
! Traditional fidelity bond coverage may not protect from losses
related to security intrusions.
! Availability, cost, and covered risks vary by insurance company.
! Availability of new insurance products creates a more dynamic
environment for these factors.
! Insurance cannot adequately cover the reputation and compliance
risk related to customer relationships and privacy.
! Insurance companies typically require companies to certify that
certain security practices are in place.
Return to the top of
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
the series on the National Institute of Standards and Technology
Chapter 12 - COMPUTER
SECURITY INCIDENT HANDLING
12.1.3 Side Benefits
Finally, establishing an incident handling capability helps an
organization in perhaps unanticipated ways. Three are discussed
Uses of Threat and Vulnerability Data. Incident handling can
greatly enhance the risk assessment process. An incident handling
capability will allow organizations to collect threat data that may
be useful in their risk assessment and safeguard selection processes
(e.g., in designing new systems). Incidents can be logged and
analyzed to determine whether there is a recurring problem (or if
other patterns are present, as are sometimes seen in hacker
attacks), which would not be noticed if each incident were only
viewed in isolation. Statistics on the numbers and types of
incidents in the organization can be used in the risk assessment
process as an indication of vulnerabilities and threats.
Enhancing Internal Communications and Organization Preparedness.
Organizations often find that an incident handling capability
enhances internal communications and the readiness of the
organization to respond to any type of incident, not just computer
security incidents. Internal communications will be improved;
management will be better organized to receive communications; and
contacts within public affairs, legal staff, law enforcement, and
other groups will have been preestablished. The structure set up for
reporting incidents can also be used for other purposes.
Enhancing the Training and Awareness Program. The
organization's training process can also benefit from incident
handling experiences. Based on incidents reported, training
personnel will have a better understanding of users' knowledge of
security issues. Trainers can use actual incidents to vividly
illustrate the importance of computer security. Training that is
based on current threats and controls recommended by incident
handling staff provides users with information more specifically
directed to their current needs -- thereby reducing the risks to the
organization from incidents.
12.2 Characteristics of a Successful Incident Handling
A successful incident handling capability has several core
1) an understanding of the constituency it will serve;
2) an educated constituency;
3) a means for centralized communications;
4) expertise in the requisite technologies; and
5) links to other groups to assist in incident handling (as