Targeted Phishing Still Works – Resistance is Critical

February 29, 2016
As many have been reporting today, one of Snapchat’s employees was recently targeted by online criminals who convinced them that they were the company’s CEO.
Then what?
In response to the targeted phish, the employee emailed a copy of some company payroll details to what they hoped was their CEO.¬† As a result, a number of Snapchat’s workers have had their identities compromised [not Snapchat’s millions of users].
Still, and too often, social engineering works…
Members of any Financial Services workforce need to resist this force all day, every day.
In this 4 minute video, Graham Cluley outlines how this can happen and how employees might reconsider breaking the rules.
His final guidance can be summarized as: “It’s okay to say no.”
He is an entertaining presenter and his message is completely applicable to any Financial Services work environment.
Take a break for this 4 minute security reminder:
 Snapchat Apology:
VIDEO: “Snapchat data breach shows that sometimes it’s good to say no to your CEO. — Do you mind just sending over the payroll database?”
By Graham Cluley, February 29, 2016

What Can We Learn From Russian Attacks Against Ukrainian Power Companies?

February 26, 2016

The U.S. Dept. of Homeland Security (DHS) released a report about the December 23, 2015, Ukrainian power company outages caused by cyber-attacks.

Why should you care? These were targeted, effective, remote attacks against infrastructure operations to cause outages in subsidiary systems, as well as to demonstrate power.

As Financial Services consolidate their digital operations into ever-larger data centers — owned or third party — and migrate software and data to third party ‘cloud’ services — still more data center concentration — the risks associated with attacks against infrastructure are growing. Data centers are highly automated webs of complex power, heat management, monitoring, data communications, and access control infrastructure. Because of commercial data center consolidation, remote access to infrastructure systems is a given. If Financial Services enterprises’ infrastructures were the target of talented cyber-attack conceptually analogous to those against Ukrainian power company infrastructures, there would be serious negative consequences.

During those Ukrainian cyber-attacks, remote hostile actors used either existing remote administration tools at the operating system level or remote industrial control system (ICS) client software via virtual private network (VPN) connections to operate electric power flow controls. The hostile actors appeared to use a number of legitimate credentials during the cyber-attack to facilitate remote access.
These actors also wiped some systems by executing the KillDisk malware to render systems inoperable as they finished their attack.
They also corrupted firmware supporting Serial-to-Ethernet devices at substations.
Finally, they scheduled disconnects for server Uninterruptable Power Supplies (UPS) via the UPS remote management interface in an attempt to interfere with expected restoration efforts.
The targeted power companies also reported that they had been infected with BlackEnergy malware — reportedly delivered via spear phishing emails with malicious Microsoft Office attachments. Researchers suspect that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials

Exhibit continuous due diligence in your selection and management over your data communications infrastructure & data centers. Protect them against all channels of unauthorized access. The threat of remote catastrophe or simply serious, serious outage is real.

Alert (IR-ALERT-H-16-056-01)
Cyber-Attack Against Ukrainian Critical Infrastructure
Original release date: February 25, 2016

Hackers did indeed cause Ukrainian power outage, US report concludes
DHS officials say well-coordinated hack cut power to 225,000 people.
by Dan Goodin – Feb 26, 2016 1:14pm CST

%d bloggers like this: