09
Nov

Heard on the Street for the Week Ending November 2, 2012

Written by Andrew Jaquith. Posted in Blog Post

The Perimeter STAR Team holds its “Heard on the Street” call every week. On these calls, the team discusses hot security trends, current events and issues that our customers should be aware of. Below is a summary of the topics discussed this week, which we present as a service to our customers and to the public.

What we heard this week:

Hurricane Sandy left a trail of scams, fake charities and shady contractors in its path. Cybercriminals regularly incorporate natural disasters into their spam and fraud campaigns, and Hurricane Sandy was no exception. David Coffey, team member and VP of Engineering, recommends keeping an eye out for suspicious emails. Don’t be fooled by phishing scams, suspicious links or donation requests through untraceable methods of payment. The Internal Revenue Service and Better Business Bureau both issued warnings about fake charities and urged people to do their homework before making any donations. Additionally, the Huffington Post reports that up and down the East Coast, some people offering to help clean up the mess may actually be looking to “clean you out.” To report a fraud or scam, you can call the FBI and National Center for Disaster Fraud’s (NCDF) hotline: (866) 720-5721.

Ethiopian kids learned how to hack a tablet – with no instruction. David also mentioned an interesting story about a group of illiterate young children in Ethiopia who were given tablets through the One Laptop per Child (OLPC) program – a project helping to educate the 100 million first-graders with no access to school. Without any instruction, these children – all between the ages of four and eleven – learned how to use apps, play games and even hack the Android operating system on Motorola Xoom tablets, reports Wall Street Journal. Amazing stuff.

Thousands of WordPress sites were hacked. In other hacking news, team member and Security Analyst Evan Keiser spent some time last week tracking a SPAM campaign against WordPress sites. WordPress claimed the campaign was not caused by a vulnerability, but was instead the result of weak passwords. However, with more than 300,000 WordPress blogs affected in a two-week timeframe, some aren’t quite buying this story.

RIM’s woes continue. News of U.S. Customs moving 17,600 staffers from BlackBerries to iPhones has brought RIM’s troubles to the forefront once again. Do security features (or lack thereof) factor into the decisions of individuals and organizations flocking to iOS? Team member and VP of Product Marketing Mike Flouton explained that RIM has an excellent security track record, but if there has been any acknowledgement that the switch comes with security and compliance trade-offs, these sacrifices have been outweighed by the pull of the iPhone in corporations, and to a lesser extent, Android.

The South Carolina Department of Revenue security breach could result in widespread identity theft. An anonymous hacker has accessed 3.6 million South Carolina tax returns. Essentially, every state resident’s name and SSN was obtained. But remember that there are two kinds of identity theft: cyber identity theft, which generally involves obtaining someone’s login credentials and wreaking virtual havoc, and offline (or “origination”) identity theft, which comprises 2/3 of the  identity theft reported to the FTC and has nothing to do with computers per se. Origination theft means piecing together enough personal information to obtain fake mortgages or credit lines, for example. It’s safe to say some South Carolina residents will be dealing with both kinds of fraud in the near future.

Perimeter partners with Columbia University on new security research project. Grace Zeng, Team Member, Research Analyst and Software Engineer, shared early details of an exciting new project Perimeter has begun in partnership with Columbia University. By sampling Web traffic from a variety of anonymous sources, the research team will identify patterns and information on mass hacking attempts on a number of popular platforms. Grace is just getting started on this initiative, but she looks forward to discovering new insights that will help us proactively protect our customers. Stay tuned for more soon.

That’s it for this week. Stay safe out there.

01
Nov

The New Reality in a World with DDoS Attacks

Written by Richard S. Westmoreland. Posted in Blog Post

A distributed denial of service (DDoS) attack is a term the average person is probably not familiar with. However, if you have attempted to conduct any form of banking online over the past several weeks you may have experienced difficulty getting onto the sites of our nation’s largest banks due to a DDoS attack. Dozens of financial institutions – including Bank of America, Wells Fargo and Capital One – have been targeted recently.

Before we get into why these attacks are taking place, let’s take a step back and examine what a DDoS attack is and why they are so effective. The speed of an Internet connection is determined by the size of the ‘Internet pipe’ in place and the hardware and software components in place that process and route the connections and requests. While the concept of data running through a ‘pipe’ may be a bit confusing, think of it in simpler terms such as water, the larger the pipe, the more water that can flow through, while valves and faucets would represent the various hardware and software elements connected to the pipe. The Internet works on the same principle. Most banks have in place an Internet pipe capable of handling up to approximately 20 gigabits-per-second of Web traffic. What a DDoS attack does is flood the website with traffic upwards of 40 – 50 gigabits-per-second until the denial of service (DoS) occurs when the weakest link breaks. It becomes “D”DoS because the source of the packets are spread out over hundreds to tens of thousands of different contributors to the DoS, simply overwhelming the site and causing it to crash.

Now that we understand how the attack works, many of you will want to know what can be done to stop them. The truth is, DDoS attacks are extremely dynamic and difficult to stop. If it were simply a DoS, it could be blocked, but the distributed element makes it nearly impossible to guard against. In the recent attacks on our financial system, advanced warnings of the attacks were issued, yet the banks were still powerless to stop them. While larger entities would typically have an easier time fending off attacks due to their breadth of resources, in these cases the attacks were coordinated through data centers which proved simply too much for their defenses to handle.

Preparing to defend against DDoS attacks has become an accepted cost of doing business in today’s cyber environments. While there is progress being made in the battle against small to mid-size DDoS attacks, the only way to truly battle against a large scale attack is by throwing more resources and brute force at the problem than can be sent your way during an attack. This method is for the most part economically impractical as the cost of upping your bandwidth – two to three times current levels and having it sit idle when not defending against an attack – is simply not feasible. So for at least the time being, most large scale DDoS attacks are not defended against, but simply waited out.

DDoS attacks are normally launched to send some form of a message and can vary greatly in terms of their sophistication. It has been widely speculated in federal circles that due to the sheer mass and complexity of these recent attacks that they are the result of an escalating cyber war with Iran. DDoS attacks have become the preferred and paid weapon for many politically motivated groups. This is both a scary and positive aspect to these types of attacks. The negatives are that they are perpetrated by professionals who have the skills and resources to effectively launch these attacks and there is little that can be done to stop them. The consolation is that these attacks are generally shorter in duration before moving on to other targets.

What has many observers concerned is the evolution of these attacks. While it is certainly an inconvenience and a potential business hit to have a website shut down for long periods of time, we have yet to see it have a large scale economic impact. That could be about to change. In a recent FOX Business story, Matt Egan explored the potential economic damage that attacks similar to the ones in the banking industry would cause if they struck U.S. retailers this holiday-shopping season, impacting what are projected to be online sales of approximately $54 billion. As Dave Aitel, a former computer scientist at the National Security Agency said, “I don’t think people are really prepared mentally to what happens if Amazon goes down.”

Welcome to the new reality in the world of DDoS attacks.

31
Oct

Government: the Role it Plays in Cyber Security

Written by Mike Flouton. Posted in Blog Post

Last up in our National Cyber Security Awareness Month (NCSAM) blog series – government. This month, we’ve taken a closer look at several different industries on the front lines in the battle for cyber security: banking, healthcare, and utilities. We now look at the government’s role in thwarting cybercrime at both the national security and private levels.

The government has a dual role as it relates to cyber security; its primary responsibility is to protect the interests of its citizens but it also needs to ensure that its own critical data is being protected from attack. This is an incredibly difficult task given the layers of complexity within government IT networks. This was highlighted by a recent report stating a network within the White House was compromised. While the Internet security team at the White House was able to move quickly to isolate and eradicate the threat without any loss of data, it underscores the point that if the most secure address in the country can be breached, everyone is at risk.

Dealing with cyber threats is not a new concept for the federal government but the frequency, funding and sophistication of attacks over the past several years necessitates a reexamination of policy. To provide a formal framework for dealing with cyber threats, the government launched the Comprehensive National Cybersecurity Initiative (CNCI) in January of 2008. The CNCI consists of a number of mutually reinforcing initiatives with three primary goals defined to help secure the United States in cyberspace:

  • Establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions.
  • Defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies.
  • Strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace.

The thrust of these initiatives can be summed up in one word: information. At the heart of any comprehensive cyber security initiative is the gathering of intelligence, sharing of data and education on critical threats. During the past 3 – 5 years, the government has made a concerted effort to work with the private sector to both expedite defenses and educate users on how to quickly detect attacks.

The debate surrounding formal government legislation will continue for some time. Yet, it is clear that the government will play a critical role in the battle to defend against cyber attacks as it is the only entity with the resources to combat threats originating from foreign entities and to track the multiple footprints of today’s most serious threats.

24
Oct

Rising Mac and Public WiFi Use Poses New Risks to Businesses

Written by Jason Wong. Posted in Blog Post

Your business is subject to new threats each day. Your employees are mobile: they go on the road, work from home and meet prospects for coffee. Many of them sport personal mobile devices with access to company information, such as email. And increasingly, you get requests for Mac computers in the workplace – especially laptops – which create new security headaches. You’re charged with providing a safe and productive workplace for your employees, but countless new security threats make this a constant, uphill struggle.

Perimeter recently conducted a survey of 113 IT professionals to help measure current laptop usage trends, Mac adoption rates and chief Web security concerns across small-to-midsize businesses. Not surprisingly, the results point to an industry-wide shift to more heterogeneous, mobile work environments – coupled with heightened IT security challenges and uncertainty. Among the key findings:

Laptop Adoption

Sales of traditional PC desktops have plummeted and laptop usage has increased significantly in recent years. Our research reveals that laptop adoption is very prevalent among small businesses today, with a quarter of these respondents reporting 80 percent or more of their workforce regularly use laptops. “Roamers” – or companies whose employees most often use their devices on public WiFi networks – indicated the highest level of laptop use. Additionally, a significant minority (31 percent) of all organizations plans to increase the number of Mac laptops in the workplace over the next 12 months.

Macs in the Workplace

Historically, Macs represented only a small percentage of malware threats, and as a result, very few security software programs were developed to negate the threats. However, as businesses continue to expand policies allowing for employee-owned devices, many of them Macs, the threats are increasing and creating issues for security departments. Our study showed that 78 percent of IT managers want to have the same level of security on both Macs and PCs, yet 15 percent are unsure if their current security policies meet this need. Small businesses seem to be the most uncertain about Mac usage and protection, with 26 percent noting they are unsure about needing the same level of security for PCs and Macs.

Roaming and Web Security

On-premise Web security gateways that filter URLs and detect viruses work very nicely – assuming employees are actually on premise. But today’s modern workforce isn’t shackled to a desk. Because of this, a large majority of respondents (61 percent) are very concerned about the security of public networks. “Non-roamers” indicate the highest level of concern at 75 percent, while only 48 percent of “roamers” claim concern. This suggests that when security concerns are allayed, companies are more open and flexible about employees roaming off the corporate network.

You can read the full study in our new whitepaper – Rising Mac and Public WiFi Use Poses New Risks to Businesses. For organizations interested in learning more about protecting their Mac user base from today’s modern threats, we encourage you to check out Perimeter’s SaaS Web Security Client for Macs – the first in the industry.

19
Oct

Heard on the Street for the Week Ending October 12, 2012

Written by Andrew Jaquith. Posted in Blog Post

The Perimeter STAR Team holds its “Heard on the Street” call every week. On these calls, the team discusses hot security trends, current events and issues that our customers should be aware of. Below is a summary of the topics discussed this week, which we present as a service to our customers and to the public.

What we heard this week:

The cloud can reduce the cost and complexity of email for credit unions – but not at the expense of  data security. On October 10, Perimeter CTO Andrew Jaquith presented a webinar “Email Security & Credit Unions: Migrating to Exchange 2010 Securely,” outlining four things every credit union needs to know about a safe and secure migration to Exchange 2012. Andrew shared his high-level recommendations with the team.

Cyber-criminals are mounting denial-of-service (DOS) attacks against major U.S. banks. Team member and security analyst Richard Westmoreland presented highlights of a New York Times article that described how data centers around the world have been infected with a sophisticated form of malware. This has enabled “amateur hackers” to wreak havoc on some of the nation’s largest banks, including Wells Fargo, U.S. Bank and PNC. Typically, DOS attacks are deployed through an application or botnet, but by infecting data servers first, attackers were given “the “horsepower and commercial grade capabilities to affect a massive attack.” The group Izz ad-Din al-Qassam Cyber Fighters took credit for these attacks, which have caused Internet outages and delays in online banking. In the wake of these incidents, we urge our financial institution customers to take all necessary steps to safeguard machines and follow security best practices. If you haven’t already, we encourage you to check out Perimeter’s own E-Security 1H 2012 Financial Institution Threat Report.

More than 60 percent of companies are concerned about laptop users’ security on WiFi networks. Team member and director of product marketing Jason Wong shared findings of a new Perimeter survey that examines the growing importance of security for both Mac and Windows users, especially when roaming off the corporate network. Check back soon for more details on the survey here on our blog.

Perimeter’s Cloud MDM is getting good reception with customers. Cloud MDM provides mobile device and application management, prescriptive policy guidance, compliance reporting and features a unique Bring-Your-Own-Device (BYOD) kit.  Andrew shared details how customers have reacted to demos of Cloud MDM service. Since unveiling the service two weeks ago, we’ve received an overwhelmingly positive response. The press has been positive too; read what Stefanie Hoffman of Channelnomics has to say about Cloud MDM here.

Does your grandson need money? It might be a scam. VP of Operations Jeremy Miller relayed snippets of a frantic phone conversation between him and his grandfather this week. When the phone rang Wednesday morning at the home of Jeremy’s grandfather, the caller identified himself as, well, Jeremy. “Jeremy” proceeded to tell his grandfather he had gotten into a boatload of trouble, was now sitting in jail and needed thousands of dollars for bail. Thankfully, Grandpa knew better and hung up on the caller. The scam – known as the “Grandparent Scam” – is gaining stream in today’s social media era. Con artists simply pull phone numbers and names of family members off of popular social channels, then dial away. This incident should serve as a reminder to our customers that low-tech methods of theft are still quite common, and that vigilance is important. Give your loved ones a call and make sure they don’t fall victim to this scam or others like it.

That’s it for this week. Stay safe out there.

18
Oct

Utilities and Infrastructure: The New Front Lines for the Battle for Cyber Security

Written by Mike Flouton. Posted in Blog Post

Next up in our National Cyber Security Awareness Month (NCSAM) blog series – utilities. While cybercrimes against banks and healthcare providers are on the rise and continue to generate the majority of buzz within the security community, utilities and critical infrastructure represent arguably the greatest threat to national security. Don’t be mistaken; these threats have government officials very concerned. The National Security Agency predicts a major cyberattack on U.S. infrastructure over the next 12 to 18 months and officials are openly discussing the release of a recent al Qaeda video calling for an “electronic jihad.”

Within the past couple of weeks, Defense Secretary Leon Panetta proclaimed during a speech on security that the United States is in a “pre-9/11 moment,” citing the risk of crippling online attacks against public utilities, trains or chemical factories. According to a report in Stars and Stripes, Panetta also revealed that investigators have uncovered instances where online intruders have gained access to control systems for chemical, water and electrical plants, as well as public transportation control software. According to Panetta, attacks on public utilities could spark a “cyber Pearl Harbor.”

Panetta is not alone in his concerns. Recently, the chairman of the United States Federal Energy Regulatory Commission (FERC), Jon Wellinghoff voiced his concerns around cybersecurity and the lack of authority for an agency to act upon threats. According to Wellinghoff, “nobody has adequate authority with respect to both the electric and the gas infrastructure in this country regarding known vulnerabilities. If I had a cyber-threat that was revealed to me in a letter tomorrow, there is little I could do the next day to ensure that that threat was mitigated effectively by the utilities that were targeted.”

The cyber-threat issue is being exacerbated as utilities increase their use and reliance on technologies such as smart grid and remote control systems. The more connected a facility or network becomes, the greater the risk. In many cases these facilities don’t realize the extent to which they are connected to the Internet and by extension, the threats that are constantly being introduced to the facility by devices brought in by employees and staff.

The idea that entire regions could be left without critical services such as water or power sounds like the script from a movie or the inspiration for a hit TV show but it is a threat that is not only possible, but expected by the Department of Homeland Security. As Congressman Michael McCaul, a leader in Congress on cybersecurity issues recently stated, “This isn’t science fiction, this is real.”

The threats facing the utility industry continue to underscore one overwhelming principle. If you are connected to the Internet, you are vulnerable to attack. As Perimeter reported on recently, the Internet is a playground for opportunistic attackers. Any facility, network, or device with an Internet connection needs a robust cyber security policy in place to mitigate threats and ensure critical services are not affected.

 

12
Oct

Cisco Webex Spam Plaguing Banking Customers Leads to Blackhole 2.0 (Update: So Does the Discover Card Spam)

Written by Grace Zeng. Posted in Blog Post

Some of our banking customers reported to us that dozens of fake Cisco webex invitation emails hit them yesterday. The invitation looks pretty authentic: both the invitation url and the support link show the domain name of the targeted institution.  Moving the mouse over those links and the “Join” button, you will see a completely different domain, a common trick used in phishing and spamming.

It is confirmed that at least 6+ financial institutions in the FS-ISAC (Financial Services Information Sharing and Analysis Center) list received 10-20 such emails yesterday morning. The malicious urls contained in those emails have 5 variations:

hxxp://ballontibhi[DOT]net/MKFjij/index[DOT]html

hxxp://pensiuneaflorina[DOT]eu/pG6yLZ62/index[DOT]html

hxxp://www[DOT]fisarmonichedelmonviso[DOT]it/EN2wk1m/index[DOT]html

hxxp://skitravel[DOT]gr/rARHa3/index[DOT]html

hxxp://a-tamm[DOT]de/gehjtH/index[DOT]html

To know what those urls actually lead to, I started my virtual machine, fired up Wireshark, and followed them one by one.  It turned out that after clicking the suspicious link, you would be prompted to a page showing “connecting to server”.  This page lasted for a few seconds. I will show you an example below.

What really happened behind the scene? My packet capture got them all!

This pattern looked so familiar. I couldn’t help thinking of certain exploit kit. Before I thought any further, the page went blank and a file named 0323a.pdf popped up at the bottom of my IE browser.  After I saved this file, another file named update_flash_player.exe came up for downloading — Virustotal had an 8/44 detection ratio of this executable.  (https://www.virustotal.com/file/094d703fdc05ffeb8820d6cf5128165321881d644aaaa60ed14bfe9c175896fb/analysis/1349994059/)

Note that visiting the 5 different malicious urls contained in the spam emails generated the same traffic pattern and in particular they all landed to this url: http://**.**.**.**/links//term_covering.php at the end. The IPs used in this url are:

174.140.171.159

184.164.151.54

198.136.53.39

A quick lookup of the latest malicious domains at malwaredomainlist.com confirmed that this type of url indeed belongs to Blackhole 2.0 exploit kit though the IPs serving them can be different. 198.136.53.39 is one of the detected IPs. (http://www.malwaredomainlist.com/update.php)

A record at urlquery.net (http://www.urlquery.net/report.php?id=228252) indicates that 184.164.151.54 also hosts the landing page of Blackhole 2.0.

No record has been found for 174.140.171.159 on any blacklist. As always, Blackhole 2.0 hosting site constantly changes its IP.  Based on my analysis, this IP is probably one of the latest.

Perimeter’s Security Operations Center keeps updating the list of Blackhole-related domains and IPs on SIEM to protect our customers from infection. Meanwhile, customers should use caution before clicking any link or attachment provided in an email. Keep in mind that what you see is not always what you get. The easy way to tell a fake link is to move your mouse over the link to reveal its real link, as shown in the screenshot at the beginning of the post.

Special thanks to our customer Jonathan Buck from Yadkin Valley Bank for bringing up this issue and providing the spam email and url list.

[Note from Perimeter CTO Andrew Jaquith: several Perimeter senior executives, including me, also received this phishing message.]

Update:

Besides the webex spam messages, this morning several Perimeter executives received a message from “Discover Card” titled “Your account login information has been updated”. It looks very much like a phishing email, but a quick look tells us that it is another spam campaign leading to Blackhole 2.0 exploit kit — except for the “Discover.com” link, every link embedded in the email goes to h**p://essercicomunicazione[dot]it/UTPjXRv/index[dot]html and finally lands to h**p://173[dot]246[dot]102[dot]189/links/let-it_be.php.  Very likely, this round of campaign is targeting certain people of an institution/company.

12
Oct

Healthcare Security and What’s Really at Stake

Written by Mike Flouton. Posted in Blog Post

Second up in our National Cyber Security Awareness Month (NCSAM) blog series – healthcare. The industry may seem like an odd choice, since monetary gain and political considerations are the primary drivers for many cyber-attacks. But healthcare can provide an extremely convenient jumping off point towards those two objectives. Medical records are master keys into a patient’s life; they contain all of the critical data that would enable thieves to clear nearly any security hurdle in assuming an identity for monetary gain or to perpetrate medical fraud. You name the security question and chances are the answer is contained somewhere within your medical history. Compromise of that data can lead to dire consequences.

A recent Poneman Institute survey underscored this imperative, reporting that the cost for data breaches generally is going down, but not for healthcare. According to the study, 1.42 million Americans were victims of medical identity theft in 2010. The report estimates the annual economic impact of medical identity theft to be $30.9 billion. Furthermore, the World Privacy Forum found that the cost impact and demand for medical history and identifiable information in healthcare far outstrips other industries. For example, a stolen medical ID number and record is now worth approximately $50 on the black market as opposed to $1 for a stolen credit card number.

While this is not news to those charged with securing the healthcare system, it remains troubling. As Andy Jaquith reported earlier this year on our blog in a piece titled Your Healthcare Security RX, the truth is that healthcare regulations, like all regulations and resultant security considerations, are constantly evolving. They present complex challenges for hospitals, insurers, life sciences firms and suppliers alike.

That said, a little common sense can go a long way to reducing risk.

1. Tone from the top. When senior management teams set the tone for an informed, enterprise-wide perspective on security and risk oversight, it can drive attitude adjustment throughout the entire organization. Patients always come first, and their security and privacy is no exception. When management leads by example, the organization will follow.

2. Institutionalized risk assessment and audit. This one is just standard blocking and tackling. An astonishing number of organizations lack a formalized, standardized process for the management of risk. Excel spreadsheets and one-off projects may have worked in the old days, but the bad guys have gotten a lot more organized and efficient. You need to do the same.

3. Tiered vendor risk management. Healthcare organizations today rely on numerous partners and vendors. Each has access to different levels of information about patients and medical practices. In order to fully understand the organization’s risk posture, you must look at every single third-party vendor you do business with and identify what sensitive data is transmitted, stored and processed outside of your organization’s walls.

4. Design for defaults. Balancing security and productivity is especially important in clinical settings. In hospitals, access to critical systems without onerous security constraints can literally be a life-and-death matter. Strive to shape the working environment so that effective security policies are built into daily workflows.

5. Implement the right tools to secure electronic protected health information (ePHI). Email encryption is a no-brainer. So are products that help secure mobile devices and applications. Security monitoring services that help prevent and detect potential security breaches are especially important.

By following these five practices, health care organizations maintain high levels of security without impeding productivity.

04
Oct

Cybersecurity in Financial Services: Why It’s Never Been More Important

Written by Mike Flouton. Posted in Blog Post

In the world of security, the month of October has become synonymous with National Cyber Security Awareness Month (NCSAM), which encourages all Internet users to make their online lives safer and more secure. In a recent press release announcing the ninth annual campaign, the National Cyber Security Alliance (NCSA) focused on encouraging and empowering digital citizens to stay safer online and protect digital assets. This year’s theme: “Our Shared Responsibility,” is intended to remind consumers and businesses that the Internet is a shared resource and we all need to do our part to protect it.

As part of this cooperative effort to encourage safer practices and policies on the Internet, Perimeter is launching a four-part blog series during NCSAM that will focus on four of the industries that are most at risk from cyber threats: financial services and banking, healthcare, government, and power and utilities. Our intent is to highlight the potential threats and ramifications of an attack on these sectors and how stronger vigilance can lead to a safer and more productive environment for all.

We will begin the series by taking a look at the financial services sector as it is extremely timely given the events of the past couple weeks. On September 21, we posted a blog discussing how some major US financial institutions experienced website service interruptions possibly due to cyber-attacks. We analyzed that in the wake of these events, the Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued Security Advisory ID 2012-09-037 and raised the cyber threat level from “elevated” to “high” to call for heightened alertness.

The issues were first brought to attention when Bank of America’s website availability was intermittent. The following day the website of JPMorgan Chase suffered similar sporadic problems. Many sources attributed these two incidents to a hacktivist group. Earlier in the day, an alleged representative of this group posted a warning on pastebin.com threatening to attack Bank of America and the New York Stock Exchange. A day later, a second attack occurred against Chase.

In the advisory, FS-ISAC urged financial institutions to “ensure constant diligence in monitoring and quick response to any malicious events.” The advisory also warned that targeted attacks via exploitation of the recent Internet Explorer (IE) zero-day bug are actively circulating in the wild, in the absence of a permanent fix. Microsoft posted temporary workarounds, and provided a patch on Friday, September 21.

There was also an excellent piece by David Goldman in CNNMoney this past week describing what has been the most intensive week of cyber-attacks ever seen on the financial services market. Goldman writes that since September 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers.

Now, we know banks and other financial service companies getting hit by attacks is nothing new. In fact, according to Perimeter’s own E-Security 1H 2012 Financial Institution Threat Report issued in August, it has become the expectation, and not the exception. Normally the security procedures put in place are enough to thwart most attacks with little to no disruption to bank operations. In this case however, the security systems became overwhelmed and unable to deal with the massive number of attacks launched against them. This speaks to the increasing levels of coordination and sophistication hackers are able to undertake in today’s cyber battles.

In our first half report for 2012, we summarized security incidents based on data from 861 financial institution customers. During that period, 1,619 likely and confirmed compromises were detected. Of these, 43% targeted small, 38% targeted mid-sized, and 19% targeted large institutions. In total, 483 financial institutions were affected by those incidents. A majority of our financial customers (56%) experienced at least one security incident in the last six months. Large institutions had the highest average number of incidents per institution: six, about one per month. Based on our analysis, Trojan horses and the Blackhole exploit kit are the most common threats facing financial institution customers today. This analysis confirmed the trend of cyberattacks increasing against financial institutions.

Financial institutions are particularly vulnerable to cybercrimes such as phishing and identity theft. We have seen numerous security incidents that have resulted in significant losses to the victim institutions. A common propagation vector is targeted phishing emails addressed to employees with privileged account access. Once the recipient opens the link or the malicious attachment in the email, malware (in most cases, a Trojan) is installed. Sensitive account information is collected, which leads to unauthorized monetary transfers and customer data compromises. Based on the six-month incident data, Trojans turned out to be the major threat category facing financial institutions.

So what does this all mean? The ability of an attacker to take down the systems of any large financial institution has the potential to wreak havoc on the entire market. If systems are frozen, assets are not moving and analysts can become blinded to changing market conditions putting assets and investments at considerable risk. Magnify this out across the entire banking system as well as the exchanges and you create a completely unstable environment. In early August, Knight Capital Group suffered a $440 million pre-tax loss as a result of a computer glitch. Can you imagine for a moment the damage a sophisticated attack against our nation’s largest banks and brokerage houses would cause?

It is unlikely that the tide of attacks against banks and other financial services companies will ever be stemmed, creating increased importance on the security solutions to negate the advances in their attacks. If these past couple weeks are any indication, the level of activity is being brought to a new high and it is incumbent upon the security industry to respond.

01
Oct

The Cloud: The Great Equalizer for Small Businesses

Written by Andrew Jaquith. Posted in Blog Post

Small businesses often find themselves competing with larger companies. Fortunately, the cloud is making it easier for them to do so. The cloud gives small businesses the computing assets they need to focus on their customers rather than be distracted by IT.

To put this differently: most people wouldn’t try to do their own electrical work or plumbing; they would, instead, hire a professional contractor to do it safely and correctly. The same is true in the IT realm. Often, the manager of a small business is also the IT guy, the mailman, the plumber, and the garbage man. We view the cloud as like a specialized contractor brought in to manage technologies outside the scope of your normal business. If you are a small business, it just makes sense.

In the video I contributed to Partner Company IBM’s Ecosystem Channel, I explain how the cloud has become the great equalizer for small business.

http://www.youtube.com/watch?v=76s_KsLt4As&list=UUfhRKi-H5mfVdqQOixoi2RA&index=0&feature=plcp
Our partner IBM highlighted this point in a recent press release showing how their work with Managed Services Providers (MSPs) like Perimeter helps deliver industry-leading cloud solutions. And in May, in a blog post titled ‘The Consumer Effect: Increased Confidence in the Cloud,’ I and Andy Monshaw, General Manager of IBM Midmarket Business, described how cloud applications have become so common and convenient that we are beginning to take them for granted. For small and medium businesses (SMBs), the cloud levels the playing field, while saving them time and money.

At Perimeter, we give small businesses the ability to move essential services such as email to the cloud, managed by experts, using today’s most advanced technology, and in a highly secure manner — and at a fraction of the cost of doing it themselves. That’s quite an equalizer.