Expecting the Unexpected, Removing Fear From a Security Incident
Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised, a security incident. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if (more…)
The Best Malware Defense: Strategy First, Technology Second
I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in the first place, but then I can help (more…)
An Open Letter to Antivirus Vendors: It is Time for Antivirus Software to Flag Memory Dumping
Dear Antivirus Vendors,
On more and more incident response investigations, my clients (victims) have been asking the question “Why didn’t our Antivirus software detect the malware when we always keep it up to date?” I respond by telling them that they had targeted malware on their system. Their follow up question usually is whether antivirus software is relevant in this era (more…)
NEXT-GEN MALWARE DEFENSE
‘Malware’ has come a long way – next-gen malware. From merely annoyance applications coded by bored engineering students for notoriety all the way to professionally developed stealth applications for financial gains and stealing state secrets. According to Verizon’s 2012 Data Breach Investigations Report, 69% of the breaches were attributed to (more…)
Insecurity – Et Tu Brute?
The death of Caesar at the hands of the senators. Painting by Vincenzo Camuccini, 1798. “Et tu, Brute?” meaning “Even you, Brutus?” is a Latin phrase often used poetically to represent the last words of Roman Dictator Julius Caesar to his friend Marcus Brutus who betrayed him at the moment of his assassination. (more…)
So you’ve been hacked… now what?
The other day I met with an executive whose company had recently been hacked. He looks me in the eye and says, “It’s like I paid someone to punch me in the face…Repeatedly!” Getting breached is a huge pain that costs a lot of money, productivity, time and your reputation can suffer as well. The simple fact that there was nearly an 80% (more…)
8 Ways to Avoid Becoming a Human Hack
Avoid Becoming a Human Hack.
I’ve become a fan of the show Impractical Jokers. If you haven’t seen it, three friends play jokes on the fourth, and he has to repeat whatever line is fed to him. The goal is to successfully convince random strangers to say or do a certain thing that they would not normally do. At the beginning of every challenge (more…)
Distributed Denial of Service (DDoS) Protection For High Schools? Who’d a Thunk it?
Just this month, HALOCK saw its first incident of a high school that fell victim to a Distributed Denial of Service (DDoS) attack. Existing internet users inside the school could continue to work, but the outbound internet pipe became so clogged that no new browser sessions could be opened, impacting productivity of students and staff alike. DDoS attacks have become (more…)
My Back Door is Secure but I Think I Left the Front Door Unlocked!
I received an email last night from my online video rental provider that they were compromised and that my personal information may have been stolen. I immediately thought that this was a “phishing” scam and deleted the email. With all the compromised data in recent years though, Sony, and Barnes and Noble to name a few, (yes I got tagged in both events), I (more…)
Nice Infrastructure…. Mind If I Borrow it??
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind them, and what steps are reasonable (more…)
