Cyberattacks Are Not just a Corporate Issue
We read about hacks and vulnerabilities all of the time.
A retailer is successfully attacked via advanced malware and credit cards are stolen through a series of servers and compromises.
A credit card processing company is hacked via cross site scripting, allowing the attacker to query and then extract the contents of the company’s corporate database including all of their client credit cards.
An online social media company is attacked through a SQL injection attack and usernames and passwords are stolen.
We like to learn from case studies or war stories. We like to hear about real events, to gain insight into something that happened in the real world, instead of some theoretical tale of FUD (fear, uncertainty and doubt).
Stories about complex... read more >
Collecting, Monitoring and Retaining Critical Log Data for Compliance
Are you considering a managed security services provider (MSSP) as a part of your security management program?
If so, you probably have a good idea of how systems and application event logs can detect problems and provide valuable information about what is happening in your environment.
When log generation is configured correctly, and logs are properly used, the data can be the canary in the coal mine that alerts you to danger; the shining path you can follow, showing you where an attacker has been and the damage created. The data can serve as evidence, sometimes giving you a warm feeling of satisfaction that a problem has been solved or the realization that a villain has met justice. Beyond that, these logs can be an important part of meeting regulatory and compliance standards.
Discussion about... read more >
Finding the Sweet Spot for Effective Security Monitoring
Log monitoring should be a foundational piece of any organization's security program. Regardless of whether the monitoring is completed by a Managed Security Services Provider (MSSP) or an in-house security information event management (SIEM) tool, key details about the activity occurring on the network and in key systems and applications should be captured and analyzed for security incidents, operational issues and regulatory compliance. If configured correctly, these device and application logs can provide great insight into the activity occurring on the network, legitimate or otherwise. However, the first step toward understanding the bad things that occur is to make sure you can understand the good things that are happening, and what is happening in general.
One of the most challenging steps for setting up a robust monitoring program is to determine what and how much to... read more >
In my last post called, "iOS Security: Unpacking Applications," I mentioned how easy it was to get into the binary of an iOS application. In this post, we will see that it is just as easy with an Android application.
Similar to iOS applications, Android applications are compressed into a zip-like file with the extension .apk. The process for unzipping an application file is essentially the same, minus the decryption step.
First, create a folder to store the decompressed files.
Change directories into the newly created folder.
Unzip the ApplicationName.apk file.
Once unzipped, the contents of the newly created folder should resemble the following:
The... read more >
Something Old, Something New
The Solutionary Security Engineering Research Team (SERT) has released its Q2 2014 Quarterly Threat Intelligence Report. SERT has identified both old and new trends and information during research efforts this past quarter. For instance, it may not surprise anyone to know that the United States dominated malware hosting countries, but it is new that this included 56% of the malware identified by the SERT honeynet (that’s up from 44% since Q4, 2013).
There were some changes in the top 10 hosting countries, but United States sites still rules this particular category. It may surprise you; however, to hear that Amazon hosted 41% of the malware SERT identified during the quarter (that’s an increase of over 2.5 times the 16% found in Q3, 2013). We had hoped that hosting providers would take action to reduce the number of “hostile” sites, yet it appears that attackers are flocking to Amazon hosted services because of the ease with which the new sites can be provisioned, and up and running in a few moments. By contrast, GoDaddy dropped... read more >
More and more organizations are moving to the “CLOUD." It seems as though you can't read an article about IT or turn on the TV without seeing someting about the increasingly ubiquitous cloud. Of course, the cloud is more than just an IT buzzword, it's an increasingly important part of IT that requires organizations to consider the security implications of "moving to the cloud."
Moving to the cloud can benefit a lot of organizations. However, you need to know how to keep things secure while you migrate to such an environment. The term cloud is frequently thrown around in discussions; but in reality, a lot of IT professionals do not really know all the downsides of cloud migration, and security issues are often overlooked.
I keep reading and hearing statements like, “The cloud is so much easier to manage and makes your information more secure." These types of blanket statements are just not... read more >
12 Log Data Sources for Incident Response
When the Solutionary Security Engineering Research Team (SERT) gets involved in a critical incident response, it’s fairly common for the organization we’re helping not to have centralized logging in place. It’s also common to conduct response efforts in network areas that have little logging or visibility.
These are significant and yet common challenges, and have a negative impact on anyone’s ability to piece together what happened. That does not mean, however, that we cannot do any incident research. It’s not ideal, but a partial picture can be created given enough data from a wide range of sources.
There’s also a common misconception that the logs needed for continuous security... read more >