You are viewing 'attack'
A rise in cyber extortion causes OCC and FFIEC to issue an alert
Two weeks ago today, on November 3, the Office of the Comptroller of the Currency (OCC) passed on a warning issued by the Federal Financial Institutions Examinations Council (FFIEC). The warning was essentially issued to the financial community, but applies to pretty much any business. The notice warns of cyber attacks, which include extortion, and points out that the FFIEC has seen in increase in both the frequency and quality of those attacks.
Without context, warning about “extortion” is pretty broad. The OCC notice is related to an FFIEC press release issued on November 3 of this year.
Ultimately, this extortion refers to holding some part of the target organization for ransom. These extortion attempts have typically come in the following scenarios:
- The attacker demands payment to have the attacker stop from proceeding with a denial of service (DoS) attack on the...
AppSec USA 2015 Follow Up
This blog is a continuation of the AppSec USA 2015 blog, “Web Application Testing with Python” and “Web Application Testing with Python – Part 2”. To follow along, please download the virtual machine and scripts that I’ll cover in these series of blogs (the files are posted on an OWASP-controlled Google Drive. See Resources below for the full URL).
In the previous blog post, “Web Application Testing with Python – Part 2”, we wrote two scripts to attack the login form of our vulnerable application in order to enumerate valid users. In this blog, we’ll continue attacking... read more >
Go Blue Team, Go Blue Team, Go!
Reading through the latest cybersecurity industry threads, I find a lot of the written information focuses on “How to Hack with (insert cool name here)”. This is great information when wanting to understand how to perform different hacking techniques or to assist someone who wants to sharpen their hacking skills. For those who want to learn more about how a breach got started, what the common lateral movements are and what the ultimate goal of the event was, you need to dig a little deeper.
Many of these articles are missing a very useful segment of the information security family — the Blue Team. If you are not familiar with the term “Blue Team” let me elaborate. The Blue Team is the incident response team. During a cybersecurity incident, the Blue Team is the group that finds the “evil” in your network environment. By evil, I am referring to the attacker and the tools the attacker used to compromise the... read more >
Breach provides government-quality surveillance tools to just about everyone
On Sunday, July the 5th, the proverbial crap hit the fan.
Hacking Team was…
…wait for it…
When most people saw the headlines the following day they didn’t even know who Hacking Team was. Hacking Team, based in Milano, Italy, specializes in surveillance technology, but also maintains its own private attacks and exploits. Well, they were private. Attackers released a 400GB torrent file containing everything from hacking/surveillance tools to administrative documents and emails. The source code is available in a Github repository. This brought a level of public scrutiny I’m sure the company did not desire, nor anticipate.
Surveillance software. Does that mean they spy on people? No, but they create software for people who do. And yes, that puts them in the business of violating your... read more >
Focusing on the Who
Recently, I’ve seen several articles talking about the attribution of attacks and its necessity. Attribution in the commercial world and government sector have different levels of importance. Attribution in the government sector is essential. The government, including three-letter agencies, needs to ensure that they have “the who” portion of an attack correct, to a very high degree of confidence. The government uses this information to determine which actions to carry out against an actor. If they are wrong about “the who”, serious consequences may occur.
So what level of attribution should companies in the commercial world worry about? ThreatConnect, a Threat Intelligence/Attribution specialized company, makes a great point in a recent Krebs on Security... read more >