TrustCC helps banks and credit unions navigate many kinds of IT threats. One of the most interesting threat vectors in recent years is “Scareware,” a pop-up window that displays a warning stating a victim machine is infected with some sort of virus or spyware, even though it is not.
Such programs are extremely widespread and are increasingly used by cybercriminals. Read the rest of this entry »
This week we hacked a bank using an exploit that takes advantage of a vulnerability in Symantec’s Enterprise Anti-Virus Product (nerds say SYM09-007). And when we say hacked we are not talking about getting access to someone’s iTunes library. We were able to gain full domain admin privileges (equivalent to “god-like-privileges” in the Windows world). And with these privileges we were able to access any system in the domain and steal/change/delete all data. This week’s breach demonstrates that keeping Windows up-to-date is only a part of the solution.
You see, the bank we hacked this week was fully patched with regard to Windows. Read the rest of this entry »
At both last week’s Washington Banker’s Association (WBA) Technology Conference and this week’s WBA Compliance Conference I presented on the emerging threat of nefarious banner ads. To reinforce the topic I thought I’d insert a little news clip from this week’s information security headlines:
Banner ads can be nasty!
The solution… Read the rest of this entry »
A recent trend of cyber attacks on small and mid-size US firms is netting big profits for criminals in the multi-million dollar scam. According to a report in Tuesday’s Washington Post, SMB customers of financial institutions are infected with a virus through phishing or other malicious activities. The virus captures logon credentials for online banking systems and transmits the credentials to the cyber-thieves. Read the rest of this entry »
With the second phase of the Novel A (H1N1) influenza virus (commonly known as Swine Flu) coming over the horizon, we thought it would be great timing to give a few tips and pointers for your Business Continuity pandemic event planning and process. We know that some of the ideas listed may be a little farfetched for your organization so rather than using these items as a to-do checklist, think of them as discussion topics for your next BCP planning/testing session. Read the rest of this entry »
As the size of a Community Financial Institution grows, so will their network environment. And with larger networking environments come a greater number of risks associated with protecting sensitive Organization and customer/member information. Many IT Managers focus on protecting their internal networks from the outside. If you followed one of our Network Security Consultants for a week you would see that many efforts are not in vain. However, it is proven that a large percentage of attacks originate from the inside. In a larger sized organization where resources allow for greater segmentation, we recommend the use of a Network Enclave (sometimes referred to as a Security Enclave). Read the rest of this entry »
When it comes to security assessments, each vendor has their own methodology for performing an analysis. Unlike TrustCC, many vendors rely solely on commercial applications or appliances that perform automated scans of systems using pre-built templates. Most of these applications require domain administrator privileges within the subject environment. In many cases, the results of those automated scans are given to the client as a security assessment report and in some cases the reports are not reviewed or validated, thus leaving the client with a false sense of security or insecurity. Read the rest of this entry »
Defcon finished last weekend and I’ve had nearly a week to execute my final post on this event. It has been tough to formulate my thoughts for my message is sobering. This blog is written primarily for a readership composed of community size banks and credit unions. My dilemma is how to tell them (YOU) that the “hacker” world is technically advanced, internally cooperative, curiously motivated, and unimpeded by corporate “talk” of security and controls. In other words, banks and credit unions, if you merely give security and controls lip service for compliance purposes, you may suffer dearly. Read the rest of this entry »
Welcome to a series of four posts about the Defcon Conference in Las Vegas. TrustCC sends staff to the conference every year to ensure we are up to speed with the latest development of exploits in the hacking community. Today I witnessed the complete hack of a mobile phone, I witnessed people having their userids and passwords captured over insecure wireless networks, and I listened to a number of very interesting talks about new exploits and recent hacks.
First a photo of the room at Defcon set aside for contests. Read the rest of this entry »
Defcon 17 is definitely underway. It started with a bang for me. My work laptop isn’t going anywhere near the Defcon conference so I brought a backup laptop with a generic install, patched, firewall enabled, anti-malware, bluetooth and wireless turned off, the IR receiver turned off, logging turned on. (I even took a screen shot of the “normal processes” running on the laptop so I could monitor for anything extraordinary.) And the laptop hard drive crashed on the airplane today. So I spent a big part of the evening getting the laptop repaired, the OS restored and re-hardened, and I am back in business! Read the rest of this entry »
