Wannacry and NotPetya are just the beginning - Can you detect lateral movement from Event Logs - Yes but how?

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has a excellent document 


Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) extracted tools used by many attackers by investigating recently confirmed cases of targeted attacks. Then, a research was conducted to investigate what kind of logs were left on the server and clients by using such tools, and what settings need to be configured to obtain logs that contain sufficient evidential information. This report is a summary of the results of this research

The following Page has a PDF link 

https://www.jpcert.or.jp/english/pub/sr/ir_research.html

You have heard gone in 60 seconds - How about 7 million gone in 180 seconds

It only took three minutes for someone to realise that the CoinDash site had been hacked, and that it was telling investors to send their money to the wrong address – but already over $7 million had been stolen.

More Here:
https://www.tripwire.com/state-of-security/security-data-protection/ethereum-cryptocurrency-heist-7-million-reportedly-stolen-simple-hack/

Interesting Article - The Cyber Kill Chain is making us dumber

The author has some valid points.


https://theobsidiantower.com/2017/07/18/03853cdb10695731c8bb15518c0ceb58a5fe428d.html

Free books from Microsoft

I am sure there is something that you will find useful



https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/

WatchOut - Fake Whatsapp email - "Your subscription is ending soon"

Fake emails to steal your money




More here:
http://securityaffairs.co/wordpress/61057/cyber-crime/whatsapp-subscription-ending-scam.html

Fact is stranger than fiction: 50% of Ex-Employees Still Have Access to Corporate Applications

According to 20 percent of the respondents, failure to deprovision employees from corporate applications has contributed to a data breach at their organization. The research found that nearly half (48 percent) of respondents are aware of former employees who still have access to corporate applications, with 50 percent of IT decision-makers ex-employee’s accounts remaining active once they have left the company for longer than a day. A quarter (25 percent) of respondents take more than a week to deprovision a former employee and a quarter (25 percent) don’t know how long accounts remain active once the employee has left the company. 

The study finds close to half (44 percent) of respondents lack confidence that former employees have been removed from corporate networks at all.

More Here:
https://www.onelogin.com/company/press/press-releases/new-research-from-onelogin-finds-over-50-of-ex-employees-still-have-access-to-corporate-applications

Top 10 Malware - According to Check Point

Top 10 ‘Most Wanted’ Malware:

*The arrows relate to the change in rank compared to the previous month.

1. ↑ RoughTed – Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
2. ↓ Fireball– Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
3. ↑ Slammer – Memory resident worm targeted to attack Microsoft SQL 2000. By propagating rapidly, the worm can cause a denial of service condition on affected targets.
4. ↑ Cryptowall – Ransomware that started as a Cryptolocker doppelgänger, but eventually surpassed it. After the takedown of Cryptolocker, Cryptowall became one of the most prominent ransomwares to date. Cryptowall is known for its use of AES encryption and for conducting its C&C communications over the Tor anonymous network. It is widely distributed via exploit kits, malvertising and phishing campaigns.
5. ↔ HackerDefender – User-mode Rootkit for Windows, can be used to hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This means it is not possible to find the hidden backdoor through traditional means.
6. ↑ Jaff – Ransomware which began being distributed by the Necrus botnet in May 2017.
7. ↓ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
8. ↑ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
9. ↑ Zeus – Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information.
10. ↓ Rig ek – Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit

More Here:

https://blog.checkpoint.com/2017/07/17/junes-wanted-malware-roughted-malvertising-campaign-impacts-28-organizations/

Top 10 Phishing Emails

More Here:
http://fortune.com/2017/07/13/email-security-phishing/?utm_content=57521100&utm_medium=social&utm_source=twitter

Digital Parenting? - 5 Key tips

Simple and Nice Guide

This guide will prepare you for the conversations you need to have with kids when they first start using digital devices, as they grow and their online activities change, and when things go wrong.


The guide is divided into three sections that each deal with a different aspect of digital citizenship, to teach your kids to Respect People's Feelings, to Respect Privacy and to Respect Property online


https://www.getcybersafe.gc.ca/cnt/rsrcs/cmpgns/cmpgn-06/_fls/gd-prnts-en.pdf

Cybersecurity guide for small and medium size business

Get it here:
https://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/smll-bsnss-gd-eng.pdf

There is no such thing as “too small to hack"

Does this bother you?
average website is attacked 22 times per day

No?
How about this one?
Thirty-nine percent of the hacked sites were infected with shell programs, and 73% contained backdoors. 






More Here:
https://blog.sitelock.com/wp-content/uploads/2017/07/SiteLock-Security-by-Obscurity-Infographic-Q2-2017.pdf

MQTT - The scary part of IoT

Lundgren struck oil – nearly literally in one case where he spotted an oil pipeline server in the Middle East that was exposed online – after finding an open port on a server last year that led to his ultimate, massive discovery of tens of thousands of open MQTT servers – including airplane coordinates, prison door controls, connected cars, electricity meters, medical devices, mobile phones, and home automation systems. He was able to read in plain text the data sent back and forth between those IoT devices and their servers.

"We could see prison doors open and close," says Lundgren

More Here:
http://www.darkreading.com/cloud/iot-devices-plagued-by-lesser-known-security-hole-/d/d-id/1329320?_mc=sm_dr&hootPostID=bdb8ca978ba09a55263919a9ca41d7f6

SpyDealer - Not a movie name , It is an Android Malware

From the Article:

SpyDealer has many capabilities, including:

• Exfiltrate private data from more than 40 popular apps including: WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk
• Abuses the Android Accessibility Service feature to steal sensitive messages from popular communication and social apps such as WeChat, Skype, Viber, QQ
• Takes advantage of the commercial rooting app “Baidu Easy Root” to gain root privilege and maintain persistence on the compromised device
• Harvests an exhaustive list of personal information including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information
• Automatically answer incoming phone calls from a specific number
• Remote control of the device via UDP, TCP and SMS channels
• Spy on the compromised user by:
• Recording the phone call and the surrounding audio & video.
• Taking photos via both the front and rear camera
• Monitoring the compromised device’s location
• Taking screenshots

More here:

https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/

What happens if you don't patch your computers - Wannacry, NotPetya and everything else

The company that was on the spotlight for the pet, don't pet, notpetya (whatever )was Backdoored 3 Times, Servers Left Without Updates Since 2013

Now, before we start laughing , are we sure that the systems in our organization are up-to-date on patches ?


Check Here:
https://www.bleepingcomputer.com/news/security/m-e-doc-software-was-backdoored-3-times-servers-left-without-updates-since-2013/