But one should ask oneself why would someone give away these gadgets for free? Are those advertisements or campaigns endorsed or supported by Samsung or Apple? Are they even real?

Now check out the screenshot below which says iPhone5 giveaway.

At the time of the screenshot was taken, there were about 80 re-tweets  So what is wrong with the above ad? Below I have summarized a few points that every smartphone user should be aware of:

1. First look at the tweet handle which says “OfficiaIAppIe”. If you look closely you will notice that the letter “L” in the words “OFFICIAL” and “APPLE” had been changed to letter “I”. This is how social engineers trick users to make attacks to look as legitimate as possible.
2. Sometimes these kinds of campaign require you to click on a link. One of the best practices is to copy the link and run a scan on it to prevent clicking on malicious links and get your device infected with malware or even filing up forms that requires personal information. Always be cautious before clicking on any links on your mobile devices.
3. Always check if it’s a legitimate campaign and verify if it’s endorsed by the real company. Check whether any of these companies is doing that kind of campaign in the first place because when it sounds too good to be true it may be too good to be true.
4. Always protect your mobile devices with some minimal security at least. For example if you are an Android user you can choose from plethora of free security apps from its play store. Be vigilant when you choose the free app too, you may want to do a little bit of research about the app before you install because there are also bogus apps in the store.

Criminals are more inclined to attack your mobile devices than your computers because mobile devices store and process both personal and business information. It is imperative to follow best practices to secure your mobile devices and remember not to click on any online ads that look too good to be true before comprehensively checking on their legitimacy.

The post Social Engineering Using Enticing Advertisements appeared first on Cyber Intelligence.

To recap, in the 1^st part  I illustrated how an IT team can actually manage their own vulnerabilities in their organization. There are 5 basic steps to be followed which are Asset Collection & Identification, Identify Critical Assets, run vulnerability scan and penetration testing, reporting and also verifying. In Part 1, I covered up untill “Identify Critical Asset” step. I hope you gave the first 2 steps a try as they are the most crucial aspects in managing your own vulnerabilities like a boss J.

Now let’s take a look at the remaining steps.

Step 3: Run Vulnerability Assessment (VA) & Penetration Testing (PT)

In this step, you must identify the vulnerabilities on the identified servers. Once you have identified the vulnerabilities on the servers, then you can plan a draft to conduct penetration testing (if needed). At this step, there will be plenty of questions that need to answer such as how do you conduct a vulnerability assessment (VA)? What tool can you use? Where can you find these tools? Are these tools free or paid? Is it better for me to just hire a 3^rd party security consultant to conduct the VAPT exercise for me? Well it is not necessary for you to hire someone to do it for you (unless you have the budget and time constraint) or to buy an expensive VA tool to perform a task which you will be doing maybe once a quarter (best practice . The solution is simple. Open Source or Community VA tool is the answer if you are up to do a VA on your own with no cost incurred. However, a basic skill on how to use the tools is also important so that you can conduct the assessment and obtain an accurate result.

Here I will highlight three VA tools which you can download and use for free. My personal favorite would be Nessus. This is one of the famous VA tools out there which is simple and straight forward to use. You can download this tool and obtain a Home edition license and use it as much as you want without any cost. The reason why this is my personal favorite is because it is so simple to use and the setup process is as simple as a few clicks. To learn more about this tool, you can visit their Youtube Channel.

Next is a successor of the famous exploiting tool called Metasploit. Flying under the banner of Rapid7 NeXpose is another community version VA tool which is relatively good too. It is also as simple as a few clicks, however it requires a specific system settings to be installed. Other than that, it is as good as Nessus when it comes to VA. To learn more on NeXpose and how to use it, you can browse to their Youtube Channel and know more about this tool.

The third tool is an Open Source tool called OpenVas. Not many people like to use this because the setup is quite long and not as simple as the two tools mentioned above. However the result from this tool is as good as or maybe in some instances better than those mentioned above. This is because is an open source tool and it has a huge vulnerability database which is updated every day. Initially I had a problem too in using this tool as I was not sure how to get started, but there is a tutorial which is clear enough to guide you step by step to install, setup and use it efficiently. You can visit this blog to get the manual to install and setup OpenVas. Just a tip, if you want to use OpenVas I would recommend you to have a Backtrack machine installed anywhere in your machine or virtually as Backtrack has OpenVas pre-installed in it and you just have to do a little bit of tweaking to get it started.

For Penetration Testing (PT), it is not necessary for you to do a PT when you are actually managing your own vulnerabilities. Your duty is to find the vulnerability, remediate it and check back if it is there. Penetration testing will come in handy when you want to prove to your higher management that your current system has vulnerability and if you do not remediate it soonest, things can get ugly. So as a proof of concept in order to obtain a certain amount of fund or to add employees to manage the security part of your IT infrastructure or even to request for a third party VAPT evaluation to be done in your company, PT could come in handy. But again this depends on how your organization works and sometimes it does not require you to do this at all. However if you are interested and want to try penetrate the vulnerabilities found in your systems, you may do so. Let me suggest a power pack tool that has almost all the famous penetration testing tools in the world. It is called Backtrack. This is an OS which is optimized for penetration testers and security experts. Do install this and try all the relevant tools that comes with the OS out. There are tonnes of tools in this OS (pre-installed) which you can play around with.

Step 4: Prepare Report & Remediation

Once you have completed the VA and PT process, next is the biggest task of all the tasks mentioned so far; i.e Reporting & Remediation. Well as much as we like to do VAPT, find vulnerabilities, exploit it and such, when it comes to reporting security experts hate it. This is largely because reporting can be cumbersome and very tedious. Well it is up to you on how you want to do the reporting but a tidy yet detailed report would be very essential. Reason why reporting is very important is because it will be a record on how your organization’s IT infrastructure has evolved from time to time. What vulnerabilities were found, what were remediated, how they were remediated and such. Sometimes there might be vulnerabilities which you can’t remediate due to some issues and that should be recorded as well. This record keeping on VA and PT processes would be essential to move forward a good and healthy practise of Vulnerability Management. As mentioned above, most of the well known VA tools do provide reporting feature which can be generated upon the completion of the scanning. You can also keep this as a record if you do not want to start doing VAPT report from scratch. In the report generated by the VA tools mentioned, it will also provide you with solution in how to remediate the vulnerabilities found, so you have a starting point or idea on how to remediate the found vulnerability and do some research if there are other solutions available. So it actually depends on your wish how you want to take up this task.

Step 5: Verification

The final step of the whole vulnerability management lifecycle is the Verification step. This step is as important as doing the VA and PT process. Reason being, once you have found the vulnerability and you have applied the remediation to it, you would want to check if the remediation was successful. For that you got to do a verification assessment to confirm if the vulnerability has been remediated completely. Of course this means you have to repeat the VA process all over again but it can be done in a much simpler scale where you just leave it to scan your system and analyze the result. If the vulnerability has been remediated, you can always mark it as done in your report. So this a simple yet crucial step.

Summary

In summary, there are 5 steps in vulnerability management lifecycle and they are;

1. Identify & Understand Your Network Resources, Infrastructure and Assets
2. Identify Critical Assets
3. Run Vulnerability Scans & Penetration Testing
4. Prepare Report & Remediation
5. Verification

This blog post is just a starting point and there are a lot more techniques, steps and tools out in the wild which you can explore with the assistant of our good friend “Google”. I hope I have given a good insight on this topic particularly and you are ready with your armor and ammunition to battle the vulnerabilities in your IT infrastructure like a Boss. Until my next post, see you guys.

The post Manage Vulnerabilities Like a Boss: Part 2 appeared first on Cyber Intelligence.

One question that lingers in almost every security practitioners mind is “how can we stop these attacks or  hackers?”. Honestly, there is nothing much we can do except making it harder for them to penetrate. If the hackers are determined to hack you specifically (targeted attack), trust me they will try with all their might. The variables is just the amount of time plus the amount of currency they got to spend for that.

Now you may ask how to make it tough for the hackers. There are many solutions for this but in this blog post I am just going to focus on one of the easiest methods which is always overlooked by organizations; i.e. addressing and managing your own weaknesses or vulnerabilities Vulnerability Management (VM) should be incorporated in the overall security practices of an organization to protect your organization’s information assets which also means protecting your brand, customers and in some cases lifes.

I have simplified the whole VM process here and we can assess the steps involved together and get a clearer view on the process.

Figure 1: Vulnerability Management Life Cycle

Step 1:  Identify & Understand Your Network Resources, Infrastructure and Assets

As an InfoSec professional, this should be the first step in your To-Do list. Understanding your organization’s IT infrastructure such as the IP addresses used, the servers, routers, switches, laptops, desktops and etc. is crucial because from here you can draw the roadmap to achieve a successful VM.

First, start by creating a comprehensive documentation regarding your IT inventory via asset tagging and standard naming. This part of the process is called Asset Management. A good asset management would require you to classify the device type, asset tagging, asset grouping, the geographic location (if there are different assets in different location) and the custodian of the assets (who are responsible for the safe-keeping of that particular asset). Below I have drafted a simple chart to show how this should be done:

Figure 2: Simple Chart on Managing Your Assets Efficiently

You should create a similar chart or visualization of your own and document all your assets. There are plenty of free tools that can be used to scan and map your IT assets and if budget permits you can also acquire commercial tools which can give a perfect visualization of the network and IT assets.  Apart from the inventories, understanding the network flow is also important, which means how the network is setup, how many subnets are there, how the firewall is configured, Internet connections and so on. This is important as this is the same path attackers will use to come into your network and get you off your seat. Drawing a network architecture diagram would be essential in this part of the process. Again this can be achieved with tools.

I discuss some of the tools here:

For IT Inventory Records, I would suggest two free tools called OpenAudIT and Spiceworks. This could be a starting point for you if you do not have any inventory systems in your organization.

For Network Mapping, there are a few tools such as LanMap2 & Nmap which are freely available in Backtrack 5. Take note that Spiceworks also has its own network mapping software. For Windows platform, you can use The Dude & Carto Reso which are more towards network monitoring but they include mapping feature too. There are plenty of free and commercial tools out there and I would greatly appreciate if you would share the names of the tools that use in the comment so that we can pass them around and share with others.

One of the commercial tools that have excellent asset management feature is Qualys. In Qualys, you can do basically everything that has been depicted in Figure 2. Other tools such as Nessus and NeXpose can do asset management to a certain extend but they can be helpful too.

Step 2: Identify Critical Assets

Once you have done all the hard work of collecting and updating your inventory list (admittedly a tough and tedious job if your organization has hundreds of those IT assets) and network architecture you should sit down with the relevant departments in the organization to identify the critical assets among the assets. Definition of critical asset is an asset which if compromised the organization can suffer huge loss or in some extreme cases can go out of business.

Give the assets a value from a scale of 1 to 5 where 1 being the least critical and 5 being the most critical. For example, a web server of an online shopping site is deemed very critical because even a short downtime or leakage of customer’s personal information from website can be catastrophic to the reputation of the company and land potential legal actions against them. Typically it will be servers and databases that store critical data.

To make things simpler, any asset that if compromised can cause your organization to lose money in one way or another and reputational damage is considered critical asset. Put this assets at the top of the list among the other assets in your organization. They will be the first one to be dissected once we get into the next step. Below I have done the simplest form of categorizing the criticality of your assets in an organization. Please take note there are plenty of frameworks and standards out there to measure the criticality and business impact to organizations such as ISO/IEC 27001, COBIT and PCI DSS.

Figure 3: This could be an example of your servers & criticality. It may vary according to organization & standards.

I will stop here for now and cover the rest of the steps in the VM lifecycle in my next post. So let’s get it working. Go back to your organization and start your own VM cycle by following the above 2 steps and see the outcome of it. In my next blog post, I will guide you on how to conduct a good VA in your network using some good VA tools (most of them are open source). All the best.

Please leave your comments below if there is any.

The post Manage Vulnerabilities Like a Boss: Part 1 appeared first on Cyber Intelligence.

The Cyber Intelligence Security Posture Assessment (SPA) Service provides a point-in-time validation of how well the security architecture and designs have been implemented and operated and a detailed assessment of network devices, servers, desktops, web applications, and the related IT infrastructure. This assessment compares vulnerabilities with industry best practices and up-to-date intelligence from the industry; delivering a prioritized report based on risk with recommended actions.

Benefits

Our SPA Services provides various benefits, clients can:

• Reduce the risk of intentional or accidental access to IT assets and information.
• Test current infrastructure security safeguards to help ensure that malicious activity does not successfully penetrate or disrupt service.
• Proactively identify security vulnerabilities that pose a risk to your IT infrastructure.
• Prioritize resources to address vulnerabilities based on business risk.
• Improve the overall security state of your infrastructure by following recommended actions to mitigate identified vulnerabilities.
• Achieve improved compliance with regulations and industry mandates that require security assessments.
• Reduce the time and resources needed to stay current with new and emerging vulnerabilities.
• Potential vulnerabilities in the IT systems and related controls could be identified from end users’ and outsiders’ angles.
• Rectification and Improvement of the systems could be conducted when issues are identified.

SPA Methodology & Activities

We adopt the Plan-Do-Check-Act (PDCA) methodology for the SPA exercise.

SPA Services

The key activities of our SPA services are:

• Identify and confirm security vulnerabilities in your IT infrastructure through expertise, tools, and the data from various security researchers and alliances.
• Emulate malicious activities via non-destructive means to assess the presence of vulnerabilities and the level of unauthorized access.
• Provide a security posture assessment report containing:
  • A detailed analysis of simulated attacks to identify critical vulnerabilities.
  • Comparison of assessment results with recommended industry best practices and your organization’s operational requirements.
  • Recommended prioritization of the vulnerabilities based on risk.
  • Recommended actions to remediate the vulnerabilities and improve security posture.
  • Deliver on-site executive presentation of findings and recommendations.

The services that we offer are:

• Internal and External Vulnerability Assessment
• Internal and External Network Penetration Testing
• Internal and External Web Application Security Assessment
• Network Setup and Network Devices Review
• Physical Security Assessment
• Social Engineering Assessment

The post Security Posture Assessment appeared first on Cyber Intelligence.

Features and Benefits

A typical DLP solution provides data protection when the data is in motion, at rest and in use and that is exactly what our DLP solution does.

Where is my data?

1. Desktops
2. Laptops
3. Network Shares (NTFS, NFS, etc)
4. SharePoint
5. Databases

Who is sending my data?

1. Trusted users
2. Intruders
3. Spyware
4. Viruses

What data is sent?

1. PII
2. PHI
3. Source Code
4. Intellectual Property (IP)

Who received my data?

1. IP Address
2. E-mail Destination
3. Geographic Location

How do I protect my data?

1. Cut / Copy
2. Paste
3. Print
4. Printscreen
5. Access Files
6. Removable Media

DLP as a Service

Our DLP Service is in its class of its own. Now you can have a DLP solution with almost zero hardware cost leveraging on our cloud-based DLP technology. Diagram below shows how it is implemented to protect your data.

Our cloud DLP service offering:

• Full DLP for email (SMTP)
• Full DLP for webmail and HTTP(s)
• Full DLP for FTP
• Full DLP for mobile devices
• Supports Google Apps
• Supports Microsoft OWA
• Support various mobile devices

Information Rights Management

With the complicated and distributed network environment, the need to collaborate and productivity have raised some huge challenges. The challenges are:

• Data breaches via employees
• Data breaches by business partners
• Revenue loss by information piracy and intellectual property theft
• Risks associated with loss of customer data and privacy
• Data breach by service providers
• Risks of non-compliance
• HR and payroll data misuse

Our IRM solution protects information leakage due to malicious intent, errors and omissions as well as lack of awareness by providing a secure method of protection to ensure confidential information remains confidential. It also allows organizations to implement policies to answer these questions:

• WHO can use the information – people and groups within and outside of the organization can be defined as rightful users of the information
• WHAT can each person do – individual actions like reading, editing, printing, distributing, copy-pasting, screen-grabbing & etc can be controlled.
• WHEN can the person use it – information usage can be time based e.g. can only be used by Mr XYZ till 25th September or only for 2 days
• WHERE can the person use it from – information can be linked to locations e.g. only 3rd floor office by private / public IP address

The post Data Loss Prevention & Information Rights Management appeared first on Cyber Intelligence.

According to Lockheed Martin Crop, there are 7 stages of action of an APT:

1. Reconnaissance – Identify targets.
2. Weaponization – Combine a remote-access Trojan horse with an exploit into a deliverable payload.
3. Delivery – Transmit the malware to the target, typically through an email attachment, website or USB drive.
4. Exploitation – Trigger the malicious code, usually to exploit an operating system or application vulnerability.
5. Installation – Deploy a remote-access Trojan horse or backdoor so the attacker can persist within the target.
6. Command and control – Connect to an Internet server to gain “hands on the keyboard” access to the environment.
7. Actions on objectives – Execute toward goals, typically to steal data.

An ATP or defense-in-depth approach should focus on breaking the chain of the APT at any of the stages above. For instance:

1. At “delivery” stage, device control can block infected USB devices. File-type filtering from USB to endpoint can also provide protection.
2. At “exploitation” stage an effective patch and configuration management can eliminate known vulnerabilities. Memory/buffer overflow protection can also offer safeguards.
3. At “installation” stage application control can prevent unapproved executable (including weaponized payloads) from running on your endpoints.

From the 7 stages, the above 3 stages (delivery, exploitation & installation) are the most crucial ones where you can actually prevent the attack. Acting at these 3 stages can effectively prevent harm to your network. However, please remember that there is no such thing as 100% protection even with defense-in-depth approach, the idea is to manage and reduce risks so that you can interrupt the attackers’ efforts before they deliver, exploit or install.

There is a white paper on this subject written by Lumension. The paper can be accessed here.

The post Protect Against APT with ATP appeared first on Cyber Intelligence.

According to news sources, Facebook employees’ laptops were subjected to “sophisticated attack” by hackers. The attack took place last month. Facebook claims that the attack was so advance that they have not seen anything like this before. They also quickly assured everyone that no member’s data was compromised (if data was compromised, it can’t be a good news for a company whose stock price is slowly recovering).

Some of the news sources can be found here (BusinessWeek) and here (CIOL).

It was said that the attack took place when the employees visited a mobile developer’s site which was already compromised. These laptops were fully patched and installed with up-to-date AV software. This goes on to show how traditional AV approaches are struggling to keep up and even a fully patched system cannot give you a 100% protection.

We work with our partner Lumension who is considered as one of the market leaders in endpoint protection to assist our customers to rethink how they protect their endpoints. The typical security professional tends to look at endpoint control as a choice between black and white: the blacklisting signature-based anti-virus technologies that struggle with today’s threats or the first-generation whitelisting technologies that tend to impede user productivity. This no longer works for the current dynamic network architectures out there.

A new “intelligent” approach to application whitelisting uses both methods and adds an automated way to determine whether the stuff in between – the so-called graylist – should be trusted and allowed onto your network. Intelligent whitelisting provides a unified workflow that brings signature-based and behavioral detection together with the power of whitelisting capabilities, and adds a “trust engine” which controls what changes are allowed. This streamlines and automates the process of adding trusted applications to the whitelist. Intelligent whitelisting automates important queries against applications such as “Do I know where this came from?” and “Are others using it?” by using data from other endpoint security applications such as patch management to dial in the level of control and security desired.  Not only does it dramatically reduce malware infection rates without affecting productivity, it also allows you to reduce the TCO of maintaining endpoints. How brilliant is that?

In a nutshell, it is about managing trust. Either you trust something to run on your endpoints or you don’t. With this sort of intelligent whitelisting capability installed on the endpoints, I believe Facebook could have prevented from falling victim of that hacking activity.

More on Lumension’s Intelligent Whitelisting can be found here.

The post Fully Patched System & Up-To-Date Anti-Virus Are Not Enough appeared first on Cyber Intelligence.

The post Mainpage Slider appeared first on Cyber Intelligence.

This article first appeared on SecureMetric’s SecureMag (printed newsletter) as my contribution and I just thought of reposting it here. You can check the complete article here.

The post Preventive Security vs Detective Security appeared first on Cyber Intelligence.

Benefits of ISO 27001 standard

• Easily attract interest from foreign and local investors and gain their confidence while increasing your market share in your respective industry by keeping all your existing clients and securing new ones by being ISO 27001 compliant.
• Quickly identify, manage and minimize security risks associated with various business and customer information.
• Increase your revenue by providing a highly secure solution for alternative product delivery platforms such as ATMs and Internet Banking.
• Protect cashflows secured in electronic vaults such as databases.
• Prevent fraudulent transactions that can cause serious financial losses.
• Look into legislative and regulatory compliance.
• Provides a framework for effectively identify, track, escalate and resolve any security incidents.
• Win customer loyalty by promoting excellent business practices.
• A great platform for raising and increasing information security awareness.

How can Cyber Intelligence help?

We provide end-to-end ISMS consultancy service to our clients. The main objective of ISMS is to assist clients to establish and implement an Information Security Management System that conforms to ISO/IEC 27001 and prepare them for ISO/IEC 27001 certification. Our ISMS experts provide the services below:

• Guidance in ISMS implementation;
• Ensure fulfillment of all requirements of ISO 27001;
• Assist in Information Security Risk Management activities;
• Review the existing security system and highlight areas for improvement in light of ISO 27001 requirements;
• Develop and establish an Internal Audit Team through trainings and practices;
• Prepare the client’s Information Security Management System for independent 3rd party certification; and
• Coordinate, obtain and provide all required reference, registration and documentation from certification body.

The multi-disciplinary team of consultants we have assembled have vast experience in information security related services to ensure that these requirements are met.

Our ISMS Approach

We believe that information security has to start with people and then comes the elements of process and technology. Our overarching view of ISMS implementation encompasses every aspect of organizational information security practices, as seen in the diagram below. Our approach and methodology are fine tuned to achieve the desired objectives by covering all the elements in the visual.

ISO 27001 consists of 12 key information security domains, as listed below:

• Information System
• Information Security Incident Management
• Business Continuity
• Compliance
• Risk Management
• Information Security Policy
• Information Security Organisation
• Asset Management
• Human Resources Security
• Physical and Environmental Security
• Communication and Operations Management
• Access Control

The post ISO/IEC 27001 Consultancy appeared first on Cyber Intelligence.