Web attack on Finish defence ministry: expert comment

Dave Larson, Chief Operating Officer at Corero Network Security, who has said the following in regard to the web attack on the Finnish defence ministry:

”DDoS as a tool in the arsenal for cyber warfare appears to be gaining more prevalence and real-world exposure. Attacks against Swedish government websites and major media outlets earlier in the week, reportedly against a backdrop of increasing tension with Russia, indicate that attackers have identified a successful tool in debilitating Internet applications or sites. Interestingly, reports today uncover an attack against the Finnish defense ministry, ahead of Finnish and Russian Government leaders meeting in Moscow. Perhaps a situational coincidence, yet these incidents reinforce a point that we continue to see validated on a regular basis; Any Internet facing service is a target for attackers, even more so when fueled by political or nation state related motivations.  Internet media outlets, government agency sites and the like cannot wait until the attack to take steps for protection against DDoS attacks. Real-time, in-line DDoS mitigation must be the first line of defense when dealing with these types of cyber threats. “



FBI warns of car hacking: Expert Comment

In light of the news that the FBI has issued a warning about car hacking, Cesare Garlati, chief security strategist for the prpl Foundation has commented to @DFMag:

“Perhaps it goes without saying that the most dangerous part of the connected car is the “connected” part.  Criminals, using a little lateral thinking, can use one part of the car’s anatomy to get to another.  This could have dangerous consequences if hackers found their way into more critical functions, such as the steering and brakes as researchers were able to do with a Jeep back in 2014.

“The lack of subject matter expertise with mechanical and electrical engineers is leaving systems wide open to attack.  While it’s unfair to expect them to shoulder this burden, it is also unfair to place the onus squarely on the consumer who is likely to know even less about security.  This is something which vendors, regulators and manufacturers must carefully consider as the evolution of connected cars continues.”



The Swiss People’s Party and Swiss Federal Railways both confirm they’ve been targeted by hackers

The Swiss People’s Party – Switzerland’s largest political party – and the Swiss Federal Railways have both confirmed that they have been the target of hackers. Full article available here.

Dave Larson, COO at Corero Network Security told @DFMag;

“Organizations or Government agencies or even infrastructure that rely on traditional IT security tools to protect against DDoS attacks are placing themselves at even greater risk from these devastating cyber-threats.  A DDoS attack, whether volumetric in nature or even application targeted, can lead to disastrous repercussions; latency issues, service degradation and potentially damaging and long-lasting service outages. Thankfully in this case the outcome was not a threat to the public at large, however the service impacting nature of the attack requires dedicated, real-time DDoS protection.”



BBC, MSN and NFL.com all hit by new Angler Exploit Kit in Major Malvertising Campaign

A report by Trustwave has exposed a new malvertising campaign that has succeeded in putting ads that redirect to the Angler Exploit Kit on to “very popular websites” around the world. Malwarebytes has since revealed these websites include MSN, NY Times, BBC and NFL.com. The Angler exploit kit continues to innovate and come up with new ways of infecting victims, this time acquiring an expired domain of a small advertising company that provides it with high quality traffic from popular websites. Once the victim has been successfully exploited they are hit with a double punch of both the Bedep Trojan and the TeslaCrypt ransomware.

Fraser Kyne, Principal Systems Engineer at Bromium provided @DFMag with the following insights;

“Malvertising is highly effective because cyber criminals can target their attacks to specific demographics, and deliver them with tremendous volume. The online advertising model is such that ad networks simply cannot verify the validity of each and every advertisement it serves, which ultimately passes the cost of security onto security teams. Most of these adverts are flash, basically enabling complicated things to be done within the environment of the webpage and really rely on the very fragile security of the flash, the flash engine and the browse. With this level and amount of code, and the complexity of it, it  is very challenging to secure. Ransomware is a highly pernicious attack; the initial compromise may occur through any number of exploits, but the end result is the encryption of all files on a system. These attacks demand payment for the key to unencrypt these locked files. Depending on the value of the encrypted data, organisations may feel compelled to pay the ransom, but making a payment only encourages these attacks to continue.

In order to prevent malvertisements, ransomware and other endpoint attacks, organisations should invest in strong endpoint protection. Most traditional endpoint protection solutions are failing because they rely on detection, which allow many attacks to succeed. Instead, organisations should investigate proactive protection, in the form of prevention, such as endpoint threat isolation or virtualization based security. This way even if the ad does turn out to be malicious it can compromise the web browser and the environment but because it is running in a micro-vm it won’t have any impact on any other websites visited, your documents or your operating system. Additionally, ad-blocking browser extensions can be a highly effective way of mitigating malvertising attacks. Ransomware is much more difficult to mitigate, but frequent back-ups of valuable data can make remediation much easier.”