MENTIS

Week of February 16, 2018

MENTIS
news

Week of February 16, 2018

Equifax Lost Even More Information on Consumers Than It Told the Public*:

  • Confidential documents filed with the Senate Banking Committee suggest that Equifax could have lost considerably more personal information about over 145 million Americans than it’s publicly let on.
  • Equifax disclosed that names, dates of birth, and Social Security numbers might have been compromised, as well as some drivers’ license numbers, the documents reveal that the license state and date of issue of those licenses may have been exposed.
  • Another report states Equifax may have also lost tax identification numbers and email addresses.
  • An Equifax spokeswoman said that the company complied with regulatory requirements and that they didn’t consider the “insignificant” number of email addresses lost to be sensitive information because they’re often publicly accessible.
  • The new documents bring Equifax’s credibility into even further question following numerous other damaging revelations that includes a malware-infested website, executives who dumped stock after the company discovered the hack, and the news the company was warned months before about security vulnerabilities and did nothing to prevent it.
  • Senator Elizabeth Warren demanded the company immediately release the full extent of the possibly compromised information.
  • The identities of the hackers who breached Equifax still remain a mystery.

*Source: Gizmodo, February 10, 2018

 


Games Organizers Confirm Cyber Attack *:

  • Pyeongchang Winter Olympics organizers confirmed on Sunday that the Games had fallen victim to a cyber-attack during Friday’s opening ceremony, but they refused to reveal the source.
  • The Games’ systems, including the internet and television services, were affected by the hack, but organizers said it had not compromised any critical part of their operations.
  • International Olympic Committee (IOC) spokesman Mark Adams stated that they were dealing with the issue and “making sure our systems are secure.”
  • Pyeongchang organizing committee spokesman Sung Baik-you told reporters the issues were resolved and recovered as of February 10th.
  • Russia said any allegations linking Russian hackers to attacks on the infrastructure connected to the Pyeongchang Olympic Games were unfounded.
  • Cyber security researchers said in January they had found early indications that Russia-based hackers may be planning attacks against anti-doping and Olympic organizations in retaliation for Russia’s exclusion from the Pyeongchang Games.
  • Stakeholders of the Olympics have been wary of the threat from hacking and some sponsors have taken out insurance to protect themselves from a cyber-attack.

*Source: Reuters, February 11, 2018

 


ICE Lawyer Charged With Stealing Immigrant IDs*:

  • The chief counsel for U.S. Immigration and Customs Enforcement in Seattle has been charged with stealing immigrants' identities.
  • Raphael Sanchez has been implicated in identity theft and wire fraud.
  • Prosecutors allege that Sanchez stole the identities of seven people during various stages of immigration process to defraud credit card companies.
  • The type of charging document filed in this case suggests a plea agreement is in the works.
  • An example of one of the allegations in the charging document stated that Sanchez sent an email from his government account to his Yahoo account that included personal information pertaining to a Chinese national along with images of the victim’s US permanent resident card, Chinese passport, and utility bill.

*Source: AP News, February 14, 2018

 


Fired System Admin Sabotages Railway Network*:

  • Just about every industry today relies on computers, which requires one or more system administrators to keep things running smoothly.
  • When you fire a system administrator, they can easily retaliate on the way out the door if the proper precautions aren’t in place.
  • A system administrator for Canadian Pacific Railway (CPR) was suspended for twelve days in December 2015, and was fired upon his return to work.
  • As a system administrator, he had a work laptop, remote access authentication token, and access badge that he used to sabotage the railway’s computer network before returning them.
  • Logging into the system using his still-active credentials, the employee removed admin-level access from other accounts, deleted important files from the network, and changed passwords so other employees could no longer gain access.
  • He deleted any logs showing the work he had done.
  • After the employee left, other CPR employees couldn't log into the computer network and the system quickly stopped working.
  • The fix involved rebooting the network and performing the equivalent of a factory reset to regain access.
  • CPR management called in computer forensic experts who found the evidence needed to prosecute the former system administrator.
  • Following a five-day trial, the employee was found guilty of carrying out the network sabotage, and sentenced to a year in prison.
  • The big takeaway from this incident for organizations is you need to remove any and all access employees have to your computer network or key systems before firing them – even letting them return to their desk can be dangerous.

*Source: PC Mag, February 14, 2018

 


How the $500 Million Coincheck Hack Exposes Deeper Security Flaws in Corporate Japan*:

  • Hackers stole more than $500 million in cryptocurrency from Coincheck, one of the largest crypto exchanges in Japan.
  • Japan has always been, and still remains, a soft-target for cybercrime and security problems are systemic and deeply interwoven in Japanese business culture.
  • Corporate Japan has a strange relationship with computer security – firms pay top dollar for security hardware and consulting, but practical security is frequently neglected.
  • Operating systems remain un-patched, firewalls are never changed after initial configuration, and backup systems are rarely tested.
  • Because of the hierarchal nature of Japanese society, management experience is valued more highly than domain expertise, so many times the person in charge of IT security doesn’t even have a background in the field.
  • Japanese CSOs are expected to be skilled at managing technology projects, but are not generally expected to have a technical background.
  • Compliance is valued far more than actual security in Japan.
  • The strong social stigma attached to speaking out against the group, the lack of technical understanding and the absence of any immediate consequences to poor security, results in engineers who raise security concerns being viewed as disruptive at best, and troublemakers at worst.
  • Documenting, or even fixing, security vulnerabilities provides no immediate benefit.
  • As a result, many Japanese companies handle new security concerns informally and the vulnerabilities will only be formally documented and addressed if there are resources available.
  • Japanese startups often have the in-house technical expertise that enterprises lack, but frequently fall into the same security groupthink as their larger counterparts.
  • The effects are visible in the Japanese marketplace – since startups and enterprises both tend to favor compliance over detection and mitigation, there is a wide range of security audit and consulting services available, but penetration testing is rare and expensive.
  • Few Japanese firms of any size are willing to open themselves up to the scrutiny of a “bug bounty” program like many Western technology companies sponsor.
  • The Japanese economy is 30% the size of the U.S. but only has about 1.5% of the credit card fraud.
  • Until recently, Japan-only payments systems and the Japanese language itself provided an effective layer of obfuscation over poor security practices and made attacks difficult.
  • The widespread availability of free, automatic translation tools has changed this, and cybercrime is at record levels and increasing steadily.
  • Corporate Japan is becoming more vulnerable to cyber-attacks at the very time they are moving more and more valuable information onto Internet-connected computers.
  • It will likely take a few more expensive and embarrassing hacks the scale of Coincheck before Japan begins treating security as the serious and systemic problem it truly is.

*Source: Forbes, February 14, 2018

 


What’s New in Windows 10 Security Features: The Anti-Ransomware Edition*:

  • With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year – many will allow you to improve your security posture and offer more security choices.
  • Below is a summary of all the new security features and options in Windows 10 version 1709, also known as the Fall Creators Edition.
  • The new feature Window Defender Exploit Guard consists of four different feature sets that help block and defend attacks: Exploit Protection, Attack Surface Reduction tools, Network Protection, and Controlled Folder Access.
  • Exploit Protection:
    • This is the only feature in the new update that can work with third-party anti-virus software.
    • An additional cloud-based logging service called Windows Defender Advanced Threat Protection provides forensic tracking evidence of threats and attacks and can be used to better track and investigate Exploit Guard events.
  • Attack Surface Reduction:
    • Attack Surface Reduction is a new set of tools that block primarily Office, Java, and other zero-day-type attacks.
    • This feature is based on rules to protect the systems from attack; the rules can be applied to a single computer or a network.
  • Network Protection
    • Network Protection is designed to protect the computer and network from domains that may host phishing scams, exploits, and other malicious content on the internet.
  • Controlled Folder Access
    • Controlled Folder Access protection is designed to prevent and defend from typical ransomware attacks.
    • All applications that access any executable file (including .exe, .scr, and .dll files) use the Windows Defender Antivirus interface to determine if the application is safe.
    • If the application is malicious, it is blocked from making changes to files in protected folders.
  • Windows Security Baseline configurations have been updated to support Windows 10 1709 – these are a set of recommended configurations to best secure systems in enterprises.
  • Microsoft has introduced and updated host of other features such as Windows Defender Advanced Threat Protection, Application Guard, Device Guard, Information Protection, BitLocker, and Windows Hello (facial authentication system).

*Source: CSO, February 13, 2018

 


Oracle Buys Zenedge for Cloud Security*:

  • Oracle has announced it plans to acquire Zenedge, which helps secure critical IT systems deployed via cloud, on-premise, or hybrid hosting environments.
  • Powered by artificial intelligence, Zenedge’s products and 24/7 virtual Security Operations Center defend over 800,000 web properties and networks globally.
  • Zenedge expands Oracle Cloud Infrastructure and Oracle’s Domain Name System capabilities, adding innovative application and network protection that augments existing Oracle security services and partnerships.
  • The combination with Zenedge equips Oracle Cloud Infrastructure with integrated, next-generation network and infrastructure security, to address modern security threats.

*Source: Oracle, February 15, 2018

 

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top