Speaking of Security – The RSA Blog and Podcast

Gone are the days when it was thought that size of the company matters to the cybercriminals. The latest PwC Information Security Breaches Survey 2013 shows that there has been a significant rise in the number of small businesses that were attacked by an unauthorized outsider in the last year – up by 22%. Interestingly large organizations only went up by 5%. The cybercriminal has moved on to stealing intellectual property or corporate secrets as that’s where the real money is and small companies become easy targets as many do not have the resources or budgets to fully protect their information.

It’s time to understand the differences between corporate secrets and custodial data.

• 

ATMs enable us to get our cash on demand, for those of us who still use cash, and have come a long way since the first machines in the 1960s which dispersed a set amount of funds and sent back the bank card at a later date.

Convenient to consumers, yes – but to fraudsters, ATMs are seen as a way to get their hands on currency that isn’t theirs and unlike an online transaction can be harder to trace. As a cash-out point for many scams, fraudulent crimes and cyber-attacks the ATM has seen its fair share of unfriendly withdrawals.

• 

The level and sophistication of advanced threats is a constantly moving target pitting the advantages of smart and patient attackers against security teams that often times can’t possibly know what to look for when an attacker employs specialized techniques and tools designed to cloak their movements. What happens when an attacker doesn’t have to rely on malware to infiltrate their target or when an attacker is able to successfully blend in like a legitimate insider? In this edition of the Speaking of Security Podcast, Tom Chmielarski, Practice Lead in RSA’s Advanced Cyber Defense Services shares some of the attack techniques he’s seen used in real breach cases, along with best practices used in the detection and defense of these advanced attacks.

• 

By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA Although the title of this blog may call to mind the first line of quite a number of old jokes, it appears that hacktivists, phishers and the everyday Internet user have enough in common to raise concerns of financial fraud, especially in light of [...]

• 

…And they did it, they managed to slow down the internet. Next thing you know, they will break it! I am referring to what’s been called “the largest publicly announced online attack in the history of the Internet.” And this week we read about the suspect; a 35-year old guy from Netherlands who was arrested in Spain (The Netherlands Public Prosecutor Service press release in Dutch).

• 

The UK government has identified cyber security as a key area of focus and new investment and in 2011 announced a budget of £650 million to shore up defenses in the UK. So after two years, let’s examine how it’s been spent.

• 

A recent discovery by RSA researchers shows a new FaaS offering that is being marketed directly via a popular social network. The sale item: a customized botnet panel programmed to work with the Zeus Trojan – both reworked by what appears to be an Indonesian-speaking malware developer.

Beyond having compiled a working Zeus Trojan kit, the developer customized an attractive control panel for the admin (basic and familiar in functionality, and taken from previous Zeus versions), the developer and his team created a demo website for potential buyers – which they have no qualms about sharing publicly, and best of all—a Facebook page with frequent updates and information about botnets, exploits, cybercrime, and their own product (Zeus v 1.2.10.1).

• 

Big Data is the buzzword making headlines today. From improving medical diagnosis and treatment to energy conservation, businesses around the world are using Big Data analytics to transform the data they store into actionable information. Even here at RSA/EMC, we are working to leverage Big Data analytics to improve the way our customers detect and respond to threats. You can be sure that if legitimate businesses are using the latest and greatest technology, cybercriminals are too!

• 

Based on the last few Incident Response engagements I’ve participated in, the most common question I’ve heard is “what are the common indicators you are using to find evil?” This is not a question that has a simple answer. In this blog post, I’ll examine a Blackhole exploit kit session and discuss the various network indicators that analysts should be looking for when identifying host exploitation and associated binaries. The intent here is not to pick apart malware or de-obfuscate JavaScript, but to show how asking simple questions about your network traffic can reveal the bad stuff being missed by your other security products.

• 

The underground economy is a complex world with criminal organizations that specialize in each element of making it run. While Money Mules may just be a portion of this economy, they are crucial to its success. Without mules, cybercriminals have no safe way to move money and product. There are 2 basic types of mules when it comes to cybercrime. You have money mules, which help to move money, and reshipping mules, which help to move stolen goods. Mule recruiters, another portion of this economy, specialize in finding individuals or small businesses that will help them move funds or product. In most cases, these mules are unwitting accomplices to the crime.

•