FYI - Monitoring logons 'the most effective way to detect data breach' - Monitoring corporate logins described as the most effective way to detect a data breach within an organisation. https://www.scmagazine.com/monitoring-logons-the-most-effective-way-to-detect-data-breach/article/684864/

Recent phishing attacks reportedly capitalize on Office 365 security holes - Researchers from cloud security company Avanan have reported finding two ways that phishers are evading Microsoft Office 365 Security protections: one using "hexidecimal escape characters" to conceal coding and links, and the other by compromising SharePoint files. https://www.scmagazine.com/recent-phishing-attacks-reportedly-capitalize-on-office-365-security-holes/article/684453/

Defray Ransomware demands $5,000, then suggests victims backup their data - A just-documented ransomware strain called Defray is making some minor inroads by targeting firms in the healthcare, education, manufacturing and technology fields, that contains a ransom note that taunts the victim's IT department. https://www.scmagazine.com/defray-ransomware-demands-5000-then-suggests-victims-backup-their-data/article/684719/

VW engineer sentenced to 40 months in prison for role in emissions cheating - German automaker asked its US employee to perfect the cheat code, and he did it. https://arstechnica.com/cars/2017/08/vw-engineer-sentenced-to-40-months-in-prison-for-role-in-emissions-cheating/

American Pacific Mortgage files lawsuit against insurer to reclaim losses due to BEC attack - American Pacific Mortgage (APM) has filed a breach of contract suit against Aspen Specialty Insurance Company disputing the latter's decision to not cover losses incurred from a business email compromise attack. https://www.scmagazine.com/american-pacific-mortgage-files-lawsuit-against-insurer-to-reclaim-losses-due-to-bec-attack/article/684875/

ATTACKS, INTRUSIONS, DATA THEFT & LOSS

FYI - Business Email Compromise phishing scam found targeting diverse array of industries - An organized phishing scam operation likely based out of West Africa has been attempting to steal the business email credentials of users across a broad spectrum of industries, in hopes of compromising their accounts and leveraging them for even more targeted spear phishing scams. https://www.scmagazine.com/business-email-compromise-phishing-scam-found-targeting-diverse-array-of-industries/article/683908/

Ukraine Fears Second Ransomware Outbreak as Another Accounting Firm Got Hacked - Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware. https://www.bleepingcomputer.com/news/security/ukraine-fears-second-ransomware-outbreak-as-another-accounting-firm-got-hacked/

106,000 Mid-Michigan Physicians clinic patient records exposed - About 106,000 patients of the Mid-Michigan Physicians clinic may have had their patient records exposed when a third-party server was breached. https://www.scmagazine.com/106000-mid-michigan-physicians-clinic-patient-records-exposed/article/684560/

Google routing blunder sent Japan's Internet dark on Friday - Last Friday, someone in Google fat-thumbed a border gateway protocol (BGP) advertisement and sent Japanese Internet traffic into a black hole. http://www.theregister.co.uk/2017/08/27/google_routing_blunder_sent_japans_internet_dark/

Real Madrid Twitter accounts hacked shortly after FC Barcelona account breach - Grey hat hackers pranked soccer fans by hacking the Real Madrid Twitter accounts and posting tweets announcing the signing of rival player Lionel Messi along with video of the player scoring for Barcelona against Real Madrid. https://www.scmagazine.com/the-ourmine-hacking-group-managed-to-seize-the-teams-twitter-accounts-and-sent-tweets-welcoming-the-player-in-english-and-spanish/article/684876/

Hackers leak pics of actress Dakota Johnson - The same hackers behind the unauthorized access of celebrities' iCloud accounts and the subsequent postings of photographs are believed to be behind the recent leak of photos of “Fifty Shades” actress Dakota Johnson. https://www.scmagazine.com/hackers-leak-nude-pics-of-actress-dakota-johnson/article/684562/

Return to the top of the newsletter

WEB SITE COMPLIANCE - OCC - Threats from Fraudulent Bank Web Sites - Risk Mitigation and Response Guidance for Web Site Spoofing Incidents (Part 3 of 5)
  
  PROCEDURES TO ADDRESS SPOOFING - Information Gathering
  
  After a bank has determined that it is the target of a spoofing incident, it should collect available information about the attack to enable an appropriate response.  The information that is collected will help the bank identify and shut down the fraudulent Web site, determine whether customer information has been obtained, and assist law enforcement authorities with any investigation.  Below is a list of useful information that a bank can collect.  In some cases, banks will require the assistance of information technology specialists or their service providers to obtain this information.
  
  *  The means by which the bank became aware that it was the target of a spoofing incident (e.g., report received through Website, fax, telephone, etc.);
  *  Copies of any e-mails or documentation regarding other forms of communication (e.g., telephone calls, faxes, etc.) that were used to direct customers to the spoofed Web sites;
  *  Internet Protocol (IP) addresses for the spoofed Web sites along with identification of the companies associated with the IP addresses;
  *  Web-site addresses (universal resource locator) and the registration of the associated domain names for the spoofed site; and
  *  The geographic locations of the IP address (city, state, and country).

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.
 
 INSURANCE  (Part 1 of 2)
 
 Financial institutions have used insurance coverage as an effective method to transfer risks from themselves to insurance carriers. Insurance coverage is increasingly available to cover risks from security breaches or denial of service attacks. For example, several insurance companies offer e - commerce insurance packages that can reimburse financial institutions for losses from fraud, privacy breaches, system downtime, or incident response. When evaluating the need for insurance to cover information security threats, financial institutions should understand the following points:
 
 ! Insurance is not a substitute for an effective security program.
 ! Traditional fidelity bond coverage may not protect from losses related to security intrusions.
 ! Availability, cost, and covered risks vary by insurance company.
 ! Availability of new insurance products creates a more dynamic environment for these factors.
 ! Insurance cannot adequately cover the reputation and compliance risk related to customer relationships and privacy.
 ! Insurance companies typically require companies to certify that certain security practices are in place.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Chapter 12 - COMPUTER SECURITY INCIDENT HANDLING
 
 12.1.3 Side Benefits
 
 Finally, establishing an incident handling capability helps an organization in perhaps unanticipated ways. Three are discussed here.
 
 Uses of Threat and Vulnerability Data. Incident handling can greatly enhance the risk assessment process. An incident handling capability will allow organizations to collect threat data that may be useful in their risk assessment and safeguard selection processes (e.g., in designing new systems). Incidents can be logged and analyzed to determine whether there is a recurring problem (or if other patterns are present, as are sometimes seen in hacker attacks), which would not be noticed if each incident were only viewed in isolation. Statistics on the numbers and types of incidents in the organization can be used in the risk assessment process as an indication of vulnerabilities and threats.
 
 Enhancing Internal Communications and Organization Preparedness. Organizations often find that an incident handling capability enhances internal communications and the readiness of the organization to respond to any type of incident, not just computer security incidents. Internal communications will be improved; management will be better organized to receive communications; and contacts within public affairs, legal staff, law enforcement, and other groups will have been preestablished. The structure set up for reporting incidents can also be used for other purposes.
 
 Enhancing the Training and Awareness Program. The organization's training process can also benefit from incident handling experiences. Based on incidents reported, training personnel will have a better understanding of users' knowledge of security issues. Trainers can use actual incidents to vividly illustrate the importance of computer security. Training that is based on current threats and controls recommended by incident handling staff provides users with information more specifically directed to their current needs -- thereby reducing the risks to the organization from incidents.
 
 12.2 Characteristics of a Successful Incident Handling Capability
 
 A successful incident handling capability has several core characteristics:
 
 1)  an understanding of the constituency it will serve;
 2)  an educated constituency;
 3)  a means for centralized communications;
 4)  expertise in the requisite technologies; and
 5)  links to other groups to assist in incident handling (as needed)