Friday, September 28, 2018

FBI ALERT: 9/27/18

I-092718-PSA "RDP Warning needs to be heeded".

Questions regarding this PSA should be directed to your local FBI Field Office.

Local Field Office Locations: www.fbi.gov/contact-us/field.  

ISSUE: Remote Desktop Protocol has been on the rise since mid-2016 as attack vector

RDP or remote desktop protocol is being exploited by attackers to conduct malicious activity the FBI warns in its public service announcement on September 27th, 2018.  Members, clients and others are advised to reach out to your local FBI Office for information concerning this public service announcement.  

Definitions:  Remote Desktop Protocol (RDP) is a proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet. This protocol provides complete control over the desktop of a remote machine by transmitting input such as mouse movements and keystrokes and sending back a graphical user interface. In order for a remote desktop connection to be established, the local and remote machines need to authenticate via a username and password. Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system. Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.

Some Suggestions For Protection:

  1. Audit your network for systems using RDP for remote communication
  2. Verify all cloud-based virtual machine instances with a public IP do not have open RDP posts, specifically port 3389, unless there is a valid business reason to do so.  Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access it through a firewall.
  3. Apply two-factor authentication, where possible
  4. Apply system and software upgrades regularly
  5. Maintain a good back-up strategy
  6. Enable logging and ensure logging mechanisms capture RDP logins.  Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
For additional recommendations see the PSA.

Friday, September 21, 2018

Integris Security LLC update.

Good afternoon all.  Effective 9-21-18 our web site has been transition and placed back into the public space for all to view.

We continue to focus on three main industries:


Take a look around.  Its new so not too much is in place yet.  But we wanted to get it out to our clients, friends and family.

MIRAI BOTNET

Strange bed fellows with U.S. FBI

The threats and vulnerabilities are coming at industry and government fast and furiously with each new day springing something new.  This past week we participated in a conference call re: Mirai Botnet Authors wherein we learned the FBI is now working with cyber crooks to learn methods and operations so that the FBI can be as effective as possible in their national security mission.  These cyber crooks can't be trusted was the commonly held belief by all on the call.  The FBI needs to tread carefully when putting these resources to use and carefully balance the national security needs of our nation with common criminals.

Our new web site hosts a number of our services but like most days we focus on what's in front of us and how we maybe of assistance to help our clients.  Happy navigating and we hope to make our web site and social media interesting.

#cybersecurity  #integrissecurity  #Miraibotnet  #smallbusiness   #healthcare  #financialservices

Monday, September 17, 2018






WELCOME

 Welcome and yes we are back!  Our target is our clients, our prospects, our friends and family in the industry.  We are passionate about assessing risk, we run deep in security issues and also like to take some time to laugh as well.  We hope each of you enjoy the blog and contribute.

Risk and security discussions start at the top of every organization.  This isn't just jargon.  It is serious and when reading our blog you'll keep this in mind as you read along.  The CEO is the chief risk/security evangelist for your organization.  While we all love to laugh and make light of some things, in earnest we all need to focus when it comes to risk and security.  If the CEO isn't talking about risk and security than it just hasn't become a priority for your organization and your board of directors need to bring him/her in and explain the priorities for your organization.  We point in earnest to the your audit committee and its chairperson.  If things go wrong and they will in even the best organizations the chair of the board of directors audit committee will be the first person interviewed.  

If your like us and become aware of an issue, a solution, a best practice or new application and/or free or pay for tools that you just couldn't let slip by let us know.  If you'd like to be considered for a guest blog entry keep this is in mind: One focused topic, 400 words tops email us at: info@integrissecurity.com.  We know everyone has access to some cool graphics which help understanding the concepts and theories being put forward so choose carefully and send it along.  Our focus is to explain issues as simple as possible and to have the graphics bring the point home.  The ah ha moment.  

SOCIAL MEDIA

Did someone say social media?  In the past we have put our toe in the water with social media.  We plan to go full throttle with social media and may even add to our current setup.  So on our web site you'll see Facebook, LinkedIn, Twitter and of course this Google+ Blogger Blog.  We may expand on this and add You Tube if we think it brings additional value.  We think that we need to bring everyone the full impact of the web via our associated media outlets.  If you want to be part of this and share your wisdom let us know.  Email us: info@integrissecurity.com.

Thanks everyone and welcome back.

Friday, October 21, 2016

Cyber Security Month: Looking for Answers Part II?


NEW YORK METRO JOINT CYBER SECURITY CONFERENCE
NY Metro Joint Cyber Security Conference
I recently attended the Third Annual New York Metro Joint Cyber Security Conference (http://nymjcsc.org/), held in mid-town Manhattan.  Security conferences are now a dime-a-dozen, but this event is unique in that it is a collaborative effort developed by a consortium of eight leading security, audit, and risk focused, NY metropolitan area, not-for-profit professional associations. Each organization brings its best to the table, creating a rare combination of expertise and diversity of talent.  

There were many informative sessions – some standing room only – but some of the greatest value was in the interaction with the other professionals.  For example, in sessions, we learned that security professionals must adopt the language of Directors to be understood by a Board.  The Internet Security Alliance is even working on metrics for Boards to use in evaluating security risks and controls.  But, after all the talk of security maturity models, cyber risk management frameworks, and “cyber balance sheets,” CISOs (Chief Information Security Officers) will tell you that Boards still “just don’t get it” and don’t seem to be that interested.  Perhaps CISOs as a group aren’t very good at explaining how greater focus on preventing and mitigating cyber threats is in the self-interests of very diverse sets of Directors.  Maybe, despite approaching the problem with the best of business concepts and lingo, CISOs just don’t have influence with Directors.  (As one CISO put it, “formulas don’t work.  Relationships do.”) Or, perhaps it’s because, as one speaker put it, there is not a single instance of a cyber breach that has been demonstrated to have a material impact on a company.  In the end, the surprising takeaway may not be that CISOs are becoming more adept at speaking the language of the Board, but that some Boards are beginning to listen at all.
This sold-out event offered excellent, high-quality presentations with plenty of actionable content.  If you weren't able to attend, you can still benefit from the recordings of many of the sessions.  They are available at http://livestream.com/internetsociety/nymjcsc/.  Presentation slides may be found at http://tinyurl.com/z3fz44d. I would highly recommend reviewing them.
And, don't forget to sign up early for next year's conference.  It's one of the best values in information security education that you'll find anywhere.  Follow www.nymjcsc.org and @NYMJCSC for details.

Phil Froehlich is Chief Operating Officer of Integris Security and a member (who listens) of the Executive Board of New York Metro InfraGard.

Cyber Security Month: Looking for Answers: Part I?


LONG ISLAND BUSINESS NEWS
LI Business New Cyber Conference
Hilton, was once again informative, invigorating and enrolling. With a number of panelists participating, including both the Integris Security CTO, Blake Cornell, and United States Congressman US District 1, Lee Zeldin, nearly 100 individuals attended the breakfast event.
Topics of interest had included Cyber Terrorism, Business Continuity, Government Legislation, Small Business Best Practices and other wide ranging topics. Some of the information shared, information that attendees can use in their day to day business operations.
A goal of Integris Security CTO, Blake Cornell, was to provide “simple and sound information that is short and sweet” further stating that “if your employees are untrained then no amount of technical information will help them understand. You can’t make them understand but you can help them understand”.

Blake Cornell is the CTO of Integris Security LLC.

Sunday, October 16, 2016

Ransomware: Osterman Research Survey for Malwarebytes

https://www.integrissecurity.com/index.php?aboutus=JosephConcannon
Joseph Concannon
Today I receive a note from a friend who said he had fallen victim to a Ransomware attack.  So I figured its a good time to review some up to date expert research.  This review is a product of Integris Security LLC and we gladly share this with the community.

First, Ransomware is a global issue effecting enormous sized companies as well as my local friend.  Ransomware is a global threat/problem.  We must recognize the size and depth of this issue.  A survey was conducted during June of 2016 that included CIO's, CTO's, CISO's and other executives.  The survey included 165 corporations in the United States as well as companies from around the world.  39% percent of the companies that were contacted were impacted by a ransomware attack in the U.S. alone.  This is truly a global problem and issue but let's keep the focus here at home.  The report shows the various priorities by country.

The FBI talks about Ransomware as a, "an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them". Integris Security LLC evangelizes through its President, Joseph Concannon the value of Risk Management and the ongoing development of a solid business continuity program.  Concannon states: "this isn't a once a year review, this is a daily, weekly, monthly, quarterly and semi-annual program.  Risk Management opens the eyes of the Executive Team and Boards of Directors".

Second, it comes as no surprise that the survey results identified healthcare and financial services industry as the prime target.  Each are highly dependent upon business critical information according to Osterman Research, Inc.Cyber criminals lay and weight until they find the prime target for an attack; one which they can not recover from due to the lack of ransomware fighting software.  In Osterman's survey U.S. companies were most likely to fall victim to a ransomware attack (79% fell victim according to the survey).

Third, Ransomware ranks the fourth highest security concern for senior executives in the United States as surveyed by Osterman Research, Inc., and more:

 U.S. organizations are also more likely to place a high or very high priority on investing in education and training about ransomware for their end users; and for investing in resources, technology, and funding to address the ransomware problem.

Note well: What the Osterman Research reveals is the power play between tenured industry executives and newly appointed CIO's, CISO's, CTO's learning the mine field of budgeting.  Where do these technology executives make the push to gain budget for their projects and can they convince business unit managers to join their team?  Who pays for training and education and how does that weigh in the balance of getting things done?  Here's how its playing out so far:
Somewhat ironically, however, U.S. organizations are also the least likely to have implemented any sort of ransomware training for their end users, and are among the most likely to offer only minimal training when they actually do so.  U.S. companies rate Ransomware as a high or extremely high priority, unlike their European counterparts in Germany and the UK or Canada which consider it less of a threat. 
Yet the training dollars in the U.S. continue to lag behind.   

The survey that I am reviewing is called, "Understanding The Depth of The Global Ransomware Problem" a report promoted by a company called Malwarebytes
The perceived importance of regular, on-premises backups as a ransomware-recovery tool is quite high among U.S. and German organizations, but somewhat lower among the organizations we surveyed in Canada and the United Kingdom. However, Canadian and UK-based organizations were more likely to use regular, cloud-based backups to recover from ransomware. Other capabilities in place to address ransomware included on-premises ransomware-detection solutions (highest penetration in the U.S.), network segmentation (highest in Germany), and air gaps between data stores and the Internet (highest in Canada).
At Integris Security LLC we point out that segmentation and air gaps are important as well as on-premises backups NOT connected to the network you are backing up.  Strong passwords that are changed every 90 days.  Here are the top 15 Cyber Security Precautions to follow.  Here are some very good tips for enterprise environment security teams to review (FBI):

Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):
  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

For those at home we strongly recommend backup on USB stick, or other storage drive with proper security "on board" to assess the devices health each time the device is accessed.  Saving important documents to a computer is a thing of the past.  Time to think 2016 and the threats that come with the technological age we live in.  Store important documents in a safe deposit box (whether in paper or USB or storage drive or other form).  If its important, then take the extra security steps.

https://www.stopthinkconnect.org/STOP THINK CONNECT is the U.S. Department of Homeland Security Campaign promoted during Cyber Security Awareness Month (October each year).  However, the evil email attachment continues to lure an seemly endless waterfall of users into the brink.  Nothing beats education and awareness in preventing the lost of your computer to a cyber attack.  While on the computer remember you are not in your living room.  You are in the "Wild West" and everyone's your friend.  You wouldn't leave your front door open at night, so don't leave your computer open either.  
Integris Security LLC grew from our passion for protecting our nation’s critical infrastructures and years of providing industry professionals with best of breed solutions, proven best practices and top notch security education. We work tirelessly to nurture our clients’ TRUST. We will work equally diligently to EARN your trust.


Thursday, October 6, 2016

LIBN Cyber Security Conference - October 6th, 2016

Today's cyber security conference held by the Long Island Business News at the Huntington Hilton was a huge success.  The conference was packed and the panel with headliner U.S. Congressman Lee Zeldin was both informative and far reaching.

A wide range of cyber security topics included  a discussion of the potential federal funding of security awareness strategies like, "If you see something, Say Something".  Attendee's suggested a new cyber security awareness strategy like see something be started. Blake Cornell, CTO Integris Security suggest we use, "Think twice before you click twice".  The simple message was something that everyone agreed was needed.

The panel touched upon some key areas and agreed that security awareness training when implemented correctly brings everyone into the company's security strategy and not just the security team.  Twenty - thirty employees watching the security posture of a company is better than 3-5 employees from the security team.  Chief Security Officers have their hands full and gaining the trust and confidence of all employees to be on the look out makes the CSO's job 100% easier. 

Is it IT or is it Business?  A lively discussion broke out concerning the politics, budgeting and organizational culture in which professional security people work in.  This environment is not always 100% on board with a strong security posture.  General agreement was reached on the theory of security starting from the top down works best.  If the boss is concerned about security so is everyone else.  The next discussion was about whether it was the business or IT department.  Well, this was put to rest quickly.  The IT staff and security personnel need to team with business unit managers and ask them to take ownership for what belongs to them and what is enabling their success. The better the integration with business leaders on function and feature of the computer tools used to bring profits to the business,  the smoother the discussions will be for improvements to strengthen the security budgets so that the profit center environment is safe and secure.  The better everyone will sleep.

Their are a great many things that people can do to keep the internet secure.  Unfortunately their are a great many things which LURE us away from this common sense approach to internet safety.  Changing (long with symbols, CAPS, lowercase letters and numbers) passwords every 90 days is driving a positive change for your safety and security on the internet.  Writing those passwords down and storing them in a secure place is also a good idea. See more ideas on our web site.

For a two hour conference this one was packed with information and many new contacts as well.  Good job to LIBN and we look forward to next years conference and some of the articles to appear in LIBN which should keep everyone on their toes.

For additional information on security tips, visit www.integrissecurity.com.  we have a full page of tips on our web site.