Blog Posts | CarmeloWalsh[.]com | Carmelo Walsh's Personal Website and Blog.

Arnold on Passwords

Posted on December 22, 2014 by Carmelo

How strong are your passwords?

Posted in Security Blog | Tagged 2014, Arnold, lol, passwords, Schwarzenegger, strong | Comments Off

Anunak, Russian/Ukraine Bank Hackers

Posted on December 22, 2014 by Carmelo

An ATM gang has stolen more than $15 million from Eastern European banks, To gain a foothold inside financial institutions, the “Anunak group” — sent bank employees targeted, malware-laced emails made to look like the missives were sent by Russian banking regulators. The phishing emails contained malicious software designed to exploit recently-patched security holes in Microsoft Office products.

The group also reportedly bought access to Windows PCs at targeted banks that were already compromised by opportunistic malware spread by other cyber criminals. The Anunak gang routinely purchased installations of their banking malware from other cybercriminals who operated massive botnets.

Here is Group iB’s report

Posted in Security Blog | Tagged 2014, ATM, banks, Brian Krebs, Group iB, hackers, malware, passwords, phishing | Comments Off

Staples Follow-Up

Posted on December 20, 2014 by Carmelo

Back in October, it was announced that banks were investigating Staples based on fraudulent card activity.

Staples’ data security experts detected that criminals deployed malware to some point-of-sale systems at 115 of its more than 1,400 U.S. retail stores. Upon detection, Staples immediately took action to eradicate the malware in mid-September and to further enhance its security. Staples also retained outside data security experts to investigate the incident and has worked closely with payment card companies and law enforcement on this matter.

Based on its investigation, Staples believes that malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes. At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014. At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.

It appears that the attackers responsible for the Staples break-in are not the same group thought to have hit Target and Home Depot. Read more at Krebs.

Posted in Security Blog | Tagged 2014, credit card, hacked, malware, staples | Comments Off

ICANN Targeted in Spear Phishing Attack

Posted on December 18, 2014 by Carmelo

Internet Corporation for Assigned Names and Numbers have announced that their system were compromised by a phishing attack. Some of the staff of ICANN fell victim to a spear phishing attack.

From their website:

ICANN is investigating a recent intrusion into our systems. We believe a “spear phishing” attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.

In early December 2014 we discovered that the compromised credentials were used to access other ICANN systems besides email:

The Centralized Zone Data System (czds.icann.org)
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.

The ICANN GAC Wiki (gacweb.icann.org)
Public information, the members-only index page and one individual user’s profile page was viewed. No other non-public content was viewed.
Unauthorized access was also obtained to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal. No impact was found to either of these systems.

Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems.

Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures.

We are providing information about this incident publicly, not just because of our commitment to openness and transparency, but also because sharing of cybersecurity information helps all involved assess threats to their systems.

For additional information about the attack, please monitor the ICANN website.

ICANN is responsible for the Internet’s global Domain Name System, including policy development for internationalization of the DNS system, introduction of new generic top-level domains (TLDs), and the operation of root name servers. The numbering facilities ICANN manages include the Internet Protocol address spaces for IPv4 and IPv6, and assignment of address blocks to regional Internet registries. ICANN also maintains registries of Internet protocol identifiers.

Posted in Security Blog | Tagged 2014, hacked, ICANN, Information Technology Security Awareness, Internet Corporation for Assigned Names and Numbers, passwords, phishing, Security Awareness, spear phishing | Comments Off

PCI Professional Certification

Posted on December 17, 2014 by Carmelo

I got my PCI Professional Certification today.

Posted in Security Blog | Tagged 2014, achievement unlocked, Internal Security Assessor, PCI Compliance, PCI Professional | Comments Off

8 Videos on Strategic Planning Management

Posted on December 17, 2014 by Carmelo

It’s easy to forget some of the basics that I don’t deal with every day. Erica gives a great review without getting too deep into it all.

Erica Olsen seems to know her stuff.

Posted in Security Blog | Tagged 2014, back to basics, Erica Olsen, Kaplan and Norton, KPIs, OnStrategyHQ, Strategic Planning, strategy, SWOT, video tutorial | Comments Off

20 Bucks Buys You 1,000 Node Bot Army

Posted on December 17, 2014 by Carmelo

According to the Dell SecureWorks report, for $20 you can purchase a small bot army of 1,000 computers. Findings in the deep web also include that the there is excellent customer service! Master those basics people and you will gain and keep your customers.

Check out the menu below.

HACKER CREDENTIALS AND SERVICES	DETAILS	PRICE
*Visa and Master Card (US)		$4
American Express (US)		$7
Discover Card with (US)		$8
Visa and Master Card (UK, Australia and Canada)		$7 -$8
American Express (UK, Australia and Canada)		$12- $13
Discover Card (Australia and Canada)		$12
Visa and Master Card (EU and Asia)		$15
Discover and American Express Card (EU and Asia)		$18
Credit Card with Track 1 and 2 Data (US)	Track 1 and 2 Data is information which is contained in digital format on the magnetic stripe embedded in the backside of the credit card. Some payment cards store data in chips embedded on the front side. The magnetic stripe or chip holds information such as the Primary Account Number, Expiration Date, Card holder name, plus other sensitive data for authentication and authorization.	$12
Credit Card with Track 1 and 2 Data (UK, Australia and Canada)		$19-$20
Credit Card with Track 1 and 2 Data (EU, Asia)		$28
US Fullz	Fullz is a dossier of credentials for an individual, which also include Personal Identifiable Information (PII), which can be used to commit identity theft and fraud. Fullz usually include: Full name, address, phone numbers, email addresses (with passwords), date of birth, SSN or Employee ID Number (EIN), one or more of: bank account information (account & routing numbers, account type), online banking credentials (varying degrees of completeness), or credit card information (including full track2 data and any associated PINs).	$25
Fullz (UK, Australia, Canada, EU, Asia)		$30-$40
VBV(US)	Verified by Visa works to confirm an online shopper’s identity in real time by requiring an additional password or other data to help ensure that no one but the cardholder can use their Visa card online.	$10
VBV (UK, Australia, Canada, EU, Asia)		$17-$25
DOB (US)	Date of Birth	$11
DOB(UK, Australia, Canada, EU, Asia)		$15-$25
Bank Acct. with $70,000-$150,000	Bank account number and online credentials (username/password). Price depends on banking institution.	$300 and less
Infected Computers	1,000	$20
Infected Computers	5,000	$90
Infected Computers	10,000	$160
Infected Computers	15,000	$250
Remote Access Trojan(RAT)		$50-$250
Add-On Services to RATs	Includes set up of C2 Server, adding FUD to RAT, infecting victim	$20-$50
Sweet Orange Exploit Kit Leasing Fees		$450 a week/$1800 a month
Hacking Website; stealing data	Price depends on reputation of hacker	$100-$300
DDoS Attacks	Distributed Denial of Service (DDoS) Attacks– throwing so much traffic at a website, it takes it offline	Per hour-$3-$5 Per Day-$90-$100 Per Week-$400-$600
Doxing	When a hacker is hired to get all the information they can about a target victim, via social engineering and/or infecting them with an information-stealing trojan.	$25-$100

The report shows that based on supply and demand, the prices are dropping.

– See more here.
Learn about Deep Web vs. Dark Web

Posted in Security Blog | Tagged 2014, botnet, botnets, credit card, deep web, fullz, hackers, menu, Security Awareness, underground | Comments Off

It’s THAT Time of Year

Posted on December 16, 2014 by Carmelo

The year end is the time to start giving predictions of how next year will roll. Here are a few reports that have already been published (they all open in a new tab):

Now keep in mind, these are not a strategic road-map for bad-guys to follow. Bad stuff happens, therefore, be prepared. Some great starting places if you don’t already have any are:

My prediction for the next year? I think that with all the data stolen this year (2014), there will be much more targeted phishing attacks on people who are at work leading to breaches and theft. Humanity is the weakest link in this chain. Take it from the wise ~~Duke Silver~~ Ron Swanson.

Posted in Security Blog | Tagged 2014, 2015 Security Predictions, Information Technology Security Awareness, NIST 800-34, NIST 800-61, Security Awareness | Comments Off

Honeywell Point-of-Sale Systems Buffer Overflow Vulnerability

Posted on December 16, 2014 by Carmelo

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the HWOPOSSCANNER.ocx. The control does not check the length of an attacker-supplied string to the Open method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process.

There is a fix, users may download Honeywell OPOS Suite 1.13.4.15 from the Honeywell website (here).

Posted in Security Blog | Tagged 2014, credit card, honeywell, overflow, point-of-sale, vulnerability | Comments Off