Four steps

In today’s world of frequent targeted attacks – when breaches are a matter of when and not if – a carefully crafted strategy to respond to targeted attacks must be part and parcel of the larger defense strategy. This can be the difference between a minor nuisance and a major breach that could spell the demise of an organization.
The SANS Institute provides some guidelines to organizations on how they should react to incidents. Broadly speaking, however, the response can be divided into four steps:

  • Prepare
  • Respond
  • Restore
  • Learn

 

All the best,
Frederick
Technical Lead Nordics
https://www.linkedin.com/profile/view?id=203862061

Frederick Wennmark - Trend Micro

2015 Predictions: The Invisible Becomes Visible

These are the trends that we think will shape 2015:

– More cybercriminals will turn to darknets and exclusive-access forums to share and sell crime ware.
– Increased cyber activity will translate to better, bigger, and more successful hacking tools and attempts.
– Exploit kits will target Android, as mobile vulnerabilities play a bigger role in device infection.
– Targeted attacks will become as prevalent as cybercrime.
– New mobile payment methods will introduce new threats.
– We will see more attempts to exploit vulnerabilities in open source apps.
– Technological diversity will save IoE/IoT devices from mass attacks but the same won’t be true for the data they process.
– More severe online banking and other financially motivated threats will surface.

More details about these predictions can be found at Trend Micro Security Predictions for 2015 and Beyond.

All the best,
Frederick
Technical Lead Nordics
https://www.linkedin.com/profile/view?id=203862061

Frederick Wennmark - Trend Micro

Server admins, start your Windows Update….Now!

Microsoft may have an issue of massive problem on its hands with a critical patch issued via Windows Update today.

The patch in question is MS14-066, or otherwise known as the cryptically named “Vulnerability in Schannel Could Allow Remote Code Execution,” which affects Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.

You know what’s really a pain? It affects everything running a modern version of Windows, meaning we all will need to patch a lot of machines as soon as possible. Microsoft also says that there is no workaround or ways to mitigate the attack, other than via a patch.

Trend Micro Deep Security customers with Virtual Patching is of course protected. If you can’t run Windows Update right now you can use our DPI rules release even before Microsoft announced the vulnerability publicly.

All the best,
Frederick
Technical Lead Nordics
https://www.linkedin.com/profile/view?id=203862061

Frederick Wennmark - Trend Micro

Attackers Exploit Drupal Vulnerability

Problem:

A mass, automated attack has potentially compromised a vulnerability that exists in the majority of all websites that run the popular Drupal content management system.

More than 1 million websites use Drupal. The risk now is that attackers have likely already exploited hundreds of thousands of sites that still have the Drupal flaw, which allows attackers to inject SQL code into a site and seize control of it.

Solution:
Organizations with Trend Micro Deep Security installed using the IPS module are safe. The General SQL Injection rule stops this attack.

image001

All the best,
Frederick
Technical Lead Nordics
https://www.linkedin.com/profile/view?id=203862061

Frederick Wennmark - Trend Micro

How to leak sensitive data from an isolated computer

It’s not always enough to even cut the wire to be 100% secure.

The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Still, this is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.

- See more at: http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper#sthash.upLbbkLV.dpuf

Maybe not your most critical security hole to patch. :-)

All the best,
Frederick
Technical Lead Nordics
https://www.linkedin.com/profile/view?id=203862061

Frederick Wennmark - Trend Micro