Google recently announced a zero-day vulnerability within its Chrome web browser and released a notification that the vulnerability is actively being exploited in the wild.  At this time they have provided very limited technical details on the exact nature of the vulnerability but reports indicate that if successfully exploited an attacker could remotely run arbitrary code on a PC.

As a result, Tier1Net has executed a script to update all instances of Google Chrome running on Tier1Net managed PCs which are susceptible to this vulnerability.

Regardless, it is highly recommended to verify that your PC’s instance of Google Chrome is running version 72.0.3626.121.

For more information on checking Google Chrome’s version and updating it please click here

By Marc Capobianco

Financial Services sector continues to be a lucrative target for cybercriminals, with statistics showing data breaches rose 480% for this industry in 2018 alone. Email phishing remains the avenue of choice for cybercriminals and accounts for 92% of all attacks.  Unlike the past occasional phishing emails one might receive, which seemed obvious to spot (i.e. the rich Nigerian prince with millions tied up in a central bank who just needs $10,000), today’s phishing efforts are constant and Cybercriminals are leveraging advanced machine learning techniques to evade most modern firewall and endpoint detections systems.

 Today’s more elaborate phishing attacks often mimic an email from a co-worker, a vendor or bank that you regularly do business with, a client, or a website that you frequent (Netflix, Amazon).  The email looks legitimate and might be about a recent payment declined, your order being returned, or the status of an invoice payment.  The victim clicks the embedded link to review the order or account details and is taken to a fake website that looks identical to the legitimate website.  This fake web site may be using a disposable domain name that was set up for a very specific attack and will then vanish after the cybercriminal has siphoned the necessary data from their victim.

How to stay one step ahead?

Recommended Actions: 

1.        Implement Advanced Perimeter Anti-Spam Filtering Service with URL Defense

Advanced Email Protection services filter and quarantine inbound junk mail and spoofed emails in an individual quarantine while denying delivery for items containing known viruses or malicious content. URL Defense protects financial firms against targeted spear phishing attacks, zero-day exploits and advanced persistent threats.  URL defense employs sophisticated techniques to perform real-time dynamic analysis of the embedded URL in the e-mail protecting the user from accessing malicious, fake web sites or command and controller centers.

2.        Leverage Secure DNS Servers

Many organizations rely on public DNS servers from their ISP to direct web traffic to the appropriate domain name.  However, traffic can be directed to malicious or fake websites using newly registered domains, disposable domains, and other phone home command and control centers. Tier1Net recommends leveraging Secure DNS servers for name resolution and web browsing. These secure DNS servers use the Internet’s infrastructure to block malicious destinations before a connection is ever established identifying targeted attacks.

3.        Endpoint Protection with Artificial Intelligence

With more than 400,000 new viruses discovered daily, traditional anti-virus software is simply unable to keep pace.  Tier1Net recommends enhancing traditional AV software by adding on Intelligent Endpoint Protection and endpoint detection and response (EDR) that utilizes Machine Learning to protect against zero-day attacks.

Read more at https://techcrunch.com/2019/02/23/icann-ongoing-attacks-dns/

Contact Tier1Net to learn more about how Tier1Net is mitigating this risk with its Financial Services Cybersecurity Framework.

#OneStepAhead  #Cybersecurity  #GetTier1Net

 

 

 

 

 

 

 

The perils of using Internet Explorer as your default browser

Microsoft publicly puts Internet Explorer on death notice

Stop using Internet Explorer, warns Microsoft’s own security chief

 The headlines are clear.  Microsoft is going so far as to no longer even describe Internet Explorer as a web browser.  However, many internal financial business line applications as well as cloud hosted applications rely heavily on IE.   So, what isn’t so clear is what actions should financial firms take to mitigate this security risk in addition to using Google Chrome?

Microsoft introduced Edge with the Launch of Windows 10, but it runs on different standards than the most popular browsers today (Chrome, Mozilla & Firefox).  That’s why Microsoft is finally rebuilding Edge to run on Google’s Chromium backend web standards. This update will make the browser widely compatible with many business line and cloud hosted applications.  Industry critics are anticipated this update to Edge to be included in Microsoft’s April 2019 update.

Financial Firms should implement a Cybersecurity Framework that mitigates the risks associated with IE.  Tier1Net recommends removing and restricting IE from running on the corporate network where applicable.   In circumstances where IE may still be required, Tier1Net recommends implementing group policy restrictions and hardening standards that adhere to industry best practices to lock-down IE and mitigate any potential risks.  This Cybersecurity framework must take into consideration business line as well as cloud hosted applications to minimize any impact to business operations.

Contact Tier1Net to learn more about how Tier1Net is mitigating this risk in its Financial Services Cybersecurity Framework.

#CyberSecurity   #AlwaysLeading   #OneStepAhead   #GetTier1Net

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Background

The capability to conduct this type of “man in the middle attack”  is now widely available and in the hands of financially-driven cybercriminal groups.  The National Cyber Security Centre (NCSC) confirmed that SS7* is being used to intercept codes used for banking.  “We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA)”.  As the threat landscape continues to evolve so must a firm’s security posture.  The financial industry has seen an increased adoption rate in multi-factor authentication.  Many online financial providers now send a SMS text with a one-time code.  Consequently, Cyber criminals are now leveraging advanced machine learning techniques and launching more sophisticated attacks. 

*signaling System 7 (SS7) is a telephony protocol used world wide to setup and tear down  phone calls and used for SMS messaging.

 Technical Overview

Multi-factor authentication requires two of the following three components: 

  1. Something the user knows (like a password)
  2. Something the user has (like a mobile device)
  3. Something that is the user (fingerprint, iris scan, voice print)

Cyber Criminals typically gain access to the victim’s password through a phishing attempt or a credential spill from a previous data breach.  With the introduction of this “man in the middle attack” the Cyber Criminal no longer needs the victim’s cell phone as they are able to intercept the SMS message due to the inherent flaws in the global telecommunication signaling (SS7) infrastructure.

 Recommendation

  1. Implement a multi-layered Cybersecurity framework to mitigate the risk of phishing attempts and the impact of credential spills.
  2. Select a multi-factor authentication (MFA) provider that does not rely on SMS but rather requires an application on the mobile device.
  3. Leverage a Mobile Device Management Platform to properly secure mobile devices.

 Additional Details on these recent SS7 attacks can be found at:

https://www.technadu.com/telecom-infrastructure-ss7-attacks-rise/56704/

https://motherboard.vice.com/en_us/article/mbzvxv/criminals-hackers-ss7-uk-banks-metro-bank

 

 

 

 

 

 

 

 

 

 

 

 

1. Start with the data.

2. Understand the value of the data to the business.

3. Elevate data awareness within the firm

https://www.financial-planning.com/news/what-rias-should-learn-from-blackrocks-data-leak

 

Introduction

Details of a critical vulnerability impacting Microsoft’s Exchange 2013 and 2016 servers were recently discovered and made public.  If successfully exploited this vulnerability would allow an attacker to gain Domain Admin permissions within a company’s Active Directory infrastructure allowing nearly unrestricted access to a compromised server.  At this time Microsoft has not released a patch for this vulnerability.  Tier1Net customer’s which have implemented Tier1Net’s Cisco Umbrella Secure DNS and/or Duo Authentication services have their exposure to this vulnerability greatly reduced.

Technical Information

In order to successfully exploit this vulnerability an attacker would first need to gain the credentials to any existing mailbox on a targeted Exchange server.  This can be accomplished via phishing attacks or credential stuffing where an attacker uses breached credentials from one service to gain access to another service.  Once an attacker has access to a mailbox on the Exchange server they can then combine three known vulnerabilities to elevate the compromised account’s permissions to that of a Domain Admin.   A Domain Admin has full access to an Exchange server and can perform such tasks as resetting password, creating mailboxes, deleting mailboxes, etc.

Steps Being Taken by Tier1Net

Due to Tier1Net’s expertise and emphasis on cybersecurity, many of its customers are already protected from this latest vulnerability.  Furthermore, Tier1Net deploys multiple security layers to both its own internal and hosted infrastructures as well as client supported networks to greatly reduce the exploit risk of any single vulnerability.  To further reduce customer exposure to this vulnerability Tier1Net will be deploying a Microsoft supported mitigation tool to all managed and hosted Exchange servers.

Additional Information

https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
https://nakedsecurity.sophos.com/2019/01/30/privilege-escalation-vulnerability-uncovered-in-microsoft-exchange/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581

Change is Coming to Mass. Data Breach Law effective April 11, 2019. Here is what you need to know”

New Amendments to Massachusetts’ data breach notifications law

 

 

Banking Trojan Emotet returns from the holidays as the most costly, destructive and widespread malware campaign.  Emotet malware is highly modular and under constant development leveraging new advanced stealth threat capabilities.  Emotet is not only capable of bypassing traditional Anti-Spam and Anti-Virus solutions, but coupled with its worm-like techniques the payload rapidly spreads network-wide making it very difficult to combat.  The latest strain can detect if the victim’s IP address is on a spam list allowing the attacker to deliver more targeted messages to victims without the interference of spam filters.

Cybercriminals are now leveraging advanced machine learning to weaponize advanced persistent threats that go undetected by most traditional signature based Anti-Virus solutions.  At a rate of 400,000 new malware samples a day, traditional signature based Anti-Virus solutions are unable to keep pace and firms must combat these advanced threats leveraging artificial intelligence and advanced machine learning security technologies as part of their Cyber defense strategy.

More information on Emotet can be found here….

https://www.bleepingcomputer.com/news/security/emotet-returns-from-the-holidays-with-new-tricks/

https://www.bankinfosecurity.com/emotet-malware-returns-to-work-after-holiday-break-a-11955

#machineLearning #cyberSecurity #alwaysLeading #getTier1Net

The Financial Industry Regulatory Authority (FINRA) has shared its Report on Selected Cybersecurity Practices — 2018.  This report focuses on firms’ primary challenges and most frequent Cybersecurity findings from FINRA’s examination program. The report highlights the importance of Data Loss Prevention (DLP), Security Information and Event Management (SIEM) Solutions, Penetration Testing and Cybersecurity Training within the firm.

#cyberSecurity #alwaysLeading #getTier1Net

SEC Office of Compliance Inspections and Examinations Announces 2019 Examination Priorities

FOR IMMEDIATE RELEASE
2018-299

Washington D.C., Dec. 20, 2018 —
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) today announced its 2019 examination priorities. OCIE publishes its exam priorities annually to promote transparency of its examination program and provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. This year, particular emphasis will be on digital assets, cybersecurity, and matters of importance to retail investors, including fees, expenses, and conflicts of interest.

“OCIE continues to thoughtfully approach its examination program, leveraging technology and the SEC staff’s industry expertise,” said SEC Chairman Jay Clayton. “As these examination priorities show, OCIE will maintain its focus on critical market infrastructure and Main Street investors in 2019.”

“OCIE is steadfast in its commitment to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that improve compliance, prevent fraud, monitor risk, and inform policy. We believe our ongoing efforts to improve risk assessment and maintain an open dialogue with market participants advance these goals to the benefit of investors and the U.S. capital markets,” said OCIE Director Pete Driscoll.

This year, OCIE’s examination priorities are broken down into six categories: (1) compliance and risk at registrants responsible for critical market infrastructure; (2) matters of importance to retail investors, including seniors and those saving for retirement; (3) FINRA and MSRB; (4) digital assets; (5) cybersecurity; and (6) anti-money laundering programs.

Compliance and Risks in Critical Market Infrastructure – OCIE will continue to examine entities that provide services critical to the proper functioning of capital markets. OCIE will conduct examinations of these firms which include, among others, clearing agencies, national securities exchanges, and transfer agents, focusing on certain aspects of their operations and compliance with recently effective rules.

Retail Investors, Including Seniors and Those Saving for Retirement – Protecting Main Street investors continues to be a priority in 2019. OCIE will focus examinations on the disclosure and calculation of fees, expenses, and other charges investors pay, the supervision of representatives selling products and services to investors, broker-dealers entrusted with customer assets, and portfolio management and trading.

FINRA and MSRB – OCIE will continue its oversight of FINRA by focusing examinations on FINRA’s operations and regulatory programs and the quality of FINRA’s examinations of broker-dealers and municipal advisors. OCIE will also examine MSRB to evaluate the effectiveness of select operations and internal policies, procedures, and controls.

Cybersecurity – Each of OCIE’s examination programs will prioritize cybersecurity with an emphasis on, among other things, proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.

Anti-Money Laundering Programs – Examiners will review for compliance with applicable anti-money laundering requirements, including whether firms are appropriately adapting their AML programs to address their regulatory obligations.

The published priorities for 2019 are not exhaustive and will not be the only issues OCIE addresses in its examinations, Risk Alerts, and investor and industry outreach. While the priorities drive OCIE’s examinations, the scope of any examination is determined through a risk-based approach that includes analysis of the registrant’s operations, products offered, and other factors.

The collaborative effort to formulate the annual examination priorities starts with feedback from examination staff, who are uniquely positioned to identify the practices, products, and services that may pose significant risk to investors or the financial markets. OCIE staff also seek advice of the Chairman and Commissioners, staff from other SEC divisions and offices, and the SEC’s fellow regulators.

OCIE is responsible for conducting examinations of entities registered with the SEC, including more than 13,200 investment advisers, approximately 10,000 mutual funds and exchange traded funds, roughly 3,800 broker-dealers, about 330 transfer agents, seven active clearing agencies, 21 national securities exchanges, nearly 600 municipal advisors, FINRA, the MSRB, the Securities Investor Protection Corporation, and the Public Company Accounting Oversight Board, among others. The results of OCIE’s examinations are used by the SEC to inform rule-making initiatives, identify and monitor risks, improve industry practices, and pursue misconduct.

https://www.sec.gov/news/press-release/2018-299