I suspect that when we use the term “branch” when talking about businesses, many minds think of a bank. But actually, the notion of a branch is much more widespread for organizations as they pursue flexible options for expanding their workforce, as well as globalization. From an IT perspective, the branch has changed from a few remote offices each with multiple people to sometimes thousands of remote workers connecting to the network from their home offices. In fact, according to a recent survey, the number of employees working away from headquarters is approaching 90%.
In a previous post I provided an overview of the Cisco Global Correlation (GC) capability that was recently added to Cisco Intrusion Prevention Systems (IPS). The information sent to SensorBase includes signatures that generated alerts and other relevant data.
I thought it would be interesting to highlight what we can learn from this growing data set. I intend to focus my analysis around FTP-related signatures. Because FTP security issues are relatively well understood, I will be able to highlight the correlation capability we have at our disposal and focus less on the specific threat that is driving my analysis.
About a month ago, there was a coordinated disclosure on a flaw in TCP which affected a number of vendors, including Cisco. As is often the case when a vulnerability is disclosed in a widely-deployed technology such as TCP, it’s in the best interests of customers and the industry alike that everyone agrees on a common solution to the issue, as well as a date and time of disclosure. In this most recent event, the issue was first reported over a year ago — so what took vendors so long to formally address the flaw?
With the recent deluge of phishing attacks (see 1, 2, 3, 4 and 5) it’s time once again to review some of the more common phishing methods and what you can do to spot and defeat them. Below I go over three you’re likely to see: Phishers getting to know you, complimenting, and befriending you. You’ll notice the tactics used by phishers build on each other. Unfortunately, as users have become more sophisticated, so have phishers.
[Before we go further you might be wondering… What the heck is phishing? Is it fun? Does it go well with lemon and dill? Answer: Phishing is the term used for the attempt at getting usernames/passwords/other credentials out of someone through subterfuge. It is only fun if you do it to your siblings or friends in jest. I wouldn’t recommend lemon near your computer.]
Recent reports from security firm Finjan have highlighted an emerging capability for malicious code. The URLZone Trojan has the ability to alter HTML pages for certain German banks when viewed through a browser on an infected system. As a result, the attacker employing the trojan can make large transfers to the accounts of “mules”, who are often duped accomplices that launder transactions, without alerting the user of the infected system. The end result is that customers who trust only the information that their computer displays from their bank’s web site might not know that they have been defrauded. It might take an account overdraw or some other out-of-band event to make them aware of the shortfall.