Cisco Blogs


Cisco Blog > Security

Summary: Hacking Made Easy – Courtesy of IoT

July 31, 2013 at 1:33 pm PST

With the emergence of the Internet of Things (IoT), technology has become an integral part of our daily lives and promises to become even more prevalent in the near future. While this is normally a good thing – making our lives easier and more comfortable, any technology can be just as easily turned against us if it hasn’t been properly secured. In fact, there seems to be a direct correlation between the value of a connected object in our daily lives and the degree of pain inflicted if that object falls prey to hackers. Two recent articles in well-known publications highlight this fact.

Because IoT puts technology closer to home than ever before, much more is at stake than with prior networks.  As a result, the need for proper security can’t be emphasized enough.

Read the full Hacking Made Easy – Courtesy of IoT blog to learn more and to and gain access to the two articles.

Tags: , , , ,

How Secure is Your Secure Access?

July 30, 2013 at 8:04 am PST

In June, I attended the Gartner Security Summit in Washington, D.C. where I was asked by quite a few security executives, “My network folks just bought ISE, but what is ISE and what type of security does it provide?”  Fast forward to July, and I wish I had this SANS review on ISE to offer a month earlier.  (SANS, as many security professionals know, is a highly regarded organization on IT security and cyber security.) Read More »

Tags: , , , , , , , , , , ,

Security Implications of Cheaper Storage

An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess of US$1,000,000, with possibly a price premium for small size and portability. In fact, it cost me about US$10, evidence of the continuing drop in the price of electronic storage media in terms of price by stored byte. The amount of storage that can be acquired for a given cost has roughly doubled every 14 months since 1980 [1]. There is nothing to suggest that this trend won’t continue for the foreseeable future. We can look forward to larger and larger data storage devices at cheaper cost. But what are the implications of this trend for security professionals? Read More »

Tags: , , , ,

July, a Busy Month for Breaches

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords and email addresses [2]. Additionally, Apple have announced that their developer website has had an unknown amount of personal data stolen [3].
Read More »

Tags: , , , , , ,

Zeus Botnet Impersonating Trusteer Rapport Update

July 19, 2013 at 12:50 pm PST

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called Rapport. Within minutes of the campaign starting, we were seeing millions of messages.

spam3

This spam impersonated a security update from Trusteer. Attached to this file was the “RaportUpdate” file, which contained a trojan. We’ve identified this specific trojan as Fareit. This file is designed to impersonate an update to the legitimate Rapport product, which, as described by Trusteer, “Protects end users against Man-in-the-Browser malware and phishing attacks. By preventing attacks, such as Man-in-the-Browser and Man-in-the-Middle, Trusteer Rapport secures credentials and personal information and stops online fraud and account takeover.”

It’s important to note that while this end-point solution is designed to protect against browser-based threats, this specific attack is email-based. If the user downloads and executes the attachment via their mail client, it could bypass their browser and the protections of a legitimate Rapport client, entirely. If an end user is tricked into running malicious software for an attack via an avenue the attacker can reasonably predict, it becomes much easier to bypass network security devices and software.

 

Read More »

Tags: , , , , , , ,