As of May 1, 2014, we can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog.
Protecting company critical assets is a continuing challenge under normal threat conditions. The disclosure of zero-day exploits only makes the job of IT security engineers that much harder. When a new zero-day vulnerability was announced on April 26, 2014 for Microsoft Internet Explorer, corporate security organizations sprang into action assessing the potential risk and exposure, drafting remediation plans, and launching change packages to protect corporate assets.
Some companies however, rely on Managed Security Services to protect those same IT assets. As a Cisco Managed Security services customer, the action was taken to deploy updated IPS signatures to detect and protect the companies critical IT assets. In more detail, the IPS Signature team, as a member of the Microsoft Active Protections Program (MAPP), developed and released Cisco IPS signature 4256/0 in update S791 and Snort rules 30794 & 30803 were available in the ruleset dated 4-28-2014. The Cisco Managed Security team, including Managed Threat Defense, received the update as soon as it became available April 28th. Generally, Cisco Managed Security customers have new IPS signature packs applied during regularly scheduled maintenance windows. In the event of a zero-day, the managed security team reached out to customers proactively to advise them of the exploit and immediately were able to apply signature pack updates to detect and protect customer networks.
While corporate security organizations must still assess ongoing risks and direct overall remediations to protect corporate data, Cisco can take the actions to provide security visibility into the targeted attacks, increase protection with fresh signatures, and reduce risk profile for the corporate InfoSec program.
For more detail on the vulnerability, please see Martin Lee’s blog post.
More details about this exploit and mitigation information can be found on the following links:
For additional information about Cisco Managed Security solutions please refer to the following links and contact your Cisco Services sales representative:
Tags: Cisco Managed Services, infosec, intellishield, IPS, Managed Security Services, Managed Threat Defense, Snort, TRAC, VRT, zero-day exploit
A couple weeks ago, we spoke about the mobility journey and the phases that organizations take as they embrace the widely accepted mode of mobility—Beyond BYOD to Workspace Mobility (device-focus, application-focus and experience-focus). Whatever phase your organization is in, security is a top priority. These phases can help determine your secure mobility approach but your risk aversion level will also define it. Whatever your risk tolerance, the mobile threat landscape is extremely active and clever—do not underestimate it.
The dynamic nature of mobile threats does not stop by simply entering from your mobile device but it can further propagate and manifest across the network, wired devices, virtual, cloud and data center environments. So your secure mobility approach must be non-stop, continuous and pervasive—end to end. To hinder the chance of threat damage or inappropriate access whether intentional or not, one must offer comprehensive secure mobile access controls at the access layer across each phase of an attack, before, during and after.
Read More »
Tags: ATP, Black Hat, data protection, enforcement, MDM, secure mobility, SIEM, threats
Let me tell you a little about a country I’d not been to before until recently: Chile. Beyond its abundant natural resources and terrific terroir for wine grapes, Chile has become a hub for banking and retail companies with operations that span Latin America. Through the continued growth of business and the Chilean public sector and government leadership going through a period of change, Chile continues to adopt cutting edge technology to become more connected. In short, Chile is quite amazing.
Read More »
Tags: cybersecurity, globalization
Takedowns of prolific spam botnets, such as Rustock in 2011 and Grum in 2012, had a substantial effect on reducing overall global spam volumes. This, combined with diminishing returns for spammers sending via bots, had left many email recipients basking in the comfort of (mostly) clean inboxes. No doubt this downward trend in global spam volumes also saved countless dollars that would have otherwise been frittered away on phony university degrees, suspect weight loss products, and erectile dysfunction medication.
Unfortunately, however, the good times seem to be coming to an end. Spam volumes have increased to the point that spam is now at its highest level since late 2010. Below is the graph of global spam volume as reported by Cisco SenderBase. From June 2013 to January 2014, spam was averaging between 50-100 billion messages per month, but as of March 2014 volumes were peaking above 200 billion messages per month–more than a 2X increase above normal.
Read More »
Tags: CBL, SenderBase, spam
The Insider Lifecycle
Traditional security is designed to keep outsiders from getting in. What happens when the enemy is an insider? A new paradigm must be explored, where the focus needs to shift inward and how data is going outbound.
Identifying anomalies in data exfiltration is critical to how to spot the insider. The insider has a typical lifecycle:
1. Identify places where sensitive data is store
2. Retrieve the data from the location
3. Move the data within the organization to prepare for exfiltration
4. Transfer the data outside the organization
Arguably, the weak points of this chain of events occur in steps 1, 2, and 4, where the insider must go through funnel points—near the data and at a public outbound connection.
Things to Look For
In almost all cases of data theft, the insider had access to the data, but in many cases, the insider’s role would have been suspect when considering the data they were accessing. Consequently, role should be examined for the end user in the context of data they are accessing.
Read More »
Tags: compromise, espionage, exfiltration, insider, insider threat, intellectual property, security, Sensitive data, threat