Cisco Blogs


Cisco Blog > Security

Crumbling to the Cookiebomb

Recently we have seen a spate of government websites hosting malicious Cookiebomb JavaScript. We have observed URLs with the top level domains such as ‘.gov.uk’, ‘.gov.tr’, ‘.gov.pl’ and the website of a middle eastern embassy in the US become compromised and expose visitors to malware infection. For malicious actors, highly reputable websites are a valuable target to compromise. Politically motivated attackers, such as the Syrian Electronic Army, can use these websites to highlight their cause, to cause embarrassment to an adversary, or to spread malware, possibly as part of a watering hole attack. Profit motivated distributors of malware can use these websites to infect the steady stream of visitors who trust the website and who are unlikely to suspect that it has been compromised.
Read More »

Tags: , , , ,

Syrian Electronic Army Cracks ShareThis.com GoDaddy Account

ShareThis provides a mechanism for web surfers to share content online through a customizable widget.  According to the information on their website, ShareThis interacts with “more than 94% of U.S. Internet users across more than 2 million publisher sites and 120+ social media channels.” On the evening of August 21, 2013, ShareThis reported that their website was experiencing “technical difficulties.” They posted a follow-up tweet the morning of August 22 declaring that the service was functioning properly.  What ShareThis did not disclose however, was that their GoDaddy domain account was compromised by the Syrian Electronic Army.

ShareThis goes down Aug 21ShareThis regains control Aug 22

Read More »

Tags: ,

Cisco Network Threat Defense Training at SecTor 2013

UPDATE:  Due to low registration numbers for our training, Cisco Network Threat Defense, at SecTor 2013 we unfortunately had to cancel our course.  For those who registered, we appreciate your support and look forward to meeting and delivering the training to you at another venue in the near future.

SecTor 2013, the seventh annual security conference in Toronto, Ontario, CA, will be held October 7-9 at the Metro Toronto Convention Centre in downtown Toronto. The conference provides an unmatched opportunity for IT and Security Professionals to learn the latest security research and techniques.   My colleague, Joe Karpenko and I will present Network Threat Defense Hands-on Training on October 7.

Our training will help you learn about securely deploying network services and to detect, classify, and prevent threats targeting a network. You will use Cisco network devices to configure and deploy advanced IPv4 network threat defenses and countermeasures. Once these defenses and countermeasures have been implemented, you will then validate the effectiveness of the defenses and adjust them to changing network conditions and attack profiles. This will help you to verify, measure, and update your defenses for real world threats.

Cisco is a proud sponsor, as well as training provider, and can save you 10% using discount code ‘CISCO-2013′ or ‘CISCO-Expo2013′ for a free expo pass! Registering for the full conference also provides an additional $100 discount towards training courses.

Please join us at SecTor 2013 in October. Register soon for discounted pricing. Please reach out with questions and we look forward to seeing you in Toronto!

Tags: , , ,

How Secure is Your Mobile Worker?

How well do you know your mobile worker? Understanding the mobile worker’s perceptions and behaviors will offer a better view on the potential security implications your organization must manage. Cisco recently released a new global infographic and white paper, the Cisco Connected World International Mobile Security study. They explore the mobile worker’s view points concerning working remotely, connecting to corporate, and their sense of security. Some of the findings are worth reflecting on to help you set the course for your mobile security efforts.

There is no question that the movement to mobile personal devices in the workforce has been well recognized. A recent response to this trend includes almost half of employers offering to fund workers to buy their own devices. Allowing the “chose your own” device alternative will attract and retain talent and reduce costs (see recent IBSG BYOD research), but what are the security implications?

There are a few striking data points to call out:

  • 63% of users download sensitive data on their devices. The frequency significantly increases in some countries which should alarm people doing business internationally if there are no precautions taken to secure the downloaded data. Imagine your financial data or product road maps being downloaded on an unprotected personal device.
  • Most believe remote access is a privilege. Yet in some countries they believe it’s a right as a worker. This establishes high expectations for IT to support and secure the devices including, but not limited to, extensive help desk calls.
  • Most users are diligent when a pop-up appears and will read through the details and determine what it really means. Yet, many workers from select countries generally tend to be less careful and accept warning pop-ups without reading the details which increases the risk that hidden malware will be downloaded. Hackers depend on this social mining effort.
  • 60% of users admit to engaging in risky behavior on a device (for example, personal or company-owned) while connected to corporate resources. This suggests that more security enforcement technology would benefit the prevention of data breaches and/or loss.

Data_Protection_Chart_1-300x115So, who really owns the mobile security issue? Mobile workers do not take full responsibility for a safe device with 84% believing that their IT will protect them from threats no matter what device is used. Sometimes IT’s perspective on this dependency is expressed with disbelief. An example of this issue was observed at BlackHat from a security professional during a demonstration we presented a couple weeks ago.

During the demonstration, we were showing how a user who inadvertently clicked on a phony URL sent in an email. That click triggered to phone an alert to a hacker that an “innocent” user is accessing the phony Internet site. The user unknowingly offered login credentials to their bank account. The hacker begins to record the users’ keystrokes to use later for malicious purposes. A security professional from BlackHat chimes in during the demonstration with the comment, “Dumb User.” The demonstration later showed how the combined effort of Cisco ISE and SIEM (Lancope) with unique TrustSec enforcement can identify and control the malicious activity with a single policy (for example, by segmenting and restricting users traffic close to the edge—on a network switch). The surprise to the security experts watching the demonstration was the concept that the network switch provided this enforcement.

Bottom Line: Most mobile workers have good intentions but do rely on IT to step in.

It would be great hear from you on your impressions of these recent findings and whether you are a mobile worker or an IT professional.

Please refer to Cisco’s security response for the mobile workforce: Secure Access

Tags: , , , , , , ,

The Highs and Lows of the Pump and Dump Scam

The Internet remains an environment where it is important to keep your wits. The recent indictment of nine individuals on stock fraud charges reminds us that the pump and dump scam continues to be perpetrated [1][2]. Stock spam emails were particularly prevalent during the mid-2000’s, with these messages reportedly comprising 15% of all spam in 2006 [3]. These messages sought to artificially increase demand for infrequently traded stocks so that fraudsters could unload cheaply bought shares at a profit to unsuspecting investors.
Read More »

Tags: , , ,