All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions.
Cisco Talos is aware of the public discourse surrounding the malware family dubbed “The Equation Family”. As of February 17th the following rules (33543 – 33546 MALWARE-CNC Win.Trojan.Equation) were released to detect the Equation Family traffic. These rules may be found in the Cisco FireSIGHT Management Console (Defense Center), or in the Subscriber Ruleset on Snort.org. Talos security researchers have also added the associated IPs, Domains, URLs, and hashes to all Cisco security devices to provide immediate protection across the network. Talos will continue to monitor public information as well as continue to independently research to provide coverage to this malware family.
Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.
CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.
The Network Security protection of IPS and NGFW have up-to-date signatures to detect malicious network activity by threat actors.
While email has not been observed as an attack vector, ESA is capable of blocking the malware used in this campaign.
I recently received notice from my bank that they were changing my bank card number — again — due to suspicious activity on my account. This is the third such notification received in the past twelve months! Although it is an annoyance and a bit inconvenient, I do appreciate the bank’s attempt to protect my financial data. Moreover, it represents a much larger problem than mine but a major concern for businesses the world over. It is just one example of the pervasive issue of data security and attests to the sad fact that we are living in a time with a very dynamic threat landscape.
It is estimated that the annual cost of cyber-crime to the global economy ranges from $375 billion to as much as $575 billion, according to a 2014 study by the Center for Strategic and International Studies. In addition, the study reports that as many as 350,000 jobs in the US and EMEAR are lost because of malicious online activity.
In PricewaterhouseCooper’s 17th Annual Global CEO Survey, half the top execs surveyed expressed concern about cyber threats to their organization. Their concern is certainly warranted, as Cisco’s 2014 Mid-Year Security Report disclosed that 100 percent of networks analyzed showed traffic going to sites hosting malware. This is a very expensive problem. According to the Ponemon Institute, the cost of an organizational data breach in the U.S. averages $5.85 million (up from $5.4 million in 2013). It not only affects a business financially but corrodes consumer confidence as well. Read More »
Midsize organizations are among the earliest adopters of new technologies. In general, they conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and Bring Your Own Device (BYOD) technologies. Fast adoption of innovations helps them to compete against larger organizations by meeting customer demands more cost effectively. But these business enablers are also creating security vulnerabilities that adversaries are exploiting for financial gain.
Adversaries aren’t just targeting prized assets like customer and employee data, invoices, and intellectual property. Cybercriminals also recognize that smaller companies are a vector into the networks of larger corporations. A 2013 study conducted by PricewaterhouseCoopers on behalf of the UK Government Department for Business, Innovation and Skills found that 87 percent of small businesses had been compromised, up 10 percent from the previous year. Many small and midsize companies are now mandated by partners to improve their threat defense. Regardless of size, organizations have legal and fiduciary responsibilities to protect valuable data, intellectual property, and trade secrets.
We are now in the era of IoT “Internet of Things”. It’s a concept that not only has the potential to impact how we live but also how we work. And as things become more connected, people become more concerned about their security and privacy. I have gone through a lot of technical conversation about IoT and realized how paranoid people are about their connected devices and appliances.
The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart objects or networks such as Wireless Sensor Networks (WSNs). By 2020 there will be over 26 Billion connected devices and some estimate this number to be more than 100 Billion connected devices. This includes mobile phones, Smart TVs, washing machines, wearable devices, Microwave, Fridges, headphones, door locks, garage door openers, scales, home alarms, hubs for multiple devices, remote power outlets and almost anything else you can think of like your car and airplane jet engines.
Ways of securing the traditional Internet networks have been established and tested. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is, therefore, reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT.
What will we do about managing the usernames and passwords of every single connected device? What about our privacy? What if some hacker was able to control our video cameras? More and more questions are being asked and more security concerns are being escalated. Do we really have to be paranoid about IoT?
IoT was already there
Most of us have Computers, Laptops, Tablets, Mobile phones, Printers, Game consoles, Media players, Storage device, Video Cameras and Satellite Receivers which are already connected to our home networks. Those are some of the Internet of Things devices and we were OK with that although if some hacker could hack into one of the cameras connected to one of the Laptops or even to one of the Smart TVs, he could see what’s going on inside the home
So what is the problem?
The problem is not with IoT, the problem is with how we understand IoT. IoT not only means the interconnectedness of appliances, computers, microprocessors and machines, all of which have IP addresses or some form of digital identification, it also means the interconnectedness of devices coupled with automated and centralized data collection and analysis capabilities from those devices or processors linked to them. This leads to tremendous possibilities to develop new applications for the IoT, such as home automation and home security management, smart energy monitoring and management, item and shipment tracking, surveillance and military, smart cities, health monitoring, logistics monitoring and management. Due to the global connectivity and sensitivity of applications, security in real deployments in the IoT is a requirement.
Cisco is very clear about IoT Security:
“IoT security requires a new approach that combines physical and cyber security components.”
Learn how Cisco can help you more securely implement the opportunities and benefits the IoT can bring. IoT Security
Please watch this video, where Dan O’Malley and “Rick the Radio Guy” give an overview about how Cisco IPICS open standards and integrated technologies enable Internet of Things Secure Mobile Communications and Communications Interoperability to support mission needs for Public Safety, Defense, Manufacturing, Utilities, Transportation, Mining, and more.