Tuesday, June 28, 2011

Have we seen the last of LulzSec?

I don't think so.  LulzSec last week supposedly threw up the white flag last week and decided to disband.  Was this because the Anonymous group was going to go after them or because law enforcement was hot on their trail?  I have a different theory.

I believe we will still see attacks by this group except it will be under a new name or a splinter faction.  LulzSec drew a lot of attention over the last couple of months by their attacks on PBS and the Arizona DPS, and it was this attention that may have drew the ire of some hacker groups (Anonyomous Group) for bringing too much attention or stealing the limelight.  It has been remored that there may have also been a splintering of LulzSec by those who did not want to draw this attention.  Either way, I still believe we have not heard the last of LulzSec.

Friday, June 3, 2011

Small and Medium Size Business...You to should be concerned about Cyber Attacks as well

Yesterday in the Financial Times was a report on the current issues surrounding Cyber Security.  The report had many articles on current attacks to large enterprises and what we can can expect in 2011 (download the report here).  One of the articles titled "Market chaos leaves small businesses as primary target",  mentions an all too familiar issue with small to medium size businesses, the “accidental IT guy – or gal."

Small and medium size businesses sometimes have a person in charge of any IT issues that are put in that position because there is not a qualified person on staff or the duties just sorta of fall in their lap.  Whatever the reason, the network then becomes vulnerable to cyber thiefs because they know the network may not be secure and an easy mark for an attack.

Due to the current fiscal crisis that a lot of small and businesses are growing through, IT security is usually put on the back burner.  This usually leads to a vulnerable network, that a hacker may be able to attack and steal either data or financial information.  Think about it, why would hackers try and go after a large enterprise with its security when it could go after a small or medium size business's unprotected network?  If your business is collecting and type of data or financial information, your company is vulnerable.  This is a growing problem and one that needs to be addressed if you want to protect your business.

What is the answer to this growing problem?  Small and medium size business's need to have a trained IT security person on their staff or hire a  security consultant to do a security audit for the whole company and a penetration test to ensure all vulnerabilities are addressed and countermeasures are in place.

In this day and age the worst thing a business can do is ignore a cyber threat because they think "It won't happen to our company."   You never know it may have happened already and you just don't know it.

If you have any questions on small or medium size business IT security, please feel free to contact me:

wpruett@everestkc.net
Tom Pruett
Security and Network Engineer Consultant
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEH, CHFI, A+, Network+, Security+
 

Wednesday, June 1, 2011

Latest Security Events - Two Different Issues, Same Result

In the past week 2 companies have been hit with security breaches regarding unauthorized access.  Although both incidents are different in the mode of attack the outcome is still the same, unauthorized access causing downtime and loss of integrity in a system which in the long run will have more of a financial impact. 

First Lockheed Martin is hit with authorized access surrounding the use of remote server access by employees using RSA token system.  Right now Lockheed Martin is reporting that a remote server was hacked into and that the hacker gained access to a system by possibly using an RSA token.  This is significant because RSA in March reported a security breach and that possibly tokens were stolen.  Could a hacker have used a stolen token to access Lockheed Martin or could a Lockheed Martin employee token been stolen and used to gain access?  The answer is not clear and we may never know.  However swift action by Lockheed Martin's cyber-security unit prevented any more unauthorized access or breach of data.

Second, PBS reported thier website was defaced by hackers because of the airing of the
"Wiki Leaks story" last week.  The hacking group claimed they were upset over the show and decided to show PBS the power of a hacking group.  The website was restored and new security measures were added to prevent this type of attack in the future.

So what do these two different security breaches have in common?  Both show what happens when "a threat + a vulnerablity = a breach."  It can be assumed that Lockheed Martin, the largest supplier of military airplanes, has very good security.  PBS, well since they are a non-profit company, they might not have the tightest security.  Both Lockheed and PBS remind us that no matter what your company, vulnerabilities have to be addressed or eventually your company will either have a major disruption or downtime.