Check to see if your Adobe email was leaked during a recent breach. Change passwords on any account including on Adobe. Never use the same password for different websites.
Digital Attack Map is an excellent interactive attack map that allows for the viewing of DDoS attacks and more.
This offers an animated view of DDoS attacks and has a gallery including news links on some of the largest attacks.
Thanks Kevin for sharing!
The Enhanced Mitigation Experience Toolkit which is also known as EMET is designed to assist IT Pros with securing their systems. EMET helps to block hackers from accessing systems. EMET helps to block common attacks and enables IT personnel to manage security.
An excellent review of EMET.
Microsoft Download and Blog on EMET
“Anonymous’ failed attack against Israeli websites last month has left security experts cautiously optimistic that the hacktivist group will be unsuccessful in its plans to disrupt U.S. government and banking sites.
Anonymous plans to launch distributed denial of service (DDoS) attacks on May 7 against nine government sites and more than 130 financial institutions….”
Secure your devices. Bottom-line, there are malicious users on the web that can find your device (webcams, IP cameras, routers, SCADA and other devices). Change the default passwords and update software/firmware when it is available. Disable UPNP and look for vulnerabilities that may affect your device.
CNN’s Money on “Hacking anything connected to the internet“
Mickey found a great site that gives the approximate time it will take to break your password. The site, howsecureismypassword.net gives the approximate time and a background color that indicates how secure your password is. There are other things to worry about. One of the things people don’t realize is that the code in your website may reveal even the most complex passwords. It is up to the webmaster of your site to keep you secure.
The website sicherheitstacho.edu shows cyber attacks as they happen. Currently with 97 sensors, the site gives information about malicious activities on the web.
This post is for educational purposes and any use of these tools against a network without explicit permission could be illegal. Metasploit is designed to identify weaknesses in networks and hardware/software on a network. Do NOT use metasploit for other reasons.
Want to protect your network and the computers in your network? You can get updates for your operating systems (Linux, Mac, iOS, Android, Windows or whatever) along with updates for third party programs yet you can still be unsecure. When updating these products, you also have to remember firmware and updates for wireless devices, access points, bridges, firewalls, routers, switches, SCADA devices, robots, mobile devices, printers and any device on your network.
Metasploit Community is free and allows for a free scan of your network or server. Although limited (Try Pro for details and Brute Force), Metasploit Community is a first step in finding open services and ports on your operating system, hardware devices such as routers and other devices. The trick to installing Metasploit is to disable your antivirus or make exceptions to what your antivirus finds. You should truly install the software inside of a VM (Virtual Machine) so that your computer remains protected.
You can use Metasploit to protect your network by ‘seeing’ what a hacker or malicious person would see. Truly for network professionals and auditors, this software can help you identify services, ports and weaknesses in your network.
There are several versions of Metasploit – Community, Pro, Express and Framework (Compare Editions)
The above scan was in a controlled lab. Malicious scanning of networks may be illegal. Read Penetration Basics on Metasploit’s website.
2013 Predictions – Cyber Threats
- As BYOD takes off in the workplace and in education, the use of social media along with emails on BYOD devices will cause infections and loss of data
- IDS/IPS systems along with firewalls that are not implemented in medical facilities and doctors’ offices will cause data loss as records are moved online- The medical industry needs quality audits at all levels.
- DDoS attacks will increase (at this time, around 65% of companies experience this annually)
- Cyber attacks will increase against the U.S.
- Advanced SQL injections will lead to more data theft
- Use of social networking and personal surfing habits at work will continue to lead to corporate data loss
- Cheap Android tablets that don’t offer updates (security) are being sold at a record breaking rate this Christmas - this becomes the weakest link on home and business networks creating a vehicle for data loss
- Application Markets will try to stop malicious apps from being uploaded but the overwhelming demand of consumerization and application development outpace quality control on the source market. This will continue to allow malicious software to be uploaded.
- Outdated insecure applications will continue to be a problem
- Botnets will infect smartTVs and other home based devices on your network
- Counterfeited components manufacturing will increase
- Infected firmware will increase on devices (backdoors) i.e. printers, hard drives, picture frames, wi-fi devices
- Cloud computing and storage will be hacked
- Incorrect sharing of documents on cloud servers will become a problem
- Data loss will be recorded on personal devices that contain corporate documents
- MAC OS will become a more attractive target
- SCADA will become a large target
Have a prediction? Let us know. We’ll post it.
Manufacturers should have a quality team to insure that devices are up-to-date and business and home owners need policies (rules) on internet usage. Consumers need to be educated on products and safe internet usage.
China-backed hackers’ tactics are continuing and evolving, U.S. Defense Secretary Leon Panetta says, and are expanding and focusing more intently on critical American oil, gas and other energy companies. Chinese officials have steadfastly denied the cyberattacks, saying they also are victims of computer hackers and breaches. Read more: Panetta: Chinese Cyberattacks Unabated | CIO Today.
“If IT security departments want to truly meet the risks posed by today’s advanced threats, they need to get more scientific with how they develop their strategies. Because based on the breach statistics and malware infection rates, the old methods aren’t even close to adequate, security experts warn.”4 Reasons Why IT Security Needs Risk Management – Dark Reading.
Other good reads on Dark Reading
Companies should not trust vendors’ claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses.
There complete Black Hat USA coverage.
From Help Net Security
47 individuals were arrested on Wednesday by the officers of the Royal Canadian Mounted Police following an investigation of a highly organized and disciplined criminal ring that has managed to steal at least $7 million via cloned bank cards…read more