UK InfoSec Review for February 2013

• Microsoft issued one its largest ever monthly security updates

• Released as part ‘Patch Tuesday’ cycle on 12-Feb-13, bulletins MS13-009 to MS13-020

• Addresses 57 vulnerabilities in Windows, Office, Internet Explorer, Exchange and the .NET Framework. 

• 5 of these vulnerabilities were rated by Microsoft as ‘Critical’, Microsoft recommends to prioritise against MS13-009, MS13-010 and MS13-020

• Adobe release 'Critical' Flash Player update which fixes 2 Zero-Day vulnerabilities (7-Feb)

• Adobe said in an advisory that one of the vulnerabilities — CVE-2013-0634 - is being exploited in the wild in attacks delivered via malicious Flash content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment

• New York Times and New York Journal report "persistent" network infiltrations by Chinese Hackers, which they believe are state sponsored.

• Attacks considered as an ‘Advanced Persistent Threat’ (APT), said to have bypassed AV protection

• As a direct result of the attack the New York Times replaced all devices thought to be compromised with new devices http://www.bbc.co.uk/news/technology-21273617

• As a major FTSE 100 company, all Capita business digital assets are considered active targets of state sponsored attack and infiltration - http://www.ft.com/cms/s/0/5b9bf404-3d6c-11e2-b8b2-00144feabdc0.html#axzz2MDBzOjFO

• 250K Twitter Accounts Compromised by Cyber Attack

o   Hackers were able to access twitter data, including usernames, email addresses, session tokens and encrypted/salted versions of passwords

o Twitter had reset passwords and revoked session tokens for the affected accounts, and encouraged users to ensure they had strong passwords.

o   A Twitter spokesperson said “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked”

• Facebook discloses sophisticated hack

• It occurred "when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops.

• Facebook says the laptops in question "were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines 

• Government tasks FSA to produce Cyber Security guidance for Financial Services sector

• The Financial Services Authority (FSA) is to lead a government benchmarking scheme to produce guidance on cyber security for the financial services sector.

• This includes a benchmarking programme, led by the FSA, to identify cyber and technology practices of 30 major financial institutions which, once concluded, will result in the publication of an updated Business Continuity Management Practice Guide

• China military unit 'behind prolific hacking'

• A secretive branch of China's military is probably one of the world's "most prolific cyber espionage groups", according to Mandiant, a US cyber security firm. 

• Mandiant said Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world.

• Trustwave release Global Security Report 2013

• Cyber attacks are increasing with little sign of abatement.

• Valuable data makes businesses a target. Data is a viable commodity for cybercriminals

• Outsourcing IT and business systems saves money only if there’s no attack. Many third-party vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind.

• Employees leave the door open to attacks. Whether due to lack of education or policy enforcement, employees pick weak passwords, click on phishing links, and share company information on social and public platforms.

• Mandiant releases APT1 Report: Exposing One of China's Cyber Espionage Units

• Report identifies and details what Mandiant believes to be a building in China, responsible for state sponsored Advanced Persistent Threat (APT) against Western targets

• Websense releases 2013 Threat Report

• Web Threats. The web became significantly more malicious in 2012, both as an attack vector and as the primary support element of other attack trajectories (e.g., social, mobile, email).

• Social Media Threats. Shortened web links used across all social media platforms hid malicious content 32 percent of the time

• Email Threats. Only 1 in 5 emails sent was legitimate, as spam increased to 76 percent of email traffic. Phishing threats delivered via email also increased

• Malware Behavior. Cybercriminals adapted their methods to confuse and circumvent specific countermeasures. Fifty percent of web-connected malware became significantly bolder, downloading additional malicious executables within the first 60 seconds of infection.

Articles

• Bad outsourcing decisions cause 63% of data breaches

• 2012 Sets New Record for Reported Data Breaches

• 10 Head-Slapping Data Breaches

• Data Breaches not detected for months says report

• Study Shows One in Four Who Receive Data Breach Letter Become Fraud Victims

• Hackers behind bulk of the 2,644 data breaches in 2012

• Number of malicious websites spotted in 2012 quintuples

• The hackers hunting for clues about you