Crypsis … periodically | September 2017

Equifax

Ransomware has been knocked out of the headlines (however temporarily) by a new event, the Equifax news. Some 143 million credit records may have been stolen, potentially putting Social Security numbers, driver’s license and credit card numbers into the hands of criminals. Writing in Scientific American, Paul Rosenzweig reports that the company pointed to a flaw in the open-source software known as Apache STRUTS, which is used by about 65 percent of Fortune 100 companies. The problem for Equifax, Rosenzweig writes, is that the flaws in STRUTS are well-known and the Apache Foundation, which created the software, has worked to deploy fixes to patch problems.

Meanwhile, Brian Krebs is reporting on his blog that a security consultant examined Equifax’s South American operations online and found that it “took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: ‘admin/admin.’” Once inside the portal, the consultant’s researchers were able access the ID and email addresses of more than 100 Equifax employees in Argentina and they could add, modify or delete user accounts on the system.


OfNote@Crypsis …

Crypsis has hired a new Vice President who will be working in Los Angeles to serve our growing West Coast client base.  Heading up the West Coast operations will be Samuel Rubin, who joins the Crypsis team after 14 years with Stroz Friedberg, most recently as a Managing Director.  A frequent lecturer and expert witness on digital forensics and other cyber-related topics, Sam has provided technical advice and expert opinions in numerous high-stakes cases, including Epic Systems Corporation’s landmark victory in a trade secret misappropriation case, a federal criminal securities fraud case against the former CEO of Qwest, and civil litigation stemming from Scott Rothstein’s $1.2 billion dollar Ponzi scheme.

Crypsis has also added three consultants to our McLean headquarters and one to our Chicago office.  Joining us as senior consultant at HQ is Ramarcus Baylor, who has more than a decade of experience in cyber security and incident response at Mandiant, Syntricate, General Electric, and the U.S. Department of Defense.  Joining as consultants in McLean are Andrew Pritchett and David McAneny.  Andrew comes to us from the U.S. Customs and Border Protection’s Cyber Security Operations Center, where he was an endpoint threat detection incident response analyst.  David has a background as a computer forensics expert and has worked at the U.S. State Department, the U.S. Securities and Exchange Commission, and as a special agent in computer forensics in the Office of the Maryland State Prosecutor.  And Kyle Goode joins The Crypsis Group’s Chicago office as a consultant.  He most recently worked for Chicago’s inCyber Security as partner and senior security analyst.

The Crypsis Group is a finalist for “Cyber Risk Provider of the Year” in the Insider Rankings London Cyber Awards, sponsored by the publishers of the Insurance Insider magazine. The awards recognize the rising starts of London’s cyber market. Winners will be announced at a dinner event in London on September 29.


What We’re Reading …

Next year is a World Cup soccer year. The host will be Russia, and that has the Brits worried about hackers going after their national team’s players and staff while they are in the country for the tournament. Wired UK is reporting that the British Football Association will provide its own internet access for team members who attend the World Cup (providing the team makes the cut) and is planning to warn them not to use public Wi-Fi hotspots while they are there. According to Wired“Players are also expected to be given guidance on their use of social media and posting too many selfies that could reveal where the team’s secretive training camp is located.”

In the Lexology website, Sean Fields has a round-up of the main points from Cisco’s recently-released Midyear Cybersecurity Report, which is a comprehensive survey of the cyber threat landscape. Those points include: spam is back on the rise as a method of delivering malicious payloads, a new form of engineered spam called Business Email Compromise (BEC) is taking hold, cyber criminals are ‘working relentlessly’ to compromise corporate cloud networks, and Destruction of Service is looking to replace Denial of Service.


Webinars

In our webinar series “Tales from the Crypsis,” our experts and their special guests discuss the latest in cyber security challenges…

Next Live Webinar: Cyber Check-Up
Thursday, October 05, 2017 – 2:00 PM  [Register here

Cyber security breaches continue to be a significant area of concern in the healthcare industry with millions of patient records exposed and potentially compromised in breaches throughout 2017.  During this program, Nathan Kottkamp of the law firm McGuireWoods and Alec Randazzo of The Crypsis Group will discuss issues healthcare organizations should be aware of as they consider their security challenges and concerns.

Ready for Viewing on Demand

All of our past webinars are archived and can be streamed on demand – you can find a complete listing and links on our website.

Here’s the newest one that is available for viewing…

On-Demand Webinar:  Cyber School is in Session

In the course of our work at The Crypsis Group, much of what we encounter are common issues that plague organizations of all sizes. In this Back to Schoolsession, our cyber experts will share their real-world experiences and offer suggestions for how your organization can guard against and respond to cyber attacks.  We will address common mis-steps and how to avoid them, a legal perspective on legislative and policy changes you should be aware of, and practical advice on training and pre-breach resources your organization can employ to better safeguard your network.  Register and view the webinar.


Best Practice of the Month …

Many organizations are migrating to Office 365 for their email service. Unfortunately, audit logging for Office 365 is not enabled by default. Without audit logging, it is impossible to answer the following questions if an Office 365 account is compromised: 

  1. When did the threat actor access the account?
  2. Did the threat actor access files on OneDrive? 
  3. Did the threat actor access SharePoint? 

Save yourself from unanswered questions and enable audit logging in the Office 365 Audit and Compliance Center


Crypsis On the Road

We are excited to announce our free time lining tool that will change how responders analyze forensic artifacts! On October 8, Crypsis Senior Consultant ​Jon Tomczak will deliver a presentation on this entitled It’s About Time…the only timeline tool you’ll ever need at the SANS Digital Forensics Incident Response Summit in Prague, Czech Republic. The event, which follows a six-day set of DFIR courses, will feature highly technical forensics and incident response presentations by top practitioners in the industry.

On October 12, Crypsis Vice President Jason Rebholz will be at the NetDiligence Cyber Risk & Privacy Liability Forum in Santa Monica, CA, to appear on the panel Professional Services Breach: Law Firms.  Topics to be covered include the rise of cyber incidents, breach response and technology failures, the relationship between professional malpractice and cyber risk, and the nature of data handled by law firms.  The panel begins at 9 a.m.  Get the full conference agenda here.

On October 26, Advisen’s Cyber Risk Insights Conference will take place at the Grand Hyatt in New York. Crypsis Vice President Matt Ahrens will be on the 2 p.m. panel Dire Scenario(s)? Weaponized Malware Out of Control, which will explore “what if” scenarios in weaponized malware and how it could impact security going forward.  View the conference agenda.

On November 7, Crypsis Vice President Jason Rebholz will join the panel Cybersecurity: Its Impact on You and Your Customers at the PMMI 2017 Annual Meeting in Richmond, VA. The full conference agenda is here. PMMI is the leading global resource for the packaging and processing supply chain.

On November 14, Crypsis Vice President Jason Rebholz will appear on a panel entitled ShakedownStreet: Cyber Extortion, Data Breach and the Dirty Business of Bitcoin at the ANA/ABA 39th Marketing Law Conference in Chicago. The ANA – the Association of National Advertisers – is the nation’s premier marketing and advertising organization.

On December 4, Crypsis Vice President Sam Rubin will moderate a panel on The Year in Data Breach and Privacy Litigation at the ALM cyberSecure 2017 conference. The panel will cover how to effectively partner with outside counsel during litigation and the key factors to consider during breach reporting, disclosure notifications, insurance claim submission, and restoration of services. View the full conference agenda here.