Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Cyber Attacks On US Companies in 2014

by

By

The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector’s information security. According to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”

A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014. The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.

This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.) By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries. These attacks targeted administrative and customer data and, in some cases, financial data.

Read Full Article - >

Cyber Attacks Article

APT Attacks

by

According to an article in info-security, most security professionals expect an APT attack in the next six months. Within the article, it is quoted:

“The three structures of IT Security used to be ‘prevention’, ‘detection’ and ‘remediation’. However, with prevention an almost impossible task due to the very nature of the way IT is used today, it now falls down to ‘detection’ as the best way to protect systems,”.

Prevention is extremely difficult, however, using a defense in depth will assist - implementing a Unified Threat Management system, endpoint protection, as well as utilizing a NAC solution to see who is on your network, as well as stop communication back to command and control, are great first steps.

Using an Event Log Management system or SIEM will help detect abnormal behaviour, improving detection of not only malware or APTS, but also unusual activity by employees, guests, and other cyber threats. Most ELMs, or SIEMs have the ability to do file integrity monitoring as well - providing you with detailed information on what files were altered and by whom.

Take a look at some of our whitepapers on APT’s, or contact us.

 

Enterprise Snare Agent for Windows

by

A new version of the Enterprise Snare Agent for Windows is available for our clients. This release is primarily a bug fix:

Regular expression (RegEx) matching memory fix
If regular expression matching option is selected for objective(s) then in Snare Enterprise Agents prior to v4.2.6, it can cause an internal application crash every 10 minutes. It may log an application crash error in the Windows application log and a restart of the Snare service every 10 minutes. The issue was related to mishandling of the memory associated with the regular expression

For complete release notes and to access your client area please click here,

Employees are number-one cyber security threat

by

Despite attention-grabbing headlines about cyber-threats from external attackers, company bosses in fact see their own employees as the greatest threat to corporate data and computer systems.

That is the view of 53% of respondents to ‘Boardroom Cyber Watch 2013’, an international survey of senior executive opinion conducted by IT Governance, the global leader in IT governance, risk management and compliance expertise.

The threat from employees was ranked ahead of risks from criminals (27%), state-sponsored cyber-attackers (12%) and competitors (8%) by an international sample of 260 board directors, IT directors and other technology professionals polled by IT Governance in April and May 2013.

The survey confirms the high level of cyber-threat facing today’s organisations, with 25% of bosses saying they have received a ‘concerted attack’ in the past 12 months. However, the true total may be higher, as over 20% are unsure if their organisation has been subject to such an attack.

However, many board directors still appear inadequately informed about cyber-risks. While a majority of respondents say their board receives ‘regular’ reports on the status of their organisation’s IT security, 52% say that such reports are received, at best, annually. Only 5% say reports are submitted daily, with 11% being submitted weekly and 33% monthly.

View full article

Website vulnerabilities down, but progress still needed, survey finds

by

SearchSecurity - George Leopold, Contributor Published: 02 May 2013

Fully one-third of all websites surveyed last year were found to be vulnerable on a daily basis to a “serious” flaw like cross-site scripting, information leakage or content spoofing, according to a report on site vulnerabilities released today by WhiteHat Security.

While industries like entertainment and media were relatively quick to fix website vulnerabilities (an average of 33 days), WhiteHat’s survey found that industry-wide the average was 193 days from first notification.

Retail, health care and insurance websites were among the laggards, each taking well over 200 days to fix their sites after notification. Frequently updated retail sites, for instance, generally pose greater security challenges for Web developers, experts said, because each code deployment introduces new vulnerabilities.

“It’s an unforgiving environment,” stressed Jeremiah Grossman, WhiteHat Security’s founder and chief technical officer. The proliferation of “broken code” results in a “race to see who can exploit vulnerabilities.” Hence, most security patches for websites don’t work.

Still, the remediation rate for all sites surveyed was 61% in 2012, the Web security firm found, compared to only 35% in 2007.

[Read Full Article]