l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - Malvertisements, Windows Update issues, CISA

Expect increases in malvertisements for 2016

MP3 - Expect increases in malvertisements for 2016


2016 - Expect massive increase in malvertisements

As a result, criminals have paid for advertising services in order to sneak malicious code onto all the legitimate web sites that use that service. Over the past two years, this has been a very successful technique for cyber criminals to redirect innocent users browsing the web to their malicious drive-by download sites.

The good news is a number of reputation services and security products have become better at detecting malicious advertisements, and preventing your users from getting redirected to these evil sites. However, the criminals are fighting back. They have started to implement a number of techniques to obfuscate their malicious web code, including encoding their malicious JavaScript or by burying their attack in a Shockwave video file. The most recent obfuscation technique is the simplest—they serve their malicious advertisement over HTTPS.

In 2016, expect malvertising attempts to triple and for it to succeed more regularly due to its use of HTTPS. Criminals know that security products and companies are keeping on the look out for malicious ads. They also know that many security controls cannot see into HTTPS traffic. By encrypting their malvertising campaigns, they hope to bypass most detections next year. If you don’t have security controls that can monitor HTTPS, you should update as soon as you can.

Microsoft Update issues and how to fix them

There is a bad Microsoft Update in the wild that causes computers to come up after patches stating that they are rolling back the update due to a failure in applying the update. "Do not turn off your computer".
My recommendation is to let that go. In the few cases I have seen it, you need to let the process do its thing and the computer will come back up. The issue with MS update is very unexpected because MS updates are very well tested and vetted. It is unusual to have so many computers with issues.
    What I did to fix it:
    - Disk Cleanup Wizard
    - Windows Update repair
    - In Control Panel, under Troubleshooting, Run Maintenance Tasks and see if it finds any issues to action.
    - Install updates one at a time with a reboot in between to isolate the problem

Auto-rooting malware on Android is nearly impossible to remove

 "At first, we wondered why someone would infect an enterprise two-factor authentication app in order to serve ads, neglecting the opportunity to harvest and exfiltrate user credentials," the Lookout researchers wrote. "However, looking at the distribution portion of the command and control server, it appears that these families programmatically repacked thousands of popular apps from first-tier app stores like Google Play and its localized equivalents. Curiously, antivirus apps appear to have been specifically excluded, suggesting a high level of planning when creating these malware campaigns."

CISA was passed with privacy-invasive features fully intact
It's a free pass to companies to spy on everything you do electronically and report it to the government, therefore in full violation of privacy laws.
 “Every law is struck down for the purposes of this information sharing: financial privacy, electronic communications privacy, health privacy, none of it would matter,” says Robyn Greene, policy counsel for the Open Technology Institute. “That’s a dangerous road to go down.”

Security professionals doubt that this information sharing will have any value in stopping cyberattacks.

The 6/8/2015 Forrester Research report on the OPM breach specifies real, actionable steps that can be done to substantially improve security.
Download the file here.
One of the Forrester team's recommendations was to Build out a privileged identity managment strategy. 70-80% of all data breaches involve use of privileged and administrative passwords and credentials.
They recommend the use of solutions to detect behavioral anomalies. Microsoft has a new solution for that that QPC will be testing.
The Forrester team lists several commercial products that can fill this gap now.
The Forrester team also talks about using encryption wherever possible. That means multi-layered enryption.
They refer to the standard of role-based access control and least-rights privilege access.
Many of these are all methods that can and should be used even by individuals at home.
The Forrester team discussed the need for network analysis and visibility tools. At QPC, we use WatchGuard Fireboxes, Dimension, and daily security system reports to know what is going on. This helps with trend analysis and behavior anomalies can be detected.

Krebs On Security - Are Credit Monitoring Services Worth It?