ANCHOR CYBER FEED

"Maktub Locker" Ransomware Stands Out for Evasiveness and Design A new strain of ransomware was discovered last week, and is called "Maktub Locker." This ransomware is characterized by its evasive properties once installed; many file locations and even extensions are different on every victim. The ransom demanded to decrypt victims' files is set on a sliding scale so that the ransom increases the longer you wait to pay. This malware is able to function with or without its being able to access any external command & control server, which is unusual and eliminates a common method of limiting the damage from ransomware. Despite all the sophistication, the primary delivery mechanism to date for this scourge has been as a ".scr" file attached to emails, sometimes inside a ".zip" file. Please test your organizational email system to ensure that ".scr" files cannot be received in emails, whether in the form of a zip file or not...

Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a...

Anchor had some of our key people at RSA Conference this year. RSA Conference is the largest annual conference of information security professionals and companies, and every year it is characterized by big announcements, important product releases, and interesting presentations. Below is a summary of the major themes and announcements at this year's conference. For more details on a day-by-day basis, check out our daily summaries: Day 0 - Day 1 - Day 2 - Day 3 - Day 4 - The Expo                                                                                                     Word cloud derived from words used in RSA talk submissions for 2016 THEMES Here are some big themes we saw at RSA this year: Risk Management / Se...

Adobe Issues Three Updates, Including an Emergency Update for Flash Adobe had a rough week last week. They issued updates for their Acrobat/Reader and Digital Editions software on Tuesday, their regular monthly day for issuing patches. They announced at that time that there would be a Flash update forthcoming soon. That Flash update was released on Thursday, and includes fixes for 18 critical vulnerabilities. One of these, CVE-2016-1010, is already being used in attacks in the wild, and the release of the update was likely delayed in order to incorporate a fix for this issue. Given that the vulnerability is already being exploited, this is an update that should definitely be installed as soon as possible. http://arstechnica.com/security/2016/03/adobe-issues-emergency-patch-for-actively-exploited-code-execution-bug/ http://www.scmagazine.com/adobes-patch-tuesday-update-handles-four-vulnerabilities/article/481813/ http://www.computerworld.com/article/3042589/security/emergency-fla...

We were at RSA Conference in San Francisco last week, keeping current with the latest developments in the information security industry. With 40,000 attendees, this is one of the biggest annual events focused on security. This post focuses on the vendor expo, but see our RSA wrap-up for other observations from the event and links to our detailed analysis of some of the content. The expo at this year's RSA Conference was bigger than ever. It filled both of the giant expo halls at San Francisco's Moscone Center (over 450,000 square feet), and was simply overwhelming. Over 550 companies and organizations participated, and some of the booths were mind-bogglingly big, complicated, and elaborate. Attending an expo like this is not only a good way to learn a little bit about lots of different companies and their products. It is also a good way of assessing what the trends are in the security industry and the direction in which the various security vendors are trying to lead t...

Verizon Releases Data Breach Digest with Detailed Accounts of Breaches Verizon's annual Data Breach Investigations Report is a highly-anticipated annual read for those with an interest in information security. This year Verizon has also issued a breach "digest," which, instead of recounting data from thousands of breaches, instead focuses on providing more detailed stories of eighteen specific breach investigations. The breaches have been chosen as exemplars of typical breach patterns, and the in-depth details are helpful for anyone involved in planning and executing security strategy. At 84 pages, it is a long read but well worth the time. http://www.csoonline.com/article/3039555/investigations-forensics/verizon-releases-first-ever-data-breach-digest-with-security-case-studies.html http://www.verizonenterprise.com/verizon-insights/data-breach-digest/2016/ Microsoft Announces New Windows Defender Advanced Threat Protection to Debut Later This Year In his Tue...

We are at RSA Conference in San Francisco this week, keeping current with the latest developments in the information security industry. With 40,000 attendees, this is one of the biggest annual events focused on security. We'll be summarizing the developments here in daily blogs, as well as live-tweeting the high points at our Twitter account @Path2Protection We caught several good talks Friday morning to wrap up the conference. “ The Seven Most Dangerous New Attack Techniques, and What's Coming Next ” - SANS Panel Slides: https://www.rsaconference.com/writable/presentations/file_upload/exp-t09r_the_seven_most_dangerous_new_attack_techniques-final2.pdf Ed Skoudis - Lead, SANS Pen Testing program ( @edskoudis ) Dr. Johannes Ullrich - Director, SANS ISC Mike Assante - ICS Director, SANS ( @assante_michael ) As always, the big brains at SANS put out all kinds of great info. However, a lot of this was not all that new, and there was not a ton of specific, practical...

We are at RSA Conference in San Francisco this week, keeping current with the latest developments in the information security industry. With 40,000 attendees, this is one of the biggest annual events focused on security. We'll be summarizing the developments here in daily blogs, as well as live-tweeting the high points at our Twitter account @Path2Protection "Make IR Effective with Risk Evaluation and Reporting” - Mischel Kwon Mischel Kwon, President & CEO, MKACyber ( https://twitter.com/mkacyber @mkacyber ) Justin Monti, Sr. VP, Security Engineering, MKACyber ​Mischel is a former head of the US Computer Emergency Response Team (US-CERT) who left several years ago to start her own consulting and services firm, MKACyber. In this talk, she and her engineering lead presented their methodology for giving a quantitative basis for communicating the risk created by ongoing cyber incidents. This was one of many talks that emphasized the need for risk management to a...

We are at RSA Conference in San Francisco this week, keeping current with the latest developments in the information security industry. With 40,000 attendees, this is one of the biggest annual events focused on security. We'll be summarizing the developments here in daily blogs, as well as live-tweeting the high points at our Twitter account @Path2Protection Today was breakout/track sessions in the morning, with some keynotes in the afternoon. We also hit the expo floor hard today, but will cover that in a separate post. "Giving the Bubble Boy an Immune System so He Can Play Outside" - Kevin Mahaffey Kevin Mahaffey ( @dropalltables ) is the founder and CTO of Lookout, one of the first mobile-centric security/anti-malware companies. This talk is intended to explore how many large and forward-thinking companies are removing many traditional elements of security architecture (e.g., anti-virus, VPNs, firewalls) in favor of a data-driven security model. The talk wa...

We are at RSA Conference in San Francisco this week, keeping current with the latest developments in the information security industry. We'll be summarizing the developments here in daily blogs, as well as live-tweeting the high points at our Twitter account @Path2Protection Day 1 - Tuesday Keynotes (just hitting the high points) Amit Yoran - CEO, RSA - "The Sleeper Awakes" ( @ayoran ) “If your security program is focused on compliance, you’re doing it wrong.”​ We need to be doing more proactive hunting for active threats already inside our networks. Cybersecurity is as much a human problem as a technological one. Advanced artificial intelligence technologies are an important tool, but will not be a panacea; we still need more competent, trained technical people to use these tools. "In cyber security, our opponent isn't playing by the same game and they don't play by our rules: they don't even have rules." Brad Smith - President ...