IDG News Service - More than 1,000 major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called “Backoff”; and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday.
Does your APT/AET detection technology measure up? Not all security vendors have the same capabilities to detect the evasion techniques used by “Backoff” and similar malware variants. We have helped our customers defend against APT, and we have successfully contained APT infections when detection fails (or was never in place to begin with).
We welcome the opportunity to discuss your APT concerns, countermeasures and detection techniques. Please contact us to learn more about our threat mitigation capabilities and strategies.
It may seem basic, but for those who are responsible for managing email servers, ensure that you have opportunistic TLS enabled. With opportunistic TLS, your email sever will first attempt an encrypted connection to the destination server before defaulting to clear text mail transmission.
TLS security is far from perfect, as x.509 certificate signing and hashing/cipher strength best practices must be adhered to by all parties for TLS to be an effective eavesdropping countermeasure. However, opportunistic TLS is a “free” email security enhancement everyone can benefit from.
According to Google, almost half of the world’s email servers are not taking advantage of TLS.
You can see who is, and is not encrypting email with TLS to and from Gmail at http://www.google.com/transparencyreport/saferemail
Validate your own TLS configuration using free testing tools at http://www.checktls.com/tests.html
Over the past 24 hours, the website for TrueCrypt (a very widely used encryption solution) was updated with a rather unusually styled message stating that TrueCrypt is “considered harmful” and should not be used. The announcement posted at truecrypt.sourceforge.net states:
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues… The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms… You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform”
For more details on this breaking story, please read the Forbes article at www.forbes.com/sites/jameslyne/2014/05/29/open-source-crypto-truecrypt-disappears-with-suspicious-cloud-of-mystery/
We recommend decrypting all data protected with TrueCrypt, and re-encrypting with BitLocker or a similar enterprise-class encryption solution, such as SafeNet.
Contact us to discuss your unique encryption needs and best practices. We are experts in balancing cryptography and performance goals.
Everything you need to know about the OpenSSL Heartbleed bug, including tools to test for the vulnerability, Snort signatures to detect attacks, and patches can be found at http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/.
F5′s LTM is unaffected so long as you are using the Native/Default ciphers on their Cavium card – http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html.
Make sure that you obtain new SSL certificates from your CA if you have been affected by this attack and remember you must restart all services which use OpenSSL libraries for the patch to take effect.
Contact us if you would like to discuss how to prepare for future crypto/memory attacks. There will be more of these events in the news because the tools to identify security weaknesses in memory have evolved to make the task of finding attack vectors less time consuming - https://code.google.com/p/volatility/.