Unprotected Government Server Exposes Years of FBI Investigations

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files.

The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the Oklahoma Securities Commission and many sensitive FBI investigations—all wide open and accessible to anyone without any password.”

Read more

Top 5 Security News

WORLD-CLASS PUBLIC E-ADMINISTRATION IN NORWAY

“We landed on a mix of suppliers that best fulfilled our criteria. Basefarm was the best operations supplier.”

So says Edvard Pedersen, project manager for the Altinn solution at the Brønnøysund Register Centre. The government’s ambition is that Norwegian public electronic administration (e-administration) should be the best in the world. Altinn is perhaps their most important card.

“We must have a partner and supplier right out of the top drawer in order to achieve this goal. Basefarm is an important part of achieving the government’s ambitious target,” says Pedersen, who counts his supplier as a partner. We must have an operator and supplier right out of the top drawer in order to achieve this goal.
The decision to award the operations contract was made on the basis of stable operation, predictability, economy, scalability and security. Seen as a whole, Basefarm delivered the best bid,” says Pedersen.

Read the whole customer case here

Read more about our PCI DSS as a service

Give Up the Ghost: A Backdoor by Another Name

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Government Communications Headquarters (GCHQ), the UK’s counterpart to the National Security Agency (NSA), has fired the latest shot in the crypto wars. In a post to Lawfare titled Principles for a More Informed Exceptional Access Debate, two of Britain’s top spooks introduced what they’re framing as a kinder, gentler approach to compromising the encryption that keeps us safe online. This new proposal from GCHQ—which we’ve heard rumors of for nearly a year—eschews one discredited method for breaking encryption (key escrow) and instead adopts a novel approach referred to as the “ghost.”

But let’s be clear: regardless of what they’re calling it, GCHQ’s “ghost” is still a mandated encryption backdoor with all the security and privacy risks that come with it.

Read more

Top 5 Security News

Security Software & Tools Tips – January 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* Elastic Stack
* Security Onion
* Wireshark
* Cuckoo
* BeEF

Elastic Stack

Information from the Elastic Stack website:

Threats don’t follow templates. Neither should you. The Elastic Stack gives you the edge you need to keep pace with the attack vectors of today and tomorrow.

Website:

https://www.elastic.co/

Security Onion

Information from the Security Onion website:

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!.

Website:

https://securityonion.net/

Wireshark

Information from the Wireshark website:

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Website:

https://www.wireshark.org/

Cuckoo

Information from the Cuckoo website:

Cuckoo Sandbox is the leading open source automated malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Website:

https://cuckoosandbox.org/

BeEF

Information from the BeEF website:

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Website:

https://beefproject.com/

Photo by Markus Spiske on Unsplash

EU launches bug bounty programs for 15 software

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects that are used by members of the EU. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, which aims to ensure the integrity and reliability of the internet and other infrastructure.

Read more

Top 5 Security News

What is the Australian Anti-Encryption Bill?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The Australian “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, was passed on the 6th of December, and it’s expected that it becomes law in early 2019. This new bill allows Australian law enforcement to force tech giants such as Google, Facebook, WhatsApp, Amazon and Microsoft to help them access encrypted information.

With this bill, the Australian government and law enforcement agencies will be able to tell tech companies to do to assist in obtaining encrypted data by doing things like remove electronic protection, installing existing software or build new capabilities to decrypt communications. Those companies that would not comply are set to face massive financial penalties.

Read more

 

Top 5 Security News

 

 

Should you build your own SOC or use one as a service?

You’ve done your homework and decided your company needs a Security Operations Center (SOC) to keep yourself protected and your customers’ data secure. You have a few options available: should you build your own SOC or find a provider for SOC as a service?

The benefit of having your own SOC is having your own SOC. Depending upon your needs you might need one, but there are quite a few problems here.

Big money for rare security talent

Good security people are hard to find and aren’t cheap. You’ll need to hire quite a few rare and expensive specialists if you want true 24/7/365 coverage, so be prepared for a long recruitment process. You will have high upfront capital costs of starting a new department in your company, and you will also need to worry about the running expenses. The overwhelming majority of corporations think it isn’t realistic to build their own SOC due to the costs.

Additionally, your own SOC will only handle incidents at your own company. Most likely this will not happen very often, so your experts will get rusty over time. A provider of SOC as a service will have a plethora of clients so will see what is happening in the threat landscape before it reaches you.

The corporate landscape is always changing, with mergers, acquisitions, strategic business decisions and the like. If your corporation makes a major change, your own SOC will need to change as well. Scaling up your SOC as your corporation changes is a painful and time-consuming process, which is another disadvantage.

Efficiency of SOC as a service

Going to a SOC provider like Basefarm means you are going to a professional who has already invested in the necessary staff, equipment and tools. They will have many other clients, so you get the benefit of their experience. Most likely they will also be heavily involved in the security industry, being members of various associations where they can hone their skills and pass along the latest knowledge. SOC as a service is probably also going to be much cheaper.

Building your own SOC v. contracting SOC as a service will come down to your company’s individual needs. It is quite possible that creating your own is the best option for you, but hiring an expert SOC provider makes more sense for the majority of firms. You get the skills, experience, industry contacts, continuous learning and efficiency at a lower cost, which is a pretty easy business case to make.

Read more about our SOC services HERE

This might interest you too:

What is a Security Operation Center and why do you need it?

How do you find the right SOC provider for your company? 

MedMera Bank – The bank that can sleep well at night

 

Author: Fredrik Svantes, Senior Information Security Manager, Basefarm

Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .

What is a Security Operations Center and why do you need it?

Your company has digital assets that need to be protected. GDPR requires that a company detect any security incident involving personal data and report them within 72 hours, so you also have a legal obligation to be secure. You have responsibly defended yourself with cyber security tools like firewalls, antivirus and intrusion detection. So you’re good, right? Well, maybe not.

Put guards on your walls

This defensive equipment is set to perform specific tasks, but new vulnerabilities are discovered every day. New attacks and new threats constantly develop. These defensive tools are useful, but there is no such thing as 100% protection. If you haven’t been breached yet, most likely you will be.

Only having security tools is like building a wall to keep out the barbarians but neglecting to staff it with guards. You can’t just install your security tools and leave them running; you need someone to also monitor what is going on.

When an incident happens, you need to detect it and respond very quickly. This is the job of the Security Operations Center (SOC), and this is what makes it invaluable.

Be active, not passive

A SOC is a department which is dedicated and organized to prevent, detect, assess and respond to security issues in IT systems and IT infrastructure. These are your guards on the walls, ready to react when they see barbarians at the gate. An SOC can be either your own department or a provider of SOC as a service.

Basefarm’s SOC includes:

• Certified security Alert Analysts who review and act on security incidents 24/7/365.
• A Security Incident Response Team (BF-SIRT) who work on incidents escalated from the security analysts.
• Security Engineers who continuously improve and implement security solutions and are ready to react to emerging threats.

More than simply reacting to events

An SOC responds quickly to incidents, but these security experts also provide proactive security. They are aware of new threats before they materialize. They know what hardware and software you are running so can keep an eye on specific developing threats. They provide suggestions to improve and strengthen your IT environment. When something does occur, they can help with forensics to learn from the incident and take steps to further strengthen yourself.

Read more about our SOC services HERE

This might interest you too:

Should you build your own SOC or use one as a service?

How do you find the right SOC provider?

MedMera Bank – The bank that can sleep well at night 

 

Author: Fredrik Svantes, Senior Information Security Manager, Basefarm

Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .

How do you find the right SOC provider for your company?

You’re working to keep your company secure. You have all the right tools and decided that you need a Security Operations Center (SOC). You’ve done your research and decided that SOC as a service is right for you. But what do you look for in a SOC provider?

Judge your friends by the company they keep

The best way to start is to make sure the potential SOC provider is a member of relevant security organizations. These groups are invaluable to foster cooperation and coordination in incident prevention, as well as information sharing so members know the latest threats and how to mitigate them.

A SOC can’t work in isolation. A member of these organizations gets first hand insight on vulnerability and ongoing attacks, so they can act quickly and proactively. They can secure their own and their customers’ environments before these issues become public knowledge.

The prime group is FIRST.org, the Forum of Incident Response and Security Teams. FIRST is the premier organization and recognized global leader in incident response. It includes a variety of security incident response specialists from academia, government and the private sector.

There are also country CERTs (Community Emergency Response Teams) and regional groups like the European TF-CSIRT which a good SOC should be part of.

Has your SOC paid their dues?

You also need to check the qualifications of your potential SOC provider to see they follow best practices. Various groups provide certifications which are extremely important in this field. As an example, some of Basefarm’s specialists have:

• GIAC Information Security Professional (GISP)
• Certified Information Security Professional (CISSP)
• ITIL Foundation Certificate in IT Service management (ITILF)
• GIAC Penetration Tester (GPEN)
• GIAC Certified Forensic Analyst (GCFA)
• Red Hat Certified Engineer (RHCE)
• SANS / GIAC Advisory Board membership

Additionally, a SOC might have additional services which demonstrate their commitment to security. For instance, Basefarm has a wealth of other service components which can complement a SOC. These include:

• Intrusion Detection System (IDS)
• Web Application Firewall (WAF)
• Log Management with Security Information and Event Management (SIEM)
• Penetration Testing
• IT Forensics
• Vulnerability Testing
• Security Consulting

In a nutshell, if you are looking for SOC as a service make sure the provider has the right people with the right qualifications and right tools who are members of the right organizations.

Read more about our SOC services HERE

This might interest you too:

What is a Security Operation Center and why do we need it?

Should you build your own SOC or use one as a service?

MedMera Bank – The bank that can sleep well at night 

 

Author: Fredrik Svantes, Senior Information Security Manager, Basefarm

Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .

 

4 Industries That Have to Fight the Hardest Against Cyberattacks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Security Affairs gives you some insight to which industries that have to fight the hardest against cyberattacks…

“Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees.”

Read more

 

Top 5 Security News

 

Virtual Session from the RSA Conference: The 5 Most Dangerous New Attack Techniques, and What’s To Come