Get Your Copy.
The Countermeasure is delivered to your inbox each Saturday, giving you insights on enterprise security developments you may have missed.
Wipe your disks when you're done, ok?
Lessons from the NCIX Data Breach
Computer retail and e-tail vendor NCIX, founded in 1996, went bankrupt in December 2017. As the company dissolved, it simply walked away from a rental agreement regarding a warehouse in Richmond, British Columbia. Computer equipment left at this premises was ultimately sold by the landlord through Able Auctions in April of 2018. This equipment included "NCIX’s entire server farm from the east coast which was shipped back to their Richmond warehouse several months ago."
One individual, identifying himself as "Jeff," assisted the landlord in the auction. Jeff retained most or all of the NCIX server hardware which contained NCIX's data. Jeff then proceeded to sell the equipment for large amounts of money based on the fact the contents of the drives were unencrypted. It gets steadily darker from there...
Countermeasure: Encrypt all your data at rest, and wipe your disks when you're done.
Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks
While ATM card skimmers have been a reality for decades, every now and again this form of crime becomes fashionable once more. 2018 is one of those years, and the latest approach to card skimming is quite sophisticated.
Using USB endoscope attached to a smartphone to see inside the ATM, skimmers drill a hole in the housing of the ATM and attach a skimmer directly to the PCB of the ATM's card reader. The hole is then covered up, ultimately being finished with false facia that includes a pinhole camera to capture the PIN of anyone using the ATM. A sophisticated and difficult to detect compromise, the precise details of how to execute this attack are now circulating throughout the internet's underground fora.
Countermeasure: Always presume ATMs are compromised: shield your PIN, and be very picky about which ATMs you use.
A Crippling Ransomware Attack Hit a Water Utility in the Aftermath of Hurricane Florence
It never rains, but it pours. And then malware strikes. The Onslow Water and Sewer Authority (ONWASA) discovered the compromise while attempting to recover from Hurricane Florence. The attack involved the Emotet ransomware, and compromised several backend systems.
ONWASA did not pay the ransom, and as a result were forced to rebuild several systems, including having to recreate the relevant databases. While no customer information was reported compromised, customers were unable to pay bills during the outage period.
Countermeasure: If your data doesn't exist in at least two places, it doesn't exist: have you verified your backups today?
Roughtime: Securing Time with Digital Signatures
Cloudflare is announcing a new high frequency, low latency network time source called Roughtime, developed by Google. Roughtime is being pitched as a replacement for the venerable Network Time Protocol (NTP).
NTP is an old protocol, dating back several decades, and is frequently deployed without security features. Roughtime is a time protocol designed to be less accurate than NTP, but which will always be deployed with security features. Not inded for precision applications, Roughtime aims to simply be "good enough" for cryptographic accuracy, something that matters a lot to Cloudflare, who go into significant depth on the hows, whys, and wherefores in this blog post.
Countermeasure: Consider using Roughtime instead of NTP for at user-facing services.
Tweet of the Week
"A Raspberry Pi is a disposable rogue device that I plug into the ethernet of a building I just broke into that facilitates hacking into their network."
Countermeasure: Never forget physical security. Also, consider deactivating any ports not currently in use at the switch.
Video of the Week
"Social Engineering at Work"
Countermeasure: Ever wanted to hack your coworkers? There are many benefits to doing so. Great preso from April C. Wright Posted by Adrian Crenshaw
"It’s story time! Today, I want to tell you the tale of the time I very nearly got caught on a physical penetration test."
"Social Engineering bypasses all technologies, including firewalls."
- Kevin Mitnick
One Identity Global Survey Shows Organisations Continue to Struggle to Get Basic Identity and Access Management Best Practices Right, Potentially Exposing Them to Security Risks
- Dean Alvarez – IT Security Guru
ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident
- Tara Seals - Threatpost
US Voter Records from 19 States Sold on Hacking Forum
- Catalin Cimpanu - ZDNet