Annual Security Reports, Part 2

7 Safe UK Breach Investigations Report

As reported by The H Security, this report confirms the Verizon 2009 Data Breach Report, that the majority of attacks come from external sources (80%). Of all the successful breaches that were detected and analyzed (since even security experts can’t be 100% sure what kind of data was stolen) 85% were Payment Card Information.

Check out the full report here.

---

Verizon 2009 Data Breach Investigations Supplemental Report

This supplemental report was released in the 2nd week of December 2009 and describes the Top 15 threats along with real world examples. Indicators and Countermeasures (or Mitigators) were also included.

The Top 15 Threats from the report were:
1. Keyloggers and Spyware
2. Backdoor or Command/Control
3. SQL injection
4. Abuse of system access/privileges
5. Unauthorized access via default credentials
6. Violation of Acceptable Use and other policies
7. Unauthorized access via weak or misconfigured ACLs
8. Packet Sniffer
9. Unauthorized access via stolen credentials
10. Pretexting (Social Engineering)
11. Authentication bypass
12. Physical theft of asset
13. Brute-force attack
14. RAM scraper
15. Phishing (and endless *ishing variations)

I really like the Indicators and Mitigators sections of the Threat Action Catalogue, since they can be easily integrated into a technical Security Awareness Program.

Check out the report here.

If you’d like to access the the Verizon 2009 Data Breach Investigations Report, released back in April 2009, click here. The summary of which can be found here.

Annual Security Reports, Part 1

Annual Report Pandalabs 2009
Topics include:
- 2009 in figures
- The year at a glance (Web 2.0, Blackhat SEO Techniques, Cyberwar)
- Threats in 2009 (The profitability of rogueware, Banker Trojans, Conficker)
- Spam
- Main vulnerabilities in 2009
- Trends in 2010

Download the full report here

---

Ernst & Young’s 12th annual global information security survey

Key survey findings include (taken Verbatim from the report):

Managing risks
- Improving information security risk management is top security priority for the next year.
- External and internal attacks are increasing.
- Reprisals from recently separated employees have become a major concern.

Addressing challenges
- Availability of skilled information security resources is the greatest challenge to effectively delivering information security initiatives.
- Despite most organizations maintaining current spending on information security, adequate budget is still a significant challenge to delivering security initiatives.
- Security training and awareness programs are falling short of expectations.

Complying with regulations
- Regulatory compliance continues to be an important driver for information security.
- Cost compliance remains high, with few companies planning to spend less in the next 12 months.
- Too few organizations have taken the necessary steps to protect personal information.

Leveraging technology
- Implementing DLP technologies is the top security priority for many organizations.
- The lack of endpoint encryption remains a key risk with few companies encrypting laptops or desktop computers.
- Virtualization and cloud computing are gaining greater adoption, but few companies are considering the information security implications.

Download the full report here

Prioritizing Information Security Risks with Threat Agent Risk Assessment

Hello, I’m Xander and I’m a new contributor to the InfoSec Philippines blog. I was lurking on the Security Metrics Mailing list and the recent discussions were about Intel’s TARA methodology, which they’re using for their internal Information Security Risk Assessments. Intel’s methodology is centered on the most exposure that can be brought about by Threat Agents. Check out the whitepaper here.

Happy Holidays from InfoSec Philippines!

As 2009 comes to a close, we here at InfoSec.PH would like to thank everyone for supporting our site this year. We appreciate the comments and suggestions in improving our site to better help in spreading InfoSec awareness in the Philippines.

So from all of us here at InfoSec.PH, Merry X’mas and a Happy New Year

“El Sibakero”, #3

#3: “NOT-4-HIRE”

[got something you'd like to share with us? email danieltumalad  atyahoodotcom]

Quick Tips: Securing Your AP

"El Sibakero", Rollin' Down the Street...

A few years ago, a German hacker visited the Philippines and went wardriving on the streets of Ayala. He observed the lack of security in most of the wireless networks he discovered, prompting people to address the situation.

Today, many are still ignoring the importance of protecting their wireless networks. There are plenty of APs in condominiums, corporate buildings and commercial establishments that still use insecure WEP or don’t use any form of encryption at all. [results=car+laptop+airodump, office->home]

With a lot of information and software pertaining to hacking wireless networks freely available on the Internet, almost anyone can obtain illegal access to insecure wireless networks.

Protect your AP:

1. Enable Encryption
With both WEP and WPA-TKIP having security flaws, your best bet is WPA2-CCMP. Make sure you choose a difficult-to-guess passphrase (alpha-numeric+special characters) and “try hard” to change your key every 3 months.

2. Configure AP Administration
Change the default AP admin password, disable remote administration and restrict AP management to local encrypted access (SSL) only. If you are feeling the need to overkill then also disable the wireless LAN access, make the administration console accessible only through the wire.

3. Security through Obscurity
Replace the default SSID and disable SSID broadcast.

4. White-list the MAC-Addresses of your Users
If all else fails, this can possibly make it hard for attackers to join the wireless network.

---

Internal Links:
Wireless Hacking
Using Nmap to Detect Rogue APs
Password Tips