Documente Academic
Documente Profesional
Documente Cultură
Tis the Season for Fraud; Online Travel Scams Heat Up Pierluigi Paganini, CEH
Pierluigi.paganini@cyberdefensemagazine.com
...................................................................................... 11
ADVERTISING
Ransomware: The Great White Shark of Malware, and
What You Need to do About it ....................................... 14 Jessica Quinn
jessicaq@cyberdefensemagazine.com
How to report a corruption within your environment? .... 20
KEY WRITERS AND CONTRIBUTORS
Getting the Most out of Data Centre Firewalls to Ensure
Michael Netterberg
Cyber Security in Middle East Enterprises .................... 23 Mari Frank
Scott Waddell
Robust Security Platform = Policy Management + Mark Kedgley
Milica Djekic
Authentication + Authorization + Accounting................. 26 Kasey Cross
Ahmed Rezk
Enterprises and Individuals – Stay Ahead of Social Greg Mancusi-Ungaro
Dotan Bar Noy
Engineers on Social Media ........................................... 30 Mark Seward
Srilekha Veena Sankaran
The Balancing Act of BYOD - Keeping Employees Happy Interested in writing for us:
and Secure on Any Device ............................................ 34 writers@cyberdefensemagazine.com
Friends,
Now, we’re looking at malware that is a remote access Trojan (RAT), nothing new here, right? We’ll,
actually, it brilliantly uses TWITTER to transmit the stolen information and allows for remote control. Most
firewalls are not blocking traffic to and from social media outlets – especially political groups like the
DNC. Therefore, having the ability to control malware remotely and steal information, such as thousands
of emails, all through a social media platform as ‘cover’ is brilliant. This is just the beginning.
It seems to me, now is the time, more than ever, to heed @Miliefsky consistent warnings about how
STRONG ENCRYPTION is good for any nations security and helps people reclaim their privacy. The
message from the DNC experience is simple – you will be hacked, the data will be stolen so why not
make it difficult to parse or read the information by leveraging strong encryption? There are so many free
and powerful open source encryption tools from OpenPGP to OpenSSL, Stunnel, OpenCA and much
more. Do some research on best email encryption tools, best hard drive encryption tools, best file
encryption tools and you might be one step ahead of the next attacker. Yes, they will get in, but no, they
won’t be able to leverage the data without having both the public and private keys. Keep them safe and
you’re being more vigilant than the DNC or any other group with valuable data waiting to be stolen.
Read on and learn more best practices in INFOSEC in this month’s edition of Cyber Warnings.
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, Pierluigi.Paganini@cyberdefensemagazine.com
3 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
Adaptive Trust - A New Defense for Secure Enterprise Mobility
in the Middle East
Summary: BYOD, cloud and the Internet of Things are changing enterprise defense plans
to guard against points of attack inside the network perimeter. These new ways of
connecting to secure resources have changed the way traditional threat radars work –
protecting threats from the outside.
An HR director, a salesperson visiting with your engineering team, and a network administrator
walk into office at 9am. Each is carrying a coffee in one hand, a smart phone in their pocket and
a laptop over the shoulder. Within minutes of entering the building, they all log in to the Wi-Fi
network and blend into the mobile workforce.
These tech-savvy, and Wi-Fi loving users expect to connect and work from anywhere on any
device – and they want connectivity without extraneous layers of security that slow them down.
It’s this workforce and expectations that are turning security inside out.
What’s happening faster than anyone imagined is the dilution of the fixed perimeter that
surrounds the enterprise. Before workforces went mobile, IT invested tons of time and
resources into building a crack-free perimeter that prevented outside threats from coming into
the enterprise. They locked down the network with gateway firewalls, intrusion prevention
systems, anti-spam, URL filtering and other security solutions to close off possible entry points.
But in our more mobile-centric world, the biggest threats now come from inside the network.
Infected laptops and smart phones walk right through the front door and connect directly to the
network without IT’s knowledge. When you count the attacks initiated from those unsecured
user devices, the loss of sensitive data on mobile devices and risky end user behavior, they add
up to more than 90 percent of enterprise security breaches.
Lost devices alone pose a serious insider threat. In 2014 thieves stole 2.1 million smartphones
in the United States and another 3.1 smartphones were lost. The missing devices are often all
someone needs to gain access to a company’s valuable data and critical business systems.
Remember the mobile workers from earlier? The HR director’s laptop could have access to the
direct deposit information for the entire company, and the network administrator most likely has
the credentials to access 70 percent of the systems in the company.
Stats are only beginning to trickle in that highlight the potential threat of the Internet of Things.
Clearly, billions of devices will connect to the Internet in the coming years, but how will they
impact the enterprise? According to The Internet of Things 2015 report, the largest adopter of
IoT ecosystems will be businesses, not consumers.
Between the mobile devices already on the network and the IoT devices that are coming, the
inside of the network has become a soft underbelly. It demands a different type of security
approach—one that starts on the inside and extends beyond the perimeter, and can adapt to
the dynamic nature of users—and mobile-oriented threats—those that can originate from
anywhere.
The hallmarks of this security approach are: shared contextual information and adaptive
controls based on mobility needs. By recognizing that no two users are alike, an adaptive trust
approach allows IT to define more personal policies that are mapped to individuals or groups
that share similar roles and business objectives.
Going back to our initial trio, the visiting salesperson gets guest access allowing them to reach
only the Internet—this after meeting sponsor acknowledgement and device compliance. While
guest access is a familiar scenario, context-based policies get more interesting when applied to
the two employees.
Enforcement can now be based on user role, device ownership, MDM/EMM status, and even
location. The network administrator has full privileges from his laptop while he is in any
company-owned building. At home, his privileges drop somewhat and they are different for his
laptop and his smartphone.
The HR director has full access to all systems when onsite, and when working from home on
her laptop. When traveling she is limited to emails and approvals from her mobile device. For
vacation, review, or budget approvals, the HR director also has the necessary multi-factor
authentication credentials to move the approval into the workflow cycle.
This added layer of security ensures that automated processes are only initiated by approved
personnel. If the mobile device is stolen, a thief has no access to the company’s systems or
private employee data.
User role, device type, ownership, status and location are some of the relevant contextual
information that allows IT to create policies that allow or deny access on a case-by-case basis
without leaving the enterprise completely exposed to new threats.
Enterprises that have moved to an adaptive trust approach are responding confidently to the
demands of BYOD, cloud, and IoT. Consulate Health Care is among the security thought
leaders that have moved to an adaptive trust approach that protects against insider threats. The
health care center had hundreds of company-issued mobile devices and thousands of guest
devices that connected to the network daily, but security wasn’t air tight.
Consulate wanted to assign policies to the connecting devices based on user role and device
that would serve both visitors and employees and protect patient information and other private
healthcare data. The new defense approach provides the center with much better security
around its intensely dynamic mobile environment.
Prior to establishing a valid connection, corporate-owned and personal devices must meet
compliance policies. Devices failing to meet requirements are automatically quarantined and the
users are asked to resolve the issues.
Once recognized as compliant, patients, residents and family members can complete the self-
enrollment process for Internet access that won’t affect the security of the internal network.
However, when the center’s health care employees connect to the network, they are granted
access to internal resources.
Based on user role and device ownership IT can easily define which resources they should
have access to – thus reducing the chance of compromising patient information. Consulate is
now much more confident that its data and systems are safe from any insider threats.
When enterprises take an adaptive trust approach, IT can make smarter decisions about how
users and devices connect and how their access privileges are enforced. This is required for
today’s mobile workforce – which will continue to push the boundaries of network security for
years to come. In this fast-paced, upwardly mobile world, the best defense is being able to
adapt.
Going paperless can do more than save trees. It can help organizations be more productive,
reduce document storage and handling costs, and improve access to information.
In the financial services industry, the shift from paper to electronic statements is helping reduce
the industry’s printing and distribution costs, which until recently totaled almost $20 billion
annually. A study also found that using electronic forms in place of paper can help improve
banking productivity by nearly 40 percent.
For law firms, going paperless can help reduce the time and costs associated with managing
vast amounts of documentation, and help make attorneys more available to clients.
Consequently, two-thirds of attorneys at some of the country’s largest firms predict that law
firms will be paperless by 2020.
Meanwhile, the Obama administration has ordered federal agencies to eliminate paper and use
electronic recordkeeping “to the fullest extent possible” by 2019. Some of the reasons for this
move include helping agencies minimize costs, improve performance, and promote openness
and accountability.
For all the benefits of going paperless, however, organizations should be mindful of the privacy
and security risks that can come with it.
By its very nature, a paperless workplace involves more content being accessed, managed and
displayed in digital form. This content can often include sensitive or confidential information,
such as customers’ personal or financial data, company financials, and payroll information.
Clearly, organizations will need to re-examine their cybersecurity efforts to help protect this
information from hackers. But technical controls can only go so far. Organizations should also
consider the physical and human elements of protecting data as part of a move to paperless
processes.
For example, moving to a paperless workplace typically involves a wider range of workers
gaining access to a greater amount of digital content. It also involves using a more diverse mix
of devices that access the content, especially as workforces continue to become more mobile.
Security and privacy policies must be revised to address the visual privacy and security risks
that come with going paperless. This should begin with privacy and security audits. From there,
the appropriate mitigation methods can be implemented based on the identified risks or threats.
One of the easiest measures to implement in a paperless workplace is privacy filters. They
apply directly to the screen of a laptop, desktop monitor, smartphone or other mobile device to
blacken out the side angled views of onlookers. Additionally, device screens themselves should
be directed away from public areas to reduce the risk of exposing data to unauthorized
individuals.
Organizations should also train workers to be aware of their surroundings. Visual hackers are
like any other hacker in that they want to exploit security gaps – and those gaps can come in the
form of workers who let their guards down for mere seconds.
It’s also important that security and privacy efforts don’t become lax when it comes to physical
documents, as most organizations likely won’t ever be 100 percent paperless. Documents
should be destroyed after they are electronically scanned. Printers and fax machines should be
kept in secure locations. And clean-desk policies should be enforced.
By implementing these basic but important measures, organizations can realize the benefits of
going paperless and help protect the privacy and security of their most valuable data in the
process.
Mari Frank, an attorney and certified privacy expert, is the author of the "Identity Theft Survival
Kit," "Safe Guard Your Identity," "From Victim to Victor," and "The Guide to Recovering from
Identify Theft." Since 2005, she's been the radio host of "Privacy Piracy," a weekly show on
KUCI 88.9 FM in Irvine, CA and Kuci.org, dealing with privacy issues in the information age.
She consults with companies on privacy issues and mediates privacy disagreements so
disputants can resolve their privacy/technology issues privately and confidentially without a
court battle.
It’s well documented that during the summer, travelers take to the road and sky in droves
embarking on new adventures and arriving at exciting destinations. So it’s no surprise that also
during the summer, they turn online to book flights, hotels and rental cars.
All this gloom and doom is fine and dandy, but without insights into what to look for when it
comes to both fraud and legitimate transactions, companies are fighting fraud and trying to
serve their most valued customers with one hand tied behind their back. Therefore, along with
the top-level analysis, we are breaking down what to look for when it comes to good vs.
fraudulent transactions, device types and geography on online travel sites during the summer.
Total Transactions—The volume of online travel transactions during an average summer month
was higher than a typical month the rest of the year. This uptick is consistent year-over-year:
Mobile Usage—Travel transactions conducted from a mobile device during an average summer
month were higher than a typical month the rest of the year by:
Travel Fraud—The amount of fraudulent online travel transactions during an average summer
month was higher than a typical month the rest of the year by:
Device Type—Over the years, the following devices saw the largest increase in online travel
transactions conducted from them during an average summer month:
• 2015:
o Android devices at 16 percent
o iPhones at 13 percent
• 2014:
o Windows desktops and laptops at 39 percent
o Macs at 36 percent
• 2013:
o iPhones at 59 percent
o Android phones at 57 percent
• Tunisia at 7 percent
• Morocco at 3 percent
• Spain at 2 percent
• Italy and France rounding out the top five
As the days heat up, it’s our hope that online travel companies use this trend data to better ice
fraudsters. Happy travels!
‘STOP! Are you really sure you want to load this attachment? Are you certain that this link is
safe?’
A prompt from your computer may be the difference between a disastrous Ransomware
infection and a regular day at the office.
Right now, Ransomware is the Great White Shark of cyber-attacks, the most feared malware of
all, and both corporate and home users are running scared.
And rightly so - Anyone who has had experience with Ransomware, will attest to the agony and
disruption.
But instead of worrying about an attack, what action can be taken to safely venture back into the
water and not necessarily “with a bigger Boat”?
Home User: The home-user community for ransomware has been highly active for a few years
now but has escalated in recent months. Being given just hours to either pay the ransom or lose
permanent access to everything on your personal computer is a stark choice (often enough to
precipitate agreement to the extortion).
What value would you put on all your personal documents, photos, music, etc?
Corporate User: The stakes are even higher for a corporation, where the absolute dependency
on IT systems means ransomware could threaten the very life of the business itself.
In the case of the LA Presbyterian Hospital, this threat to life was more literal, in that patient
systems were under threat from Ransomware – the hospital paid the equivalent of $17,000
dollars in BitCoin as the “quickest and most efficient way to restore our systems and
administrative functions”; and just like that a dangerous precedent was set! More details later.
Email – phishing, be it the mass, spear or now whale variety for corporate targets – is still the
most common means of invoking a Ransomware attack. The home-user ‘market’ for the
extortionists lends itself to mass-emailing, but this means that the malware can just as easily
end up on Corporate Workstations.
The first thing we need to establish is the fact that Ransomware is no different than any other
form of malware in terms of its delivery means – usually, but not exclusively, via email with
either malware attachments or links to infected websites.
The difference - and the scary part - is how it is used to extort money from victims.
Once the malware has been invited onto a user’s computer it can then get to work, encrypting
files before announcing its presence and declaring its ransom demand. The nature of its
immediate demands and very tangible threat is precisely what makes it more feared than other
malware.
However, your line of defense and your approach to preventing Ransomware should be the
same as it would be for any other Malware. Don’t be thrown by the sensationalism surrounding
Ransomware – Pragmatism should always prevail.
LA Presbyterian Med Center Case Study: The fact that this was a relatively quick and easy
‘Hack for Cash’ is driving this predicted trend. The LA Presbyterian Medical Center attack
speaks to both the targeting of Healthcare as well as the increase in Ransomware.
The assault on Hollywood Presbyterian occurred Feb. 5, when hackers using malware infected
the institution’s computers, preventing hospital staff from being able to communicate from those
devices, said Chief Executive Allen Stefanek.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption
key. The quickest and most efficient way to restore our systems and administrative functions
was to pay the ransom and obtain the decryption key,” Stefanek said. “In the best interest of
restoring normal operations, we did this.”
The hospital said it alerted authorities and was able to regain control of all its computer systems
by Monday, with the assistance of technology experts. Phil Lieberman, a cybersecurity expert,
said that, while ransomware attacks are common, targeting a medical institution is not.
“I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk,
and it is sickening to see such an act,” he said. “Health management systems are beginning to
tighten their security.” http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-
bitcoin-20160217-story.html
You don’t want to see this Classic Ransomware operation - after the malware is in place, a
unique encryption key is generated for each computer infected and is used to encrypt data on
the machine. If the ransom is not paid within the allotted time the files are lost forever.
Make sure backups are up to date and isolated from the computer, otherwise they may be
encrypted too.
Over and above standard firewalling and anti-virus protection, there are additional defenses that
should be in place to defend against phishing, given that this is the primary delivery mechanism
used. Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and
devious methods.
The best approach is to therefore harden the user workstation environment, to prevent malware
activity where possible and to at least place more obstacles in the way when not.
As with any hardening program, a balance must be found between strong security and
operational ease of use.
The majority of exploitable vulnerabilities can be mitigated within the Workstation Operating
System, and further protection can be provided using manufacturer extensions such as
Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party
AV.
But when it comes to users’ emails and their content, accurately protecting against the bad
while allowing the good is beyond any technological solution.
While blocking all email attachments and links would improve security, there aren’t many users
that would sign up for this. A more graded approach to protecting the user is needed.
And in fact this solution already exists for most browsers and the Microsoft Office Applications.
Controlled by Group Policy, the desktop applications otherwise used to welcome in
Ransomware can be fine-tuned to mitigate exploitable vulnerabilities while requiring elevated
approval for other functions – this may slow the user down for certain tasks, but that additional
pause for thought while the system prompts for approval elevation will ensure security hygiene
is observed.
Similarly, fine grain security settings are available for Excel, Word, PowerPoint and Office, all
serving to mitigate vulnerabilities within the application that could be exploited by an attacker,
overall bolstering Ransomware defenses.
Likewise for contemporary browsers like Chrome, Firefox and Internet Explorer, antiphishing
controls should be enabled alongside other built-in security measures that are often disabled by
default.
1. Hardening Homework: While organizations like The Center for Internet Security (CIS),
NIST and the National Vulnerability Database provide system hardening guidance, you’ll
still need to work out what is right for your users
2. Leverage Automation: Most scanners and FIM solutions will provide fast, automated
reports to establish where vulnerabilities exist, while the best options will also provide
remediation advice, or better still, Group Policy or Puppet templates to automatically
apply a hardened configuration to Workstations and their Applications.
3. Change Control: You’ll also need to make sure that patching is up to date as a further
means of closing of exploitable vulnerabilities, but think about getting more structured.
Change control is a key security best practice when done right, makes a cyber attack
much easier to detect and head-off before lasting damage is done
This is where FIM and SIEM systems also enhance security, by analyzing system
activity for signs of suspicious behavior.
5. Rip it up and start again: And if you do fall victim to Ransomware, think how grateful you
will be when you can simply scrap a Desktop, re-image it and recover all data, all in its
useable, non-encrypted state.
Goes without saying that backups are critical, but make sure the restore process works
by testing regularly.
Mark has been CTO at NNT since 2009, and has over 20 years’ experience in IT business
development and sales. Mark combines a visionary yet pragmatic approach to IT: combining not
just the ability to analyse business issues and scope technological solutions to address needs,
but to also deliver product that is both fit-for-purpose and future-proof.
The corruption is a financial crime that may occur everywhere including the both – private and public
sector. The people who would raise awareness about these incidents are called whistleblowers and if
they continue giving their effort to the case – they may become the reliable sources of information.
Through this effort, we intend to discuss how the corruption may work in a practice and how the case
involving a source of reliable and highly accurate information may get proceeded through the investigative
process.
There are heaps of examples that may illustrate you how it works in the societies with the high
level of corruption and the fact is this is something that you would face on nearly every single
day if you live in such a country. Some people would not get ready to stay silent and blind to
these occurrences and they would get a bravery to talk about these issues. They may try to
alarm the authorities about these situations for the reason they cannot take the injustice within
their society. They would simply believe it’s unfair that someone would get privileged if he got
money to pay for a favor – even if we all are equal in front of the law. Those guys simply called
the whistleblowers would report through e-mail, phone, post or in person about the cases
including the corruption. If the authorities decide to open the investigation – they would try to
involve these guys offering them the status of source who may regularly or ad hoc send the
information about this sort of crime.
We are aware of that many people from a developed world cannot imagine how it works in the
developing countries and why the corruption may get such a serious social concern. For
instance, myself as someone who comes from the developing country such as Serbia could talk
about many of these cases. So commonly, even the media would support the people who would
talk openly about the corruption and even sacrifice their employments and peaceful lives to
prove that this bad social phenomenon exists in this part of the world. Those people deserve the
protection from the entire country and, unfortunately, the experience would suggest that the
entire society may get so cruel about their effort to make a change and prove something
inappropriate would be happening in their community. We would strongly recommend to
everyone being interested into this topic to think about the possible models, procedures and
scenarios of handling and supporting this fighters to the better world.
20 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
The ways of starting the case
The best way to start the case is to get some information from the person being complaining
about some irregular occurrence. Sometimes these guys would just offer the first-hand
information and not appear as willing to participate in the investigation. The Police Force should
find the way to discretely encourage the source of information to update the investigation with
some findings from time to time. Some people being so talented to the policing tasks would
willingly handle their part of the job. In a practice, the witness of crime may get friendly,
unfriendly and neutral. It’s obvious why someone may show some sort of revolt about the
authorities – probably for the reason of the complete dissatisfaction with the situation in the
society. Also, those guys being so skillful in policing roles would willingly share the information
with the Police and they would so commonly feel so proud to themselves because they may
support the authorities. The biggest challenge is working with the neutral witness for the reason
– it’s quite trickery to involve him into the case. Even if the witness got unfriendly – it’s much
easier to obtain the information from him because you can always challenge him to talk and
even if he gets a negative opinion about the Police Force – he would say many of those despite
to the authorities. The neutral informant usually requires the special effort and lots of hard work
making him attracted to tell anything.
Firewalls are an integral part of multi-layered defences for businesses. Today’s Next-Gen
firewalls secure the enterprise network and allow organizations to combat emerging cyber
threats.
Some of the latest data centre firewall products have capabilities including blocking volumetric
and application-layer DDoS attacks, advanced server load balancing, data acceleration and
SSL offload, multi-tenancy, flexible data filtering and so on.
However to get the most out of firewalls, enterprises need to pay attention to the areas outlined
below:
Security devices that are ill-equipped to handle the volume and the somewhat unpredictable
nature of the traffic can end up seriously increasing latency and degrading the performance of
critical applications and services.
Firewalls these days have a much bigger load to handle than before. Consider how your policies
impact performance. Make sure policies are written in such a way they don’t slow down
performance. Test the performance capabilities of your firewall when all rules are configured,
not when it's in its default state.
By some estimates, more than one third of all traffic that hits a corporate network is encrypted.
Without a way to decrypt the traffic, your firewalls are going to be blind to any attacks that a
threat actor might slip in via encrypted traffic or to any data extraction that might be going on the
same way as well, she says.
While some newer firewalls are able to decrypt and inspect encrypted traffic, many do not. If
your firewalls fall into the latter category, it’s a good idea to have a way to intercept the SSL
If you don’t want to, or cannot inspect all encrypted traffic that is entering or exiting your
network, you instead can specify traffic the traffic you do want to look at by source or by
destination.
They also have a way of becoming a lot more permissive than the original rules set. It is not
unusual at all for firewall administrators to start adding rules to accommodate requests from
internal users about rules that might be preventing access to resources they legitimately need.
Over time, such requests can make your rules base a lot less clean than it was when you
started out and before you know it you are allowing in traffic that you previously would have
restricted.
Conflicting rules and misconfigurations are bad enough when you have just a handful of
firewalls to manage. But they become a lot harder to catch in organizations that have numerous
firewalls and administrators.
Generally, it is a good idea to review your rule sets every six months. Remove the obsolete, the
unused, and expired rules. When adding new rules, make sure to look at existing rules first so
they don’t duplicate or conflict with something that might already be in place.
In order to ensure security of your organization, it is important to put the above processes into
practise.
Navigating the landscape of enterprise security can be daunting – the threats typically fly under
the radar, and the broad array of malware, hacks and data theft shows real innovation. Worse,
the level of malicious sophistication is also on the upswing. In tandem, corporate users enjoy
communicating, computing and transacting business on a variety of wired and wireless
networks – using multiple devices. And the threat vectors continue to grow, exponentially.
Consequently, IT departments are turning to policy management platforms that give them
visibility into who and what is connecting to their networks, with ways to measure and predict.
They seek security management that is both adaptive to how people now work and is easily
customized. And they want a management interface that accommodates wireless and remote
users, as well as emerging technologies and services like cloud computing and the Internet of
Things (IoT).
This is much more than ticking off boxes on a spec sheet – CISOs, CSOs and security
professionals are demanding a fully integrated, multi-vendor approach for security management.
Consequently, today's management platforms have to deliver a number of critical features
including authentication, authorization, and accounting (AAA) services, which control access to
networks and servers, automated workflows for BYOD and guest access, as well as providing
audit and bill-back information, which are essential.
The platform must also be agile and sophisticated enough to embrace new levels of
enforcement mechanisms for security in a mobile world. Today's security platforms must
embrace authentication and enforcement models for wired networking; public wireless
connectivity; and users who tunnel in via IP-based virtual private networks (VPNs) to be
effective.
Security-conscious enterprises now require enforcement policies that utilize real-time contextual
data to grant network privileges. In parallel, policy management platforms must support end-
device profiling that identifies device types and respective attributes that connect to networks.
And real-time troubleshooting tools are valuable as they solve connectivity and other end-user
issues quickly. Enterprises have tried to achieve many of those objectives with siloed security
products, but they are finding it more useful to reduce complexity – the number of management
consoles – and the ability to use multiple solutions if they can automatically leverage contextual
information between.
What this means is that there there is room for third-party products like mobile device
management (MDM) and enterprise mobility management (EMM), firewalls and security
information and event management tools. But the primary management platform must be used
to coordinate defenses where everything works as a coordinated solution.
Since Active Directory or LDAP are still used to administer security policies for most internal
users and devices, IT departments aren't able to perform enforcement using real-time
contextual data. Context like user roles, device types, ownership, location, and app usage – are
all essential to enforcing policies as users move through their day and work with multiple
devices. With this model, laptops can be given more rights than smartphones based on device
type, for example. Policy management takes all those factors into account and dynamically
enforces which resources can be accessed.
In addition, today’s policy management systems let users configure their own devices for secure
Wi-Fi or wired connectivity. Workflows that include MDM/EMM data makes it easy to detect if a
device is company issued or BYOD.
This sort of security management transition can't be done in a firehose fashion; security
professionals agree that a phased approach is the smartest way to move from legacy AAA to
centralized policy management. IT departments can then ensure that highly mobile workers get
seamless access to the apps, printers and network services they’re authorized to use, no matter
where they are or what device they're using.
IT professionals have been sorely tested by the BYOD trend with both internal users and
network guests. Managing the onboarding process of everyone's personal devices can strain IT
and helpdesk resources, and if not properly handled, can also create security problems. Robust
management platforms allow for any Windows, Mac OS X, iOS, Android, Chromebook and
Ubuntu devices to be automatically onboarded via a user-driven, self-guided portal. Required
SSIDs, 802.1X settings and necessary device certificates are then automatically configured on
authorized devices.
By working with unique device certificates, users then don't need to enter login credentials
repeatedly throughout the day – or worry as much about password theft when connected to
guest networks. Menu-driven capabilities ensure the rapid revocation and deletion of certificates
for specific mobile devices if a user leaves an organization or if the device is lost or stolen.
The BYOD challenges don't apply just to internal users. Any visitor – guest, customer, partner or
other external third-party – will arrive with at least one device that requires network access –
wired or wireless. Good security management requires a simple model that automates and
simplifies the provisioning of network access for guests, but also provides expansive security
features that keep data, computing resources and other users safe.
Prevention is especially good medicine for the security of enterprises and their datacenters. IT
must have the means to perform endpoint health checks to ensure that laptops are fully
compliant with internal requirements which check for the latest patches and updates before
they're allowed to connect.
Security platforms that integrate policy management with authentication, authorization and
accounting will lay the groundwork for more robust computing and IT-fueled productivity. And
they’ll keep networks, devices, data and users safe in the process.
Whether you are running for president, running a business, or just a runner, your online
presence and personality – as expressed by your social media and social networking activity –
is a powerful tool that you can leverage for success.
But that same online presence creates personal and business risk and vulnerability that cyber
criminals are only too happy to exploit.
Recent analysis by security firm, BrandProtect, found that more than 15% of Fortune 100 CEOs
with LinkedIn accounts are represented by multiple LinkedIn profiles. Almost 40% of Fortune
100 CEOs on Twitter are plagued by at least one duplicate or copycat account.
Presidential candidate Donald Trump is spoofed, admired, supported and derided by over 90
copycat twitter accounts.
Even though it seems easy to dismiss these duplicate accounts as harmless (or in the case of
Trump, as entertaining) the existence of these accounts creates risk for their namesakes.
Duplicative accounts, on LinkedIn, Facebook, and Twitter are often the creation of cyber
criminals seeking to socially engineer their way into an organization or a position of trust.
These accounts, and other kinds of fake accounts act to capture information that they may
unleash in a devastating email-based attack.
Every day, cyber criminals are active on sites from LinkedIn to, using various techniques to
mine the treasure trove of profile information for social engineering and exploit planning.
Basically, the perpetrators steal an identity or biography, and leverage it to gain more and more
information about a targeted enterprise.
1. It’s easy for a social engineer to assume practically any identity they want, and then
work to make that identity look plausible and trustworthy. They mine social sites for the
life details, work histories and key words that they use to create fictitious profiles.
3. As the cyber criminals gain connections to legitimate profiles, they gain access to a
wealth of social engineering information, including workgroup information, names and
nicknames of colleagues and peers.
4. With this info, the bad guys deduce reporting structures, learn about projects that are in
process, and sometimes even gain visibility to "inside information" such as work and
vacation schedules.
5. After a long reconnaissance, the criminals will spring their trap by constructing a
completely believable email they can use in a spear phishing/BEC attack, ransomware,
or whaling scheme.
6. The email will be sent to a logical target and it will “come from” a trusted or
organizationally powerful source. The email will talk knowledgeably and casually about
company issues.
Only then it will ask or demand an action of the reader – money or information transfer,
network access, or opening a malware or ransomware-laden file – and it will seem to be
backed by the necessary authority to request that action.
Enterprise security teams should take action. By following these simple steps, they will minimize
the operational, financial and reputational risks caused by masquerading accounts and
impersonation accounts:
Identify duplicate domains that represent real company employees. If it appears that an
employee has multiple accounts, make sure you understand what is going on.
Look for, review, and validate other LinkedIn profiles that claim an association you’re
your company. When a rogue account of any kind is discovered, it should be reported.
Audit and evaluate LinkedIn groups, including alumni groups and affinity groups that are
connected to the company. When an unauthorized social domain is identified, it should
be shut down.
As an individuals, you have a responsibility, too. You are often the best “first responder”. Here
are three simple ways to help protect yourself on professional or social media network sites:
1. When a stranger asks you to connect online, be careful. Ask yourself, how do I know
them? Do we have any common connections? Do we have many common
2. Beware of link or friend requests from people you have already linked to. When a friend
or colleague as you to re-link or re-friend be careful. It is probably the work of a spoofer
or a social engineer. Search for your friend’s actual profile.
3. Finally, be vigilant about potential attacks: whenever you receive an email from someone
asking you to review an attachment, follow a link, or take an action (including wiring
money somewhere!), ask yourself: “Is this an email that I expect, from a source that I
trust”.
The more urgency you detect in the email, or the stranger the story, the more wary you
should be.
Before you click, take steps to independently verify the legitimacy of the request.
As long as the ROI on socially engineered attacks is favorable, the criminals will continue to
create them.
And with multi-million-dollar losses from recent attacks making global headlines, it seems like
these attacks will be around for a while.
Greg Mancusi-Ungaro is the chief marketing officer for BrandProtect, a leader in cyber threat
monitoring, intelligence and mitigation services.
He is a frequent author and speaker, and a constant evangelist on cyber security issues, the
changing nature of the modern threat landscape, and the emerging technologies that look
beyond the perimeter to drive enterprise defenses against cyberattack.
Corporate cybersecurity leaders are forced to interact with the biggest threat to their mission
every day: their fellow employees. It’s not that these individuals are trying to undermine the
best-laid plans of the CIO or CISO, but that they often represent the easiest path for a hacker to
infiltrate the network. Yet, in dealing with the human element from a security perspective, IT
leaders also have to manage the employee’s desire to work, how they want to work, and on the
devices they want to use.
The Bring Your Own Device (BYOD) trend has taken strong roots in enterprises and small to
medium businesses with recent surveys by Tech Pro Research showing that 72% of
organizations either permitted BYOD or were planning to do so. BYOD can make a lot of sense
from the perspectives of cost and culture, but it only takes one wrong click, one “found” USB
drive plugged in, or one enabled macro to start a very bad day in the IT department. For
companies that are permitting, requiring or evaluating BYOD, here are three thoughts on
balancing security, productivity, and convenience.
Build It Right
BYOD brings with it the end of total endpoint control. While IT departments may be able to
mandate the use of certain applications and tools in order to access the network or certain files,
the computer or mobile device is no longer theirs alone to administer and maintain.
Therefore security leaders need to maintain focus on what is still in their control: the network
architecture. By layering different technologies and segmenting information in different zones,
companies not only prevent threats from entering the network, but also keep breeches isolated
and away from the most sensitive zones. By keeping the applications and users entering the
network on a BYOD device in as few zones as possible, it creates a safer overall network. Many
of the usual security solutions should be in place, such as firewalls, anti-spam, anti-virus, but
with the constantly evolving matrix of threats, it is vital to maintain a dynamic, policy-driven
architecture to stay one step ahead.
Since the IT department is no longer the sole administrator of devices, it becomes critical to get
new team members up to speed. For example, the fundamental tasks of keeping applications
and OSs updated are mostly in the hands of the user, so they need to be educated on why, how
and when to update their devices so that vulnerabilities are removed and new features are
added. Creating better behaviors with the primary devices can also carry over to secondary
devices that may exist outside of the company’s knowledge.
BYOD is supposed to allow people to work as they please and do away with having to use a
different OS than they prefer, or outdated, company-issued hardware. Cybersecurity measures
are meant to keep everyone and everything protected in the enterprise. In between lies
individual employees and their productivity. If BYOD improves productivity and mood, security
efforts ought to work to preserve those gains instead of adding layers that increase
inconvenience.
Every quarantined file, blocked email or slow connection frustrates employees who are simply
trying to get their job done as efficiently as possible. Employees are like water: they will find a
way around anything, especially if you block their way of working. When a business enables
existing work processes to be performed securely, employees won’t waste time looking for
workarounds, and, in return, employees will improve their productivity and refrain from creating
system vulnerabilities. When BYOD translates into stricter policies and byzantine procedures,
the benefit goes away and employees are left feeling like they’ve brought a MacBook Pro into a
Windows XP world.
BYOD is on its way to becoming the norm for many companies in the years ahead. The
challenges it introduces into the corporate IT department makes segmentation the most critical
cybersecurity area in the enterprise instead of the perimeter focus that has been prevalent for
decades. But for those who have implemented BYOD – or are thinking about making the leap –
finding the balance between security, cost and convenience is the best way to keep everyone
satisfied and secure.
Dotan Bar Noy Lt. Commander Israel Navy. (RET) is the CEO & Co-Founder of
ReSec Technologies. He has more than 10 years of management experience in
technology and software companies. Prior to founding ReSec, he served as
Director at Issta (listed ISTA.P), CEO of G.F.A. Systems, CEO of "STUDENTS"
as well as owning a strategic management and consulting company. Dotan
holds a BA in Economics & Management from the Israel Institute of Technology
(Technion) and an MA in Law from Bar-Ilan University.
Threat intelligence data is a critical tool that can help understand attacker behavior and their
activities. Once organized in a threat intelligence platform, data reveals to threat analysts the
techniques and methodologies used by attackers as evidenced in malware, infected websites,
suspicious domain name registrations and mass credential exposures.
Threat intelligence platforms play a pivotal role in vetting and normalizing the data across
numerous open source and proprietary streams of data, providing a secure communication
channel for threat information sharing, and providing data integrations with your SIEM and
existing security architecture.
The following questions will help the CISO kick off a risk-based conversation that can be a
source of metrics surrounding the use of threat intelligence data. Threat analysts should also be
prepared to answer these questions on a regular basis as these answers can also be a regular
part of board level discussions.
Attackers often create domains similar to a company’s existing brand to attract your customers
with the purpose of stealing their usernames and passwords, credit card information or other
personal information.
These activities can cause your customers distress, damage your brand reputation and cost you
money. Domain registrations can be an important source of information about attackers that
may be targeting your brand.
Actively monitoring “Whois” data can help identify this type of fraud before it is perpetrated. This
means monitoring a portion of the Reconnaissance phase of the attack chain. This can give you
time to alert and remind customers to be alert to specific fraudulent domains.
Employees need to know that being a part of a mass credential exposure can put the business
at risk. It is possible for valid email address/clear text password pairs to be used by an attacker
to impersonate a user if they are able to get inside your network.
Monitoring the Dark Web for your employees’ credentials should be supported and automated
through a threat intelligence platform.
Threat analysis needs to be an extension of a security operations team’s function to truly have
an intelligence-driven SOC. The challenge as defined by SANS is, “…to organically integrate
threat hunting into existing workflows so that it complements current security efforts.”
Threat analysts and security operations teams are often viewed as two separate entities each
with its own charter. This can lead to slower response times and non-aligned priorities.
The intelligence-driven SOC, prioritizes security events based on correlation with threat
intelligence IOCs first and true-positive correlations between different types of security relevant
log data second.
When security operations personnel that see a security event in log data, they should also know
in real-time if there is any threat intelligence data that might link the event to a previously seen
attack. This provides added context in the form of the attacker’s methods or techniques.
4. How do we know if we are monitoring for the right cyber security threats?
In the context of known key assets, their value to the organization, their individual owners, and
real-time correlations between potential IOCs in log data to IOCs in threat intelligence data
creates threat hunting that is focused and meaningful.
With these three data sets, threat hunting is a proactive pursuit that is scalable, repeatable and
teachable.
Knowing you are hunting threats that are current, relevant to your business and low on false-
positives facilitates an active defense.
Attackers learn from each other. But many organizations do not share threat data IOCs with one
another. The reasons for not participating in an evaluated, trusted circle are many, but most
have to do with fear. Not wanting to let others know that you may have experienced a breach
and they liability around sharing are the two we hear the most often.
Not sharing information doesn’t lead anyone to think you’ve never had an incident or been
breached. A good threat intelligence platform provides a trusted link to a wealth of knowledge
from other companies in your industry vertical or across a supply chain. Sharing should be
encouraged.
Summary
Making threat intelligence data useful requires a robust threat intelligence platform that can off-
load correlation IOCs with log data from the SIEM. A proactive approach to cyber security
means finding threats before they become a problem.
This is a necessary step for making tens of millions of active IOCs useful for threat hunting. This
tactic is effective and aligned across threat analysts, SOC personnel and incident responders.
Make everyone a threat hunter by unleashing your entire security team’s creativity but keep it
efficient through active prioritization and inside the bounds of what matters to the organization.
Mark Seward, a Certified Information Systems Auditor (CISA), has more than 15 years of
experience as a security practitioner and has held a number of leadership positions in product
management.
Prior to joining Anomali, Seward served as the senior director, security and compliance, at
Splunk, where he was responsible for security use-case messaging for the company's real-time
operational intelligence product. His tenure has also included positions at Symantec, Qualys
and LogLogic.
Mark has a Master of Science degree in information technology from the University of Maryland
and holds a federal chief information officer certification.
The water supply systems are the part of critical infrastructure of every country. In case of the
system’s collapse or some terrorist operations – this sort of infrastructure may face on a serious
harm. Through this article, we intend to discuss how these systems may get secured and how
water supply facilities could get protected from the possible physical access bringing with
themselves biological, chemical or any other threats.
Also, it’s important to mention that any sort of cyber attacks could affect the water supply control
system causing the piping system pressure oscillations and breakdown of the water supply.
The water supply systems would usually use the natural water resources being collected into
capacitors. Those capacitors would physically represent the water pools being created for water
cleaning and filtering. The final product is clean water that could get used for everyday needs
guaranteeing the certain level of quality.
This sort of security could invoke the several levels of access control. The only drawback to this
solution is it’s digital, so it could easily get the target of hacker’s attacks.
Remember that the weapon to a bio-terrorism could get packed into small envelopes and put
into someone’s pocket. Similarly, in case of chemical attack the substance could get in solid or
liquid form also being packed into your pocket. It’s clear what the consequences of those
diversions to the end-users could be. The entire area could get poisoned or sick from those
biological or chemical weapons.
The water would usually get transferred from the water supply facilities to the end-users using
the piping system. As it’s known, the reliability of this system would depend on some piping
parameters such as piping material, tube size, ring size and the other piping properties. It’s so
feasible that the entire piping system may collapse if the pressure in the tubes gets so high.
The common reason to such a scenario could be that the entire control system would operate
with some malfunction and consequently – it would not assure the appropriate pressure to those
piping elements.
So often, the piping route would use the tubes being the mix of two materials such as plastic
and metal making such a plant being of composite nature. The composite materials got highly
good characteristics and they may assure the certain level of security to a water delivery
system.
For instance, if – for some reason – the control system begins working with the flaw – the
pressure within the pipes may start oscillating causing the additional load to the water tubes.
If the pressure gets too high – the pipes could explode making the collapse of water supply
system and leaving people without the clean water. It’s getting clear how it could get risky to a
human health when people live without the healthy water. More people stay without the running
water, worse the consequences to their health would be.
Also, it’s so significant that the water piping would get the internal layer of waterproof material
that would guarantee that the tubes would not corrode from inside and cause some sort of toxic
implications.
This is so important to take into account when you do a project for water delivery systems,
because the end-users should get confident that they would consume something non-
dangerous.
The best way to protect your water supply control board is to follow some of the procedures
being discussed further.
For instance, never expose your command board computer to the web connection for the
reason it may get the source of malware that could cause the malfunctioned operation of your
control applications.
Also, it’s so significant to mention that if you got some workstations being connected to the
internet which is logical, because the water supply facility would never get isolated and without
any communication to an external world – get careful that you would not even use removable
devices to do a data transfer from your computer being with the web connection to your
workstations being with the command application – simply because you always can catch a
malware from the global network.
The aim of this article got to indicate to some challenges of water supply systems and raise
awareness about those sorts of critical infrastructure. We hope this kind of effort would give an
encouragement to more people being the part of researcher’s community to dig deeper and
explore this topic better.
Social media is both a boon and bane for online businesses. On the brighter end, capitalizing on
social media will help online businesses extend their outreach and accrue customers swiftly.
On the flip side, breach of user privacy is one of the biggest threats faced by social media sites
as the technology to scrape user data has been evolving at an exponential rate.
Half of the internet traffic is driven by non-human traffic, including crawlers and malicious bots.
Profile scraping is a data-scraping technique in which bots are employed to scrape public
profiles from famous social media sites.
Scrapers use these profiles to enhance their competitive advantage in the market.
Renowned social media sites, despite having stringent ToS, are unable to put an end to profile
scrapers.
That being said, here are four good reasons why social media should shield themselves from
profile scraping:
1) A social media website’s content is the face of its thought leadership and brand
reputation. Scraping its user profiles will diminish the brand value
2) Social media websites run the risk of facing expensive lawsuits if their customers realize
that their data privacy has been breached
3) Scraping is illegal, and legal action can be taken by the site owner if their ToS is found to
be breached. However, automated bots use multiple IPs/ Proxies to scrape the profiles
and it is difficult to find the source of the bots.
This makes it all the more difficult to track the profile scraper, let alone sue the fraudster.
4) Profile scraping will result customer attrition. All the customer that invest in a social
media site to promote their businesses will shift their focus to another social media
bandwagon that ensures user and content privacy
It is about time online businesses, especially social media, realized the fact that suing is not the
only solution to end online threats; they must get proactive in stopping them in the first place.
Profile Scraping can be prevented by a few common strategies. But in order for these strategies
to be effective all the time, they require periodic maintenance and upgradation, which results in
operational fatigue.
On the other hand, there are reliable anti-scraping solutions that can detect and prevent bots
with malicious intent and provide you with in depth insights on bot traffic.
Social media businesses should opt for such reliable, long term approaches to uphold their
brand value and ensure 100% user and content privacy.
The course has been developed for IT and IT security professionals including Network
Administrators, Data Security Analysts, System and Network Security Administrators, Network
Security Engineers and Security Professionals.
After you take the class, you'll have newfound knowledge and understanding of:
Course Overview:
1. A certificate for one free personal usage copy of the Preview Release of SnoopWall for
Android
2. A worksheet listing the best open and commercial tools for Counterveillance
3. Email access to the industry leading Counterveillance expert, Gary S. Miliefsky, our educator.
4. A certificate of achievement for passing the Concise-Courses Counterveillance 101 course.
There are so many projects at sourceforge it’s hard to keep up with them. However, that’s not
where we are going to find our growing list of the top twenty infosec open sources. Some of
them have been around for a long time and continue to evolve, others are fairly new. These are
the Editor favorites that you can use at work and some at home to increase your security
posture, reduce your risk and harden your systems. While there are many great free tools out
there, these are open sources which means they comply with a GPL license of some sort that
you should read and feel comfortable with before deploying. For example, typically, if you
improve the code in any of these open sources, you are required to share your tweaks with the
entire community – nothing proprietary here.
1. TrueCrypt.org – The Best Open Encryption Suite Available (Version 6 & earlier)
2. OpenSSL.org – The Industry Standard for Web Encryption
3. OpenVAS.org – The Most Advance Open Source Vulnerability Scanner
4. NMAP.org – The World’s Most Powerful Network Fingerprint Engine
5. WireShark.org – The World’s Foremost Network Protocol Analyser
6. Metasploit.org – The Best Suite for Penetration Testing and Exploitation
7. OpenCA.org – The Leading Open Source Certificate and PKI Management -
8. Stunnel.org – The First Open Source SSL VPN Tunneling Project
9. NetFilter.org – The First Open Source Firewall Based Upon IPTables
10. ClamAV – The Industry Standard Open Source Antivirus Scanner
11. PFSense.org – The Very Powerful Open Source Firewall and Router
12. OSSIM – Open Source Security Information Event Management (SIEM)
13. OpenSwan.org – The Open Source IPSEC VPN for Linux
14. DansGuardian.org – The Award Winning Open Source Content Filter
15. OSSTMM.org – Open Source Security Test Methodology
16. CVE.MITRE.org – The World’s Most Open Vulnerability Definitions
17. OVAL.MITRE.org – The World’s Standard for Host-based Vulnerabilities
18. WiKiD Community Edition – The Best Open Two Factor Authentication
19. Suricata – Next Generation Open Source IDS/IPS Technology
20. CryptoCat – The Open Source Encrypted Instant Messaging Platform
Please do enjoy and share your comments with us – if you know of others you think should
make our list of the Top Twenty Open Sources for Information Security, do let us know at
marketing@cyberdefensemagazine.com.
(Source: CDM)
secret.
http://www.naisg.org/techtips.asp
http://register.cyberdefensemagazine.com
Send us your list and we’ll post it in the magazine for free, subject to editorial approval
and layout. Email us at marketing@cyberdefensemagazine.com
This magazine is by and for ethical information security professionals with a twist on innovative
consumer products and privacy issues on top of best practices for IT security and Regulatory
Compliance. Our mission is to share cutting edge knowledge, real world stories and
independent lab reviews on the best ideas, products and services in the information technology
industry. Our monthly Cyber Warnings e-Magazines will also keep you up to speed on what’s
happening in the cyber crime and cyber
warfare arena plus we’ll inform you as next
generation and innovative technology
vendors have news worthy of sharing with
you – so enjoy.
Sample Sponsors:
Now Includes:
Your Graphic or Logo
Page-over Popup with More Information
Hyperlink to your website
BEST HIGH TRAFFIC OPPORTUNITY FOR INFOSEC INNOVATORS
https://torrentfreak.com/digital-citizens-slam-cloudflare-for-enabling-piracy-malware-160722/
http://arstechnica.com/security/2016/07/criminals-plant-banking-malware-where-victims-least-
expect-it/
http://statescoop.com/ms-isac-official-ransomware-is-top-malware-of-concern-for-states-
counties
Scary Android malware blocks calls to your bank so it can keep stealing money from you
http://bgr.com/2016/07/18/android-malware-banking-apps/
https://securityintelligence.com/the-brazilian-malware-landscape-a-dime-a-dozen-and-going-
strong/
This webcam malware could blackmail you into leaking company secrets
http://www.zdnet.com/article/this-webcam-malware-could-blackmail-you-into-leaking-company-
secrets/
http://fedscoop.com/study-one-in-three-pirate-websites-infested-with-malware
http://www.pymnts.com/news/security-and-risk/2016/2016-increased-malware-attacks/
https://threatpost.com/google-chrome-malware-leads-to-sketchy-facebook-likes/119361/
http://www.ifsecglobal.com/beware-of-malware-disguised-as-pokemon-go-app-warns/
http://arstechnica.com/security/2016/07/nation-backed-malware-that-infected-energy-firm-is-1-
of-2016s-sneakiest/
http://www.cutimes.com/2016/07/21/malware-infects-large-slice-of-cicis-pizza-and-mac
57 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
Big Bunch Of Legitimate Business Websites Hijacked To Deliver You Bad Malware
https://consumerist.com/2016/07/20/big-bunch-of-legitimate-business-websites-hijacked-to-
deliver-you-bad-malware/
http://smallbiztrends.com/2016/07/signs-of-malware-infection.html
http://www.cnet.com/news/malware-from-china-infects-over-10-million-android-users-report-
says/
http://www.bankinfosecurity.com/ammyy-admin-a-9274
http://fortune.com/2016/07/06/mac-malware-backdoor-app/
http://www.theinquirer.net/inquirer/news/2465267/ransomware-hackers-using-spam-emails-to-
distribute-cryptxxx-malware
http://www.bizjournals.com/dallas/news/2016/07/19/research-finds-dallas-one-of-most-malware-
infected.html
https://securityintelligence.com/news/firefox-malware-poses-as-browser-update/
http://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-
patch-now/
FBI says its malware isn't malware because 'we're the good guys'
http://www.zdnet.com/article/fbi-says-its-hacks-are-not-malware-because-they-are-used-to-
catch-criminals/