MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Tuesday
Mar082011

Condition Remains GREEN

Aggressive redirects of internet traffic continues. These large casting operations conducted by state sponsored actors searching for traffic containing plain text information. This information has been used to chain compromises of various sites focusing on specific targets. The primary goal appears to be the theft of intellectual property of organizations, identity credentials of high value users and gathering of classified information. Some tips to help manage and prevent these kinds of attacks.

 

  • Educate people in your organization about recent tactics in chained compromises and spear phishing.
  • Remember that insiders still represent the greatest threat to an organization, review you management of this threat.
  • Never use a password or email at work for public sites. This includes social media, support forums or user groups.
  • When ever accessing sites use TLS/SSL option, this includes search.
  • Block countries which you do not do business with at the boarder, DMZ and DNS service.
  • Consider using TLS/SSL and encryption for internal traffic especially on critical systems.
  • Encrypt user identifications and passwords, never transmit this information in plain text internally or externally.
  • Filter internal packets to critical systems.
  • Your audit capabilities and infrastructure are critical and should be protected as such.
  • Audit and evaluate your traffic, both internal and external (Ingress and Egress).

 

Due to the nature of these attacks it is recommended you consider a more dynamic approach to the risk and mitigation of these threats to your organization. 

Saturday
Feb262011

Condition Remains GREEN

Similar to the ransomware kit from 3.15.2010 we have been closely monitoring the development of a Trojan specific to the MacOS. With the growth of the platform we can expect the risk matrix to change for individual products impacting the complete Apple Product line. The good news is that software vendors have slowly been moving into the Mac space, offering free products. This includes Sophos and Intego who both offer solid products, we really love Intego. 

What you need to do:

  • Install a anti-virus and security software suit on your Mac or within your corporate walls, get ahead of the game.
  • Make sure that users of Mac's receive the same security education about how to operate in an insecure world. (We offer specific Mac Training for this)
  • Include Mac specific tips within any security communication, no longer is the Mac that machine out on the network somewhere within you organization.
  • Set your browser to block specific AD sites and cookies. Various extensions such as Ghoster, ClickToFlash, Incognito and Javascript Black list can help you boost your defenses. 
  • Include iOS devices within the umbrella of any specific Apple product security response. (Especially since Lion will share features perfected within iOS.)

 

 It remains our belief that the first significant Mac Trojan or Malware will be a cleverly disguise installer for a product that users are familiar with. In it's current form, the risk is manageable. This is a crude first step towards that development.