Guccifer Strikes Again! Just having fun for now, but what if that changes?

Guccifer, a hacker known for targeting high profile political figures and celebrities is at it again, and this time his victim is Candace Bushnell, author of “Sex and the City.” Guccifer gained access to Bushnell’s email account and took screenshots of her latest unfinished novel; then he proceeded to hack her twitter account and posted those screenshots.

Past attacks from Guccifer, like this one, have not been for personal gain. It’s hard to imagine financially benefiting from leaking a “sneak peak” at a novel. . . unless, of course, someone paid them to carry out such an attack. The motivation behind these attacks is probably just plain mischief. Remember the old “script kiddies” of the past? Same deal.

However, should the attacker’s motives change, he or she can probably do a lot of damage. As we saw in the Syrian Electronic Army attacks, hacking a high profile and trusted Twitter account affected the stock market, which shows just how much damage one can do.

Even though you may not be the direct target of an attack, you might still be affected by it. A stock you own may drop if that company’s twitter account falsely declares bankruptcy for the company. Even worse, details of national security could be leaked from the Attorney General’s email account and we could find ourselves vulnerable to attack. It’s hard to prevent the second scenario from taking its toll, but the first one is certainly avoidable.

Moral of the story: Don’t believe everything you read online! Checking it against multiple trusted or valid news sources. A hacker’s word is only as good as those who believe it, so don’t be too trusting or naïve. Stay in observation mode and continue to gather information.

DDoS: Not just for taking down websites anymore

We all know about DDoS attack being used to temporarily take down targeted websites. But Jordan Robertson at Bloomberg reports that attackers are now using them as a distraction – a means to attack the victim company while their defenses are down in order to steal money, data, and cause other damage. “They’ve become the online equivalent of a common street hustle, with the initial assault being the shiny object that distracts bank security teams long enough to pick customers’ pockets,” the article reads.

Robertson recounts how attackers nabbed tens of millions of dollars from banks over the last year. And what’s worse – the affected banks didn’t learn of the intrusions until getting word from customers and investigators. Sadly, this is all too common: the most recent Data Breach Investigations Report from Verizon shows that the majority of breaches, 69 percent, are detected by third parties.

Something needs to change to enable companies to catch these breaches themselves, and much quicker. One expert calls for a change in monitoring, leading with role-based technology to catch threats in real-time. Read more on that in our previous post, Infographic: The Future of Security Monitoring.

Infographic: The Future of Security Monitoring

Twitter, Apple, Facebook, and Microsoft are all household corporate brands, and they have something in common: They have all suffered data breaches.

As attacks make headlines daily, industry influencers seem to all be calling for security monitoring and forensics tools as the “end all, be all” for solving these types of issues and preventing future incidents. But sadly, monitoring tools like SIEMs catch maybe 50% of threats, best case scenario. Gartner says 85% of organizations are failing at early breach detection. Even the recent Verizon Data Breach Investigations Report found 66% of breaches are taking months or longer to be detected. HyTrust agrees, and has found the same or similar numbers in informal polling. In fact, Eric Chiu, president and founder of HyTrust (, the cloud control company, says “Security monitoring tools such as SIEMs are broken — they’re slow, reactive and weak.”

It’s obvious a new approach is sorely needed. Chiu says Role-Based Monitoring (RBM) is the future of security monitoring, and shared the below infographic. Based on pre-defined user roles, RBM can detect and block threats in real-time. It alerts you when something outside the norm happens. For example, an attacker using an advanced persistent threat (APT) technique might hijack someone’s corporate “privilege” – in other words, their advantages, benefits, entitlements or rights based upon their role within the organization – in order to carry out their breach more effectively.

“RBM is the fastest, strongest and most certain method of identifying threats with 98% accuracy,” Chiu said. “It provides a deeper examination of the context, looking at what was done as well as who executed the action, what their job is, and what resources they’re allowed to manage.” This enables organizations to zero-in and separate appropriate administrative operations from malicious ones, Chiu explained.

RBM is useful especially in cloud environments where ‘super admins’ have ‘super access’ to everything, i.e. they can copy, if they wish, every virtual machine with sensitive data, or tamper with controls and potentially destroy the entire virtual datacenter.

“It’s time to rethink security in-line with emerging technologies and change the way we do business,” said Chiu.


Verizon Data Breach Investigation Report Points to Financial Motives for Hackers

The Verizon data breach investigation report is out, and, as always, it does not disappoint. Filled with a treasure trove of stats and insight into the past year’s breaches, there’s much to take away from this report. Just one point of interest is that 75% of attacks were driven by financial interest, with 37% of breaches affecting a financial organization. When you first download the report, you see a quote under the cover page that says “some organization will be a target regardless of what they do, but most become a target because of what they do,” and the stats certainly verify that. It used to be that attackers hacked because they could, but as of late they are looking to get something out of it.

And with 66% of breaches not being discovered for months or longer, these attackers seem to have all the time in the world to do their dirty business. So what needs to be done to detect these breaches early-on?

Eric Chiu, president and founder of HyTrust suggests that “with the majority of computing now moved to cloud environments, we need to turn our security paradigm around from an ‘outside in’ threat perspective, which has proven inefficient and largely ineffective, to an ‘inside out’ view that addresses both insider and outsider advanced threats.”

Attackers are also using a wider range of attacks than ever before, making it more difficult to prevent all types of attacks. There were 4X as many attacks through social media in 2012 compared to 2011 and there were 3.5X as many physical attacks. In 2011 most attacks came from hacking or malware, but now the attack surface playing field is evening out.

Nathaniel Couper-Noles, senior security consultant at Neohapsis says that “the breadth of successful attacks in the report shows that technological innovations can benefit attackers as well as defenders. The security margin between theoretical vulnerabilities and real exploitation is shrinking.”

As a consumer, it’s not comforting to know that my financial data is priority numero uno for attackers and that they are pulling off attacks that were once thought to be impossible. There will always be innovation on both sides of the table, and the question is whether security vendors can find a way to pull ahead of the bad guys and stop their theoretical attacks before they become possible to carry out. However, with 78% of initial intrusions for these attacks considered as low difficulty, there’s still much to be done to make it harder for attackers to get their foot in the door.