| Hackers are knocking on your door. How will you reply?
Increased scanning could signal larger attack
By Nick Smith, Editor If you�re a network security analyst, it�s going to raise your attention when you see seventy-five attacks in an hour for a vulnerability that�s been around since 2001. And when you see that all of the scans are coming from the same range of IP addresses, it�s a safe bet that hackers are knocking on doors to find out which ones are open - and they�re not just making house calls.
Such was the scene in the Security Operations Center at SecureWorks late last month, as analysts worked to alert clients and incident response teams across the country of a potential attack against networks with Cisco IOS routers. �What we saw,� says SecureWorks CTO Jon Ramsey, �was a significant increase in aggressive scanning of networks, from an average of five client attacks on this particular vulnerability to seventy-five in just a twenty-four hour period.� That increase, combined with the breadth of the attack and the source of the scans - South Korea and the Pacific Rim, a hotbed of hacker activity - led to the decision to take action.
How are they doing it?
The probe was an attempt to exploit a long-patched vulnerability (from 2001, to be exact) in Cisco�s IOS operating system that, if compromised, could give a hacker complete control of a Cisco router - and, in effect, an organization�s network resources. Once in, the hacker could use the router to execute arbitrary code to shut down the network or reroute all network and email traffic - including confidential customer information - to an off-site computer. Those are risks no organization wants to take. But what remains to be seen is what hackers are up to with the probe. Are they looking for organizations with vulnerable routers, knocking on doors until they find ones that are open? And does the aggressive increase in scanning signal a larger attack yet to come? In light of the fact that the majority of Internet-connected organizations use Cisco routers, these are troubling questions . . . but they shouldn�t be. It�s an easy problem to solve.
Cisco released a patch for this vulnerability four years ago. So when hackers are knocking on your door, make sure they see that you are not vulnerable. | 1. | Update all Cisco routers running IOS software to the latest version.. Download the latest version and get information on how to patch your router here. | | 2. | Disable the HTTP server. | | 3. | Bypass local authentication by enabling TACACS+ or Radius authentication. |
|  |  | | |  | | Katrina web scams surface. As if the storm hadn�t brought enough devastation, the worst elements of humanity are adding to it. The latest phishing scams lure people wanting to donate to relief efforts to spoofed sites where they give up account information and money � none of which goes to victims at all. Most, in fact, will wind up in eastern Europe. The FBI estimates that 60% of the over 2,000 websites created since the disaster � many of which are based in eastern Europe - are fraudulent. It�s a good idea to advise your customers to be careful of such scams and donate through well-known organizations rather than responding to email solicitations. Phishing has no place in a hurricane. |  | | Holy porn . . . the latest trend in malware? Like most malware, the newest Trojan horse, Yusufali-A, monitors surfing habits. Unlike most malware, Yusufali-A makes no attempt to steal users' money or confidential information. Instead, it opts solely to prevent them from viewing sexually explicit websites. When the Trojan spots certain objectionable terms (you know what they are; don't make me spell them out here), it minimizes those windows, making the site unviewable. At that point, a message from the Koran appears on the screen. The question remains, however: will users looking for hardcore take to hard Koran? | |  | | Will IE 7 cause new wave of exploits? Microsoft�s hoping to salvage its dominant position in the browser market with its new Internet Explorer 7 (now in Beta), which boasts many of the features of its competitors: tabbed browsing, improved security, and a phishing filter feature that alerts users when they visit suspicious sites. But will the new version inadvertently lead to a wave of attempted hijacks of content from legitimate publishers? One reviewer thinks so.
Had enough of spyware? If it seems like it�s getting the best of you, it might be a good idea to test your spyware savvy. Take this ten-question quiz and find out how much you know � and get information tailored to your level of expertise. | | | | | |  |  | | |  | | Low-cost, low-time security: Ten cheap and easy ways to secure your network now
Thursday, September 15th , 3 PM Eastern
Time, money, and people are the resources you need the most to adequately protect and monitor your network against attacks � but they�re also the resources in shortest supply. Get equipped with practical tips and tools you can use to secure your network. 10 tips for talking to your board about information security
Tuesday, September 20th, 3PM Eastern Talking to your board about your network�s security isn�t easy, but it doesn�t have to cause nightmares. Find out how you can speak to your board and CEO about even the most complex information security issues. How to keep your hospital's email confidential
Thursday, September 29th , 3PM Eastern
Defining your hospital's policy on sensitive email is easy - but as everyone knows, the challenge comes with enforcement. Learn how to protect your electronic medical records and keep your email secure. | | Are you missing the boat? As a newsletter subscriber, you receive timely updates about Internet security every month. But you might be missing out on our other informative and educational resources. It�s easy to fix that problem. Just update your profile to receive webcast invitations, white papers, or email advisories here. | | |  |  | | | | | | |
Forward to a Colleague
Forward to a Colleague 
Join List
Unsubscribe
Privacy Policy
generic xanax reducing xanax dosage - xanax crazy meds
ReplyDelete