Qualys Blog

www.qualys.com
356 posts

New ‘Silence’ Banking Trojan copies Carbanak to Steal from Banks (Analysis with IOCs)

Dark Reading is reporting on a new banking trojan called ‘Silence’ that mimics techniques similar to the Carbanak hacker group targeting banks and financial institutions.  The attack vector is similar – target individuals using spear-phish emails to trick them into running a malicious attachment which will connect to download a dropper to further infect the user’s machine.  This attack does not use an exploit against a vulnerability, but rather takes advantage of social engineering to fool the user into executing the malicious payload and infecting their machine.

Silence is interesting in that the trojan’s capabilities include a screen grabber that will take multiple screenshots of the user’s active monitor and upload the real-time stream to a command and control server for monitoring by the adversary.  This technique allows the threat actor to identify which users have access to specific banking applications, systems, and accounts that they can use for financial gain.

Continue reading …

DevSecOps: Building Continuous Security Into IT and App Infrastructures

With software now at the heart of essential business processes, organizations must build security into their IT and application development pipeline to prevent breaches, avoid compliance violations, and protect digital transformation initiatives.

This especially applies to organizations creating and deploying applications quickly and continuously using DevOps, in which development and operations teams add agility and efficiency to software lifecycles with automation tools, pre-built third-party code and constant collaboration.

DevSecOps Building Continuous Security into IT and App InfrastructuresDevOps replaces the traditional, linear “waterfall” method in which each team works in silos with minimal communication and coordination, often resulting in lengthy software lifecycles and code that is buggy and insecure.

But for all the speed and flexibility that DevOps adds to IT and application development and delivery — and to the business initiatives powered by the software —  it can backfire if security is an afterthought or left out altogether.

Instead, security pros, processes and tools must be threaded seamlessly into DevOps to end up with DevSecOps. Continue reading …

InfoSec Pros Must Fasten Their Seatbelts for Digital Transformation Ride

The IT industry has gone through multiple revolutions – client-server computing, the Internet’s rise, virtualization, mobility – but none rivals the unprecedented impact of today’s digital transformation.

The implications for InfoSec professionals are broad, requiring that they adapt quickly to the profound changes brought about by digital transformation trends.

“Whether you’re ready or not, it’s coming at you, and it’s coming at you very fast,” Scott Crawford, Research Director of Information Security at 451 Research, told Qualys Security Conference 2017 attendees last week in Las Vegas.

Continue reading …

Webcast Q&A: Automating the CIS Critical Security Controls

Qualys Product Management Director Tim White and SANS Institute Analyst John Pescatore did a deep dive into the Center for Internet Security’s Critical Security Controls during a recent webcast, and answered questions from audience members about these 20 foundational security practices, and about the importance of maintaining basic security hygiene.

In this blog post, we’re providing edited transcripts of their answers to all the questions, including those that they didn’t have time to address during the one-hour webcast, which was titled “Automating CIS Critical Security Controls for Threat Remediation and Enhanced Compliance.” We hope you find their explanations insightful and useful.

Webcast Questions and Answers - Automating CIS 20 Critical Security ControlsIn addition, if you didn’t catch the webcast live, we invite you to listen to the CIS controls webcast recording. We also encourage you to download a copy of a highly detailed guide that maps the CIS controls and sub-controls directly to specific features in Qualys apps.

Continue reading …

Bad Rabbit – Ransomware

(updated: 10/26/2017 with additional file hashes and mitigations)

A new ransomware campaign has affected at least three Russian media companies in a fast-spreading malware attack. Fontanka and Interfax are among the companies affected by the Bad Rabbit ransomware named by the researchers who first discovered it. The malware is delivered as fake Flash installer, it uses the SMB protocol to check hardcoded credentials. Bad Rabbit does not employ any exploits to gain execution or elevation of privilege. The Ukrainian computer emergency agency CERT-UA has issued an alert incident and mentioned that Odessa airport and Kiev subway were also affected. It is unsure whether this alert is regarding Bad Rabbit, but they suspect that it may be the start of a new wave of cyberattacks.

Continue reading …

ACLU Attorney: U.S. Citizens Legally Unsheltered from Abusive Surveillance

U.S. law has failed to protect Americans from widespread and excessive surveillance, a dire situation that requires immediate attention from citizens, lawmakers, attorneys, privacy experts and the courts.

That was the urgent warning Jennifer S. Granick, Surveillance and Cybersecurity Counsel at the American Civil Liberties Union, conveyed to attendees of the Qualys Security Conference 2017 during the event’s closing keynote speech.

Continue reading …

Gartner: The Pursuit of Perfection Weakens InfoSec Effectiveness

While malicious hackers are the obvious enemies of InfoSec pros, there’s something else that puts IT environments in danger: Perfectionism.

When applied to security, perfectionism becomes detrimental, creating a false certainty that all bases are covered and yielding a fundamentally flawed approach to protecting enterprises from attacks, according to Neil MacDonald, a Gartner Distinguished Analyst and Vice President.

“Perfect security is impossible,” MacDonald said during a keynote speech at the Qualys Security Conference 2017 on Thursday.

Continue reading …

The Shift from Securing our Networks to Enabling the Digital Transformation of our Enterprises

It’s not yet Thursday, but attendees at Qualys Security Conference 2017 were treated to a major “throwback” as CEO and Chairman Philippe Courtot journeyed back centuries during QSC17’s opening keynote to illustrate the seismic changes of today’s digital revolution.

Courtot cited some of history’s biggest shifts, such as the development of the printing press, which dramatically accelerated the distribution of knowledge, triggering massive political and economic changes, as well as Copernicus’ heliocentric model, which upended astronomy.

The difference is that changes of that magnitude are happening much more frequently in our time, as the Internet powers developments driven by digital technologies at dizzying speeds.

Continue reading …

QSC17 Focuses on Digital Transformation’s Challenges and Opportunities

Qualys Security Conference 2017 finds Qualys rapidly advancing in its ongoing quest to seamlessly and transparently thread security into the fabric of IT environments, and to make it essential for digital transformation.

At QSC17, happening this week in Las Vegas, Qualys executives will share how the company’s growing catalog of security and compliance apps, powered by the highly scalable Qualys Cloud Platform, can yield substantial benefits and unique advantages to our customers and partners.

Continue reading …

The Critical Security Controls: Basic Cybersecurity Hygiene for your Organization

It’s a well-known fact that most successful cyber attacks are easily preventable. That’s because the majority are neither highly sophisticated nor carefully customized.

Instead, they are of the “spray and pray” sort. They try to exploit known vulnerabilities for which patches are available, or to take advantage of weak configuration settings that IT departments could have handily and quickly hardened.

One recent and infamous example was the WannaCry ransomware, which infected 300,000-plus systems and disrupted critical operations globally in May. It spread using the EternalBlue exploit for a Windows vulnerability Microsoft had patched in March.

So why do many businesses, non-profit organizations and government agencies — including those with substantial cybersecurity resources and knowledge — continue falling prey to these largely unrefined and easy to deflect strikes?

In most cases, the main reason can be traced back to hygiene — of the cybersecurity type, of course. Just as personal hygiene practices reduce the risk of getting sick, applying cybersecurity hygiene principles goes a long way towards preventing security incidents.

That was the key message Qualys Product Management Director Tim White and SANS Institute Analyst John Pescatore delivered during the recent webcast “Automating CIS Critical Security Controls for Threat Remediation and Enhanced Compliance.”

Continue reading …