PwC Weekly Security Report

Strategy and governance

Identity management

Threats and vulnerabilities

Top story

PwC Weekly

Security Report

This is a weekly digest of security news and events from around the world. Excerpts from news items are presented and web links are provided for further information.

Strategy and governance RBI asks lenders to put in place cyber security policy

Identity management The future of identity management: Passwords and the cloud

Threats and vulnerabilities Dridex spam bursts reveal new threat tactics

Top story SWIFT threatens to give insecure banks a slap if they don't shape up

Strategy and governance

Identity management

RBI asks lenders to put in place cyber security policy

Threats and vulnerabilities

Top story

The Reserve Bank of India on Thursday said the country's lenders must put in place a cyber security policy "immediately" in order to combat internet threats and asked the sector to identify risks according to the degree of potential danger.

Source:

"It is essential to enhance the resilience of the banking system by improving the current defences in addressing cyber risks," the RBI said in a statement.

"Banks should immediately put in place a cybersecurity policy elucidating the strategy containing an appropriate approach to combat cyber threats."

The central bank asked lenders to specify potential risks as "low, moderate, high and very high" and reiterated that the lenders must report all "unusual cyber-security incidents" to the RBI.

Our perspective

Banks should have a cyber security policy in place, which is separate from the IT/IS security policy. Further, banks need to automate their IT asset management processes and should build capabilities to integrate the various threat feeds into the security operations centre (SOC) in order to improve their cyber defence.

The new cyber-security policy should be separate from the bank's broader information technology policy, the RBI said.

The RBI said a recent increase in Internet attacks on financial institutions underlined the "urgent" need to put in place a robust cyber-security framework in the banking system.

Central banks globally have been asking their lenders to beef up their cyber security protection systems after $81 million was stolen from a Bangladesh central bank account with the New York Federal Reserve, in one of the biggest-ever cyber heists.

The following is the link from reserve bank of India where more details can be found px?Id=10435&Mode=0

Strategy and governance

Identity management

The future of identity management: Passwords and the cloud

Threats and vulnerabilities

Top story

Compromised credentials are still the cause of almost a quarter of all data breaches, according to the Cloud Security Alliance. With a surge in cybercrime, it's no wonder that the global identity and access management (IAM) market is expected to reach USD 24.55 billion by 2022, according to Research and Markets.

"Identity Management will serve as the central hub that other services leverage for threat detection, policy enforcement, and overall governance. Examples are CASB and SIEM integration," Alvaro Hoyos, CISO at OneLogin, told Help Net Security.

"More governance related features like more full featured security workflows, more access and authentication monitoring, ability to make better decisions about what applications to bring into the ecosystem that has the identity management solution as it's base. In addition, identity management is key for our professional and personal lives, so serving both B2B and B2C needs simultaneously might have higher demand. Features such as social sign-in are a clear indicator of this trend," he added.

Identity and the cloud

The cloud already has a strong impact in the daily lives of many people and businesses. Improved trust and security are critical to encouraging continued wide-scale cloud adoption. The question of trust within the cloud enables organizations of all sizes to realize the benefits of cloud computing.

"The liability faced by cloud service providers will continue to increase as identity management becomes ubiquitous in both our business and personal lives. The increased frequency of successful breaches will also have an impact on how companies deal with that liability, and cybersecurity insurance will be more closely tied to the work companies are doing to reduce risks," says Hoyos.

Source: 05/24/cerber-ransomware-ddos/

Passwords in the enterprise

Passwords in the enterprise were never really that secure in the first place. But in the absence of anything else, they were long the de facto standard.

"Perhaps the most significant change will be the abandonment of the username and password convention that was created nearly 40 years ago for more simple needs and networks. In its place will be multi-factor authentication," says Brian Spector, CEO of MIRACL.

Our perspective

Identity management solutions are a very important element in the overall enterprise security architecture of any organisation. A well-defined identity management policy, implemented with a mature solution, ensures early threat detection and effective governance, enabling early breach detection and hence minimising any serious damage.

"Regardless of the device or factors that initiate or complete the authentication, what will be required for the success of security on the Internet is both the simplicity with which authentication can take place from a user's perspective and the easing of administrative investment required from the service side," he added.

Strategy and governance

Identity management

Dridex spam bursts reveal new threat tactics

Threats and vulnerabilities

Top story

The infamous banking trojan Dridex sputtered back to life at the end of May after a quiet month with new capabilities designed to trick users into opening a malicious attachment and bypass security filters.

The trojan was unusually inactive during most of last month, before reappearing in a new wave of spam emails, according to Trend Micro researchers Michael Casayuran, Rhena Inocencio, and Jay Yaneza.

These emails show the threat actors behind the campaign have changed tactics slightly, using a different kind of social engineering designed to trick users into opening the malicious attachment.

The subject line of the spam bears the message "account compromised" while the main body of the email contains details of a supposed suspicious logon attempt, including an IP address to make it look legitimate.

The attachment supposedly has the full report of this spoofed incident, Trend Micro said.

"The spammed message is almost believable except for that one missing crucial detail. It doesn't have any information on what type of account (email, bank, social media accounts etc.) is compromised," it added in a blog post.

"Based on our research, the spam runs of Dridex have semblances with Locky ransomware with its use of macros and identical email templates."

Another new feature is the use of Certutil and Personal Information Exchange (.PFX) files ? the latter typically used by software certificates to store public and private keys.

Strategy and governance

Identity management

Threats and vulnerabilities

Top story

When you open the .ZIP file attachment and the word document, a .PFX file is dropped. However, this won't necessarily run on your system because it's encrypted," Trend Micro explained. "This is where Certutil comes in, decoding a base64-text file to convert the .PFX file to .EXE file. When the .PFX file is finally converted into an executable file, DRIDEX infects your system."

The reason why the Dridex authors have gone to this extra effort is that .PFX and Certutil apparently help to pass off the malicious file as a legitimate certificate.

Trend Micro urged users to mitigate the risk of Dridex infection by not opening attachments or enabling macros when receiving unsolicited emails.

"On the other hand, enterprises can create policies that will block off email messages with attachments from unknown sources," the vendor concluded.

"It also recommended that they educate their employees about this type of security threat and what to do when they encounter one."

Source:

Our perspective

User awareness and training on email security should be undertaken as an ongoing and not as a one-time activity. Users should be made aware about the impacts of malware attacks. An effective control should be in place to scan and, if required, block emails with attachments from unknown and suspicious domains.

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download