Big Data: Analytics not Synonymous with Answers

by on | Leave a comment
Filed under Security 101 and tagged , , , .

big data

A recent article contributed by Neill Occhiogrosso, a partner at Costanoa Venture Capital, is highlighting a key point that organizations racing to get a step ahead of bad actors must heed if they don’t want to put their assets, customers, and reputations at risk: in the world of Big Data, analytics are not synonymous with answers. Continue reading

90% of IT Professionals Worried about a Data Breach

by on | Leave a comment
Filed under Uncategorized and tagged , , .


A new EiQ Networks survey asked IT professionals to list their biggest cybersecurity challenges for the year ahead — and not surprisingly, suffering a data breach is the #1 worry for 90% of them.

However, what may come as a surprise – an alarming one for board members, and an inspiring one for bad actors – is that just 15% of IT professional think that their organization is well prepared to handle a data breach, and only 21% are confident that their organization’s current security technologies can mitigate the risk of a data breach. Continue reading

Data Breach at Staples Lasted 6 Months

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , .

Staples breach lasted 6 months

In a previous blog post, we cited a Krebs on Security report that pointed to a possible data breach at Staples, which at the time the company referred to as “a potential issue.”

Fast forward a bit, and while it’s frankly not surprising that a statement posted by Staples on its website is now confirming the data breach, the duration of the campaign is going to alarm many shoppers — and prompt some fundamental questions about cyber security at the giant retailer. Continue reading

New Incident Details [Product Update]

by on | Leave a comment
Filed under Product Updates.


At Seculert, we believe knowledge is power. That’s why we have updated the Incident Details report to include relevant information from the log source.

One of the new fields you can find is the action taken by your web proxy. Your on-premise security device will have marked each communication as either “Blocked” or “Allowed.” In the event of a malicious communication, it is important to know how your systems are responding. This data is shown for all newly reported incidents.

Continue reading

Seculert’s Research Lab: A Look Back at 2014

by on | Leave a comment
Filed under Research Lab.

research lab

2014 was another jam-packed year for Seculert’s Research Lab. Our team of security experts and malware researchers worked extremely hard to keep our customers safe, and the general security community informed of our research and findings.

Below, we’re pleased to highlight some of the major discoveries made by Seculert’s Research Lab in 2014:

PoS Malware Targeted Target

In the aftermath of the massive, headline-grabbing point-of-sale (PoS) attack at Target, there was growing speculation that the campaign used the custom-made Dexter malware.

However, after analyzing a sample of the actual malware used in the attack, the Seculert Research Lab discovered that it clearly wasn’t Dexter. Rather it was two-stage malware that infected Target’s point-of-sale systems (PoS) and extracted credit numbers and sensitive personal details, and then stayed quiet for 6 days before transmitting stolen data to an external FTP server via another infected machine within the Target network.

Learn more about this Seculert Research Lab finding here.

Continue reading

Building a Cybersecurity Foundation: 6 Key Elements

by on | Leave a comment
Filed under Security 101 and tagged , , , .


In its “Global Information Security Survey 2014,” EY is urging organizations to take action and establish a solid cybersecurity foundation comprised of 6 elements:

  1. Assess Threats: Conduct a full threat assessment, which includes a gap analysis and roadmap development.
  2. Get Support: Establish cybersecurity as an autonomous function outside of the traditional IT function, and get support from key stakeholders such as board members.
  3. Implement Systems: Review and if necessary overhaul all cybersecurity policies, procedures and standards, and implement an Information Security Management System (ISMS).
  4. Establish a Hub: Create a Security Operations Center (SOC), which develops and monitors all incident responses.
  5. Design Controls: Assess and fortify data loss prevention by increasing the security of all IT assets (e.g. servers, databases, network components, etc.).
  6. Test Security: Regularly test all lines of defense – including the perimeter, ingress points, software applications, user behavior, etc. – to proactively identify and close gaps.

Continue reading

Uploading Log Data [Product Update]

by on | Leave a comment
Filed under Product Updates and tagged , .


Since today’s advanced threats are persistent, staying hidden on networks for extended periods of time, traffic log analysis is an effective way to detect the breaches.

Seculert supports several methods by which one can upload log data, such as FTPS and Syslog. The latest update to Seculert’s automated breach detection platform includes support of SFTP which uses SSH to securely upload your log files. SFTP is useful when your firewall blocks FTP and it doesn’t require more than one TCP connection.

With this added capability, Seculert customers can use a SFTP client which is part of default command line tools in Linux. And from Windows you can use WinSCP. Continue reading

Destructive “Wiper” Malware Used in Sony Hack Attack

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , , , .

Sony hack attack

While the entertainment world is buzzing over emails leaked from the Sony hack attack that suggest Hollywood moguls and A-list celebrities are just as dysfunctional as the rest of us mere mortals, the security community is looking at the event from a less scandalous, more substantial perspective to try and figure out what actually happened — and how to prevent a sequel.

While the FBI, Sony, and its investigation partner are remaining tight-lipped, we know the following about November 24’s hack attack: Continue reading

Data Breach at Retail Giants, Malware Communicated with Same C&Cs

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , , , , , , .


Sources close to the data breach investigations at retailers Staples and Michaels have told Brian Krebs that the malware used in each respective attack was found to be communicating with some of the same command and control (C&C) networks.

The data breach at Michaels and its affiliate Aaron Brothers involved two separate 0-day exploit attacks that occurred between May 2013 and February 2014, during which time bad actors stole credit card and debit card data from over 3 million consumers (initial estimates pegged the number at closer to 2.5 million). Continue reading

Cybersecurity Attack: Critical Infrastructure Facilities Vulnerable

by on | Leave a comment
Filed under Industry News and tagged .

cybersecurity Critical Infrastructure Facilities Vulnerable

While cybersecurity breaches in the retail sector have been dominating headlines for the lasts several months, SANS Institute director Michael Assante is warning that the most vulnerable networks in the US are not those connected to point-of-sale (PoS) terminals — but rather, those connected to the country’s critical infrastructure.

In a recent article published by Forbes, Assante highlighted that the shift from analog to digital controls in water treatment plants, utilities, refineries, military installations, and other essential facilities has, on the one hand, given operators the advanced tools and systems they need for efficient data management. Continue reading