Data Breach at Retail Giants, Malware Communicated with Same C&Cs

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , , , , , , .


Sources close to the data breach investigations at retailers Staples and Michaels have told Brian Krebs that the malware used in each respective attack was found to be communicating with some of the same command and control (C&C) networks.

The data breach at Michaels and its affiliate Aaron Brothers involved two separate 0-day exploit attacks that occurred between May 2013 and February 2014, during which time bad actors stole credit card and debit card data from over 3 million consumers (initial estimates pegged the number at closer to 2.5 million). Continue reading

Cybersecurity Attack: Critical Infrastructure Facilities Vulnerable

by on | Leave a comment
Filed under Industry News and tagged .

cybersecurity Critical Infrastructure Facilities Vulnerable

While cybersecurity breaches in the retail sector have been dominating headlines for the lasts several months, SANS Institute director Michael Assante is warning that the most vulnerable networks in the US are not those connected to point-of-sale (PoS) terminals — but rather, those connected to the country’s critical infrastructure.

In a recent article published by Forbes, Assante highlighted that the shift from analog to digital controls in water treatment plants, utilities, refineries, military installations, and other essential facilities has, on the one hand, given operators the advanced tools and systems they need for efficient data management. Continue reading

Malware Attack at US Health Organization Went Undetected for 2 Years

by on | Leave a comment
Filed under Industry News and tagged , , .

malware attack at healthcare org

As reported by SCMagazine, North Carolina-based Central Dermatology Center promises to offer “a caring, warm environment.” Unfortunately, that’s pretty much what bad actors enjoyed, as they carried out an undetected malware attack on the organization’s much too caring, warm network environment for roughly two years. Continue reading

Class Action Lawsuit Launched After Malware Attack

by on | Leave a comment
Filed under Industry News and tagged , .

malware attack

Studies on the costs of a malware attack involve analyzing and adding up expenses related to investigation, remediation, forensics, public relations, and business losses. And while these costs are rising – a new study from The Ponemon Institute says malware attacks are 23% more costly this year compared to last year – they might get dramatically higher for malware attack victims like Community Health Systems (CHS) if another cost category is added to the mix: court-awarded damages.

Continue reading

Cyber Security Breaches: Companies Not Being Forthcoming

by on | Leave a comment
Filed under Industry News and tagged , , .


In 1965, consumer advocate Ralph Nader published “Unsafe at any Speed”, which accused car makers of opting to save instead of spend money on potentially life-saving safety features, such as seat belts.

Well, fast forward (no pun intended) to 2014, and Ed Mierzwinski, the consumer program director at U.S. Public Interest Research Group — which Nader founded in 1971 — is aiming some pretty heated criticism another group that, in his view, is once again allegedly putting profits over protection: tight-lipped companies that have suffered a cyber security breach. Continue reading

Finding Indicators of Compromise [Product Update]

by on | Leave a comment
Filed under Product Updates and tagged , , , , .


When investigating an incident, it is often not simple for a security analyst to locate the malware on the infected machine or even just footprints or “Indicators of Compromise” that the malware left.

To facilitate this forensic investigation, Seculert now includes as part of the “Incident Details” a malware profile from the same family which was detected in the incident. These malware profiles are a product of Seculert’s Elastic Sandbox which executes and profiles tens of thousands of samples in a virtual environment obtained through crowdsourced feeds. Now when an incident is reported, the system matches a relevant profile from our repository and includes it as part of the “Incident Details.” Continue reading

Compare Incidents, New Information in the API [Product Update]

by on | Leave a comment
Filed under Product Updates and tagged , .

Seculert Product Update

Compare Incidents between Seculert and your SWG

Seculert has always been designed to detect malicious incidents triggered by malware that has bypassed the Secure Web Gateway (SWG) and/or firewall. Now, you can learn more about these incidents by reviewing the SWG Action Value in the SWG Log, which displays what the SWG has decided to do. In the SWG log of an HTTP request you might find several different values that represent a decision to allow or to block. The values vary depending on which product you use, i.e. Blue Coat, Websense, Cisco WSA, et al. Continue reading

Data Breach Costs Rise 23%

by on | Leave a comment
Filed under Industry News and tagged , , , .

data breach costs on the rise

The Ponemon Institute’s new “2014 Global Report on the Cost of Cyber Crime” is confirming what many CISOs and other network security professionals have been saying for months: data breach costs are on the rise.

The Report, which was commissioned by HP, surveyed 257 large organizations in seven countries, and analyzed more than 1,700 attacks. When the numbers were all crunched, researchers found that the average data breach takes 31 days to remediate and costs about $640,000 — which is a 23% jump from last year. Continue reading

Improved Reporting, More Threat Data [Product Update]

by on | Leave a comment
Filed under Product Updates and tagged , , .

Seculert high-five

Improved Reporting of DGA Incidents
Among different classification criteria, threat types can be classified according to the pattern they use to call a command and control server (C&C). One category of threats that stands out is malware that uses a Domain Generation Algorithm (DGA) to call to seemingly random command and control (C&C) host names. The number of different C&C host names can reach thousands in a span of a few days before the sequence is repeated again. This technique helps threats avoid detection or blocking since the malware calls a large number of host names. Static threat intelligence feeds have difficulty anticipating the random hostname. Continue reading

HP Revokes Digital Certificate Used to Sign Malware

by on | Leave a comment
Filed under Industry News and tagged , , , .

malware certificate

As reported by Krebs on Security, HP has performed the cyber security equivalent of a “my bad” by quietly advising customers of a digital certificate that had been used to sign malware in May 2010. The certificate, which was initially signed in error, was revoked by Verisign at HP’s request on October 21, 2014. Continue reading