Breach Forensics – Preventing the Worse from Happening

In every incident response after a breach, the aftermath is indeed challenging in uncovering the crime, but from there the challenge becomes tougher. Whenever cyber criminals clear the digital vault, the only thing they have to do is to get away clean – that is very simple to most criminals in the cyber-underground society.

However, there are still a few things an incident handling team can do to prevent the worse thing from ever happening after data breaches and still track the footprints that were left behind.

There have been many data breaches that happened to different sectors in industry and even if the some evidences point out to a certain origin of the attack, it is not enough to initiate an arrest or point out the involvement. Sometimes these crooks use and control botnets to cover their tracks after the dark deed has been completed. Soon security experts will have to play a catch-up game with these crooks.

However, not all evidences are deliberately erased by the crooks and it happens a lot in many cyber crimes. Network admins would try to assess the depth and severity of the breaches and sometimes their access could accidentally or perhaps deliberately destroy some evidences that would quickly resolve the situation. You can compare it to an innocent bystander who could complicate the police investigation by accidentally stepping on the evidence. Sometimes the network administrator could have failed to recover the evidence that will determine how, when and where the attack happened. It is important for experts to properly collect and also maintain the evidences because the evidences are the only key in revealing not only the means of the attack and who is behind it but also reveal the scope of damage in the system.

According to experts, incident handling teams must undergo the right incident handling training to acquire the right skills in performing analysis on malware attacks or data breaches. Moreover, they must know how to determine a threat of a malware to a system by analyzing it in a sand-boxed environment, thus it is possible for them to determine ex-filtrations methods of a certain malware and aid their efforts in remediation. Since, malware are dynamic and can communicate on many hosts, the results of the analysis can be of help to create an excellent block list. This block list will be used to limit the amount of exposure of some applications and also detect malware ex-filtration. This is one of the best solutions on detecting any exiting data.

In the event that the infected systems have been finally identified, the network administrators must turn off those systems and map them in a specific way so that they can picture out how the structure has been modified. Then the infected system must be replaced with a cleaner and more secure structure. If the attacker has breached the database and is retrieving important data remotely, then administrators have to cut the connection of that server or database temporarily. By analyzing the network traffic, experts could pinpoint the domains, addresses or any ex-filtration points that are used to retrieve information. These addresses and domains must be added to the existing firewall so that the compromised system will prevented in making any outbound connection to these ex-filtration point. With this, it is possible to limit the loss of data and determine how the breach happened and also how to rectify it.

Analyzing the log is also important in breach investigation; however, log systems must not be in the default system so that evidences will not be overwritten and preserved. Thus it is important to set a proper retention policy and implement log aggregation or right management in any security event. But logs have a limit and that is because they only provide intelligence on how the systems generate them.

Log data is definitely one of the places an attacker will leave his or her mark. It is very obvious and any smart administrator would check the log data first because most of the time, the log data is the first place where attackers would try to hide his or her tracks first. An attacker may delete or perhaps modify log entries, entries that would indicate the breach on the system.

Important data will provide leads on the breach’s source, the construction of malware, ex-filtration point of data and the identification as well as the nature of the compromised data.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.

More information about EC-Council is available at www.eccouncil.org.

Avoid those Frauds and Scams in the Internet

More and more people are using the internet to shop, to do business transactions, bank online and others, because of this internet frauds and scams became more and more common. The crime has not only increased in numbers but their methods have become cleverer and also more sophisticated that any follow-up incident handling will be left confused on how the crime is perpetrated. So what can we do to not become helpless prey of these fraudsters and scammers? If you want to know how to deal with them, then continue reading to know how.

Each and every one of us is aware of the danger of viruses and other similar programs. In fact, because of our sensitivity against this issue fake virus threats float here and there in the Internet. One example is the Death Ray virus; it is a virus scam that threatens user that their computer will explode to smithereens. A poor ignorant user would quickly contact an incident response team to handle the said problem, only to realize that it was just a false alarm. A virus can only damage the software not the hardware itself. If you receive such emails, just ignore and delete it.

And here comes the classic Nigerian Money Scam. Originally, these types of scam started off from Nigeria, but nowadays it could come from any country. Scammers would send emails stating that their huge savings or bank account is tied up and they will need money so that they could pay bills or leave their country. They would plead for your help, asking that their money will be transferred to your bank account and that you will have a percentage on the cash allowed for access. Sounds tempting, but once these scammers have your banking details, you will have to say goodbye to the money inside your account.

There is also phishing; a nasty scam that uses a victim’s personal details, bank account, credit card, social security and other information needed to withdraw money or purchase any goods. Everything can be done all in the name of the poor victim. Never give the personal details in any email and make sure that the web page asking for personal information is secure. Check first for the security certificate of a website before continuing with any transaction.

If you receive any message saying that you won a cash price or an item in a lottery that you don’t remember entering, then probably it is bogus. There are many kinds of this scam like free soft drink cases, free clothes from famous brands, free computers or free cellular phones. Usually, they will ask you to pay a certain fee in order to get the price, but once the fee has been paid you will hear nothing regarding the price or on how to get them. Sometimes they would even ask for sensitive information regarding credit cards or bank account.

Another scam floating around the internet is those work-at-home scams. These scams prey on those people who have low income, unemployed or people having problems with dire situations and are in desperate need of money. Scammers offer promising opportunities including large sum of money just to carry out tasks like filling envelopes. But before getting the job, scammers will ask the potential victim to pay a fee for the supplies that are needed before the victim can get started. Once the supplies arrive, you will automatically know that you have been scammed because the supplies sent is really way cheaper compared to what you have paid for them. Furthermore, these scams will not pay the victim regarding the tasks they have completed. The truth is, no legitimate company will contact a person first when it comes to work; they will not ask for any amount of money just to get started. If you want to work at-home then look for any legitimate company and do a research on them beforehand.

You don’t have to undergo any incident response training against common scams; this training is just for hackers not for the common scammer or fraudsters. Be aware on these types of scams and frauds and any other scams that are closely similar to them. It is important to stay alert and protect your identity and information.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in incident response.

More information about EC-Council is available at www.eccouncil.org.