Internet Security Alliance Daily Brief (8/2/2011)

In Today's News 

New Mac trojan hijacks Google searches. - Softepedia, August 1
Security researchers from F-Secure have identified a new Mac OS X click fraud trojan that hijacks Google searches by inserting a rogue DNS entry into the hosts file. The trojan comes hidden as a Fake Player installer so it is likely distributed as part of a social engineering attack that asks users to update Flash Player to see a video or something similar. Once run on the system, the trojan modifies the operating system's hosts file, and inserts an entry that points all Google sites (www.google.*) to a rogue IP address under the attackers' control. The hosts file can be used to manually specify DNS entries that take precedence over the responses sent by the system's DNS server.
Source: http://news.softpedia.com/news/New-Mac-Trojan-Hijacks-Google-Searches-214515.shtml

SecurID data breach cost RSA $66 million - Softpedia, July 30
A data breach that resulted in the theft of information related to its SecurID authentication product cost RSA Security and its parent company EMC $66 million so far. According to the Washington Post, the sum was revealed in an earnings call July 26. The costs included expenses associated with monitoring the networks of defense contractors, federal agencies, and other customers who expressed concerns over the integrity of the product after the breach. The intrusion occurred in March and was the result of a spear phishing attack against RSA employees that exploited a zero-day Flash Player vulnerability. The company was very vague following the breach saying only that information regarding its SecurID product was targeted, but that its customers were not at risk. RSA was criticized by the information security community for its lack of transparency regarding this incident, and in May it was reported that a cyber attack against Lockheed Martin involved cloned SecurID devices. Following the attack and the revelation that other military contractors might also have been targeted as a result of its data breach, RSA Security offered to replace all SecurID tokens for concerned customers.
Source: http://news.softpedia.com/news/SecurID-Data-Breach-Costs-RSA-66-Million-214318.shtml

Agencies lag on social media security, privacy concerns, GAO says - Next Gov, July 29
Federal agencies that use Facebook, Twitter, and other social media to push their messages to the public and gather citizen input have not adequately investigated privacy and security concerns with the new online tools, according to a report from the Government Accountability Office (GAO). About half the 23 agencies GAO surveyed also have been lax in developing guidance on when and whether text, pictures, and video posted to social media sites must be maintained in accordance with the 1950 Federal Records Act, which requires the conservation of important government information, the report found, and the National Archives has not given agencies sufficient guidance on that point either. Of the 23 agencies surveyed, only 12 have developed guidance on social media records management, and 12 have updated their privacy policies to address social media use, and only 7 have identified and documented security risks related to social media use, the report found. Most of the security concerns GAO highlighted had to do with malicious code embedded in links and documents on social media sites that an unwitting agency Tweeter or Facebook poster might be tricked into clicking. That code could then jump from the Tweeter's computer to other agency computers and deliver classified or personal information back to a hacker. The Archives agreed with the agency's assessment and will publish new guidance with a list of best practices for when agencies are required to maintain social media posts, GAO said. About half the agencies included in its study also agreed to improve guidance on security and privacy related to social media, GAO said. A handful of agencies dissented from some suggestions.
Source: http://www.nextgov.com/nextgov/ng_20110729_8056.php


Fake 'wrong transaction' hotel spam hits e-mail - Security News Daily, July 29
Hundreds of e-mails have been making the rounds in the past few days informing people a hotel made a "wrong transaction" while processing their credit card. In turn, the e-mails offer recipients a refund. The director of research in computer forensics at the University of Alabama at Birmingham (UAB) wrote he has spotted 434 slight variants of the scam, with subject titles such as "Hotel Renaissance Chicago made wrong transaction", "Hotel Hilton Las Vegas made wrong transaction", and "Wrong transaction from your credit card in Hilton Atlanta." To receive the refund from the erroneously charged credit card, victims are told to fill out a form attached to the e-mail. As with nearly all e-mail scams, the attached form is where the danger lies. In this case, the malicious file is masked as an executable download called RefundForm(dot)exe, but it's actually a Trojan that installs fake anti-virus software on victims' computers that they are then pressured into paying for. The UAB researcher said the hotel spam messages all appear to be originating from the same botnet of computers that recently spread the "overdue credit card" scam.
Source: http://www.msnbc.msn.com/id/43948767/ns/technology_and_science-security/

Upcoming Events

 August 2: ISA Summer Board Conference Call

August 1 at 5:00pm: IT-Sector Coordinating Council Executive Conference Conference Call

August 2 at 3:00pm: Protected Health Information Project Finale Subcommittee
The finale subcommittee will facilitate overall integration of the subcommittee input with a view toward producing a coherent final report, and it is led by Rick Kam of ID Experts and Ed Stull of Direct Computer Resources, Inc.

August 3 at 2:00pm: Protected Health Information Project Ecosystem Subcommittee
The ecosystem subcommittee will define points of compromise in the healthcare ecosystem where there are risks of exposure, and is co-chaired by James Christiansen of Evantix, Gary Gordon of the Center for Identity at the University of Texas at Austin, and Lynda Martel of DriveSavers Data Recovery, Inc.

August 3 at 4:00pm: Protected Health Information Project Legal Subcommittee
The legal subcommittee will identify existing legal protections related to PHI, and is co-chaired by Christine Arevalo of ID Experts, Chris Cwalina and Steve Roosa of Reed Smith, LLP, and  Jim Pyles from Powers Pyles Sutter & Verville, PC.

August 4 at noon: Protected Health Information Project Financial Subcommittee
The financial subcommittee  will assess the financial impact of the disclosure of PHI, and is led by Larry Clinton of ISA, Sandeep Tiwari of Zafesoft, and Debbie Wolf of Booz Allen Hamilton.

August 4 at 1:30pm: Protected Health Information Project Survey Subcommittee
The survey subcommittee will query chief security / privacy officers or consumers on what they consider to be sensitive data, and is being led Christine El Eris and Michael Morelli of Affinion Group, Larry Ponemon of the Ponemon Institute, Don Rebovich of the Center for Identity Management and Information Protection at Utica College; and  Andrew Serwin from Foley & Lardner LLP.

August 8 at 12:30pm: Protected Health Information Project Communication Subcommittee
The communications subcommittee will develop and manage a communications plan, and is co-chaired by Catherine Allen, chairman and CEO of The Santa Fe Group, representing Shared Assessments, and Linnea Solem of Deluxe Corporation.

August 9 at 3:00pm: IT-Sector Coordinating Council International Committee Call

August 9 at 3:00pm: Protected Health Information Project Finale Subcommittee
The finale subcommittee will facilitate overall integration of the subcommittee input with a view toward producing a coherent final report, and it is led by Rick Kam of ID Experts and Ed Stull of Direct Computer Resources, Inc.

August 10 at 4:00pm: Protected Health Information Project Legal Subcommittee
The legal subcommittee will identify existing legal protections related to PHI, and is co-chaired by Christine Arevalo of ID Experts, Chris Cwalina and Steve Roosa of Reed Smith, LLP, and  Jim Pyles from Powers Pyles Sutter & Verville, PC.

September 26 &27: ACI Cyber and Data Risk Insurance
Larry Clinton will discuss the latest federal regulatory developments and enforcement actions and its impact on insurance coverage and litigation.

 Thought Leadership
 

DPA Survey Request for Comments
ISA has developed a set of bullet points that speak to the fact that an effort is underway to compel potentially thousands of companies to provide proprietary data under the Defense Production Act (DPA) under the threat of fines and criminal prosecution. While use of the DPA has ample precedent, the current use seems to go well beyond its intended purposes with targets well beyond the traditional DIB companies. We are told as many as 5000 companies from a variety of industry sectors may receive these compulsory surveys.

US House Homeland Security Committee Hearing
ISA President, Larry Clinton has been ask to testify before the  Homeland Security subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.  The hearing is entitled "Examining the Homeland Security Impact of the Obama Administration's Cybersecurity Proposal. The webcast can be viewed live through the following link: http://homeland.house.gov/hearing/subcommittee-hearing-examining-homeland-security-impact-obamaadministrations-cybersecurity

Summer 2011, Journal of Strategic Security
"A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense" authored by Larry Clinton was published in a recent issue.  To view click here and then select the PDF file next to the article's title.

May 2011, Cutter IT Journal
ISA President Larry Clinton authored the article, "A Theory to Guide US Cyber Security Policy."  To view the article click here, download the issue and go to page 30.

Spring 2012 - Conflict and Cooperation in the Commons
Larry Clinton has authored the chapter "Cyber Security Social Contract".  This book is forthcoming from Georgetown University Press. 

 For more security news visit Infosec Island, an ISA partner organization. Infosec Island is a leading information security portal committed to serving the risk mitigation needs of SMBs, mid-market enterprises, government agencies, legal, financial, healthcare, educational, and nonprofit organizations by providing the latest in news, free network security tools, and insights from leading industry experts. 

Pass the ISA Daily Brief along to your colleagues.  They can create their own subscriptions by contacting mmorgan@isalliance.org