I have written the whitepaper “Achieving resilience against modern cyberthreats” with a lot of support from my colleagues. As it has gone live now at our official blog I wanted to raise also awareness here with a short overview.
As our use of mobile computing and social media technologies grows, so does our exposure to risk. On the one hand, the widespread adoption of new mobile, social media, cloud services and big data technologies creates unprecedented opportunities for productivity and flexibility. Yet without the right defenses in place, they can also open us to new kinds of vulnerabilities, as attacks that target devices operating outside the enterprise perimeter are quickly growing in volume and sophistication.
Passive protection is no longer sufficient for ensuring the security of information and IT infrastructures. My new Microsoft white paper, Achieving resilience against modern cyberthreats, explores the ways that governments and enterprises can protect their valuable information by creating a holistic security strategy, built on risk management, to achieve resilience against in an era of constant targeted attacks and determined adversaries.
The paper explores Microsoft’s holistic “Protect, Detect and Respond” approach to security strategy, including key principles for organizations, the importance of trustworthy cloud services, and the steps to take for securing an IT infrastructure in today’s threat landscape. This proactive strategy requires that an organization understand its assets and its exposure, and apply appropriate protection throughout the entire IT ecosystem in a continuous process. It also recognizes that enterprises must manage their inevitable risk – absolute security is not possible, so organizations must go beyond just protecting resources and also establish processes for detecting, responding and recovering from incidents when they occur.
If you are interested see my complet blog post, Achieving resilience against modern cyberthreats which is now live at Microsoft on Safety and Defense.
From now on I will be blogging about topics that I have read somewhere else and that I find noteworthy. You will find them in my new “snipplets” category. Today I am starting with the keypoints of a WIRED Magazine Threat Level article by Kim Zetter. Here are the keypoints:
In a study spanning two years they found severe security issues with common medical equipment used across a large chain of Midwest health care facilities including:
Many hospitals are unaware of the high risk associated with these devices. A wide cross-section of devices shared a handful of common security holes, including:
There are very few devices that are firewalled off from the rest of the organization, once you get a foothold into the network, you can scan and find almost all of these devices.
This reflects unfortunately the discussions that I am having with healthcare Providers across Western Europe. Considering that Cybercrime is only starting to become “mature” (not happy to use this word in a criminal context but it describes it best) then the risks need to be mitigated and hospitals have an important aspect by insisting on secured systems and investing overall into their own IT hygiene.
I travel a lot for work and it brings me in touch with many different people and cultures. Sometimes when I am sitting in a busy airport I look up from my screen and am watching the planes come and go. My thoughts might then trail towards the security discussions that we need to increase with critical infrastructure, the complexity of the logistics behind such an airport or that it is just beautiful to watch a plane take-off.
I found by coincidence a visualization of air traffic over Europe that sheds a new scale on the points above. It emphasizes the need to be able to protect our digital command, control and communication systems involved with managing something as complex as airtravel but at this point I suggest you just click on the movie and enjoy the beauty of it.
The video was created from real flight data, using UK radar data from June 21 and European flight plan information from July 28. If you want to know more check out the original blogpost by Paul Beachamp.
One topic has been on the top of most discussions I had during the last months – the “NSA/PRISM” data leakages. While some of the points were already known previously and were for example part of Microsoft’s transparency report there were points that were worrysome. Here especially tje recent allegations in the press on a broader and concerted effort by some governments to circumvent online security measures to collect private customer data.
As a result of these concerns were many discussions that I had over the last months where confidence in the security and privacy of online communication was questioned. As a result of these allegations Microsoft decided to take immediate and coordinated action and Brad Smith, General Counsel & Executive VP Legal and Corporate Affairs sketched out in a blog post on Microsofts actions for better protecting customer data from government snooping.
The actions are concentrating on three areas:
· We are expanding encryption across our services.
· We are reinforcing legal protections for our customers’ data.
· We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.
Please see the original blog post from Brad Smith for more information. From a European perspective it is especially interesting to know that we will open a transparency Center in Europe so that governments have appropriate ability to review Microsoft source code, reassure themselves of ist integrity and confirm there are no back doors.
I am now working with Windows 8.1 for a while and I really like it. It enables me to have one device for two work modes. I use the modern Interface when I am more reading/consuming information and then change to the traditonal desktop when I am writing documents, presentations etc.
As a security professional I also like Windows 8.1 because it enables new scenarios in the enterprise. For accessing the most sensitive information I want to be able to know the device that is accessing it and to know the health of the device before letting it so. And with Windows 8 I can now do exactly that for a touch device.
Dustin Ingalls, our Group Program Manager for Windows Security & Identity was attending Black Hat and gave a presentation on the Windows 8.1 security functions and published a blog post about it. I summarize the most important points below and encourage you to read his full blogpost with the details:
The Windows 8.1 update offers a full spectrum of new and improved security capabilities – from features that enable devices to be fully locked down by IT, to remote security options for BYOD devices, to safeguards for personal devices that need to access business resources from home. The main Points are the follow:
#1 Trustworthy Hardware
Trusted hardware is a key investment area for Microsoft in Windows 8.1. Often in a BYOD scenario, if an employee buys a new computer, it can be hit-or-miss as to whether the device will have all the tools baked in that an IT department needs to make sure any data on that device is secure. With Windows 8.1 we take away the guesswork.
#2 Modern Access Control
With Windows 8.1, we’ve focused a lot of attention on the controls that IT departments can place on devices to restrict who can physically access a device. Key Points are here first class biometrics and multi-factor authentication for BYOD.
#3 Protecting Sensitive Data
We’ve also put a lot of thought into how businesses can protect their data even when it resides on employees’ personal devices.
Pervasive Device Encryption: With Windows 8.1, device encryption is now available on all editions of Windows for devices that support InstantGo. In addition we implemented Selective Wipe of Corporate Data: With Windows 8.1, we introduce Remote Data Removal which will allow an IT department to wipe corporate data (e.g. emails, attachments, corporate data that came from Work Folders) off a BYOD device without affecting personal data.
#4 Malware Resistance
As security threats continue to evolve, we continue to step up our built-in malware resistance measures to stay ahead of attackers by improving Windows Defender and enhancements to Internet Explorer.
The points above are only a selection of things and more is in the original post.
Cybersecurity is currently on the top of the mind of many organizations trying to protect their intellectual property, research, customer and employee databases and other valuable information. In almost every discussion that I have on cybersecurity the topic of targeted attacks is put into the center. This is now even encreasing as we see such attacks being used much more commonly than usually assumed and only a small number of organizations have the resources to limit or even detect them.
The question is then often what a targeted attack really is and to answer that we have created the Targeted Attacks Video Series on Advanced Persistent Threats (APTs), or what we at Microsoft call Targeted Attacks by Determined Human Adversaries. These five short informational videos summarizes three security whitepapers, Determined Adversaries and Targeted Attacks, Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques, and Best Practices for Securing Active Directory.
Take the time to look at them below – it is well worth it:
I hope this helps for the next discussion on the topic of targeted attacks – and if you work for an organization that has information with commercial value then that discussion that discussion should start sooner rather than later.
Microsoft informed a while ago that Skype and Messenger are coming together. That means that millions of Messenger users will be able to reach their Messenger friends on Skype. By updating to Skype, Messenger users can instant message and video call their Messenger friends. This good news seems to being used now cybercriminals for attacking new systems. The criminals approach is fairly simple – they take advantage that MSN Messenger is still popular. Microsoft now promotes the download of Skype on the former MSN Messenger page and informs that the Messenger contacts will be available in Skype. There are then people that then still want to download MSN Messenger and this is the window of opportunity that cybercriminals exploit. They are registering malicious domains, buy advertising links on search engines and try to trick the user to download and install malware that masquerades as the MSN Messenger. With this they then get access to the computers of the victims and from there on the computer of the victim is under their control.
Don’t fall into that trap! Take steps to protect your computer (I wrote earlier a blog post about this that I now updated) and only download software from official sources which in this specific case download Skype from the official Microsoft site or from skype.com and you will be able to merge your messenger and skype contacts.
Normalerweise schreibe ich meine Blogposts auf Englisch aber da ich viele Anfragen auf Deutsch erhalte was jemand machen kann wo sich ein Cyberkrimineller (z.B. ein falscher “Microsoft Supporter”) Zugang zu einem Computer erschlichen hat poste ich mein empfohlenes Vorgehen auf Deutsch.
Die Frage was auf einem Computer während einer falschen “support session” gemacht wurde kann man leider nicht generell beantworten, da das Vorgehen nicht immer gleich ist. Wenn Sie jemandem Zugriff auf das Gerät gegeben haben oder ein Programm heruntergeladen und ausgeführt haben dann kann grundsätzlich alles „passiert“ sein. Sehr Wahrscheinlich haben es die Kriminellen auf Ihre Bank- und Kreditkarteninformationen abgesehen. Das Ziel können sie auf verschiedene Weise erreichen – sei es dass Sie direkt einen falschen Virenschutzservice bezahlen oder indem ein Spionageprogramm auf Ihrem Computer installiert wird.
Bezüglich des weiteren Vorgehens schlage ich das Folgende vor: • Schliessen Sie Ihren PC nicht mehr ans Internet an bevor dieser „gereinigt“ wurde • Ändern Sie alle Passwörter • Lassen Sie den PC von einem Fachmann untersuchen ob er Spionageprogramme oder ähnliches installiert hat. Wenn Sie dies selber machen wollen/können dann ist ein gutes Hilfsmittel dazu unter http://www.retohaeni.net/2012/04/windows-defender-offline/ aber leider bietet auch dies keine 100% Sicherheit. Ich würde empfehlen, dass ein Computerspezialist den Computer untersucht. Alternativ ist es wohl das Sicherste das Betriebssystem von Grund auf neu aufzusetzen (Windows und alle Applikationen neu installieren – nicht update oder upgrade) und anschliessend den Computer wieder so zu sichern wie ich es in meinem Blogpost dazu aufzeige. Hier vergessen Sie bitte nicht alle Daten etc vorher zu sichern. • Nehmen Sie Kontakt mit Ihrer Bank auf und beschreiben Sie den Vorfall um abzuklären ob zB Kreditkarten ausgetauscht werden müssen oder ähnliches.
Als Microsoft sind wir hier auch Opfer und können gegen kriminelle Handlungen wenig unternehmen da wir nur indirekt betroffen sind. Entsprechend müssten Sie gegebenenfalls Anzeige erstatten. Melden können Sie den Fall zB unter http://www.cybercrime.admin.ch/kobik/de/home.html. Dies ist noch keine Anzeige aber KOBIK wird Ihnen dann ein weiteres Vorgehen empfehlen.
Ich hoffe, dass dies als Ausgangspunkt hilft.
I got this forwarded at work and thought I share it with you. It is a video promoting safe internet banking but it is valid for all online topics. Be cautious what you put at any point online – it might be used in a way you did not intend it.
I wrote previously about how to secure your computer but last week Microsoft’s Malware Protection Center released a new tool against rootkits and other advanced malware that I would briefly like to review – the Windows Defender Offline.
Windows Defender Offline is scanning your PC to remove rootkits and other advanced malware that can’t always be detected by antimalware programs. If such a type of malware is detected on your PC you will be prompted by Microsoft Security Essentials to use Defender. However, it is good practice to run the Defender Offline on a regular basis as some advanced malware doesn’t necessarily get detected by any anti-virus program.
The main difference between Defender Offline and most other anit-malware tools is that it is run from a clean boot disk/CD/USB Stick and that way anti-malware that tries to use some cloaking technique will not have the possibility to hide.
For more information on what Windows Defender Offline does and what the system requirements are, please visit this website: http://windows.microsoft.com/