Pfizer Breach Illustrates Risks of Sharing Files

Pfizer lost social security numbers and other personal information on 15,700 of its employees because of one’s person P2P software.
http://www2.csoonline.com/blog_view.html?CID=33004

[Editor's Note (Valle): Many people don't realize that they can be sharing their whole harddrive when they enable P2P software on their computers.  Cisco MARS is very good at tracking employees that are participating in P2P networks and has default reports that can be easily generated.  CSA could have prevented the files from being copied and shared on a P2P network as well as kept the employee from installing the P2P client in the first place]

HIPPA Audit Riles Health IT

The first HIPPA audit ever was quietly initiated by the Department of Health and Human Services in March and is raising concerns in the health care industry. 

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=296723&pageNumber=1

Editor’s Note (Valle): The health care industry knew that this would eventually happen and I am glad that there is finally some action by the HHS that shows that there will be some enforcement of the HIPPA requirements. Also as healthcare providers are audited, the HIPPA’s vague information security requirements will become more defined and transparent to health care IT staff.

*Update* Below is a link to some of the questions that HSS might ask in an audit.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025253&pageNumber=1

Cisco Leads in NAC Recognition

 A new study by market watcher Infonetics Research shows that Cisco has the best overall vendor perception in the NAC market compared to Juniper, Microsoft, Consentry, F5, and McAfee.  The number one driver cited by users who plan to use NAC is to better protect resources from unauthorized users and a desire to limit the impact of threats.

http://certcities.com/editorial/news/story.asp?editorialsid=1228#1

 

Gartner predicts that by end of 2007, 75% of enterprises will be infected

Once these corporate computers become infected they will be turned into “bots” that can be used for spam campaigns and DDOS attacks.
http://www.networkworld.com/columnists/2007/060707
edit.html?page=1

Editor’s note (Valle): The legal issues that corporations have to face if they are infected by bots are multifaceted.  The bots can steal personal data from employees and customers and intellectual property from the company as well as cause disruption to others as part of a DDOS attack or spam campaign.
MARS would be able to easily find infected computers from their network behavior and as Steve Davies from IronPort mentions in the comment section of my June 7th post “Computer hackers steal Carson funds” the IronPort S series appliance monitors all out-bound traffic and can catch a bot calling home.]

Compromised web servers play “hide and seek”

Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology…Compromised web servers are keeping track of IP addresses of visitors so that they can hide malicious pages when anti-malware crawlers used by URL filtering, reputation services and search engines come for a visit and therefore look like a “clean” site.
http://www.vnunet.com/vnunet/news/2191298/
hackers-turn-genre-evasive

[Editors note (Valle): In this escalating cat and mouse game I'm sure we'll start seeing anti-malware companies start to dynamically change the IP addresses of their web crawlers in order to fool these compromised web servers.
CSA and the IronPort C appliance would be good defenses against malware coming over HTTP (port 80)]

Computer hackers steal Carson funds

A real-life story of the damage a key stroke logger can do on the right (or should I say wrong) computer.
http://www.latimes.com/news/local/la-me-hackers1jun01,0,2083352.story?coll=la-home-local

[Editor's note (Valle) It will be interesting to find out how the key stoke logger got on the Treasurer's computer. The most common vector for this type of attack is opening an email that has the key logger within the email or by following a link in an email to a website that will deposit the key logger through a vulnerability in the user's browser.
Also relevent to this post was the news that a new variant of the Gozi virus (which had a key stoke logger included) was found last week by a security researcher.  Most of the A/V vendors at the time could not recognize this new variant so we really do not know how many computers were infected by it.
CSA would have stopped these key stroke loggers from executing and IronPort appliances would have added an additional layer of defense by filtering email (C series appliance) and web traffic (S series appliance) for malicous traffic.]