Tag Archives: Indicators of Compromise

“Watering hole-style cyber attacks on the rise” warns High-Tech Bridge

On Sunday 12 February, security firm Symantec released an analysis of a new wave of attacks that has been underway since at least October 2016 and came to light when a bank in Poland discovered previously unknown malware running on a number of its computers.

The bank then shared indicators of compromise with other institutions and a number of those other organisations confirmed that they too had been compromised.

These ‘watering hole’ attacks attempted to infect more than 100 organisations in 31 different countries.

Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks. Since October, 14 attacks against computers in Mexico have been blocked, 11 against computers in Uruguay and two against computers in Poland.


Preliminary investigations suggested that the starting point for the Polish infection could have been located on the web server of Poland’s financial sector regulatory body, namely the Polish Financial Supervision Authority (www.knf.gov.pl).

Commenting on this news, Ilia Kolochenko (CEO of High-Tech Bridge) said: “We should expect that cyber criminals will find more creative and reliable ways to compromise their victims. Trustworthy websites, such as governmental ones, represent great value for cyber criminals, even if they don’t host any sensitive or confidential data.”

Kolochenko continued: “In the past, hackers used one-off or garbage websites to host malware, but as corporate users become more educated and vigilant, attackers need to find more reliable avenues to deliver malware and enter corporate networks. That’s why Gartner, as well as other independent research companies, continuously say that the risk posed to corporate web applications is very high and seriously underestimated. Spear phishing and watering hole attacks against high-profile websites will grow significantly in the near future.”

Leave a comment

Filed under Risk UK News, Uncategorized

Cisco unveils industry’s first threat-focused next generation firewall

Cisco is changing the way in which organisations protect themselves against sophisticated threats with the introduction of the industry’s first threat-focused next generation firewall. Cisco ASA with FirePOWER Services provides the full contextual awareness and dynamic controls needed to automatically assess threats, correlate intelligence and optimise defences to protect all networks.

By integrating the proven Cisco ASA 5500 Series firewall with application control, and the industry-leading Next Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire, Cisco is providing integrated threat defence across the entire attack continuum – before, during and after an attack.

Cisco ASA with FirePOWER Services is an adaptive, threat-focused next generation firewall that delivers superior multi-layered protection, extending its capabilities far beyond legacy solutions.

Until now, next generation firewalls have focused on policy and application control, and have been unable to address advanced and zero-day attacks. Cisco ASA with FirePOWER Services changes this dynamic, adopting a visibility-driven, threat-focused and platform-based approach.

• Visibility-driven: Delivering full contextual awareness of users, mobile devices, client-side apps, virtual machine‐to-machine communications, vulnerabilities, threats, URLs and other important telemetry. The enterprise-class management capabilities provide users with dashboards and drill-down reports of discovered hosts, suspect applications, threats and Indicators of Compromise (IoCs) for comprehensive visibility
• Threat-focused: Incorporating leading NGIPS for comprehensive protection from known and advanced threats, as well as AMP to combat zero-day and persistent attacks. Big data analytics, continuous analysis and Cisco Collective Security Intelligence (CSI) work together to provide detection, blocking, tracking, analysis and remediation capabilities protecting against the full spectrum of attacks – known and unknown
• Platform‐based: Cisco ASA with FirePOWER Services combines proven firewall functionality and application control, leading NGIPS capability and advanced breach detection and remediation in a single device. The integration provides organisations with better protection while also reducing operating costs and complexity. This new solution simplifies an organisation’s security architecture and reduces its network footprint with fewer security devices needed to manage and deploy and an ability to license subscriptions as well as extend functionality

Cisco ASA with FirePOWER Services is an adaptive, threat-focused next generation firewall that delivers superior multi-layered protection

Cisco ASA with FirePOWER Services is an adaptive, threat-focused next generation firewall that delivers superior multi-layered protection

Reducing times from breach to recovery

Given shifting business models and the fast-changing threat landscape, an organisation’s approach to reducing the time from breach to recovery needs to be truly integrated and threat-focused.

With mounting concern at the executive level regarding the threat of lost intellectual property and compromised customer information and confidence, organisations require broad coverage across all potential attack vectors that can rapidly adjust and learn from new attack methods and then implement that intelligence for protection.

Cisco ASA with FirePOWER Services provides that integrated threat defence to truly help businesses address their biggest security risks — advanced and zero-day threats.

Cisco ASA with FirePOWER Services provides superior visibility and continuous analysis to detect advanced, multi-vector threats and streamlines and automates responses for both known and unknown malware. It also offers holistic, actionable IoCs that speed threat investigation and retrospective remediation, along with integrated incident response scoping and automated detection policy updates.

All of these innovations are supported by an enterprise-class firewall, VPN, advanced clustering and granular application layer and risk-based controls that evoke tailored NGIPS threat detection policies to optimise security effectiveness.

Open source security integration with Snort, OpenAppID and ClamAV further allows end users to easily customise security and address new or specific threats and applications as quickly as possible.

Customers can gain the benefits of the solutions in two ways:
• Cisco ASA with FirePOWER Services (customers can purchase ASA 5500-X Series and ASA 5585-X Series firewall products with a bundled FirePOWER Services license)
• FirePOWER Services for Cisco ASA (customers can enable FirePOWER Services on existing ASA 5500-X Series and ASA 5585-X Series firewall products)

Along with its partners, Cisco also provides professional and technical security services to help accelerate migration from customers’ current security environments to the integrated threat defence of Cisco ASA with FirePOWER Services. With deep expertise, proven processes and tools and global resource availability, Cisco’s security services help organisations migrate quickly and with minimal disruption.

Industrialised hacking and sophisticated cyber crime

“In today’s climate of industrialised hacking and sophisticated cyber crime, we’ve entered an era in which legacy next generation firewall solutions are simply not enough to thwart attackers,” said Christopher Young, senior vice-president for the Security Business Group at Cisco.

“Now more than ever, organisations need to be able to implement dynamic controls to manage the pace of change of their environments and address security incidents. Cisco ASA with FirePOWER Services is a major step forward for the next generation firewall market, empowering customers to deepen their protection from the data centre through the network to the endpoint with the agility to identify, understand and stop advanced threats both in real-time and retrospectively.”

Kevin Kerr – CISO at Oak Ridge National Laboratory – added: “Like any high profile organisation, Oak Ridge National Laboratory must be diligent about its security strategy because the sad reality is that every organisation is the target of an attack. We saw this at first hand in 2011. We cannot afford another surprise malware attack to disrupt our operations, which is why we’re looking at the next generation of protective tools. Cisco ASA with FirePOWER Services is among some of the tools we are considering to help us defend the Lab.”

Further information about Cisco ASA with FirePOWER Services is available at: http://www.cisco.com/go/asafps

Leave a comment

Filed under Risk UK News