Cybertage

My Spear Phishing Webinar presentation is now available

Joe — Wed, 11 Jan 2012 15:24:47 +0000

I called this presentation ‘PrivateIy Invasive, Publically Devastating’ for a reason. It’s true – Spear Phishing can be personally humiliating (career-ending), feel like a violation and yet is much more disasterous for whoever you work for that is the ‘real’ target. In the preso I give some advice on disrupting the attack cycle at several points.

You can see it on Slideshare.net: http://www.slideshare.net/jpschorr/spear-phishing-defense

Tweet This Post

How Secure? An Apple iOS vs Android Infographic from Veracode

Joe — Mon, 09 Jan 2012 18:15:47 +0000

Infographic by Veracode Application Security

Tweet This Post

I was interviewed for eWeek and CIO Insights: Industrial Systems Still Lack Firewalls, Authentication, Basic Security

Joe — Wed, 14 Dec 2011 15:11:12 +0000

The article came out quicker than I expected. I thought it would be more geared to APTs and even criminal online gang activity, but it turned out to be more about industrial control system hacking. You can read the article here at eWeek or here at CIO Insight.

IT Security & Network Security News

Industrial Systems Still Lack Firewalls, Authentication, Basic Security

By: Fahmida Y. Rashid
2011-12-14
Article Rating: / 0

Homeland Security’s ICS-CERT warned that industrial control systems are still vulnerable and need to be protected.

The Department of Homeland Security and the Federal Bureau of Investigation have reissued their warning from last year that industrial control systems that operate critical infrastructure and complicated machinery are still not properly protected.

Thousands of industrial control systems that are connected to the Internet lack proper firewalls or aren’t using strong authentication methods, making them vulnerable to attack, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security said in its warning Dec. 9.

Malicious perpetrators can discover these industrial control systems using search engines such as Shodan, which indexes devices with embedded and active Web servers, according to the warning.

Control systems don’t need to be connected to the Internet, but they are often online to make it easier for administrators to remotely monitor the systems. “All too often, remote access has been configured with direct Internet access (no firewall) and/or default or weak user names and passwords,” said ICS-CERT in its warning, adding that adversaries can use the information to identify control systems that are vulnerable to attack.

There’s a trade-off between making it easy to do work and increasing security, Joe Schorr, enterprise security practice manager for Creative Breakthroughs, told eWEEK. Organizations have to decide whether the systems and data being protected are worth locking down business, Schorr said.

“ICS-CERT is tracking and has responded to multiple reports of researchers using Shodan, Every Routable IP Project (ERIPP), Google and other search engines to discover Internet-facing control systems,” according to the alert.

The increasing “connectedness” of infrastructure not only makes utility companies more vulnerable to cyber-attacks, but increases the effect on other infrastructure capabilities when one is affected, Chris Petersen, CTO of LogRhythm, told eWEEK.

The supervisory control and data-acquisition systems used within industrial companies were not designed to be secure, and much of the existing infrastructure was developed and deployed prior to the Internet, according to Petersen. Security was considered in the physical sense, so many of the devices transmit data in clear text, have limited or nonexistent logging capabilities and employ very basic authentication methods, Petersen said.

“Nobody imagined SCADA [supervisory control and data acquisition] devices and their associated serial protocols would later be converted to IP and made accessible to untrusted networks,” said Petersen.

ICS-CERT said that it’s working with control system vendors to remove default credentials from their products, especially since so many of these credentials are mentioned in publicly accessible materials.

The attacks against industrial control systems are not theoretical, as a senior FBI official admitted that recently intruders compromised utilities in at least three U.S. cities but caused no damage. Industrial and chemical companies are also under regular cyber-attack.

Symantec issued a warning Oct. 31 about a malware attack, dubbed Nitro, which targeted chemical and military industries between July and September. The perpetrators behind the attack “persist in continuing their activities unchecked,” using the same social-engineering techniques and same hosting provider to host their command and control servers, wrote Tony Millington and Gavin O’Gorman, security researchers at Symantec Security Response.

Symantec claimed to have disrupted the campaign in September, so it wasn’t clear how the attackers had managed to revive their operations. Symantec said the domains that were used have been shut down, again.

What appears to have changed since the warning was publicized, is that some of the attack emails now attempt to impersonate Symantec. The subject line for the malicious email was titled “Symantec Security Warning!” and the message contained information about Symantec supposedly releasing new antivirus software capable of detecting and removing the Poison Ivy Trojan, used as part of the Nitro campaign.

“The attackers, in an attempt to lend some validity to their email, are sending a document to targets that describes their very own activity,” wrote Millington and O’Gorman.

Nitro attackers have switched targets over the past few months, Mary Landesman, senior security researcher at Cisco Security, said Dec. 13 at a news conference. The campaign initially targeted industrial companies in June, shifted to aviation companies with ties to the federal government in August and peaked in September by hitting chemical companies, according to Cisco Security research. In many cases, the victims saw the attack emails and realized it “probably” wasn’t real, but they took the “let’s see what it is, anyway” approach, Landesman said. In this case, “curiosity killed the cat,” or the company, she said.

Tweet This Post

My Webinar presentation ‘Top 5 Security Issues for 2012′ is available

Joe — Sun, 11 Dec 2011 15:03:45 +0000

My December topic is one that lots of folks are most likely firing up right now – the traditional Christmas season “Top ‘X’ Issues for the coming year”. In my presentation I actually offer some tips as well on mitigating or taking proactive steps to deal with these challenges. Enjoy! You can view the presentation here: http://www.slideshare.net/jpschorr/security-awarenesspreso-draftv11

Tweet This Post

My Advanced Persistent Threat Webinar preso is available

Joe — Tue, 25 Oct 2011 15:39:22 +0000

You can see my APT presentation at http://www.slideshare.net/jpschorr/apt-webinar

Tweet This Post

Derbycon! My presentation is available.

Joe — Wed, 05 Oct 2011 08:59:11 +0000

The inaugural Derbycon was a roaring success and I was really excited and proud to be on the speaker lineup! The feedback I received was fantastic and lots of new friends were made. This is one conference I have permanently blocked-out on my calendar going forward. Many thanks to Dave Kennedy and the whole team that put this together.

Only downside was that Murphy hit me and smacked me with a nice bout of flu coupled with wicked laryngitis. A little rest and some careful application of cold meds got me on the stage. This presentation is all about social engineering and physical pen testing and is, by far, my favorite to present. It is available for viewing on Slideshare.net at: http://www.slideshare.net/jpschorr/rule-1-cardio-and-some-other-rules-to-keep-intruders-out

Tweet This Post

‘The Evolving Threat Landscape’ – my webinar preso is available

Joe — Wed, 28 Sep 2011 12:45:07 +0000

You can view my latest webinar presentation at: http://www.slideshare.net/jpschorr/cbi-threat-landscape-webinar

Tweet This Post

Just got back from being on a Cloud Security Panel at GrrCon

Joe — Sun, 18 Sep 2011 16:20:44 +0000

550 people were at the inaugural GrrCon in Grand Rapids, MI this week. They were hoping to get 400, max 500 so this was an amazing turnout. I was on a Panel Discussion, “Moving to the Cloud” with Frank Schlottke, the CEO of Applied Security GmbH and Bob West, CEO of Echelon One . The discussion was on he business case for Cloud and the security and privacy issues related to it. Bob handled the business case, Frank the EU perspective and data residency issues while I addressed the US perspective and security implications. It went very well with good audience interaction. Our time went really fast! We’re talking about reprising the talk at other venues as well.

Tweet This Post

“Joe Schorr Joins Creative Breakthroughs, Inc. as Enterprise Security Practice Lead”

Joe — Wed, 10 Aug 2011 17:31:45 +0000

From: http://identitypr.com/pressrelease/creative-breakthroughs/joe-schoor-joins-creative-breakthroughs-inc-as-enterprise-security-practice-lead/

TROY, Mich., August 10, 2011 – Steve Barone, President and CEO of Creative Breakthroughs, Inc. (CBI) has announced today that Joe Schorr has joined the Troy, Mich.-based company as their Enterprise Security Practice Lead. CBI is an industry leader in information technology and risk management services.

In his new role, Schorr is responsible for information security professional services; including presales support, architectural solution design and services delivery. He is also responsible for the management of all department projects and overall project quality as well acting as a security evangelist for CBI.

“Joe has a wealth of expertise in enterprise security and will be a welcome addition to our team,” said Barone. “As security issues continue to be a top concern for our customers, Joe’s skill set will provide a great benefit to our clients.”

Prior to joining CBI, Schorr served as a Manager of an Attack and Penetration Testing Practice, participating as an assessor of penetration tests and vulnerability assessments for a wide range of clients in several different industries. Previously he was the Managing Consultant for the Ethical Hacking Team atBritish Telecom (BT), where he was responsible for managing a global team of more than 20 professional testers tasked with testing networks and applications for Fortune 100 companies using cutting-edge exploits and attack vectors.

Schorr earned his bachelor’s degree from St. Joseph’s University in Philadelphia. He currently resides in Largo, Fla. with his wife and three children.

About CBI
Established in 1991, Creative Breakthroughs, Inc. (CBI), is an industry leader in information technology security, integration and management solutions. CBI provides products and services that help small companies to large enterprises secure and manage IT infrastructure. For more information on CBI, visit www.cbihome.com, or email help@cbihome.com.

MEDIA CONTACTS

Amanda Bosherz
248.258.2333
abosherz@identitypr.com

Tweet This Post

Got back from speaking at DEFCON SkyTalks

Joe — Mon, 08 Aug 2011 20:59:17 +0000

Wow! DEFCON was unbelievably crowded, like Disney at Christmas crowded. 15,000 people by most estimates. I was among those who didn’t get the cool badge (only 11,000? made I think) because of the unprecedented turnout. While the lines were long for the big speakers at DF, the lines were shorter for the DC Skytalks in the side corridor. In my estimation, these were as good/better than the mainstream ones. Of course I was one of the speakers so I may be a bit biased. But bluknight, pyr0 and the rest of the 303 crew did a marvelous job of putting this on. Thanks so much for the speaking slot and the incredible hospitality – it was like a small, old-school Con inside a massive one. Can’t wait for next year!

Tweet This Post