Archive for April 30, 2018

| April 30, 2018
Comments Off on ATM Jackpotting

ATM Jackpotting

ATM JackpottingThe U.S. Secret Service has warned (PDF) financial institutions of logical (jackpot) attacks on Automated Teller Machines (ATMs). These ATM attacks originated in Mexico and have spread to the US. These jackpotting attacks are an industry-wide issue and as one vendor stated, are “a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

The attack mode involves a series of steps to defeat the ATM’s existing security mechanisms and the authorization process for setting the communication within the ATM. Internal communications are used when computer components like the mainboard or the hard disk have to be exchanged for legitimate reasons.

Description of an ATM attack

Automated Teller Machines (ATMs)In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal to infect the ATM PC or by completely exchanging the hard disk (HDD). There are a number of steps the attacker has to take for this type of attack:

  1. The top of the ATM must be opened.
  2. The original hard disk of the ATM is removed and replaced by another hard disk, which the attackers have loaded with an unauthorized and/or stolen image of ATM platform software.
  3. In order to pair this new hard drive with the dispenser, the dispenser communication needs to be reset, which is only allowed when the safe door is open. A cable in the ATM is unplugged to fool the machine into allowing the crooks to add their bogus hard drive to the ATM.
  4. A dedicated button inside the safe needs to be pressed and held to start the dispenser communication. The crooks insert an extension into existing gaps next to the presenter to depress the button. CCTV footage has shown that criminals use an industrial endoscope to complete the taskATM's

In other Jackpotting attacks, portions of a third-party multi-vendor application software stack to drive ATM components are used. Brian Krebs at Krebs on Security reports that Secret Service issued a warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.

Mr. Krebs also reports that “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM. Once this is complete, fraudsters own the ATM and it will appear Out of Service to potential customers according to the confidential Secret Service alert. At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash.

In previous Ploutus.D attacks, the ATM Dispensed at a rate of 40 bills every 23 secondscontinuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.”

Specific Guidance and Recommendations

The most common forms of logical attack against ATMs are “Black Box” and “Offline Malware”. The steps to minimize the risks to ATMs are the same as any other enterprise device.

  1. Make sure firmware and software are current with the latest updates, are important protections to mitigate the impact of Black Box attacks. Four out of five cash machines still run Win XP or Win XP Embedded. The Secret Service alert says ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to at least Windows 7 to defeat this specific type of attack.
  2. Use secure hard drive encryption protections against Offline Malware
  3. Use a secure BIOS remote control app to lock the ATM BIOS configuration and protect the configuration with a password.
  4. Deploying an application whitelisting solution.
  5. Limit Physical Access to the ATM:
    • Use appropriate locking mechanisms to secure the head compartment of the ATM.
    • Control access to areas used by staff to service the ATM.
    • Implement two-factor authentication (2FA) controls for service technicians.
  6. Set up secure monitoring
  7. Use the most secure configuration of encrypted communications. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protect against the attack.
    • Ensure proper hardening and real-time monitoring of security-relevant hardware and software events.
    • Investigate suspicious activities like deviating or non-consistent transaction or event patterns, which are caused by an interrupted connection to the dispenser. Monitor unexpected opening of the top hat compartment of the ATM.

rb-

Followers of the Bach Seat know how to secure their PCs, I have written about securing PCs many times here. So the question is why not ATMs? Research says that consumers go into the branch less every year. The experts say that by 2022 customers will visit a branch only 4 times a year. In many cases, ATMs are the bank’s surrogates for most cash transactions. It makes sense to get it right.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 24, 2018
Comments Off on Barracuda Networks Has Been Bought

Barracuda Networks Has Been Bought

Barracuda Networks Has Been BoughtWhile the massive Equifax data breach is still fresh in everyone’s minds and the cybersecurity workforce is expected to be short nearly 2 million people. IT security expenditures to top $1 Trillion by 2022. Private equity giant Thoma Bravo, LLC has jumped back into the IT security market with both feet. Barracuda Networks has been bought by the private equity firm in a deal that’s valued at $1.6 billion.

BarracudaBarracuda (CUDA) sells appliance and cloud-based cybersecurity and data protection services. Clients include; Boeing, Microsoft and the U.S. Department of Defense. Barracuda says it has over 150,000 customers. Upon the close of the transaction, Barracuda will operate as a privately held company.

Barracuda Networks has been bought

Barracuda Network was founded in Ann Arbor, Michigan in 2003. From Ann Arbor, it raised at least $46 million in venture funding prior to its IPO. CUDA went public on the New York Stock Exchange in November 2013, pricing its IPO at $18. Barracuda acquired Yosemite Technologies in 2009 to expand its offerings into the storage market.

Barracuda NexGen FirewallBarracuda continued to innovate in the run-up to its acquisition. eWeek reports that in March 2017, Barracuda debuted new data backup and recovery capabilities for VMware and Microsoft virtual machines. In June 2017 Barracuda announced its new Sentinel service. The service uses artificial intelligence (AI) and container-based technologies to improve email security.

Barracuda also enhanced its network security products and services in 2017. eWeek reported in November that the company expanded the cloud capabilities for its Web Application Firewall (WAF) and NexGen Firewall products. The new capabilities include usage-based billing for the NextGen firewall running in the Amazon Web Services (AWS) cloud. The firewall included automated configuration capabilities for the WAF, thanks to an integration with the Puppet DevOps tool.

CEO BJ Jenkins commented on the transaction, “We will continue Barracuda’s tradition of delivering easy-to-use, full-featured solutions that can be deployed in the way that makes sense for our customers.

Thoma Bravo

Thoma Bravo is a Chicago-based private equity firm with $17 billion under management. Their appetite for IT firms is rather broad. Some of it’s most notable purchases have been:

  • Thoma Bravo is a Chicago-based private equity firmSeptember 2014 – $2.4 billion purchase of Detroit-based Compuware.
  • December 2014 – $3.6 billion acquisition of Riverbed.
  • In October 2015, they teamed up with Silver Lake to buy IT infrastructure management vendor SolarWinds for $4.5 billion.
  • April 2017 – Purchased a minority stake in the freshly re-spun McAfee.
  • June 2017 they purchased Remote Monitoring and Management (RMM), IT security management vendor Continuum.

Their portfolio has included brands such as; Bomgar, Digicert, Digital Insight, Dynatrace, Hyland Software, Imprivata, iPipeline, Nintex, PlanView, Qlik, SailPoint, and SonicWall.

Thoma Bravo has resold many of its holdings in recent years.

TechCrunch notes that private equity firms began more aggressively buying up software companies last year. The thinking seems to be they can generate reliable returns from such investments. The biggest take-private deals lately include:

  • Marketo, a marketing software maker. Went public in 2013 and was taken private again by Vista Equity Partners in 2017 for $1.79 billion in cash;
  • The sale of event-management company Cvent last year to Vista Equity Partners in a $1.65 billion deal.
  • Cybersecurity risk-monitoring platform SecurityScorecard raised $27.5 million from the VC arms of Google, Nokia, and Intel.

Other notable IT security equity funding recipients include; Attivo NetworksDarktrace, and SentinelOne.

Investopedia speculates that Thoma Bravo is paying a pretty high premium for Barracuda. CUDA now trades at 139 times earnings and 4 times sales. But under private management, its products will likely be integrated with the firm’s other software products to generate synergies.

CRN notes that being a privately owned company will give Barracuda a stronger ability to chart its own destiny. They will not have to “tap-dance to the Wall Street music,” Michael Knight, president and chief technology officer at solution provider Encore Technology Group, Greenville, S.C., said. He hopes Thoma Bravo’s infusion of capital will enable Barracuda to continue driving its public cloud business, a more solidified SD-WAN toolset, and more integrated endpoint security protection.

Rb-

I have used Barracuda products at past jobs. Including their SPAM-Email firewall appliances and their cloud-based backup up system. The pricing was adequate. Renewals were easy. The email firewalls were really robust and almost set and forget.

The few times when I needed tech support, it was available in Ann Arbor, Michigan. Barracuda, founded in Ann Arbor, was one of the early believers in the area as a high-tech hub. Barracuda has plans to spend  $2.3 million on the expansion of its operations center in the former Borders Books offices at 317 Maynard Street. The expansion will add 115 new jobs in downtown Ann Arbor over the next four years. I hope that after Barracuda Networks has been bought by Thoma Bravo, the deal does not have a “Chainsaw Al” that will kill that growth.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| April 19, 2018
Comments Off on System Fails Tax Day Delayed

System Fails Tax Day Delayed

System Fails Tax Day DelayedTax day 2017 was delayed one day due to a hardware failure in a system supporting the oldest IT system in the U.S. federal government. (rb- I wrote about the almost 60 years old system here.) Nextgov reports that 18-month-old hardware supporting the Internal Revenue Service’s Individual Master File experienced a caching issue causing the system to fail.

IRS logoThe failure disrupted almost all other IRS systems and services because those systems ingest data from the Individual Master File. When those systems—such as Direct Pay and the structured payments portal—called to the Individual Master File mainframe and got no response, they too failed.

Dave Powner, GAO’s director of IT management issues, told Nextgov, “This was our biggest fear about one of these mission-critical systems crashing. Fortunately, it wasn’t down for a long period of time, so in that way, we dodged a bullet.”

The crash delayed the submission of some 14 million tax forms. It could be several years before the Individual Master File is fully modernized and rid of 1960’s-era technology. The article speculates that the update timeline could slip because the IRS says it needs to hire at least 50 more employees—while backfilling any attrition—plus an extra $85 million per year in annual non-labor funding over the next five years. Trump’s fiscal 2018 budget request called for a $239 million reduction in funding for the IRS, which has faced many cuts in recent years.

Uncle Sam beggingThe author explains that the Individual Master File has data from 1 billion taxpayer accounts dating back several decades and is the chief IRS application responsible for receiving 100 million Americans’ individual taxpayer data and dispensing refunds. IRS first attempted to replace the system with a modernized Customer Account Data Engine, but that effort was canceled in 2009. A delivery date for CADE 2, the IRS’ subsequent modernization effort, has slipped several years even as contractors working on the project have earned as much as $290 million.

GAO identified the Individual Master File as the oldest technology system still working in government in 2016.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| April 16, 2018
Comments Off on DUO Expands Into Detroit

DUO Expands Into Detroit

-Updated 08/02/2018 – Lumbering behemoth Cisco (CSCO) is buying Duo for $2.35B in cash. Hopefully, it will go better for Duo, Ann Arbor and Detroit than Cisco’s other purchase Flip and Linksys.

DUO Expands Into DetroitThe Ann Arbor Michigan-based cybersecurity tech company DUO Security continues to grow. The start-up has grown so much that they are moving part of their operation from Ann Arbor to Detroit Michigan. MLive reports that DUO will move 30 staff members into a shared workspace at Bamboo Detroit in the Madison Building at 1420 Washington Blvd. Employees moving to Detroit include those working in Duo’s engineering, information services, and product teams, the statement said.

DUO SecurityAt least 350 of Duo’s 500 employees work at Michigan locations, including two in Ann Arbor, where the company was founded in 2010. Duo Security CEO and co-founder Dug Song told MLive, “We are exploring options for how we continue to grow, but we’re committed to Michigan … We intend to stay here in Ann Arbor.”

To better support, its customer base Duo Security plans to expand its Detroit footprint by the end of 2018. The cybersecurity firm plans to occupy a 9,000-square-foot suite on the Madison Building’s sixth floor. DUO’s customer base includes over 10,000 companies like Facebook (PDF), Etsy, Toyota, the University of Michigan, Yelp, and Zillow.

Duo’s software-as-a-service (SaaS) secures more than 300 million logins a month. Xconomy Detroit explains that the heart of Duo’s business-to-business technology is two-factor authentication (2FA). 2FA is a method of confirming the identity of a user by sending a code to the user’s device, usually their phone. Duo’s software can also check the health of its customers’ devices, and block access to those deemed risky.

Jon Oberheide, Duo’s co-founder and CTO, told Xconomy, the Duo platform ensures that only trusted users and devices can access protected applications. Implementation of the system takes less than a week for 75% of Duo’s customers. Mr. Oberheide explains why DUO is so successful,

An organization’s physical perimeter used to be its four walls, but that has really dissolved with VPNs (virtual private networks). You have some people using their own devices, some using company devices, and people working in different locations. A security program in that environment looks really different—it becomes really important to protect single log-ins.

CEO Song told MLive the move is an opportunity to build on Detroit’s history of innovation,

Detroit MichiganDetroit has always moved the world, both in body and soul, through its industry and art … We are proud to help invest in the historic resurgence of Detroit, excited to learn and grow together, and committed to a success much greater than ourselves.

Duo currently sponsors events like Detroit Startup Week and Techweek Detroit. They plan to continue their tech advocacy with new programs like Tech Talks featuring local and global experts.

rb-

I like what DUO is doing in Michigan. We use their product and it works great! We have been using DUO for over 2 years now. I get very little push back from 3rd party vendors when I require them to use DUO to log in remotely.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

 

Category: Uncategorized | Tags: , , , , , , , , , , ,
| April 10, 2018
Comments Off on IRS Systems Oldest in Federal Gov

IRS Systems Oldest in Federal Gov

As is often attributed to Benjamin Franklin, who wrote in 1789 that “nothing can be said to be certain, except death and taxes.” The taxman is coming again on April 17th, 2018. Despite Trump’s Uncle Sam‘s latest tricks to take more of our money the Internal Revenue Service’s (IRS) systems are the oldest running in the U.S. Government. Nextgov reports that one of the IRS’ most important tax-processing applications is old enough to be a grandparent, and officials warn a failure during tax season could have dire economic ramifications or delay tax refunds for 100 million Americans.

Internal Revenue ServiceReports from the General Accounting Office, the IRS’ Individual Master File (IMF), and its sister system, the Business Master File (BNF) are the two oldest tech systems in all the federal government at about 58 years old. The next oldest tech system identified is the Defense Department’s Strategic Automated Command and Control System, which helps coordinate U.S. nuclear forces, which was developed 55 years ago (rb- Thanks reassuring).

The IMF and BMF are relics of the early days of computing itself. In 1960, an IRS report announced plans to install computers to automate tax processing at a facility in Martinsburg, West Virginia. Today, almost 60 years later, the IRS is still using the same systems to process the nation’s tax returns.

data from 1 billion taxpayer accountsThe Individual Master File is a massive application written in the antiquated and low-level Assembly programming language. It runs on an IBM mainframe and holds the data from 1 billion taxpayer accounts going back decades. IMF is chiefly responsible for receiving individual taxpayer data and dispensing refunds.

Despite hundreds of millions in spending, plans to fully modernize the application are more than six years behind schedule, and in a statement to Nextgov, IRS revised its new timeline for a modernized IMF to 2022.“To address the risk of a system failure, the IRS has a plan to modernize two core components of the IMF by 2021, followed by a year of parallel validation before retiring those components in 2022.”

DelayedThe timeline could slip further. The article says the IRS will need the authority to hire at least 50 more employees—and backfill any losses—and receive an extra $85 million in annual non-labor funding for the next five years. Trump’s fiscal 2018 budget request would cut IRS funding by $239 million.

In the statement, IRS said IMF “is antiquated, with an architecture and design that dates back to the 1960s,” and admitted fewer programmers understand the old Assembly code. Auditors at the GAO have said IRS has more than 20 million lines of Assembly code.

The IRS’ main efforts to replace the IMF is the Customer Account Data Engine, which was canceled in 2009, and the next modernization effort CADE 2. Nextgov reports that plans to fully deploy CADE 2 and replace IMF have slipped, even as each company working on the project has earned as much as $290 million in revenue from IRS.

Contracting data obtained by Nextgov indicates contractors Deloitte, CSRA, Northrop Grumman, and MITRE Corporation all earned more than $60 million through fiscal 2017 through CADE or CADE 2 task orders.

In the meantime, IRS runs its legacy systems like IMF on newer hardware, though GAO’s latest audit stated 64 percent of the agency’s hardware is aged. Dave Powner, GAO’s director of IT management issues, said before the House Committee on Ways and Means in October. “But relying on these antiquated systems for our nation’s primary source of revenue is highly risky, meaning the chance of having a failure during the filing season is continually increasing.”

Such a failure would be “catastrophic,” according to former IRS Commissioner John Koskinen.

“If this failure were to occur during the filing season, we could be looking at a lengthy interruption in processing returns and issuing refunds … This could have a devastating effect on more than 100 million taxpayers waiting on their refunds as well as the nation’s economy, which sees some 275 billion dollars of refunds each winter and spring.”

Mr. Koskinen told Nextgov that work on CADE 2 stalled “because of the budget crunch of the past year or two, along with the critical need to protect taxpayers against identity theft.” IRS diverted resources toward partnerships with private companies and state and local tax agencies to battle identity theft. The agency spends $2.7 billion annually on IT.

“Victims of identity theft dropped by two-thirds, after years of barely being able to hold our own,” he said. “It was the appropriate decision to protect accounts against identity theft, but it has meant that other critical information technology programs have gone more slowly.”

rb-

The government’s technology woes are worse than you think. Over 80% $90 billion federal IT budget goes toward outdated, legacy IT systems, leaving little leftover innovation commonplace in the private sector.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

 

Category: Uncategorized | Tags: , , , , , , , , ,
« Older Entries