Archive for RB

| May 10, 2018
Comments Off on Riskiest ZIP Codes

Riskiest ZIP Codes

Riskiest ZIP CodesCredit rating firm Experian recently published a list of the top 100 riskiest shipping ZIP codes for 2017. In the list, U.S. ZIP codes were rated on the number of attempted fraudulent e-commerce transactions against the population of overall e-commerce orders for the ZIP codes.

Experian’s analysis of fraudulent transactions says international IP addresses affect the overall riskiness of a transaction. e-Commerce transactions from international IP addresses are much riskier than average—6.7x riskier from a shipping perspective. Additionally, Experian’s analysis shows that traffic coming from a proxy server—which could originate from domestic and international IP addresses — is 74 times riskier
then the average transaction.

The riskiest ZIP code for e-commerce fraud in 2017 was 97079 in Beaverton, Oregon according to Experian. In fact, Oregon had nearly half of the top 25 riskiest ZIP codes in 2017. The areas in and around Portland OR occupied 10 of the top 25 spots for riskiest e-commerce transactions. Beaverton’s highest risk international IP county is China.

The Miami Florida area put the sunshine state at #2 in the top 25 with nearly a quarter of the riskiest ZIP codes. Miami had 6 of the top 25 slots for the next most risky ZIP Codes for e-commerce firms. The riskiest Miami ZIP code is 33122. Miami’s highest risk international IP county is Venezuela.

The riskiest Miami zip code is 33122.

South El Monte, California ZIP code 91733 is the third riskiest ZIP code on the Experian list for e-commerce firms to ship to. Experian says that 91733’s highest risk international IP countries are Taiwan and Hong Kong.

South El Monte, Califronia zip code 91733 is the third riskiest zip code

The riskiest Michigan ZIP code is 48204 in Detroit, which ranked 32nd on the list and is only 15% of the risk of Beaverton OR.

The riskiest Michigan Zip code is 48204 in Detroit

Other Michigan ZIP Codes on the top 100 list are:

RankCityStateZip CodeFraud Attack Rate
64DetroitMI48227276.6
68DetroitMI
48206270.3
74DetroitMI48228262.4

The top 25 riskiest ZIP Codes according to Experian. Fraud attack rates show the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders.

RankCityStateZip CodeFraud attack rates
1Beaverton OR970792741.9
2Miami FL331221935.1
3South El MonteCA917331473.5
4Portland OR972511257.6
5Portland OR972501178.6
6Miami FL331661155.1
7Portland OR972521059.4
8Miami FL331981010.6
9Miami FL33195921.7
10Miami FL33192769.1
11Portland OR97253726.2
12Portland OR97230676
13Portland OR97217635.8
14Minden NV89423629.2
15HoustonTX77072625.4
16Portland OR97233623.4
17Wilmington DE19801584.6
18Portland OR97218562.1
19Des Moines IA50314544.1
20Chicago IL60621539.8
21Portland OR97203535.6
22Miami FL33191518.7
23Hillsboro OR97124505.3
24Portland OR97254502.5
25Manchester NH3101490.4

rb-

The increase in e-commerce fraud attacks should not surprise anyone. The growth of online information and the continuing tsunami of data breaches has put over 9.7 billion data records on the dark web. The plethora of stolen PII enables criminals to open fraudulent accounts, take over legitimate accounts and submit fraudulent transactions.

Another reason for the increase in online fraud activity is automation. In the past, criminals needed to do something, but they can now attack by simply downloading a file and automating the submission of thousands of applications or transactions
simultaneously.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 30, 2018
Comments Off on ATM Jackpotting

ATM Jackpotting

ATM JackpottingThe U.S. Secret Service has warned (PDF) financial institutions of logical (jackpot) attacks on Automated Teller Machines (ATMs). These ATM attacks originated in Mexico and have spread to the US. These jackpotting attacks are an industry-wide issue and as one vendor stated, are “a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

The attack mode involves a series of steps to defeat the ATM’s existing security mechanisms and the authorization process for setting the communication within the ATM. Internal communications are used when computer components like the mainboard or the hard disk have to be exchanged for legitimate reasons.

Description of an ATM attack

Automated Teller Machines (ATMs)In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal to infect the ATM PC or by completely exchanging the hard disk (HDD). There are a number of steps the attacker has to take for this type of attack:

  1. The top of the ATM must be opened.
  2. The original hard disk of the ATM is removed and replaced by another hard disk, which the attackers have loaded with an unauthorized and/or stolen image of ATM platform software.
  3. In order to pair this new hard drive with the dispenser, the dispenser communication needs to be reset, which is only allowed when the safe door is open. A cable in the ATM is unplugged to fool the machine into allowing the crooks to add their bogus hard drive to the ATM.
  4. A dedicated button inside the safe needs to be pressed and held to start the dispenser communication. The crooks insert an extension into existing gaps next to the presenter to depress the button. CCTV footage has shown that criminals use an industrial endoscope to complete the taskATM's

In other Jackpotting attacks, portions of a third-party multi-vendor application software stack to drive ATM components are used. Brian Krebs at Krebs on Security reports that Secret Service issued a warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.

Mr. Krebs also reports that “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM. Once this is complete, fraudsters own the ATM and it will appear Out of Service to potential customers according to the confidential Secret Service alert. At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash.

In previous Ploutus.D attacks, the ATM Dispensed at a rate of 40 bills every 23 secondscontinuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.”

Specific Guidance and Recommendations

The most common forms of logical attack against ATMs are “Black Box” and “Offline Malware”. The steps to minimize the risks to ATMs are the same as any other enterprise device.

  1. Make sure firmware and software are current with the latest updates, are important protections to mitigate the impact of Black Box attacks. Four out of five cash machines still run Win XP or Win XP Embedded. The Secret Service alert says ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to at least Windows 7 to defeat this specific type of attack.
  2. Use secure hard drive encryption protections against Offline Malware
  3. Use a secure BIOS remote control app to lock the ATM BIOS configuration and protect the configuration with a password.
  4. Deploying an application whitelisting solution.
  5. Limit Physical Access to the ATM:
    • Use appropriate locking mechanisms to secure the head compartment of the ATM.
    • Control access to areas used by staff to service the ATM.
    • Implement two-factor authentication (2FA) controls for service technicians.
  6. Set up secure monitoring
  7. Use the most secure configuration of encrypted communications. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protect against the attack.
    • Ensure proper hardening and real-time monitoring of security-relevant hardware and software events.
    • Investigate suspicious activities like deviating or non-consistent transaction or event patterns, which are caused by an interrupted connection to the dispenser. Monitor unexpected opening of the top hat compartment of the ATM.

rb-

Followers of the Bach Seat know how to secure their PCs, I have written about securing PCs many times here. So the question is why not ATMs? Research says that consumers go into the branch less every year. The experts say that by 2022 customers will visit a branch only 4 times a year. In many cases, ATMs are the bank’s surrogates for most cash transactions. It makes sense to get it right.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 24, 2018
Comments Off on Barracuda Networks Has Been Bought

Barracuda Networks Has Been Bought

Barracuda Networks Has Been BoughtWhile the massive Equifax data breach is still fresh in everyone’s minds and the cybersecurity workforce is expected to be short nearly 2 million people. IT security expenditures to top $1 Trillion by 2022. Private equity giant Thoma Bravo, LLC has jumped back into the IT security market with both feet. Barracuda Networks has been bought by the private equity firm in a deal that’s valued at $1.6 billion.

BarracudaBarracuda (CUDA) sells appliance and cloud-based cybersecurity and data protection services. Clients include; Boeing, Microsoft and the U.S. Department of Defense. Barracuda says it has over 150,000 customers. Upon the close of the transaction, Barracuda will operate as a privately held company.

Barracuda Networks has been bought

Barracuda Network was founded in Ann Arbor, Michigan in 2003. From Ann Arbor, it raised at least $46 million in venture funding prior to its IPO. CUDA went public on the New York Stock Exchange in November 2013, pricing its IPO at $18. Barracuda acquired Yosemite Technologies in 2009 to expand its offerings into the storage market.

Barracuda NexGen FirewallBarracuda continued to innovate in the run-up to its acquisition. eWeek reports that in March 2017, Barracuda debuted new data backup and recovery capabilities for VMware and Microsoft virtual machines. In June 2017 Barracuda announced its new Sentinel service. The service uses artificial intelligence (AI) and container-based technologies to improve email security.

Barracuda also enhanced its network security products and services in 2017. eWeek reported in November that the company expanded the cloud capabilities for its Web Application Firewall (WAF) and NexGen Firewall products. The new capabilities include usage-based billing for the NextGen firewall running in the Amazon Web Services (AWS) cloud. The firewall included automated configuration capabilities for the WAF, thanks to an integration with the Puppet DevOps tool.

CEO BJ Jenkins commented on the transaction, “We will continue Barracuda’s tradition of delivering easy-to-use, full-featured solutions that can be deployed in the way that makes sense for our customers.

Thoma Bravo

Thoma Bravo is a Chicago-based private equity firm with $17 billion under management. Their appetite for IT firms is rather broad. Some of it’s most notable purchases have been:

  • Thoma Bravo is a Chicago-based private equity firmSeptember 2014 – $2.4 billion purchase of Detroit-based Compuware.
  • December 2014 – $3.6 billion acquisition of Riverbed.
  • In October 2015, they teamed up with Silver Lake to buy IT infrastructure management vendor SolarWinds for $4.5 billion.
  • April 2017 – Purchased a minority stake in the freshly re-spun McAfee.
  • June 2017 they purchased Remote Monitoring and Management (RMM), IT security management vendor Continuum.

Their portfolio has included brands such as; Bomgar, Digicert, Digital Insight, Dynatrace, Hyland Software, Imprivata, iPipeline, Nintex, PlanView, Qlik, SailPoint, and SonicWall.

Thoma Bravo has resold many of its holdings in recent years.

TechCrunch notes that private equity firms began more aggressively buying up software companies last year. The thinking seems to be they can generate reliable returns from such investments. The biggest take-private deals lately include:

  • Marketo, a marketing software maker. Went public in 2013 and was taken private again by Vista Equity Partners in 2017 for $1.79 billion in cash;
  • The sale of event-management company Cvent last year to Vista Equity Partners in a $1.65 billion deal.
  • Cybersecurity risk-monitoring platform SecurityScorecard raised $27.5 million from the VC arms of Google, Nokia, and Intel.

Other notable IT security equity funding recipients include; Attivo NetworksDarktrace, and SentinelOne.

Investopedia speculates that Thoma Bravo is paying a pretty high premium for Barracuda. CUDA now trades at 139 times earnings and 4 times sales. But under private management, its products will likely be integrated with the firm’s other software products to generate synergies.

CRN notes that being a privately owned company will give Barracuda a stronger ability to chart its own destiny. They will not have to “tap-dance to the Wall Street music,” Michael Knight, president and chief technology officer at solution provider Encore Technology Group, Greenville, S.C., said. He hopes Thoma Bravo’s infusion of capital will enable Barracuda to continue driving its public cloud business, a more solidified SD-WAN toolset, and more integrated endpoint security protection.

Rb-

I have used Barracuda products at past jobs. Including their SPAM-Email firewall appliances and their cloud-based backup up system. The pricing was adequate. Renewals were easy. The email firewalls were really robust and almost set and forget.

The few times when I needed tech support, it was available in Ann Arbor, Michigan. Barracuda, founded in Ann Arbor, was one of the early believers in the area as a high-tech hub. Barracuda has plans to spend  $2.3 million on the expansion of its operations center in the former Borders Books offices at 317 Maynard Street. The expansion will add 115 new jobs in downtown Ann Arbor over the next four years. I hope that after Barracuda Networks has been bought by Thoma Bravo, the deal does not have a “Chainsaw Al” that will kill that growth.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| April 19, 2018
Comments Off on System Fails Tax Day Delayed

System Fails Tax Day Delayed

System Fails Tax Day DelayedTax day 2017 was delayed one day due to a hardware failure in a system supporting the oldest IT system in the U.S. federal government. (rb- I wrote about the almost 60 years old system here.) Nextgov reports that 18-month-old hardware supporting the Internal Revenue Service’s Individual Master File experienced a caching issue causing the system to fail.

IRS logoThe failure disrupted almost all other IRS systems and services because those systems ingest data from the Individual Master File. When those systems—such as Direct Pay and the structured payments portal—called to the Individual Master File mainframe and got no response, they too failed.

Dave Powner, GAO’s director of IT management issues, told Nextgov, “This was our biggest fear about one of these mission-critical systems crashing. Fortunately, it wasn’t down for a long period of time, so in that way, we dodged a bullet.”

The crash delayed the submission of some 14 million tax forms. It could be several years before the Individual Master File is fully modernized and rid of 1960’s-era technology. The article speculates that the update timeline could slip because the IRS says it needs to hire at least 50 more employees—while backfilling any attrition—plus an extra $85 million per year in annual non-labor funding over the next five years. Trump’s fiscal 2018 budget request called for a $239 million reduction in funding for the IRS, which has faced many cuts in recent years.

Uncle Sam beggingThe author explains that the Individual Master File has data from 1 billion taxpayer accounts dating back several decades and is the chief IRS application responsible for receiving 100 million Americans’ individual taxpayer data and dispensing refunds. IRS first attempted to replace the system with a modernized Customer Account Data Engine, but that effort was canceled in 2009. A delivery date for CADE 2, the IRS’ subsequent modernization effort, has slipped several years even as contractors working on the project have earned as much as $290 million.

GAO identified the Individual Master File as the oldest technology system still working in government in 2016.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| April 16, 2018
Comments Off on DUO Expands Into Detroit

DUO Expands Into Detroit

-Updated 08/02/2018 – Lumbering behemoth Cisco (CSCO) is buying Duo for $2.35B in cash. Hopefully, it will go better for Duo, Ann Arbor and Detroit than Cisco’s other purchase Flip and Linksys.

DUO Expands Into DetroitThe Ann Arbor Michigan-based cybersecurity tech company DUO Security continues to grow. The start-up has grown so much that they are moving part of their operation from Ann Arbor to Detroit Michigan. MLive reports that DUO will move 30 staff members into a shared workspace at Bamboo Detroit in the Madison Building at 1420 Washington Blvd. Employees moving to Detroit include those working in Duo’s engineering, information services, and product teams, the statement said.

DUO SecurityAt least 350 of Duo’s 500 employees work at Michigan locations, including two in Ann Arbor, where the company was founded in 2010. Duo Security CEO and co-founder Dug Song told MLive, “We are exploring options for how we continue to grow, but we’re committed to Michigan … We intend to stay here in Ann Arbor.”

To better support, its customer base Duo Security plans to expand its Detroit footprint by the end of 2018. The cybersecurity firm plans to occupy a 9,000-square-foot suite on the Madison Building’s sixth floor. DUO’s customer base includes over 10,000 companies like Facebook (PDF), Etsy, Toyota, the University of Michigan, Yelp, and Zillow.

Duo’s software-as-a-service (SaaS) secures more than 300 million logins a month. Xconomy Detroit explains that the heart of Duo’s business-to-business technology is two-factor authentication (2FA). 2FA is a method of confirming the identity of a user by sending a code to the user’s device, usually their phone. Duo’s software can also check the health of its customers’ devices, and block access to those deemed risky.

Jon Oberheide, Duo’s co-founder and CTO, told Xconomy, the Duo platform ensures that only trusted users and devices can access protected applications. Implementation of the system takes less than a week for 75% of Duo’s customers. Mr. Oberheide explains why DUO is so successful,

An organization’s physical perimeter used to be its four walls, but that has really dissolved with VPNs (virtual private networks). You have some people using their own devices, some using company devices, and people working in different locations. A security program in that environment looks really different—it becomes really important to protect single log-ins.

CEO Song told MLive the move is an opportunity to build on Detroit’s history of innovation,

Detroit MichiganDetroit has always moved the world, both in body and soul, through its industry and art … We are proud to help invest in the historic resurgence of Detroit, excited to learn and grow together, and committed to a success much greater than ourselves.

Duo currently sponsors events like Detroit Startup Week and Techweek Detroit. They plan to continue their tech advocacy with new programs like Tech Talks featuring local and global experts.

rb-

I like what DUO is doing in Michigan. We use their product and it works great! We have been using DUO for over 2 years now. I get very little push back from 3rd party vendors when I require them to use DUO to log in remotely.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

 

Category: Uncategorized | Tags: , , , , , , , , , , ,
« Older Entries   Recent Entries »