Beruflich Dokumente
Kultur Dokumente
InfoSecurity
PROFESSIONAL
JULY/AUGUST 2016
KNOW THY
ATTACKER
RANSOMWARE RECOVERY
CLOUD COST SAVINGS
A MEMBERS CYBER THRILLER
RE TURN TO
facebook.com/isc2fb
CONTENTS
twitter.com/ISC2
Based Outcomes
Contents
VOLUME 9 ISSUE 4
DEPARTMENTS
4
EDITORS NOTE
Why Reading is
Still Fundamental
BY ANNE SAITA
EXECUTIVE LETTER
BY WIM REMES
FIELD NOTES
Introducing the
organizations new
IT executive; member
discount for cyber risk
analysis tool; preview of
Security Congress; this
years GISLA recipients;
a successful U.K. road
show; recommended
read; spotlight on
Singapore chapter;
and more.
FEATURES
TECHNOLOGY
18
How Lockheed Martins Cyber Kill Chain can decimate the attacker.
BY CRYSTAL BEDELL
16
TECHNOLOGY
24
Ransomware Recovery
Holding data hostage is a trending trick cybercriminals are using
against you and your business. Its time to fight back. BY RAJ KAUSHIK
MEMBERS CORNER
BY SEAN JOHNSON
35 CENTER POINTS
MANAGEMENT
28
BY PAT CRAVEN
36 5 MINUTES WITH
Jason Sachowski
A Q&A with an inspiring
member who lives and
works in Canada.
SUMMER READ
32
Bullseye Breach
We excerpt a chapter from an (ISC)2 members high-tech thriller,
whose storyline should ring familiar. BY GREG SCOTT
AD INDEX
InfoSecurity Professional is produced by Twirling Tiger Media, 7 Jeffrey Road, Franklin, MA 02038. Contact by email: asaita@isc2.org. The information contained
in this publication represents the views and opinions of the respective authors and may not represent the views and opinions of (ISC)2 on the issues discussed
as of the date of publication. No part of this document print or digital may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any
form by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express written permission of (ISC)2. (ISC)2,
the (ISC)2 digital logo and all other product, service or certification names are registered marks or trademarks of the International Information Systems Security
Certification Consortium, Incorporated, in the United States and/or other countries. The names of actual products and companies mentioned herein may be
the trademarks of their respective owners. For subscription information, please visit www.isc2.org. To obtain permission to reprint materials, please email infosecproeditor@isc2.org. To request advertising information, please email tgaron@isc2.org. 2016 (ISC)2 Incorporated. All rights reserved.
RE TURN TO
CONTENTS
Editors Note
WHY READING IS
STILL FUNDAMENTAL
SENIOR MANAGER,
MEMBERSHIP MARKETING
AND MEDIA SERVICES
Jessica Hardy
727-785-0189 x4063
jhardy@isc2.org
ADVERTISER INDEX
For information about advertising in this publication, please contact Tim Garon at tgaron@isc2.org.
Intel Security......................................................... 2
(ISC)2. ..................................................................... 5
Capella University............................................... 7
Qualys....................................................................13
Walden University............................................ 14
Black Hat...............................................................17
(ISC)2. ................................................................... 21
(ISC)2. ...................................................................22
Executive Womens Forum.............................23
(ISC)2. ...................................................................27
TechTarget........................................................... 31
Twirling Tiger Media.........................................37
(ISC)2. .................................................................. 38
EXECUTIVE PUBLISHER
Timothy Garon
508-529-6103
tgaron@isc2.org
MANAGER, GLOBAL
COMMUNICATIONS
Amanda DAlessandro
727-785-0189 x4021
adalessandro@isc2.org
MEDIA SERVICES COORDINATOR
Michelle Schweitz
727-785-0189 x4055
mschweitz@isc2.org
SALES TEAM
EVENTS SALES MANAGER
Jennifer Hunt
781-685-4667
jhunt@isc2.org
REGIONAL SALES MANAGER
Lisa OConnell
781-460-2105
loconnell@isc2.org
EDITORIAL ADVISORY BOARD
Carlos Canoto South America
Amanda DAlessandro (ISC)2
Tushar Gokhale U.S.A.
Javvad Malik EMEA
J.J. Thompson U.S.A.
Elise Yacobellis (ISC)2
TWIRLING TIGER MEDIA
EDITORIAL TEAM
EDITOR-IN-CHIEF
Anne Saita
asaita@isc2.org
ART DIRECTOR & PRODUCTION
Maureen Joyce
mjoyce@isc2.org
MANAGING EDITOR
Deborah Johnson
PROOFREADER
Ken Krause
Twirling Tiger Media is
certified as a womens
business enterprise by the
Womens Business Enterprise
National Council (WBENC).
This partnership reflects (ISC)2s commitment
to supplier diversity.
www.twirlingtigermedia.com
RE TURN TO
CONTENTS
EARLY BIRD
PRICING
Ends JULY 31, 2016
Register Today!
Sept. 12 - 15
46 CPEs
Join us in Orlando, FL, September 12 - 15, for the 6th annual (ISC)2 Security Congress.
Colocated with ASIS Seminar, this conference offers over 90 education sessions,
designed to transcend all industry sectors, focus on current and emerging issues, best
practices, and challenges. This event will advance you as a security leaders by arming
you with the knowledge, tools, and expertise to protect your organizations.
(ISC)2 Members
Tracks include:
Incident Response
Cloud Security
Swiss Army Knife
Mobile Devices - Security and Management
Governance, Regulation and Compliance
Application Security/Software Assurance
congress.isc2.org
Copyright 2016. (ISC)2, Inc. All rights reserved.
Save $255
Malware
Threats
Professional Development
Forensics
Threat Intelligence
People Centric Security
#ISC2Congress
Colocated with
THE LATEST
FROM (ISC)2S
LEADERSHIP
RE TURN TO
CONTENTS
THERES NO SHORTAGE OF
FIELD
NOTES
CPEs
Please note that (ISC)2 submits
CPEs for (ISC)2s InfoSecurity
Professional magazine on your
behalf within five business days.
This will automatically assign
you two Group A CPEs.
https://live.blueskybroadcast.com/bsb/
client/CL_DEFAULT.asp?Client=411114&PCAT=7777&CAT=10427&Review=true
RE TURN TO
CONTENTS
FIELD NOTES
RECOMMENDED READING
U.S. $325
million
Financial damages
incurred by ransomware
CryptoWall3 between
January 2015 and
April 2016.
67.3%
of ransomware infections
were caused by phishing.
Source: The Cyber Threat Alliance
http://cyberthreatalliance.org/cryptowall-report.pdf
272.3
million
Number of stolen
email accounts, most
of which involved users
of Mail.ru, Russias most
popular email service,
followed by Google,
Yahoo and Microsoft
email users.
Source: Reuters May 5, 2016
RE TURN TO
CONTENTS
Image by iStock
OR A STRAIGHTFORWARD primer
FIELD NOTES
TOP DATA
BREACH TRENDS
PREDICTED FOR
REST OF 2016
The EMV Chip and PIN liability shift will not stop
payment breaches.
Big healthcare hacks will make the headlines, but small
breaches will cause the most damage.
Cyber conflicts between countries will leave
consumers and businesses as collateral damage.
U.S. presidential candidates and campaigns will be
attractive hacking targets.
Hacktivism will make a comeback.
Source: Experian 2016 Data Breach Industry Forecast
RE TURN TO
CONTENTS
FIELD NOTES
Early
registration rates
are available until
July 31. More details
are available at
congress.isc2.org.
WEAK LINK
63%
of confirmed data
breaches involved
leveraging weak, default
or stolen passwords.
70%
of breaches involving
insider misuse took months
or years to discover.
95%
93%
of compromises happened
within minutes.
83%
took weeks or
more to discover.
RE TURN TO
CONTENTS
Image by ThinkStock
FIELD NOTES
RE TURN TO
CONTENTS
FIELD NOTES
Led by David Rosinski, information systems security manager (ISSM), Naval Computer & Telecommunications Area
Master Station Atlantic, Detachment Rota, Spain (NCTL
Det Rota), provides a variety of IT services to more than
10,000 U.S. military and government personnel who are
stationed or deployed within the Iberian Peninsula. Thanks
to this teams outstanding efforts to provide cybersecurity
awareness for both the military professional and family
communitiesspecifically during National Cyber Security
Awareness Month (NCSAM) last Octoberthey reached
the majority of the 10,000 people associated with the U.S.
military in Rota, Spain, changing awareness training from
a one-way message to a two-way dialogue. As a result, there
have not been any cyber incidents on the local network tied
to user behavior since October 2015.
RE TURN TO
CONTENTS
FIELD NOTES
Recognized Quality
Doctor of Business
Administration (DBA)
MS in Information Technology
Master of Information Systems
Management (MISM)
MS in Health Informatics
Graduate Certificate in
Information Systems
Theres nothing more valuable than learning something in
class and then being able to put it to practical use.
Willie F. Jones, BS in Business Administration and
Master of Information Systems Management Graduate (MISM),
Doctor of Business Administration (DBA) Student
RE TURN TO
CONTENTS
FIELD NOTES
By Lyndsay Turley
Since September 2015,
the (ISC)2 EMEA team
has grown from an office of 10 to 15 people,
expanding its outreach
capability in education support, member
services and other
initiatives.
RE TURN TO
CONTENTS
MEMBERS CORNER
A SOUNDING BOARD
FOR THOSE WITH
SOMETHING TO SAY
goal that many will find that technology resonates with them.
How can we help? As professionals in the trenches, we can do a lot
to help address this issue, and it all
starts by getting involved. In the near
term, talk to your HR department
about taking on interns, or consider
becoming a mentor to a high school
student. In the long term, programs
such as Cyber Patriot, Day of Code,
Girls Who Code, Safe and Secure
Online, and Technology Education
and Literacy in Schools (TEALS)
provide great opportunities to help
spark interest in younger students.
Talk to your local school board, and
volunteer to help close the gap.
To read more about the anticipated labor shortage, read the most
recent (ISC)2 Global Information
Security Workforce Study and plan to
participate in the study survey, which
is now open.
RE TURN TO
CONTENTS
Image by ThinkStock
BY SEAN JOHNSON
USE DISCOUNT
CODE ISC216US
TO SAVE $200
OFF BRIEFINGS
B L A C K H AT . C O M / U S - 1 6
TECHNOLOGY
7 STEPS
TO ENHANCE YOUR
CYBER DEFENSE
HOW LOCKHEED MARTINS
CYBER KILL CHAIN CAN
DECIMATE THE ATTACKER
BY CRYSTAL BEDELL
RE TURN TO
CONTENTS
RE TURN TO
CONTENTS
SEVEN STEPS TO
CONTROLLING A THREAT
Lockheed Martins Cyber Kill Chain framework identifies the seven phases of an
advanced persistent threat. To be successful,
an adversary must complete all seven phases.
However, a network defender can successfully
stop a threat at any phase.
Step 1
Weaponization
Delivery
Exploitation
Installation
Reconnaissance
A lot of it is person
poweractual eyes
on the problem.
Actions on Objectives
RE TURN TO
CONTENTS
Detect
Deny
Reconnaissance
Web
analytics
Firewall
ACL
Weaponization
NIDS
NIPS
Vigilant
user
Exploitation
Disrupt
Degrade
Proxy filter
In-line AV
Queuing
HIDS
Patch
DEP
Installation
HIDS
chroot jail
AV
Command and
Control
NIDS
Firewall
ACL
NIPS
Delivery
Actions on
Objectives
Audit log
Deceive
Tarpit
DNS
redirect
Quality of
service
Honeypot
Destroy
VULNERABILITY
Central
vulnerability.isc2.org
RE TURN TO
CONTENTS
chapterS!
Get involved with your local (ISC)2 Chapter to meet industry experts
and network with (ISC)2 credential holders and other information
security professionals. Its a great way to:
Exchange resources
Earn CPES
chapter Directory
www.isc2.org/ch-directory
RE TURN TO
CONTENTS
14 thAnnual
Invest
in
Yourself!
ROI
up to
Earn
19 CpE CrEdits
BUILD A NETWORK
of thE
Most dynaMiC WoMEn
in our industry
Women of
Influence Awards
Nominate your peers, clients
and customers for the
www.ewf-usa.com
Nominations must be submitted by
diamond sponsors
TECHNOLOGY
M
N
SO
W AR E
RA
C
O V E RY
E
R
HOLDING DATA HOSTAGE IS A TRENDING TRICK
CYBERCRIMINALS ARE USING AGAINST YOU AND
YOUR BUSINESS. ITS TIME TO FIGHT BACK.
BY R
AU
AJ K
SHIK
RE TURN TO
CONTENTS
The basic idea of cloud computing is that your applications and data are scattered out there on the internet
somewhere, available for your employees to access them
from any computer whenever they want. But the authentication mechanism mainly depends upon the credentials.
For instance, if Bill the Bad Actor provides John the CTOs
credentials to the Single-Sign-On Authenticator, then Bill
the Bad Actor gains access to the whole system.
RANSOMWARE EVERYWHERE
Ransomware is a type of malware that prevents or limits
users from accessing their data. One kind of ransomware,
CryptoBlocker, encrypts data. The other variant of ransomware, Curve-Tor-Bitcoin (CTB) Locker, uses TOR to hide
command and control (C&C) communications. TOR is
freeware for enabling anonymous communication with the
mastermind server. The name is an acronym derived from
the original software project name The Onion Router.
Within two months after it was unleashed in September
2013, CryptoLocker raked in an estimated $27 million
for its creators. In April, 2014, cybercriminals came up
with more dangerous versions of ransomware, including
CryptoWall and CryptoDefense. CoinVault attack, which
Kaspersky Lab detected in May 2014, even offered the free
decryption of one of the hostage files as a sign of proof.
According to a recent NBC News report, ransomware
has targeted at least 1 million victims nationwide, including
individuals, small businesses, and even a Tennessee sheriffs
office. One California dentist reported that her practice
came to a standstill because ransomware encrypted all electronic patient information, scheduling software and digital
X-rays. The cybercriminals demanded $500 via an onscreen
prompt to restore the files.
On March 22, 2015, New Jersey school district
Swedesboro-Woolwich was locked up due to ransomware
CryptoWall 2.0, affecting the districts entire operation,
including Partnership for Assessment of Readiness for
College and Careers (PARCC) exams, which are entirely
computerized.
RE TURN TO
CONTENTS
In todays ruthless and competitive environment, cybersecurity needs to be foolproof, as it only takes a single
breach to inflict serious damage to your data and business.
2.0 into service, which used Adobe Flash to exploit browser
vulnerabilities and installed itself on the host computers.
The attackers stole assets from reputed websites to make
the malicious ads appear real.
Once a user clicked on the authentic-looking malicious
ad, the user files available on the system were encrypted,
and owners were denied access to the files until they paid
ransom for a decryption key.
Money is the main motivator for cybercriminals. If
they get ransom from a majority of their targets, they will
only get bolder, greedier and more ruthless. According
to the U.S. Department of Homeland Securitys website,
decrypting files does not mean the malware infection itself
is removed. What if the malware activates and locks files
multiple times in a year?
The ransom campaigns are launched against random
individual computers or against selected corporations that
have data in public and private clouds. The consequences
from campaigns aimed at individuals and small businesses
may be disastrous but limited to just those entities, but
attacks against government agencies could bring major
business, law enforcement and social services to a standstill.
Rather than acquiesce to ransom demands, it is time to
figure out what we can do so that we dont have to give in to
the demands and terms of malicious actors. This can only
be done if all the doors that lead to our data are closed, and,
in the case of an unauthorized entry, the invader must not
be able to take over the whole environment.
Ransomware is a thriving menace. With growing revenue, ransomware groups can continue to advance their
techniques. Security practitioners need to recover their
systems without paying ransom. There is no bulletproof
solution, but we can certainly cut the veins of ransomware
groups and bleed them to death.
RE TURN TO
CONTENTS
Accepting candy from a stranger is no longer like accepting candy from a stranger.
Learn what the worlds leading cybersecurity professionals do to protect their kids
from the dangers of the Internet. SAFEANDSECUREONLINE.ORG
MANAGEMENT
COST-CUTTING
THROUGH CLOUD
COMPUTING
BY VINCENT MUTONGI
SAVINGS NOW
DRIVES BOTH
PUBLIC AND
PRIVATE SECTORS
TO EMBRACE THE
TECHNOLOGY, BUT
DUE DILIGENCE IS
STILL ESSENTIAL
ILLUSTRATION BY ENRICO VARRASSO
InfoSecurity
Professional
28
July/August
2016
InfoSecurity
Professional
28
July/August
2016
CONTENTS
RE TURN TO
CONTENTS
RE TURN TO
CONTENTS
Me Fr
mb ee
Off ersh
er i p
SUMMER READ
BULLSEYE BREACH
After Russian cybercriminals make off with 40 million credit card numbers,
an ad hoc team launches Operation Lemonade in this excerpt from (ISC)2
member GREG SCOTTS high-tech thriller, in which the good guys fight back.
Editors note: Liz Isaacs is the CIO of fictitious retailer Bullseye, headquartered in Minneapoliss Nicollet Mall. Jesse Jonsen is a fraud analyst with
Uncle Sam Bank, also in Minneapolis. She worked in the Bullseye fraud
department before taking the job at the bank.
The Bullseye eleventh floor conference room that Liz Isaacs reserved for
the report on the credit card investigation had large windows overlooking
Nicollet Mall. It was nearly 10 a.m., and shoppers scurried through the light
snow to buy Christmas gifts. Bullseye shoppers had no way of knowing that
when they swiped their cards at the checkout counter, their card numbers
would make their way to St. Petersburg, Russia.
The soft leather chairs around the oblong mahogany table filled up one
by one as the members of the investigative team entered the room and took
their seats. At one end of the table was Ryan MacMillan, looking groggy. In
front of him sat a quart of orange juice and a box of tissues. Liz Isaacs, in a
Vera Wang turquoise business suit with a Louis Vuitton raw silk blouse, stood
at the door to welcome her guests. The first in was Jesse Jonsen, still wearing her well-worn black blazer, red turtleneck, and blue jeans, followed by
Harlan Phillips, wearing his usual white shirt with rolled up sleeves and
dark tie.
Jesse! How have you been? said Liz, as she bent down to give her old
colleague a hug and faux kisses near both cheeks. I cant tell you how much
we miss you!
You know, I feel just the same way, Liz. Id like you to meet my manager,
Harlan Phillips.
Jesse and Harlan sat down on the opposite end of the table from Ryan.
Jerry Barkley came in next, with Agent Duncan behind him. When
Jerry introduced himself, Liz said, What a remarkable holiday sweater,
Mr. Barkley. Is it one of ours?
No maam. I picked it up at Goodwill last year. It was quite a bargain.
Jerry smiled at his lie, but noticed that Liz bit her cheek and winced.
And Agent Duncan, I hope youre well this morning.
Yes, maam, Ms. Isaacs, maam. By the way, did you receive the email
I forwarded from Jerry?
Lizs smile descended into a frown. Yes, thank you. Im sure well be
discussing it.
Agent Duncan and Jerry sat near Jesse, while Liz went to the center of
InfoSecurity Professional 32 July/August 2016
RE TURN TO
CONTENTS
Images by ThinkStock
the table and fumbled with the speakerphone. As soon as she achieved a dial tone, she went over
to Ryan and gave him a gentle shake on the shoulder, though she appeared to dig her fingernails
into him for good measure. He looked hazily across the table at the visitors.
Liz went back near the phone. Id like to welcome you here today. As you know, our CEO Mr.
Berger is out of the country on important business but agreed to join us by speakerphone today as
a gesture of good will and cooperation.
Liz looked at a slip of paper and punched in the phone number but couldnt get through.
Ryan, could you look up the country code for Barbados?
Jesse, Jerry, and Agent Duncan shared a furtive glance, each with a raised eyebrow.
Liz finally got Berger on the speakerphone and introduced everyone.
Welcome to Bullseye International Headquarters, everyone, said Berger. I understand the
FBI is concerned about a possible security issue?
Im Agent Duncan of the FBI. Thank you, Mr. Berger, for taking the time to meet with us this
morning. Banks across the country report that about thirty million people have had their credit
card numbers stolen, and everything points to Bullseye as the source of the leak.
Thats what Liz told me, said Berger. I find that impossible to believe, but we agreed to cooperate with your investigation.
The FBI appreciates your cooperation, said Agent Duncan.
First, lets bring everyone up to speed, starting with a report from Jerry Barkley on our forensic
investigation at the Lake Street Bullseye last night. Did everyone get Jerrys email?
Ill forward it to you right now, Mr. Berger, said Liz, typing on her laptop.
Mr. Berger, this is Jerry Barkley. Im in the IT security business on special assignment for
Uncle Sam Bank. I wrote down the key points of last nights investigation in some detail in that
email. So, Ill just summarize briefly for you now. Basically, we observed the data flow in a store by
making a credit card purchase at a checkout counter, and we watched the interaction when one of
your point-of-sale terminals booted up. We spent several hours analyzing this data, and that led us
to look at some structural things in your operations.
Did you verify that credit card information is being delivered to Russia? asked Berger.
Not exactly, said Jerry.
So all this discussion about a credit card leak is premature then, said Liz.
I wouldnt say that, Jerry continued. We found a nasty program in your point-of-sale system
named GreenPOS. It appears to capture credit card data from each swipe, attach the stores zip
code to the file, and then store it in unencrypted form with all the other credit card numbers from
that day of sales. My credit card number was appended to that file right after I swiped it.
Agreed, that number should be encrypted, said Liz, but that still doesnt imply were sending
anything to Russia.
We didnt find anything going directly to Russia. As I said in the email, the exfiltration
path goes from the store to one of three servers at corporate, and then to FTP sites in either
Houston, Indianapolis, or New Mexico. We dont know if the people operating those sites
are in cahoots with the bad guys, or if they are simply being used.
We have FBI teams visiting those locations as we speak, chimed in Agent Duncan.
Our guess, continued Jerry, is those files are all traveling to Russia. The Russians
group them in batches called bases on an underground Russian website.
Without a definite link to Russia yet, said Liz, why are you so suspicious of these
files you found?
For one thing, said Jerry, the file that contained my credit card number was
given a name to look like a program, when it was actually a document. The obvious
conclusion is someones trying to hide something.
But I thought we had the best security design in the industry, said Berger. I understand we have an excellent firewall and antivirus software. Hows it even conceivable that
somebody could do this?
Thats right, Mr. Berger, said Ryan. I designed it myself.
InfoSecurity Professional 33 July/August 2016
RE TURN TO
CONTENTS
Your design has a problem, said Jerry, looking at Ryan. Every store should have its POS
systems behind a firewall. All the bad guys had to do was sneak past your main firewall somehow,
and then it was easy to infiltrate the computers that run your checkout counters.
Ryan looked more ashen as the conversation continued. I took the advice of some of the finest
consultants in the tech industry when Ier, when we designed that system. Besides, I still havent
heard any definite proof that correlates Bullseyespecificallywith the bogus cards that are
showing up on the street.
I should tell you then about the ten credit cards our bank issued last week, said Jesse.
Over the speakerphone, Berger blurted out, What cards?
We issued ten credit cards last week to certain bank employees across the country, said Jesse.
They each went to their neighborhood Bullseye and bought one item. Then we canceled the cards
and put alerts on them. Three phony cards showed up yesterday afternoon, all near the locations
where they were first used. The only place they could have possibly come from was Bullseye. They
werent used anywhere else.
Several seconds of silence followed. Jerry looked at Jesse and mouthed, Wow! He gave a quiet,
respectful nod. Jesse smiled slightly at Jerry.
Wait a minute, said Ryan. We dont know where this so-called leak is coming from.
Yes, said Liz. How did it get on our internal servers?
We dont know yet, said Jerry.
Im surprised you havent gotten any alerts from your security team in Bangalore, said Jesse.
When I worked here, I found they were pretty good at keeping track of any suspicious activity
coming in or going out of your system.
I assure you, our team in Bangalore is watching all those alerts, said Liz. We spent a lot of
money putting all that in place.
How do they communicate back to corporate? asked Jerry.
Email, said Ryan. They email a group email address, and then a member of the security team
handles it.
Okay. Who are the group members? asked Jerry.
Ryan and Liz looked at each other.
Ummm, said Ryan. The group name is SecurityOps, and we set up Danielle Weyerhauser
as the only email group member Oh, wow! I just remembered Danielle left the company two
months ago. She was just an intern and left when we couldnt hire her.
Why didnt you hire her? demanded Berger.
Well, sir, said Liz. You instituted a hiring freeze for everyone except retail workers.
The room went silent again.
Jerry looked at Ryan and then Liz in disbelief. Ryan looked down. Liz stared straight ahead.
Jesse muttered under her breath, You mean I was replaced by an intern?
So nobody at Bullseye is looking at alerts, said Agent Duncan after several tense seconds.
Which means, for the past two months, at least, any email to the SecurityOps group from the
team in India disappeared into a black hole. You spent a lot of money to put a system in place and
then you didnt use it. I suggest you resurrect the last years worth of messages from Bangalore for
analysis. We have a team coming in from Quantico eager to take a look.
Liz started to protest but Berger cut her off. Why dont we hold off on assigning blame for now
and focus on minimizing the damage and protecting Bullseye customers?
An excellent idea, sir, said Ryan.
All I can say, said Liz, is that if somebody broke into our system, it must have been a highly
sophisticated operation.
No, said Jerry. They messed up, which made it easy for us to find their GreenPOS program.
They put it in the same folder where they collected stolen card data. Theyre not that sophisticated.
We can beat em.
So whats our next step? asked Berger.
Harlan looked at Jesse. Jesse looked at Agent Duncan. We have more.
InfoSecurity Professional 34 July/August 2016
RE TURN TO
CONTENTS
CENTER POINTS
FOCUSING ON EDUCATION
AND RESEARCH INITIATIVES
BY PAT CRAVEN
CONTENTS
Image by ThinkStock
MINUTES WITH
JASON SACHOWSKI
Jason Sachowski lives in Toronto, Ontario, Canada and
is originally from Dryden in Ontario. He is the director of
Security Forensics and Civil Investigations at Scotiabank
and has been an (ISC)2 member for nine years.
EDITED BY ANNE SAITA
RE TURN TO
CONTENTS
PUT YOUR
BRAND IN THE
SPOTLIGHT WITH
CUSTOM
CONTENT
HOPE YOU
LIKE BEING
THE CENTER OF
ATTENTION
TWIRLING
TIGER media
creators of content you
can sink your teeth into
Twirling Tiger Media is certified as a womens business enterprise by the Womens Business Enterprise National Council (WBENC) and federally designated as a Women-Owned Small Business (WOSB).