Security Software & Equipment Store

Wednesday, February 24, 2016

US FBI's 10 Most Wanted Cyber Criminals

The US FBI's 10 most wanted cyber criminals largely come from China and Eastern Europe.
The masked criminal known as the Cyborg Bandit and, later, the Elephant Man Bandit was robbing Seattle-area banks at an average of more than two per month for an entire year before he was caught—in the act of robbing a bank he had already robbed. For investigators who routinely work bank robberies, the story of 46-year-old Anthony Hathaway, sentenced last month to nearly nine years in prison, is surprising in some ways but all too familiar in others. “In this particular case and in general, bank robbery is a crime of last resort,” said Len Carver, a detective with the Seattle Police Department and member of the FBI’s Seattle Safe Streets Task Force. “Occasionally you get a thrill seeker or a truly violent individual, but most people who rob banks are supporting an addiction of some kind—drugs or gambling—and they are desperate.” Hathaway’s addiction was to prescription painkillers and then to heroin. According to court records, he suffered an injury and became addicted to the opiate Oxycontin. After losing his job, he turned to crime to feed his addiction, and between February 2013 and February 2014, Hathaway admitted to 30 bank robberies. He sometimes hit the same bank multiple times. “Seattle has had many serial bandits over the years,” Carver said, “but Hathaway was prolific. He might top the list for sheer number of robberies in a one-year period.” During the holdups, which usually occurred late in the afternoon, Hathaway wore a mask and gloves. In the early crimes, he wore textured metallic fabric over his face and was nicknamed the Cyborg Bandit because the disguise was similar to that of cyborgs in science fiction productions. After that disguise began receiving too much media attention, he covered his head with a shirt and cut out two eye holes. That earned him the nickname the Elephant Man Bandit because of the similarity to a movie character of the same name. Visit the FBI's 10 Most Wanted list at: And share your comments regarding the cyber criminals at:

Tuesday, February 23, 2016

Strategies for Cyber Security Intrusion Detection and Mitigation

Sophisticated and targeted cyber intrusions have increased in recent months against owners and operators of industrial control systems across multiple critical infrastructure sectors. ICS-CERT developed the following guidance to provide basic recommendations for owners and operators of critical infrastructure to mitigate the impacts of cyber attacks and enhance their network security posture. This guidance applies to organizations whose networks have been compromised by a cyber attack as well as to those desiring to improve their network security preparedness to respond to a cyber incident. The guidance is relevant to both enterprise and control system networks, particularly where interconnectivity could allow adversaries to move laterally within and between networks. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to implementing defensive measures to avoid any negative impact to normal operations. The guidance is organized into several topical areas and provides network administrators with concepts for improving detection of intrusions, preventing lateral movement of threat actors, and controlling access to the various segments of a network. The guidance is in the form of “what” should be done and “why” it is important. The “how” of implementation is the responsibility of each organization and is dependent on individual needs, network topology, and operational requirements. Organizations that suspect a compromise should first consider how to preserve forensic data and stop movement of the intruder through the network. The guidance listed in the Preserving Forensic Data and Credential Management sections below should be considered primary actions to help mitigate the spread of compromise through a network. How effective can these CERT guidelines in combating cyber intrusions? Send your comments to the Cloud and Cyber Security Center:

Wednesday, February 17, 2016

Healthy Salaries Await Young Professionals with Cybersecurity Training

If you are considering a career move into cyber security prevention and mitigation, CSO magazine predicts both rapid growth and increased earning power. Other data to suggest you may want to think about sending your kid to cybersecurity school instead.
U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. They state the profession is growing at a rate of 36.5 percent through 2022. Average salaries nationally are $91,210, and significantly higher in big cities including San Francisco at $112,320, New York City at $120,460, and Sacramento at $142,200. The Cisco 2014 Annual Security Report warns that the worldwide shortage of information security professionals is at 1 million openings, even as cyberattacks and data breaches increase each year. More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018. A recent CNBC story quotes a Rand Corporation study that estimates there are around 1,000 top-level cybersecurity experts globally vs. a need for 10,000 to 30,000. An information security analyst can move through the ranks as he gains real-world experience, and adds specialty technical credentials such as CISSP (Certified Information Systems Security Professional) and others. Whether you are just beginning your career or want to make a mid-career change cyber security holds both strong career growth and attractive compensation opportunities. Let us know your thoughts on this matter here at the Cloud and Cyber Security Center:

Tuesday, February 16, 2016

Cloud Security Threats and Mitigation Strategies

Cloud and Cyber Security professionals indicate that their top concerns with cloud solutions include lack of control over data location, potential for third party access, and lack of visibility on the part of the service provider.
To level-set this discussion let's define the three standard cloud computing models: Platform, Infrastructure and Software ... all "As a Service" . Top mitigation strategies include: 1) Regularly update your in-house software, 2) Implement end-to-end encryption, 3) Work with a third party to assure cloud security on a regular basis, 4)  Utilize a Single Sign-on (SSO) solution to add security, and 5) Do your due diligence when researching a cloud solution.  Which mitigation strategies are best fitted for the 2016 cloud security landscape? Share your recommendations with the Cloud and Cyber Security Center:

Sunday, February 14, 2016

Computer Hacking And Telecommunications Fraud Scheme Exposed

Last week a  Pakistani citizen admitted laundering over $19.6 million on behalf of the perpetrators of a massive international computer hacking and telecommunications fraud scheme, U.S. Attorney Paul J. Fishman announced. Muhammad Sohail Qasmani, 47, formerly of Bangkok, Thailand, pleaded guilty before U.S. District Judge Katharine S. Hayden to an information charging him with one count of conspiracy to commit wire fraud. 
He remains detained without bail. “Thanks to the hard work of the prosecutors and agents on this case, Qasmani acknowledged his role in an international scheme that hijacked the telephone networks of U.S. companies and ran up millions in bogus charges,” U.S. Attorney Fishman said. “Today, he admitted moving over $19 million in illicit proceeds across 10 countries and ensuring the dialers and hackers who perpetuated the scheme received their cut.” “The successful investigation of Qasmani is a testament to the dedication, hard work, and commitment of the men and women of the FBI, the Enforcement and Removal Operations of the U.S. Customs and Border Protection, and the State Department," said FBI-Newark Acting Special Agent in Charge Andrew Campi. What impact will this admission have on cyber hacking and fraud in the US? Send your comments to the Cloud and Cyber Security Security Center:

Friday, February 12, 2016

Explore the National Initiative for Cybersecurity Careers and Studies (NICCS)

Certifications are industry-recognized demonstrations of having a specific skill, or experience in a particular subject area. Federal Virtual Training Environment (FedVTE) also offers free courses for government employees and veterans to prepare for certifications.
Organizations that provide Cybersecurity Certifications include: CERT, CWNP, Cisco, CompTIA, DRI International, EC-Council, GIAC, Information Assurance Certification, ISC2, Infotec Pro, ISACA, Learning Tree, McAfee Institute, Mile2, Security University, ABCHS and Offensive Security. The Department of Homeland Security does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. Further, the inclusion of links is not intended to endorse any views expressed, or products or services offered, on these outside sites, or the organizations sponsoring the sites. Employers often use certifications as a way to identify people with specific skill sets, and certifications can help individuals stand out in a competitive job market. The Department of Homeland Security has developed a list of organizations that provide cybersecurity certifications. Additionally, you can browse the NICCS Training Catalog for courses that can help prepare you to obtain a certification. The Department of Homeland Security has developed a list of organizations that provide cybersecurity certifications. Additionally, you can browse the NICCS Training Catalog for courses that can help prepare you to obtain a certification. You may wish to review each privacy notice since their information collection practices may differ from ours. In addition, our linking to these sites does not constitute an endorsement of any products or services. Which certifications are most vital for a successful career in fighting cyber security threats? Share your feedback with the Cloud and Cyber Security Center.

Tuesday, February 9, 2016

Identifying the Top Sources and Targets of Cyber Crime

Have you considered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. 
Security research firm, Symantec, has discovered specific factors that determine why a certain country is plagued with cybercrime more so or less than another which allowed them to come up with a ranking for each. Symantec has ranked 20 countries that face, or cause, the most cybercrime. In compiling such a list, Symantec was able to quantify software code that interferes with a computer's normal functions, rank zombie systems, and observe the number of websites that host phishing sites, which are designed to trick computer users into disclosing personal data or banking account information. Symantec was also able to obtain data including the number of bot-infected systems which are those controlled by cybercriminals, rank countries where cyber attacks initiated and factor in the a higher rate of cybercrime in countries that have more access to broadband connections. The highest rate of cybercrime was found to be in the United States which may mainly contribute to the broad range of available broadband connections, which are those that allow uninterrupted internet connectivity. So which sources of cyber crime does your organization encounter most frequently? Share your comments with the Cloud and Cyber Security Center:

Thursday, February 4, 2016

ISC2 Offers a New Certification in Cyber Forensics (CCFP)

Cyber forensics, also called computer forensics or digital forensics, is the process of extracting information and data from computers to serve as digital evidence - for civil purposes or, in many cases, to prove and legally prosecute cyber crime.
With technology changing and evolving on a daily basis, cyber forensic professionals must continually keep pace and educate themselves on the new techniques to collect this data. They are tasked with being an expert in forensic techniques and procedures, standards of practice, and legal and ethical principles that will assure the accuracy, completeness and reliability of the digital evidence. CCFP certification is a comprehensive, professional-level credential that validates experienced practitioners’ expertise in the field of cyber forensics, which encompasses digital and computer forensics. It is the first certification available within the forensics discipline that reflects internationally accepted practices while accommodating the specific knowledge required by forensics professionals at a national level. The CCFP was developed by (ISC)², the world's largest not-for-profit information security professional body and administrators of the CISSP® - the gold standard in information security certifications. Will this CCFP certification help you in your IT security career? Let us know your thoughts here at the Cloud and Cyber Crime Center:

Wednesday, February 3, 2016

ISIS Cyber Crime Threats and Mitigation Techniques

Reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption. did use encryption during earlier planning stages of their attacks, or that authorities were so overwhelmed tracking other suspects—French investigators claim they recently thwarted six other attacks—that they overlooked the suspects who pulled off the Paris attacks. This indeed might be the case since Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.
US authorities have flooded the media with stories about how ISIS’ use of encryption and other anti-surveillance technologies has thwarted their ability to track the terrorists. But authorities have also slyly hinted that some of the encryption technologies the terrorists use are not as secure as claimed, or are not being configured and used in a truly secure manner. So what are ISIS attackers for OPSEC?  They have 34-page guide to operational security (.pdf) that ISIS members advise recruits to follow, offers some clues. Aaron Brantly and other researchers with the Combating Terrorism Center at West Point’s military academy uncovered the manual and other related documents from ISIS forums, social accounts and chat rooms. The originals are in Arabic, but the center provided WIRED with translated versions of a number of documents that had been passed through Google Translate. Share your comments on ISIS cyber crime threats and mitigation techniques with the Cloud and Cyber Security Center:

Monday, February 1, 2016

Discover the Serchen Cloud Security Marketplace

Serchen's Cloud Security product rating system and repository provides IT customers with an abudance of value information on 14,543 service providers in over 300 solution categories along with some 20,000 user reviews. 
Cloud Security deals with keeping your cloud infrastructure safe, secure and protected from malicious internet users. The Cloud Security providers here are the best at supporting your cloud services and protecting your assets from the more unsavoury aspects of the Internet. If you’re interested in similar cloud services like Cloud Security, consider our Cloud Server or Cloud Hosting service categories. Visit the Serchen portal at: . Serchen give the Steadfast Cloud Service at Five Star rating. Unlike conventional hardware servers, the cloud brings together multiple servers and storage arrays into one unified system. Which means users can always access the hardware resources you need for outstanding performance, applications are more consistently available, with no single point of failure, customers pay for the resources you need, not a plan that greatly exceeds your usage and they can scale instantly, ensuring you're always prepared for rapid growth. Read the complete review at: . Share your comments with us here at the Cloud and Cyber Security Center.