Bandura Cyber Byte
11-14-2018

With the Bandura Cyber Byte, we take a look back at the most interesting industry news and happenings related to cybersecurity and threat intelligence.

Finding Gold in the Threat Intelligence Rush

This DarkReading article discusses how researchers from SensePost SecureData spent six months analyzing the ability of threat intelligence to predict malicious activity. The conclusion was there are both good and bad places and means to find reliable threat data. The researchers are part of a managed security services team and one of their focus areas is detecting potentially harmful activity through IP addresses on customers’ perimeters, including vulnerability scans, port scans, and other suspicious activity. Their research or investigation has now included more than one million threat indicators and 1.3 billion correlations.

One of their key takeaways is that IP addresses that appear suspicious at one organization may not prove malicious at another. The researchers find that IP addresses that interact with honeypots prove malicious across businesses and this threat intelligence had significantly higher fidelity than the threat data they directly gathered from customers’ perimeters.

Bandura’s Take: This article reinforces the need for multiple types of threat intelligence from commercial, open source, government, industry, and internal sources. We believe organizations need to use a mix of broad threat intelligence that is more generally applicable and more specific threat intelligence related to their industry and their organization.

Election Day: Securing the vote

This is a great article in SC Magazine on the topic of election security. One of the key points is that the 2018 midterms are viewed to be the most secure elections ever held and that the federal and state governments are partnering like they’ve never done before. While good news it’s also indicated there’s no finish line and the distributed nature of state and local election systems create resilience but also risk.

Interestingly, days before the election the Georgia gubernatorial candidate accused the Democratic Party of Georgia of attempting to hack the state’s voter registration system. Facebook also identified 80 Facebook accounts and 85 Instagram accounts that may be engaged in coordinated inauthentic behavior.

Bandura’s Take: We are making some progress with election security but overall remain in the early stages of mitigating this risk. One question to ponder is whether midterm elections are more, equal to, or less attractive than general elections. Overall, we expect to see nation-state influence campaigns, the use of social media to influence, and attacks on state election systems to continue. Check out this DarkReading article on election security and this solution brief – Secure Your Internet-Facing Election Systems.

Energy Sector’s IT Networks in the Bulls-Eye

The gist of this one is that attackers are actively infiltrating energy companies for reconnaissance purposes. One of the best quotes is “attackers meanwhile are quietly hammering away at the IT infrastructure of energy firms and utilities in their quest for valuable intelligence on industrial systems.” According to Vectra Networks, “From January to June of this year, for every 10,000 host systems, nearly 200 remote access hacking attempts were spotted. In addition, some 314 lateral-movement activities were detected for every 10,000 host devices and cloud application operations. Vectra’s data also shows nearly 300 data exfiltration actions per 10,000 host devices and cloud app operations.”

Bandura’s Take: One of the key use cases we are seeing with the Bandura Threat Intelligence Gateway is using threat intelligence to shield the network from the massive volume of inbound scans and probes. This is serving to reduce the noise and enable next generation firewalls to focus more expensive, deep packet inspection (DPI) processor cycles on a reduced amount of cleaner traffic.

New Spam Botnet Likely Infected 400,000 Devices

This article discusses a newly discovered botnet designed to turn home routers into email spammers. The botnet has infected 400,000 machines to date. The botnet consists of 100,000 scan source IPs and in total the researchers registered over 3.37 M scan source IPs though the size of this number is likely impacted by devices changing their IPs over time. The botnet is taking advantage of known vulnerability that was discovered in 2013.

Bandura Take: This not only illustrates the high volume of malicious IPs related to threats but also the highly dynamic nature of them. That’s why dynamic threat intelligence is important.

HSBC Data Breach Shows Failure to Protect Passwords & Access Controls

Banking giant HSBC discloses October breach with the HSBC security team noticing unauthorized users accessing online accounts. The size of the breach was not quantified, though it was assumed that attackers gained access to lots of personal data. This appears to be driven by a credential stuffing attack, which is indicated to be a brute-force method used to guess passwords.

Bandura Take: This blog further illustrates what everybody already knows…that financial services companies continue to be in the cross hairs of attackers!

Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal

The Pentagon has started uploading malware samples from APTs and other nation-state sources to VirusTotal. Samples were posted by The Cyber National Mission Force (CNMF).

Bandura Take: A positive step with respect to threat information sharing. It will take more moves like this to increase the trust factor between public and private sector entities.

Sign up for the weekly Bandura Cyber Byte!

Get the best threat intelligence and cybersecurity news delivered to your inbox each week.
  • This field is for validation purposes and should be left unchanged.

End User License Agreement

This is an End User License Agreement (the “Agreement“) between Bandura Cyber, Inc. (“Bandura“), You (or “User” or “your”) and the insurance company affiliate of American International Group, Inc. that issued the insurance policy providing the IP Blocking Solution to you (with its affiliates, “AIG“) (each, a “Party” and collectively, the “Parties“).
Subject to the terms and conditions of this Agreement, Bandura is providing the User, as a qualified policyholder of a cyber insurance policy issued by AIG, one Bandura threat intelligence network security appliance (the “Network Appliance“), including Bandura’s IP Blocking software (together with any third party proprietary software, and any patches, updates, improvements, additions and other modifications or revised versions that may be provided by Bandura or its licensors from time to time, the “Licensed Software“) and open source code software programs (each, an “Open Source Program” and together with the Licensed Software, the “Software“) provided to User as necessary to deliver the blacklist IP blocking service (“IP Blocking Service“). This Agreement is valid and becomes effective upon User’s electronic acceptance of its terms. BY CLICKING THE “I ACCEPT” BUTTON YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

1. Grant of License.

User acknowledges and agrees that: (i) AIG has contracted with Bandura to make the Licensed Software, IP Blocking Service and associated services available to you at no cost to you; (ii) the Licensed Software, IP Blocking Service and all associated services are being licensed and provided by Bandura, and not by AIG; (iii) neither Bandura nor AIG shall be liable for any damages to User caused by the Licensed Software, IP Blocking Service or any associated services; (iv) Bandura will have access to certain of your information and has developed a policy, which can be viewed at https://banduracyber.com/privacy-policy/ to address your privacy concerns; and (v) AIG will have access to certain of your information and has developed a policy, which can be viewed at www.aig.com, to address your privacy concerns.

Subject to this Agreement, Bandura grants User a non-exclusive, non-assignable, non-transferable, revocable, limited right and license to use the Licensed Software and IP Blocking Service, together with Bandura’s release notes or other similar instructions in hard copy or machine readable form supplied by Bandura to User that describes the functionality of the Network Appliance and/or the Software purchased or licensed hereunder (the “Documentation“). User shall not (i) license, sublicense, lease, sublease, sell, resell, transfer, assign, reverse engineer, decompile, disassemble, sublicense or distribute or otherwise make available to any third party the Licensed Software, IP Blocking Service, or the Documentation, (ii) modify or make derivative works based upon the Licensed Software, IP Blocking Service, or the Documentation; (iii) commercially exploit the Licensed Software, IP Blocking Service or Documentation in any way, or (iv) create Internet “links” to the Licensed Software or “frame” or “mirror” the Licensed Software on any other server, wireless or Internet-based device; (v) impersonate another user of the Licensed Software or IP Blocking Service; (vi) use the Licensed Software or IP Blocking Service to violate the rights of or cause injury to any person or entity; (vii) remove, alter or obscure any proprietary or copyright notice, labels, or marks on the hardware components of the Network Appliance or within the Software; or (viii) disable or circumvent any access control or related security measure, process or procedure established with respect to the Network Appliance or any Software or any other part thereof.

You are solely responsible for maintaining the confidentiality of the access information provided to you for access to the Licensed Software (“Credentials“), and you agree to keep this information confidential. You are solely responsible for all activity that occurs through use of the Credentials. You will not: (1) use another user’s Credentials to obtain copies of or access to the Licensed Software; (2) use your Credentials to download unauthorized copies of or grant others access to the Licensed Software; (3) use the Licensed Software in a way that violates any third party’s rights or any applicable law; (4) upload any files or software that may damage or provide unauthorized access to the data, software or hardware of another; or (5) interfere or allow interference with the proper functioning of the Licensed Software.

If the User is entitled to and elects to receive the IP Blocking Service, Bandura will provide one (1) Network Appliance at no additional charge. Title to and ownership of such Network Appliance provided to the User in connection with the IP Blocking Service will transfer to the User. Bandura will determine the appropriate IP Blocking Service to deliver to each User. Additional Network Appliances can be purchased from Bandura.

The scope of use of any Open Source Programs shall be governed by the applicable open source license agreement included with the Licensed Software. User acknowledges that each Open Source Program is distributed under the Open Source Program license applicable to such Open Source Program, and only such license, and this Agreement in no ways supplements or detracts from any term or conditions of such open source license agreement (the “Open Source License“). Notwithstanding anything to the contrary in this Agreement, User agrees and acknowledges that the rights attached to any Open Source Programs provided hereunder are separate from and do not depend on the Open Source Programs being part of, or used in connection with, the Software or the Network Appliance.

2. Proprietary Rights.

User acknowledges that ownership of and title in and to all intellectual property rights, including patent, trademark, service mark, copyright, and trade secret rights, in the Licensed Software and IP Blocking Service are and shall remain in Bandura. User acquires only the right to use the Licensed Software and IP Blocking Service and does not acquire any ownership rights or title in or to the Licensed Software or IP Blocking Service. All modifications, updates, revisions and extensions to the Licensed Software, IP Blocking Service and Documentation shall be considered part of the Licensed Software, IP Blocking Service and Documentation for purposes of this Section 2. All data, information, content, graphics, text and other materials or applications prepared by User through the use of the Licensed Software, added by User or integrated by User with the Licensed Software, shall be the sole property of User. You understand that neither Bandura nor AIG has any obligation to monitor the areas of the Licensed Software through which the User can supply information or material.

3. Warranty and Indemnification.

Bandura represents, warrants and covenants that it owns the Licensed Software, including all intellectual property rights therein, and that Bandura has all rights necessary to license and/or provide, in accordance with the terms of this Agreement, the Licensed Software, IP Blocking Service and appropriate Network Appliance, if any, to User.

3.1 Indemnification of AIG:

Bandura shall indemnify and hold AIG harmless against claims, liabilities, and costs, including reasonable attorneys’ fees, incurred in the defense of any claim brought against AIG by User or any other third party in connection with the Licensed Software and/or IP Blocking Service, including, but not limited to, malfunction of a Network Appliance, User’s inability to use the IP Blocking Service or Network Appliance, and/or any damage to User’s network.

3.2 Indemnification of User:

Bandura shall indemnify User against claims, liabilities, and costs, including reasonable attorneys’ fees, reasonably incurred in the defense of any claim brought against User by third parties alleging that User’s use of the Licensed Software, IP Blocking Service or Network Appliance infringes or misappropriates: (i) any patent; (ii) a copyright; or (iii) trade secret rights, provided that, User promptly notifies Bandura in writing of any such claim and Bandura is permitted to control fully the defense and any settlement of such claim as long as such settlement shall not include a financial obligation on User. User shall cooperate fully in the defense of such claim and may appear, at its own expense, through counsel reasonably acceptable to Bandura.

3.3 Indemnification of Bandura and AIG:

To the extent permissible by law, User shall indemnify Bandura, AIG, and their licensors, against all third party claims, liabilities, and costs, including reasonable legal fees, reasonably incurred in the defense of any claim (other than for the infringement of intellectual property rights specified in Section 3.2 above), arising out of User’s breach of its representations and warranties under this Agreement or User’s unauthorized use of the Licensed Software, IP Blocking Service or Network Appliance, and other proprietary information licensed under this Agreement, provided that, Bandura or AIG promptly notifies User in writing of such claim and that User is permitted to control fully the defense and any settlement of the claim.

4. Term and Termination.

This Agreement will become effective on the date User accept its terms and conditions or accesses the Licensed Software or IP Blocking Service and will remain in force until User or AIG terminates this Agreement. AIG will be deemed to have terminated this Agreement and the User’s right to use of the Licensed Software and the IP Blocking Service immediately without notice if User: (i) fails to comply with the terms and conditions of this Agreement, or (ii) no longer has an in-force cyber insurance policy with AIG or one of its insurance company affiliates. Notwithstanding, AIG reserves the right to terminate User’s use of the Licensed Software and IP Blocking Service, for any reason whatsoever, with ten (10) days written notice to User. Email notice to User is deemed to be sufficient notice under this Agreement.

Unless otherwise agreed by User and Bandura, User is not required to return any Network Appliance intentionally provided by Bandura as part of the IP Blocking Service.

5. Waiver.

No waiver of any right under this Agreement shall be effective unless in writing, signed by a duly authorized representative of the Party to be bound. No waiver of any past or present right arising from any breach or failure to perform shall be deemed to be a waiver of any future right.

6. Severability.

If any provision in this Agreement is invalid or unenforceable, that provision shall be construed, limited, modified or, if necessary, severed, to the extent necessary, to eliminate its invalidity or unenforceability, and the other provisions of this License shall remain unaffected.

7. Governing Law.

Except as otherwise restricted by law, this License shall be governed by the internal laws of the State of New York (as permitted by Section 5-1401 of the New York General Obligations Law or any similar successor provision), without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of New York to the rights and duties of the Parties. The Parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods Act shall not apply to this Agreement.

8. Export Control Notice.

Regardless of any disclosure made by User to Bandura or AIG of an ultimate destination of the Licensed Software or IP Blocking Service (including any Network Appliance provided in connection therewith), User acknowledges that if the Licensed Software, IP Blocking Service or Network Appliance is being released or transferred to User in the United States that it is subject to the U.S. and European Union export control laws. User acknowledges its exclusive obligation to ensure that its exports from the United States are in compliance with the U.S. export control laws. User shall also be responsible for complying with all applicable governmental regulations of any foreign countries with respect to the use of the Licensed Software, IP Blocking Service or Network Appliance outside of the United States. User agrees that it will not submit the Licensed Software, IP Blocking Service or Network Appliance or any related content to any government agency for licensing consideration or other regulatory approval without the prior written consent of Bandura. Customer shall defend, indemnify, and hold Bandura and AIG harmless from and against any and all claims, judgments, awards, and costs (including reasonable legal fees) arising out of User’s noncompliance with applicable U.S. or foreign law with respect to the use or transfer of the Licensed Software, IP Blocking Service or Network Appliance outside the United States by User and its affiliates.

The Licensed Software, IP Blocking Service and Network Appliance provide services and use software and technology that may be subject to United States export controls administered by the U.S. Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, and other U.S. agencies. The User acknowledges and agrees that the Licensed Software, IP Blocking Service and Network Appliance shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to any countries to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. By using this Licensed Software and IP Blocking Service, User represents and warrants that it is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. User agrees to comply strictly with all U.S. export laws.

9. Warranty Disclaimer.

EXCEPT AS OTHERWISE RESTRICTED BY LAW, NEITHER BANDURA NOR AIG MAKE ANY REPRESENTATION, WARRANTY, OR GUARANTY AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, TRUTH, AVAILABILITY, ACCURACY OR COMPLETENESS OF THE LICENSED SOFTWARE OR IP BLOCKING SERVICE. BANDURA AND AIG DO NOT REPRESENT OR WARRANT THAT (A) THE USE OF THE LICENSED SOFTWARE OR IP BLOCKING SERVICE WILL BE COMPLETELY SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA, (B) THE LICENSED SOFTWARE OR IP BLOCKING SERVICE WILL MEET USER’S REQUIREMENTS OR EXPECTATIONS, (C) ANY STORED DATA WILL BE ACCURATE OR RELIABLE, (D) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY USER THROUGH THE LICENSED SOFTWARE OR IP BLOCKING SERVICE WILL MEET USER’S REQUIREMENTS OR EXPECTATIONS, (E) ERRORS OR DEFECTS WILL BE CORRECTED, (F) THE LICENSED SOFTWARE OR IP BLOCKING SERVICE OR THE SERVER(S) THAT MAKE THEM AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR (G) THE SECURITY SERVICES ARE SUITABLE FOR ALL NETWORKS.
THE LICENSED SOFTWARE AND IP BLOCKING SERVICE IS PROVIDED TO USER STRICTLY ON AN “AS IS” BASIS. ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS, ARE HEREBY DISCLAIMED TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW BY BANDURA AND AIG.

10. Internet Delays.

User acknowledges that access to the Licensed Software and IP Blocking Service may be subject to limitations, delays, and other problems inherent in the use of the Internet and electronic communications. Bandura and AIG are not responsible for any delays, delivery failures, or other damage resulting from such problems.

11. Limitation of Liability.

EXCEPT AS OTHERWISE RESTRICTED BY LAW OR AS STATED HEREIN, BANDURA AND AIG SHALL NOT BE LIABLE FOR ANY DIRECT OR INDIRECT DAMAGES (IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE), INCLUDING BUT NOT LIMITED TO, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE LICENSED SOFTWARE OR IP BLOCKING SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE LICENSED SOFTWARE OR IP BLOCKING SERVICE, , ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE AND/OR FITNESS FOR A PARTICULAR PURPOSE, EVEN IF ADVISED OF THE POSSIBILITY OF THOSE DAMAGES.

IN FURTHERANCE, AND NOT IN LIMITATION OF, THE FOREGOING, BANDURA AND AIG ASSUME NO RESPONSIBILITY, AND SHALL NOT BE LIABLE FOR, ANY DAMAGES TO, OR VIRUSES THAT MAY INFECT, YOUR COMPUTER EQUIPMENT OR OTHER PROPERTY AS A RESULT OF YOUR ACCESS TO, USE OF, OR YOUR DOWNLOADING OF ANY MATERIALS, DATA, TEXT, IMAGES, VIDEO, OR AUDIO ARISING OUT OF OR RELATING TO THE LICENSED SOFTWARE OR IP BLOCKING SERVICE.

12. Confidentiality.
As used herein, “Confidential Information” means any non-public technical or business information of Bandura (or its licensors), including without limitation, any information, relating to Bandura’s techniques, algorithms, software, know-how, current and future products and services, research, engineering, designs, financial information, procurement requirements, manufacturing, customer lists, business forecasts, marketing plans and information, the terms and conditions of this Agreement, and any other information of Bandura (or its licensors) that is disclosed to User. Customer will take all reasonable measures to maintain the confidentiality of Bandura’s Confidential Information, but in no event less than the measures User uses to protect its own confidential information. User will limit the disclosure of Bandura’s Confidential Information to its employees with a bona fide need to access such Confidential Information in order to exercise its rights and obligations under this Agreement; provided that all such employees are bound by a written non-disclosure agreement that contains restrictions at least as protective as those set forth herein. User agrees that Bandura will suffer irreparable harm in the event that User breach any obligations under this Section 12 and that monetary damages will be inadequate to compensate Bandura for such breach. In the event of a breach or threatened breach of any of the provisions of this Section 12, Bandura, in addition to and not in limitation of any other rights, remedies or damages available to it at law or in equity, shall be entitled to a temporary restraining order, preliminary injunction and/or permanent injunction in order to prevent or to restrain any such breach.

13. Entire Agreement.

This Agreement sets forth the entire understanding and license between User, Bandura and AIG. This Agreement may be amended joint notice from AIG and Bandura to User concurrently with User’s renewal of the insurance policy with AIG. No other person is authorized to modify this Agreement or to make any warranty, representation or promise, which is different than, or in addition to, the warranty, representations or promises herein.