HTran, a "rudimentary" bouncer tool written by a well-known Chinese hacker 10 years ago, was being used by various attackers to redirect traffic from infected computers to command and control servers. A piece of code used for debugging purposes in HTran would return an error message to the infected computer if the C&C server was unavailable, Stewart said. That error message revealed the final IP address of the server.The redirect tool routes traffic through several proxy servers to make it look like it is going through servers in the United States, Norway, Japan and Taiwan in order to obscure where the attack is originating, Stewart said. The botnet owners and attackers "didn't realize fully how HTran works," and very clearly were unaware of the debugger or the fact that the error message was being displayed, Stewart said.Dell researchers uncovered a few networks, all of which had China-based addresses, according to Stewart. The team scanned a list of 1,000 IP addresses that had previously been identified as being used in an advanced persistent threat attack and uncovered a "short list" of Chinese networks hosting the C&C servers, according to Stewart. While it was not 100 percent certain that the 18 servers it uncovered are the final destination, the fact that so many campaigns traced back to a handful of IP addresses seems promising, Stewart said.The addresses appear to belong to ISPs in Beijing and Shanghai, such as state-owned telecommunications giant China Unicom, but the carriers are big enough that it would be difficult to identify the individuals without assistance from the Chinese government, according to the Dell SecureWorks report.His research answered the question of "where" some of the advanced persistent threats originated, but not "who" the perpetrators were, Stewart said.However, organizations now have a signature that can be used to identify some of the APT activity in their networks. Not all attackers use this tool, but by looking for the error messages and using the Snort-based signatures the team developed to detect this particular Trojan, the IT department would at least be able to stop this particular APT, Stewart said. He also acknowledged that hackers using HTran would likely abandon the tool or fix the bug now that Dell SecureWorks has publicized the issue.“It is our hope that every institution potentially impacted by APT activity will make haste to search out signs of this activity for themselves before the window of opportunity closes,” Stewart wrote in the report.
40 "Risk management" is just another term for the cost-benefit tradeoff associated with any security decision.Protecting data according to risk enables organizations to determine their most significantsecurity exposures, target their budgets towards addressing the most critical issues,strengthen their security and compliance profile, and achieve the right balance betweenbusiness needs and security demands. As discussed earlier, a report by the Ponemon Institute, a privacy andinformation management research firm, found that data breach incidents cost $202 per compromisedrecord in 2008, with an average total per-incident costs of $6.65 million.All security spend figures produced by government and private research firms indicate that enterprisescan put strong security into place for about 10% the average cost of a breach. You can find the rightbalance between cost and security by doing a risk analysis.
40 "Risk management" is just another term for the cost-benefit tradeoff associated with any security decision.Protecting data according to risk enables organizations to determine their most significantsecurity exposures, target their budgets towards addressing the most critical issues,strengthen their security and compliance profile, and achieve the right balance betweenbusiness needs and security demands. As discussed earlier, a report by the Ponemon Institute, a privacy andinformation management research firm, found that data breach incidents cost $202 per compromisedrecord in 2008, with an average total per-incident costs of $6.65 million.All security spend figures produced by government and private research firms indicate that enterprisescan put strong security into place for about 10% the average cost of a breach. You can find the rightbalance between cost and security by doing a risk analysis.
40 "Risk management" is just another term for the cost-benefit tradeoff associated with any security decision.Protecting data according to risk enables organizations to determine their most significantsecurity exposures, target their budgets towards addressing the most critical issues,strengthen their security and compliance profile, and achieve the right balance betweenbusiness needs and security demands. As discussed earlier, a report by the Ponemon Institute, a privacy andinformation management research firm, found that data breach incidents cost $202 per compromisedrecord in 2008, with an average total per-incident costs of $6.65 million.All security spend figures produced by government and private research firms indicate that enterprisescan put strong security into place for about 10% the average cost of a breach. You can find the rightbalance between cost and security by doing a risk analysis.
Just because AWS is certified doesn't mean you are. You still need to deploy a PCI compliant application/service and anything on AWS is still within your assessment scope. The open question? PCI-DSS 2.0 doesn't address multi-tenancy concerns AWS is certified as a service provider doesn't mean all cloud IaaS providers will beYou can store PAN data on S3, but it still needs to be encrypted in accordance with PCI-DSS requirements Amazon doesn't do this for you -- it's something you need to implement yourself; including key management, rotation, logging, etc. If you deploy a server instance in EC2 it still needs to be assessed by your QSA What this certification really does is eliminate any doubts that you are allowed to deploy an in-scope PCI system on AWSThis is a big deal, but your organization's assessment scope isn't necessarily reducedit might be when you move to something like a tokenization service where you reduce your handling of PAN data