Monthly Archives: April 2012

Don’t Forget About VoIP Exposures and PBX Hacking

Posted on by
6

 

 

 

 

 

 

I was browsing my usual data alerts for the day and ran into this set of data. It motivated me to write a quick blog post to remind folks that VoIP scans and probes are still going on out there in the wild.

These days, with all of the attention to mass compromises, infected web sites and stolen credit card data, voice systems can sometimes slip out of sight.

VoIP compromises and intrusions remain a threat. There are now a variety of tools, exploits and frameworks built for attacking VoIP installations and they are a target for both automated tools and manual hacking. Access to VoIP systems can provide a great platform for intelligence, recon, industrial espionage and traditional toll fraud.
 
While VoIP might be the state of the art for phone systems today, there are still plenty of traditional PBX, auto-attendant and dial-up voicemail systems around too. Now might be a good time to review when those systems were last reviewed, audited or pen-tested. Traditional toll fraud is still painful to manage and recover from, so it’s probably worth spending a few cycles on reviewing these devices and their security postures. 
 
Let us know if your organization could use assistance with these items or with hardening voice systems, implementing detection techniques for them or otherwise increasing voice system security.

HoneyPoint and HITME Helps Clients Take Out Malware

Posted on by
5

I wanted to share some great feedback we received this week from a couple of sources. Both are regarding HoneyPoint — our product for creating a platform of nuance detection and visibility.

The first came from a critical infrastructure team. We notified them of an attack from their environment which was detected on the HITME (HoneyPoint Internet Threat Monitoring Environment). Using our alert, they quickly identified, investigated and isolated a specific machine that been infected with a piece of malware and was now scanning the Internet for other potential victims. They thanked us for the notification and said they truly appreciated our efforts and the work of the HITME team to help protect US critical infrastructures.
 
The second bit of feedback came from a long-time user of HoneyPoint Wasp, who suddenly began to see a piece of code propagate across a few machines in their workstation space. The code was rapidly identified as a piece of malware that had successfully evaded their anti-virus, but triggered the Wasp white list detection mechanism. Their team traced the infection back to a single USB key, which they impounded and sanitized. Thankfully, they found this infection before it was able to be leveraged by an attacker against them. They were very supportive of HoneyPoint and thanked us for assisting them in their investigation and for teaching them how to use Wasp through our installation services.
 
Together, these represent just a couple of the stories where HoneyPoint has helped security teams. Some of the people who receive the benefit of our work are not even users of the product or MicroSolved clients at all. It’s just another way that we engage every single day to help make a difference in the security and safety of peoples’ lives.
 
At MSI, we don’t just make great tools and perform great services, we have spent the last 20 years working hard to help people with information security. It continues to be both our pleasure and our passion.
 
Thanks for reading! 

Three Sources to Help You Understand Cybercrime

Posted on by
5

Cybercrime is a growing threat. I thought I would take a few moments and point you to three recent news articles that discuss U.S. Government views on just how information security is proceeding, how we are doing, and how we should think about the future of infosec. They are all three interesting points of view and represent a wide variety of data seen at high levels:

 
 
 
 
These three links are interesting perspectives on how infosec is changing from a focus on compliance and prevention techniques to fully embracing the need for cross-platform, security-focused initiatives. In addition, more emphasis is on threats and risk while balancing prevention, detection capability, and effective responses when things go wrong.
 
Long term, this change is an important one if we are to protect ourselves and the data of our customers in the future. Cybercrime won’t go away, but if we can approach security with proactive strategies, we may minimize its effectiveness.