Cyber Security News Update 12/15/2017

Enterprise cyber security is a group effort, if everyone is working with proper cyber security protocols in mind then everyone else’s efforts are lessened. This isn’t to say that you shouldn’t pursue cyber security across your entire company, just know that a single weak link is all it takes to create an opening. Redundant systems and multi-factor verification can make up for short-comings, but they have to be implemented first. There is an advantage to forcing verification at the corporate level, rather then relying on your employees to get around to it. The most common security slip-ups by employees are saving their passwords, and sending work documents to/from personal devices. These actions are dangerous because they can bypass most security measures, but both of them can be combated with proper security protocols. Multi-factor verification stops password saving, because some other vector is necessary to successfully login. Requiring a code to be sent to a phone or other device, and then entered within a short time-frame, can cut down on unwanted access. Restrictions can be put in place so that documents and other work related files can’t be sent to a device that’s not on the network.
Source: You’re probably putting your company’s cybersecurity at risk

In a startling display of failed quality assurance, HP sent out several laptops with a keylogger program installed on it. The program is turned off by default, but that’s not very comforting when it comes to a dangerous piece of malware. Keyloggers are extremely threatening programs, they do exactly as their name says: Every keystroke you make is logged and sent to someone else. With some patience and a program to sift through the data, an attack can easily find every bit of information you’ve used your keyboard to enter. Some advanced programs also track mouse movements and clicks, so an attack can recreate your entire experience as they get into whatever secure areas you have access too. HP did release a patch to remove this software once they were notified, but its mere presence raise the question: How did malware get installed on the devices in the first place? Why would HP ever even need a keylogger program in the first place, they’re a hardware manufacturer not an intelligence agency. It also begs the question: What else is unknowingly installed on HP devices? They’re could be any number of programs that slipped through the cracks.
Source: Oops… Some HP Laptops Shipped With Hidden Keylogger

Triton, Industrial Control System (ICS) malware, is ravaging the Middle East where it resides in critical infrastructure. Triton, also known as Trisis, is designed to target Triconex Safety Instrumented Systems ICS software by Schneider Electric. This software works as a safeguard against dangerous industrial accidents and is an independent program that double-checks other safeguards. This redundancy adds resistance to cyber attacks that neutralize other safety programs, improves response times by having a watchdog program that can act on its own to stop deadly situations and allows for another level of safety. Secure systems, like those usually found in industrial plants, are supposed to be air-gapped. This means that the computers have no connection to the internet, and nothing they’re connected to has access to the internet. Essentially, the entire network is a closed system. It would appear that the infected computers were supposed to be air-gapped, but were either connected to the outside world or someone brought in an infected device that spread Triton.
Source: TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage