Financial Cyber Threat Sharing Group Phished
Security Bot last edited by
TheFinancial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.
The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient.
The confidential alert FS-ISAC sent to members about a successful phishing attack that spawned phishing emails coming from the FS-ISAC.
Notice of the phishing incident came in an alert FS-ISAC shared with its members today and obtained by KrebsOnSecurity. It describes an incident on Feb. 28 in which an FS-ISAC employee :undefined:“:undefined:clicked on a phishing email, compromising that employee:undefined:’:undefined:s login credentials. Using the credentials, a threat actor created an email with a PDF that had a link to a credential harvesting site and was then sent from the employee:undefined:’:undefined:s email account to select members, affiliates and employees.:undefined:”:undefined:
The alert said while FS-ISAC was already planning and implementing a multi-factor authentication (MFA) solution across all of its email platforms, :undefined:“:undefined:unfortunately, this incident happened to an employee that was not yet set up for MFA. We are accelerating our MFA solution across all FS-ISAC assets.:undefined:”:undefined:
The FS-ISAC also said it upgraded its Office 365 email version to provide :undefined:“:undefined:additional visibility and security.:undefined:”:undefined:
In an interview with KrebsOnSecurity, FS-ISAC President and CEOBill Nelson said his organization has grown significantly in new staff over the past few years to more than 75 people now, includingGreg Temm, the FS-ISAC:undefined:’:undefined:s chief information risk officer.
:undefined:“:undefined:To say I:undefined:’:undefined:m disappointed this got through is an understatement,:undefined:”:undefined: Nelson said. :undefined:“:undefined:We need to accelerate MFA extremely quickly for all of our assets.:undefined:”:undefined:
Nelson observed that :undefined:“:undefined:The positive messaging out of this I guess is anyone can become victimized by this.:undefined:”:undefined: But according to both Nelson and Temm, the phishing attack that tricked the FS-ISAC employee into giving away email credentials does not appear to have been targeted :undefined:—:undefined: nor was it particularly sophisticated.
:undefined:“:undefined:I would classify this as a typical, routine, non-targeted account harvesting and phishing,:undefined:”:undefined: Temm said. :undefined:“:undefined:It did not affect our member portal, or where our data is. That:undefined:’:undefined:s 100 percent multifactor. In this case it happened to be an asset that did not have multifactor.:undefined:”:undefined:
In this incident, it didn:undefined:’:undefined:t take a sophisticated actor to gain privileged access to an FS-ISAC employee:undefined:’:undefined:s inbox. But attacks like these raise the question: How successful might such a phishing attack be if it were only slightly more professional and/or organized?
Nelson said his staff members all participate in regular security awareness training and testing, but that there is always room to fill security gaps and move the needle on how many people click when they shouldn:undefined:’:undefined:t with email.
:undefined:“:undefined:The data our members share with us is fully protected,:undefined:”:undefined: he said. :undefined:“:undefined:We have a plan working with our board of directors to make sure we have added security going forward,:undefined:”:undefined: Nelson said. :undefined:“:undefined:But clearly, recognizing where some of these softer targets are is something every company needs to take a look at.:undefined:”:undefined:
Make ISO from DVD
In this case I had an OS install disk which was required to be on a virtual node with no optical drive, so I needed to transfer an image to the server to create a VM
Find out which device the DVD is:lsblk
Output:NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 465.8G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 464.8G 0 part ├─centos-root 253:0 0 50G 0 lvm / ├─centos-swap 253:1 0 11.8G 0 lvm [SWAP] └─centos-home 253:2 0 403G 0 lvm /home sdb 8:16 1 14.5G 0 disk /mnt sr0 11:0 1 4.1G 0 rom /run/media/rick/CCSA_X64FRE_EN-US_DV5
Therefore /dev/sr0 is the location , or disk to be made into an ISO
I prefer simplicity, and sometimes deal with the fallout after the fact, however Ive repeated this countless times with success.dd if=/dev/sr0 of=win10.iso
Where if=Input file and of=output file
I chill out and do something else while the image is being copied/created, and the final output:8555456+0 records in 8555456+0 records out 4380393472 bytes (4.4 GB) copied, 331.937 s, 13.2 MB/s
Recreate postrgresql database template encode to ASCIIUPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';
Now we can drop it:DROP DATABASE template1;
Create database from template0, with a new default encoding:CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE'; UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1'; \c template1 VACUUM FREEZE;