Combating phishing for banks / Story of a former worm target / Disaster preparation
Combating Phishing
A document outlining some simple steps that financial institutions can take to limit the impact of phishing on their website titled "6 simple steps for businesses to beat phishing" is now available at http://isc.sans.org/presentations/phishthat.pdf
There are a number of active phishing emails in the wild. Be on the look out for them. Some of them point to sites which are no longer responding fortunately, many are still active though.
Worm Targets
We were contacted by a site which was a target for one of the bagle worms. They are seeing a large amount of traffic from infected hosts. Any one else out there have a story like this to share? We'd like to identify potential collection points for finding infected hosts.
Hurricane Preparations
In response to yesterday's query about preparing for a hurricane, Travis Abrams had this advice to share:
Local IT staff
- Work with local building management to coordinate building shutdowns. Be aware that most buildings will begin shutdown procedures when a Hurricane Warning is issued. (If they say power is going off at 1:00 pm that means power is shutdown at that time not that they are starting to shutdown.) Coordinate with firm wide IT to begin systems shutdown 30 minutes prior to building shutdowns.
- Work with local managers and share any information with Firm wide IT.
- Loaner laptops should be issued to key personnel that do not have laptops.
- Keep a loaner laptop that contains Ghost images for desktops/laptops.
- Ensure you have updated your contact information in the IT Contacts.
Firm wide IT
- Perform a full backup of all systems 4 days prior to the impact of the storm unless already scheduled. Have backups sent off site. (Be aware that UPS, FedEx, etc will stop shipments prior to the hurricanes impact.)
- Perform incremental backups every night prior to storm and have them sent off site
- Perform Full backup prior to storm impact if possible. Have local IT retain control.
- Once building power is shutdown redirect the main numbers for the affected offices to an offsite voicemail box. (This eliminates busy signals and we can notify clients of the offices' status.)
- Updates Office Closure hotline as the situation changes.
- Update Intranet with Hurricane updates for offices in unaffected regions.
- Prepare alternate procedures for the firm wide helpdesk.
- Get any necessary equipment into or out off the offsite datacenters. (Be aware the datacenter will not allow access 48 hours prior to the storm making landfall in the area and will not resume until the local authorities have deemed it safe to travel)
- Wrap critical systems that are located in the affected offices in plastic to help reduce water damage.
Hoping for a dry weekend for those who are recovering from or preparing to weather the storms in both hemispheres.
Dan Goldberg
dan at madjic dot net
A document outlining some simple steps that financial institutions can take to limit the impact of phishing on their website titled "6 simple steps for businesses to beat phishing" is now available at http://isc.sans.org/presentations/phishthat.pdf
There are a number of active phishing emails in the wild. Be on the look out for them. Some of them point to sites which are no longer responding fortunately, many are still active though.
Worm Targets
We were contacted by a site which was a target for one of the bagle worms. They are seeing a large amount of traffic from infected hosts. Any one else out there have a story like this to share? We'd like to identify potential collection points for finding infected hosts.
Hurricane Preparations
In response to yesterday's query about preparing for a hurricane, Travis Abrams had this advice to share:
Local IT staff
- Work with local building management to coordinate building shutdowns. Be aware that most buildings will begin shutdown procedures when a Hurricane Warning is issued. (If they say power is going off at 1:00 pm that means power is shutdown at that time not that they are starting to shutdown.) Coordinate with firm wide IT to begin systems shutdown 30 minutes prior to building shutdowns.
- Work with local managers and share any information with Firm wide IT.
- Loaner laptops should be issued to key personnel that do not have laptops.
- Keep a loaner laptop that contains Ghost images for desktops/laptops.
- Ensure you have updated your contact information in the IT Contacts.
Firm wide IT
- Perform a full backup of all systems 4 days prior to the impact of the storm unless already scheduled. Have backups sent off site. (Be aware that UPS, FedEx, etc will stop shipments prior to the hurricanes impact.)
- Perform incremental backups every night prior to storm and have them sent off site
- Perform Full backup prior to storm impact if possible. Have local IT retain control.
- Once building power is shutdown redirect the main numbers for the affected offices to an offsite voicemail box. (This eliminates busy signals and we can notify clients of the offices' status.)
- Updates Office Closure hotline as the situation changes.
- Update Intranet with Hurricane updates for offices in unaffected regions.
- Prepare alternate procedures for the firm wide helpdesk.
- Get any necessary equipment into or out off the offsite datacenters. (Be aware the datacenter will not allow access 48 hours prior to the storm making landfall in the area and will not resume until the local authorities have deemed it safe to travel)
- Wrap critical systems that are located in the affected offices in plastic to help reduce water damage.
Hoping for a dry weekend for those who are recovering from or preparing to weather the storms in both hemispheres.
Dan Goldberg
dan at madjic dot net
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago