Endpoint Protector Appliance: Stop data theft on Windows and Mac

Famous cases of data breaches: comercial secrets of Credit Suisse go to Goldman Sachs

May 7th, 2013 by Cristina (0) Data Theft & Loss,Default,DLP,security breach

Swiss bank Credit Suisse accused its former vice president of emerging markets Agostina Pechi, hired by the U.S. investment bank Goldman Sachs of theft of trade secrets, reports Bloomberg.

Credit Suisse has filed a complaint in a Manhattan court sustaining that the information was stolen in an attempt to win customers for Goldman Sachs.

In February and March, Pechi secretly sent e-mails with customer lists and other confidential banking information from her work account to her personal account. She also printed important documents relating to transactions, late at night,  when she was officially away on vacation, says the complaint filed by Credit Suisse  on the 3rd of May 3.

Pechi earned 950,000 dollars last year and lives in New York. She resigned from Credit Suisse on the 2nd of April, informing she accepted a job at Goldman Sachs in New York.

“Pechi decided to steal confidential information from Credit Suisse and contact details she gathered during the time spent at Credit Suisse. She plans to use the data to compete with Credit Suisse and share them with her new employer, specifically targeting the Swiss bank’s clients, “said  the complaint.

A spokesman for Goldman Sachs declined to comment, and Pechi could not be reached.

Funny thing is Goldman Sachs hasn’t been exempted from data thefts from ex-employees!

Not another lost USB stick?!

New victims, same old story…. An unprotected USB stick containing private information of Canadian residents went missing from an office of Human Resources and Skills Development in Gatineau, Quebec.

The drive was storing the names, social insurance numbers, dates of birth and loan balances of 583000 students who had borrowed money between 2000 and 2006.

The internal investigation on the affair started only two months after the discovery of the loss of the stick (Nov. 5th) and a notification was sent to the victims only last Friday.

So the question remains: Are we ever going to learn from others’ mistakes? Especially now that Device Control, Data Loss Prevention and USB encryption software has been around for ages and it’s virtually in everybody’s reach.

“there is always an idiot around who doesn’t think much about the thumb drive in their hand”

Stuxnet, the worm created by the US and Israel for breaking down Iran’s nuclear plant Natanz got out of their control

An article published today in the New York Times shows that the Stuxnet virus-written and deployed by the US and Israeli government-targeting the Iranian nuclear plant Natanz got out in the wild. It seems that the purpose of the code was to set back the Iranian nuclear research program by commanding the control hardware responsible for the spin rate of the centrifuge equipment. The important aspect of this is the fact that the worm only targeted this specific nuclear plant, it was never intended to spread on the Internet.

The network at Natanz is air-gapped, which made it very difficult for the people who made the plan to introduce the code into the network. They needed someone with physical access to the site to get the worm inside through thumb drives (this is also the manner how the first versions of the worm were distributed). To quote one of the architects of the plan: ‘It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.’

The way Stuxnet spread outside Natanz’s network is most probably on a laptop. Fortunately, security researchers were able to annihilate it.

Endpoint Protector now provides Content Aware Protection

Endpoint Protector just announced the launch of the Content Aware Protection module as a Customer Preview. The new 4.1 version incorporates top of the line technology that enables you to eliminate risks of confidential data loss or data leakage to the Internet or the Cloud (services such as Google Drive, Dropbox, iCloud, etc.)

To read more on the new Endpoint Protector feature, visit: http://www.cososys.com/press_releases/Press_Release_Endpoint_Protector_adds_Content_Aware_Protection_to_prevent_data_leaks_to_the_cloud_15-May-2012_EN.html

Do you use Linux? Endpoint Protector protects your ports also

Endpoint Protector just launched the new versions for Ubuntu and openSUSE of its Device Control and Data Loss Prevention solution, Endpoint Protector 4. With the new launched version, Endpoint Protector is virtually platfom-independent.

Endpoint Protector 4 is available as Hardware and Virtual Appliance, with support for Windows, Mac OS X and Linux Ubuntu 10.04 LTS and openSUSE 11.4. The data and device security solution ensures a complete and proactive protection against both inside and outside threats for organizations in an easy, but highly efficient manner with seamless integration and no operating system constraints. For more details, please visit: http://www.endpointprotector.com/en/index.php/products/endpoint_protector

Unified Threat Management Vendor Astaro Acquires CoSoSys

January 28th, 2011 by Agent Smith (0) Default

After a very successful year 2010 and many product launches and recognitions, CoSoSys announced it had been acquired by leading European Unified Threat Management vendor Astaro. Astaro plans to take over and keep both the product range of the Romanian company and their team.

The two companies will continue to develop CoSoSys’ existing range of endpoint and mobile data security solutions,and will also  collaborate on integrating CoSoSys’ device control, data loss prevention and endpoint security solution into Astaro’s Unified Threat Management solution, the Astaro Security Gateway, and on providing a level of overall security beyond any solution currently on the market. Read more

Be careful with Flash Drives as a Gift. They might cause a malware infection!

Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.



banner-sky.jpg

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.

Read the entire story that sounds more like a Ian Fleming novel than a real life story.
Enjoy.

Study by KPMG sees “Business crime on the rise in Germany”

As many as 37 percent of German companies were the victim of economic crime in the last three years, a new study has found. Internet fraud and the theft of business secrets have become a particular problem.
The use of USB Flash Drive in high capacity has made it easy to steal even the most complex business or construction plans in just a few seconds.

A USB Thumbdrive is all that’s required to steal valuable information.

A new study carried out by the German research institute Emnid for the financial services firm KPMG has found that criminal methods are being used more and more often in the ruthless and competitive world of business.

The survey, which took in 375 companies of all sizes, found that around one in three companies had been the victim of business crime. Two thirds of the companies surveyed also expected the level of criminality to rise.

The biggest economic crimes remain fraud, theft, embezzlement and breach of trust, but money-laundering and the forgery of accounts and financial information have all risen since the last survey was carried out in 2006.

Ignorance breeds carelessness

According to KPMG spokesman Frank M. Huelsberg, companies still need to be more aware of how crimes operate. “Despite these alarming results, small and medium-sized companies are particularly prone to underestimate the danger of falling victim to crime,” he said.

Fifty-six percent of the employees surveyed said that their company was less likely to be a victim of economic crime than a major corporation, while 76 percent believe they have made adequate security arrangements.

banner-sky.jpg

“Privately- or family-owned companies like to put their trust in their employees. But that makes them vulnerable,” Huelsberg said, “Experience shows that basic security mechanisms are often neglected in such companies.”

Third-party threat

In 62 percent of economic crimes involving small and medium-sized companies, employees conspired with an external third party. This figure is only 40 percent with large companies.

The theft of business or operational secrets is a growing threat, according to the study. A third of small and medium-sized companies have been a victim of such theft, the study said.

“The sale of sensitive information to competitors or criminals is particularly strong in times of economic crisis,” Huelsberg says, “Nowadays even the most complex construction plans fit on a USB stick. Data theft and industrial espionage can be child’s play if security fails, and the loss of sensitive designs or formulas can be fatal for a small, innovation-based company.”

Read the enitre article here on DW.

DuPont Insider Breach, Take #2

September 16th, 2009 by Agent Smith (0) Data Theft & Loss,Default,DLP,In the News

DuPont seems unable to stay away from malicious employees, determined to steal ans sell their secrets. Two years after an insider breach thought to have caused losses of USD 400 million, DuPont has first fired and then filed a lawsuit against a Chinese-born employee, accusing him of misappropriation of trade secrets. As explained by DarkReading, DuPont discovered the employee’s incriminating actions while reviewing his hard drive prior to transferring him to China. He had downloaded a number of proprietary files about the OLED, claims the company.

“As a science company, DuPont acts to protect our unique and confidential technologies,” a company issued statement said. “These events underscore our unwavering commitment to protect the integrity of our proprietary science and technology for the benefit of DuPont shareholders, employees and customers.”

Putting their employees behind bars and making them pay fines might be a solution. But probably not the most effective. If I may, I’d recommend some proactive data loss prevention instead :)

Happy New Year!

January 2nd, 2009 by Agent Smith (0) Default

I’d like to wish you all a happy, sucessful and above all safe 2009! Hope you’ve had and are still having an amazing holiday and that the new year will bring us all everything we wish for! Happy New Year!

Happy New Year 2009