Stelar Global Inc, formerly Ecom Infotech (I) Ltd. sent spam out in a Word document. This spam submitted by Les Bell via the FunSec mail list.
From: "Ecom Infotech (I) Ltd." (consulting@sgius.com)
To: "Info" (info[at]lesbell.com.au)
Subject: Enterprise Security Management
Date: 24/04/2009 10:09 PM
Dear IT Head,
What do you do when the logging is turned off ?
How soon you will know?
Does that create a blind spot?
Let's see a typical low and slow attack:
Attack step: Attacker action: Action revealed in:
1. Probe Runs port scans seeking targets with Log data
known vulnerabilities.
2. ID entry point Identifies a target system with a known Log data
vulnerability.
3. Access Brute-forces access to the system with Log data
multiple failed logins preceding the
successful login.
4. Admin privilege Escalates to Admin/Root or created a new Asset data
account with Admin privilege.
5. Config change Disables logging. Configuration data
6. Exploit vulnerability Creates a buffer overflow that spikes Vulnerability & Performance data
performance by exploiting vulnerability.
7. Rogue app Installs a back door to the system. Asset data
8. Data theft Steals confidential data. Flow data
Traditional
SIM Co-relate Log, Asset , Configuration, Vulnerability,
Performance and Network flow data in a single integrated
Platform brining actionable intelligence.
Attackers employ "low and slow" attacks designed to evade detection from
existing defenses like IPS and device security. Timely detection of these
"low and slow" attacks is elusive for log management systems because it
requires the real-time collection and correlation of multiple sources of
data. Specifically, log, asset, configuration, vulnerability, performance
and network flow data each contribute to identifying different aspects of
an attack.
Can we help you ? We offer one of the most cost effective solutions
(Embedded image moved to file: pic08431.gif)
We also offer the foll services/ end to end solutions:
1. COBIT, ISO 27001/ 20000, BS25999 Framework Implementation:
Compliance with COBIT, ITIL or ISMS best practices implementation.
2. IT Audit and other related Assurance services. We are certified IT
Auditors.
3. Enterprise Identity Management: Complete security based solutions
for Identity and Access Management, Single Sign On solutions and Federated
Identity Management in a SOA or Distributed Environment.
4. Privileged Users' Monitoring Solutions. ?Reports suggest that 70%
Frauds were caused by Insiders.
5. Business Continuity Management and Resilience Services- Are you
proactively prepared for unplanned outages?
Should you be interested in our services, please drop an email to
ac@sgius.com. For more details visit www.sgius.com
Best Regards
Ashwin K Chaudary
MBA (IT), CISSP, CISA, CGEIT, ISO 27001LA, ITIL, PMP