RESOURCE ROUND-UP: EIGHT OPEN SOURCE AVENUES TO BOLSTER CYBER PROGRAMS, PRACTICES AND KNOWLEDGE

As cyber criminals have gotten more aggressive, creative and shrewd, cybersecurity issues have risen to a top-of-mind challenge at financial institutions of all sizes.

Cyber attacks can take a dizzying number of forms, from taking advantage of known or as-yet unknown security vulnerability or piece of unpatched code, to denial of service, ransomware, or social engineering-fueled assaults.

More recently, FinCEN has even warned of an upsurge in the scourge of business email compromise (BEC) attacks, which dupe company insiders through emails that appear to come from top bank officials, company customers or third-parties. By convincing employees to send money for far-flung foreign locales, BEC attacks have easily stolen billions of dollars in the past two years. 

That’s why ACFCS has chosen to focus on open source cybersecurity tools in our latest Resource Round-Up. Below are free tools to bolster the strength of passwords, find out if you, or your firm, has been the victim of a data breach, get a glimpse of global attack patterns and even use open source tools to test the soundness of systems at all levels.

The ACFCS Resource Round-Up is a new feature from ACFCS highlighting open-source tools, databases, information sources and other resources that can be potentially useful for financial crime compliance, investigations and due diligence. As with all online open sources, these tools each have their own limitations, so users must always employ their own discretion in accessing these tools and validating and interpreting any results obtained.


Secure Password by Kaspersky

A straightforward tool to check the strength of passwords and get tips to make these virtual gateways harder for criminals to crack.

http://password.kaspersky.com/

Have I Been Pwned?

This site searches for any data, including names and email addresses, that have been released or associated with any known data breaches. For instance, you can look up and see if your email address has popped up tied to bank accounts, such as JPMorgan, Yahoo email or even Ashley Madison.

http://haveibeenpwned.com/

Kaspersky Cyberthreat Map

This is arguably one of the most well-known cyber threat attack maps and, consequently, is also one of the most sophisticated and entertaining. It breaks down types of attacks, countries originated and getting attacked and other critical data points. The site displays a three-dimensional earth array with colorful fusillades of cyberattacks launching to destinations the world over.

http://cybermap.kaspersky.com/

Norse Attack Map

The Norse Attack Map is another site with a strong visual element to its attack mapping. Colorful streamers trace different attacks, and shockwaves indicate successful cyber hits. The site also allows visitors to click on countries to get a better sense of the region where attacks are occurring, and logs and displays important virtual skirmish details, including attacker IP addresses, attack and target geographies, the attack type and port.

http://map.norsecorp.com/#/

FireEye Cyber Threat Map

The animated map shows easy-to-follow attack arcs from countries hosting cyber assailants and the countries that are their targets. The site also breaks down the most aggressive host countries and related targets and the top five reported industries under attack, with financial services at the top followed by services and consulting. The site also tallies the total number of attacks on any given day. For example, at 2:15 p.m. on a Tuesday, the site had already registered nearly 434,000 global attacks.

http://www.fireeye.com/cyber-map/threat-map.html

Digital Attack Map – shows distributed denial-of-service (DDoS) attacks

This attack map focuses on DDoS attacks and is also a roundup of news items about recent attacks.

http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16434&view=map

DHS Open Source Cybersecurity Catalog

This is an open source cybersecurity catalog provided by the Homeland Open Security Technology Project, part of an initiative spearheaded by the US Department of Homeland Security to focus on open sources and solutions to common cyber challenges. The catalog has dozens of open source avenues to bolster nearly every cyber area of a public or private firm, including anti-spyware, firewalls, intrusion prevention and monitoring, system hardening, penetration testing, and more.

http://www.dhs.gov/sites/default/files/publications/csd-host-open-soruce-cybersecurity-catalog.pdf

Cyber Degrees – The ‘Uber list of cybersecurity resources’

The “Uber list of cybersecurity resources,” is how this site describes itself. “We’ve subtitled this list: “‘Everything you want to know about cyber security and are too tired to search for.’” “Whatever you may be interested in – from DEF CON to SANS – you will find on this page,” according to the site.Links are separated into categories and arranged alphabetically.

Some resources include how to keep up on the latest threats and countermeasures, from private and government sources, ways to improve knowledge through courses and certifications and ways to connect with local groups, through chapters and conferences.

http://www.cyberdegrees.org/resources/the-big-list/

*Bonus content

While this isn’t a tool itself, it’s a great look at some open source programs and software tools for malware analysis and forensics, including 11 of them that are “catching fire” on Github. 

http://www.infoworld.com/article/2606779/security/163151-11-open-source-security-tools-catching-fire-on-GitHub.html#slide1