[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
FCC allows for automated calls and text messages for data breach notifications
Although the Telephone Consumer Protection Act (TCPA) requires consumers to provide consent before receiving non-emergency robocalls on their wireless phones, the Federal Communications Commission (FCC) has clarified the act’s ramifications to allow for automated data breach notifications.
The American Bankers Association (ABA) issued a petition in October 2014 requesting that financial institutions, in particular, be exempt from the prior consent robocalling clause when it comes to data breach notifications, automated fraud and identity theft alerts, remediation messages and money transfer notices.
On Thursday, the FCC voiced its agreement with the ABA and offered an exception for these types of notifications, in addition to important healthcare reminders. The calls or texts must be free, the FCC ruled, and they must allow consumers to say âstopâ at any point.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2ca9df935a&e=20056c7556
Threat Intelligence and Risk Management: An Introduction
Weâre going to talk about how threat intelligence relates to the risk management process, but first itâs helpful to remember that intelligence is itself a process. That basic process is traditionally described as a cycle that includes direction, collection, processing, analysis, dissemination, and feedback. Several proposed variations exist, but our goal here isnât to build a more precise diagram of the intel hamster wheel. We just need a baseline that lets us segue to risk management, and the above ticks that box
The main point Iâll be unpacking during this series is this: threat intelligence is like food and vitamins for malnourished risk models. Unfortunately, the standard fare for risk models is input like high-medium-low and red-yellow-green. We shouldnât be surprised when they donât mature and perform as well as we need them to. Good intelligence makes smarter models; smarter models inform decisions; informed decisions drive better practice; better practice improves risk postureâŚand that, done efficiently, makes a successful security program.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=80eb090077&e=20056c7556
Securing Federal Data on Nonfederal Systems
The National Institute of Standards and Technology has issued new guidance aimed at protecting federal data that’s stored on information systems outside the federal government.
Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, applies to information systems and organizations outside of the federal government that process, store or transmit federal controlled unclassified information, or CUI.
The guidance identifies 14 families of security requirements for protecting the confidentiality of CUI on nonfederal systems, including: access controls, awareness and training, audit and accountability, configuration management, identification and authentication, incident response, maintenance, media protection, personnel security, physical protection, risk assessment, security assessment, system and communications protection, and system and information integrity.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d7d3c5c7b4&e=20056c7556
The ELF ChinaZ “reloaded”
MalwareMustDie (MMD) group found new ELF malware called ChinaZ reported in the previous post inâJanuary 2015 while it was riding the Shellshock for infecting Linux boxes in the internet. And the new version of ChinaZ was accidentally spotted while our team was gathered to scan internet for more ELF bad stuff, and we were all in sleepy mode after our day work in weekend…pictureâ đ
As a new malware, the ChinaZ malware is rapidly coded into some variants and the popularity is aggressively raising fast, it is adjusted to some vulnerability trend to support its infection efforts to linux boxes. It urged also an open development of its code too, a suspected related development branch of ChinaZ development source code even spotted in the GitHub and it looks actively coded until mid of March 2015, as per shown in the below link/picture. Yes, we have some samples that are perfectly matched to the codes released in this Github, and yes, this matter also has been reported to the law enforcement accordingly to be escalated to the PRC (read: people reb of China).
The “ChinaZ As Service” for DDoS’ing some targeted sites in the internet is also spotted in the wild, which is currently up and alive too…
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e693c3096f&e=20056c7556
Deep Panda, PinkPanther among suspected hacker groups behind mega US federal data breach
Singapore:Security researchers have many names for the hacking group that is one of the suspects for the cyberattack on the US government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault â and eventually repulsed it.
In February 2014 a US firm that designs and makes technology products called in RSA, a division of technology company EMC, to fix an unrelated problem. RSA realized there was a much bigger one at hand: hackers were inside the company’s network, stealing sensitive data.
On July 10, 2013, they set up a fake user account at an engineering portal. A malware package was uploaded to a site, and then, 40 minutes later, the fake account sent emails to company employees, designed to fool one into clicking on a link which in turn would download the malware and open the door.
Myers says they are still trying to gain access today, though all attempts have been unsuccessful.
“If they’re still trying to get back in, that lets you know you’re successful in keeping them out,” he said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9e98449419&e=20056c7556
6 critical steps for responding to a cyber attack
It is important to bear in mind that these steps are not sequential â in practice, it will be necessary to think about most of them in parallel, particularly in the initial aftermath of the breach where the priorities will be to contain it in order to mitigate any risk of further damage or loss of data.
1. Mobilise the incident response team
2. Secure systems and ensure business continuity
3. Conducting a thorough investigation
4. Manage public relations
5. Address legal and regulatory requirements
6. Incur liability
Although the focus of this article has been on what to do in the event of a breach, it is also important to bear in mind that there are a number of proactive steps that organisations can take in order to mitigate the risk of a cyber attack before it happens. In particular, organisations should carry out a comprehensive assessment of their existing processes and procedures, identifying what needs to be protected and assessing the specific risks and potential impacts on the business.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9f65fb264b&e=20056c7556
SANS Cyberskills Self-Assessment Addresses Skills Shortage
SANS Institute has launched the worldâs first online cybersecurity aptitude assessment, designed to allow anyone in the UK to assess their cyber-capabilities and the quality of their existing skills.
SANS will use the information to address the skills shortage as well, to identify the UKâs next great cyber-defenders. The very best performers will be offered ÂŁ30,000 scholarships to the prestigious SANS Cyber Academy for an eight week intensive boot camp offering comprehensive cybersecurity training.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=818729884c&e=20056c7556
Are shipowners ready to prevent cyber attacks?
Shipowners should be prepared to battle cyber threats to their assets, and the industry should be doing more to prevent successful hacking. Cyber security is becoming an increasingly important issue for the maritime industry as ships are open to a growing number of threats. As more onboard systems are run by computers, hackers may gain access to key equipment, including navigation, steering, engineroom and cargo handling systems.
Shipping has come late to the issue of countering cyber threats and needs to catch up with other sectors. It is in the interest of seafarers, owners, charterers and shipmanagers to ensure their communications are secure. The issues will become even more important as the industry develops e-navigation and considers more onboard automation. But even if IMO and IEC create guidelines and standards for improving security, it will be shipownersâ responsibilities to ensure their vessels are safe from the online threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=966aef7dfc&e=20056c7556
Valuing cybersecurity outcomes instead of oversight
Every day, new technologies and applications offer opportunities to change how we work, live and play. This frenetic pace is rivaled only by the ever increasing number and sophistication of the cybersecurity threats we face.
We must re-evaluate our cybersecurity efforts to ensure that we can quickly exploit new technologies to deliver more effective mission results. Today, the call for speed and agility is nowhere more crucial than in our cybersecurity policies and practices.
A world where we rally around a common goal of secure information sharing will be one where our security efforts help ensure the rapid adoption of new technologies and the ability to get the right information to the right person. Some laws, such as the Federal Information Security Management Act, must be changed, and new laws addressing liability and information sharing must be enacted.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e57f3723ac&e=20056c7556
The Hunt for the Financial Industry’s Most-Wanted Hacker
The breakthrough came in the fall of 2013, says Grasso, when private partners, including SecureWorks, came up with a way to break the botnet. Grasso helped coordinate a team of about 10 FBI agents and private researchers from some 20 different companies to take down the bot by slowly placing moles inside the systemâgradually swapping in government-controlled computers and servers for malicious ones and seizing control of proxy addresses. Then they got court orders allowing them to seize and redirect the botnetâs administration to their own servers. On June 2, 2014, the FBI and the Department of Justice announced the takedown, along with another piece of news: the name of the man they called ZeuSâs creator.
A court document unsealed that day showed that heâd been betrayed not by his code but by a human traitor. The tipster had handed the FBI an e-mail address used by the Gameover ZeuS administrator. That led them to Evgeniy Mikhailovich Bogachev, a 30-year-old with a shaved head.
In February, the FBI announced a $3 million reward for information that could lead to his arrest, the biggest bounty ever put on a cybercriminal.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2a678f42bf&e=20056c7556
Santander is experimenting with bitcoin and close to investing in a blockchain startup
Banks mostly aren’t interested in bitcoin, but they are interested in the software that runs the digital currency â the blockchain.
The blockchain keeps a public record of transactions, spread across a distributed network, and allows much quicker transfer of balances. As a result, sending bitcoin is faster, cheaper and more transparent than sending traditional currencies.
That makes it attractive to banks looking to soup up their money transfer businesses, but the technology also has potential in other areas â distributed ledgers could be used for “smart contracts” when banks make loans, for example, recording who’s borrowed what across a public network.
“We have internally identified 20 to 25 use cases where this technology can be applied,” Mariano Belinky, head of Santander InnoVentures told Business Insider at MoneyConf in Belfast this week. Belinky reeled off international money transfers, trade finance, syndicated lending and collateral management as some of the areas where blockchain technology could be applied.
Stephen Pair, CEO of bitcoin company Bitpay, told me during our interview at MoneyConf that he’s in conversation with several banks about the potential of blockchain and related technologies. But he said: “Iâve been in and around banks for a while and they take years, even with software thatâs well known and well understood.” Pair thinks it will be at least 5 years before any banks seriously adopt a version of blockchain technology.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ffc794e8f2&e=20056c7556
UK Cyber Attacks Focus On Data-Rich Public Sector
Public sector organisations in the UK are more likely by far to suffer an attack than other sectors, according to a new study by NNT Com Security.
The IT security firm has released its latest Global Threat Intelligence Report which shows that in the UK nearly 40% of malware attacks target public sector organisations – three times more than the next sector, insurance (13%) and nearly five times more than the media and finance sectors (both 9%).
However, globally the number one targeted sector is financial services, which receives 18% of all detected attacks.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2f1e6f907c&e=20056c7556
US Hosts The Most Botnet Servers
The United States leads the world in hosting malicious servers that are used to remotely command and control infected user machines and systems. And the US is the second-most frequent target of those systems, a new report from Level 3 Communications shows.
It found that 60% of C2 servers are being used for malicious communications targeting corporate networks. Left unchecked, such C2s have the potential to disrupt businesses and destroy their data assets, Level 3 said.
Level 3 observed botnets being used for malware distribution and phishing services a well as the usual distributed denial-of-service mission. On average, each botnet had 1,700 infected hosts and stayed up for about 38 days before being taken down voluntarily by the criminals themselves or by the service provider. The number of victims per C2 server meanwhile has gone down substantially from a peak of 3,763 in January to 338 in March. Much of that has to do with the increased vigilance displayed by the security industry against the botnet threat, Level 3 said.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1bfa4f108a&e=20056c7556
Let’s meetup in NYC and open up discussions regarding threat intelligence
Tuesday, July 14, 2015
7:00 PM to 9:00 PM
Lightning talks welcome, first come first serve for the first hour and then we will have a mingle-fest and end it with a guest speaker. I am taking feedback on how to run this (since this is the first time) but I figure we can wing it at first. Discussion topics include threat research, malware analysis techniques, behavior analysis, psychology of intelligence, gripes about the industry marketing buzz and mostly anything that applies to this field. Pizza and drinks will be provided for. Location and food is brought to you by Security Scorecard and can house 50 people.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=360dd18b0a&e=20056c7556
Akorn Inc. has customer database stolen, records offered to highest bidder
Akorn Inc., a niche pharmaceutical company Lake Forest, IL, has had a customer database with more than 50,000 records compromised by a hacker who is offering to sell the data to the highest bidder or back to the company, whichever comes first.
The database was offered up on a dark web forum by a person known for using SQL Injection and other techniques to target vulnerable companies.
The database theft at Akorn is just the latest in a sting of issues for the company. Last month, the company recalled more than 360,000 units of antibiotics made by Hi-Tech Pharmacal, which Akorn bought in 2013 for $640 million. And in April, the company faced a number of class action suits after they overstated their financial results for the last three quarters of 2014.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7a1394d704&e=20056c7556
EFF and Internet Services Company Say Web Firms Shouldn’t Be the Major Labels’ Watchdogs
CloudFlare, a San Francisco-based content distribution service that provides security (and speed) to websites, is pushing back at a recent federal court order that would force companies that deal with Internet infrastructure to essentially become copyright and trademark enforcers for music labels when an infringing site’s owner cannot be found.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=38f63e13cf&e=20056c7556
Microsoft website dedicated to online privacy gets hacked
The Microsoft site Digital Constitution was running an older version of WordPress when the spammy links were discovered, according to ZDNet, which first reported the compromise. Even after the links were removed from the front page in the hours following the ZDNet post, a variety of other pages continued link to the gambling sites.
It’s not clear how long the site had been infected, if the attack included malicious links that attacked visitor computers, or if other Microsoft websites were similarly hacked. It’s not unusual for hack-by-numbers exploit kits to automatically inject malicious links into vulnerable pages that when viewed by vulnerable computers, perform driveby download attacks. Ars put these questions to a spokesman with Microsoft’s outside PR firm, but he declined to comment, other than to say “it’s fixed.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e70d5428ab&e=20056c7556
500 Cyber Crime Cases in Hyderabad
HYDERABAD: As many as 500 cyber crime cases, mostly in banking sector under the guise of lottery frauds, fake RBI text messages, credit card cloning, ATM frauds etc have been registered in Hyderabad alone in the last three years.
Speaking at an awareness programme on cyber crimes in the banking sector organised by the Federation of Telangana and Andhra Pradesh Chamber of Commerce and Industry (FTAPCCI) on Friday, Crime Investigation Department (CID) DIG C Ravi Varma said, âInternet makes life simple for the users and at the same time makes it easy for cyber criminals to commit crimes and escape.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ea581694e6&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d98cad38ee)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)