[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
DOJ issues data breach guidance
On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices.
The guidance is split into four primary sections: (1) Steps to Take Before a Cyber Intrusion or Attack Occurs; (2) Responding to a Computer Intrusion: Executing Your Incident Response Plan; (3) What Not to Do Following a Cyber Incident; and (4) After a Computer Incident. In addition, the document contains a “cyber incident preparedness checklist” that is also split into before, during, and after a cyber-attack or intrusion.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f783d7e98a&e=20056c7556
SANS ICS Defense Use Case: The Norse / AEI Rebuttal
The purpose of this Defense Use Case (DUC) is to evaluate what can be learned from the Norse report while also taking the opportunity to educate on what the cyber security community would typically deem to be a cyber attack on ICS. After reviewing the data provided in the report we agree that the data could be interesting if put into proper context or analyzed along with additional data. However, the data and events described in the report do not conclusively meet the threshold of what the authors of this DUC would deem as ICS cyber attacks. As defenders, it is important to be able to use all data available including network scans which are often times numerous but not necessarily malicious. Network scans when correlated with various types of information can provide useful information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=728a2c3559&e=20056c7556
Cyberespionage: Enterprise Nuisance or National Crisis?
Now, a new study by security firm Norse and the American Enterprise Institute (AEI) argues Iran has been working hard to increase its cyberattack capabilities. According to Frederick W. Kagan, director of the AEI’s Critical Threats Project, “Cyber gives them a usable weapon, in ways nuclear technology does not.” What’s more, he claims that if sanctions are lifted on Iran in a proposed nuclear agreement, the country will pour money into developing cyberattack efforts. According to Norse, the number of malicious acts originating from Iranian IP addresses is up 115 percent since January 2014. Even more worrisome is that attacks from nations such as Iran and North Korea tend to focus on destruction more than espionage; the security firm worries about “an Iranian effort to establish cyberbeachheads in crucial US infrastructure systems — malware that is dormant for now but would allow Iran to damage and destroy those systems if it chose to do so later.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a2d3954406&e=20056c7556
93% of DDoS attacks last 30 minutes
As the tide of DDoS attacks continues to expand, the rise of the Internet of Things (IoT) and the influx of network connected devices, such as webcams and routers, are leading to the growth of Simple Service Discovery Protocol (SSDP)-based amplification attacks, according to NSFOCUS.
shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploy malware and steal data.
Online retailers, media and gaming remain top targets
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=aa03602683&e=20056c7556
Spy Tools Come to the Cloud
Among Amazon’s analytics partners is Digital Reasoning, a trusted cognitive computing startup based in Arlington, Va. It specializes in open source intelligence gathering. AWS and Digital Reasoning have been promoting real-time threat analysis and other open-source intelligence gathering tools on GovCloud, including a recent webinar. They are also targeting government contractors who are handling increasing amounts of sensitive open-source data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=eaadb5e33c&e=20056c7556
Cisco: Network a ‘powerful’ security tool
During his keynote, Rob Soderbery, SVP of marketing and INSBU at Cisco Systems, claimed that network can enable partners to inform customers about the statistics they care most about. This includes incident identification and eradication time, the cost of removing threats and what it takes to control confidential data, he said.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f39a2f6439&e=20056c7556
Privacy breaches and M&A transactions: the importance of due diligence and doing it cautiously
Where a company is being acquired in a stock purchase or where a transaction is set up as a merger, the parties to the transaction should be concerned about each of the other parties’ past privacy practices. Companies engaging in M&A must make inquiries during the due diligence process to ensure that they are not assuming liability for a past breach of privacy as a result of the transaction.
Additionally, by conducting “cyber due diligence”, a party to a transaction can guard against assuming liability for imminent or future liabilities related to data and privacy breaches. Cyber due diligence involves fully understanding the data security of the other parties to the transaction. This due diligence involves reviewing all materials that relate to another company’s data security including policies and procedures for the collection, encryption, storage, use and destruction of private information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4da88bbbea&e=20056c7556
Wal-Mart continually tests networks post-Target breach
Wal-Mart’s chief information officer say the company learned several big lessons from Target’s massive 2013 data breach, including the need to continually test the security of its networks.
“Single points of failure anywhere can have really drastic effects, and the ability for an attack to go undetected for a period of time just exponentially increases the damage that can occur.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=48a6066c25&e=20056c7556
Plan for the next breach with incident response forensics
To start, IT managers must decide if they have the resources to establish an in-house forensic response unit, if outsourcing is the most viable option or if a combination of the two is best. Building an information security forensics lab is an expensive undertaking, which is why some agencies outsource that capability to specialized vendors.
Whether in-house or outsourced, there are several prerequisites for establishing effective forensic investigations.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f14da3a53a&e=20056c7556
Spam-blasting malware infects thousands of Linux and FreeBSD servers
Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam, researchers said Wednesday. The malware likely infected many more machines during the five years it’s known to have existed.
The Mumblehard malware is the brainchild of experienced and highly skilled programmers. It includes a backdoor and a spam daemon, which is a behind-the-scenes process that sends large batches of junk mail. These two main components are written in Perl and they’re obfuscated inside a custom “packer” that’s written in assembly, a low-level programming language that closely corresponds to the native machine code of the computer hardware it runs on. Some of the Perl script contains a separate executable with the same assembly-based packer that’s arranged in the fashion of a Russian nesting doll. The result is a very stealthy infection that causes production servers to send spam and may serve other nefarious purposes.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8c2e00e75d&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=a738ebea21)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)