admini – Page 74 – CyberSecurity Institute

DHS: ‘OpUSA’ May Be More Bark Than Bite

Posted on May 2, 2013December 30, 2021 by admini

The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7.

But Rodney Joffe, senior vice president at Sterling, Va. based security and intelligence firm Neustar, said all bets are off if the campaign is joined by the likes of the Izz ad-Din al-Qassam Cyber Fighters, a hacker group that has been disrupting consumer-facing Web sites for U.S. financial institutions since last fall. Joffe said it’s easy to dismiss a hacker manifesto full of swear words and leetspeak as the ramblings of script kiddies and impressionable, wannabe hackers who are just begging for attention. “The damage they’re capable of doing may be out of proportion with their skills, but that’s been going on for seven months and it’s been brutally damaging.”

What’s more, the DHS warning comes just days after the FBI issued a flash alert on Brobot (PDF) warning that hackers have been modifying the attack scripts to ensure they can evade their targets’ mitigation efforts. “Because the attacks have been ongoing for seven months, the actors are changing their attack methodology to circumvent mitigation efforts of the financial institutions,” reads an FBI alert obtained by BankInfoSecurity.com. “The latest version of the ‘Brobot’ attack scripts that have been utilized to attack the login capabilities of a financial institution’s website spoofs a fraudulent access cookie, user-agent string and referrer. The FBI alert notes that the hard-coded string does not affect the new attack script, but can be used as signatures for intrusion detection and intrusion prevention devices to detect and block attacks from the Brobot botnet.

Link: http://m.krebsonsecurity.com/2013/05/dhs-opusa-may-be-more-bark-than-bite/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29

Cyber-Responders Seek New Ways to Respond to Cyberattacks

Posted on May 2, 2013December 30, 2021 by admini

Local and state government offices that may not see themselves as prime targets for theft of intellectual property or financial information can be used as the weak link to get at financial institutions, Ling said.

The business models of large anti-virus vendors such as Symantec and McAfee incorporate everyone who has a computer, because perimeter defense is an important aspect of protection and is mandated by many federal regulations, including the Health Insurance Portability and Accountability Act (HIPAA).

As with other vendors, FireEye’s starting point is that malware threats evolve so quickly that the traditional protection model is antiquated, explained Phillip Lin, director of product marketing.

“When we were working for McAfee, we investigated large breaches such as Aurora,” recalled Dmitri Alperovitch, a CrowdStrike co-founder and former vice president of threat research at McAfee.

Based in Orange County, Calif., CrowdStrike was founded in 2011 by George Kurtz, the former worldwide CTO of McAfee; Alperovitch; and Gregg Marston, who worked as chief financial officer of Foundstone Inc., a cybersecurity forensics firm that Kurtz sold to McAfee.

Mike Maxwell, director of Symantec’s state and local government organization, said anti-virus continues to be an important tool for containing and blocking malware, but other approaches are necessary to complement it. This makes it difficult for traditional ‘signature-only’ anti-virus approaches to keep up with these evolving threats,” he explained in an email response to questions from Government Technology. But it also builds a list of bad stuff such as the application is communicating with a known bad IP address or it is attempting to insert files in other common load points, such as the registry, removable storage or file system, so this may be suspicious activity that would be blocked, logged or alerted based on configured policy.

Yet Howard said he has seen real change during the past few years: More organizations are moving away from denying that they are under attack; instead they are trying to figure out how they can limit the damage.

Booz Allen Hamilton’s Ling said that although these new companies may be good at what they do, it’s difficult to create a business model around any one aspect of protection, and a chief information security officer may not want to create a mix-and-match solution, because then the risk is assumed by the decision-maker, not the solution provider.

Link: http://www.govtech.com/security/Cyber-Responders-Seek-New-Ways-to-Respond-to-Cyberattacks.html

Effective cyber threat defence requires clear security focus

Posted on May 2, 2013December 30, 2021 by admini

Now is the time to consider dismantling the barriers that often exist between IT and physical security teams, so that evolving cyber risks can be tackled more effectivelyFor example, Verizon’s 2012 data breach investigations report found that ten per cent of breaches involve some form of physical attack, while a…

Sailing the Seven Cs of Security Monitoring

Posted on May 2, 2013December 30, 2021 by admini

Consistency
Continuous
Correlation
Contextual
Compliant
Centralization
Cloud

In this case, our working definition of “continuous” is unique for every organization and needs to be commensurate with their risk and resources.

Correlation: In the modern enterprise, there are simply too many silos of information, too many endpoints for access, too many variables of risk and not enough visibility or resources to properly protect all the assets of an enterprise. Correlation needs to tie together the cooperative capabilities of such tools as SIEM, Log Management, Identity and Access Management, malware scanning, etc… If security is about maintaining visibility, correlation would be its magnifying glass.

Compliance: The common thread for the alphabet soup that is compliance (HIPAA, PCI, FISMA, FFIEC, CIP, SOX, etc…) is the need to know who is logging in, accessing what assets and ensuring only the appropriately credentialed users can do those things. When you are dealing with sensitive information like credit card numbers, social security numbers, patient history/records, and the like, the need to have a strong and continuous monitoring initiative is not just a driving force to avoid fines, but it is the basis of good and trustworthy operation.

So much has been written about compliance and network security, so that all I will add is understand the responsibility you have towards customers, partners, employees, users, accurately calculate the risk in maintaining their information and vigilantly maintain the monitoring process that makes you a good steward of their trust.

The continual increase in daily network threats and attacks makes it challenging to maintain not only a complex heterogeneous environment but to also ensure compliancy by deploying network-wide security policies.

Addressing the issue from the cloud solves several pressing issues while providing the necessary heft to create the visibility to govern credentialing policies, remediate threats and satisfy compliance requirements across any sized enterprise. What’s more, all the solutions noted from above – from SIEM to Access Management—are available from the cloud.

Link: http://cloudcomputing.sys-con.com/node/2642497

Hackers hijack US government website to spread malware

Posted on May 1, 2013December 30, 2021 by admini

That backdoor communicates with a malicious server and the attackers can actually send orders to the system such as uploading and downloading files, executing commands, installing new malware,” he explained. The attack sends the hackers useful information like what security programmes the infected system has, what Java and Flash version is being used.

This reached new heights earlier this year when security firm Mandiant reported linking an advanced cyber campaign targeting the US government to a Chinese military unit.

More recently, Verizon claimed Chinese hackers are responsible for 96 percent of the world’s active cyber espionage campaigns in its Data Breach Investigations Report 2013.

Link: http://www.v3.co.uk/v3-uk/news/2265506/chinese-hackers-hijack-us-government-website-to-spread-malware

DDoS used as cover fire for parallel attacks, $2.1 million unauthorized wire transfer

Posted on April 30, 2013December 30, 2021 by admini

Working with organizations affected by Dirt Jumper DDoS attacks revealed a threat scenario in which the threat actor first performed a short-lived “test” DDoS attack to determine if the actor’s botnet could make the targeted site unusable.

If the test was successful, then the threat actor performed another DDoS attack in the near future, but this time the DDoS attack occurred shortly after an unauthorized wire or Automated Clearing House (ACH) transfer out of a compromised account. DDoS attack patterns revealed that short-lived attacks were an indicator of an unauthorized wire transfer, while longer attacks, which could last hours to days, were indicators of a fraudulent ACH transfer.

Visibility on these attacks proved to be quite useful in some cases, the DDoS attack was the initial notice that high-dollar fraud was occurring. Some of the fraud attempts and losses are staggering, with total dollar values of attempted fraud ranging from $180,000 to $2.1 million.

Link: http://www.cyberwarzone.com/ddos-used-cover-fire-parallel-attacks-21-million-unauthorized-wire-transfer