admini – Page 82 – CyberSecurity Institute

Old News, ThreatGRID researchers discovered this a couple of months ago: New APT malware monitors mo

Posted on April 3, 2013December 30, 2021 by admini

The malicious document downloads and executes a component that attempts to determine if the operating environment is a virtualized one, like an antivirus sandbox or an automated malware analysis system, by waiting to see if there’s any mouse activity before initiating the second attack stage. Mouse click monitoring is not a new detection evasion technique, but malware using it in the past generally checked for a single mouse click, Rong Hwa said. BaneChant waits for at least three mouse clicks before proceeding to decrypt a URL and download a backdoor program that masquerades as a technology by performing multibyte XOR encryption of executable files, masquerading as a legitimate process, evading forensic analysis by using fileless malicious code loaded directly into the memory and preventing automated domain blacklisting by using redirection via URL shortening and dynamic DNS services, he said.

For example, during the first stage of the attack, the malicious document downloads the dropper component from an ow.ly URL. The rationale behind using this service is to bypass URL blacklisting services active on the targeted computer or its network, Rong Hwa said. This is an attempt to trick users into believing that the file is part of the Google update service, a legitimate program that’s normally installed under “C:Program FilesGoogleUpdate”

Cyberattacks on banks signal urgent need for security bill, lawmakers say

Posted on April 3, 2013December 30, 2021 by admini

.”These banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them,” he said.

Adam Schiff, D-Calif., a senior member of the House Intelligence Committee, told NBC News Wednesday that the FBI and “other law enforcement agencies are following up aggressively to identify the responsible parties” of the attacks. “Our computer networks are the subject of daily assault by hostile hackers, both state sponsored and independent, who hope to obtain confidential information for economic gain, to test our defenses, or simply because they can,” Schiff said.

Rogers, who is pushing for the passage of the Cyber Intelligence Sharing and Protection Act, H.R.624, says that the federal government is “trying to share cyber threat information with these banks to help them get ahead of these attacks. He said, “needs to pass bipartisan information sharing legislation to knock down those barriers, so that American companies can protect their computer networks and the valuable intellectual property and personal customer information that resides on them.”

Doug Johnson, the American Bankers Association’s vice president of risk management policy, told NBC News that the attacks “have been intensifying since October and we expect them to continue.

Link: http://www.nbcnews.com/technology/technolog/cyberattacks-banks-signal-urgent-need-security-bill-lawmakers-say-1C9202532

Hackers attacking US banks are well-funded, expert says

Posted on April 3, 2013December 30, 2021 by admini

“The biggest change is the maintenance and the growth in the botnet,” Dan Holden, director of Arbor Networks’ Security Engineering and Response Team explained for Ars Technica.

And they’ve added some twists and techniques to their tools as time goes on, focusing their attacks more on the particular applications of the banks they’re targeting.

And while the attacks bring huge losses to the targeted institutions – whether it’s because the customers can’t access their accounts for days at the time, because the hackers or other cyber crooks might have used the DDoS attacks as a cover for fraudulent transaction, or because of the preventative measures they had to undertake to protect their websites – the cost for the attackers is thought to be also considerable.

Considering the effort and hours it takes to maintain the attack botnets, and the continuing refinement of the attacks, Holden believes that it couldn’t be done without financial backing.

Link; http://www.net-security.org/secworld.php?id=14691

WILL THE NEXT 9/11 BE DIGITAL?

Posted on April 2, 2013December 30, 2021 by admini

“In the last few years we have shown enough data that proves that the number and complexity of these attacks have been increasing steeply,” said Jamie Blasco, manager of the Vulnerability Research Team at open source security firm AlienVault.

“Legal firms may be the biggest target of nation states because they have so much proprietary information in their systems,” noted Tim Keanini, chief research officer at enterprise security firm nCircle.

However, last month President Obama signed an executive order giving the Secretary of Homeland Security until mid-July to extend the definition of critical infrastructure to include organizations “where a cybersecurity incident could reasonably result in catastrophic regional or national effects.” “That’s not the same as destruction, but it can have a huge impact on companies that live and breath on just-in-time inventories and the ability to connect with their customers immediately.”

Sophisticated, highly-modular malware like Flame isn’t produced by a lone hacker pulling in a few all-nighters, but almost certainly represents skills and sustained efforts of well-compensated professional programmers – or at least a big bankroll and a willingness to ply the black market for exploits. Exploits and techniques developed by state-sponsored efforts can be leaked or reverse-engineered just like any other malware, making their way into the hands of traditional cybercriminals and widely-available exploit collections like Blackhole, Phoenix, and RedKit.

Engaging hacker groups or online criminals to assist with cyber attacks could give nations a way to deny responsibility; however, it could also mean hackers and cybercriminals may have access to the state’s technical and fiscal resources.

Link: http://www.digitaltrends.com/computing/will-the-next-9-11-be-digital/

WikiLeaks Announcement: “Special Project K”

Posted on April 2, 2013December 30, 2021 by admini

Last week, the Ecuadorian government held talks with the British Labour party to try to strike a deal to send Assange to Sweden to end the political impasse, which has seen the Australian whistleblower holed up in the Ecuadorian embassy since claiming asylum in June last year. But until Assange is released, possible candidates could include Kristinn Hrafnsson, Icelandic investigative journalist or maybe WikiLeaks activist Jacob Appelbaum, who has represented the organization in the past.

It is speculated that “Project K” may be linked to Assange’s Australian party which he launched last month, as it needs to gather 500 members before it can officially register with the Australian Electoral Commission ahead of September’s election.

Link: http://leaksource.wordpress.com/2013/04/01/wikileaks-announcement-special-project-k-press-conference-april-8th-national-press-club/

7 Duties for CISOs under FISMA Reform

Posted on April 1, 2013December 30, 2021 by admini

Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and agency information systems;
Developing, maintaining and overseeing an agencywide information security program;
Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements;
Training and overseeing personnel with significant responsibilities for information security;
Assisting senior agency officials on cybersecurity matters;
Ensuring the agency has a sufficient number of trained and security-cleared personnel to assist in complying with federal cybersecurity law and procedures;
Reporting at least annually to agency executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats.

If enacted, the bill would create a federal information security incident center to provide timely technical assistance to operators of agency information systems regarding security incidents; compile and analyze information about incidents that threaten information security; inform operators of agency information systems about current and potential information security threats and vulnerabilities; and consult with the National Institute of Standards and Technology, agencies or offices operating or exercising control of national security systems regarding information security incidents and related matters.

The legislation also would give the director of the White House Office of Management and Budget the authority to oversee the development and implementation of policies, principles, standards and guidelines on information security as well as oversee the operations of a federal information security incident center.

Tom Carper, the Delaware Democrat who chairs the Senate Homeland Security and Governmental Affairs Committee, has promised that his panel will draft a FISMA reform measure, but it is unclear whether it would be in the form of a standalone bill or part of a more comprehensive cybersecurity legislative package.

Link: http://www.bankinfosecurity.com/7-duties-for-cisos-under-fisma-reform-a-5620?rf=2013-03-25-eb&elq=5558a599647941f893a08b7d1d03e296&elqCampaignId=6234