Category: Uncategorized

Several weeks prior their client-facing website/application had been “hijacked” and was redirecting clients from certain geographic regions to an overseas site. … Best guess would be a drive-by malware site, although the geographic discrimination is an unusual twist that would have been interesting to understand. In order to ensure that any traces of the compromise were eradicated, the client rebuilt the site at a different hoisting provider on a fresh Content Management System (CMS) install with updated modules/templates. That being said, we had several good data points: an overseas IP address attempting to hit the admin page of the app and the fact that the hacker had signed his website defacement.

One thing many people don’t know about TOR is that it can also be used to connect to “hidden services” on the internet – sometimes referred to as the “darknet”. … It’s not for the faint of heart – and despite the “anonymity” that is provided by TOR, you still find yourself looking over your shoulder when you’re on it.

Part of our client’s continuous improvement process is adding TOR/darknet knowledge to their Computer Security Incident Response Team (CSIRT). Hopefully, they won’t have to exercise the plan anytime soon – but if they have a security incident to respond to their Incident Response Plan now includes a trip to the dark side.

Link: http://www.pivotpointsecurity.com/risky-business/does-your-incident-response-plan-include-the-dark-side-of-the-internet

In a paper (PDF) released late last year, “Proactive Defense for Evolving Cyber Threats,” Sandia researchers Richard Colbaugh and Kristin Glass outline a computer model that they claim can monitor the Internet to identify volatile situations weeks before they go south—with “perfect accuracy.” While that information may be enough for a retailer to bet that the “steampunk” look will be the next hipster fashion, it’s what spymasters call “non-actionable intel.”

They start by tracking how many times a specific phrase turns up, using a website that tracks memes daily—sort of an early early warning system. … Their approach works, Colbaugh says, because it’s a blend of social science (the power people have to influence others) and computer science (the power of Big Data).

Intelligence agencies, embarrassed by the unforeseen events that lead to the Arab Spring and historic changes in the region, have been working on open source tools (PDF) that will make them more prescient about world events.

The research, Colbaugh points out, is in the public domain and it wouldn’t be difficult for a large corporation concerned about cyber attacks, say in financial services, to modify the model for its use. Encouraging as the research appears, it is not designed to replace existing cyber security tools or traditional methods of intelligence gathering. It is best used to zero in on public chatter on the Web—not the modus operandi of your lone cyber criminal or a state-sponsored pro because, as John Pescatore, director of emerging security technologies for SANS Institute, points out: “They’re not going to yak about it on social media.”

Link: http://www.businessweek.com/articles/2013-03-04/this-research-paper-explains-how-to-predict-the-next-arab-spring-and-cyber-attacks#r=pol-s

By understanding the needs of the industry and keeping on top of new technologies and threats, good CSOs can identify the special skills and expertise (such as analytics expertise or a specialty in malware) needed in their new hires on both the information- and physical-security fronts, says Young.

Tom Verzuh, president of recruiting firm SCW Consulting, is seeing great demand for physical-security professionals who are fluent in technology, especially digital-video software management and analytics.

“The way to increase your value as a physical security professional is to invest in learning the world of IP networking and Microsoft server technologies and data analytics solutions,” says Charles Foley, chairman and CEO of Watchful Software. “Security pros that know these two areas will be able to spearhead their companies efforts to streamline costs, increase value delivered, and will literally sell information collected to the rest of the organization.”

Information-protection skills are in great demand, according to Foley –in particular, knowledge of data-centric technologies such as enterprise rights management, multilevel security models, data classification techniques and biometrics.

This understanding is also important for recognizing where potential vulnerabilities might lie within the organization, such as with outsourced services or data, or lines of business that are popular targets for cyberattacks.

CSOs that have an advanced business degree such as an MBA are always going to be that much more desirable than those who do not, according to Jerry Irvine, CIO of IT outsourcing company Prescient Solutions and a member of the National Cyber Security Task Force. Not only must CSOs make complex security issues understandable to the enterprise at large, they must also make it clear how important security risk, particularly digital risk management, is to the executive suite’s agenda. David Luzzi, executive director of Northeastern University’s Strategic Security Initiative, adds logical reasoning and the ability to inspect ideas as important skills to build on the foundation of excellent verbal and written communication skills.

Link: http://www.cso.com.au/article/455664/hot_security_skills_2013/

For example, the vast majority of these academic legal scholars would require the United States ensure that malicious software attack only combatant systems and legitimate military targets, and not affect any other systems.

While code can be targeted to a specific military system, that is no guarantee it will be limited because of the dual use of information technology.

The legal perception of cyber is based on an assumption that actors are either civilian or military, but there is no such clear distinction in the militarized and contested digital world.

In cyberspace, universities, municipal utilities, communication companies and other actors are a part of the war-fighting effort without clear boundaries to being civilian or military. If the U.S. became engaged in a cyber conflict with Hezbollah in southern Lebanon, an organization that is a mix of crude arms manufacturing, terrorism training and soup kitchens for the poor, there is no way to ensure that a counter cyber attack would not affect the soup kitchens. But there is no territorial or international cyberspace as long as attribution is unsolved — and even with attribution solved, the answer to where, when and by whom is troublesome to answer.

Applying laws of war that have origins in the 1800s, when massive armies fought on a field in broad daylight, in an abundance of object permanence, is not relevant to cyber when the contested space is changed, lost, created, reborn and redesigned in real time.

Link: http://www.defensenews.com/article/20130217/DEFFEAT05/302170016/Offensive-Cyber-Superiority-Stuck-Legal-Hurdles-

“To detect an attack, you must develop and maintain a basic awareness of the normal operations of your business,” says Martin Roesch, founder of SourceFire, a high-end technology firm that combats hackers and malware. “Once you’re aware of how your network works, the applications people use and the amount of bandwidth they chew up, you’ll be able to spot anomalies that will help you identify an attack.”

Warning signs might include machines that are suddenly running slowly or crashing, strange network usage patterns, huge transfers of data to unknown destinations or visits from unfamiliar IP addresses (for instance, visits from Eastern European IP addresses when your business’s customers are all based in Texas).

Unless you have an information or cyber-security expert on staff, this would be a good time to call in a professional consultant, who will be able to identify the type of attack being utilized by the hacker, conduct a network and malware analysis, and figure out which systems and data files have been compromised. A security expert will also be able to tell you whether the attack was mass-produced –something an employee might have picked up by browsing a compromised website – or whether it was a unique, targeted attack, which might suggest that the perpetrator was a competitor of some sort, says Dr.

While the kneejerk response might be to pull the plug on machines as soon as a compromise has been detected, waiting until a thorough investigation has been conducted will better serve you in figuring out how to protect your system from future attacks. Then, using the information you’ve learned about the breach, says Hemanshu Nigam, founder of SSP Blue, a safety, security and privacy firm, “you can close the gaps in your systems, so it doesn’t happen again.”

Nigam agrees that customers should be informed to the extent possible, which will actually help build trust between your business and clients, as long as you effectively communicate that you are making all efforts to prevent another attack.

Link: http://smallbusiness.foxbusiness.com/technology-web/2013/02/19/5-steps-to-recovery-after-your-business-has-been-hacked/

It is up to the CIO or CSO’s due diligence to understand all the implications on how the deployment will affect the holistic enterprise.

“When cloud computing is treated as a governance initiative, with broad stakeholder engagement and well-planned risk management activities, it can bring tremendous value to an enterprise,” said Emil D’Angelo, CISA, CISM, international president of ISACA and founding member of the Cloud Security Alliance.

When due diligence is done, a CIO will have a clear idea of an initiative’s risk versus return and whether a cloud security deployment meets the individual requirements of the company.

For example, seeing who has accessed a certain application gives you historical perspective, but, what if it is a retired account or tries using a decommissioned password? … Or if a partner accesses certain parts of your database to which they are entitled, but quadruples their order in the dead of night to be shipped to Phnom Penh? … There are literally thousands of scenarios by which leveraging the cooperative functionality of IDM, AM, SIEM and Log Management creates not only the holistic visibility to drive governance policies, but offers significant barriers to keep the IT enterprise safer.

The challenge facing most security teams, therefore, is to provide line-of-business users with the access they need while ensuring that the access is appropriate and does not expose the enterprise to unnecessary business risk. But first you must ensure visibility–and when you know where all your data is and all the multiple ways that it is available, then you can best manage the policies, roles, and security functions that best connects your requirements.

Link: http://cloudcomputing.sys-con.com/node/2527026