CyberSecurity Institute

Cyber attacks on U.S. banks likely to continue, experts say. Even before the threat of malware from the Blackhole exploit kit could die down, a new exploit kit has emerged, a security vendor warned over the weekend.

Trend Micro said the new kit, which it dubbed Whitehole Exploit Kit, uses similar code as Blackhole —but does not bother to hide itself. “However, the people behind this kit are already peddling the kit and even command a fee ranging from $200 to $1,800,” it said.

Trend Micro said an analysis of sample exploit malware, detected as JAVA_EXPLOYT.NTW, exploits vulnerabilities to download malicious files on a victim’s computer. It then downloads BKDR_ZACCESS.NTW and TROJ_RANSOM.NTW, noting ZACCESS/SIRIEF variants are known bootkit malware that download other malware and push fake applications. “This specific ZACCESS variant connects to certain websites to send and receive information as well as terminates certain processes. It also downloads additional malicious files onto already infected systems,” Trend Micro said.

On the other hand, ransomware typically locks systems until users pay money via specific payment modes. “Given Whitehole’s current state, we may be seeing more noteworthy changes to the exploit kit these coming months.”

Link: http://www.gmanetwork.com/news/story/294043/scitech/technology/new-whitehole-malware-exploit-kit-revealed

While potentially damaging to the bank execs, the data was less critical than other information held by the central bank, such as sensitive financial data or confidential policy communications.

“While it may not seem so to the bankers whose information was compromised, when you put it into perspective — we are talking about the Federal Reserve — this data is really the low-hanging fruit,” said Al Pascual, security analyst for Javelin Strategy & Research.

Unconfirmed, media speculation had the flaw as a known vulnerability in Adobe ColdFusion software, which is used by some Federal Reserve websites. The data that was stolen from the Fed and posted on the Web could likely become a headache for the bank execs. Hackers could use the information to craft email that would be more likely to trick recipients into clicking on an attachment or a link to a malicious website.

Link: http://www.networkworld.com/news/2013/020713-fed-hack-highlights-software-patching-266497.html

The leak is part of Operation Last Resort, the group’s campaign to reform computer crime law in the wake of Aaron Swartz’s death, according to the faction’s Twitter account.

The leaks came after computer attacks last weekend in which the hacktivist group turned the United States Sentencing Commission website into a game of Asteroids.

Last Monday, a House panel issued a letter to Attorney General Eric Holder demanding answers regarding the prosecution of Aaron Swartz. The group believes that an overzealous prosecution and outdated computer crime laws may have contributed to Swartz’s suicide.

Swartz, a Harvard researcher who was known for his contributions to the development of RSS and the popular website Reddit, was charged for a slew of crimes including computer and wire fraud after breaking into MIT campus and systematically downloading academic journals from a service called JSTOR.

Link: http://www.foxnews.com/tech/2013/02/04/anonymous-leaks-personal-information-4000-bank-execs/

Officials said the new cyber policies have been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyber weapons. But the intelligence agencies have the authority to carry out clandestine drone strikes and commando raids in places like Pakistan and Yemen, which are not declared war zones.

Obama is known to have approved use of cyber weapons once, early in his presidency, when he ordered an escalating series of cyber attacks against Iran’s nuclear enrichment facilities.

Another senior official said it was quickly determined that the cyber weapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief. That means the administration has ruled out the use of “automatic” retaliation if a cyber attack on America’s infrastructure is detected, even if the virus is traveling at network speeds. During the attacks on Iran’s facilities, which the U.S. never acknowledged, Obama insisted that cyber weapons be targeted narrowly, so that they did not affect hospitals or power supplies.

Link: http://www.startribune.com/nation/189605461.html?refer=y

The department said it was working with federal law enforcement to gather more information on the nature and scope of the attacks and assess the potential impact on staff and contractors.

It was not clear which divisions at the agency’s headquarters were breached in the attack, and it was also uncertain who the hackers were or where they were based.

A department spokesman declined to comment, and a spokesman for the Energy Information Administration, which publishes data that helps keep oil, gas and electricity markets stable, deferred to DOE headquarters.

In the past, Energy Department installations that design and build nuclear weapons, including the Los Alamos National Lab in New Mexico, have faced scandals over alleged mishandling of classified information. In 2006, for example, after raiding a house trailer containing a suspected small methamphetamine lab, local police found three computer memory sticks containing classified information downloaded from the Los Alamos lab’s computers.

One of the largest security scandals in modern U.S. history, the leaking of hundreds of thousands of State Department cables and military reports to the website WikiLeaks, allegedly occurred because, in an effort to share intelligence more widely with operations in the field, agencies sent classified reports electronically to battlefield intelligence units, where data protection measures were lax.

In late 1999, a Los Alamos nuclear weapons scientist born in Taiwan, Wen Ho Lee, was arrested and indicted for allegedly mishandling classified information from the lab.

Link: http://www.nbcnews.com/technology/technolog/energy-department-hacked-says-no-classified-data-compromised-1B8242980