Tag Archives: behavior

My Latest Gartner Research: Enterprise Firewall and Unified Threat Management Products Impact End-User Buying Behavior

This document helps product developers and managers of security providers prepare enterprise firewall and unified threat management products for the impact of digital business, mobile and the Internet of Things on end-user buying behavior….

Gartner Subscribers can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How hackers could attack hard drives to create a pervasive backdoor

http://arstechnica.com/information-technology/2015/02/how-hackers-could-attack-hard-drives-to-create-a-pervasive-backdoor/ By Sean Gallagher Ars Technica Feb 18, 2015 News that a hacking group within or associated with the National Security Agency compromised the firmware of hard drive controllers from a number of manufacturers as part of a 14-year cyber-espionage campaign has led some to believe that the manufacturers were somehow complicit in the hacking—either by providing source code to controller firmware or other technical support. But it’s long been established that hard drive controllers can be relatively easily reverse-engineered without any help from manufacturers—at least, without intentional help. Despite keeping hardware controller chip information closed, hard drive manufacturers’ use of standard debugging interfaces makes it relatively simple to dump their firmware and figure out how it works—even inserting malicious code that can trigger specific behaviors when files are accessed. Reverse-engineering it to the point of creating a stable alternative set of firmware for multiple vendors’ hard disk controllers that also includes persistent malware, however, is a significant feat of software development that only the most well-funded attacker could likely pull off on the scale that the “Equation group” achieved. Hard drive controller boards are essentially small embedded computers unto themselves—they have onboard memory, Flash ROM storage, and a controller chip that is essentially a custom CPU (usually based on the ARM architecture). They also generally have diagnostic serial ports, or other interfaces on the board, including some based on the JTAG board debugging interface. Using software such as Open On Chip Debugger (OpenOCD), you can even dump the “bootstrap” firmware from the controller and analyze it with an ARM disassembler. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Startup finds malware intrusions by keeping an eye on processor radio frequencies

http://www.networkworld.com/article/2875517/security0/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.html By Tim Greene Network World Jan 26, 2015 PFP Cybersecurity, a startup with roots in academia and the military, seeks out malware by analyzing the performance of hardware – not software and not the behavior of devices on the network. PFP’s system compares ongoing radio-frequency output from processors to a baseline that is established when the device is known to be performing legitimate tasks. When it detects anomalies that might represent malicious activity, it triggers alarms. Then it’s up to other tools to figure out what exactly is behind the problem. The system could be used to keep an eye on a large number of similar devices all performing the same task, such as those found in supervisory control and data acquisition (SCADA) networks that support power grids, chemical plants and the like. Savannah River National Laboratory is considering the gear for to protect its smart-grid relays. The system could also be used to check new devices as they are delivered from the plants where they are made in order to find faulty ones or ones that have been tampered with, the company says. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Student Spins Double Life Among Spanish Elite

http://www.nytimes.com/2014/10/22/world/student-spins-double-life-among-spanish-elite.html By RAPHAEL MINDER The New York Times OCT. 21, 2014 MADRID — How is it that a baby-faced, 20-year-old university student skates his way into the coronation celebration of the new king, passes himself off as a government adviser to reportedly broker a lucrative business deal, and avoids traffic jams by flashing a fake police light? That is the question members of Spain’s security services are asking themselves after the student, Francisco Nicolás Gómez Iglesias, was arrested last week and quickly gained prominence as the country’s most notorious gate-crasher. The answer, disturbingly enough, is that he did it by falsifying police and secret service documents and pretending to hold several government and other official posts, Spain’s national police say. The judge in charge of the case, Mercedes Pérez Barrios, was as incredulous as many other Spaniards at the extent of Mr. Gómez Iglesias’s double life. In her report, she wrote that she could “not understand how a young person of 20, using only his word and apparently under his own identity, could have access to conferences, places and events without his behavior alarming anybody.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber cold war likely to continue

http://www.chinadaily.com.cn/opinion/2014-07/18/content_17830716.htm By Colin Speakman China Daily 2014-07-18 Tensions are growing amid claims and counter-claims of cyber espionage by the United States and China. Even the just concluded Sino-US Strategic and Economic Dialogue in Beijing couldn’t ease the tensions. In May, the US charged, albeit without evidence, five Chinese nationals with breaking into US companies’ systems and stealing trade secrets, and called them “military hackers”. On July 11, US Department of Justice officers arrested a Chinese national, Su Bin, for “working with hackers in China” to infiltrate US companies’ networks and steal valuable data on military technology. Su is the owner of Chinese aviation technology company Lode Tech and has been accused of working with two co-conspirators in China to break into the computers of Boeing and other US defense contractors. Raising tensions further, Fox News’ Bob Beckel, who hosts The Five program, said: “Chinese are the single biggest threat to the national security of the US. Do you know what we just did? As usual, we bring them over here and teach a bunch of Chinamen, uh, Chinese people, how to do computers, and then they go back to China and hack us.” His remark has been strongly criticized by many, including Chinese Americans, with California State Senator Ted Lieu demanding Beckel’s immediate resignation. Lieu has said that Americans “should all be alarmed by the racist, xenophobic comments”. Alarming it is indeed, as The Washington Post recently noted that “the US-China relationship is facing its stiffest test since then US president Richard Nixon traveled to Mao Zedong’s China in 1972”, and German Chancellor Angela Merkel again expressed serious concern over the US-sponsored hacking into confidential German data. If the US cannot trust its Western allies, how can it trust China, a country it openly admits to be in a competitive relationship with? China, too, is stepping up its security protection against US surveillance. In May it announced that the Central Government Procurement Center had mandated all “desktops, laptops and tablet PCs purchased by central State organizations must be installed with OS other than Windows 8”. The Chinese media have painted Microsoft, Apple, Facebook, Google, Yahoo and other IT giants as pawns of the US National Security Agency, claiming that foreign technology service providers such as Google and Apple can become cybersecurity threats to Chinese users. That’s why it looked like a retaliatory move when China’s State-run television told iPhone owners that the device is a threat to national security because it tracks users’ movements. The warning was that iOS 7’s “frequent locations” app, which records places users have been to and the time they spend there, can help the IT giant obtain sensitive information, including State secrets. Apple has explained the app’s functionality as designed to learn important locales to provide pre-emptive information, such as directions to a frequently patronized restaurant or the estimated commute time to work. However, Chinese concerns are that Apple’s mobile phone positioning can view users’ addresses and whereabouts, because information will be recorded even if the app is turned off. From this app, someone can get a cell phone user’s occupation, place of work, home address and then obtain all other relevant information on him/her. It is understandable that such permitted culling of information would raise concerns after the “Snowden Effect” – many US technology companies’ relations with foreign governments, including China’s, have come under scrutiny and many big service providers asked the NSA to drastically change its policies before the surveillance program further harms their businesses. Apple is one of the companies at the forefront of this risk. In the first quarter of 2014, Apple said revenue from the “Greater China” region, which included the mainland, Hong Kong and Taiwan, accounted for 20 percent of its total sales, up 13 percent year-on-year. The question is: Will the future see a shutting out of potentially useful US technological advances in China as a response to the lack of trust and dearth of knowledge on what these technologies could be used for? Each side accuses the other of cyber espionage and each side views itself as a victim. China rightly cites the NSA scandal, which revealed widespread surveillance by US intelligence agencies on not only US citizens but also governments and companies worldwide, including Chinese companies. The US, on its part, continues to accuse China of using cyber warfare to steal confidential information, trade secrets and data of national importance. Since most countries engage in some form of spying and can justify it in terms of national interest, a protocol on cybersecurity and boundaries of invasive behavior should be put in place. Unfortunately, such a possibility seems a long way off. At the next Strategic and Economic Dialogue, therefore, a new formula should be brought to the table, and perhaps the economic benefits of cooperation should be allowed to drive the agenda. But whatever is agreed, spying will take place. In some form, the cyber cold war is likely to continue. The author, an economist and international educator, is director of China Programs at CAPA International Education, a US-UK based organization that cooperates with Capital Normal University and Shanghai International Studies University.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How Companies Can Rebuild Trust After A Security Breach

http://www.forbes.com/sites/katevinton/2014/07/01/how-companies-can-rebuild-trust-after-a-security-breach/ By Kate Vinton Forbes Staff July 1. 2014 “It’s not a question of if you will be hacked, but when,” says cybersecurity expert Joe Adams. This is bad news for companies, not only because of security risks, but also because data breaches have a significant and measurable impact on customers’ trust and spending habits, according to a study released Monday. The good news? Customers, who are generally not concerned about security until a breach happens, are looking for transparency and timely responses to breaches, something companies can provide with enough preparation and foresight. Interactions, a customer experience marketing group, released a study Monday called “Retail’s Reality: Shopping Behavior After Security Breaches.” Using the same sampling as the 2010 U.S. Census, the study looks at how security breaches impact customers’ shopping habits. Forty-four percent of survey respondents had been the victim of a data breach. A higher 60% of Millennials had had their data stolen, likely because these 18 to 24-year-olds are much more likely to share their information online and sign up for retail credit cards, according to DeMeo, Vice President of Global Marketing and Analytics at Interactions. Trust for retail is low, with 45% of shoppers saying they don’t trust retailers to keep their information safe. After a security breach, 12% of loyal shoppers stop shopping at that retailer, and 36% shop at the retailer less frequently. For those who continue to shop, 79% are more likely to use cash instead of credit cards. According to DeMeo, shoppers who use cash statistically spend less money, hurting the company. Indeed, 26% say they will knowingly spend less than before. All this paints a concerning picture for retailers looking to both keep their company secure and minimize the negative impact of a security breach if


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Android malware targets South Korean online banking customers

http://www.networkworld.com/article/2401481/android-malware-targets-south-korean-online-banking-customers.html By Jeremy Kirk IDG News Service June 26, 2014 Malicious software that swaps itself for legitimate online banking applications is striking users in South Korea, with thousands of devices infected in the last week, according to a Chinese mobile security company. Cheetah Mobile, formerly known as Kingsoft Internet Security Software, wrote that the banking malware masquerades as a popular game or tool on third-party Android application markets. Google checks Android applications in its Play store for malicious behavior, but third-party marketplaces are often rife with malicious applications. Security experts advise caution when using such sources for applications. If the malicious application is installed, it scans for the official applications of South Korean banks including Nong Hyup, Shinhan, Kookmin, Woori, Hana, Busan and the Korean Federation of Community Credit Cooperatives, Cheetah Mobile wrote. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Third-Party Service Providers Scrutinized After SEA’s Reuters Hack

http://www.eweek.com/security/third-party-service-providers-scrutinized-after-seas-reuters-hack.html By Robert Lemos eWEEK.com 2014-06-25 One content provider’s lapse in spotting the odd behavior of privileged users allowed the Syrian Electronic Army cyber-propaganda group to deface Reuters.com. As popular cyber-attack targets continue to make progress in locking down access to their networks and data, attackers searching for other ways to compromise their targets have increasingly focused on another weak point—third-party suppliers and contractors. On June 23, hackers from the propaganda group known as the Syrian Electronic Army redirected visitors to some Reuters articles to a defacement page that berated the news organizations for “fake reports and false articles about Syria.” The attackers did not breach Reuters network, however, but modified a content widget provided by Taboola, which normally allows media sites to monetize their page views. The SEA fooled one company employee, which the firm refers to as a “user,” into giving up their password and then used the access to Taboola’s Backstage platform to change the header in the Reuters widget, the company said in an analysis of the attack. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail