Tag Archives: capability

[ISN] Islamic State has ‘best cyber offence’ of any terrorist group

http://www.zdnet.com/article/islamic-state-has-best-cyber-offence-of-any-terrorist-group/ By Stilgherrian ZDNet News June 5, 2015 “ISIS [also known as Islamic State] came onto the scene very quickly, but they already have arguably the best cyber offensive capability of any extremist movement out there, and it’s still early days,” Mikko Hypponen, chief research officer at F-Secure said. “We still haven’t seen real physical damage being done by any extremist group, and it’s probably going to take a while until we see it. But these guys are the first ones that actually have some existing hackers who have joined them and moved in from the West,” Hypponen told the AusCERT Information Security Conference on Australia’s Gold Coast in his keynote address on Friday morning. “It’s not yet really a big problem, but obviously this isn’t getting better, this is getting worse,” he said. One such hacker is Abu Hussain Al Britani, a British citizen that F-Secure had been tracking as a traditional hacker three years ago. They lost track of him two years ago, but found him again last summer in Syria. Al Britani has been kicked off Twitter around 20 times, but appears to be tweeting again this week. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] House Intel Chief Wants To Increase Cyber Attacks Against Russia

http://www.defenseone.com/politics/2014/10/house-intel-chief-wants-increase-cyber-attacks-against-russia/95675/ By Patrick Tucker defenseone.com October 2, 2014 The United States should be conducting more disruptive cyber attacks against nations like Russia, according to Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee. “I don’t think we are using all of our cyber-capability to disrupt” actors in Russia targeting U.S. interests, he said at The Washington Post’s cybersecurity summit on Thursday. Rogers cited attacks out of Russia on the U.S. financial sector, specifically against JP Morgan Chase in August, as an example of nation states targeting U.S. companies and financial interests. The FBI is currently investigating whether or not the attacks were a response to the financial sanctions that the United States placed on Russia in March. He didn’t directly implicate Putin’s government in the attack on JP Morgan Chase, but he called the attempted breaches a “decision [made] on the basis of sanctions,” and asked whether the intent was “to monitor transactions or go in destroy enough data to cause harm to transactions?” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybersecurity Skills Shortage Poses Threat in Singapore

http://www.bloomberg.com/news/2014-06-22/cybersecurity-skills-shortage-looms-in-singapore-southeast-asia.html By Brian Leonal Bloomberg.com June 22, 2014 Singapore’s ability to fight a rising threat from hackers is hindered by a skills shortage and lack of awareness among companies, according to the computer security firm that runs a state-supported training center. “We do see a lack of capability and capacity in skilled professionals, and that’s partly due to massive demand across the world that stretches an already small, existing pool of people,” Bryce Boland, Asia Pacific chief technology officer at Milpitas, California-based FireEye Inc. (FEYE), a cybersecurity firm, said in an interview in Singapore last week. Singapore, a global financial center which relies on its image as a safe and stable location to lure business, has suffered high-profile online attacks on government websites and security breaches involving companies’ client data in recent months. Cybersecurity risks pose a challenge as the government steps up efforts to link public facilities and infrastructure for real-time data in Southeast Asia’s only developed nation. “Organizations increasingly recognize that the approach toward cyber security must be organization-wide,” said Lyon Poh, head of IT Assurance and Security at KPMG LLP in Singapore. “However, they lack people with the experience to set up a comprehensive cyber security defense system to promptly detect and respond to cyber threats.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Patch management flubs facilitate cybercrime

http://www.networkworld.com/news/2014/032714-solutionary-280149.html By Ellen Messmer Network World March 27, 2014 Failures in patch management of vulnerable systems have been a key enabler of cybercrime, according to the conclusions reached in Solutionary’s annual Global Threat Intelligence Report out today, saying it sees botnet attacks as the biggest single threat. The managed security services provider, now part of NTT, compiled a year’s worth of scans of customers’ networks gathered through 139,000 network devices, such as intrusion-detections systems, firewall and routers, and analyzed about 300 million events, along with 3 trillion collected logs associated with attacks. Solutionary says it relies on several types of vendor products for these scans, including Qualys, Nessus, Saint, Rapid7, nCircle and Retina. Solutionary also looked at the latest exploit kits used by hackers, which include exploits from as far back as 2006. Solutionary found that half of the vulnerability scans it did on NTT customers last year were first identified and assigned CVE numbers between 2004 and 2011. “That is, half of the exploitable vulnerabilities we identified have been publicly known for at least two years, yet they remain open for an attacker to find and exploit,” Solutionary said in its Global Threat Intelligence Report. “The data indicates many organizations today are unaware, lack the capability, or don’t perceive the importance of addressing these vulnerabilities in a timely manner.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My Latest Gartner Research: Context-Aware Security and Intelligence-Sharing Concepts Merge to Create Intelligence-Aware Security Controls

… security enforcement mechanisms toward a sharing of security intelligence to improve security. Not all security technologies are currently capable of sharing intelligence, and many currently lack significant intelligence-sharing maturity and response-orchestration capability. The most important benefits ofintelligence sharing will come from sharing and the subsequent …

Gartner clients may access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New attack on HTTPS crypto might reveal if you’re pregnant or have cancer

http://arstechnica.com/security/2014/03/new-attack-on-https-crypto-might-know-if-youre-pregnant-or-have-cancer/ By Dan Goodin Ars Technica March 6 2014 As the most widely used technology to prevent eavesdropping on the Internet, HTTPS encryption has seen its share of attacks, most of which work by exploiting weaknesses that allow snoops to decode cryptographically scrambled traffic. Now there’s a novel technique that can pluck out details as personal as someone’s sexual orientation or a contemplation of suicide, even when the protection remains intact. A recently published academic paper titled “I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis” shows how even strongly encrypted Web traffic can reveal highly personal information to employers, Internet service providers, state-sponsored spies, or anyone else with the capability to monitor a connection between a site and the person visiting it. As a result, it’s possible for them to know with a high degree of certainty what video someone accessed on Netflix or YouTube, the specific tax form or legal advice someone sought from an online lawyer service, and whether someone visiting the Mayo Clinic website is viewing pages related to pregnancy, headaches, cancer, or suicide. The attack works by carefully analyzing encrypted traffic and taking note of subtle differences in data size and other characteristics of the encrypted contents. In much the way someone holding a wrapped birthday present can tell if it contains a book, a Blu-ray disk, or a box of candy, an attacker can know with a high degree of certainty the specific URL of the HTTPS-protected website. The transport layer security and secure sockets layer protocols underpinning the Web encryption specifically encrypt the URL, so until now, many people presumed an attacker could only deduce the IP address of a site someone was visiting rather than specific pages belonging to that site. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Scientist-developed malware covertly jumps air gaps using inaudible sound

http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/ By Dan Goodin Ars Technica Dec 2 2013 Computer scientists have developed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection. The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals. The researchers, from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently disclosed their findings in a paper published in the Journal of Communications. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps. The new research neither confirms nor disproves Dragos Ruiu’s claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today’s malware. “In our article, we describe how the complete concept of air gaps can be considered obsolete as commonly available laptops can communicate over their internal speakers and microphones and even form a covert acoustical mesh network,” one of the authors, Michael Hanspach, wrote in an e-mail. “Over this covert network, information can travel over multiple hops of infected nodes, connecting completely isolated computing systems and networks (e.g. the internet) to each other. We also propose some countermeasures against participation in a covert network.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The second operating system hiding in every mobile phone

http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone By Thom Holwerda osnews.com 12th Nov 2013 I’ve always known this, and I’m sure most of you do too, but we never really talk about it. Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but two operating systems. Aside from the operating system that we as end-users see (Android, iOS, PalmOS), it also runs a small operating system that manages everything related to radio. Since this functionality is highly timing-dependent, a real-time operating system is required. This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance, the RTOS inside Qualcomm baseband processors (in this specific case, the MSM6280) is called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor. The problem here is clear: these baseband processors and the proprietary, closed software they run are poorly understood, as there’s no proper peer review. This is actually kind of weird, considering just how important these little bits of software are to the functioning of a modern communication device. You may think these baseband RTOS’ are safe and secure, but that’s not exactly the case. You may have the most secure mobile operating system in the world, but you’re still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm’s Infineon’s, and others’ blue eyes. The insecurity of baseband software is not by error; it’s by design. The standards that govern how these baseband processors and radios work were designed in the ’80s, ending up with a complicated codebase written in the ’90s – complete with a ’90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave. So, we have a complete operating system, running on an ARM processor, without any exploit mitigation (or only very little of it), which automatically trusts every instruction, piece of code, or data it receives from the base station you’re connected to. What could possibly go wrong? […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail