Tag Archives: monitoring

[ISN] Report: Hack of government employee records discovered by product demo

http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ By Sean Gallagher Ars Technica June 11, 2015 As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM’s security. An OPM statement on the attack said that the agency discovered the breach as it had “undertaken an aggressive effort to update its cybersecurity posture.” And a DHS spokesperson told Ars that “interagency partners” were helping the OPM improve its network monitoring “through which OPM detected new malicious activity affecting its information technology systems and data in April 2015.” Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported. And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it’s still not even clear what data was accessed by the attackers. Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees “entirely inadequate, either as compensation or protection from harm.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Strategic Friendship in Asymmetric Domain)

http://www.pircenter.org/en/blog/view/id/208 By Oleg Demidov PIR Center 09.05.2015 The bilateral intergovernmental Russian-Chinese agreement on cooperation in the field of international information security which was signed on May 8, 2015 during the visit to Moscow of Xi Jinping, General Secretary of the CPC and the President of China, could potentially become an important milestone in Russia’s strategy of pivoting to the East. Though in its current state the agreement rather provides a general cooperation framework, it also provides a broad range of directions for further practical cooperation steps and efforts between the two countries. It primarily focuses on systemic information exchange between special services of the two states, joint monitoring and prevention of escalation of serious incidents and especially conflicts in cyberspace, ensuring and strengthening cybersecurity of critical infrastructures, countering ICT-enabled forms and methods of terrorism, exchange of expertise and academic knowledge on cybersecurity, etc. A strong focus in made on joining efforts in countering the unlawful use of ICTs targeted at “undermining of social order, political and social stability, provoking extremism, hate and social unrest”, and even (and this is something quite new even for Russian doctrines, let alone intergovernmental agreements) “threatening to the spiritual sphere” of the two nations. Noteworthy, the agreement for the first time for a Russian official international document operates with the notion of strategic stability with regard to cyberspace and information security. Previously, a more broad and vague notion of ICT-enabled threats to international peace and security was used. Something distinct from a mere terminological equilibristic, this conceptual update serves as an indicator of the fact that Moscow now truly regards China as a strategic partner in the dialogue on political and military dimension of cybersecurity. The discourse of strategic stability was always linked to the issues of WMD strategic balance and (in Russian view) strategic antimissile defense. Now cybersecurity has a strong presence in this “elite club” of ultimate global security factors in the Russian strategic thinking, and first intergovernmental manifestation of this paradigm is addressed to and agreed with China. Accidentally or not, this aspect reveals interesting intersections with the recently published updated DoD’s Strategy for Cyberspace, which has replaced the previous document from 2011, even having in mind that an intergovernmental agreement and a national strategy are very different documents in terms of their scope and purposes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] VA Blocked Billions of Cyber Threats in March

http://www.defenseone.com/technology/2015/05/va-blocked-billions-cyber-threats-march/111721/ BY MOHANA RAVINDRANATH NEXTGOV MAY 3, 2015 The Department of Veterans Affairs experienced a significant surge in cyber threats in March, Chief Information Officer Stephen Warren said during a Thursday call with reporters. The department blocked 1.19 billion malware instances and 358 million intrusion attempts into VA systems in March alone, Warren said. This number is up since February, when VA reported blocking 930 million malware instances and 4.3 million intrusion attempts. If the volume of threats continues to ramp up, Warren said, ”any agency will run into the point where we may get overwhelmed.” He added later, “Nothing I do will reduce what’s coming at me one bit.” Instead, he said, VA will need to scale its cybersecurity to prevent what could be an exponential increase in threats. He said the department has been beefing up its continuous monitoring technology, reinforcing external network connections, and security training. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] PSA: Your crypto apps are useless unless you check them for backdoors

http://arstechnica.com/security/2015/02/psa-your-crypto-apps-are-useless-unless-you-check-them-for-backdoors/ By Dan Goodin Ars Technica Feb 4, 2015 At the beginning of the year, I did something I’ve never done before: I made a new year’s resolution. From here on out, I pledged, I would install only digitally signed software I could verify hadn’t been tampered with by someone sitting between me and the website that made it available for download. It seemed like a modest undertaking, but in practice, it has already cost me a few hours of lost time. With practice, it’s no longer the productivity killer it was. Still, the experience left me smarting. In some cases, the extra time I spent verifying signatures did little or nothing to make me more secure. And too many times, the sites that took the time to provide digital signatures gave little guidance on how to use them. Even worse, in one case, subpar security practices of some software providers undercut the protection that’s supposed to be provided with digitally signed code. And in one extreme case, I installed the Adium instant messaging program with no assurance at all, effectively crossing my fingers that it hadn’t been maliciously modified by state-sponsored spies or criminally motivated hackers. More about those deficiencies later—let’s begin first with an explanation of why digital signatures are necessary and how to go about verifying them. By now, most people are familiar with man-in-the-middle attacks. They’re waged by someone with the ability to monitor traffic passing between an end user and a website—for instance, a hacker sniffing an unsecured Wi-Fi connection or the National Security Agency sniffing the Internet backbone. When the data isn’t encrypted, the attacker can not only read private communications but also replace legitimate software normally available for download with maliciously modified software. If the attack is done correctly, the end user will have no idea what’s happening. Even when Web connections are encrypted with the HTTPS standard, highly skilled hackers still may be able to seed a website with malicious counterfeit downloads. That’s where digital signatures come in. A prime candidate for such an attack is the OTR plugin for the Pidgin instant messenger. It provides the means to encrypt messages so (1) they can’t be read by anyone monitoring the traffic sent between two parties and (2) each party can know for sure that the person on the other end is, in fact, who she claims to be. Fortunately, the OTR installer is provided through an encrypted HTTPS connection, which goes a long way to thwarting would-be man-in-the-middle attackers. But strict security practices require more, especially for software as sensitive as OTR. That’s why the developers included a GPG signature users can check to verify that the executable file hasn’t been altered in any way. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Australian infosec budgets are probably wrong: Deloitte

http://www.zdnet.com/article/australian-infosec-budgets-are-probably-wrong-deloitte/ By Stilgherrian ZDNet News February 4, 2015 Australian organisations are lagging when it comes to shifting the focus of their information security efforts from merely securing their networks to detecting intrusions, responding to them, and building resilience, according to senior security and risk executives from Deloitte, the international consulting firm. Deloitte divides an organisation’s infosec spend into three areas, each labelled with an adjective. “Secure” is the technology that protects critical assets against known and emerging threats across the ecosystem. This includes traditional network protection capabilities such as firewalls, anti-malware and anti-spam systems, and intrusion detection and prevention systems (IDS/IPS). “Vigilant” is about having the intelligence and monitoring capabilities to detect both known and unknown bad-guy activities, and understanding the extent to which they’re a risk to the business. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Thousands of U.S. gas stations exposed to Internet attacks

http://www.csoonline.com/article/2874230/cybercrime-hacking/thousands-of-us-gas-stations-exposed-to-internet-attacks.html By Lucian Constantin IDG News Service Jan 23, 2015 Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers. These devices, known as automated tank gauges (ATGs), are also used to trigger alarms in case of problems with the tanks, such as fuel spills. “An attacker with access to the serial port interface of an ATG may be able to shut down the station by spoofing the reported fuel level, generating false alarms, and locking the monitoring service out of the system,” said HD Moore, the chief research officer at security firm Rapid7, in a blog post. “Tank gauge malfunctions are considered a serious issue due to the regulatory and safety issues that may apply.” Earlier this month, Moore ran a scan to detect ATGs that are connected to the Internet through serial port servers that map ATG serial interfaces to the Internet-accessible TCP port 10001. This is a common set-up used by ATG owners to monitor the devices remotely. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New Technology Detects Cyberattacks By Their Power Consumption

http://www.darkreading.com/analytics/security-monitoring/new-technology-detects-cyberattacks-by-their-power-consumption-/d/d-id/1318669 By Kelly Jackson Higgins Dark Reading 1/20/2015 Startup’s “power fingerprinting” approach catches Stuxnet infection within seconds in DOE power grid test bed. A security startup launching early next week uses trends in power consumption activity, rather than standard malware detection, to spot cyberattacks against power and manufacturing plants. The technology successfully spotted Stuxnet in an experimental network before the malware went into action. PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the Defense Department, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance. The US Department of Energy’s Savannah River National Laboratory (SRNL) recently tested the PFP technology’s ability to detect Stuxnet on a Siemens SIMATIC S7-1200 PLC. Joe Cordaro, advisory engineer with SRNL, says the PFP system right away found Stuxnet on the PLC, before the infamous malware began to activate


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Microsoft Outlook Hacked In China, New Report Finds

http://techcrunch.com/2015/01/19/microsoft-outlook-hacked-in-china-new-report-finds/ By Sarah Perez Techtcrunch 1/19/2015 Only a few weeks after Google’s Gmail service was blocked in China, a new report from online censorship monitoring organization GreatFire.org released this morning states that Microsoft’s email system Outlook was recently subjected to a “man-in-the-middle” attack in China. This is a form of eavesdropping where the attacker inserts himself in between the victims’ connections, relaying messages between them while the victims’ continue believe they have a secure, private connection. Meanwhile, the attacker is able to read all the content they’re sharing. GreatFire.org was able to verify the attack itself, after receiving reports of its existence on January 17. It noted that IMAP and SMTP for Outlook were affected, but the web interfaces for Microsoft’s webmail services were not. (That is, Outlook.com and Login.live.com were not affected). The attack continued for a about a day, and has since stopped, the report states. Affected users were shown warning messages in their email clients that weren’t as immediately worrisome as those web browsers display, which means that some users may not have been aware that an attack was taking place. For example, in an example screenshot GreatFire.org posted, an iPhone warning message says “Cannot Verify Server Identity,” but asks if the user wants to continue anyway. However, when GreatFire.org reproduced the same result via the Firefox web browser, the message the browser offers is far more detailed, saying also that the error could means “that someone is trying to impersonate the site, and you shouldn’t continue.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail