My Latest Gartner Research: Context-Aware Security and Intelligence-Sharing Concepts Merge to Create Intelligence-Aware Security Controls

… security enforcement mechanisms toward a sharing of security intelligence to improve security. Not all security technologies are currently capable of sharing intelligence, and many currently lack significant intelligence-sharing maturity and response-orchestration capability. The most important benefits ofintelligence sharing will come from sharing and the subsequent …

Gartner clients may access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data By Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack Bloomberg Businessweek Technology March 13, 2014 The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers. It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified. On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then… Nothing happened. For some reason, Minneapolis didn’t react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Top Gun takeover: Stolen F-35 secrets showing up in China’s stealth fighter

http://www.washingtontimes.com/news/2014/mar/13/f-35-secrets-now-showing-chinas-stealth-fighter/ By Bill Gertz Washington Free Beacon March 13, 2014 A cyber espionage operation by China seven years ago produced sensitive technology and aircraft secrets that were incorporated into the latest version of China’s new J-20 stealth fighter jet, according to U.S. officials and private defense analysts. The Chinese cyber spying against the Lockheed Martin F-35 Lightning II took place in 2007 under what U.S. intelligence agencies codenamed Operation Byzantine Hades, a large-scale, multi-year cyber program that targeted governments and industry. Defense officials said the stolen data was obtained by a Chinese military unit called a Technical Reconnaissance Bureau in the Chengdu province. The data was then passed to the state-run Aviation Industry Corp. of China (AVIC). An AVIC subsidiary, the Chengdu Aircraft Industry Group, used the stolen data in building the J-20, said defense and intelligence officials familiar with reports of the illicit tech transfer. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Pwn2Own: The perfect antidote to fanboys who say their platform is safe

http://arstechnica.com/security/2014/03/pwn2own-the-perfect-antidote-to-fanboys-who-say-their-platform-is-safe/ By Dan Goodin Ars Technica March 13, 2014 For the past seven years, an annual hacker competition that pays big cash prizes has driven home the point that no Internet-connected software, regardless of who made it, is immune to exploits that surreptitiously install malware on the underlying computer. The first day of this year’s Pwn2Own 2014 and the companion contest that ran concurrently stuck with much the same theme, with successful hacks of the Internet Explorer, Firefox, and Safari browsers and Adobe’s Flash and Reader applications. Contestants from Vupen, the France-based firm that sells fully weaponized exploits to governments it deems non-repressive, fetched $400,000 during day one of the two-day event. The haul came from exploits that allowed team members to gain full control over IE, Firefox, Flash, and Reader. Vupen’s Firefox attack was one of three hacks that successfully compromised the Mozilla browser, with researchers Mariusz Mlynski and Juri Aedla also taking it down, feats that won them $50,000 each. At the Pwn4Fun contest held at the same CanSecWest security conference, researchers from Google toppled Apple’s Safari browser, and their counterparts from HP commandeered IE. During day two, Chrome was on tap to be tested. If it is successfully felled, it wouldn’t be the first time. Meanwhile, George “GeoHot” Hotz, the hacker who famously bypassed the copyright restrictions of the Sony PlayStation 3, reportedly became the fourth contestant to defeat Firefox during day two. Update: Vupen has reportedly pwned Chrome as well. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China’s Hackers to Target U.S. Entertainment Industry, Security Firm Warns

http://variety.com/2014/digital/news/chinas-hackers-to-target-u-s-entertainment-industry-security-firm-warns-1201131720/ David S. Cohen Senior Editor, Features Variety.com March 13, 2014 A new report from cybersecurity firm FireEye warns that the U.S. film and entertainment industries could come under cyberattack from Chinese hackers intent on undermining companies’ content, technology and internal communications. “China’s Soft Power Strategy and Cyber Intrusions: What Hollywood Should Know,” due to be officially published next week, posits that Chinese authorities see U.S. domination of filmed entertainment as a strategic advantage for America, and want that advantage for China. “We judge that links between China’s soft power strategy (in this case, their cultural means of influence) and its designation of ‘creative industries’ as strategic, provides the motivation for groups to commit cyber espionage,” says the report. Of course, FireEye sells threat protection and stands to gain financially if the entertainment industry invests in cyber-security. But cybersecurity expert Hemanshu Nigam, founder of SSP Blue, says China’s cyber threat to the entertainment industry is already well known. “When your’e doing business with a country or company that has very different beliefs than the American value system, there’s always a chance this kind of thing can happen,” Nigam told Variety. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A Close Look at the NSA’s Most Powerful Internet Attack Tool

http://www.wired.com/opinion/2014/03/quantum/ By Nicholas Weaver Wired.com 03.13.14 We already knew that the NSA has weaponized the internet, enabling it to “shoot” exploits at anyone it desires. A single web fetch, imitated by an identified target, is sufficient for the NSA to exploit its victim. But the Edward Snowden slides and story published yesterday at The Intercept convey a wealth of new detailed information about the NSA’s technology and its limitations. First, it’s clear that the NSA has settled on a system called QUANTUM as its preferred, if not near-universal, internet exploitation mechanism. QUANTUM is vastly more effective than just sending spam. But since its launch at NSA, the program has clearly suffered from both mission creep and target creep. If NSA only used QUANTUM to attack wannabee terrorists attempting to read Inspire, hardly anyone would object. But instead the agency expanded it greatly, not only in target scope (including its confirmed use against Belgacom) but also in functionality. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail