Tag Archives: activity

[ISN] Startup finds malware intrusions by keeping an eye on processor radio frequencies

http://www.networkworld.com/article/2875517/security0/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.html By Tim Greene Network World Jan 26, 2015 PFP Cybersecurity, a startup with roots in academia and the military, seeks out malware by analyzing the performance of hardware – not software and not the behavior of devices on the network. PFP’s system compares ongoing radio-frequency output from processors to a baseline that is established when the device is known to be performing legitimate tasks. When it detects anomalies that might represent malicious activity, it triggers alarms. Then it’s up to other tools to figure out what exactly is behind the problem. The system could be used to keep an eye on a large number of similar devices all performing the same task, such as those found in supervisory control and data acquisition (SCADA) networks that support power grids, chemical plants and the like. Savannah River National Laboratory is considering the gear for to protect its smart-grid relays. The system could also be used to check new devices as they are delivered from the plants where they are made in order to find faulty ones or ones that have been tampered with, the company says. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New Technology Detects Cyberattacks By Their Power Consumption

http://www.darkreading.com/analytics/security-monitoring/new-technology-detects-cyberattacks-by-their-power-consumption-/d/d-id/1318669 By Kelly Jackson Higgins Dark Reading 1/20/2015 Startup’s “power fingerprinting” approach catches Stuxnet infection within seconds in DOE power grid test bed. A security startup launching early next week uses trends in power consumption activity, rather than standard malware detection, to spot cyberattacks against power and manufacturing plants. The technology successfully spotted Stuxnet in an experimental network before the malware went into action. PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the Defense Department, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance. The US Department of Energy’s Savannah River National Laboratory (SRNL) recently tested the PFP technology’s ability to detect Stuxnet on a Siemens SIMATIC S7-1200 PLC. Joe Cordaro, advisory engineer with SRNL, says the PFP system right away found Stuxnet on the PLC, before the infamous malware began to activate


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] PHI of 485K swiped in USPS data breach

http://www.healthcareitnews.com/news/phi-485k-swiped-usps-data-breach By Erin McCann Managing Editor Healthcare IT News January 5, 2015 What United States Postal Service officials originally reported as a “cybersecurity intrusion” that compromised the Social Security numbers of some 800,000 USPS employees, turned out to be even bigger than they thought, involving scores of protected health records too. The cyberattack, which targeted USPS information systems, compromised employee Social Security numbers, addresses and dates of birth. However, upon a “continuing” investigation, USPS officials discovered the cyberattack also involved a compromise of current and former employee injury claim data, according to a USPS patient notification letter provided to Healthcare IT News. The file hacked contained injury compensation claims dating as far back as November 1980. “We are unaware of any evidence that any of the compromised employee information has been used to engage in any malicious activity, such as identity theft crimes,” wrote Jeffrey Williamson, USPS chief human resources officer, in the Dec. 10 letter. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Can Iran Turn Off Your Lights?

http://www.defenseone.com/technology/2014/12/can-iran-turn-your-lights/100821/ By Patrick Tucker Defense One December 9, 2014 Online security company Cylance released a report last week showing that an Iranian cyber-espionage operation “Operation Cleaver” had successfully breached U.S. and foreign military, infrastructure and transportation targets. The report claimed to confirm widely-suspected Iranian hacks of the unclassified Navy Marine Core Intranet system, NMCI, in 2013. It describes (with explicitly naming) more than 50 targets around the world, including players in energy and transportation. But is the Iranian cyber threat overblown? The tactics detailed in the report show an escalation of Iranian hacking activity, which the report’s writers, in several instances, refer to as rapid. “We observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort. As Iran’s cyber warfare capabilities continue to morph the probability of an attack that could impact the physical world at a national or global level is rapidly increasing. Their capabilities have advanced beyond simple website defacements, Distributed Denial of Service (DDoS) attacks, and Hacking Exposed style techniques,” the report states. The Operation Cleaver team found vulnerabilities in the Search Query Language or SQL coding in various target systems and then used those SQL vulnerabilities to inject secret commands into back servers (a tactic called SQL injection). They were then able to upload new tools into the systems allowing for more data theft and access. The tools enabled the hackers to capture a wide number of administrator passwords (a technique known as credential dumping) and even log keystrokes on affected computers. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Technology Snob’s Favorite Hacker Group

http://www.slate.com/articles/technology/future_tense/2014/12/anonymous_vs_lulzsec_the_technology_snob_s_favorite_hacker_group.html By Gabriella Coleman Slate.com Dec. 8 2014 This essay is adapted from Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous, by Gabriella Coleman, published by Verso. On the evening of Thursday, Dec. 11, Coleman will be discussing her book with the ACLU’s Christopher Soghoian at a free Future Tense happy hour event in Washington, D.C. For more information and to RSVP, click here. Here is a question without an easy answer: Who is Anonymous? I have spent more than half a decade spending copious time with Anonymous on chat rooms, during protests, and interviewing participants. Still this question has no easy or at least straightforward answer. Various groups of hackers, technologists, activists, geeks, and unknown parties use the name to organize diverse genres of collective action. These have ranged from humiliating hacks against security firms to technological support for Occupiers or Arab revolutionaries. In some instances, a multitude participates, as was the case with one of their most famous interventions: Operation Payback from December 2010. Anonymous targeted the websites of PayPal and MasterCard after they ceased accepting donations for WikiLeaks. Anonymous has also involved smaller and more exclusive hacker groups such as LulzSec and Antisec. LulzSec—a crew of renegade hackers who broke away from Anonymous—engaged in a startling 50-day catalytic run that began in early May 2011 and abruptly ended in mid-June, soon after one of their own, Sabu, was apprehended and flipped in less than 24 hours by the FBI. Among LulzSec’s targets were Sony Music Japan, Sony Pictures, Sony BMG (Netherlands and Belgium), PBS, the Arizona Department of Public Safety, the U.S. Senate, the U.K. Serious Organized Crime Agency, Bethesda Softworks, AOL, and AT&T. Despite the avalanche of activity—and numerous intrusions—LulzSec, when compared with Anonymous, was more manageable and contained, at least from an organizational perspective. Its members also hacked with impunity, finally making good on the 2007 Fox News claim that Anonymous was comprised of “hackers on steroids.” Even the haughtiest of security hackers—those technologists whose skills are channeled toward fortifying computer security—who had earlier snubbed Anonymous cheered on LulzSec. Old-school black hats lived vicariously through LulzSec, in awe of its swagger, its fuck-you-anything-goes attitude, and its bottomless appetite for exposing the pathetic state of Internet security. One Anon Anon (as members of Anonymous call themselves), also once active in the black-hat scene, put it this way in an interview with me: “LulzSec seemed to have a sort of fully formed mythos straight out of the gate while other hacker groups like Cult of the Dead Cow took decades to achieve that.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The 10 Biggest Bank Card Hacks

http://www.wired.com/2014/12/top-ten-card-breaches/ By Kim Zetter Threat Level Wired.com 12.02.14 The holiday buying season is upon us once again. Another event that has arrived along with the buying season is the season of big box retailer data breaches. A year ago, the Target breach made national headlines, followed shortly thereafter by a breach at Home Depot. Both breaches got a lot of attention, primarily because the number of bank cards affected was so high—more than 70 million debit and credit card numbers exposed in the case of Target and 56 million exposed at Home Depot. Luckily, very little fraudulent activity occurred on the stolen card numbers, primarily because the breaches were caught fairly soon, making them relatively minor incidents in the scheme of things, compared with other breaches that have occurred over the years that resulted in losses of millions of dollars. The Target breach was notable for one other reason, however: when it came to security, the company did many things right, such as encrypting its card data and installing a multi-million-dollar state-of-the-art monitoring system not long before the breach occurred. But although the system worked exactly as designed, detecting and alerting workers when it appeared that sensitive data was being exfiltrated from its network, workers failed to act on these alerts to prevent data from being stolen. Below, we look back on a decade of notable breaches, many of which happened despite the establishment of Payment Card Industry security standards that are supposed to protect cardholder data and lessen the chance that it will be stolen or be useful to criminals even when it’s nabbed. The PCI security standard (.pdf) which went into effect in 2005, is a list of requirements — such as installing a firewall and anti-virus software, changing vendor default passwords, encrypting data in transit (but only if it crosses a public network) — that companies processing credit or debit card payments are required by card companies to have in place. Companies are required to obtain regular third-party security audits from an approved assessor to certify ongoing compliance. But nearly every company that was victim to a card breach was certified as compliant to the PCI security standard at the time of the breach, only to be found noncompliant in a post-breach assessment. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] HSBC Turkey Confirms Card Breach

http://www.bankinfosecurity.com/hsbc-turkey-confirms-card-breach-a-7558 By Jeffrey Roman Bank Info Security November 12, 2014 HSBC Turkey confirms that a recent cyber-attack exposed payment card information for 2.7 million customers. The bank is a subsidiary of London-based HSBC Group, which has operations worldwide in 74 countries and territories. Information compromised in the breach includes debit and credit cardholder names, account numbers and expiration dates. The bank says that, so far, it has not seen any evidence of fraud or other suspicious activity arising from the incident. HSBC Turkey detected the attack in the past week through its internal security controls, according to an FAQ. The attack was limited to Turkey, and all card operations have been restored to normal functioning, the bank says. No other details about the nature of the incident were revealed. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail