Tag Archives: malware

My latest Gartner research: Best Practices for Detecting and Mitigating Advanced Persistent Threats

Information security practitioners must implement specific strategic and tactical best practices to detect and mitigate advanced persistent threats and targeted malware by leveraging both existing and emerging security technologies in their security architectures. Management silos between network, edge, endpoint and data security systems can restrict an organization’s ability to prevent, detect and respond to advanced attacks. Adversaries continue to use social engineering and social networks to target sensitive roles or individuals within …

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attention, Cyber Pros: The Pentagon Wants You — 3, 000 of You

http://www.nextgov.com/cybersecurity/2015/03/pentagon-has-until-2016-extend-3000-jobs-offers-civilian-cyber-whizzes/106842/ By Aliya Sternstein Nextgov.com March 5, 2015 The military has been given the go-ahead to fast-track the hiring of 3,000 computer whiz civilians, in part, to flesh out the half-staffed U.S. Cyber Command, federal officials announced Thursday. Yesterday, command leaders told Congress they need to be able to quicker make compensation deals with prospective employees, as threats from nation state hackers mount. The permission slip the Office of Personnel Management signed applies to the entire Defense Department, including the command, according to a notice posted in the Federal Register. The 5-year-old command organizes cyberattacks against adversaries and network defense operations. The pay scale for the new Defense positions starts at $42,399 and goes up to $132,122. Under the arrangement, the Pentagon can skip the process of rating applicants based on traditional competitive criteria. Instead, the department can offer jobs based on the candidate’s unique skills and knowledge. The special qualifications include the ability to analyze malware, respond to incidents, manage cyber fire drills and detect vulnerabilities, among other things. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 6 Biggest Blunders in Government’s Annual Cyber Report Card

http://www.nextgov.com/cybersecurity/2015/03/6-biggest-blunders-governments-annual-cyber-report-card/106512/ By Aliya Sternstein Nextgov.com March 2, 2015 The White House has released its yearly assessment of agency compliance with the governmentwide cyber law known as the Federal Information Security Management Act. And given the spate of breaches and hacks that hit both government and the private sector, the results may not be all that surprising. Sensitive agency data is often not encrypted. Many departments do not use two-step verification for accessing government networks, despite post-Sept. 11 requirements that employees carry login smart cards. And cyber training is deficient in one of the most unlikely areas… 2014’s Biggest Federal Computer Security Blunders 1. Federal agencies reported 15 percent more information security incidents in fiscal 2014 compared to fiscal 2013, rising from 60,753 to nearly 70,000 events. These incidents included phishing attempts, malware infections and denial-of-service attacks, as well as leaks of paper records and sensitive emails sent without encryption. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Anthem Breach Evidence Points to China, Security Researchers Say

http://www.eweek.com/security/anthem-breach-evidence-points-to-china-security-researchers-say.html By Robert Lemos eWEEK.com 2015-02-28 A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or “open-source” intelligence, security researchers at ThreatConnect and other companies found technical evidence that linked the malware reportedly used in the Anthem attack to a Chinese espionage group and a professor at Southeast University, which works with a government contractor, Beijing Topsec Technology Co. A variety of evidence—including email addresses, domains registered for the command-and-control servers and the certificate used to sign the malware—led back to the trio of actors, Rich Barger, chief intelligence officer for ThreatConnect, told eWEEK. “All of this evidence, from the technical aspect, pointed back to China in numerous ways despite the actors’ best efforts to shroud their origins,” Barger said. “They made an effort to hide, but they messed up.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Europol disrupts cybercrime ring that infected millions of PCs

http://uk.reuters.com/article/2015/02/25/uk-cybersecurity-europe-idUKKBN0LT0U020150225 BY ANTHONY DEUTSCH AND JIM FINKLE AMSTERDAM/BOSTON Reuters.com Feb 25, 2015 (Reuters) – A cybercrime operation that stole banking information by hacking more than 3 million computers in Indonesia, India and other countries has been disrupted by European police with assistance from three technology companies, officials said on Wednesday. The European Cybercrime Centre at Europol, the European police agency, coordinated the operation out of its headquarters in The Hague, targeting the so-called Ramnit botnet, a network of computers infected with malware. Working with investigators from Germany, Italy, the Netherlands and Britain, it was assisted by AnubisNetworks, a unit of BitSight Technologies; Microsoft Corp and Symantec Corp in dismantling the server infrastructure used by the criminals, Europol said. “The criminals have lost control of the infrastructure they were using,” Paul Gillen, head of operations at Europol’s cybercrime centre, told Reuters. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How hackers could attack hard drives to create a pervasive backdoor

http://arstechnica.com/information-technology/2015/02/how-hackers-could-attack-hard-drives-to-create-a-pervasive-backdoor/ By Sean Gallagher Ars Technica Feb 18, 2015 News that a hacking group within or associated with the National Security Agency compromised the firmware of hard drive controllers from a number of manufacturers as part of a 14-year cyber-espionage campaign has led some to believe that the manufacturers were somehow complicit in the hacking—either by providing source code to controller firmware or other technical support. But it’s long been established that hard drive controllers can be relatively easily reverse-engineered without any help from manufacturers—at least, without intentional help. Despite keeping hardware controller chip information closed, hard drive manufacturers’ use of standard debugging interfaces makes it relatively simple to dump their firmware and figure out how it works—even inserting malicious code that can trigger specific behaviors when files are accessed. Reverse-engineering it to the point of creating a stable alternative set of firmware for multiple vendors’ hard disk controllers that also includes persistent malware, however, is a significant feat of software development that only the most well-funded attacker could likely pull off on the scale that the “Equation group” achieved. Hard drive controller boards are essentially small embedded computers unto themselves—they have onboard memory, Flash ROM storage, and a controller chip that is essentially a custom CPU (usually based on the ARM architecture). They also generally have diagnostic serial ports, or other interfaces on the board, including some based on the JTAG board debugging interface. Using software such as Open On Chip Debugger (OpenOCD), you can even dump the “bootstrap” firmware from the controller and analyze it with an ARM disassembler. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Lenovo installs adware on customer laptops and compromises ALL SSL.

http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/ By Marc Rogers FEBRUARY 19, 2015 A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE. We trust our hardware manufacturers to build products that are secure. In this current climate of rising cybercrime, if you cant trust your hardware manufacturer you are in a very difficult position. That manufacturer has a huge role to play in keeping you safe – from releasing patches to update software when vulnerabilities are found to behaving in a responsible manor with the data the collect and the privileged access they have to your hardware. When bad guys are able to get into the supply chain and install malware it is devastating. Often users find themselves with equipment that is compromised and are unable to do anything about it. When malware is installed with the access a manufacturer has it buries itself deep inside the system often with a level of access that often takes it beyond the reach of antivirus or other countermeasures. This is why it is all the more disappointing – and shocking – to find a manufacturer doing this to its customers voluntarily. Lenovo has partnered with a company called Superfish to install advertising software on it’s customer’s laptops. Under normal circumstances this would not be cause for concern. However Superfish’s software has quite a reputation. It is a notorious piece of “adware”, malicious advertising software. A quick search on Google reveals numerous links for pages containing everything from software to remove Superfish to consumers complaining about the presence of this malicious advertising tool. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Is this the future of cyberwarfare?

http://america.aljazeera.com/watch/shows/america-tonight/articles/2015/2/5/blackenergy-malware-cyberwarfare.html By Aaron Ernst Al Jazeera America February 5, 2015 Five years ago, the most sophisticated cyber weapon the world had ever seen ravaged Iran’s nuclear program. Allegedly developed by the U.S. and Israel, the complex virus infected the computer system that ran the centrifuges. Slight tweaks to the software caused hundreds of the centrifuges to self-destruct, setting the program back years. The malware was dubbed Stuxnet. Traditionally, foreign governments have used malware to spy and steal. But this was something entirely different. “Stuxnet, it is a weapon, it’s not ‘like’ a weapon,” says German computer security expert Ralph Langner, who was the first to identify how the virus worked. “It is a weapon because it was designed to cause physical damage.” Now, Langner worries that Stuxnet could come back to haunt the U.S. Those same vulnerabilities in Iran’s nuclear control systems that the malware exploited can be found in similar systems throughout America. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail