Tag Archives: threats

My latest Gartner research: Best Practices for Detecting and Mitigating Advanced Threats, 2016 Update

Information security, network and communications practitioners must implement specific best practices to prevent, detect and mitigate advanced threats. These practitioners should leverage both existing and emerging security technologies in their security architectures. … …

Gartner customers can access this research by clicking here.


[ISN] Outrage: Iran deal commits U.S. to teach them how to defeat a cyber attack

http://www.americanthinker.com/blog/2015/07/outrage_iran_deal_commits_us_to_teach_them_how_to_defeat_a_cyber_attack_.html By Thomas Lifson American Thinker July 22, 2015 Perhaps the very worst aspect of the Iran deal reached in Vienna is the commitment of the U.S. and European powers to teach the Iranians how to resist attacks such as Stuxnet. Although it has received very little media coverage (Adam Kredo of the Free Beacon is the notable exception), the agreement states (buried on page 142 of the 159-page deal, in Annex III, under Civil Nuclear Cooperation, Section D, under Nuclear Safety, Safeguards and Security, item 10): 10. Nuclear Security E3/EU+3 parties, and possibly other states, as appropriate, are prepared to cooperate with Iran on the implementation of nuclear security guidelines and best practices. Co- operation in the following areas can be envisaged: 10. Co-operation in the form of training courses and workshops to strengthen Iran’s ability to prevent, protect and respond to nuclear security threats to nuclear facilities and systems as well as to enable effective and sustainable nuclear security and physical protection systems; 10. Co-operation through training and workshops to strengthen Iran’s ability to protect against, and respond to nuclear security threats, including sabotage, as well as to enable effective and sustainable nuclear security and physical protection systems. The language obviously s not limited to physical threats, so it must include advanced cyber warfare training. The Israelis are outraged. Ari Yasher of Israel National News writes: […]


My latest Gartner research: Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities

Deception techniques such as honeypots are not a new concept in security; however, new techniques and capabilities promise to deliver game-changing impact on how threats are faced. This research articulates how product managers can successfully use threat deception as a threat response tactic.

Gartner subscribers can read this research by clicking here.


[ISN] Senator Sasse: The OPM Hack May Have Given China a Spy Recruiting Database

http://www.wired.com/2015/07/senator-sasse-washington-still-isnt-taking-opm-breach-seriously/ By Senator Ben Sasse Security Wired.com 07.09.15 AS A NEWLY elected Senator, I am here to tell you a hard truth: Washington does not take cybersecurity seriously. But you probably already knew that if you’ve read anything about the massive OPM data breach. To recap today’s news from OPM, since 2013, a malicious attacker—likely the Chinese government—breached government databases and stole information on some 21 million federal employees. This included personal information like addresses and Social Security numbers. Most of these people held security clearances and for them it also included nearly 150 pages of material in what are called Standard Form 86s (SF-86), which detail nearly every aspect of their lives. Here’s the kicker: despite today’s jaw-dropping news, the attackers were in our networks so long that it may still be a while before we figure out everything they stole. Most news coverage has centered on federal employees. But that’s an incomplete picture because it’s now clear many victims never worked for the federal government. When applying for a security clearance with the SF-86, applicants list their family members, neighbors, co-workers, foreign contacts, and even college roommates. What this means is that not only do the hackers know lots of sensitive information about millions of government employees, they also know a great deal about many of the people they know and love. The implications for threats, intimidation, and blackmail are chilling. “Oh, you don’t want to sell out your country? OK, we get it. By the way, your parents still live at 2911 Rainbow Drive, right?” China may now have the largest spy-recruiting database in history. […]


[ISN] GAO: Early look at fed’s ‘Einstein 3’ security weapon finds challenges

http://www.networkworld.com/article/2946040/security0/gao-early-look-at-feds-einstein-3-security-weapon-finds-challenges.html By Michael Cooney Network World July 9, 2015 When it comes to the government protecting all manner of state and personal information, the feds can use all the help it can get. One of the most effective tools the government has is the National Cybersecurity Protection System (NCPS), known as “EINSTEIN.” In a nutshell EINSTEIN is a suite of technologies intended to detect and prevent malicious network traffic from entering and exiting federal civilian government networks. The Government Accountability Office has been tracking EINSTEIN’s implementation since about 2010 and will later this year issue an update on the status of the system. But this week, it included some details of its report in an update on the state of federal security systems, and all is not well. Preliminary EINSTEIN observations from the GAO: •The Department of Homeland Security [which administers EINSTEIN] appears to have developed and deployed aspects of the intrusion detection and intrusion prevention capabilities, but potential weaknesses may limit their ability to detect and prevent computer intrusions. For example, NCPS detects signature anomalies using only one of three detection methodologies identified by NIST: signature-based, anomaly-based, and stateful protocol analysis. Further, the system has the ability to prevent intrusions, but is currently only able to proactively mitigate threats across a limited subset of network traffic (i.e., Domain Name System traffic and e-mail). […]


[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


[ISN] Why Cyber War Is Dangerous for Democracies

http://www.theatlantic.com/international/archive/2015/06/hackers-cyber-china-russia/396812/ By MOISÉS NAÍM The Atlantic June 25, 2015 This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.” Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. Around the time that Snowden published his article, hackers broke into the computer systems of the U.S. Office of Personnel Management and stole information on at least 4 million (and perhaps far more) federal employees. The files stolen include personal and professional data that government employees are required to give the agency in order to get security clearances. The main suspect in this and similar attacks is China, though what affiliation, if any, the hackers had with the Chinese government remains unclear. According to the Washington Post, “China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary.” […]


[ISN] Cyber war in Ukraine: How NATO is helping the country defend itself against digital threats

http://www.zdnet.com/article/ukraines-cyber-warfare-how-nato-helps-the-country-defend-itself-against-digital-threats/ By Andrada Fiscutean Central European Processing ZDNet News June 11, 2015 Ukraine’s recent history has been dramatic, with border changes, riots, the occupation of government buildings, and bloodshed. Behind all this, a quiet conflict, free of gunfire but equally hard-fought, has been taking place in the online world. DDoS attacks and communications jamming has lead to misinformation in an already confused country. Now, North Atlantic Alliance nations are joining forces to help Ukraine protect its digital space. Albania, Estonia, Hungary, Poland, Portugal, Romania, and Turkey have offered financial or in-kind contributions to Ukraine’s Cyber Defense Trust Fund, a program agreed by world leaders during a NATO summit held last September in Wales. US president Barack Obama, British prime minister David Cameron, German chancellor Angela Merkel, and French president François Hollande all participated. “The technical requirements for the implementation of this project have been set up and the negotiations for the necessary legal arrangements are at an advanced stage,” a NATO official in Brussels told ZDNet. “NATO needs to keep abreast of the rapidly changing threat landscape and to maintain a robust cyber-defence,” he added. […]