Search This Blog

Friday, June 12, 2015

Security Management Weekly - June 12, 2015


  Learn more! ->   sm professional  

June 12, 2015
Corporate Security
Sponsored By:
  1. "Union Believes Data Breach Was Worse Than Disclosed"
  2. "New Chinese Security Laws Rattle U.S. and European Businesses"
  3. "Weak Internet Security Leaves U.S. Elections Agency Vulnerable to Hackers, Reports Find"
  4. "Response to Cyber Threats Found Lacking"
  5. "China’s Hack of U.S. Data Tied to Health-Care Record Thefts"

Homeland Security
Sponsored By:
  1. "Islamic State Isn’t Just Destroying Ancient Artifacts — It’s Selling Them"
  2. "Report: TSA Missed 73 Terrorism-Flagged Airline Workers"
  3. "Manhunt for Escaped New York Inmates Expands to Vermont"
  4. "2 Deadly Train Derailments in 18 Months Prompt New Safety Advisory"
  5. "Obama Looks at Adding Bases and Troops in Iraq, to Fight ISIS"

Cyber Security
Sponsored By:
  1. "IRS, Tax-Preparation Firms Join Forces to Combat Return Fraud"
  2. "Experts Warn Utilities to Watch for Cyberattacks Via Substation Break-Ins"
  3. "Hackers May Have Obtained Names of Chinese With Ties to U.S. Government"
  4. "Businesses Face Spike in Ransomware Attacks, Reports McAfee Labs"
  5. "Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks"




Union Believes Data Breach Was Worse Than Disclosed
Wall Street Journal (06/12/15) Paletta, Damian

The American Federation of Government Employees (AFGE) has criticized the Office of Personnel Management's (OPM's) handling of a widespread breach of security data. The union called the event “an abysmal failure” on the part of OPM and argued that it was much worse than previously reported. AFGE alleges that hackers, who are believed by some officials to be based in China, were able to obtain “all personnel data for every federal employee” and millions of former employees, such as Social Security numbers. The union believes that the data were not encrypted. J. David Cox, the union's national president, said that his figures on the breach were unclear, which he blamed on OPM and the “sketchy information” he received from the agency. Cox believes that OPM's “Central Personnel Data File” was hacked, although the agency has not officially identified which of its many data networks was involved in the breach. Investigators believe that the hackers had access to the network for at least a year.

New Chinese Security Laws Rattle U.S. and European Businesses
Washington Post (06/10/15) Denyer, Simon

American and European businesses are protesting a trio of proposed Chinese security laws that they say would make it much more difficult for them to operate in China. The proposed laws in question are a draft National Security Law, a piece of legislation reviewing national security issues in China's free trade zones, and a law meant to regulate foreign non-governmental organizations (NGOs). Experts say that the laws reflect growing concern in the Chinese government that foreign forces are working to overthrow the Chinese Communist Party. However, the laws are meeting with a great deal of pushback from the international business community which sees them as overreaching and a potential threat to their ability to do business in China. Joerg Wuttke, president of the European Chamber of Commerce in China, says that the definition of national security in the laws is so broad that it could give the Chinese government very broad and arbitrary authority over foreign businesses. Recently, a group of more than 40 American trade and lobbying groups sent a letter to China's National People's Congress saying the NGO law could hamper their operations in China. That law would require foreign NGOs to partner with a government agency "sponsor," provide detailed descriptions of their work and funding, and puts them under direct government supervision.

Weak Internet Security Leaves U.S. Elections Agency Vulnerable to Hackers, Reports Find
Wall Street Journal (06/11/15) Mullins, Brody; Ballhaus, Rebecca

A trio of reports composed late last year say the Federal Election Commission has failed to implement improvements to its Internet security following a successful hack of the agency in 2013, leaving it vulnerable and potentially impairing its ability to carry out some of its primary functions. The hack, linked to China, occurred in October 2013, during the government shutdown. It took the FEC weeks to get its campaign-finance disclosure system back in action. However, the reports show the agency has failed to take adequate action to protect itself both before and after the 2013 hack. "Due to a lack of proper planning, FEC has struggled in prior years to implement corrective actions that address the vulnerabilities to FEC's information and information systems," concluded one of the reports from an independent auditor, adding the FEC's systems "remain at risk." Among the agency's deficiencies is the fact that it does not adhere to government-wide standards for data security and lacks a full-time employee overseeing IT security. However, the reports did note the FEC began making significant improvements last year, including partnering with the Department of Homeland Security to assess its network vulnerabilities, and increasing its IT budget by $2.6 million.

Response to Cyber Threats Found Lacking
CFO (06/15) Heller, Matthew

Seventy-six percent of risk managers said the loss of confidentiality of information was the biggest cyber risk, followed by 16 percent who cited service interruption and 5 percent who cited government intrusion, according to a recent The Hartford Steam Boiler Inspection and Insurance Company (HSB) survey conducted at the Risk & Insurance Management Society (RIMS) conference in April. About 70 percent of U.S. businesses experienced at least one hacking incident in 2014, and more than 50 percent of risk managers say that their businesses are not doing enough to prevent cyberattacks. Fifty-three percent of risk managers were concerned about the breach of personally identifiable information, 33 percent were concerned about the breach of sensitive corporate information, and 14 percent were concerned about the breach of financial information. Thirty-two percent of risk managers surveyed said they would be interested in intrusion detection/penetration testing, 25 percent would be interested in employee education programs, and 25 percent were interested in encryption. About 36 percent of businesses do not have any level of cyber insurance, while 46 percent said their business had purchased cyber insurance for the first time or increased its coverage levels in the last year.

China’s Hack of U.S. Data Tied to Health-Care Record Thefts
Bloomberg (06/05/15) Riley, Michael; Walcott, John

The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies. Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc. The cyber-intelligence company works with federal investigators. The thefts are thought to be part of a broader effort by Chinese hackers to obtain health-care records and other personal information stored on millions of U.S. government employees and contractors from various sources, including insurers, government agencies and federal contractors, said a U.S. intelligence official, speaking on condition of anonymity. The data could be used to target individuals with access to sensitive information who have financial, marital or other problems and might be subject to bribery, blackmail, entrapment and other espionage tools, the official said.

Islamic State Isn’t Just Destroying Ancient Artifacts — It’s Selling Them
Washington Post (06/09/15) Morris, Loveday

Islamic State militants have destroyed ancient monuments, but they have also been quietly selling off smaller antiquities from Iraq and Syria, earning millions of dollars, according to officials. Qais Hussein Rasheed, Iraq’s deputy minister for antiquities and heritage, said "they steal everything that they can sell, and what they can't sell, they destroy." In a video released earlier this year, the Islamic State showed its fighters drilling off the faces of the mighty stone-winged bulls on the gates of the city of Nineveh. They destroyed statues at Mosul's museum, but many of those items were replicas of antiquities kept in Baghdad, Iraqi officials said. They added that anything small enough to move was likely sold off or stockpiled by the militants. The Islamic State now grants licenses for the excavation of ancient sites through its “Diwan al-Rikaz," a governing body for overseeing resources in the “caliphate.” Aymenn al-Tamimi, a researcher on jihadist groups, said the group has "incorporated the activity of excavation into its bureaucracy." Additionally, Iraqi officials believe trade of the artifacts is the group's second most important commercial activity, earning the militants tens of millions of dollars. Deborah Lehr, the co-founder of the Antiquities Coalition, which aims to end “cultural racketeering," said smaller items from Iraq and Syria are widely sold online. She noted that there needs to be better regulation and the "public needs to know that by purchasing these items, people are potentially funding terrorism."

Report: TSA Missed 73 Terrorism-Flagged Airline Workers
Politico (06/08/15) Gass, Nick

A recent report from the Transportation Security Administration inspector general revealed that the agency failed to identify at least 73 people employed in the airline industry who were on the no-fly list. All 73 people in question were cleared to access secure airport areas despite being flagged under various terrorism-related codes. The TSA claimed that the alarming report was due in part to the agency not being authorized to receive all the available information. Instead of conducting criminal history and authorization checks itself, the TSA assigned the tasks to individual airports. This meant that the TSA had virtually no assurance that applicants were properly vetted. Thousands of records had missing or incomplete data. The news is another blow to the TSA after a stunning report revealed that the TSA failed to identify undercover agents from smuggling banned items through airport security.

Manhunt for Escaped New York Inmates Expands to Vermont
Reuters (06/11/15) Goldberg, Barbara

More than 450 federal, state, and local law enforcement agents are searching for two inmates who escaped from Clinton Correctional Facility in Dannemora, N.Y., and expanded the search to Vermont on Wednesday. Richard Matt, 48, and David Sweat, 34, have set a record for the longest jailbreak in New York history, authorities said. They escaped from the facility by cutting through steel walls, squeezing through a steam pipe, and emerging from a manhole. Investigators were searching the area north of New York's Adirondack Park and into Vermont, and police closed a stretch of highway miles from the prison to investigate a lead.

2 Deadly Train Derailments in 18 Months Prompt New Safety Advisory
Washington Post (06/10/15) Laris, Michael

On Tuesday, the Federal Railroad Administration issued a new safety advisory directing commuter rail services to take action to prevent derailments. The advisory comes after last month's deadly Amtrak derailment in Philadelphia and the December 2013 derailment of a Metro-North commuter train in the Bronx that killed four people. In both instances, the trains were traveling at more than double the speed limit going into a curve in the track. The advisory is similar to an emergency order issued to Amtrak in the wake of the derailment last month. Both advise railroads to identify sections of the track where the speed limit approaching a curve is more than 20mph faster than the speed limit of the curve, and implement safety systems that could prevent trains from traveling into the curves too fast. The new advisory says that where this is not possible, commuter lines should take other action, such as having two engineers present in the cab when approaching such curves. A recent survey by the American Public Transportation Association found that only 29 percent of commuter rail agencies expect to meet a federally-mandated December deadline to implement automatic-braking technology called positive train control. Freight companies say they expect to have completed installation on only 18 percent of their tracks, some of which are used by commuter trains, by the deadline.

Obama Looks at Adding Bases and Troops in Iraq, to Fight ISIS
New York Times (06/12/15) Baker, Peter; Cooper, Helene; Gordon, Michael R.

White House officials on Thursday said that President Obama is open to the idea of expanding the American military footprint in Iraq with a network of new bases potentially staffed by hundreds of additional U.S. troops to help support and train the Iraqi security forces in their fight against the Islamic State (IS). The idea was put forward by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, on Thursday, when he described a network of "lily pads" in Iraq modeled on a new base being established at Al Taqqadum in Anbar province. That base will be staffed by an additional 450 American troops and is designed to help train and provide support to Sunni militias and the Iraqi army in anticipation of an operation to retake the nearby city of Ramadi, which fell to IS last month. Dempsey said he could envision similar bases being set up in other strategic areas of Iraq. White House officials say that the President is open to the idea, but stress that no actual proposal has been presented to him yet and that he is unlikely to make any decision on the issue for several weeks.

IRS, Tax-Preparation Firms Join Forces to Combat Return Fraud
Wall Street Journal (06/12/15) McKinnon, John D.; Saunders, Laura

IRS is partnering with states and tax-preparation companies to determine ways to strengthen tax-filing security and ward off hackers who steal data and attempt refund fraud. New measures may include stronger validation of taxpayers' identities when filing returns, and more sharing of data about trends in identity fraud. “We're asking every company that helps taxpayers file returns to provide us information that will add layers of security and step up their pre-refund authentication,” IRS Commissioner John Koskinen said Thursday. These companies are also encouraged to inform IRS of any suspicious activity or patterns of fraud. Newly identified data, such as the Internet address and computer associated with the return, could help authenticate a taxpayer's identity and detect potential fraud. IRS has stopped about 3 million fraudulent filings this year, up nearly 30 percent from 2014. The agency lost more than $5.8 billion to identity-theft fraud in 2013, according to the Government Accountability Office.

Experts Warn Utilities to Watch for Cyberattacks Via Substation Break-Ins
SNL (06/08/15) Whieldon, Esther

Security experts are warning utilities to be mindful of cyberattacks and break-ins after someone broke into a Pacific Gas and Electric Co. substation in March. That intruder was able to shut down the facility's monitoring and control equipment before fleeing from security guards. Industry insiders say it is only a matter of time before a transmission substation is hacked and has its coding changed. Another potential threat is the possibility of someone plugging in a thumb drive that could hack a utility's primary systems. Substation break ins, copper thefts, and other crimes have been problems for years, but officials note that cyberattacks are relatively new and security personnel at smaller utilities may be unprepared to respond to them. Michael Assante, head of the SANS Institute's training on security for industrial control systems, says employees may not know what to look for and computer systems may not be built to defend from an attack. In the March incident at the Pacific Gas and Electric Co. facility, the intruder was able to cause serious damage to the facility. Law enforcement has been investigating, but no suspects have been arrested.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government
New York Times (06/11/15) P. A1 Sanger, David E.; Davis, Julie Hirschfeld

The Chinese hackers who targeted the databases of the Office of Personnel Management may have obtained information useful to Beijing, such as the names of Chinese relatives of American diplomats and other government officials, investigators say. Federal employees who handle national security information must list their foreign contacts in order to receive high-level clearances, and the hackers acquired many such lists. Investigators are trying to determine how many of those names have been compromised. The hackers may have been most interested in the contacts of Energy Department officials who work on nuclear intelligence, Commerce Department or trade officials, and White House officials. Intelligence officials have said that the hackings may be a systematic effort by the Chinese government to build databases about the inner workings of the U.S. government. “It gives the Chinese the ability to exploit who is listed as a foreign contact,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. Officials have admitted that most of the compromised data had not been encrypted, although some say that it may not have mattered because the hacks were so sophisticated.

Businesses Face Spike in Ransomware Attacks, Reports McAfee Labs (06/09/15) Ashford, Warwick

Intel Security has released its McAfee Labs Report for the first quarter of 2015. The report found ransomware attacks increased by 165 percent in the first quarter compared to the fourth quarter of 2014. The increase was driven largely by the rise of the new and hard-to-detect CTB-Locker family of ransomware, a new ransomware family called Telsacrypt, and new versions of the CryptoWall, TorrentLocker, and BandarChor ranswomware families. CTB-Locker is particularly menacing because of its evasiveness, the higher quality of the phishing emails used to spread it and "affiliate" programs that share portions of the ransom with spammers in exchange for flooding cyberspace with CTB-Locker phishing emails. The first quarter also saw a more than 300-percent increase in Abode Flash malware, which the report attributes to unpatched copies of flash, new exploits and the difficulty of detecting them, and a sharp increase in the number of Flash-enabled mobile devices. Exploit kits are also continuing to shift their focus away from Java and Microsoft Silverlight to Flash. The first quarter also saw a slight decline in new PC malware, while there was a nearly 50 percent increase in new mobile malware samples. SSL-related attacks were also down, likely due to recent SSL library updates that have eliminated several vulnerabilities.

Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks
Wall Street Journal (06/11/15) Entous, Adam; Yardon, Danny

On Wednesday, Moscow-based cybersecurity firm Kaspersky Labs released a report detailing what it believes to be a new version of the Duqu virus that infected the firms' computers last year. The Duqu virus is believed to be a product of Israel's intelligence service, and while Kaspersky does not link the new virus to Israel explicitly, the connection is still hinted at. Kaspersky first identified the new virus in its systems approximately six months after they were first breached by it in 2014. After studying it extensively, Kaspersky searched the systems of its global client base to find if any of them had been infected by the new virus and found that three luxury hotels had been infected. Costin Raiu, director of global research and analysis at Kaspersky, says it was not clear at first what the three hotels had in common, but that Kaspersky eventually discovered that all three had at various times hosted the international talks on Iran's nuclear program held in 2014. According to Kaspersky, the virus contained more than 100 modules that gave it an incredible ability to gather information by subverting phone and Wi-Fi networks, alarm systems, microphones in elevators, and more. The virus also appeared to have compromised front-desk computers, which would have allowed its users to determine the rooms specific guests were staying in.

Abstracts Copyright © 2015 Information, Inc. Bethesda, MD

  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Security Management Online | ASIS Online

No comments: