| |
Preparing Utilities to Respond to Cyber Attacks
CIO Journal (12/11/13)
Sixty-five utilities and eight regional transmission organizations recently participated in GridEx II, a simulation organized by the North American Electric Reliability Corporation (NERC) and designed to exercise the power industry's crisis response plans for cyber and physical attacks on the electrical grid. GridEx II helps identify improvements utilities can make to their crisis response plans and security programs. In a 2013 report from the U.S. House of Representatives' Energy & Commerce Committee, more than a dozen utilities acknowledged daily, constant, or frequent attempted cyber attacks. Utilities have limited experience responding to a coordinated cyber attack, but they do have decades of experience preparing for storms and other natural disasters, and that experience can inform their responses to cyber crises, according to Sharon Chand, a director with the Security & Privacy practice of Deloitte & Touche LLP. "Cyber incidents have wide-ranging ramifications on many aspects of the electricity business, from power generation to customer service, and each of those stakeholder organizations should be involved in the response," says Chand. Bringing the rigor and discipline of storm response to cyber security preparedness will likely require utilities to implement a series of small but significant cultural and organizational changes designed to make cyber security a part of their day-to-day operations. For example, says Chand, when utilities begin meetings, they can review current cyber threat profiles, in addition to safety minutes and current operating conditions. "Utilities have drilled their safety program and storm response into virtually every function and every employee's job," says Chand. "Now they should consider doing the same for cyber security."
Police: Kenya Attack Prompted NY Terror Drill
Associated Press (12/10/13)
New York Police Department officials said Tuesday that a team of heavily armed officers conducted a late-night drill at Kings Plaza shopping mall in Brooklyn in November in an effort to prepare for an attack similar to the one against Kenya's Westgate shopping mall. The drill was intended to test officers' ability to stop an attack by gunmen in a public place filled with bystanders, in the hopes that the NYPD would be able to handle such an event without the chaos that characterized the mall massacre in Kenya. An analysis of that attack by the NYPD's counterterrorism unit found that Kenyan authorities' response to the situation was marked by delays and poor coordination, with the police officers who initially responded to the incident lacking even the most basic equipment. The unit's report said that security video and other evidence from the mall showed that the gunmen's mission "was to conduct a high-profile attack by inflicting as many casualties as possible in a short period of time and then possibly escape during the ensuing confusion."
Associations Press House to Change Cyber Supply Chain Law
Federal News Radio (12/10/13) Miller, Jason
U.S. trade groups, including BSA, are asking that Congress revise a law that bars agencies under the Commerce, Justice, Science appropriations bill from purchasing technology or services from companies owned, directed, or subsidized by China. In a letter to House Appropriations Committee leaders, the groups are asking lawmakers to adopt the language in the Senate's version of the fiscal 2014 Commerce, Justice, Science spending bill, which would allow agencies to make risk-based decisions about from whom they buy technology. The trade groups said the Senate's version represents collaboration among lawmakers, industry experts, and security professionals. "Agencies cannot prioritize security resources on riskier IT systems, which spreads these resources thinly at the expense of important mission-critical systems," the letter said. "Instead, the law focuses limited federal cybersecurity resources on a country-of-origin determination, rather than actionable cyber risks and threats, and the actual security profile of the IT product."
Financial Regulators Warn of Cyber-Threat
The Hill (12/10/13) Goad, Ben
Department of the Treasury officials on Monday at a cybersecurity briefing during a public hearing of the Financial Stability Oversight Council stressed the need for cybersecurity legislation. "Our experience over the last couple of years shows that cyberthreats to financial institutions and markets are growing in both frequency and sophistication," says Assistant Treasury Secretary Cyrus Amir-Mokri. The cybersecurity executive order that President Barack Obama issued in February does not eliminate the need for cybersecurity legislation, Amir-Mokri says, adding the administration is relying on the financial industry and U.S. intelligence to identify and prevent threats instead of taking congressional action. The financial industry has held three cybersecurity summits and created a 60-point plan that includes improved information-sharing, analytics, crisis management, and executive communications, says BB&T CEO Kelly King. In addition, the industry is working on more secure Internet domain names as well as a secure cloud that would guard against attacks targeting private debt and credit card information.
Some Major Retailers to List Shoppers' Rights
Associated Press (12/09/13)
A meeting on Monday between civil rights leaders and representatives from a coalition of major retailers that includes Barneys, Bergdorf Goodman, Lord & Taylor, Macy's, Saks Fifth Avenue, and The Gap produced an agreement from the retailers to create a customer bill of rights that will ban racial profiling and unreasonable searches. This customer bill of rights, drafted by the Retail Council of New York State trade group, also supports internal tests to ensure compliance and states that any workers who violate their employers' prohibition on profiling will be disciplined and could be fired. Over the course of this week, the bill of rights will be posted in stores and on retailers' Web sites. The agreement comes in response to allegations by a number of African-Americans that they were racially profiled at Macy's and Barneys New York. The retailers have denied the allegations. Meanwhile, the coalition's retailers have begun to re-evaluate their security tactics and have asked to meet with incoming New York Police Commissioner William Bratton to discuss boundaries related to the New York Police Department's involvement in retail security.
Obama Panel Said to Urge N.S.A. Curbs
New York Times (12/13/13) Sanger, David E.
Federal officials speaking on condition of anonymity have provided a preview of the contents of a report on how the Obama administration could potentially reform the National Security Agency's surveillance programs. Officials say the report, which is expected to be given to the White House this weekend and could still be changed between now and then, will recommend the continuation of the NSA's phone meta-data collection program, albeit with new restrictions. For example, the report is likely to call for the creation of an organization of legal advocates who would oppose lawyers for NSA and other government agencies during hearings held by the Foreign Intelligence Surveillance Court (FISC), which oversees the collection of telephone and Internet meta-data and the surveillance of terrorism suspects. The report is also likely to call for a review of intelligence collection activities that will be performed by White House officials on a regular basis. The issue of U.S. surveillance on foreign leaders is also addressed, with the report calling on the president and other senior White House officials to directly review the list of leaders whose communications are monitored by the NSA. Obama administration officials say the White House has already begun supervising that program. The recommendations could face resistance from the nation's intelligence agencies, the leaders of which have already spoken out against some proposed reforms.
NSA Uses Google Cookies to Pinpoint Targets for Hacking
Washington Post (12/11/13) Soltani, Ashkan; Peterson, Andrea; Gellman, Barton
New documents released by former National Security Agency (NSA) contractor Edward Snowden indicate that the agency is using Internet cookies in its efforts to hack the computers of suspicious individuals. NSA's Special Source Operations (SSO) division reportedly focuses primarily on Google's proprietary "PREF" cookie. Google uses PREF cookies to uniquely track users who utilize Google services or visit sites that contain Google Plus "widgets" in order to show them personalized ads. PREF cookies make this possible because they contain numerical codes that allow Web sites to identify a person's browser. SSO shares this information with the NSA's offensive hacking division, Tailored Access Operations, which uses the numerical identifiers to filter out the Internet communications of individuals who are already under suspicion so that it can send them malicious software that gives the agency access to their computers. The information gleaned from PREF cookies--which do not contain personal information such as names and e-mail addresses--is also reportedly shared with the U.K.'s Government Communications Headquarters (GCHQ). The documents do not address the nature of the cyberattacks carried out by the NSA with the help of PREF cookies. It is unclear how NSA is obtaining PREF cookies, nor is it clear whether Google is providing these cookies to the agency.
Spies Infiltrate a Fantasy Realm of Online Games
New York Times (12/10/13) Mazzetti, Mark; Elliott, Justin
Newly disclosed classified documents indicate that concerns about criminal or terrorist networks using online games to communicate in secret, plan attacks, or move funds prompted American and British intelligence operatives to infiltrate games like World of Warcraft and Second Life to conduct surveillance and gather data. The documents, disclosed by former National Security Agency contractor Edward Snowden, note that intelligence agencies believed that militants might be using these games to take advantage of features such as fake identities, text and voice chats. The documents do not cite any counterterrorism successes from the effort. It is not clear exactly how the agencies got access to gamers' data or communications. The companies running the games monitor in-game transactions to prevent illicit financial dealings and store chat dialogues on servers for later searching as part of their reserved right to police player communications. However, the maker of World of Warcraft said it had not granted permission for either the NSA or Britain's Government Communications Headquarters to gather intelligence in the game.
Chinese Hackers Spied on Europeans Before G20 Meeting - Researcher
Reuters (12/10/13) Finkle, Jim
A new report from the cybersecurity company FireEye has found that Chinese hackers were able to infiltrate the networks of five unidentified European foreign ministries leading up to the September 2013 G20 Summit. According to FireEye, the cyberattack used e-mails sent to ministry staff containing malicious files with titles such as "US_military_options_in_Syria." The primary topic of the G20 Summit was the potential for U.S. military action against Syria. FireEye says its conclusions were based on its monitoring of the computer servers used by the hackers during a week-long period in August. Researchers eventually lost access after the hackers began using another server prior to the G20 Summit. At that time, the researchers said the hackers were preparing to begin data theft using the malware they had sent. The report determined the hackers were from China based on technical evidence, the devices used to test the malware, and the language used on the server. There is no proof, however, that the hackers had links to the Chinese government. FireEye says that it reported the attacks to the FBI, which declined to comment.
Major Tech Companies Unite to Call for New Limits on Surveillance
Washington Post (12/09/13) Timberg, Craig
In an open letter to several U.S. leaders that was published on Monday, eight of the nation's largest technology companies--including Microsoft, Apple, and Facebook--asked President Obama and Congress to impose strict new curbs on government surveillance programs. For instance, the letter calls for ending bulk collection of user information, implementing strong judicial oversight of the programs, and creating an adversarial process for surveillance requests, even for those handled by the Foreign Intelligence Surveillance Court. If these rules are enacted, they would dramatically change intelligence operations that U.S. officials say play an important role in counterterrorism efforts. The proposals are similar to the provisions contained in the USA Freedom Act, one of several bills drafted in response to the controversy over the Snowden revelations. Meanwhile, several nations have been pushing for the introduction of new laws that would limit international data flows, though industry officials have argued that these limits would hamper the functionality of the Internet. Several major U.S. technology companies have also launched initiatives that would encrypt data and have pushed for increased transparency in surveillance requests.
Zeus Malware Gets 64-Bit Makeover
CSO Online (12/11/13) Gonsalves, Antone
Kaspersky Lab reports that it has discovered a 64-bit version of the popular banking Trojan Zeus, signaling a shift in the malware industry towards developing for 64-bit platforms. Kaspersky says found the 64-bit version of Zeus in a 32-bit sample of the malware that has been circulating since at least June. Kaspersky's Kurt Baumgartner says the 64-bit version of Zeus shows that there is now a "certain and real 64-bit problem." Such an eventuality had been expected, but not quite this early. Zeus works primarily through Internet browsers and the market share of 64-bit browsers remains very low. Kaspersky researcher Dmitry Tarakanov speculates that the 64-bit version of Zeus was being used as a marketing gimmick, saying "support for 64-bit browsers [is] a great way to advertise the product and to lure buyers—the botnet herders." The 64-bit version of Zeus also uses the Tor anonymity network to communicate with its command-and-control servers. Previous versions of Zeus had featured the option to use Tor, but the 64-bit version exclusively uses the anonymity network for communications. The new version of Zeus works by first injecting malicious code with the 32-bit version and then switching to its 64-bit version if it detects that the browser in question is 64-bit.
Cyberthreats for 2014: Not Just the Usual Suspects
Government Computer News (12/11/13) Jackson, William
A potential cybersecurity threat on the horizon stems from the bring your own cloud trend, which Ovum says in a new report is a convergence between the bring your own device phenomenon and the growing use of consumer-grade cloud computing services. Ovum expects end users with mobile devices to increasingly store and access their employer's data in the cloud, thereby moving that data outside of the employer's immediate control. As a result, government agencies and other employers will have to increasingly take steps to secure and manage mobile devices on their networks, regardless of whether those devices are employee- or employer-owned, says Dell Software's Paul Christman. Another trend Ovum foresees in 2014 is the growing use of wearable computers such as Google Glass and the Samsung Galaxy Gear smart watch. RSA general manager Manoj Nair agrees, saying wearable computers will be mainstream in government offices and at other employers next year. Prescient Solutions CIO Jerry Irvine says employers cannot rely on automation to address the security risks posed by wearable computers, and must instead implement policies that mitigate these risks.
Ransomware Creation Kit 'Sought by Cyber-Thieves'
BBC News (12/10/13) Ward, Mark
Sophos is warning that cyberthieves are soliciting malware makers to create a software kit enabling unskilled attackers to create their ransomware, emulating the successful malware and exploit kits that have driven a boom in the number of overall cyberattacks. Sophos' James Lyne says documents seeking such kits have been seen circulating in underground forums and appear to be driven by the success of the Cryptolocker ransomware. Ransomware uses a variety of tactics, such as encrypting or otherwise denying users access to their data, in order to extort payments. In the case of Cryptolocker, a user's data is encrypted and the user is told that they will be given the encryption key once they pay a ransom, usually worth several hundred dollars, in Bitcoins. Those who do pay the ransom do not have their data unlocked. Cryptolocker has been very successful, with studies of efforts to shut down the malware's command and control servers revealing that about 150 systems are managing approximately 12,000 attacks a week. "Cryptolocker is very much a deviation from the norm and I actually think it is a sign of things to come," Lyne says.
NSTIC Framework Offers Potential to Reduce Business Risk
Wall Street Journal (12/10/13)
The National Strategy for Trusted Identities in Cyberspace (NSTIC), a strategy being implemented by the private sector in partnership with the National Institute of Standards and Technology (NIST), calls for the development of a framework that would encourage the creation of secure, seamless and privacy-enhancing online authentication technologies. NIST and its partners hope that the creation of such technologies will result in an increase in e-business. According to Carey Miller, a director with Deloitte & Touche's Security & Privacy practice, which is working with the NSTIC National Program Office to support the implementation of the strategy, "Consumers can expect the businesses that choose to participate in NSTIC's identity ecosystem to protect their personal information in a way that aligns with NSTIC's guiding principles of security, privacy, interoperability and ease of use." Miller says that executives need to monitor NSTIC's progress because its proposed framework could help reduce businesses' risk of suffering data security breaches, and could potentially increase revenue while decreasing costs by allowing them to capture and automate transactions that previously would have been abandoned or would have had to be processed manually.
Data-Stealing Malware Pretends to Be Microsoft IIS Server Module
IDG News Service (12/09/13) Kirk, Jeremy
Researchers at Trustwave's SpiderLabs discovered malware that gathers data entered into Web-based forms while appearing to be a module for Microsoft's Internet Information Services (IIS) Web-hosting software. Dubbed ISN, the malware has not been widely seen, but its characteristics are intriguing, says Trustwave's Josh Grunzweig. ISN is a malicious dynamic link library (DLL) that is installed as a module for IIS, Grunzweig notes. "This module is of particular concern as it is currently undetectable by almost all anti-virus products," Grunzweig says. If ISN's installer is detected, it is usually through "general heuristic detection," according to Grunzweig, noting that security software is examining aspects of it that are suspicious and flagging it if it is sending data to another server. "I'm...notifying antivirus vendors so that specific detections for this malware may be written," Grunzweig says. To date, the malware has been "seen targeting credit card data on e-commerce sites, however, it could also be used to steal logins, or any other sensitive information sent to a compromised IIS instance," Grunzweig warns.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment