Friday, May 30, 2014

Security Management Weekly - May 30, 2014

header

  Learn more! ->   sm professional  

May 30, 2014
 
 
Corporate Security
Sponsored By:
  1. "Monsanto Confirms Security Breach"
  2. "Survey: Retailers Devoting More Resources to Fighting ORC" Organized Retail Crime
  3. "Secrecy of Oil-by-Train Shipments Causes Concern Across the U.S."
  4. "Online Wireless Locks Moving Forward, But Not Locked Into the Market"
  5. "Wireless Camera Network Offers New Possibilities for Security Systems"

Homeland Security
Sponsored By:
  1. "Edward Snowden Says He Was a Spy, Not Just an Analyst"
  2. "Defense Officials Say Kidnapping of Nigerian Girls Could Aid Boko Haram Recruitment"
  3. "Pakistani Taliban Faction Condemns Violence, Breaks Away"
  4. "Elite U.S. Troops Helping Africans Combat Terror"
  5. "Nigerian Claims on Girls' Locations Spark Skepticism"

Cyber Security
  1. "China Hacking Is Deep and Diverse, Experts Say"
  2. "Wicked Hybrid of Zeus and Carberp Malware Unleashed to the Wild"
  3. "Researchers Find a Global Botnet of Infected POS Systems" Point of Sale
  4. "More Enterprises to Adopt Multi-Factor Authentication"
  5. "SNMP DDoS Attacks Spike" Simple Network Management Protocol, Distributed Denial of Service

   

 
 
 

 


Monsanto Confirms Security Breach
Wall Street Journal (05/30/14) Bunge, Jacob; Dreibus, Tony C.

Monsanto Co. has confirmed that a security breach occurred on one of its servers in late March. That breach exposed some employee data and the credit-card information of around 1,300 farmers who are customers of the company's Precision Planting division. A spokeswoman said that while one or more external parties had hacked into the server, an investigation has suggested that they were not looking to steal customer data. In a letter dated May 14, the Precision Planting division apologized to the impacted customers, and reported that an investigation had been launched. The division also offered to pay for one year of credit monitoring. Monsanto is making a big push into selling data services to farmers to add to its revenue from other ventures. The service would rely on commitments from farmers to share crop information, and some farm groups have expressed concerns about the security and management of data. Monsanto—whose websites have drawn attacks by hacker groups—is increasing "security safeguards" in response to the breach and has hired a forensics firm to investigate the issue, the spokeswoman said. The company has also contacted legal authorities.


Survey: Retailers Devoting More Resources to Fighting ORC
Security InfoWatch (05/27/14)

The National Retail Federation (NRF)'s recent Organized Retail Crime Survey shows that retailers are dedicating more resources to combating organized retail crime (ORC). The survey found that nearly 75 percent of senior level executives are providing additional resources and support to help combat ORC, including additional budget resources, staff resources, and technology resources, in addition to building ORC investigation teams. The survey also found that eight in 10 of the senior loss prevention executives surveyed reported that their organizations had been victims of ORC during the last year, despite efforts by law enforcement and retailers throughout the country to crack down on the crime. Nearly half of these executives also reported that their organization's online operations had been impacted by ORC. According to the report, the top five cities for ORC activity include Chicago, Los Angeles, and New York. NRF also reported that, as of May, 25 states have enacted legislation that strengthen penalties for those who are involved in ORC. The survey found that those laws have helped reduce ORC, though NRF continues to believe that federal legislation is still needed to further bring down ORC rates.


Secrecy of Oil-by-Train Shipments Causes Concern Across the U.S.
Wall Street Journal (05/23/14) Gold, Russell; Morris, Betsy

Secrecy still cloaks the rapidly expanding business of shipping crude by rail, leaving local officials from Portland, Ore., to Toronto struggling to obtain details about oil shipments. Driven by long-standing railroad-industry fears about stirring local protests or terrorist attacks, there is no central repository for information on oil trains or other hazardous materials. Nor are there easy-to-find maps of train routes from the oil fields of North Dakota and Texas to refineries on the Gulf of Mexico and the East and West coasts. An emergency order from the U.S. Transportation Department in June will start requiring railroads to alert states about oil trains originating in North Dakota. But the rules, which follow accidents involving oil from North Dakota's Bakken Shale in such unlikely locations as Lynchburg, Va., and Aliceville, Ala., already are coming under criticism. Some critics say the new rules are inadequate, while others worry that any disclosures will increase the likelihood of sabotage. The dearth of information partly reflects the surging popularity of oil trains, in which roughly 100 crude-laden tankers are strung together. In 2008, it would take four days for railroads to move 100 tank cars of oil. Today, oil trains of that size depart every two hours, according to industry and government statistics. The Energy Department estimates that 1 million barrels of oil a day ride the rails across the U.S., more crude than Libya, Ecuador, or Qatar exports daily. Federal safety regulations were tightened in 2009 to require railroads to conduct detailed yearly analysis to determine the safest routes for the most hazardous shipments, including radioactive materials, explosives and deadly chlorine and anhydrous ammonia. But oil isn't included. The rules, developed with the Department of Homeland Security, require that the railroads keep secret all their routing decisions and analysis and share them only with "appropriate persons."


Online Wireless Locks Moving Forward, But Not Locked Into the Market
Security Director News (05/23/14) Chutchian, Kenneth Z.

Online wireless door locks are becoming increasingly popular at a variety of locations, including hospitals, higher education campuses, and large companies. However, end users have expressed reservations regarding the reliability of such locks, as well as concerns about them being hacked. Online wireless locks can provide cost savings, as they eliminate the need for keys to be replaced and because they communicate with access control points and security command centers. The locks can also be reprogrammed remotely instead of requiring direct physical attention from security personnel. With the proper protocols and scaffolding, say manufacturers, wireless lock systems can be cost-efficient and secure, particularly when they are implemented on the perimeters of large buildings. Such systems will be particularly useful at college campuses, as most institutions already have the software infrastructure in place to support the online wireless systems, one expert says. Brad Aiken, the leader of the electronic locks division at Allegion U.S., commented that as the technology matures, the cost of production and maintenance will become more reasonable, and end users will become more confident in the products.


Wireless Camera Network Offers New Possibilities for Security Systems
Homeland Security News Wire (05/21/14)

University of California, Santa Cruz (UCSC) graduate student Kevin Abas has built a prototype device for a wireless network of smart cameras capable of processing the images they record. The cameras that make up the "Solar Wi-Fi Energy Efficient Tracking camera (SWEETcam) system" use computer vision software to analyze the images and are turned on when their motion sensors are tripped. "If it gets activated by something that is not of interest, the computer vision software can identify that and put the system back into sleep mode so it’s not recording things like vegetation moving in the wind, or raccoons and deer,” says Abas, who worked with several others on the project. Abas notes that the image analysis capabilities could be used to tag suspicious behavior recorded by the cameras. That said, SWEETcam's imaging analysis capabilities remain fairly limited. One person who worked on the system says that the team focused primarily on ensuring that the cameras can differentiate between people and animals in order to minimize false alarms triggered by the motion sensor.




Edward Snowden Says He Was a Spy, Not Just an Analyst
New York Times (05/29/14) Joachim, David S.; Shane, Scott

Edward Snowden said in an interview Wednesday that he was not the "low-level analyst" that the Obama administration has portrayed him as being, as was actually a spy who had worked undercover for the CIA and the National Security Agency (NSA). Snowden elaborated on his work as a spy, saying that he had been trained to use his technical expertise to "put systems to work for the United States" at "all levels - from the bottom on the ground all the way to the top." Snowden's resume, as well as comments he has made in interviews, indicate that he worked in cyber counterintelligence to find evidence that malicious hackers and foreign spies had broken into classified government computer systems. The Obama administration has said Snowden was responsible for writing computer code used by American spies as part of his role as an analyst. When Snowden was asked to explain the discrepancy between his view of his work experience and the administration's claims, he said that the government was deliberately de-emphasizing his work as a spy and using a description of one position that he has held "to distract from the totality" of his experience. The NSA has not commented on Snowden's remarks.


Defense Officials Say Kidnapping of Nigerian Girls Could Aid Boko Haram Recruitment
Fox News (05/29/14) Herridge, Catherine

Defense officials say that Boko Haram could benefit from its kidnapping of more than 200 Nigerian girls because the incident has raised its international profile and could help it recruit new members and expand its fundraising efforts. The officials believe the kidnapping situation could be essentially a "win-win" for Boko Haram, no matter what happens now, because the group could say that it was able to carry out the kidnapping, that it will take similar actions in the future, and that the Nigerian government is helpless to prevent it from doing so. Meanwhile, a new analysis from the Combating Terrorism Center that is scheduled to be published Thursday suggests that growing international pressure on the group could cause it to "prepare for retaliatory attacks on Western targets in southern Nigeria or abroad."


Pakistani Taliban Faction Condemns Violence, Breaks Away
Wall Street Journal (05/29/14) Shah, Saeed

A major faction of the Pakistani Taliban on May 28 broke away and condemned violence, weakening the militant group allied with al Qaeda that seeks to overthrow the Pakistani state. The split in the Pakistani Taliban, known formally as Tehreek-e-Taliban Pakistan (TTP), comes after months of attempted peace negotiations between the government of Prime Minister Nawaz Sharif and the militant organization. It also followed weeks of bloody infighting within the TTP. The move could push Pakistan closer to an army operation against the remainder of the TTP, an offensive that Washington has long wanted. The breakaway faction is led by a warlord named Sajna who is also known as Khan Said or Khalid Mehsud, announced a "complete separation from the current organization that has lost its way." Sajna represents most of the militants from the fierce Mehsud tribe, who made up much of the TTP. His faction, now calling itself Tehreek-e-Taliban Pakistan Mehsud group, accused the rest of the TTP of criminality. The breakaway group, if it goes on to agree to a peace deal with the government, could now join the ranks of the so-called good Taliban—jihadist groups that don't fight within Pakistan such as an outfit led by Gul Bahadur, which is active in Afghanistan.


Elite U.S. Troops Helping Africans Combat Terror
New York Times (05/27/14) Schmitt, Eric

The Obama administration is reportedly planning to implement a new plan for combating terrorism in Africa that involves creating counterterrorism units in Libya, Mali, Niger, and Mauritania. The plan, which will be carried out with the help of U.S. Special Operations troops, involves spending millions of dollars equipping the units and providing them with training so they can fight al-Qaida affiliates. The effort to create the units in Niger and Mauritania is just beginning, one senior Pentagon official says, while the creation of the team in Mali has yet to begin. The effort to create a counterterrorism unit in Libya, meanwhile, has been suspended temporarily after a Libyan militia attacked a base where U.S. troops were providing training and stole American military equipment last summer. The American trainers were sent back to the U.S. following that incident, which is believed to have been an inside job carried out with the help of a Libyan officer or soldier. Both U.S. and Libyan officials are looking for a more secure site to carry out the training. Experts say there are a number of obstacles to the success of the effort, including the fact that the U.S. will need to ensure that the leaders of the countries where the units are being created will use the troops to combat terrorism and not use them to maintain their grip on power. In addition, one expert says that the U.S. will need to commit to ensuring that the new units remain adequately equipped to combat terrorists.


Nigerian Claims on Girls' Locations Spark Skepticism
Wall Street Journal (05/27/14) Hinshaw, Drew

Both U.S. officials and Nigerian citizens have expressed skepticism about the Nigerian military's claims to have located the 223 missing girls believed to have been kidnapped by Boko Haram. The military says that the girls are being held in northern Nigeria, based on reports from herdsman, hunters, farmers, and anti-insurgent vigilantes. However, one Nigerian official called the military's claims "face-saving" and said that Boko Haram will respond by simply moving the girls. The military's track record in its fight against Boko Haram is also leading many to question the veracity of its statements, as past pronouncements of victory against the Islamist militants have been found to be false. Even in this case, the military sent out a statement in April claiming the girls were almost freed. If the girls have indeed been located, the next question becomes whether Nigeria will allow foreign assistance in their rescue. There is concern that Nigeria could become a bigger destination for jihadists if Western troops step in to help find the girls.




China Hacking Is Deep and Diverse, Experts Say
Wall Street Journal (05/30/14) Yadron, Danny; Areddy, James; Mozur, Paul

China's Internet espionage extends into a far-reaching hacking-industrial complex that shields the Chinese government but also sometimes backfires on Beijing, according to U.S. government officials. The fractured nature of China's hacking activities highlights the challenge the U.S. faces in addressing what the government refers to as economic espionage. It offers "a political gain to being able to say 'we can't control all attacks," said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. "But I think there is a cost when hackers go after targets that are too sensitive or get involved in a crisis and the government can't control the signaling."


Wicked Hybrid of Zeus and Carberp Malware Unleashed to the Wild
CSO Online (05/27/14) Ragan, Steve

Trusteer researchers say they have discovered a new Trojan that merges elements of the Zeus and Carberp malware families. The new hybrid is based on the ZeusVM variant identified earlier this year. Trusteer researchers Martin G. Korman and Tal Darsan say the hybrid, dubbed Zberp, was first observed being downloaded by samples of the Andromeda botnet. Zberp mimics ZeusVM's use of steganography to hide its configuration data in images, and Trusteer says Zberp is using this ability to transmit updates using an Apple logo. Other features from Zeus and Carberp that are used by Zberp include many information gathering and exfiltration techniques, the ability to hijack browsing sessions and insert malicious code, and the ability to initiate remote desktop connections using VNC or RDP. The hybrid also uses an "invisible persistence" feature found in ZeusVM that enables the Trojan to hide itself by deleting its persistence key from the registry during startup and rewriting it during shutdown. Trusteer says Zberp is being used to target about 450 financial institutions in the U.S., Britain, and Australia.


Researchers Find a Global Botnet of Infected POS Systems
IDG News Service (05/23/14) Constantin, Lucian

Nearly 1,500 point-of-sale terminals, accounting systems, and other retail back-office platforms from businesses in 36 countries have been infected with malware, according to researchers from IntelCrawler. The compromised systems were joined together in a botnet that IntelCrawler has dubbed Nemanja. The systems were running a wide variety of POS, grocery store management, and accounting software that is popular in different countries. The researchers identified at least 25 different software programs used on those systems. The Nemanja POS malware had the ability to collect credit card data and had keylogging functionality to intercept credentials that could provide access to other systems and databases that contained payment or personally identifiable information. Cybercriminals appear to be focusing more on retailers and small businesses that use POS terminals. "We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers' back-office systems and cash registers," say InterCrawler researchers.


More Enterprises to Adopt Multi-Factor Authentication
Help Net Security (05/22/14)

The preferences organizations have for certain cybersecurity measures are shifting, according to a new SafeNet survey. For example, 37 percent of organizations say they now use multi-factor authentication (MFA) for the majority of their employees, up from 30 percent who did so last year. Fifty-six percent of organizations said they expect the majority of their users to utilize multi-factor authentication by 2016. Among the platforms organizations are increasingly using MFA for are mobile devices. A third of organizations are expected to use MFA for mobile users by 2016, up from 22 percent now. SafeNet's Jason Hart calls on more IT decision-makers to follow the lead of organizations that are already using MFA, saying the technology can help protect corporate resources without harming the productivity and performance of staff members. Another security technology enjoying rising popularity is cloud authentication. A third of surveyed organizations said they preferred such authentication systems, up from 21 percent last year. Another 33 percent said they are now open to using the cloud for authentication. The increased use of cloud-based authentication is due in part to the growing desire among employees to use their own mobile devices to access their employer's network.


SNMP DDoS Attacks Spike
Dark Reading (05/22/14) Higgins, Kelly Jackson

Akamai's Prolexic Security Engineering and Response Team (PLXsert) has issued a security advisory stating it has observed a sharp spike in the number of distributed reflection and amplification denial-of-service (DrDoS) attacks exploiting the Simple Network Management Protocol (SNMP) interface used to store and transmit the information of embedded devices such as routers, switches, firewalls, and printers. PLXsert says it observed 14 SNMP-based DrDoS attacks in the past month, with targets in the consumer product, gaming, hosting, nonprofit, and software-as-a-service industries. The new attacks target devices running SNMP version 2, an older version of the protocol that was open to the Internet by default, and a tool developed by hacker group Team Poison. The tool enables attackers to automate attacks that use a target's spoofed IP address to request all the data stored on devices running SNMP version 2, resulting in a wave of responses that overwhelm the target. PLXsert director David Fernandez says the attacks are popular because they enable attackers to carry out massive attacks without a botnet. Akamai's Stuart Scholly says the increase in such attacks is driven by the availability of new automated attack tools such as the one developed by Team Poison.


Abstracts Copyright © 2014 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment