Cyberwarfare in the aftermath of MH17, EC3 dismantles a payment crimes network, code-signing practices by malware writers, new SSL server certificate rules, and Chinese hackers grab Israeli missile defense documents are this week’s Top Five Infosec reads.
As the US and UK consider sanctions following the crash of Malaysia Airlines’ MA17, UK cyber security academic Mike Jackson nonetheless cautioned the US and UK that any action taken against Russia could result in cyber retaliation. The discussion of cyber warfare came up following the annexation of Crimea and what were assumed to be related cyber attacks between Russia and the Ukraine earlier in 2014. The cyberfront now offers countries a way to further disrupt the workings of other countries' governments if they are ever faced with the same deep sanctions that Russia is facing from President Obama and UK Prime Minister David Cameron. The implications are endless. Where before a country under sanction might cut off access to supplies (Russia being a huge oil supplier to Europe, for instance), they now can electronically infiltrate governments and harvest sensitive information to use as leverage. Potential threats like these are why a more security conscious culture is essential for the future. More users who are more security-minded when operating electronics of any kind can help mitigate the threat of cyber warfare. It isn't the end-all solution, but neither is giving cyber terrorists free reign.
Operation Tovar has company. Europol and DIICOT have apprehended members of an organized cybercrime group responsible for payment crimes throughout Europe. The criminals used malware to steal operating credentials for non-cash payment systems and wired money from fake senders to real recipients, who then hid their ill-gotten gains in property or other assets. Of the 115 suspects, 65 were detained. This action goes to show that coordinated efforts yield positive results.
Cybercriminals prefer to operate outside the radar, and a popular mechanism to do this is to make malware seem legitimate by digitally signing binaries. FireEye’s threat intelligence experts were examining Spy-Net campaigns (which the article goes into some detail about) when they observed that a CZ Solutions digital certificate was being used to create and sign binaries for Spy-Net and a handful of other malware. The article makes two important conclusions: the usage of signatures to validate malware is a very simple security bypass that cybercriminals won't stop using anytime soon, and that while these individuals did not show remarkable skill, they were very resourceful. As it turns out, cybercriminals can reap the rewards of teamwork, too.
The Certification Authority/Browser Forum (CA/B Forum) is changing certificate issuing guidelines for “internal name” certificates. As of November 1, organizations will no longer be able to apply for certificates that use local names; instead, IT admins must ensure that the names are associated with external (DNS) names. The measure is intended to mitigate man-in-the-middle attacks and name resolution errors. October 1, 2015 is another key deadline for IT admins: all internal names that do not conform to the November 1 guidelines will be revoked.
Threat intelligence services have revealed that a Chinese hacker group hs been exfiltrating documents on Israel’s missile defense system as far back as 2011. While it suggests that the Chinese want their own missile defense system, it also shows that contractors are just as easily compromised as anyone, and that no one has perfect security. In the article, security experts also commented that detection is critical for mitigating breaches. In order to build a better security network, it's vital that enterprises step up their game on rapidly detecting cyber threats.