Previous month:
June 2014
Next month:
August 2014

July 2014

Top Five #InfoSec Reads: July 21-28

by Matt Piscitello

Cyberwarfare in the aftermath of MH17, EC3 dismantles a payment crimes network, code-signing practices by malware writers, new SSL server certificate rules, and Chinese hackers grab Israeli missile defense documents are this week’s Top Five Infosec reads.

Could MH17 sanctions push Russia to cyber warfare?

As the US and UK consider sanctions following the crash of Malaysia Airlines’ MA17, UK cyber security academic Mike Jackson nonetheless cautioned the US and UK that any action taken against Russia could result in cyber retaliation. The discussion of cyber warfare came up following the annexation of Crimea and what were assumed to be related cyber attacks between Russia and the Ukraine earlier in 2014. The cyberfront now offers countries a way to further disrupt the workings of other countries' governments if they are ever faced with the same deep sanctions that Russia is facing from President Obama and UK Prime Minister David Cameron. The implications are endless. Where before a country under sanction might cut off access to supplies (Russia being a huge oil supplier to Europe, for instance), they now can electronically infiltrate governments and harvest sensitive information to use as leverage. Potential threats like these are why a more security conscious culture is essential for the future. More users who are more security-minded when operating electronics of any kind can help mitigate the threat of cyber warfare. It isn't the end-all solution, but neither is giving cyber terrorists free reign.

Romanian Cybercriminal Ring Dismantled by European Law Enforcement

Operation Tovar has company.  Europol and DIICOT have apprehended members of an organized cybercrime group responsible for payment crimes throughout Europe. The criminals used malware to steal operating credentials for non-cash payment systems and wired money from fake senders to real recipients, who then hid their ill-gotten gains in property or other assets. Of the 115 suspects, 65 were detained. This action goes to show that coordinated efforts yield positive results.

The Little Signature That Could: The Curious Case of CZ Solution

Cybercriminals prefer to operate outside the radar, and a popular mechanism to do this is to make malware seem legitimate by digitally signing binaries. FireEye’s threat intelligence experts were examining Spy-Net campaigns (which the article goes into some detail about) when they observed that a CZ Solutions digital certificate was being used to create and sign binaries for Spy-Net and a handful of other malware. The article makes two important conclusions: the usage of signatures to validate malware is a very simple security bypass that cybercriminals won't stop using anytime soon, and that while these individuals did not show remarkable skill, they were very resourceful. As it turns out, cybercriminals can reap the rewards of teamwork, too.

New SSL server rules go into effect Nov. 1

The Certification Authority/Browser Forum (CA/B Forum) is changing certificate issuing guidelines for “internal name” certificates. As of November 1, organizations will no longer be able to apply for certificates that use local names; instead, IT admins must ensure that the names are associated with external (DNS) names. The measure is intended to mitigate man-in-the-middle attacks and name resolution errors. October 1, 2015 is another key deadline for IT admins: all internal names that do not conform to the November 1 guidelines will be revoked.

Chinese hackers steal confidential documents on Israeli missile defense system

Threat intelligence services have revealed that a Chinese hacker group hs been exfiltrating documents on Israel’s missile defense system as far back as 2011. While it suggests that the Chinese want their own missile defense system, it also shows that contractors are just as easily compromised as anyone, and that no one has perfect security. In the article, security experts also commented that detection is critical for mitigating breaches. In order to build a better security network, it's vital that enterprises step up their game on rapidly detecting cyber threats.

Top 5 #InfoSec Reads: July 14-21

by Matt Piscitello

User security awareness, incident response lessons following Heartbleed, stolen government malware, Snowden on encryption and Android app permissions are among this week’s top #infosec reads.

CISO's still grappling with security awareness training

The weakest link in security isn't always technology but often the habits of the people who use it – which is why survey results on the security awareness  training practices of some of the UK's major companies worry David Prince. On the other hand, this article reveals that CSO's are picking up on the value of "security culture," which at least promises modest improvement.

Successful Heartbleed response still raises important questions

An important take away from the Heartbleed disclosure is how conflicting intel and hype affected the response. Heartbleed was quickly raised to the executive level. This is rare among security incidents and historically only serious incidents, (for example, where an exploit goes undetected or a vulnerability remains unresolved for months at a time, and the discovery of a breach or loss is a calamity event). In contrast, information about Heartbleed– and not all of it completely accurate - was abundant and viral. Everyone was talking about it and the “hysteria” caused IT groups everywhere to invest a great deal of the response efforts towards setting execs minds at ease. If we could get the same kind of reaction, sans hysteria, with the same rapid response for every security threat, incident response would improve dramatically.

Criminals get hold of 'Russian state malware'

The next Bond film in the making. I can even picture M briefing 007 about how the KGB need to get their act together the next time they think of dabbling in cyberspying. It does raise the question of how much malware out there was first developed for espionage. It sounds like conjecture, but it's important to know. Cyber criminals often prefer to work smarter than harder, so it's not a stretch to imagine that out of all the known (and unknown) malware threats in cyberspace, our governments share the burden of responsibility for their existence.

Snowden calls on business to encrypt data, shun Dropbox

 "Knowledge among individual practitioners is still lacking," seems to be this week's theme. While Snowden's celebrity status has taken the spotlight over his security expertise (and he may be plugging Spideroak shamelessly), he has the right of it. Dropbox is under a great deal of scrutiny, and experts agree that encryption is good practice for anyone looking to keep their information safe.

Android apps too free and easy with access permissions

App permissions are fine-tuning ads, but is that all they're doing? Android apps aren't restricted from accessing user data. Seven out of every ten apps can send text messages, and three out of ten can read users' messages too. That's a huge red flag for any organization as endpoint devices are at serious risk with the Android app market being as laid back as it is.