Cyber Threats Contiue to Increase Against US National and Economic Security Targets

U.S. national intelligence director James Clapper warned the Senate Armed Services Committee that cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact.". Cold War-era spying continues. Every nation does it -- including the United States -- and professional government hacker spies play a lead role. But nations haven't yet figured out what kind of hacking goes too far. Secretly gaining control of a nuclear power plant's computers? Stealing highly private personnel records? "We're sort of in the Wild West here with cyber, where there are no limits," Clapper said. These questions are particularly pressing, given that some U.S. officials think it was China that recently stole copies of 21.5 million U.S. government personnel records. In the past, Clapper has said China is the number one suspect in that hack.
U.S. investigators aren't sure, because of "differing degrees of confidence" in the evidence. China has also been accused of using its military hackers to steal American company secrets to give Chinese corporations a competitive edge. When Chinese President Xi Jinping's visited the White House last week, he and President Obama publicly agreed that neither country would engage in cyber economic espionage. On Tuesday, Clapper said "hope springs eternal," but quickly added that he is "somewhat of a skeptic." During the hearing, Clapper also described the worst kind of hack America faces: "A massive armageddon-like-scale attack against our infrastructure," like shutting down the entire American electricity grid. When cyber experts talk about data manipulation, they worry about what happens if American's bank balances suddenly display fake numbers. No one would trust banks. Think of it as a "Fight Club" style attack that creates utter chaos by eroding the nation's confidence in the systems we use in our everyday lives. Fake data could alter stock market trades or even government weather instrument readings. "What we could expect next is data manipulation, which then calls into question the integrity of the data, which in many ways is more insidious than the attacks we've suffered thus far," Clapper warned. Share your comments with the Cloud and Cyber Security Center.

TrendMicro's View on Ransomware and the Threat it Poses to Businesses Worldwide

Ransomware has graduated from being scareware that locks the screens of its victims to a sophisticated malware that locks down the most essential component of a victim’s system—its data. This made ransomware one of the most notorious malware types to prey on unsuspecting users. On May 2015, they detailed how ransomware has evolved into the kind of data kidnapper that it is today, from initial sightings in Russia that hijacks user files to more advanced crypto-ransomware variants that encrypted its victims files in 2013. By the third quarter of 2014, crypto-ransomware accounted for more than a third of all ransomware types found in infected systems, and it shows no signs of slowing down.

In fact, data gathered over the last quarter of 2014 shows that crypto-ransomware variants have increased from 19% to more than 30% in the last 12 months. In the first quarter of 2015, we reported on how ransomware has spread to enterprises and niche users after seeing a rise in CryptoWall-related URLS in the second quarter of the year. As indicated in our collected data, almost 70% of incidents reported hit mostly small and medium-sized businesses, followed by enterprise and the consumer segments. So how big of a threat is ransomware to business and governments around the globe? Share your comments with the Cloud and Cyber Security Center.

Cyber Security for Critical Infrastructure Conference - Preview (September 29-30)

The Cyber Security for Critical Infrastructure Conference will take place September 29-30 in Toronto, Canada. Global cyber-attacks on critical infrastructure continue to increase in frequency and severity and Canada is by no means exempt. The country's ten pillars of critical infrastructure have to protect themselves from hacktivism, state sponsored attacks, cyber terrorism, industrial espionage and other damaging emerging threats. Antiquated strategies, such as anti-viruses and firewalls are no longer a match for the hackers of today.

Sophisticated hackers can now readily infiltrate crucial control systems, potentially crippling an organization and the country's economy, bringing society to a grinding halt. The Canadian Institute's Cyber Security for Critical Infrastructure conference, designed in tandem with a host of leading international experts, promises to deliver up-to-the-minute information and critical strategies your organization needs to make sound security planning decisions.Fire Eye, Check Point and Fortinet are among the lead sponsors. Share your comments about securing critical infrastructure to the Cloud and Cyber Security Center.

CERT: FloCon's 12th Annual Network Security Conference - Issues Call for Papers

CERT's 12th annual FloCon Network Security Conference will be held January 11-14, 2016 in Daytona Beach, Florida.  Submit abstracts for presentations, posters, and demonstrations. Your submission must be related to the FloCon 2016 theme, “Network Flow in Operations,” describing the theory, creation, implementation, and/or operational use of network analysis using network flow.

Key focus areas for FloCon 2016 include: 1) Analyzing contextual data and network flow, 2) Integrating data from multiple sources (data fusion), 3) Optimizing and analyzing analyst workflow, 4) Discovering indicators of malicious behavior through automation, 5) Using network flow to produce performance-based metrics, 6) Leveraging "big data" platforms for network flow analytics, 7 Employing scalable statistical techniques, 8) Exploring case studies in threat detection and mitigation, 9) Using operational data visualization and visual display techniques for big, quantitative datasets, 10) Exploring new techniques from new data sources, and 11) Modeling networks for threat detection. Share your comments with the Cloud and Cyber Security Center.

CSC Defines IT Security Assessments for Common Criteria & Cryptographic Modules

The Common Criteria for Information Technology (IT) Security Evaluation, also known as the ISO 15408 standard, is the current standard for specifying and evaluating the security features of IT products and networks. Common Criteria offers the first global standard for IT security evaluation andvalidation/certification fully endorsed by government bodies in participating countries. In addition, federal agencies, industry, and the public rely on cryptography for the protection of information and communications used in electronic commerce, critical infrastructure, and other application areas.

Cryptographic modules, which contain cryptographic algorithms, are used in products and systems to provide security services such as confidentiality, integrity, and authentication. Adequate testing and validation of the cryptographic module and its underlying cryptographic algorithms against established standards is essential to provide security assurance. Cryptographic Module Validation Program (CMVP) validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules and other FIPS cryptography based standards. How effective will these new standards be in preventing cyber crime? Share your thoughts with the Cloud and Cyber Security Center.

Symantec Claims to Secure Over One Billion IoT Devices Worldwide

Symantec hasannounced it is securing more than one billion Internet of Things (IoT) devices, including everything from televisions and cars to smart meters and critical infrastructure. With IoT devices expected to number 25 billion by 2020¹, Symantec is leading the effort to protect consumers from hacks against their always-on, Internet connected devices.

“As IoT innovation and adoption continues to grow, so has the opportunity for new cyber security risks. This is the next frontier. In the automotive industry, hackers can literally steer the car and ‘hit the brakes’ from their keyboards,” said Shankar Somasundaram, Senior Director of Internet of Things Security, Symantec. “Symantec is partnering with manufacturers in the automotive, industrial control, and semiconductor industries, in addition to our work in healthcare and retail markets.” As part of its broader Unified Security Strategy, Symantec is investing in and offering the industry’s most comprehensive IoT security solutions. This approach includes authentication, device security, analytics and management to help prevent cars, medical devices, industrial control systems, and countless consumer electronics from becoming hacked, tracked and electronically hijacked as shown in recent news. How secure are the IOT devices Symantec claims to have protected? Share your comments with the Cloud and Cyber Security Center.

IBM X-Force Threat Intelligence Quarterly Report - Ghost and FREAK Threats

In early January 2014, companies large and small scrambled to better understand and analyze a major retail breach that left them asking whether or not their own security measures would survive the next storm. Before spring was barely in motion, we had our first taste of the “designer vuln”—a critical  vulnerability that not only proved lethal for targeted attacks, but also had a cleverly branded logo, website and call-name (or handle) that would forever identify the disclosureroute by slowly and stealthily morphing into new variants that now target petrochemical sellers and suppliers, as well as password management software.

These designer vulns appeared within long-held foundational  frameworks used by the majority of websites, and they continued throughout 2014, garnering catchy name after catchy name — Heartbleed, Shellshock, POODLE, and into 2015, Ghost and FREAK. This in and of itself raises the question of what it takes for a vulnerability to merit a marketing push, PR and logo design, while the other thousands discovered throughout the year do not. Breaches and security incidents were being announced so rapidly in 2014 that many struggled to keep up. By the end of  the year, we began to see that this digital storm of attacks would not cease, but instead would likely become larger, grow more encompassing, and raise increasingly important personal  privacy concerns, as evidenced by the breach at Sony. However, data breaches and security incidents did not take all the limelight in 2014. We also continued to see new usage of familiar, “old” malware, which quickly became the tool of choice for cybercriminals. Citadel financial malware—historically a spawn of Zeus configurations—took a less noisy approach. Send your comments to the Cloud and Cyber Security Center today.

The Defense Information Systems Agency Issues Three New Policies on Cyber Security

DISA's three new documents more thoroughly define cloud security and the steps to achieving it, outlining the responsibilities of the organizations and managers increasingly capitalizing on commercial cloud offerings. The release underscores the Defense Department's growing adoption of commercial cloud offerings.

The cloud access point (CAP) functional requirements document (FRD) prescribes a barrier of protection between the Department of Defense Information Network (DoDIN) and Internet-based public cloud service offerings, directing defense agencies to implement protections for the connection points linking the two. The first DISA-established CAP is a modified NIPRNet federated gateway, according to the documents.
"As DoD strives to meet the objectives of the DoD CIO to maximize the use of cloud computing, the DoDIN perimeter must continue to be protected against cyber threats from external connections," the documents state. "The CAP will proactively and reactively prevent attacks against the DoDIN infrastructure, particularly traffic from mission applications that originates in the cloud service environment…there are many information assurance functions that may be implemented as detect and prevent measures to address the different types of external attacks." Visit DISA for further details at: http://www.c4isrnet.com .Share your comments with the Cloud and Cyber Security Center.

CyberSecurity Ventures Predicts Growth in Cybercrime and Workforce Shortage

In its recent 2015 report CyberSecurity Ventures indicates a vital challenge for the dark world of cybersecurity in 2015: A continued increase in cyber threats, especially from Russia and China and a major shortage of cyber professionals to combat these threats in the US and Europe. “The cybersecurity job market is on fire” says Veronica Mollica, founder and executive information security recruiter at Indigo Partners, Inc. in Fairfield CT. “Our candidates are facing competing offers from multiple companies with salary increases averaging over 30 percent.

Current employers are scrambling to retain talent with counter offers including 10 percent and higher salary increases for information security team members to remain on board” adds Mollica. According to a recent report from DICE, a leading IT job board, the top five IT security salaries are: No. 1 – lead software security engineer at $233,333; No. 2 – chief security officer at $225,000; No. 3 – global information security director at $200,000; No. 4 – chief information security officer at $192,500; and No. 5 – director of security at $178,333. IDC predicts that “by 2018, fully 75 percent of chief security officers (CSO) and chief information security officers (CISOs) will report directly to the CEO, not the CIO”. This will arguably push those positions higher up in to the salary stratosphere. Share your observations with the Cloud and Cyber Security Center.

Symantec Bolsters Cyber Security Service Portfolio as Threat Profile Increases

Symantec is now offering a portfolio of Cyber Security Services which include: 1) DeepSight™ Intelligence for advanced adversary and threat intelligence so you can get ahead of emerging threats, 2)  Managed Security Services for 24x7x365 global threat monitoring and analysis by your designated team across our SOCs in Europe, Asia, and North America, 3) Incident Response for response program readiness and a proactive Retainer subscription for fast and effective action when compromised, and 4)  Security Simulation for skills development through live-fire virtual simulations of today’s most sophisticated attacks.

 At the same time Forrester Research reports that vendors have inundated the information security market with bloated claims of actionable threat intelligence. S&R professionals need to understand what useful threat intel looks like, so they can make the appropriate investments for their security program. Forrester defines threat intelligence as: The details of the motivations, intent, and capabilities of internal and external threat actors. Threat intelligence includes specifics on the tactics, techniques, and procedures of these adversaries. Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications

associated with threats. Download the complete Forrester report at: https://know.elq.symantec.com/LP=1524?CID=70150000000dlpUAAQ&MC=191071&OC=81146&OT=WP&WPN=140&TT=SW How valid are these threats and mitigation services? Send your comments to the Cloud and Cyber Security Center.

Microsoft Targets Acquisition of Adallom to Bolster Cyber Security Portfolio

Microsoft is planning to acquire Israeli cloud cybersecurity start-up Adallom in "one of the largest" of the group's recent acquisitions, a source close to the situation has told CNBC. The deal is likely to close and be announced this week with the price tag set to be "quite a few hundred million dollars", the person said, choosing to remain anonymous because the information isn't public. The source did not reveal the exact price but said it would be bigger than any recent deals.

 Cloud providers invest in securing their applications, but under the shared responsibility model, enterprise customers are responsible for access to and usage of that data. The good news? SaaS applications can be as secure as on-premise applications. The company provides visibility, governance and protection for the top SaaS applications used by businesses worldwide. We’ve done the legwork to understand every unique transaction and data sharing capability within these applications so you don’t have to. Adallom is poised to be the latest company to be snapped up by Microsoft has been very acquisitive over the past year as the company pushes its fast-growing businesses such as the cloud unit.

Five Cyber Security R&D Hot-Zones Around the Globe

The global increase of cyber attacks not only compromise the personal information and sensitive data of consumers, but pose tremendous threats to businesses, governments and militaries. The global balance of power and billions of lives are dependent on keeping computer infrastructure safe. To combat attacks, interest in cyber security companies is heating up and heavy investment is following. Cyber-security companies are hiring by the droves, with some creating hundreds or thousands of jobs every year alone. "This year we are hiring hundreds of employees for development and deep technology positions," says Dorit Dor, vice president of product at Check Point, a prominent IT security firm. To support this exploding industry, several cyber-security ecosystems have developed around the globe, consisting of companies, venture capitalists, talent and expertise concentrated in small areas. Entrepreneur magazine identifies five key cyber securiry R&D centers around the world: Israel, Silicon valley, New York City, London and Boston. Send us your comments on the most important cyber security hot-zones.

The Hoover Institution Releases New Report - "Managing the Cyber Security Threat"

Regulating the US critical infrastructure is complicated, moreover, because it is largely controlled by the private sector. Proposals to enhance cyber protection of such infrastructure, called recommendations, have been prepared by the US government, but the standards or practices recommended could render critical
infrastructure more vulnerable both because any flaws would be widely applicable (reducing redundancy) and because the US government would likely seek continued access to systems through measures that could be exploited by attackers. The Obama administration has backed away from mandating standards, and its proposals are so general they provide no assurance as to what any particular company will do.

The Cyber infrastructure of the world is transnational; thus it is illusory to expect it to be effectively managed by a single state, or even by a group of states’ having dominant conventional military power and vast economic resources. Only a transnational framework, based on the consent of all participating states, could be effective in reducing the security threat posed by cyber activities. To the extent the Internet has security today, it is largely because the Internet Engineering Task Force (IETF) and other private, standard setting bodies have developed and mandated protocols that must be followed by users to gain access.  Send your comments to the Cloud and Cyber Security Center. To download this report visit: http://www.hoover.org/sites/default/files/fw_hoover_foreign_policy_working_group_unconventional_threat_essay_series/201411%20-%20Sofaer.pdf

What is the True Cost of Chinese and Russian Cybercrime Against the US?

China and Russia continue to use non-government entities, including hacking groups and private companies, to infiltrate U.S. systems and analyze the collected data. The intention, the U.S. official says, is to hide the true source of the attacks. However, the U.S. official says both governments also carry out cyberattacks using their own assets and attempt to cover their tracks using other methods. Such cyberattacks have been on a gradual upswing since the mid-2000s due in large part to their success, the official said. The Obama administration has repeatedly acknowledged the threat. "We're confronting a persistent and dedicated adversary.

The threat is ever-evolving. And it is critically important for us to make sure that our defensive measures that are intended to prevent these kinds of intrusions reflect that ever-evolving risk," White House press secretary Josh Earnest said in June. internal reports have repeatedly found that U.S. government systems remain vulnerable. Many U.S. government agencies still lack urgency in addressing the problem, leaving U.S. systems open to further attacks. The U.S. official described as "likely" the prospect of additional successful cyberattacks on sensitive U.S. government systems. Some lawmakers, as well as current and former intelligence officials, have spoken about the possibility of retaliatory attacks raising the costs on states targeting the U.S. So what is the true impact on US security and what counter-measures should the US government and private sector companies take? Send your comments to the Cloud and Cyber Security Center.