Warfare-Cyber Convergence a Major Challenge for the US Army

Network Convergence is one of the US Army's biggest challenges.. As evidence, look no further than the decision to disband its electronic warfare division, which will fold into a newly established cyber directorate at the Pentagon within the Army.  “We need to be aware that we are very likely going to fight an adversary that is converging using [cyber and electromagnetic activity] integration, ISR and fires across full spectrum conflict,” said Col Timothy Presby, Training and Doctrine Command capabilities manager of cyber, at TechNet Augusta earlier in August. “So unless we actually work together and converge our capabilities, we will be left short.” Many current and former Army officials believe the convergence and new cyber directorate are a good step. Creating the new cyber directorate and keeping it within the G-3 is “absolutely” a good idea, Gen. Jennifer Napper (ret.) told C4ISRNET in an interview.  “The fact of the matter is, it all works together or contests each other and interferes with each other so you have to have it all in one area,” said Napper, who formerly served as the director of policy, plans and partnerships for the Cyber Command and commander of the Army’s Network Enterprise Technology Command. Will this effort truly strengthen the US Army's cyber-warfare capabilities? Share your comments with the Cloud and Cyber Security Center.

New York Governor Calls for CyberSecurity Programs for Banks and Insurance Firms

New York state is proposing new rules requiring banks and insurance companies to establish cybersecurity programs and designate an internal cybersecurity officer, in what Gov. Andrew Cuomo described as a "first-in-the-nation" move to codify cyber safety policies. The proposed rules come after some of the world’s biggest banks -- including JPMorgan Chase & Co. and HSBC Group -- have reported significant cyber intrusions and U.S. corporations in general have been frequent targets of hacking. Money center banks and insurance companies have built their own cybersecurity programs in recent years, often at expenses of hundreds of millions of dollars. The biggest impact of the new regulations is likely to be on small banks and insurers, which may now need to bring their cyber programs up to at least a minimum standard. Governor Andrew Cuomo said the regulations would "guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible." Will these measures truly strengthen the cyber security of the banking and insurance industries or simply be superfluous government fluff? Share your comments with the Cloud and Cyber Security Center.

US President Obama Delivers Plea for Deescalation of Cyber Warfare

US President Obama asked for USD 19 billion for cybersecurity efforts in his budget request, a 35 per cent increase from current levels, with USD 3 billion earmarked to help modernise the patchwork of computer systems used in government agencies. President Obama urged deescalation of a potential arms race involving cyberweapons. The president's remarks followed his meeting with world leaders, including Russian President Vladimir Putin, at the G20 Summit in Hangzhou, China. The U.S. has more offensive and defensive capability than any other country on Earth, Obama noted. Citing a new era of significant cyberwarfare capabilities, the president urged moving into a space where leaders begin to institute some norms to prevent global escalation from spinning out of control. "We're going to have enough problems in the cyberspace with non-state actors who are engaging in theft and using the Internet for all kinds of illicit practices, and protecting our critical infrastructure, and making sure our financial systems are sound," Obama said, "and what we cannot do is have a situation where this becomes the Wild, Wild West, where countries that have significant cybercapacity start engaging in competition -- unhealthy competition or conflict through these means when, I think wisely, we've put in place some norms when it comes to using other weapons." New evidence implicating Russia in attempts to undermine the U.S. election has come to light, wrote Senate Minority Leader Harry Reid, D-Nev., in a letter to FBI Director James Comey, late last month. Will the US call for deescalation of cyber warfare yielded bona fide results or simply be viewed as political rhetoric? Let us know your thoughts here at the Cloud and Cyber Security Center.

Cisco Acquires CloudLock Validating Demand for CASB Security Solutions

Cloud Access Security Brokers, aka CASBs, provide security and visibility for companies moving to the cloud. They logically or physically sit between the customer and whichever cloud services it uses. Martin Zinaich, information security officer for the city of Tampa, summarizes their function and purpose: "Cloud access security brokers are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. They increasingly support the control of enterprise social networking use, and popular infrastructure as a service (IaaS) and platform as a service (PaaS) providers." This, Zinaich added, "is a smart play for Cisco." Cisco's move confirms that the security industry considers CASBs to be the way forward in cloud security. Last year Microsoft bought Adallom and turned it into its Cloud Application Security service launched in April 2016.  The emergence of CASBs has been recent and rapid. Bill Burns, CISO at Informatica, has been involved in two recent studies on CASBs in 2014 and 2015. "One of the surprises in the first study," he said in a recent interview "was that CASBs were a relatively unknown technology, but the problem they addressed one of the most worrisome areas that needed to be addressed. This year’s results showed much more awareness for the CASB solutions." Can CASB products truly strengthen cloud security? Send your comments to the Cloud and Cyber Security Center.

Cisco WebEx Meetings Player Code Execution Vulnerability (CVE-2016-1464)

The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco informed customers has released software and firmware updates for some of its products in an effort to address several vulnerabilities rated as having critical, high and medium severity. Francis Provencher, security researcher and founder of the Canadian government agency COSIG, has been credited by Cisco for identifying two vulnerabilities in WebEx Meetings Player. The more serious of the flaws, rated critical, is CVE-2016-1464, which allows an unauthenticated attacker to remotely execute arbitrary code by convincing a user to open a specially crafted file with the vulnerable software. Another vulnerability found by the researcher, classified as having medium severity, allows an unauthenticated attacker to hack WebEx Meetings Player. by getting the victim to open a malicious file. Both vulnerabilities found by Provencher affect Cisco WebEx Meetings Player version T29.10 for WRF files. Cisco has released updates to address the bugs, but no workarounds are available. Cisco has also published advisories describing five different vulnerabilities affecting Small Business series switches and IP phones. Four of the issues were reported to the vendor by Nicolas Collignon and Renaud Dubourguais of Synacktiv, and one by security researcher Chris Watts. Will this bug fix by Cisco fully resolve the WebEx Media Player vulnerability? Send your assessment to the Cloud and Cyber Security Center.

Kaspersky's Global IT Risk Report Indicates Decrease in Phishing Attacks

Kaspersky's Global IT Risk Report Indicates 4% Decrease in Phishing Attacks intrusion or hacking, and 9% fewer reported the theft of mobile devices by an external party. In fact, apart from only a few instances where perceived attacks have remained unchanged or increased by one or two per cent, attacks have decreased around the world. In China and Western Europe the theft of mobile devices by an external party dropped by as much as 12%. In North America, a perceived fall of 10% in malware and other malicious programs was the second highest in the world after China with 13%. The fall in mobile thefts may be due to better encryption being implemented on mobile devices in the past year. The reason for the perceived decline in malware is most likely down to businesses simply not realizing that a data loss event has occurred – a result of the ever more complex and stealthy techniques being implemented by cybercriminals. Even so, 54% still say that they are much more concerned about the security of mobile devices than they were a year ago. Now, let’s turn our attention to internal threats. 21% of organizations have lost sensitive data from internal threats in the past year. And 73% have had an internal security incident in 2015. The top threats came from software vulnerabilities and accidental actions by staff, including mistakenly leaking or sharing data. Is this phenomenon a one-time anomaly or the start of a longer term trend? Send your comments to the Cloud and Cyber Security Center. To read the full report visit the Kaspersky Labs' web site.

Russian Cyber Gang Targets the Oracle MICROS POS Ssytem

Days after word broke that MICROS had been infiltrated by miscreants, Hold Security informed Forbes magazine staff that POS vendors ECRS, Navy Zebra, PAR Technology, Cin7, and Uniwell were also targeted by the same group. Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month. More than 330,000 cash registers worldwide use MICROS, which ranks as one the world's three largest POS systems. Oracle has alerted its customers about the intrusion, a spokesperson confirmed, but the company declined to release any further details. "We are aware of the reported breach of Oracle's legacy MICROS systems," Marriott Hotels said in a statement provided to the E-Commerce Times by spokesperson Jeff Flaherty. "We are working closely with Oracle to better understand the situation and whether or not there may be any impact to our guests."What is next on the Russian hackers hit list? Share your comments with the Cloud and Cyber Security Center.

DARPA's Cyber Grand Challenge - How Does it Strengthen Cyber Security?

Starting with over 100 teams consisting of some of the top security researchers and hackers in the world, the Defense Advanced Research Projects Agency (DARPA) pit seven teams against each other in the Cyber Grand Challenge final event, held August 4 in Las Vegas. During the competition, each team’s Cyber Reasoning System (CRS) automatically identified software flaws, and scanned a purpose-built, air-gapped network to identify affected hosts. For nearly twelve hours teams were scored based on how capably their systems protected hosts, scanned the network for vulnerabilities and maintained the correct function of software. The Defense Advanced Research Projects Agency, or DARPA, gave us a glimpse into that future last Sunday, when it announced the winners of its Cyber Grand Challenge at DEF CON. "Our mission is to change what's possible, so that we can take huge strides forward in our national security capabilities. And if that's what our job is every single day, I think we did it today," said DARPA Director Arati Prabhakar. Taking home the US$2 million grand prize was ForAllSecure, a startup founded by a team of computer security researchers from Pittsburgh, for its Mayhem system. Winning the second place prize of $1 million was TECHx, made up of a team of software analysis experts from GrammaTech and the University of Virginia in Charlottesville. Third place finisher, Shellphish, a group of computer science graduate students at the University of California-Santa Barbara's SecLab won $750,000. How effective is DARPA's Cyber Grand Challenge in ultimately protecting both government and private sector organizations? Share your comments with the Cloud and Cyber Security Center.

ICS Cyber Security Conference - Preview (October 24-27, 2016)

The ICS Cyber Security Conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics. Over the years, the focus of the conference has shifted from raising awareness towards sharing security event histories and discussing solutions and protection strategies. As the longest-running cyber security-focused conference for the industrial control systems sector, the event will cater to the energy, utility, chemical, transporta- tion, manufacturing, and other industrial and critical infrastructure organizations. The ICS Cyber Security Conference will address the myriad cyber threats facing operators of ICS around the world, and will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices. The majority of conference attendees are control systems users, working as control engineers, in operations management or in IT. Industries represented include defense, power generation, transmission and distribution, water utilities, chemicals, oil and gas, pipelines, data centers, medical devices etc. Other attendees work for control systems vendors, security products and services companies, associations, universities and various branches of the US and foreign governments. If you have attended this conference in the past share you thoughts with the Cloud and Cyber Security Center.

Counter-Measures for Combatting Russia's Cyber Attacks on US Targets

As an increasing number of cyber-attacks hits the world's largest companies and agencies, NATO and Russia debates the creation of a roadmap to tackling cyber-threats. While the West has come up with the "Tallinn Manual of Cyber Warfare," a guide which proposes to apply the rules and principles of humanitarian international law in related cases, Russia spells out the need for a more thorough approach at an international level. Follow the debate on the cyber-security issue and the latest developments on RBTH. The Russian cyber-hacking of the Democratic National Committee is only the latest unacceptable and unlawful activity by that state. Russia has acted in flagrant violation of international law and wanton disregard for the rights of other nations. It is time and past time to take action in response. The United States is far from the only target of Russian cyberattacks. Russian hackers have been found by numerous reports and analyses to have attacked close allies including parliaments such as the German Bundestag, media outlets such as France's TV5Monde and Poland's Warsaw stock exchange.  The director of national intelligence has testified, "Russia is assuming a more assertive cyber-posture based on its willingness to target critical infrastructure systems."Which counter-measures will be most effective against Russia' onslaught of cyber attacks? Share your recommendations with the Cloud and Cyber Security Center.

ProjectSauron Cyber Espionage Group Uncovered by Kaspersky Labs and Symantec

ProjectSauron comprises a top-of-the-top modular cyber-espionage platform in terms of technical sophistication, designed to enable long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods. Technical details show how attackers learned from other extremely advanced actors in order to avoid repeating their mistakes. For example, all artifacts are customized per given target, reducing their value as indicators of compromise for any other victim.A cyber espionage group that has been operating covertly since at least June 2011 had its cover blown this week by two security vendors, both of whom said they discovered the group’s activity from malware samples submitted to them by their respective customers. Kaspersky Lab, which has dubbed the group ProjectSauron, described it as a sophisticated nation-state threat actor targeting state organizations. The group has been using a different set of attack tools for each victim making its activities almost impossible to spot using traditional indicators of compromise, the vendor said. The core payloads used by ProjectSauron to exfiltrate data from victim networks are customized for individual targets and are never used again in other attacks. “This approach, coupled with multiple routes for the exfiltration of stolen data, such as legitimate email channels and DNS, enables ProjectSauron to conduct secretive, long-term spying campaigns in target networks,” the Kaspersky Lab said in an alert earlier this week. What effect will the discovery of this group have on reducing cyber security threats? Send your comments to the Cloud and Cyber Security Center.

The Advance of Linux-based Botnet Malware - Can It Be Stopped?

The BillGates Trojan botnet family of malware - apparently so named by the virus writers because it targets machines running Linux, not Windows - has been labelled with a "high" risk factor in a threat advisory issued by Akamai's Security Intelligence Research Team. Akamai said the biggest attack to date using such a botnet occurred towards the end of 2015. Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab. DDoS attacks affected resources in 70 countries, with targets in China absorbing 77 percent of all attacks. Germany and Canada dropped out of the top 10 most-targeted countries, replaced by France and the Netherlands. The Linux server is the go-to platform for orchestrating DDoS attacks because of its latent vulnerabilities, said Charles King, principal analyst at Pund-IT.  A common problem is that they are not protected by reliable security solutions. "That makes them prime targets for hackers, especially those that leverage C&C servers to centrally manage and carry out DDoS attacks," he told LinuxInsider. "Deploying leading security solutions, as well as utilizing and updating established Linux distros, can go a long way to protecting against these issues."What impact will the rise in Linux botnets have on Internet security worldwide? Share your comments with the Cloud and Cyber Security Center.