All-Out Cyberwar is Going On in the Dark, Pentagon Increasing Cybersec Teams

Could there be a “cyber 9/11”? Would there be an all-out cyberwar happening right now? There is a war going on, a cyber one at that, going on here in the states. If you work for a defense contractor, bank, train and plane transportation providers (also including RTAs and other digitally-depending transportation methods), power company, water and utilities plants, etc. are in direct line of fire of potential cyberwar problems.

A brewing cyberwar has been going on in the past year, and usually people view it as governments going head to head (like it would in actual wars). However, there is more of a cyberwar against governments, corporations, and of course the entities we named above.

With seeing government threats, like Stuxnet, Flame, etc., to cybercrime units like Red October, Rustock, even Virut/Waledec – seems like the threat is getting out of hand. With the use of tactics like from these malware powerhouses, our worry for a severe (life-threatening) attack should be a lot greater…mainly to the fact that the US should seriously prepare itself.

“The cyber war has been under way in the private sector for the past year,” says Israel Martinez, a board member of the U.S. National Cyber Security Council, a nonprofit group composed of federal government and private sector executives.

“We’re finding espionage, advanced persistent threats (APTs), and other malware sitting in networks, often for more than a year before it’s ever detected,” Martinez says.

Martinez studies different issues, such as US entities being targeted by fronts from China, Iran for intellectual property theft to other cybercrimes such as stealing identities or cash.

When we look at Stuxnet for example, the US and Israel crafted it jointly to disrupt Iranian nuclear facilities. Problem here is, doing that may have just been a provoking edge to the cybcerwar for Iran to develop something else and revenge. Doing this caused Iran then, to strike back with cyber attacks on US banks. Some have thought Iran was behind the Shamoon virus as well, which wipes out 30K hard drives and taking computers offline at Saudi Aramco for several weeks.

Defense firms in the US are hoping that some of the Fortune 500 cybersecurity companies have a good plan to counterattack and defend for the US to these opponents.

The Pentagon has come back with newer accounts of management for this cyberwar by planning to increase cybersecurity teams. The Senate is continually pushing for legislation for information sharing on threats and cyber attacks. President Obama prepares to issue executive order on cybersecurity, so the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend our country’s public and even private networks.

The government has had trouble in the past looking for the right personnel, since most are employed by agencies that don’t discuss operations publicly (due to the risk of the information getting in to the wrong hands). The Pentagon is planning to push up the number of security professionals up to 5,000 in the next few years (which is up from a little under 1,000). They’re hoping for both military and civilian security personnel to join up, so the diversity helps the US prepare for any issue.

Expect a better take charge situation by corporate, government, and private firms in this cyberwar situation!

Obama Urged by US House Republicans to not issue Cybersecurity Order

46 US House of Representatives Republicans joined in a letter (PDF) to urge President Barack Obama not to issue the executive order on cybersecurity. The White House is currently drafting an executive order that encourages operators of critical infrastructures (like banks, power grids, etc.) to meet cybersecurity standards.

“Instead of preempting Congress’ will and pushing a top-down regulatory framework, your administration should engage Congress in an open and constructive manner to help address the serious cybersecurity challenges facing our country,” the lawmakers wrote.

The executive order is expected for release in January, which will help protect these vital systems from hackers. It’s highly important that this gets put into action, or the United States can see some issues happen such as power loss, plane crashes, train derailments, etc.

“This framework will work better than attempts to place the government in charge of overseeing minimum standards for industries seeking to invest in new and innovative security solutions,” the Republicans wrote.

The letter of urgency, led by Representatives Marsha Blackburn (Tennessee) and Steve Scalist (Louisiana) is aimed at helping to reduce the amount of government involvement in cyberwar, in hopes not to stir rages with hackers and other pests. However, if something isn’t done very soon, America as we know it could be in a lot of trouble.

 

 

October is National Cyber Security Awareness Month

NCSAM official image (Department of Homeland Security)

Cyber security awareness is so important, and we’re going to display a few things you should be aware of this month, for you to try to make capable changes to your personal or business security perspective. You will notice some of the information below is linked to different posts here on the blog. This should help you understand each topic better! Please don’t be afraid to use each of the links below to learn more about protecting your system(s).

• Email is one of the biggest attack methods. Since users are still highly dependent on email, it is so critical that email systems get fixed. Spam can be so cunning that it may disguise itself as your friend, someone you trust, or a bank. The main target in these spam attacks is phishing, which will allow an attacker to trick you into doing something or giving away personally identifiable information.The goal is to also download malware on to your computer, which can be used to take control of your computer and steal much more personal information. Some emails may claim to be a legitimate organization sending you an attachment, but it’s purpose is to distributed malware on your computer. It is best to secure email systems against spam. This can be done using a variety of products whether hardware or software. Make sure to secure your system(s) with the latest spam fighting utilities. Also, securing Outlook or Windows Live Mail is beneficial.
• Instant Messaging still seems to be a vector for malware attacks. Just when people drop their guard about IM security, a new band of threats affects users. Most IM attacks come in the form of spam, a message from an apparent trusted friend, or a phishing attempt/scam from a legitimate looking company. A lot of the time, when the message appears from a trusted friend, it usually means that person’s IM account or email account has been hacked and the attacker has mined the email addresses or IM addresses in order to send you these attacks. It is important to have a good Internet Security product that protects against IM attacks along with network defense.
• Exploits are the most common cause of infections on computers these days. Many of the exploits have been caused by out-of-date Java plugins or Adobe Flash Player plugins (or even fake Flash Player), among other types of plugins for your browser. Other exploits come in the form of advertisements that are catered to your interests, by the use of tracking cookies, which when you click on the ads it can lead to a site that will immediately download malware and attempt to take control of your computer.Those are just a couple of examples of why you need Internet Security protection as declared just above in the explanation for IM security. Also, having a second-opinion malware scanner can make sure that things don’t get missed, giving you maximum protection. Working on a defense-in-depth strategy for your computer can be a great way to avoid exploits.
• Downloading and installing untrusted software products is a good way to get infected with viruses, spyware, and other threats and malware. Using tools such as Web-of-Trust for your browsers is a key idea in managing whether a site is safe. Also, reading reviews for the product you are getting ready to download and purchase will help you make an informed decision. It is important to have Total Internet Security protection, as stated above in IM security. Please refer to the “Internet Security product” link for more information on securing your system(s) with protection mechanisms.

There are many more vectors of cyber security problems. It is important to use the methods described above as well to secure your system(s) from attacks from cybercriminals.

Summary of mitigating most attacks:

• Have a good antivirus or internet security product for maximum protection against malware, exploits, etc.
• Have a defense-in-depth PC strategy to help secure your system(s) against malware and exploits, among other threats.
• Keep abreast of the latest malware threats, so you know the seriousness of securing the system(s).
• Having a second-opinion malware scanner is not a bad idea to help secure even further against malware and exploits.
• Watch out for fake bank emails, so you can keep your financial information very safe!!
• Avoid digital disasters by backing up your data on to an external drive, CD/DVD, etc. Using a backup solution can mitigate this problem (especially for businesses).
• Always maintain a good password on any online account, especially social networks and banks!

Windows 8 Security Features Explained (mini-whitepaper)

Windows 8 is apparently more secure than Windows 7. Perhaps this is true, and it is best to learn what security features there are for the new operating system. Some of these security features are verified to help out very well in the security of Windows 8, and some may not be in time, or lastly some may not work at all.

One of the most discussed security features is Secure Boot. Now, Secure Boot is a Unified Extensible Firmware Interface (UEFI) specified in the boot process to check cryptographic signatures of kernel-mode drivers, making sure they aren’t modified or corrupted. In other words, the boot process is now made to check if the operating system has been corrupted by malware or some other issue.

This is all part of a hardware restriction process called Hardware DRM. All non-ARM devices have the option to turn Secure Boot off, however ARM devices must keep it on. Experts state that it will be resistant to rootkits, since the MBR and BIOS cannot be accessed, unless if someone working on the computer penetrates it.

Next, Windows 8 features better built in antivirus software, with a much better improved Windows Defender. The software in Windows 8 is combined with the optional tool Microsoft Security Essentials. Now, with Windows Defender super-powered with MSE, it has much more anti-malware features.

With better anti-malware features, Internet Explorer is now made with better features as well. It has the ability to prevent zero-day exploits much greater than previous versions of Internet Explorer. With the challenges of exploiting Windows 7, there was the issue risen up again for Java and Flash Player, so hackers can gain control over the operating system. Those browser plugins are now easier to exploit than the Internet Explorer’s code.

A new application sandboxing environment called AppContainer provides the ability to run all apps in a controlled environment, where it controls how apps work. This prevents apps from disrupting the operating system. Of course, this is just supplemented by Internet Explorer’s SmartScreen filter, which prevents the download/install of known malicious software. However, Windows 8 now has SmartScreen available for any app, allowing even more prevention. Of course, this means Microsoft employees are going to increase in numbers, if they really want to keep up. Now that hackers know their new challenges, they will be relentless.

The questions are still played on whether Windows 8 will be a repeat of Vista or not. The reality of the situation, is if Windows 8 has big popularity, then the security issues will also light up big time. However, many will stick to Windows 7, so the security issues for Windows users are not close to be over. Feel free to take a look at related articles below for Symantec’s opinions, which aren’t too well on the new OS.

Added October 31, 2012: Trusted Platform Module, read more

Keep up with the latest security tips on our blog here. In addition, please donate to help us continue to write these awesome whitepapers.

Related articles

• Over Half Of Windows 8 Users Still Prefer Windows 7 (webpronews.com)
• Gates: New Windows 8 system is `very exciting’ (seattletimes.com)
• Windows 8 Security Is Not Good – Symantec (news.softpedia.com)
• UEFI and Secure Boot: The Hell I Went Through (prismdragon.wordpress.com)

Report: 21 Million Medical Records Exposed in Breach!

Over the past three years, about 21 million patients have had their medical records exposed in data security breaches that were big enough to require they be reported to the federal government.

Since Sept. 2009, 477 breaches affecting 500 people or more each have been reported to the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services. In total, the health records of 20,970,222 people have been compromised, the OCR said.

The Office for Civil Rights has been updating a list of the breaches on its website. The list is known to the health care industry as “The Wall of Shame,” according to the OCR.

Six health care organizations listed on The Wall of Shame reported security breaches that involved one million or more records.

Read More on Computer World

Related articles

• ‘Wall Of Shame’ Shows 21 Million Data Breaches In Healthcare (teamshatter.com)
• ‘Wall of Shame’ Exposes 21M Medical Record Breaches (it.slashdot.org)

Republican Senators Revise Cybersecurity Bill

Government Security

The cybersecurity bill discussed in congress earlier this Spring is now revised with newer details. The revision to the originally democratic bill is more based on disallowing the government to absolutely standardize new cybersecurity bills. The idea is for those with critical infrastructured networks get fully secure (as required). The new SECURE IT bill restricts the government from retaining and using information about cyberthreats.

According to Computer World: SECURE IT, backed by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.), will allow companies to legally share real-time cyberthreat information from their networks with other industry stakeholders, law enforcement agents and government officials.

The restriction of the use of such information about cyberthreats is to help combat the ability of hackers from discovering the information and getting quicker revision time for their threats.

The mere investment in to tools to combat cybersecurity threats is crucial to American infrastructure, and infrastructure all around the world even!

The biggest deal is watching how cyberthreat information is shared. Programs like CISPA are not going to function very well. Which means cyberthreat information should be held between private parties for a temporary time, and once a mitigation is made, destroy the data.

Corporate and government systems are not immune to cyberattacks by hackers.

 

Eventful Summer Heating Up for Computer Security

Whether it’s the Olympics possible terrorism, or the cyberwar heating up, an eventful Summer for computer security is on the way!

Some of the biggest computer security issues in the coming weeks of the Summer include (no specific order):

1. Olympic games, possible terrorism involvement. Also, look out for scammy/spammy emails, including different issues – such as: Watch Olympic results online now, or even Win Free Tickets to the Olympics. Websites that allow broadcasting for the Olympics are going to be highly targeted. Look out for issues, especially when a lot of people from a lot of different countries want to check it they’re team won.
2. Your Summer Vacation, may be the time where you lose your smartphone or laptop or tablet, etc. Be careful not to take too many gadgets…after all, the more you have with you, the more you have to keep track. If you’re commonly irresponsible or less careful, then try to take only one-to-two devices at maximum. Also, don’t be announcing to Twitter, Facebook, FourSquare, etc. that you are leaving your home for a while. This produces a great home security risk, mainly for people whom know where you live.
3. Politics and cybercrime don’t mix well! Expect trouble in your inbox, pasted all over advertising, etc. about the upcoming Presidential Election. Don’t click on ads in different websites, or in spam emails about politics. It’s a bunch of propaganda, FUD, and mindless brainwashing…that’s just half. The other half: malware of course! 😀
4. Black Hat & DefCon conferences are this Summer. Expect no less than a wild ride for vulnerabilities, strange new malware, and lots of fancy code to look at. But seriously, don’t fall for vulnerabilities. Keep your computer secure by following the ad below. It’s an ad you SHOULD click on!

In order to protect your computer against these types of threats, it is recommended to have a good Internet Security suite, that protects your computer against malware and protects your inbox against spam attacks: