Cybersecurity Update 28.02.2014.


Commander: U.S. Military Not Ready for Cyber Warfare

The U.S. military is ill-prepared for waging cyber warfare and needs to bolster defenses against the growing threat of cyber attacks against both military systems and private infrastructure, the commander of U.S. Cyber Command told Congress on Thursday.

“Those attacks are coming and I think those are near term and we’re not ready for them,” said Army Gen. Keith Alexander, head of Cyber Command and also outgoing director of the National Security Agency.

Training drill to simulate cyberattack

Homeland Security, law enforcement and corporate executives from across metro Atlanta will descend on Clay National Guard Center today to participate in a simulated cyberattack on a fictitious logistics company similar to UPS or FedEx.

The recent security breach of debit card data at Target stores showed how hackers are getting more sophisticated in their abilities to crack the networks of major corporations, said Tony Cooper, spokesman for the Technology Association of Georgia or TAG, which is sponsoring the event.

But what if a logistics company, say a mover of cargo through a local airport or a ground carrier such as UPS, were to experience a simultaneous cyberattack against its computers and a physical attack that included explosives in a package being sent from point A to point B?

Syria War Stirs New U.S. Debate on Cyberattacks

Not long after the uprising in Syria turned bloody, late in the spring of 2011, the Pentagon and the National Security Agency developed a battle plan that featured a sophisticated cyberattack on the Syrian military and President Bashar al-Assad’s command structure.

The Syrian military’s ability to launch airstrikes was a particular target, along with missile production facilities. “It would essentially turn the lights out for Assad,” said one former official familiar with the planning.

NATO debates policy for cyber defense of public and private sectors

The prospect that NATO might formally do more to prevent and mitigate cyber threats to governments and critical infrastructure looms this week as the alliance prepares for a defense ministerial in Belgium that will pave the way for a major fall summit in Wales.

The deep debate within the alliance on the future of cyber defense policy could have implications not only for major military matters but also for the role of the private sector, said Julianne Smith, a senior vice president with Beacon Global Strategies.

Exclusive: New thesis on how Stuxnet infiltrated Iran nuclear facility

One enduring mystery about Stuxnet, the first cyberweapon the world has known, is this: Just how did that “digital missile” infiltrate Iran’s secret Natanz nuclear fuel-enrichment facility in the first place?

A new thesis about that, to be outlined Tuesday at a security conference in San Francisco, points to a vulnerability in the Iranian facility’s supply chain – and may hold lessons for owners of critical infrastructure in the US concerning how to guard their own industrial equipment against cyberattack.

Inside the Army’s First Field Manual for Cyber Electromagnetic War

The Pentagon long has made a big effort to showcase its budding cyberwarfare capabilities. But the military has been less forthcoming about a key, more tangible component of cyber — electronic warfare – until now.

The Army just publically released its first-ever Field Manual for Cyber Electromagnetic Activities. The manual covers operations related to cyberspace and the electromagnetic spectrum, highlighting that for the Army electronic warfare is every bit as important as the cyber threat we hear so much about in abstract.

Americas-private sector

Let’s Face It—It’s the Cyber Era and We’re Cyber Dumb

Right now, Chinese criminals and spies are targeting the United States and other countries in the biggest semi-organized campaign of theft and espionage in world history.

And it’s all being done online, through hacks, fraud and other Internet trickery.

But Americans—and especially our leaders—hardly know the first thing about “cyber” threats. And that badly complicates any organized response to Internet attacks.

Cyber Security Startup Announces Release of Cyber War Games DDoS Module

Today, MazeBolt Technologies, an Israeli based Cyber Security Startup announced the release of their DDoS Simulation module to strengthen their posture in the Cyber Security arena.A methodology commonly known in cyber security circles as a “War Games Simulation.”A roleplay of realistic DDoS attack scenarios on your network infrastructure or website.

To be as realistic as possible the methodology used to simulate the attack would be the same methodologies used in operations like Operation Ababil which unleashed havoc against a number of American financial institutions.

360 million newly stolen credentials on black market: cybersecurity firm

A cybersecurity firm said on Tuesday that it uncovered stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access.

The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.

Apple security flaw could allow hackers to beat encryption

A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.

If attackers have access to a mobile user’s network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same.

“It’s as bad as you could imagine, that’s all I can say,” said Johns Hopkins University cryptography professor Matthew Green.

New Malware Is The Biggest Ever Attack On Virtual Currencies And Has Infected Hundreds Of Thousands Of Computers

Cyber criminals have infected hundreds of thousands of computers with a virus called “Pony” to steal bitcoins and other digital currencies, in the most ambitious cyber attack on virtual money uncovered so far, according to security firm Trustwave.

Trustwave said on Monday that it has found evidence that the operators of a cybercrime ring known as the Pony botnet have stolen some 85 virtual “wallets” that contained bitcoins and other types of digital currencies. The firm said it did not know how much digital currency was contained in the wallets

Better passwords the key to safer cybersecurity

Once the preserve of spies and their masters, cryptology – the science of keeping secrets – now affects us all.

Hardly a week goes by without news that one government has been spying on another, or that hackers have broken into a website and made off with client data.

Earlier this month the crowdfunding site Kickstarter became the latest high-profile victim of hacking. Customer information including usernames, email and postal addresses were stolen.

Cyber Squared says the solution to cyber crime lies in firms sharing information

The growing number of cyber attacks on U.S. businesses, federal agencies and other institutions could be stymied if the victims of those attacks shared more information about the perpetrators, says Adam Vincent, the chief executive of Cyber Squared.

The three-year-old Arlington company hopes to provide the platform where the information gets shared. Its software, called ThreatConnect, allows individual cybersecurity professionals to swap data about threats, attacks and responses.

Hackers Using Mobile Devices To Expose Sensitive Information In Cyber Attacks

HTarget, Neiman Marcus, Michaels and the University of Maryland. They’re all major retailers and institutions hit by hackers.

So how are they getting all this data?

Linh Bui speaks with a security expert about why these cyber attacks keep happening.

Cyber attacks pose a threat to consumers, businesses and governments. It’s a problem that’s growing at a rapid pace.


China Announces New Cybersecurity Push

President Xi Jinping is presiding over a new working group on cybersecurity and information security, China announced on Thursday, a sign that the Communist Party views the issue as one of the country’s most pressing strategic concerns.

The government said Mr. Xi and two other senior leaders, Prime Minister Li Keqiang and Liu Yunshan, a member of the Politburo Standing Committee, would help draft national strategies and develop major policies in a field that might include protecting national secrets and developing cyberdefenses, among other goals.

Energy firm cyber-defence is ‘too weak’, insurers say

Power companies are being refused insurance cover for cyber-attacks because their defences are perceived as weak, the BBC has learned.

Underwriters at Lloyd’s of London say they have seen a “huge increase” in demand for cover from energy firms.

But surveyor assessments of the cyber-defenses in place concluded that protections were inadequate.

Energy industry veterans said they were “not surprised” the companies were being refused cover

Edward Snowden enables Chinese hack attacks

China’s military hackers are back, more brazen than ever. You can thank Edward Snowden.

A year ago, the Internet security firm Mandiant went public with what cyber-war watchers had known for some time: Unit 61398, a secret branch of the Chinese military, had been behind more than 1,000 cyber attacks on Western targets since 2006. Employing thousands of trained cyber warriors housed in a 12-story building in Shanghai — and backed by an enormous militia of part-time hackers — Unit 61398 had been waging a constant war on foreign banks, infrastructure, defense firms and government agencies, including one spectacular 2007 raid on the Pentagon that shut down 1,500 different Defense Department networks.

Brazil struggles to create cybersecurity policies

Several months have passed since the news around the NSA spying scandal – including intense monitoring of Brazil’s communications – but Dilma Rousseff’s government appears to be struggling to structure proper cybersecurity mechanisms.

According to the Brazilian Secretary of Strategic Affairs (SAE), an over-arching strategic plan aimed at improving national security and defense policies in the cyberspace will only be ready around September time.

“The idea is to first perform sectorial meetings to discuss these matters, followed by regular plenary meetings to report on the progress of activities, with requests for suggestions that can improve the work. After that, we will submit proposals to the SAE Minister and all ministries that are part of this initiative, then finally present [a proposal] to the President,” says general Gonçalves Dias, a defense aide at the SAE.

Hackers target Brazil’s World Cup for cyber attacks

Brazilian hackers are threatening to disrupt the World Cup with attacks ranging from jamming websites to data theft, adding cyber warfare to the list of challenges for a competition already marred by protests, delays and overspending.

In a country with rampant online crime, a challenging telecommunications infrastructure and little experience with cyber attacks, authorities are rushing to protect government websites and those of FIFA, soccer’s governing body.

Furious about the 33 billion reais ($14 billion) in federal funds being spent on World Cup preparations, more than a million Brazilians took to the streets last June in a wave of mass demonstrations, calling for better public services, greater transparency, and a crackdown on corruption.

UAE To Double Security Budget, Focus on Cyber

The United Arab Emirates is set to double its spending on homeland security from $5.5 billion to more than $10 billion in the next 10 years, according to a US study. Analysts say a majority of that funding will go toward cybersecurity.

Spending is estimated to reach $57.7 million by 2015, with a view to increase investment on homeland security, economic development and rapid population growth, to curtail regional unrest and the increased complexity of potential threats. The numbers come from the 2013-2014 annual report by the US Commerce Department’s International Trade Administration and reported by state news agency WAM.

South Korea’s Cyber War Ambitions Could Backfire

South Korea has made a suprisingly public announcement that it plans to develop cyber-weapons for potential use against North Korea. The decision to make its plans known is baffling and the potential consequences of taking hostilities online are deeply troubling.

When the Iranian nuclear processing plant at Natanz was hit with Stuxnet it marked a new stage in modern warfare. Stuxnet was the first code-based weapon ever used and by the time it was discovered in 2010, it had ruined almost a fifth of the Natanz centrifuges and caused so much disruption that the Iranian nuclear programme is yet to fully recover.

Gaza hackers prepare for next assault on Israel

Hacking Israeli websites from the Gaza Strip is a raging front in a war where soldiers are trained in the art of hacking individually and collectively. They are preparing to fight the next battle globally, united in a virtual world with other hackers around the world to deliver a message that the siege on Gaza must end.

The electronic conflict between Palestinian hackers and Israel is growing, after the success of the largest unified hacking operation against Israel launched on April 7, 2013. The goal of the attack, dubbed OpIsrael, was that of “wiping Israel off the Internet.”

This entry was posted in Weekly Brief. Bookmark the permalink.

Comments are closed.