April 27, 2014

Highlighting Various Articles

Some of these items are a bit dated but I thought I'd showcase them in case you missed them like I did.

10 Most Significant Hacks in 2013 by Nextgov (Jan 2014)

Nextgov website publishes list of what they deem as the "...10 most significant infiltrations reported in 2013 as far as damage to national security, economic security and privacy."(#1)

The titles from their list.  See link to article for details.

1. An unauthorized user gained access to an Army database of U.S. dams that documented the number of people who would be killed in the event of a collapse.

2. A suspected government-sponsored Chinese hacking team allegedly penetrated a decoy U.S. water utility.

3. The prolonged surveillance of New York Times reporters that Bejtlich’s firm helped uncover.

4. During a fall summit in St. Petersburg, G20 heads of state and staff allegedly received tainted thumb drives and smartphone chargers from their Russian hosts.

5. North Korea was blamed for paralyzing the networks running South Korean banks and television stations.

6. Ex-NSA contractor Edward Snowden exposed a cache of government secrets documenting mass domestic surveillance and intercepts of foreign allies' emails and phone calls.

7. A hijacked Associated Press Twitter feed describing explosions at the White House briefly -- but significantly -- affected financial markets.

8. The Energy Department's inspector general lambasted officials for sluggishness in responding to a breach that ultimately affected 104,000 federal employees.

9. Adobe acknowledged the theft of 2.9 million customer records as well as valuable software code. The targeted goods included many software tools used by federal agencies, such as Adobe Acrobat and ColdFusion.

10. During the height of the holiday shopping season, cyber thieves nicked credit and debit card data from up to 40 million in-store Target customers.

Article link:
http://www.nextgov.com/cybersecurity/2013/12/ten-worst-hacks-2013/76049/

Footnotes:
#1 - This quote and titles in 1-10 items above quoted from article called "Ten Worst Hacks of 2013" by Nextgov.com; Link: above


Neiman Marcus Hackers Set Off Thousands of Alerts While Bagging Credit Card Data (Feb 2014)

The Neiman Marcus attackers set off 60,000 security alerts during their attack.  That number is HUGE.  This occurred during the 3.5 month attack timeline.  IMO, this is why you need people monitoring logs along with machines, and not just depending on machines only.

Article link:
http://www.businessweek.com/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data



Microsoft opens new Cybercrime Center in Redmond, WA USA (Nov 2013)

Quotes from the articles:
"Advancing the fight against cybercrime to protect consumers and make the Internet safe"
"It's a world-class laboratory where a seasoned team of cybercrime investigators engage in a high-stakes game of chess, trying to stay a move or two ahead of the world’s most odious Internet criminals in an effort to make the web a safer place."

Article link: (with a good number of pictures including cybercrime heat maps)
http://www.microsoft.com/en-us/news/stories/cybercrime/index.html
http://www.microsoft.com/government/ww/safety-defense/initiatives/Pages/cybercrime-center.aspx



Posted by at No comments:

Article Highlight: Q1-2014 SPAM study by Sophos shows interesting results

Every quarter Sophos studies spam and releases the results. This years title is "The Dirty Dozen Spampionship: Who's who in the global spam-sending league?"

 The study shows the amount of spam sent by country. It's important to note that this does not necessarily correlate to the bad actor's physical location.  Most of these actors don't send it directly from their networks but rather utilizes resources, usually infected PCs (aka zombies), on other networks many times in countries other the one they reside in.  A couple tidbits I found interesting...

  • By volume the United States tops the list at 16.4% of total spam.  This is a huge lead as the next offending country, Spain, comes in at 5.0% of all spam volume followed by Russia (4.4%), Italy (4.3%), and China (4.1%).
  • Israel, who in the past spawns off information security start-up companies, is #3 in the list by population.  That's surprising to me.
  • I expected Russia, China, and India to be higher based on some of the data I've personally seen

Link to article:
http://nakedsecurity.sophos.com/2014/04/17/the-dirty-dozen-spampionship-whos-who-in-the-global-spam-sending-league/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=000398c556-naked%252Bsecurity&utm_term=0_31623bb782-000398c556-454927713
(short link)
http://bit.ly/1iqTmgF

Posted by at No comments:
Labels: ,

November 26, 2013

Anti-DDoS protection added to BIND DNS

A new version of BIND DNS has added a mechanism which will help combat against reflected Denial-of-Service (DoS) attacks, or specifically against a DNS amplification attack.  This module was introduced into version 9.9.4.

What is a DNS amplification attack?  It's an attack where, using the UDP transport, the attacker uses a large group of open resolvers to execute a DNS lookups with the source address spoofed to look like it's coming from the victim/target.  Usually the lookup is for all records ("ANY" in DNS speak) of a particular domain (or zone) so that large amounts of response traffic is sent to the victim/target which consume large amounts of bandwidth and/or CPU of the target.  This will keep the target busy and potentially make it unavailable.  More details about how the attack works can be found here:
US-CERT
Anatomy of a DNS DDoS Amplification Attack

So how can RRL help mitigate these attacks?  In essence, RRL examines the pattern of DNS requests and throttles the response to the requests when it detects an attack.  According to the documentation, it's highly configurable to combat against many types of attacks.  An important note is that incoming requests cannot be throttled by RRL.

While the attacks are not new, there has been an increase of them recently.  I recommend considering deploying this feature.

More information about BIND and RRL:
ISC
Using RRL to Prevent DNS Amplification Attacks
Quick introduction to Response Rate Limiting
How to enable Response Rate Limiting (RRL) on BIND 9.9.4
Download BIND from here

Posted by at 1 comment:
Labels: ,

August 24, 2013

Retail thefts parallel to infosec

I just re-discovered a great post by Richard Bejtlich about the parallels of retail crime and computer crime.  I read this writing by Richard a few years ago (2010) when it was posted and while it is dated, I thought it is worthy of highlighting again because in my opinion it's still relevant.

Maybe retailers should band together to share information about the criminals and losses similarly to how the casinos operate.  Collectively they might be able to fight this crime more effectively.  Sounds kind of similar to what we in the infosec community have been trying to do doesn't it?


















Richard's blog post on taosecurity.blogspot.com.
Posted by at No comments:

Where you'll get hacked stats

I found this graphic showing where you'll get hacked.  Some interesting statistics in there.

 

Link to graphic on Softpedia.com

Posted by at No comments:
Labels:

January 27, 2013

Google indexes 86K+ printers accessible from Internet

Printers on the Internet = total fail!  Funny article by ZDNet's Zack Wittaker.

Whoops: Google indexes more than 86,000 HP 'public' printers
http://cdn-static.zdnet.com/i/r/story/70/00/010352/screen-shot-2013-01-25-at-12-49-20-v1-530x259.png?hash=ZzHmLJEzBT&upscale=1
Posted by at No comments:
Labels: ,

Cyber Warfare and the Mutually-Assured Destruction of Cyberspace



I frequently read the writings of Lenny Zeltser; he's a smart guy who always has something interesting to say.  He posted a short entry on his blog in July of 2012 stating his theory of how countries will use the principle of mutually-assured destruction to deter each other from a major world war in cyberspace.
Worth a read, check it out here:
http://blog.zeltser.com/post/27846821868/mutually-assured-destruction-in-cyberspace
Posted by at No comments:
Labels: , , ,

November 19, 2012

NON-SECURITY: Definition of 'sale'?

I was doing some grocery shopping the other day and while in the beer isle I noticed a great 'deal'.


Sure would like to know what their definition of 'sale' is.  lolz
Posted by at No comments:

November 11, 2012

Windows 8 Runs 7-Year Old Malware (ouch)

One of the key points being marketed about Windows 8 is that it has much better security built into it than previous versions. I find it interesting that Microsoft will be releasing critical patches already.

Anyway, the fine folks at Bitdefender Labs decided to test Windows 8 against some malware and have posted the results. What they found is trully astonishing and I suspect Microsoft isn't going to be thrilled with it.

http://labs.bitdefender.com/2012/11/newest-windows-version-runs-oldest-malware-still-in-wildcore/
Posted by at 1 comment:
Labels:

November 10, 2012

2008 Malware Challenge Revisited

My buddy Tyler Hudak has posted our a malware challenge contest that we ran in 2008.  We thought it would be a good idea to give those who haven't tried it an opportunity to do so.

Check out the challenge here at Security Shoggoth's blog:
http://secshoggoth.blogspot.com/2012/11/2008-malware-challenge.html#links

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)