Security Security
Total Page:16
File Type:pdf, Size:1020Kb
network SECURITY ISSN 1353-4858 October 2016 www.networksecuritynewsletter.com Featured in this issue: Contents The DNC server breach: who did it and what does NEWS US officially accuses Russia of DNC hack while it mean? election systems come under attack 1 n June 2016, the computer networks of what does it tell us about the role of FEATURES Ithe US Democratic National Committee cyber-attacks in modern politics? And The DNC server breach: who did it (DNC) were hacked. As a result, a number what lessons can organisations learn for and what does it mean? 5 of documents were leaked online. their own security? Michael Buratowski In June 2016, the computer networks of the US Democratic National Committee (DNC) were Security companies analysed the breach of Fidelis Cyber-security examines the hacked. As a result, a number of documents were and quickly came to the conclusion that hack and draws some conclusions. leaked online. Security companies analysed the breach and quickly came to the conclusion that the hackers were based in Russia. But Full story on page 5… the hackers were based in Russia. But what does it tell us about the role of cyber-attacks in modern Ransomware: taking businesses hostage politics? And what lessons can organisations learn for their own security? Michael Buratowski of uropol recently declared ransomware criminals apparently turning their atten- Fidelis Cybersecurity examines the hack and draws Eto be the biggest cyber-threat facing tions to those that are most vulnerable, some conclusions. European businesses and citizens. Both such as hospitals. The ransomware itself RANSOMWARE SPECIAL the nature of the chief targets and the is evolving too, and while some of it is Taking businesses hostage 8 ways in which they are being attacked poorly executed, the most advanced strains Ransomware is a rapidly growing menace. Europol are changing quickly as criminals spot show great sophistication. Steve Mansfield- recently declared it to be the biggest cyber-threat facing European businesses and citizens. Both the new opportunities for extorting money. Devine explores the nature of the threat nature of the chief targets and the ways in which A large proportion of organisations have and how businesses should respond. they are being attacked are changing quickly as criminals spot new opportunities for extorting been affected at some time, with cyber- Full story on page 8… money. A large proportion of organisations have been affected at some time, with cyber-criminals apparently turning their attentions to those that Ransomware: threat and response are most vulnerable – such as smaller firms with poor security and no backups or organisations that ow and why is the ransomware can result from an infection, discusses cannot tolerate interruptions to their operations, scourge growing? And what can such as hospitals. The ransomware itself is evolving H the dilemma of whether to pay the ran- too, and while some of it is poorly executed, the organisations do about it? som, explores how you can protect your- most advanced strains show great sophistication. In this interview, Tim Erridge of Steve Mansfield-Devine explores the nature of the self and speculates on how the threat will threat and how businesses should respond. Context Information Security, explains evolve in the future. the kind of damage to businesses that Full story on page 17… Threat and response 17 How and why is the ransomware scourge growing? And what can we do about it? In this US officially accuses Russia of DNC hack while interview, Tim Erridge of Context Information Security, explains the kind of damage to businesses election systems come under attack that can result from an infection, discusses the dilemma of whether to pay the ransom, explores S intelligence agency officials of the Director of National Intelligence. how you can protect yourself and speculates on how the threat will evolve in the future. Uhave now openly blamed The statement went on to say that the Russian hackers for the theft leaks were “consistent with the methods REGULARS of emails from the Democratic and motivations of Russian-directed News in brief 3 National Committee (DNC). efforts” and are intended to “interfere Reviews 4 “The US intelligence community is with the US election process. Such activity The Firewall 20 confident that the Russian Government is not new to Moscow – the Russians Events 20 directed the recent compromises,” said have used similar tactics and techniques a joint statement by the Department of across Europe and Eurasia, for example, Homeland Security (DHS) and Office Continued on page 2... Come and visit us at www.networksecuritynewsletter.com8 ISSN 1353-4858/101353-4858/16 © 20112016 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. NEWS ...Continued from front page has been called into question after Editorial Office: to influence public opinion there.” It suggestions that data stolen from the Elsevier Ltd added: “We believe, based on the scope World Anti-Doping Agency (WADA) The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, United Kingdom and sensitivity of these efforts, that only had been altered before being leaked. Fax:Tel: +44 +44 (0)1865 1865 843239 843973 Russia’s senior-most officials could have The Fancy Bear group apparently Web: www.networksecuritynewsletter.com authorised these activities.” leaked the documents from WADA’s PublishingPublisher: Director: Greg ValeroBethan Keall The “similar tactics” include using Anti-Doping Administration and E-mail: [email protected] Editor: Steve Mansfield-Devine sites such as DCLeaks.com and Management System (ADAMS) in Editor:E-mail: Steve [email protected] Mansfield-Devine Wikileaks to publish the stolen data. retaliation for Russian athletes being E-mail: [email protected] Senior Editor: Sarah Gordon A hacker (or team) using the name banned from the Olympics. But Senior Editor: Sarah Gordon Columnists: Karen Renaud, Colin Tankard ‘Guccifer 2.0’ has also cropped up multi- WADA said that “not all data released International Editoral Advisory Board: DarioInternational Forte, Edward EditoralAmoroso, AT&TAdvisory Bell Laboratories; Board: ple times in investigations into a variety by Fancy Bear (in its PDF documents) Dario Forte, Edward Amoroso, AT&T Bell Laboratories; Fred Cohen, Fred Cohen & Associates; Jon David, The of breaches. The joint statement is avail- accurately reflects ADAMS data”. Fortress;Fred Cohen,Bill Hancock, Fred Cohen Exodus & Communications;Associates; Jon David, Ken Lindup,The ConsultantFortress; Bill at Hancock, Cylink; Dennis Exodus Longley, Communications; Queensland Ken University Lindup, able here: http://bit.ly/2erkJfP. The attackers were able to gain access Consultantof Technology; at Cylink; Tim DennisMyers, Longley,Novell; Tom Queensland Mulhall; PadgetUniversity A number of organisations affiliated with to the ADAMS database after they Petterson,of Technology; Martin Tim Marietta; Myers, Novell; Eugene Tom Schultz, Mulhall; Hightower; Padget EugenePetterson, Spafford, Martin Purdue Marietta; University; Eugene Winn Schultz, Schwartau, Hightower; Inter.Pact the Democratic Party have come under obtained login credentials via phishing. Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact Production Support Manager: Lin Lucas attack in recent months – apparently Bellingcat, a ‘citizen journalist’ organisa- ProductionE-mail: Support [email protected] Manager: Lin Lucas E-mail: [email protected] the work of two separate Russian groups tion that has been actively investigating the Subscription Information known in the security community as Cozy shooting down of Malaysian Airlines flight AnSubscription annual subscription Information to Network Security includes 12 Bear (aka APT 29), believed to be linked M17 by a Russian missile over Ukraine, issuesAn annual and subscriptiononline access to for Network up to 5 Securityusers. includes 12 Prices:issues and online access for up to 5 users. to Russia’s military intelligence service the has come under repeated cyber-attack. EPrices:1112 for all European countries & Iran US$1244E1424 for for all all European countries countries except Europe & Iran and Japan GRU, and Fancy Bear (aka APT 28). “From February 2015 to July 2016 ¥147US$1594 525 forfor allJapan countries except Europe and Japan There have been attempts to breach three researchers at Bellingcat – [Eliot] (Prices¥189 000 valid for until Japan 31 October 2016) ToSubscriptions subscribe send run forpayment 12 months, to the from address the dateabove. voter registration systems in at least 20 Higgins, Aric Toler and Veli-Peka Tel:payment +44 (0)1865is received. 843687/Fax: +44 (0)1865 834971 US states. These were of sufficient sever- Kivimaki – who had contributed MH17 Email:More information: [email protected], orhttp://store.elsevier.com/product.jsp?isbn=13534858 via www.networksecuritynewsletter.com ity to prompt the DHS to get involved,