DOCSLIB.ORG

2 Invasive Collection: Active Signals Development

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

GCHQ and UK Mass Surveillance Chapter 2 2 Invasive collection: active signals development 2.1 Introduction In the previous section, we looked at how we all generate data by using the Internet, phones, apps and even wearable technology, and how the NSA and GCHQ collect anything that passes through wires or the ether. But the agencies gather even more information through a range of intrusive techniques to extract data from machines that the agencies call Active Signals Intelligence. Interference with equipment is not new. GCHQ has always carried out clandestine operations. During the 1950s and 60s it was routine to try to plant listening devices in foreign embassies and other targets as part of the Cold War.i UK legislation allows agencies to obtain authorisation to carry out this kind of “equipment interference”. Most people will broadly understand operations targeting clear military, diplomatic or security objectives; for example, hacking into a terrorist phone, possibly even the tapping of a cable feeding the part of the city where a foreign embassy is located. But the Snowden documents show that in recent times these activities have evolved into something else. For a start, the capability to carry out some such attacks in the digital age will rely on softening the infrastructure of the Internet, by weakening widely used security systems, which can have consequences for all of our online safety. In addition, there is now evidence that the agencies develop hugely complex operations that target a very broad range of organisations and individuals, including innocent civilians, in order to get to their target. Finally, the scale of the potential activities has grown excessively. The NSA and GCHQ are able to target millions of computers. Termed Computer Network Exploitation, the agencies are building a global machine capable of hacking on an industrial scale. In the previous section we saw how passive state surveillance has become massive and nowadays affects not just terrorists, diplomats and high tech companies, but everyone who uses modern communications. Here we explain how the active and more invasive aspects have also expanded to potentially affect every one of us. It is hard to imagine that the programmes are under effective control. 1 of 21 GCHQ and UK Mass Surveillance 2.2 Documented examples of attacks 2.2.1 Belgacom and German satellite businesses The Belgian telecommunications company, Belgacom, was targeted by GCHQ from 2010 in order to gain access to important international telecommunications infrastructure.ii This is the first documented government-sponsored cyberattack of one EU member state on another.iii Belgacom operates an important mobile phone roaming exchange that enables travellers to use their handsets in other countries. This was the main objective of the attack, but GCHQ also planned to access the company's international cables. Thanks to this attack, GCHQ had potential access to the communications of all European institutions based in Brussels, although there is no documented evidence that these were targeted in this wayiv. Operation Socialist, as GCHQ codenamed it, began by creating fake LinkedIn webpages in order to infect the computers of individual Belgacom engineers with malicious software. The software infections eventually reached the core of the company's internal network, and even now it is unclear whether their systems have been completely cleaned. The malicious software (malware) used in the attack has been identified as a very sophisticated programme called Regin, also found on European Union computers targeted by the NSA.v The software has been compared to the infamous Stuxnet virus, used against the 2 of 21 GCHQ and UK Mass Surveillance Iranian nuclear programme, which was called by Wired magazine “the world's first digital weapon”vi. There is currently a criminal investigation in Belgium into the attack, but both the Belgian Government and the company itself seem keen to hush up such an embarrassing diplomatic incident. 2.2.2 Gemalto SIM Card In another well documented case, GCHQ attacked the Dutch company Gemalto, a major manufacturer of SIM cards used in mobile phones worldwide. The aim of the hacking operation was to steal encryption keys for mobile phones.vii Encryption keys are only needed to intercept mobile traffic between the handset and the station, as that is the only moment when it is encrypted. Once the conversation enters the main telephony system it travels without encryption and could be harvested through one of many corporate partnerships. This indicates that the objective was targeted interception.viii The documents also state that the agencies targeted other SIM card providers, and were unsuccessful that the time. But it is not know whether those were infiltrated at a later date. 3 of 21 GCHQ and UK Mass Surveillance 2.2.3 Telecommunications companies GCHQ has also attacked German providers of satellite data services: IABG, Cetex and Stellar.ix The joint NSA-GCHQ operation targeted exchange points linking satellites with the broader Internet, and identified ‘important’ customers of the German providers. According to leaked documents, in 2013 the NSA had obtained legal authorisation under the FISA court system to monitor “Germany”. It is unclear what the legal basis is for the British participation in the attacks. The NSA and GCHQ also infiltrated several global telecom companies including German providers in order to gain access to the data flowing over their networks.x The aim was to produce intelligence on the architecture of the Internet in order to prepare other interventions. The attacks involved targeting individual employees of the companies. 2.2.4 TOR GCHQ has a programme called EGOTISTICAL GIRAFFE that targets the TOR anonymous communications network.xi TOR “The Onion Router” is instrumental in enabling hundreds of thousands of political dissidents to access the Internet anonymously, and thus communicate without fear of repercussions in places like Iran and China. It is also increasingly used by regular Internet users in Western countries wishing to avoid snooping by commercial Internet companies. The development of TOR has been substantially financed by the US government.xii TOR has recently come to prominence because its capacity to provide security and anonymity has also been used by criminals, including child abusers, and has enabled an underground market in illicit goods such as drugs. The current debates about TOR are reminiscent of the early days of the Internet, when it was perceived as an unregulated “electronic frontier”. Most advocates of freedom of information agree that on balance TOR is a force for good, despite the potential for abuse by unscrupulous criminals – much like the Internet as a whole. According to the NSA’s own documentsxiii GCHQ and NSA staff expressed their dislike for this tool in a presentation slide set called “TOR Stinks”.xiv Despite their best efforts the agencies acknowledged they have not been able to fully crack the TOR network to de- anonymise the users. 4 of 21 GCHQ and UK Mass Surveillance Leaked source code from the XKEYSCORE systemxv shows that operatives use it to systematically track TOR activity and potential users. 2.3 From equipment interference to industrial scale hacking The NSA and GCHQ run a very complex global infrastructure that allows them to hack into millions of computers worldwide. This, in their own terms, “industrial scale exploitation”xvi allows the agencies to obtain information from these machines. However they are also able to remotely control the computers, including those of innocent people that are used as accessories to other covert operations. Many attacks target infrastructure such as routers.xvii In their documents, the agencies call these activities Computer Network Exploitation, and the term is also used in a recent public consultation by the Home Office on equipment interferencexviii. Traditional interception attacks on individuals required either direct physical access to plant bugs, or targeted techniques that required considerable effort. But recently the US, the UK, 5 of 21 GCHQ and UK Mass Surveillance and other Five Eyes countries, have developed the capacity to automate remote hacking attacks, allowing mass computer infection on an industrial scale. The UK is heavily involved in the development and implementation of these mass hacking systems. Leaked US budgetary details show that the use of such techniques has exploded in the last decade. In 2004 the NSA had some 100 to 150 active “implants”.xix By 2014 the US had infected tens of thousands of machines with malicious software,xx with up to 100,000 computers being controlled at any time in order to act as platforms for hacking attacksxxi on third parties. We do not know how many computers are directly infected and controlled by GCHQ. It is generally accepted that spy agencies must have some properly regulated targeted hacking capabilities, but it is concerning that the NSA and GCHQ are building systems capable of targeting millions of people. The legal basis for this is very unclear. The top level components of this system have been extensively described in leaked documents. These programmes for mass hackingxxii involve many interconnected subsystems. The following is a very superficial description based on the available informationxxiii and analyses put together by security experts. The source leaked documents are highly technical and it may be challenging to fully understand the operations. Given that new revelations continue to appear it is likely that this information will become quickly outdated. The scale of operations is staggering, and in many cases there is a blurring between mass surveillance and hacking, with access being used to plant malware in network infrastructure that is then used to enable new channels for bulk collection. 2.3.1 The NSA hacking budget: GENIE The NSA GENIE programme appears to be a massive umbrella for a very broad range of activities and programmesxxiv for the exploitation of equipment.
Recommended publications
  • What Is Xkeyscore, and Can It 'Eavesdrop on Everyone, Everywhere'? (+Video) - Csmonitor.Com

    What Is Xkeyscore, and Can It 'Eavesdrop on Everyone, Everywhere'? (+Video) - Csmonitor.Com

    8/3/13 What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'? (+video) - CSMonitor.com The Christian Science Monitor ­ CSMonitor.com What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'? (+video) XKeyscore is apparently a tool the NSA uses to sift through massive amounts of data. Critics say it allows the NSA to dip into people's 'most private thoughts' – a claim key lawmakers reject. This photo shows an aerial view of the NSA's Utah Data Center in Bluffdale, Utah. The long, squat buildings span 1.5 million square feet, and are filled with super­ powered computers designed to store massive amounts of information gathered secretly from phone calls and e­mails. (Rick Bowmer/AP/File) By Mark Clayton, Staff writer / August 1, 2013 at 9:38 pm EDT Top­secret documents leaked to The Guardian newspaper have set off a new round of debate over National Security Agency surveillance of electronic communications, with some cyber experts saying the trove reveals new and more dangerous means of digital snooping, while some members of Congress suggested that interpretation was incorrect. The NSA's collection of "metadata" – basic call logs of phone numbers, time of the call, and duration of calls – is now well­known, with the Senate holding a hearing on the subject this week. But the tools discussed in the new Guardian documents apparently go beyond mere collection, allowing the agency to sift through the www.csmonitor.com/layout/set/print/USA/2013/0801/What-is-XKeyscore-and-can-it-eavesdrop-on-everyone-everywhere-video 1/4 8/3/13 What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'? (+video) - CSMonitor.com haystack of digital global communications to find the needle of terrorist activity.
  • Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities

    Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities

    University of Central Florida STARS HIM 1990-2015 2013 Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities Mark Berrios-Ayala University of Central Florida Part of the Legal Studies Commons Find similar works at: https://stars.library.ucf.edu/honorstheses1990-2015 University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by STARS. It has been accepted for inclusion in HIM 1990-2015 by an authorized administrator of STARS. For more information, please contact [email protected]. Recommended Citation Berrios-Ayala, Mark, "Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities" (2013). HIM 1990-2015. 1519. https://stars.library.ucf.edu/honorstheses1990-2015/1519 BRAVE NEW WORLD RELOADED: ADVOCATING FOR BASIC CONSTITUTIONAL SEARCH PROTECTIONS TO APPLY TO CELL PHONES FROM EAVESDROPPING AND TRACKING BY THE GOVERNMENT AND CORPORATE ENTITIES by MARK KENNETH BERRIOS-AYALA A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Legal Studies in the College of Health and Public Affairs and in The Burnett Honors College at the University of Central Florida Orlando, Florida Fall Term 2013 Thesis Chair: Dr. Abby Milon ABSTRACT Imagine a world where someone’s personal information is constantly compromised, where federal government entities AKA Big Brother always knows what anyone is Googling, who an individual is texting, and their emoticons on Twitter.
  • What You Should Know About Kaspersky

    What You Should Know About Kaspersky

    What you should know Proven. Transparent. about Kaspersky Lab Independent. Fighting for your digital freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky Lab has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent Independent Kaspersky Lab routinely scores the highest We are totally transparent and are making As a private company, we are independent marks in independent ratings and surveys. it even easier to understand what we do: from short term business considerations and institutional influence. • Measured alongside more than 100 other • Independent review of the company’s well-known vendors in the industry source code, software updates and We share our expertise, knowledge • 72 first places in 86 tests in 2017 threat detection rules and technical findings with the world’s • Top 3 ranking* in 91% of all product tests • Independent review of internal security community, IT security vendors, • In 2017, Kaspersky Lab received processes international organizations, and law Platinum Status for Gartner’s Peer • Three transparency centers by 2020 enforcement agencies. Insight** Customer Choice Award 2017, • Increased bug bounty rewards with up in the Endpoint Protection Platforms to $100K per discovered vulnerability Our research team is spread across the market world and includes some of the most renowned security experts in the world.
  • NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
  • What You Should Know About Kaspersky 3 About Kaspersky

    What You Should Know About Kaspersky 3 About Kaspersky

    What You Should Know Proven. Transparent. About Kaspersky Independent. Fighting for Your Digital Freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent We share our expertise, knowledge and technical findings with the world’s Kaspersky routinely scores the highest We are totally transparent and are making security community, IT security vendors, marks in independent ratings and surveys. it even easier to understand what we do: international organizations and law • Measured alongside more than 100 other • Independent review of the company’s enforcement agencies. well-known vendors in the industry source code, software updates and threat Our research team is spread across the • 73 first places in 88 tests in 2018 detection rules world and includes some of the most • Independent review of internal processes • Top 3 ranking* in 91% of all product tests renowned security experts in the world. • In 2017 and 2018, Kaspersky received • Three transparency centers by 2020 We detect and neutralize all forms of Platinum Status for Gartner’s Peer • Increased bug bounty rewards with up to advanced APTs, regardless of their origin Insight** Customer Choice Award 2017, in $100K per discovered vulnerability or purpose.
  • PRIVACY INTERNATIONAL Claimant

    PRIVACY INTERNATIONAL Claimant

    IN THE INVESTIGATORY POWERS TRIBUNAL BETWEEN: PRIVACY INTERNATIONAL Claimant -and- (1) SECRETARY OF STATE FOR FOREIGN AND COMMONWEALTH AFFAIRS (2) GOVERNMENT COMMUNICATION HEADQUARTERS Defendants AMENDED STATEMENT OF GROUNDS INTRODUCTION 1. Privacy International is a leading UK charity working on the right to privacy at an international level. It focuses, in particular, on challenging unlawful acts of surveillance. 2. The Secretary of State for the Foreign and Commonwealth Office is the minister responsible for oversight of the Government Communication Headquarters (“GCHQ”), the UK’s signals intelligence agency. 3. These proceedings concern the infection by GCHQ of individuals’ computers and mobile devices on a widespread scale to gain access either to the functions of those devices – for instance activating a camera or microphone without the user’s consent – or to obtain stored data. Recently-disclosed documents suggest GCHQ has developed technology to infect individual devices, and in conjunction with the United States National Security Agency (“NSA”), has the capability to deploy that technology to potentially millions of computers by using malicious software (“malware”). GCHQ has also developed malware, known as “WARRIOR PRIDE”, specifically for infecting mobile phones. 4. The use of such techniques is potentially far more intrusive than any other current surveillance technique, including the interception of communications. At a basic level, the profile information supplied by a user in registering a device for various purposes may include details of his location, age, gender, marital status, income, 1 ethnicity, sexual orientation, education, and family. More fundamentally, access to stored content (such as documents, photos, videos, web history, or address books), not to mention the logging of keystrokes or the covert and unauthorised photography or recording of the user and those around him, will produce further such information, as will the ability to track the precise location of a user of a mobile device.
  • NSA) Surveillance Programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights

    NSA) Surveillance Programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights

    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS The US National Security Agency (NSA) surveillance programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights NOTE Abstract In light of the recent PRISM-related revelations, this briefing note analyzes the impact of US surveillance programmes on European citizens’ rights. The note explores the scope of surveillance that can be carried out under the US FISA Amendment Act 2008, and related practices of the US authorities which have very strong implications for EU data sovereignty and the protection of European citizens’ rights. PE xxx.xxx EN AUTHOR(S) Mr Caspar BOWDEN (Independent Privacy Researcher) Introduction by Prof. Didier BIGO (King’s College London / Director of the Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France). Copy-Editing: Dr. Amandine SCHERRER (Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France) Bibliographical assistance : Wendy Grossman RESPONSIBLE ADMINISTRATOR Mr Alessandro DAVOLI Policy Department Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSIONS Original: EN ABOUT THE EDITOR To contact the Policy Department or to subscribe to its monthly newsletter please write to: [email protected] Manuscript completed in MMMMM 200X. Brussels, © European Parliament, 200X. This document is available on the Internet at: http://www.europarl.europa.eu/studies DISCLAIMER The opinions expressed in this document are the sole responsibility of the author and do not necessarily represent the official position of the European Parliament.
  • Symantec Corporate Template

    Symantec Corporate Template

    Security Threat Intelligence & Response Deepak Maheshwari Head – Government Affairs, India Region Combo, Sri Lanka March 26, 2015 Council of Europe – International Conference on Assessing the Threat of Cybercrime 1 Symantec Security Response – Major Investigations ESPIONAGE: TURLA (2014) ESPIONAGE: REGIN (2014) A campaign which has A complex and stealthy systematically targeted the spying tool used for mass governments and surveillance and embassies of former intelligence gathering by Eastern nation states. Bloc countries MASS SURVEILLENCE, TARGETS GOVERNMENT EMBASSIES TARGETS COMMUNICATIONS METHODS SPEAR PHISHING, SOCIAL ENGINEERING, WATER HOLE METHODS WATER HOLE SABOTAGE: STUXNET (2010) FINANCIAL FRAUD: PLOUTUS (2013) The first computer Criminals compromising software threat that was ATMs with customer used as a cyber-weapon. Trojan and mobile Targeted nuclear facility in phone. Can command Iran. Used multiple zero- day exploits. ATM to issue cash using SMS. TARGETS NUCLEAR FACILITY TARGETS BANKS ZERO-DAY EXPLOITS, PHYSICAL ACCESS METHODS SUPPLY CHAIN METHODS Council of Europe – International Conference on Assessing the Threat of Cybercrime 2 Symantec Security Response – Leaders in Protection & Intelligence GLOBAL REACH WEB REQUESTS THREAT INTELLIGENCE ROUND THE CLOCK 24 x 7 x 365 100s OF 7 SITES, 13 BILLION DAILY INVESTIGATIONS MALWARE DETECTION IPS PROTECTION EMAIL PROTECTION > 31M SIGNATURES > 2M BLOCKED DAILY > 1.7B BLOCKED DAILY SOME OF LANDMARK INVESTIGATIONS STUXNET REGIN DRAGONFLY TURLA HIDDEN LYNX RAMNIT NITRO PLOUTUS ATM 3
  • Regin Platform Nation-State Ownage of Gsm Networks

    Regin Platform Nation-State Ownage of Gsm Networks

    THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS Kaspersky Lab Report Version 1.0 24 November 2014 2 Contents Introduction, history ..................................................................................................................................................... 3 Initial compromise and lateral movement .................................................................................................................. 3 The Regin platform ....................................................................................................................................................... 4 Stage 1 – 32/64 bit ............................................................................................................................................... 4 Stage 2 – loader – 32-bit ...................................................................................................................................... 7 Stage 2 – loader – 64-bit ...................................................................................................................................... 8 Stage 3 – 32-bit – kernel mode manager “VMEM.sys” ....................................................................................... 8 Stage 3 – 64-bit ...................................................................................................................................................... 9 Stage 4 (32-bit) / 3 (64-bit) – dispatcher module, ‘disp.dll’ ...............................................................................
  • Threatpost | the First Stop for Security News

    Threatpost | the First Stop for Security News

    Threatpost | The first stop for security news Categories Category List Apple Cloud Security Compliance Critical Infrastructure Cryptography Government Category List Hacks Malware Microsoft Mobile Security Privacy Category List SAS SMB Security Social Engineering Virtualization Vulnerabilities Web Security Authors Dennis Fisher Michael Mimoso Christopher Brook Brian Donohue Anne Saita Additional Categories Slideshows The Kaspersky Lab News Service Featured Authors Dennis Fisher Michael Mimoso Christopher Brook Brian Donohue Anne Saita Guest Posts The Kaspersky Lab News Service Featured Posts All New BIOS Implant, Vulnerability Discovery Tool… Breach at Premera Blue Cross Affects… Apple Patches WebKit Vulnerabilities in Safari Podcasts Latest Podcasts All Threatpost News Wrap, March 13, 2015 Threatpost News Wrap, March 6, 2015 Patrick Gray on the State of… Threatpost News Wrap, February 27, 2015 Mike Mimoso on SAS 2015 Costin Raiu on the Equation Group… Recommended Robert Hansen on Aviator, Search Revenue and the $250,000 Security Guarantee Threatpost News Wrap, February 21, 2014 How I Got Here: Jeremiah Grossman Chris Soghoian on the NSA Surveillance and Government Hacking The Kaspersky Lab Security News Service Videos Latest Videos All Kris McConkey on Hacker OpSec Failures Trey Ford on Mapping the Internet… Christofer Hoff on Mixed Martial Arts,… Twitter Security and Privacy Settings You… The Biggest Security Stories of 2013 Jeff Forristal on the Android Master-Key… Recommended Twitter Security and Privacy Settings You Need to Know Lock
  • 2015 Internet Security Threat Report, Volume 20

    2015 Internet Security Threat Report, Volume 20

    APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT 2 2015 Internet Security Threat Report MOBILE & IOT WEB THREATS SOCIAL MEDIA & SCAMS TARGETED ATTACKS DATA BREACHES & PRIVACY E-CRIME & MALWARE APPENDIX 4 Introduction 5 Executive Summary 9 2014 IN NUMBERS 60 TARGETED ATTACKS 61 Cyberespionage 18 MOBILE DEVICES 62 Industrial Cybersecurity & THE INTERNET OF THINGS 63 Securing Industrial Control Systems 19 Mobile Malware 65 Reconnaissance Attacks 23 SMS and the Interconnected Threat to Mobile Devices 66 Watering Hole Attacks 25 Mobile Apps and Privacy 69 Shifting Targets and Techniques 26 Internet of Things 70 Threat Intelligence 26 Wearable Devices 70 Techniques Used In Targeted Attacks 27 Internet-Connected Everything 27 Automotive Security 77 DATA BREACHES & PRIVACY 28 The Network As the Target 29 Medical Devices – Safety First, Security Second 83 Retailers Under Attack 84 Privacy and the Importance of Data Security 31 WEB THREATS 85 Data Breaches in the Healthcare Industry 32 Vulnerabilities 32 Heartbleed 87 E-CRIME & MALWARE 32 ShellShock and Poodle 88 The Underground Economy 33 High-Profile Vulnerabilities and Time to Patch 90 Malware 34 The Vulnerability Rises 93 Ransomware 35 SSL and TLS Certificates Are Still Vital to Security 93 Crypto-Ransomware 35 Vulnerabilities as a Whole 95 Digital Extortion: A Short History of Ransomware 41 Compromised Sites 97 Bots and Botnets 42 Web Attack Toolkits 98 OSX as a Target 43 Malvertising 100 Malware on Virtualized Systems 43 Malvertising at Large 101 APPENDIX 44 Denial of Service 102 Looking
  • The Evolving Cyber Threat Landscape & Data Protection

    The Evolving Cyber Threat Landscape & Data Protection

    CERT - MU Computer Emergency Response Team of Mauritius The Evolving Cyber Threat Landscape & Data P r o t e c t i o n Data Threats Phishing Ransomware Identity Theft Malware (backdoor trojans) Social Engineering Insider Threat African Statistics on Threat Mauritius ranked 5th and is among the top ten countries in the African region that has an Internet Threat profile Mauritius ranked 4th and is one among the top ten countries that has spam zombies in the African region Source: Symantec Corporation - Internet Security3 Threat Report: Volume 18 South Africa – Current Snapshot, February 28, 2013 4 Some of the Recent Incidents The US government notifies 3,000 companies that they were attacked and charges nation-backed hackers with economic espionage Compromises of retailers culminate in a recent breach of 56 million credit cards Heartbleed bug results in the loss of 4.5 million healthcare records 5 Some of the Recent Incidents Shellshock bug has compromised millions of devices and cause damage to web servers around the world Powerful malware infects hundreds of energy companies worldwide More than half of global securities exchanges are hacked Regin spy malware has been detected by Symantec which is extremely complex and dangerous 6 Some of the Recent Incidents.. Data Threats Phishing Ransomware Identity Theft Malware (backdoor trojans) Social Engineering Insider Threat Data Threats Phishing Ransomware Identity Theft Malware (backdoor trojans) Social Engineering Insider Threat Phishing Phishing Malware Backdoor