Zero-Day Attack – Finding Advanced Threats in ALL of Your Data
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Recent Developments in Cybersecurity Melanie J
American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime -
“Hacktivists” Strike Back
SECUrITY AGENCE FRANCE-PRESSE Supporters of Wikileaks founder Julian Assange “Hacktivists” Strike Back wear Guy Fawkes masks Cyber attacks on financial institutions serve as they demonstrate against his arrest in as a warning sign Amsterdam in December 2010. The “Hacktivist” in december 2010, the websites of international financial services gi- group “Anonymous” has ants Visa, Mastercard and PayPal were temporarily shut down, victims adopted the Guy Fawkes of a coordinated cyber attack dubbed Operation Payback by its per- image as its public face. petrators. “Hacktivists” who support wikileaks and its founder Julian assange attacked after the companies terminated service and disabled donations to the website. The economic impact of the attack remains unclear and the tar- geted companies denied suffering consequential losses. but the attackers, using the names “anon” and “anonymous,” demonstrated the ability of cyber attacks to infiltrate and damage businesses and government agencies. A modern form of protest Amazon, the online retailer that hosted Anonymous didn’t protest by chanting slogans Wikileaks on its servers, was the first to pull out. or waving signs — it struck against Wikileaks’ Visa, MasterCard and PayPal soon followed, perceived enemies in the spirit of the virtual essentially crippling Wikileaks’ ability to accept world they share. Wikileaks, whose raison d'être is donations that support publishing efforts. The exposing classified or confidential government cyber attacks started soon after. or corporate information, is under pressure When Anonymous staged its attack in the vir- from the United States and other governments tual world, it used a favorite weapon of the cyber after leaking more than 250,000 U.S. -
The Middle East Under Malware Attack Dissecting Cyber Weapons
The Middle East under Malware Attack Dissecting Cyber Weapons Sami Zhioua Information and Computer Science Department King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia [email protected] Abstract—The Middle East is currently the target of an un- have been designed by the same unknown entity 1. The next precedented campaign of cyber attacks carried out by unknown malware of this lineage was Flame [7] which was discovered parties. The energy industry is praticularly targeted. The in May 2012 by Kaspersky Lab while investigating another attacks are carried out by deploying extremely sophisticated malware. The campaign opened by the Stuxnet malware in piece of malware called Wiper [8]. Flame features very 2010 and then continued through Duqu, Flame, Gauss, and unusual characteristics such as large size, large number of Shamoon malware. This paper is a technical survey of the modules, self adapting, etc. As Duqu, Flame’s objective is attacking vectors utilized by the three most famous malware, data collection and espionnage. Gauss [9] is another data namely, Stuxnet, Flame, and Shamoon. We describe their main stealing malware discovered in June 2012 by Kaspersky Lab modules, their sophisticated spreading capabilities, and we discuss what it sets them apart from typical malware. The focusing on banking information. Flame and Gauss exhibit main purpose of the paper is to point out the recent trends striking similarities and several technical evidences indicate infused by this new breed of malware into cyber attacks. that they come from the same “factories” that produced Stuxnet and Duqu [9]. The latest malware-based attack Keywords-Malwares; Information Security; Targeted At- tacks; Stuxnet; Duqu; Flame; Gauss; Shamoon targeting the middle east was the Shamoon attack on Saudi Aramco [10]. -
Mobile Financial Fraud April 2013
White Paper: Mobile Financial Fraud April 2013 Mobile Threats and the Underground Marketplace Principal Investigator and Corresponding Author Jart Armin Contributing Researchers Andrey Komarov, Mila Parkour, Raoul Chiesa, Bryn Thompson, Will Rogofsky Panel & Review Dr. Ray Genoe (UCD), Robert McArdle (Trend Micro), Dave Piscitello (ICANN), Foy Shiver (APWG), Edgardo Montes de Oca (Montimage), Peter Cassidy (APWG) APWG Mobile Fraud web site http://ecrimeresearch.org/wirelessdevice/Fraud/ Table of Contents Abstract ..................................................................................................................................... 2 Introduction and Starting Position ........................................................................................ 2 A Global Overview .................................................................................................................. 3 Vulnerabilities Overview ....................................................................................................... 3 The Underground Mobile Market ....................................................................................... 13 Mobile DNS & Traffic ........................................................................................................... 15 iBots & the Pocket Botnet ..................................................................................................... 18 Mobile Intrusion ................................................................................................................... -
Duqu the Stuxnet Attackers Return
Uncovering Duqu The Stuxnet Attackers Return Nicolas Falliere 4/24/2012 Usenix Leet - San Jose, CA 1 Agenda 1 Revisiting Stuxnet 2 Discovering Duqu 3 Inside Duqu 4 Weird, Wacky, and Unknown 5 Summary 2 Revisiting Stuxnet 3 Key Facts Windows worm discovered in July 2010 Uses 7 different self-propagation methods Uses 4 Microsoft 0-day exploits + 1 known vulnerability Leverages 2 Siemens security issues Contains a Windows rootkit Used 2 stolen digital certificates Modified code on Programmable Logic Controllers (PLCs) First known PLC rootkit 4 Cyber Sabotage 5 Discovering Duqu 6 Boldi Bencsath Announce (CrySyS) emails: discovery and “important publish 25 page malware Duqu” paper on Duqu Boldi emails: Hours later the “DUQU DROPPER 7 C&C is wiped FOUND MSWORD 0DAY INSIDE” Inside Duqu 8 Key Facts Duqu uses the same code as Stuxnet except payload is different Payload isn‟t sabotage, but espionage Highly targeted Used to distribute infostealer components Dropper used a 0-day (Word DOC w/ TTF kernel exploit) Driver uses a stolen digital certificate (C-Media) No self-replication, but can be instructed to copy itself to remote machines Multiple command and control servers that are simply proxies Infections can serve as peers in a peer-to-peer C&C system 9 Countries Infected Six organizations, in 8 countries confirmed infected 10 Architecture Main component A large DLL with 8 or 6 exports and 1 main resource block Resource= Command & Control module Copies itself as %WINDIR%\inf\xxx.pnf Injected into several processes Controlled by a Configuration Data file Lots of similarities with Stuxnet Organization Code Usual lifespan: 30 days Can be extended 11 Installation 12 Signed Drivers Some signed (C-Media certificate) Revoked on October 14 13 Command & Control Module Communication over TCP/80 and TCP/443 Embeds protocol under HTTP, but not HTTPS Includes small blank JPEG in all communications Basic proxy support Complex protocol TCP-like with fragments, sequence and ack. -
Download Slides
THE UNBEARABLE LIGHTNESS OF APTing WHO ARE WE? Ron Davidson Head of Threat Intelligence and Research Check Point Software Technologies Yaniv Balmas Security Researcher Check Point Software Technologies APT Advanced Persistent Threat APT “An APT is a network attack in which an unauthorized person gains access to a Advanced network and stays there undetected for a long period of time.“ Threat APT “An APT is a network attack in which an unauthorized person gains access to a Advanced network and stays there undetected for a long period of time.“ “APT is a set of stealthy and continuous computer hacking processes … APT usually targets organizations and/or nations for business or political motives.” APT “An APT is a network attack in which an unauthorized person gains access to a ? network and stays there undetected for a long period of time.“ “APT is a set of stealthy and continuous computer hacking processes … APT usually targets organizations and/or nations for business or political motives.” APT HISTORY Cosmic Duke Dragonfly Carbanak Equation Energetic Bear Duqu2 Regin Havex Babar 2015 Casper PlugX 79 Madi Flame 2014 Shamoon 107 Subpab Wiper 2013 Gauss 54 APT1 Red October 2012 Aurora 24 Machete 2011 Stuxnet 13 Duqu 2010 12 RSA Hack github.com/kbandla/APTnotes WHAT’S COMMON? At t ribution @AttributionDice WHAT’S IN COMMON? France 11% Iran 9% China Israel 44% 5% Russia 23% USA 9% @AttributionDice WHEN IN DOUBT… It’s probably China! WITH GREAT POWER COME GREAT APTS VOLATILE CEDAR • A targeted campaign • Has been active since late 2012 • Operation -
Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism
Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations. -
List of Targets of Arrested Computer Hackers 6 March 2012
List of targets of arrested computer hackers 6 March 2012 The five computer hackers charged in New York Tribune and Los Angeles Times, using on Tuesday and a sixth who pleaded guilty are misappropriated login credentials. accused of involvement in some of the most notorious hacking incidents of the past 18 months. -- February 2011: A cyberattack on private computer security firm HBGary that involved the The following are some of the cyberattacks in theft of 60,000 emails from HBGary employees and which the two Britons, two Irishmen and two the HBGary chief executive, as well as defacing his Americans allegedly played a role as members of Twitter account. Anonymous, Lulz Security or associated groups: -- April-May 2011: A cyberattack on a Fox -- December 2010: Operation Payback. Distributed Broadcasting Company website that involved the denial of service (DDoS) attacks by members of theft of names, dates of birth, telephone numbers, Anonymous on the websites of MasterCard, email and residential addresses for more than PayPal and Visa in retaliation for their refusal to 70,000 potential contestants on the Fox television accept donations for WikiLeaks. In a DDoS attack, show the "X-Factor." a website is bombarded with traffic, slowing it down or knocking it offline completely. -- May 2011: A cyberattack on Sony Pictures Entertainment that revealed the passwords, email -- January 2011: Defacing a website of the Irish addresses, home addresses and dates of birth of political party Fine Gael after accessing computer 100,000 users of the www.sonypictures.com servers in Arizona used to maintain the website, website and a subsequent online attack against www.finegael2011.com. -
No Random, No Ransom: a Key to Stop Cryptographic Ransomware
No Random, No Ransom: A Key to Stop Cryptographic Ransomware Ziya Alper Genç, Gabriele Lenzini, and Peter Y.A. Ryan Interdisciplinary Centre for Security Reliability and Trust (SnT) University of Luxembourg Abstract. To be effective, ransomware has to implement strong encryp- tion, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to miti- gate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized applications that call them. Our strategy, tested against 524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses. Keywords: ransomware, cryptographic malware, randomness, mitigation. 1 Introduction Ransomware is a malware, a malicious software that blocks access to victim’s data. In contrast to traditional malware, whose break-down is permanent, ransomware’s damage is reversible: access to files can be restored on the payment of a ransom, usually a few hundreds US dollars in virtual coins. Despite being relatively new, this cyber-crime is spreading fast and it is believed to become soon a worldwide pandemic. According to [24], a US Govern- ment’s white paper dated June 2016, on average more than 4,000 ransomware attacks occurred daily in the USA. This is 300-percent increase from the previous year and such important increment is probably due to the cyber-crime’s solid business model: with a small investment there is a considerable pecuniary gain which, thanks to the virtual currency technology, can be collected reliably and in a way that is not traceable by the authorities. -
Darpa Starts Sleuthing out Disloyal Troops
UNCLASSIFIED (U) FBI Tampa Division CI Strategic Partnership Newsletter JANUARY 2012 (U) Administrative Note: This product reflects the views of the FBI- Tampa Division and has not been vetted by FBI Headquarters. (U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of organizations receiving this bulletin, or to cleared defense contractors. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access. 10 JAN 2012 (U) The FBI Tampa Division Counterintelligence Strategic Partnership Newsletter provides a summary of previously reported US government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence, cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform our Domain partners of news items of interest, and does not represent FBI information. In the JANUARY 2012 Issue: Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: American Jihadist Terrorism: Combating a Complex Threat p. 2 Authorities Uncover Increasing Number of United States-Based Terror Plots p. 3 Chinese Counterfeit COTS Create Chaos For The DoD p. 4 DHS Releases Cyber Strategy Framework p. 6 COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS: United States Homes In on China Spying p. 6 Opinion: China‟s Spies Are Catching Up p. 8 Canadian Politician‟s Chinese Crush Likely „Sexpionage,‟ Former Spies Say p. -
Predicting the Spread of Malware Outbreaks Using
ISSN: 1803-3814 (Printed), 2571-3701 (Online) https://doi.org/10.13164/mendel.2019.1.157 PREDICTING THE SPREAD OF MALWARE OUTBREAKS USING AUTOENCODER BASED NEURAL NETWORK Bhardwaj Gopika , Yadav Rashi Department of Information Technology, Indira Gandhi Delhi Technical University for Women, India [email protected] Abstract Malware Outbreaks are pervasive in today's digital world. However, there is a lack of awareness on part of general public on how to safeguard against such attacks and a need for increased cooperation between various national and international research as well as governmental organizations to combat the threat. On the positive side, cyber security websites, blogs and newsletters post articles outlining the working and spread of a malware outbreak and steps to recover from the same as well. In this project, an effective approach to predicting the spread of malware outbreaks is presented. The scope of the project is 15 Malware Outbreaks and the approach involves collecting these cyber aware articles from the web, assigning them to the 15 Malware Outbreaks using Topic Modeling and Similarity Analysis and along with Spread information of the Malware Outbreaks, this is input to auto encoder neural network for learning latent space representations which are further used to predict the spread of malware outbreak as either high or low spread outbreak, achieving a prediction accuracy of 75.56. This work can be used to process large amount of cyber aware content for effective and accurate prediction in the era of much-needed cyber security. Received: 14 April 2019 Keywords: malware outbreaks, topic modeling, similarity analysis, auto encoders, Accepted: 31 May 2019 prediction. -
WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks
REPORT WORLD WAR C : Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Authors: Kenneth Geers, Darien Kindlund, Ned Moran, Rob Rachwald SECURITY REIMAGINED World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks CONTENTS Executive Summary ............................................................................................................................................................................................................................................................................................................... 3 Introduction ............................................................................................................................................................................................................................................................................................................................................... 4 A Word of Warning ................................................................................................................................................................................................................................................................................................................. 5 The FireEye Perspective ...........................................................................................................................................................................................................................................................................................