DOCSLIB.ORG

Security Just Got Real Powerful

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Just Got Real Powerful Security just got real Powerful. Affordable. Easy to use. Scalable, end-to-end IT monitoring software from solarwinds.com/government ACCESS RIGHTS ACCOUNT SECURITY PATCH CONFIGURATION MANAGED FILE FTP SERVER MANAGEMENT TAKEOVER INFORMATION & MANAGEMENT MANAGEMENT TRANSFER PREVENTION EVENT MANAGEMENT Empower your mission with deeper real-time visibility. Your missions need strong, intuitive, and trusted networks that never rest. Built on a platform that enables deeper real-time visibility, from the enterprise to the tactical edge. An operationally implemented platform for cyber that securely maneuvers data, creates decision advantage, and enables information effects across all domains. All while protecting you with industry-leading cybersecurity and resiliency. Together with your partners at Cisco, you can deploy a platform for cyber that does this, and more. One that automatically interprets, implements, and enforces network operational policy in a simple and effective way. And automatically detects and reacts to threats, while providing your team with unprecedented situational awareness. Cisco empowers your mission. Learn more at cisco.com/go/DoD © 2019 Cisco Systems, Inc. All rights reserved. Foreword Contents p. 5 Suspected Iranian Cyber Attacks Show No Sign of Slowing By Patrick Tucker p. 6 New Tech Aims to Tell Pilots When Their Plane Has Been Hacked By Marcus Weisgerber p. 8 The US Must Prepare for a Cyber ‘Day After’ By Samantha Ravich p. 10 Russian Hackers Used Stolen Iranian Malware to Attack 35 Countries, NSA Says By Jack Corrigan p. 13 States Must Explain When a Cyber Attack Might Draw a Violent Reprisal By Jonathan Reiber p. 15 Should Cyber Arms Be Treated Like Bioweapons? By David Fidler p. 18 The Cybersecurity Challenge Page 4 Foreword It’s enough to make you long for the days when law? It’s not yet clear. In “Should Cyber Arms Be the proliferation of dangerous weapons required Treated Like Bioweapons?” the Council on Foreign more than an email. Late last month, officials with Relations’ David Fidler examines one potential the U.S. National Security Agency and the U.K.’s analogue — biological weapons — and comes away National Cyber Security Centre announced a joint unconvinced. finding that Russian hackers had used Iranian cyber Even more urgently needed than a strict tools and digital infrastructure to launch attacks classification of cyber capabilities are some on government and industry groups in dozens of international norms for using them. “Without countries. clear explanations that affirm rules of the road, “The disclosure paints a picture of Russian countries make it easier for conflicts to spiral out hackers piggy-backing off the work of Iranian of control,” writes Jonathan Reiber in “States Must rivals to advance their own agenda,” Nextgov’s Jack Explain When a Cyber Attack Might Draw a Violent Corrigan writes in “Russian Hackers Used Stolen Reprisal.” Formerly Chief Strategy Officer for Cyber Iranian Malware to Attack 35 Countries, NSA Says.” Policy in the Office of the Secretary of Defense, “Authorities said the Nautilus and Neuron tools Reiber writes in the wake of Israel’s May attack had ‘very likely; originated in Iran, but Turla had on a Hamas hacking center, “the first time that a acquired both tools by early 2018. The group initially military has conducted a kinetic operation directly used the malware in combination with one of its in response to a cyberattack in real time.” Read on. own toolkits, called Snake, but eventually began targeting victims with the tools directly.” Bradley Peniston But wait. Are these kinds of cyber capabilities Deputy Editor actually regarded as weapons under international Defense One The Cybersecurity Challenge Page 5 Suspected Iranian Cyber Attacks Show No Sign of Slowing In this photo released by official website of the office of the Iranian Presidency, President Hassan Rouhani By Patrick Tucker addresses the nation in a televised speech in Tehran, Iran, Monday Aug. 6, 2018. IRANIAN PRESIDENCY OFFICE VIA AP As Iran and the U.S. trade cyber blows, a new warning shows that the online fight is likely to go on. ensions between the United States and Iran in been phished — which is not what is occurring here. The the Strait of Hormuz may be cooling but, online, it organization may waste valuable time without focus on Tappears Iranian actors are continuing their activity the root cause.” against targets in the United States and elsewhere. In a December blog post, FireEye traces the activity to On Wednesday morning, U.S. Cyber a threat group dubbed APT33, which, they say, is working Command tweeted that they discovered “active “at the behest of the Iranian government.” In a June malicious use” of a known bug in Microsoft Outlook, update to that post, the company said that they saw those “CVE-2017-11774.” same APT33 tactics playing a role in a new a coordinated In their tweet, Cyber Command doesn’t say who campaign against “U.S. federal government agencies and is using the bug to launch attacks. But cybersecurity financial, retail, media, and education sectors.” company FireEye has reported that a variety of Iranian That update coincides with a June 22 notice from hackers have been busy using that very vulnerability. the Cybersecurity and Infrastructure Security Agency, “Adversary exploitation of CVE-2017-11774 continues or CISA, warning of a “recent rise in malicious cyber to cause confusion for many security professionals,” activity directed at United States industries and the company wrote in a statement sent to reporters on government agencies by Iranian regime actors and Wednesday. “If Outlook launches something malicious, proxies.” The agency notes that the new attacks are highly a common assumption is that the impacted user has destructive, “‘wiper” attacks and that the perpetrators The Cybersecurity Challenge Page 6 are “looking to do much more than just steal data and the types of tactics used. “I think a lot of times we think of money. These efforts are often enabled through common escalation is vertical in nature,” he said. tactics like spear phishing, password spraying, and The statement follows a comment from Joint Chiefs credential stuffing. What might start as an account Chairman Gen. Joe Dunford in May, describing the compromise, where you think you might just lose data, increase in Iranian activity in the region, including cyber can quickly become a situation where you’ve lost your activity as “campaign-like.” whole network.” The U.S. has been ramping up cyber operations against At last week’s Defense One Tech Summit, Ed Wilson, Iranian intelligence groups involved the planning of the the deputy assistant secretary of defense for cyber policy, attack on various foreign oil tankers, according to reports described the recent escalation in Iranian offensive cyber from Yahoo and The New York Times. activity as a “horizontal escalation” meaning an increase Wilson declined to comment on those reports. in the volume of activity, rather than a sudden change in The Cybersecurity Challenge Page 7 New Tech Aims to Tell Pilots When Their Plane Has Been Hacked By Marcus Weisgerber The Cyber Anomaly Detection System tells pilots when their plane is being hacked. /RAYTHEON Raytheon is pitching a product to detect cyber intrusions into aircraft, drones, and even missiles. s the military helicopter lifts off the ground information about what’s happening internally on and heads skyward, the numbers on the altimeter his aircraft in real time,” said Amanda Buchanan, the Asuddenly stop ticking upward. The rumble of the project’s engineering lead. “We’re telling him what’s going helicopter’s engines fade and the chopper starts losing on and allowing him to make decisions about what he altitude. A second later, a dire warning flashes in red on a needs to do to correct the problems.” cockpit screen: “Cyber Anomaly.” Inside most aircraft, important electronics are plugged The helicopter is under attack, but not from missiles or into a serial data bus. The bus used in many U.S. military guns. Seconds later, it smashes into the ground. planes was developed in the 1970s and “still have not been Luckily for the pilot, he’s not in a real helicopter — just updated for security,” according to Fry, a cyber-resiliency a small simulator set up in a conference room of a high- product manager at Raytheon. rise office building in Arlington, Virginia. Greg Fry, the “You GPS talks on it, your fuel valve switches are engineer at the controls of the choreographed crash, is on it, your autopilot is on it and other avionics systems part of a Raytheon team that is building a new warning all communicate over this bus,” Fry said. “What we system that tells pilots when their planes are being found is as technology has increased and more and hacked, something the U.S. military expects to happen in more [commercial] products are put in aircraft, there’s the battles of the future. more of an attack surface for cyber threats to go onto “Basically, we’re trying to give the pilot the the platform.” The Cybersecurity Challenge Page 8 hackers had found cyber vulnerabilities in the F-15E Strike Eagle fighter jet. Hackers can get into military and commercial aircraft, vehicles, and even missiles and bombs by infecting them with malware — say, by plugging an infected cell phone into one of the aircraft’s USB ports, or even wirelessly, Fry said. Buchanan hacked Fry’s helicopter by injecting malicious code wirelessly from a tablet. The code caused the helicoper’s engines to shut down. While Fry was able to disable the helicopter’s wireless receiver before hitting the ground, he was not able to stop its fall. SENIOR AIRMAN FRANKLIN R. RAMOS Raytheon says the technology could be used to detect Raytheon began developing this Cyber Anomaly cyber intrusions on drones, vehicles or even missiles.
Load more

Recommended publications
  • 2015 Threat Report Provides a Comprehensive Overview of the Cyber Threat Landscape Facing Both Companies and Individuals
    THREAT REPORT 2015 AT A GLANCE 2015 HIGHLIGHTS A few of the major events in 2015 concerning security issues. 08 07/15: Hacking Team 07/15: Bugs prompt 02/15: Europol joint breached, data Ford, Range Rover, 08/15: Google patches op takes down Ramnit released online Prius, Chrysler recalls Android Stagefright botnet flaw 09/15: XcodeGhost 07/15: Android 07/15: FBI Darkode tainted apps prompts Stagefright flaw 08/15: Amazon, ENFORCEMENT bazaar shutdown ATTACKS AppStore cleanup VULNERABILITY reported SECURITYPRODUCT Chrome drop Flash ads TOP MALWARE BREACHING THE MEET THE DUKES FAMILIES WALLED GARDEN The Dukes are a well- 12 18 resourced, highly 20 Njw0rm was the most In late 2015, the Apple App prominent new malware family in 2015. Store saw a string of incidents where dedicated and organized developers had used compromised tools cyberespionage group believed to be to unwittingly create apps with malicious working for the Russian Federation since behavior. The apps were able to bypass at least 2008 to collect intelligence in Njw0rm Apple’s review procedures to gain entry support of foreign and security policy decision-making. Angler into the store, and from there into an ordinary user’s iOS device. Gamarue THE CHAIN OF THE CHAIN OF Dorkbot COMPROMISE COMPROMISE: 23 The Stages 28 The Chain of Compromise Nuclear is a user-centric model that illustrates Kilim how cyber attacks combine different Ippedo techniques and resources to compromise Dridex devices and networks. It is defined by 4 main phases: Inception, Intrusion, WormLink Infection, and Invasion. INCEPTION Redirectors wreak havoc on US, Europe (p.28) INTRUSION AnglerEK dominates Flash (p.29) INFECTION The rise of rypto-ransomware (p.31) THREATS BY REGION Europe was particularly affected by the Angler exploit kit.
    [Show full text]
  • Moonlight Maze,’ Perhaps the Oldest Publicly Acknowledged State Actor, Has Evaded Open Forensic Analysis
    PENQUIN’S MOONLIT MAZE The Dawn of Nation-State Digital Espionage Juan Andres Guerrero-Saade, Costin Raiu (GReAT) Daniel Moore, Thomas Rid (King’s College London) The origins of digital espionage remain hidden in the dark. In most cases, codenames and fragments of stories are all that remains of the ‘prehistoric’ actors that pioneered the now- ubiquitous practice of computer network exploitation. The origins of early operations, tools, and tradecraft are largely unknown: official documents will remain classified for years and decades to come; memories of investigators are eroding as time passes; and often precious forensic evidence is discarded, destroyed, or simply lost as storage devices age. Even ‘Moonlight Maze,’ perhaps the oldest publicly acknowledged state actor, has evaded open forensic analysis. Intrusions began as early as 1996. The early targets: a vast number of US military and government networks, including Wright Patterson and Kelly Air Force Bases, the Army Research Lab, the Naval Sea Systems Command in Indian Head, Maryland, NASA, and the Department of Energy labs. By mid-1998 the FBI and Department of Defense investigators had forensic evidence pointing to Russian ISPs. After a Congressional hearing in late February 1999, news of the FBI’s vast investigation leaked to the public.1 However, little detail ever surfaced regarding the actual means and procedures of this threat actor. Eventually the code name was replaced (with the attackers’ improved intrusion set dubbed Storm Cloud’, and later ‘Makers Mark’) and the original ‘MM’ faded into obscurity without proper technical forensic artefacts to tie these cyberespionage pioneers to the modern menagerie of APT actors we are now all too familiar with.
    [Show full text]
  • Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014
    Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014 Purpose Stuxnet worm entered Iran's nuclear facilities through hacked suppliers Educate recipients of cyber events to aid in protecting Engadget, 13 Nov 2014: You may have heard the common story of how Stuxnet electronically stored DoD, spread: the United States and Israel reportedly developed the worm in the mid- corporate proprietary, and/or Personally Identifiable 2000s to mess with Iran's nuclear program by damaging equipment, and first Information from theft, unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got compromise, espionage out of control, however, and escaped into the wild (that is, the internet) sometime Source later. Relatively straightforward, right? Well, you'll have to toss that version of This publication incorporates open source news articles events aside -- a new book, Countdown to Zero Day, explains that this digital educate readers on security assault played out very differently. Researchers now know that the sabotage- matters in compliance with oriented code first attacked five component vendors that are key to Iran's nuclear USC Title 17, section 107, program, including one that makes the centrifuges Stuxnet was targeting. These Para a. All articles are truncated to avoid the companies were unwitting Trojan horses, security firm Kaspersky Lab says. Once appearance of copyright the malware hit their systems, it was just a matter of time before someone brought infringement compromised data into the Natanz plant (where there's no direct internet access) Publisher and sparked chaos. As you might suspect, there's also evidence that these first * SA Jeanette Greene Albuquerque FBI breaches didn't originate from USB drives.
    [Show full text]
  • Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2
    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • Cyber Warfare
    Downloaded by [University of Defence] at 23:51 30 May 2016 Cyber Warfare This book is a multidisciplinary analysis of cyber warfare, featuring contribu- tions by leading experts from a mixture of academic and professional backgrounds. Cyber warfare, meaning interstate cyber aggression, is an increasingly important emerging phenomenon in international relations, with state- orchestrated (or apparently state- orchestrated) computer network attacks occur- ring in Estonia (2007), Georgia (2008) and Iran (2010). This method of waging warfare – given its potential to, for example, make planes fall from the sky or cause nuclear power plants to melt down – has the capacity to be as devastating as any conventional means of conducting armed conflict. Every state in the world now has a cyber- defence programme and over 120 states also have a cyber- attack programme. While the amount of literature on cyber warfare is growing within disciplines, our understanding of the subject has been limited by a lack of cross- disciplinary engagement. In response, this book, drawn from the fields of computer science, military strategy, international law, political science and military ethics, provides a critical overview of cyber warfare for those approaching the topic from what- ever angle. Chapters consider the emergence of the phenomena of cyber warfare in international affairs; what cyber- attacks are from a technological standpoint; the extent to which cyber- attacks can be attributed to state actors; the strategic value and danger posed by cyber conflict; the legal regulation of cyber- attacks, both as international uses of force and as part of an ongoing armed conflict, and the ethical implications of cyber warfare.
    [Show full text]
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • ESET THREAT REPORT Q3 2020 | 2 ESET Researchers Reveal That Bugs Similar to Krøøk Affect More Chip Brands Than Previously Thought
    THREAT REPORT Q3 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents Foreword Welcome to the Q3 2020 issue of the ESET Threat Report! 3 FEATURED STORY As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to 5 NEWS FROM THE LAB have gone “back to basics” in Q3 2020. An area where the effects of the pandemic persist, however, is remote work with its many security challenges. 9 APT GROUP ACTIVITY This is especially true for attacks targeting Remote Desktop Protocol (RDP), which grew throughout all H1. In Q3, RDP attack attempts climbed by a further 37% in terms of unique 13 STATISTICS & TRENDS clients targeted — likely a result of the growing number of poorly secured systems connected to the internet during the pandemic, and possibly other criminals taking inspiration from 14 Top 10 malware detections ransomware gangs in targeting RDP. 15 Downloaders The ransomware scene, closely tracked by ESET specialists, saw a first this quarter — an attack investigated as a homicide after the death of a patient at a ransomware-struck 17 Banking malware hospital. Another surprising twist was the revival of cryptominers, which had been declining for seven consecutive quarters. There was a lot more happening in Q3: Emotet returning 18 Ransomware to the scene, Android banking malware surging, new waves of emails impersonating major delivery and logistics companies…. 20 Cryptominers This quarter’s research findings were equally as rich, with ESET researchers: uncovering 21 Spyware & backdoors more Wi-Fi chips vulnerable to KrØØk-like bugs, exposing Mac malware bundled with a cryptocurrency trading application, discovering CDRThief targeting Linux VoIP softswitches, 22 Exploits and delving into KryptoCibule, a triple threat in regard to cryptocurrencies.
    [Show full text]
  • Bilan Cert-IST 2013
    Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes
    [Show full text]
  • Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014
    This article was downloaded by: [Columbia University] On: 08 June 2015, At: 08:43 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Strategic Studies Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/fjss20 Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’s College London, UK Published online: 23 Dec 2014. Click for updates To cite this article: Thomas Rid & Ben Buchanan (2015) Attributing Cyber Attacks, Journal of Strategic Studies, 38:1-2, 4-37, DOI: 10.1080/01402390.2014.977382 To link to this article: http://dx.doi.org/10.1080/01402390.2014.977382 PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content.
    [Show full text]
  • Threat Landscape Report – 1St Quarter 2018
    TLP-AMBER Threat Landscape Report – 1st Quarter 2018 (FINAL) V1.0 – 10/04/2018 This quarterly report summarises the most significant direct cyber threats to EU institutions, bodies, and agencies (EU-I or 'Constituents') in Part I, the development of cyber-threats on a broader scale in Part II, and recent technical trends in Part III. KEY FINDINGS Direct Threats • In Europe, APT28 / Sofacy threat actor (likely affiliated to Russia military intelligence GRU) targeted government institutions related to foreign affairs and attendees of a military conference. Another threat actor, Turla (likely affiliated to Russia’s security service FSB) executed a cyber-operation against foreign affairs entities in a European country. • A spear-phishing campaign that targeted European foreign ministries in the end of 2017 was attributed to a China-based threat actor (Ke3chang) which has a long track record of targeting EU institutions (since 2011). As regards cyber-criminality against EU institutions, attempts to deliver banking trojans are stable, ransomware activities are still in decline and cryptojacking on the rise. Phishing lures involve generic matters (’invoice’, ‘payment’, ‘purchase’, ‘wire transfer’, ‘personal banking’, ‘job application’) and more specific ones (foreign affairs issues, European think tanks matters, energy contracts, EU delegation, EU watch keeper). Almost all EU-I are affected by credential leaks (email address | password) on pastebin-like websites. Several credential- harvesting attempts have also been detected. Attackers keep attempting to lure EU-I staff by employing custom methods such as spoofed EU-I email addresses or weaponisation of EU-I documents. Broader Threats • Critical infrastructure. In the energy sector, the US authorities have accused Russian actors of targeting critical infrastructure (including nuclear) for several years and are expecting this to continue in 2018.
    [Show full text]
  • Finding Threats in Linux® Memory the Value of Memory Integrity Verification
    WHITE PAPER Finding Threats in Linux® Memory The Value of Memory Integrity Verification Linux powers critical web and cloud infrastructure for organizations around the world. Not surprisingly, it has become a major target for cybercrime and cyber espionage. In the past year, financially motivated attackers have launched large-scale Linux-targeted threat attack campaigns across critical infrastructure, retail, healthcare, and financial and brokerage organizations. This white paper explores the magnitude of threats against Linux systems, and why organizations are looking at memory integrity as a superior approach for detecting threats on Linux systems. Memory integrity ensures that systems are running exactly the software they are supposed to be running, and flagging anything that should not be there. www.Raytheon.com/cyberproducts 2 WHITE PAPER - Finding Threats in Linux® Memory Contents 1. Linux® Systems: A Major Target 4 2. Threat Attacks on the Upswing 4 3. Threats Spare No Industry 5 Critical Infrastructure 5 Retail 5 Healthcare 5 Financial and Brokerage Services 5 4. How SureView® Memory Integrity Works 6 SureView Memory Integrity Graphical User Interface 7 Integration with SIEMS 7 5. Conclusion 8 6. About Raytheon|Websense 8 866.230.1307 3 WHITE PAPER - Finding Threats in Linux® Memory Linux Systems: A Major Target servers.3 The Linux botnet Mayhem, which spread through Linux is an open source operating system beloved by enthusiasts ShellShock exploits, affected 1,400 servers.4 Unfortunately, because the price is right and the license provides the freedom to Operation Windigo and Mayhem are still active using the tinker. From its earliest days, Linux has powered numerous web ShellShock Bash vulnerability and other means to spread to new servers and other Internet infrastructures worldwide.
    [Show full text]