cyber battle fatigue

There is much concern about the realities of “Cyber Battle Fatigue” – a condition resulting from a never-ending process of defending networks and sensitive information from an onslaught of cyber attacks conducted by cyber criminals, cyber espionage actors, and hacktivists. These attackers continue to use a wide variety of tactics, tools, and procedures that span from being unsophisticated to very sophisticated and continue to have more successes than failures. Two things are certain in a constantly-changing domain – that no business that operates online is immune to being targeted, and two, the cyber security talent pool is sparse, and is contributing to the cyber battle fatigue reality.

The numbers are staggering and continue to outperform previous activity. In 2017, ransomware attacks demonstrated how prolific just one type of attack was. The WannaCry outbreak impacted computers in more than 150 countries that cost approximately USD $ 4 billion. According to one U.S. IT Company, in 2017, some notable cybercrime statistics illustrate the challenges facing those network defenders:

Continue reading

Best Cyber Security News Blogs 2018

Cyber Security and data privacy have always been a hot topic when we talk about IT. There are many places where people can find interesting news, analysis, comments and get informed about the latest threats and how to deal with them efficiently. From developers to security researchers, software companies to security websites and magazines everyone has an opinion on the subject. It is never easy to distinguish between them and when you search for ‘online security blog/news’ you will get thousands of different results.

The following article will try to give you a starting point for which are the top security blogs to get the latest trends and insights. We hope that the following list will be able to spark your interest and broaden your knowledge on this topic.  These bloggers are ready to discover major security tricks, tutorials and solutions to problems that people experience on a daily basis.

Continue reading

Russian-hacker-group-pokemon-go

The online activities surrounding the 2016 U.S. Presidential election revealed a swath of suspicious postings on social media outlets that ranged from deliberate false information (e.g., one candidate running a child sex ring; another candidate’s followers making anti-Islam chants at a rally) to purchased ads on social media platforms like Facebook (e.g., promoting gay rights, issues related to the African-American community, immigration, to name just a few).  In some instances, candidates were attacked via purchased ads.  While there has been much furor about this, the truth is that this type of online content is nothing that people haven’t already seen.

During any campaign, negative print and media ads are often directed against political opponents, and the Internet is not bereft of millions of users willing to promote their viewpoints or engage in vociferous debate with people holding alternative or opposing viewpoints.  Social media has facilitated the ability for anyone with an Internet connection to express themselves and put forward a message to a widely dispersed audience within a specific geography.  People can either listen, ignore, support, or push back on what’s being transmitted.  The big fear that the mastermind behind all of these ads was intent on swaying constituents to vote for a particular candidate is a concern that has yet to be fully verified.

Continue reading

Bay Area Cyber Security Meetups 2018

Meetups are an amazing way to get together with people who share common interests. Of course, there are many websites that do the same, but nobody except Meetup has done something to help its’ users to meet offline as well. This platform brings individuals together and helps to create communities while having fun at the same time in a non-working environment. As a result, even the simplest ideas may become powerful movements when people are ready to share knowledge and improve their communication skills in real life, but not behind the PC. Most noteworthy, the moto of Meetup is to provide a way to explore your city, build your career and get creative.

Key benefits of Cyber Security Meetups:

  • Meetup helps you finding cool groups and events based on your current location
  • You can follow the local community or even organize events with a few clicks
  • It is a great way to meet people offline
  • Easy to advertise on and reach potential customers by promoting an event on Meetup
  • The user can distinguish between an ordinary member and an event organizer profiles
  • Meetup is useful for both individuals and companies

Therefore, the website can be quite useful for people with similar backgrounds who want to create new contacts and expand their network. It is very important especially among professionals in Information Technology and especially the Cyber Security industry. Cyber Security Meetups are becoming a very popular way for such professionals that usually work and live in the Bay Area. If you are one of them or just have some interest in the Cyber Security here is the list.

Continue reading

Recently, the U.S. Federal Trade Commission (FTC) is investigating whether Facebook, Inc. used personal data by an analytics firm associated with the Trump campaign.  Specifically, the FTC is trying to determine if the company violated terms of an earlier consent decree when 50 million users’ data was transferred to  Cambridge Analytica, a data and media consultancy firm.  To date, Cambridge Analytica has been accused of misrepresenting the purpose of some of its data mining, which yielded something like 30 million Facebook profiles it could comb for data.  This calls into question how consumer information is shared with other entities, particularly when consent was not provided.

 

Social Media & GDPR

 

This revelation has called into question how social media sights harvest the personal information from their platforms.  As one article pointed out, “Some large-scale data harvesting and social manipulation is okay until the election. Some of it becomes not okay in retrospect.”  This is indeed troubling in a time when personal information is constantly used by malicious actors for monetization purposes or used in support of the conduct of other operations (e.g., social engineering, spam, phishing, credential theft, etc.).  A recent report by a content marketing agency revealed that Facebook logins can be sold for USD $5.20.  Such access provides a criminal to a compromised individual’s contact list to target other individuals.  According to the same report, an individual’s entire online identity – to include personal identifiable information and financial accounts – could be sold for USD $1,200.00.  After initially denying the claim, Facebook acknowledged the breach and promised to take action.

Continue reading

According to recent reporting, a suspected nation state hacker group with alleged ties to the Iranian government issued death threats to researchers that had detected their cyber espionage activity.  The researchers were checking a server that they believed to be associated with a specific data breach when they received the message “Stop!!! I Kill You Researcher.”  According to the same report, the server was apparently attached to the attackers’ command-and-control infrastructure.  Active since 2015, the group known as “MuddyWaters” has been observed targeting organizations in Georgia, India, Iraq, Pakistan, Saudi Arabia, Tajikistan, Turkey, and the United States.  Recently, MuddyWaters has been observed targeting oil and gas entities in the Middle East.  Notably, the group is believed to employ “false flag” operations – similar to what was believed to have been done during the recent Olympics – in which it adopted some of the tactics, techniques, and procedures (TTP) of suspected Chinese hackers to obfuscate the group’s true identity.

 

On the surface, the threat made against the researchers can be viewed as knee-jerk reaction to being tracked by the private sector.  But this does raise the possibility of what hostile actors may resort to in the future.  The private sector computer security has been aggressively investigating the activities of suspected nation states actors since 2004 when the first report published the activities of a Chinese state entity.  Since that time, several subsequent reports have been provided to the public detailing “advanced persistent threat” operations detailing TTPs and targeting that have ultimately been attributed to specific nation state actors.  While the standard public reaction of these governments has been to refute or deny the claims, citing the difficulties in providing adequate evidence that supports attribution, sanctions and alleged retaliatory strikes have been know to occur as a result of these accusations.

Continue reading

Best Cyber Security Twitter Profiles to Follow 2018

Twitter has always been a great place to stay in touch with the latest cybersecurity trends. It is a great way to join professionals and even experts that normally you wouldn’t be able to reach out. You can follow them, read their posts and comments daily and why not even tagging them in your tweets to attract their attention just in a few seconds. Twitter is an open source platform that stimulates people to share knowledge from new technologies or threats to silly pictures and memes about the latest events in the news.

However, there are thousands of profiles that you can follow, but sometimes you just don’t seem to find exactly what you are looking for. The question of which security experts to follow on Twitter is tricky since there are so many professionals out there who keep sharing valuable information and news on a daily basis. What really matters is to decide what is relevant to you and how you are going to use it as your advantage.  Once you have decided who to follow you can create your own lists per category containing the best Cyber Security Twitter profiles. This option allows you to see all of the tweets in a simple way and you will make sure that you don’t miss a single tweet from your feed.

We have created a list with some of the best Twitter CyberSecurity accounts so you don’t waste your time in searching – you can follow them right away.

Continue reading

 

A cyber attack disrupted the recent opening Olympic Games ceremonies, which was confirmed by a spokesman for the Pyeongchang Organizing Committee.  The disruption took out Internet access and telecasts of non-critical machines, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony.

 

Per reports, the attackers gained access to approximately 300 computers, hacked routers, and distributed malware in the lead-up and during the event’s ceremonies.  Initial findings by at least one computer security company concluded that the attack had started a year in advance.  The attackers could have destroyed computers, according to the company’s researchers, but had restrained themselves, erasing only the backup files on Windows machines.  Conclusions were made that the attack was an attempt to send a political message.  As of this writing, the initial vector of attack has not been determined or at least not made public, although speculation is that prior access was gained and used to launch this attack.

 

According to one news source citing U.S. intelligence officials, Russian spies were behind the cyber attack with the purpose of retaliating for the Olympics suspension of Russia being allowed to compete in the games due to a doping scandal.  Of note, these officials believe that the attack was intended to be a “false-flag” operation as the attackers are alleged to have used North Korean IP addresses and other “tactics” to make it appear like North Korea was behind the attacks.  No evidence has been produced thus far by the government as it had done when supporting its claims of North Korea’s culpability in the Sony hack.

 

While there may very well be classified information that helps attribute this activity, motivation is largely the incriminating bit of evidence that points to Russian culpability.  Paying back the International Olympic Committee (IOC) for not allowing Russian athletes to compete under the national flag would be consistent with fervent Russian nationalism and its need to protect all aspects of its cultural identity.  Russian state or state-affiliated actors are alleged to have orchestrated previous cyber attacks against Olympic targets, notably the 2016 cyber attack against the World Anti-Doping Agency in which the attackers gained access to athlete data, including confidential medical data, and made it public.

 

If the motive is going to be the primary factor in attribution (note, malware analysis provided no clues incorporating traits of malware used by a variety of suspected state actors), at the time of the attack, only two governments were probable suspects – North Korea and Russia.  However, after tumultuous events over nuclear weapon development and missile firing, North Korea made grand diplomatic overtures to South Korea and ultimately marched with it under one flag.  It would seem improbable that it would want to detract from headway made via its Olympic diplomacy with a nuisance attack.

Still stinging from its inability to walk under its flag, Russia seems like the probable suspect behind the cyber attack, wanting to express its dissatisfaction toward the IOC.  If true, the fact that it could have and didn’t is testament that Russia wanted to register displeasure, not punish South Korea for the IOC’s decision.

 

However, what gives pause is the reason why – if reporting stands correct – that state actors of the Russian government were needed to conduct a false-flag attack to simply demonstrate its discontent with the IOC.  Simply, a false-flag operation is where an attacker tries to make their actions look as if it was the work of another known attacker.  In cyberspace such an endeavor is simple to achieve especially when the tactics, techniques, and procedures (TTP) that often include methods of operations, malware, command-and-control architecture are published for global consumption as Indicators of Compromise.  In this instance, the attack blended TTPs and the digital fingerprints of threat actors connected to North Korea, China, and Russia.

Cyber proxies such as non-state hacker groups are perfect agents for states wanting to send a signal to a government without committing its own resources.  There is a level – albeit shallow – of plausible deniability that an aggressor state can claim and still intimate to the victim of its tacit involvement in the attack.  Russia has at its disposal a capable cyber criminal underground, as well as nationalistic youth groups that could have achieved a similar effect.  This was evidenced in 2007 when one such group claimed responsibility for the cyber attacks against Estonia for the removal of a Soviet war memorial.

The use of state actors to commit a cyber equivalent of a tantrum raises eyebrows.  According to one source, the Russian state hackers behind this attack were the same that have been engaged in cyber attack against Ukraine.  Making a public statement doesn’t seem the type of operation an elite unit would be called upon to execute.

 

So why the false-flag?  There are a few possibilities.  One, Russia wanted to test using the TTPs of other nations in an operation to gauge how defenders would determine their findings.  Two, Russia may have “signaled” to nations like the United States – and those private sector companies following their alleged activities – that it would be implementing false-flags in future operations, essentially making technical indicators and digital and technical analysis for attribution, useless.  Three, maybe the Cyber attack achieved another objective in addition to expressing its anger.  Did another attack, perhaps more surreptitious, occur simultaneously against another target while all eyes were focused on this?

Russia’s cyber operations (including cyber attacks) have been described from anything from being sloppy to being among the most advanced actors in the world.  Perhaps the question that should be asked is why did Russia want a “false flag” operation to be so easily attributed?

Perhaps the answer lies with the simplest answer: that it was just the easiest path to take.  And in a world where there is no international consensus of state behavior in cyberspace, the landscape favors the attackers until the defenders figure out how to respond to them with enough conviction to alter attacker behavior.   No one looks to have that answer.

This is a guest post written by Emilio Iasiello

With the near-defeat of ISIS’ ground presence, speculation is that the group will rely more on cyberspace to maintain its relevancy.  This is unsurprising as ISIS has continuously demonstrated its proficiency on the Internet, particularly for propaganda and recruitment campaigns.  The group achieved considerable success in influencing target audiences, and at one time, was credited with being able to disseminate approximately 90,000 messages a day.  Many of the hacking incidents attributed to ISIS or its sympathizers focused on exploiting global news organizations, inserting pro-ISIS messages on websites and Twitter accounts.  Perhaps more impressively, individuals associated with the extremist organization were suspected of hacking the United States Central Command’s Twitter account, posting propaganda videos and threatening messages.

 

ISIS propaganda machine remains a cornerstone of the group’s resilience and survivability, making any attempts to eliminate individual accounts akin to what some have called “whack-a-mole” futility.  In 2017, ISIS supporters used more than 400 separate online platforms to pump out propaganda despite laudable efforts by social media platforms like Facebook and Twitter that actively search for and suspend suspected terrorist/extremist accounts.  Such hinderances have encouraged the development of technologies to assist in this effort.  The United Kingdom, for example, is leveraging software able to detect 94 percent of ISIS propaganda, scanning millions of video and audio files with a 99 percent accuracy rate.

 

While these efforts are very promising in reducing ISIS’ and other extremist groups’ presence in global social media platforms, they don’t address the root of the problem – the message itself.  This has been an ongoing problem for governments and one that has continually challenged U.S. counter-messaging strategies.  The lack of success by any government to mitigate the influence of ISIS propaganda has led some to conclude that perhaps governments’ tactics of trying to deny ISIS’ ability to use cyberspace may not be the key to success.

 

Indeed, these individuals have proven adept at using advanced technologies to such a degree that it may not be possible to truly mitigate their use of the Internet.  ISIS members and associates have been reported to use the latest and greatest  technologies including: anonymous-enabling communications, virtual private networks, encrypted e-mail services, and encrypted messengers, among others.  Short of trying to institute an authoritarian grip on all available technologies (which does not guarantee success), there are too many alternatives that are available or being developed to make denying use of cyber-related devices a credible course of action for the long term.

 

That leaves having the right message that can compete with the one being spread by ISIS and other extremist groups.  Thus far, nothing has proven effective in curbing recruitment or attracting lone-wolf actors to commit horrible acts of violence.  In order to understand why propaganda works, it’s necessary to understand its intended audience, the psychological effects of propaganda on the intended target, and the socio-political effects it will have both on the target and the surrounding environment.  Any counter-messaging strategy must take into account all of these considerations.  More importantly, there can be no “one size fits all” messaging, as any content needs to be tailored to address the unique diverse backgrounds and cultures of ISIS’ members and followers.  And that may be where previous efforts have fallen short.

 

There is an opportunity to investigate what causes people from different countries to respond to radical ideology, and to understand what in the message is attractive enough to unite different socio-cultural backgrounds under the banner of an extremist world view.   We must not be satisfied with having put ISIS on the run.  Instead, we should invest this time in interviewing the persons involved to get a better idea of why they committed to extremism in the hopes of preventing another group like ISIS to emerge.

This is a guest post written by Emilio Iasiello

According to recent reports, the United States government is considering building a 5G network, a step designed to bolster the country’s cyber security posture and guard against attacks, particularly from nation states believed to be conducting hostile acts of espionage.  This information is alleged to have come from sensitive documents obtained by Axios. Per these documents, there appears some question as to whether the government would build and run it, leasing out access to national telecommunications carriers, or that wireless providers in the United States build their own 5G networks that would compete with one another.  Another news source, reported similar findings, conveying that the government is interested in building a secure 5G network and will work with industry to accomplish this objective.

 

5G networks are wireless networks designed to improve connectivity for home broadband networks, as well as mobile devices such as smartphones and tablets and even self-driving cars – essentially Internet of Things devices.  There are some indications that speed will improve 10 times that of current 4G capability.  To provide some perspective to this marker, that’s sufficient to stream “8K” video or download a 3D movie in 30 seconds, according to one news outlet.  A very substantial advantage is the closing the lag time between devices, making communication more streamlined and efficient.

There is skepticism if the government will actually fund such an endeavor, with estimated costs expected to balloon to hundreds of millions of dollars.  Making connections stronger and communications more fluid would require more technology to be installed almost everywhere.  Some believe that 5G networks will bolster current 4G network architecture supporting existing technology, indicating that a full 5G adoption an unlikely result.

Nevertheless, whether the government gets involved in this process or not, the four main carriers in the United States – Verizon, ATT&T, T-Mobile, and Sprint – are all engaged in developing 5G technology meaning that the move toward the fifth generation of mobile networks is forthcoming.  In late 2017, the first 5G specification was officially completed, covering a range of spectrum from 600 and 700 MHz bands to millimeter wave of the spectrum at 50 GHz.

Propelling forward on implementing a 5G network has been touted as a security consideration.  Being able to develop a secure 5G network has been categorized as helping to curb hostile nation threats posed by governments like China that have been accused of conducting industrial and traditional espionage against U.S. public and private interests.

But it is also seen as a way to compete with China, which is considered as the leader in developing 5G technology.  According to a company that tailors analysis and commentary for its clients, 5G technology will be in place by 2020 with more than a billion users by 2023, and more than half of that based in China.

It remains to be seen the extent – if any – of the United States government in spearheading a 5G rollout.  In December 2017’s National Security Strategy statement, the president promised to improve “America’s digital infrastructure by deploying a secure 5G Internet capability nationwide.”  Thus far, the president has tried to fulfill his promises, intimating that government may find a role for itself someplace in this effort.  However, potential government intervention is not without its detractors.  Critics, including the head of the Federal Communications Commission, believe that government involvement would be meddlesome, potentially hampering innovation and investment.

There are always reasons why something can’t happen – insurmountable obstacles, cost, disrupting the norm.  Unfortunately, as history has proven, these often have trumped security considerations.  Therefore, any government discussions of creating  a new network with security in mind at the design level rather than after its completion and installment is very promising.  Many times, new technologies are brought to market at the expense of its users for the sake of being the first and displaying innovation.  Security continues to take a back seat to capitalizing on market share and making profit.  This cycle needs to be broken if there is any true interest in improving cyber security.  In this regard, government working closely with the telecommunications carriers in creating a 5G network would be advantageous, as long as it ensures that 5G network security remains a priority.

This is a guest post written by Emilio Iasiello