Search This Blog

Friday, October 31, 2014

Security Management Weekly - October 31, 2014

header

  Learn more! ->   sm professional  

October 31, 2014
 
 
Corporate Security
Sponsored By:
  1. "Evaluating Readiness: A Must-Do Security Assessment"
  2. "France Probes Mystery Drones Flying Over Nuclear Reactors"
  3. "Hacking Trail Leads to Russia, Experts Say"
  4. "Report Analyzes Extent of Data Breaches in California"
  5. "Supply Chain Management Best Practices for 2014 and Beyond"

Homeland Security
  1. "Foreigners From 80 Countries are Joining ISIS on 'Unprecedented Scale': UN" Islamic State of Iraq and Syria
  2. "Intel Panel Chairman: ISIS Directive to Australian Recruits Fueled DHS Security Boost" Islamic State of Iraq and Syria
  3. "Experts Warn that Using Big Data to Predict Terrorist Threats Won't Work"
  4. "Homeland Security Steps up Patrols of Federal Buildings"
  5. "Second Victim in Washington School Shooting Dies"

Cyber Security
  1. "Hackers Breach Some White House Computers"
  2. "U.S. Chamber Warns Cyberattack Disclosures Could Hurt Corporate Profits"
  3. "Hackers are Using Gmail Drafts to Update Their Malware and Steal Data"
  4. "Researchers Identify Sophisticated Chinese Cyberespionage Group"
  5. "China-Linked Hacking Foiled by Private-Sector Sleuthing"

   

 
 
 

 


Evaluating Readiness: A Must-Do Security Assessment
Security InfoWatch (10/30/14) Bernard, Ray

It is not uncommon for readiness requirements to go undefined and unaddressed in a security context, leading to the possibility of security being caught flat-footed and unprepared for emergencies and other events. There are numerous factors that can lead to a low readiness state, such as not having readiness as part of the overarching business culture, failing to keep readiness conditions up-to-date, or losing readiness in the shuffle of organizational change. To change this, it is important to maintain readiness plans, including documentation, for various possible scenarios. A good readiness plan will list the states of readiness that need to be established and define their requirements, and identify what response capabilities need to be maintained and what steps must be taken to ensure this maintenance. A readiness plan should include a readiness validation schedule including inspections of equipment and materials, verification and validation of training and certification status, and outlining exercise drills to be used to gauge and maintain performance levels. Readiness assessments are necessary in numerous areas, but two of the most important are evacuation and shelter-in-place scenarios and security technology roll outs. The need for the first is self-evident, but many organizations are often caught unprepared for new technology and therefore it is important to have a readiness assessment in place.


France Probes Mystery Drones Flying Over Nuclear Reactors
Bloomberg (10/30/14) Patel, Tara

The French government is investigating reports of unidentified drones flying over seven of Electricite de France SA's nuclear plants this month. The company said Wednesday that security teams had detected "illegal" aircraft within the sites' protected air space, and that the utility had filed a complaint with police. French law forbids aircraft from flying within a three mile perimeter and less than 1,000 meters above a nuclear plant. The first suspected drone flight was detected Oct. 5, and more were detected between Oct. 13 and Oct. 20. The organization Greenpeace, which has sneaked into other nuclear sites to highlight security weaknesses, has denied any involvement in the drone incidents.


Hacking Trail Leads to Russia, Experts Say
Wall Street Journal (10/28/14) Yadron, Danny; Gorman, Siobhan

The cybersecurity firm FireEye on Tuesday will release the results of an investigation into what it says are cyberattacks sponsored by the Russian government. FireEye's investigation took place earlier this year at an unnamed U.S. company that stored sensitive military information on its network. Investigators found a sophisticated piece of malware called Sofacy that was programmed on Russian-language computers and was updated during what would have been normal work hours in Moscow. Sofacy was designed to encrypt the stolen data and send it back to Russia by hiding it in the firm's e-mail traffic. The malware was even able to infect computers not connected to the Internet by using USB drives, FireEye found. The same malware is believed to have been used in other attacks on several U.S. defense contractors, the North Atlantic Treaty Organization (NATO), and others. Other organizations, including Google, the computer security companies Crowdstrike and iSight Partners, and U.S. intelligence agencies, have also been tracking the activities of the hackers behind Sofacy. However, Google's report on the group's activities does not explicitly state that it was backed by Moscow and simply calls the organization a "sophisticated state-sponsored group." Officials with the Russian Embassy in Washington have not commented on the allegations.


Report Analyzes Extent of Data Breaches in California
New York Times (10/28/14) Perlroth, Nicole

The number of data breaches reported in California rose significantly between 2012 and 2013, due in part to the Target and LivingSocial breaches, and is continuing to rise this year, according to state Attorney General Kamala D. Harris. Harris' office issued a report noting the number of breaches reported in California rose from 131 in 2012 to 167 in 2013, a 28 percent increase. The increase carried over into the first 10 months of 2014, when the number of breaches rose 30 percent compared to last year, Harris notes. Meanwhile, the number of Californians whose records were compromised rose from 2.5 million in 2012 to more than 18.5 million last year. The report also notes 53 percent of the breaches that were reported in 2013 were the result of deliberate actions such as malware campaigns and hacking, although these methods resulted in a disproportionate number of records being compromised. Nearly all of the 17 million records that were compromised in California in 2013 were compromised through the use of malware or hacking, compared to 1.15 million records that were compromised because an electronic device was accidentally lost. The report also says most of the records that were breached in 2013 were maintained by retailers, and Social Security numbers were the most commonly stolen records. The report concludes with several recommendations for how retailers can improve data security, including using payment systems that utilize surrogate tokens instead of payment card data.


Supply Chain Management Best Practices for 2014 and Beyond
Security Magazine (10/14) Ritchey, Diane

Supply chain risk management can be difficult, says Gustavo Passa, Ryder Supply Chain Solutions' security director for Latin America. Among the challenges Ryder faces in Mexico are the theft of products and trailer hijackings, smuggling, and complying with anti-smuggling regulations from U.S. Customs. Ryder uses technologies such as GPS and tracking devices to follow its supply trucks. A new standard released by ASIS should help organizations address supply-chain risks. "Supply Chain Risk Management: A Compilation of Best Practices Standard (SCRM)" provides a guide that includes current best practices and a generic approach to risk management. The SCRM Standard can help practitioners prevent, manage, and recover from potentially disruptive events, but adoption of the standard should build on existing specialized risk programs, not replace them, says ASIS. "This is the first standard to provide practical guidance, based on the experiences of both large and small organizations, about managing risks in their supply chain to increase their resilience capacity and create value," says Dr. Marc H. Siegel, the commissioner of the ASIS Global Standards Initiative.




Foreigners From 80 Countries are Joining ISIS on 'Unprecedented Scale': UN
Homeland Security News Wire (10/31/14)

According to a United Nations Security Council report, some 15,000 people have traveled to Iraq and Syria to fight with the Islamic State (IS) and other extremist groups since 2010. The foreign fighters are drawn from 80 countries, including some unexpected ones like the Maldives. They also include countries that had no previous issues with its citizens or residents joining militant Islamist groups like al-Qaida. The rate of foreign fighters leaving to join IS and other groups in the region is many times higher than what was seen during the previous 20 years, when foreigner fighters would join groups like al-Qaida. The report says the change is part of a broader shift away from al-Qaida and similar organizations, which are diffuse and harbor global ambitions, and towards more aggressively militant and regionally-focused groups like IS that have little interest in or ability to carry out attacks beyond their borders. Al-Qaida, the report says, is on the decline, with the core al-Qaida leadership characterized as "weak." However, the report and the U.N. still recognize IS and al-Qaida as linked, despite al-Qaida leader Ayman al-Zawahiri having completely disowned the group, which started as an al-Qaida affiliate in Iraq.


Intel Panel Chairman: ISIS Directive to Australian Recruits Fueled DHS Security Boost
Fox News (10/30/14) Herridge, Catherine

House Intelligence Committee Chairman Mike Rogers (R-Mich.) said Wednesday that the recent decision to increase security at 9,500 federal facilities was prompted in part by a threat from the Islamic State. Rogers noted that the Islamic State recently told 14 Australian recruits to remain in their home country and carry out videotaped beheadings rather than travel to Syria. The group hoped to use the videos for propaganda purposes, Rogers said. Australian authorities learned about the potential threat last month, prompting them to arrest more than 12 suspects, including some who were believed to be planning to behead people in public. Rogers added that the threat represents a change in the Islamic State's strategy, which was once focused on simply inspiring attacks and is now aimed at directing attacks in countries besides Iraq and Syria. Rogers said that there is concern such attacks, which could target government officials, could be carried out in the U.S. He added that the Islamic State wants to carry out a "high-profile event" in a Western nation to show that it is capable of attacking such a country. Rogers also alluded to the recent shooting in Ottawa and other events in the news by noting that the "activity" seen in Canada, the U.S., and other Western nations as of late is the result of the Islamic State trying to draw attention to itself.


Experts Warn that Using Big Data to Predict Terrorist Threats Won't Work
Fierce Homeland Security (10/30/14) Walker, Molly Bernhart

In the wake of a pair of deadly lone wolf attacks by Canadian Muslims radicalized by extremist propaganda, some Canadian lawmakers are looking to grant broader powers to Canada's signals intelligence department to gather information on its citizens. The idea is that this information can be used in conjunction with big data analytics to determine who's likely to attempt an attack. However, several experts are skeptical of this assertion. "My research has shown, basically, that these programs don't work," says Washington and Lee University law professor Margaret Hu. Hu and Shane Harris, a fellow at the New America Foundation, say that data mining efforts are more likely to turn up false positives than actual future attackers. Harris says that investigations into potential lone wolves require a human element that can spot things an algorithm would not be able to capture. He further points out that the conditions that tend to lead to the sort of radicalization driving individuals to carry out lone wolf attacks are not particularly prevalent in the U.S. and Canada. Harris explains that lone wolf attackers are often immigrants or first generation Muslims who feel isolated and alienated from their new countries, an experience more common in European countries like England and France, where Muslims are often marginalized.


Homeland Security Steps up Patrols of Federal Buildings
USA Today (10/28/14) Korte, Gregory

Federal buildings in major U.S. cities, including Washington, D.C., will see their security measures tightened, Homeland Security Secretary Jeh Johnson said Tuesday. Johnson said this move was a "precautionary step" in response to last week's shooting in Ottawa and public calls by terrorist groups to attack the United States, among other things. Johnson said the exact security measures and the affected federal buildings will vary each day and "will be continually re-evaluated." He also called for vigilance by state and local officials who are responsible for security.


Second Victim in Washington School Shooting Dies
USA Today (10/27/14)

A second victim has died from a shooting at Marysville-Pilchuck High School in the Seattle area, bringing the total number of deaths in the incident to three, including the gunman. Three others were injured. On Oct. 24, freshman Jaylen Fryberg opened fire inside the school's cafeteria. Fryberg died of a gunshot wound after a teacher intervened, but it is currently unclear whether he intentionally killed himself or if the gun went off in the struggle. According to guidance counselor Matt Remle, who works at Marysville-Pilchuck High School, no one knows what motivated Fryberg to carry out the shooting.




Hackers Breach Some White House Computers
Washington Post (10/29/14) Nakashima, Ellen

An unclassified computer network used by the Executive Office of the President was breached several weeks ago by hackers believed to be working for the Russian government, sources say. Officials were alerted to the breach two to three weeks ago by a U.S. ally. A White House official says steps were taken immediately to "evaluate and mitigate" the hackers' activities. In addition, some staffers were asked to change their passwords, and intranet and virtual private networking (VPN) access to the network was temporarily shut down. Officials say the breach resulted in no damage to the targeted systems, although they would not say how much if any data was taken. A classified network used by the White House is not believed to have been breached. Although the White House official would not comment on who was behind breach, sources say the hackers who carried it out were likely state-sponsored, given the target. The breach, which comes amid reports from several cybersecurity firms about cyber-espionage campaigns carried out by Russian hackers, remains under investigation.


U.S. Chamber Warns Cyberattack Disclosures Could Hurt Corporate Profits
Wall Street Journal (10/29/14) Ackerman, Andrew

As the Securities and Exchange Commission (SEC) debates whether or not to increase cyberattack disclosure requirements for publicly-traded companies, the U.S. Chamber of Commerce warns that forcing disclosures could needlessly harm corporate profits. Some companies are already voluntarily disclosing security breaches, but executives generally fear that speaking openly about cyberthreats could make companies a target for hackers or litigation. SEC guidance from 2011 says companies should inform investors of "material" cyber-risks and attacks, but the definition of materiality remains unclear. "Adding regulations would disrupt or damage trusted relationships between business and government needed to counter advanced and persistent attacks, which tend to originate overseas," the Chamber of Commerce wrote in a letter this week to SEC Chairman Mary Jo White. "Going beyond the SEC's 2011 guidance on cybersecurity could paint a target on registrants' backs—including industry peers and supply chain partners—for no appreciable benefit to investors." Some senior SEC staffers are reportedly hesitant to issue new rules to force greater disclosure, but say they are closely monitoring how companies and their boards address the issue.


Hackers are Using Gmail Drafts to Update Their Malware and Steal Data
Wired (10/14) Greenberg, Andy

Researchers at Shape Security say they have found malware on a client's network that uses a form of "command and control," the communications channel that links hackers to their malware, that gives them the ability to stealthily send the programs updates and instructions and fetch stolen data. The communications channel is challenging to find because the commands are hidden in unassuming Gmail draft messages that are never sent. The attack begins by a hacker setting up an anonymous Gmail account, then tainting a computer on the target's network with malware. After taking control of the target machine, the hacker opens his anonymous Gmail account on the victim's computer in an invisible instance of Internet Explorer. With the Gmail drafts folder hidden, but open, the malware uses a Python script to retrieve commands and code that the hacker enters into the draft field. The malware responds with its own acknowledgements in Gmail draft form and all communication is encrypted to prevent it being found by intrusion detection or data leak prevention. Shape Security believes it is a closely targeted attack rather than a widespread one, but does not know how many computers have been infected. Shape said there is no way to detect the fraudulent data theft from the malware without blocking Gmail altogether.


Researchers Identify Sophisticated Chinese Cyberespionage Group
Washington Post (10/28/14) Nakashima, Ellen

A report issued this week by a coalition of tech and security research firms details the activities of a cyber espionage group linked to the Chinese government that has been dubbed Axiom. The report is similar to one issued last year by Mandiant about Unit 61398 of the People's Liberation Army (PLA). Axiom, however, is said to be far more sophisticated than the PLA unit. It has been in operation for at least six years and specializes in industrial espionage, the theft of intellectual property, foreign intelligence gathering and counterintelligence work, and spying on Chinese dissidents. The group uses "the most sophisticated cyber espionage tactics we've seen out of China," says Peter LaMontagne, the CEO of Novetta Solutions, which heads the coalition. The group is especially adept at inserting malware that exfiltrates data in ways that are very difficult to detect. It also operates more clandestinely than the PLA unit. The coalition was unable to identify any geographic locations linked to the group or identify its members, though they say it is clearly linked to the Chinese state. The report includes useful remediation information, such as threat signatures that can be used to detect Axiom's malware. A Chinese Embassy official has said the allegations in the report are untrue.


China-Linked Hacking Foiled by Private-Sector Sleuthing
Bloomberg (10/28/14) Strohm, Chris

A coalition of technology companies says it has disrupted a hacking campaign linked to Chinese intelligence, demonstrating for the first time a private-sector model that they believe can move faster than investigations by law enforcement agencies. The hackers have used tools found in some of the most sophisticated spying operations linked to China. Malicious code used by the hackers has been removed from 43,000 computers worldwide since Oct. 14, according to a report the coalition is releasing Monday. The effort largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members, including Microsoft, Cisco and Symantec, say they can act faster than governments because they operate global Internet systems and have business relationships with tens of thousands of companies.


Abstracts Copyright © 2014 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Security Management Online | ASIS Online

No comments: