3 Threats We Are Modeling for Clients These Days

Just a quick post today to discuss three threat scenarios we are modeling frequently with clients these days. #ThreatModeling

1) Ransomeware or other malware infection sourced from managed service providers – this scenario is become a very common issue, so common that DHS and several other organizations have released advisories. Attacker campaigns against managed services providers have been identified and many have yielded some high value breaches. The most common threat is spear phishing into a MSP, with the attackers eventually gaining access to the capability to push software to the clients. They then push a command and control malware or a ransomware infection down the pipe. Often, it is quite some time before the source of the event is traced back to the MSP. The defenses here are somewhat limited, but the scenario definitely should be practiced at the tabletop level. Often, these MSPs have successfully passed a SOC audit, but have very little security maturity beyond the baselines.

2) Successful credential stuffing attacks against Office 365 implementations leading to wire/ACH/AP fraud – This is another very common scenario, not just for banks and credit unions, but a lot of small and mid-size organizations have fallen victim to it as well via account payable attacks. In the scenario, either a user is phished into giving up credentials, or a leaked set of credentials is leveraged to gain access to the Office 365 mail and chat system. The attackers then leverage this capability to perform their fraud, appearing to come from internal email accounts and chats. They often make use of stored forms and phish their way to other internal users in the approval chain to get the money to actually move. Once they have their cash, they often use these email accounts to spread malware and ransomware to other victims inside the organization or in business partners – continuing the chain over and over again. The defenses here are to MFA, limited access to the O365 environment to require VPN or other IP-specifc filtering, hardening the O365 environment and enabling many of the detection and prevention controls that are off by default. 

3) Voicemail hacking and dial-system fraud – I know, I know, it’s 2020… But, this remains an incredibly impactful attack, especially against key management employees or employees who traffic in highly confidential data. Often this is accessed and then either used for profit via trading (think M&A info) or as ransom/blackmail types of social engineering. Just like above, the attackers often hack one account and then use social engineering to get other users to follow instructions around fraud or change their voicemail password to a given number, etc. Larger corporations where social familiarity of employees and management is low are a common attack target. Dial system fraud for outbound long distance remains pretty common, especially over long weekends and holidays. Basically, the attackers hack an account and use call forwarding to send calls to a foreign number – then sell access to the hacked voicemail line, changing the destination number for each caller. Outbound dial tone is also highly regarded here and quite valuable on the underground markets. Often the fraud goes undetected for 60-90 days until the audit process kicks in, leaving the victim several thousand dollars in debt from the illicit activity. The defenses here are voicemail and phone system auditing, configuration reviews, hardening and lowering lockout thresholds on password attempts. 

We can help with all of these issues and defenses, but we love to help organizations with threat scenario generation, threat modeling and attack surface mapping. If you need some insights into outside the box attacks and fraud potential, give us a call. Our engagements in this space are informative, useful and affordable.

Thanks for reading, and until next time, stay safe out there! 

Cyber-Mania & Situation Awareness in the Binary Worlds…

Good Friday Afternoon Folks;

In today’s issue of the latest cyber news we have quite a bit in the way of Cyber-Mania & Situation Awareness in the Binary Worlds…

Pay particular attention to the immediate section below and the latest items of interest from the People’s Republic of Cyber Espionage…er, sorry, China…
There are a couple of interesting items regarding cuber attacks and a cuber timeline from NATO…yeah OTAN…go figure!
And yes the F-B-I is looking for Hacker love…be sure to use a condom … or those executable files ail ruin your weekend…:-)

People’s Republic of China allows spies to plunder companies
http://www.news.com.au/business/chinese-inaction-over-industrial-spies/story-e6frfm1i-1226693898798
Slight shift seen in official Chinese attitude on cybersecurity
http://www.fiercegovernmentit.com/story/slight-shift-seen-official-chinese-attitude-cybersecurity/2013-08-07
People’s Republic ofChina firmly pursues peaceful development: defense minister
http://english.qstheory.cn/news/201308/t20130801_255078.htm
How America Is Fighting Back Against Chinese Hackers |
http://gizmodo.com/how-america-is-fighting-back-against-chinese-hackers-754599685
President Xi inspects Chinese Academy of Sciences in Beijing _ Qiushi Journal
http://english.qstheory.cn/news/201307/t20130718_250255.htm
People’s Republic of China’s Huawei Looks to Build Up Enterprise-Network Business
http://online.wsj.com/article/SB10001424127887323977304578654840024408084.html

NATO History of Cyber Attacks – A Timeline
http://www.nato.int/docu/review/2013/Cyber/timeline/EN/
Fitting cyber attacks to jus ad bellum — Consequence-based approachPart III
http://resources.infosecinstitute.com/fitting-cyber-attacks-to-jus-ad-bellum-consequence-based-approachpart-iii/?
Cyberattacks devastated my business!
http://money.cnn.com/gallery/smallbusiness/2013/05/28/cybercrime
NSA behind cyber attacks the took down ‘Dark Web’ used by online pedophiles
http://bbb-news.com/blog/2013/08/09/eric-eoin-marques-nsa-behind-cyber-attacks-the-took-down-dark-web-used-by-online-pedophiles/
Defendant in Romanian Cyber Crime Ring Convicted of Wire Fraud and Identification Document Fraud Conspiracies
http://www.fbi.gov/newyork/press-releases/2013/defendant-in-romanian-cyber-crime-ring-convicted-of-wire-fraud-and-identification-document-fraud-conspiracies?

Are Black Hats and White Hats Really Grey Hats?
http://www.digitalcommunities.com/articles/Are-Black-Hats-and-White-Hats-Really-Grey-Hats.html

FBI director calls on private sector to help with cyber threat
I’ll be sure to send him a .pdf with an executable file in it – oh wait the Minneapolis Cyber Field Office already received it….Nyarch!
http://arstechnica.com/tech-policy/2013/08/fbi-director-calls-on-private-sector-to-help-with-cyber-threat/
CIA, FBI and NSA Leaders Ask for Help Fighting Cyberattacks
http://mashable.com/2013/08/08/cia-fbi-nsa-cyberattacks/?
The Government Wants to Create Cybersecurity Insurance
http://gizmodo.com/the-government-wants-to-create-cybersecurity-insurance-1046375980
IPv6 is latest tool for stealing credit card numbers and passwords
http://www.v3.co.uk/v3-uk/news/2286734/ipv6-is-latest-tool-for-stealing-credit-card-numbers-and-passwords

Semper Fi,

謝謝
紅龍

Cyber Threat Situational Awareness for 09JUL2013

Good Day Folks;

Below is a short list of some of the latest stories you need to be aware of to maintain & improve your Cyber Threat Situational Awareness for today,09JUL2013…

矽對海洋和平,帕拉戰爭 or in Latin…Si vis pacem, para bellum…

Talking Cyberthreat With the People’s Republic of China

http://www.nytimes.com/2013/07/10/opinion/global/talking-cyberthreat-with-china.html?_r=0

Traitor Snowden revelations imperil cyber hacking talks with People’s Republic of China |

http://www.intellasia.net/snowden-revelations-imperil-cyber-hacking-talks-with-china-292273

Patriot hacker ‘The Jester’ attacks nations offering Snowden help

http://www.theregister.co.uk/2013/07/04/patriot_hacker_takes_aim_snowden_asylum_candidates/

South Korea Attackers ‘Pierced Military Networks’
Same crew that hit TV stations and banks managed to get malware onto military networks


http://www.techweekeurope.co.uk/news/mcafee-south-korea-attackers-military-hacks-121219?

Dissecting operation Troy: Cyberespionage in South Korea
http://www.net-security.org/article.php?id=1861
How Cybercriminals Operate — Dark Reading
A look at cybercriminal motives, resources, and processes — and how they may affect enterprise defense


http://www.darkreading.com/perimeter/how-cybercriminals-operate/240157738

Iran Planning Cyber Drills
http://english.farsnews.com/newstext.aspx?nn=13920415000930
US agency baffled by modern technology, destroys mice to get rid of viruses
The US Economic Development Administration (EDA) is an agency in the Department of Commerce takes a cyber threat property destruction lesson from the German Government 🙂 “…$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.”


http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/

Across Europe, Nations Mold Cyber Defenses

http://www.defensenews.com/article/20130709/DEFREG01/307090008/Across-Europe-Nations-Mold-Cyber-Defenses

Enjoy!

Semper Fi…

謝謝紅龍

Sign up for updates from MSI: http://eepurl.com/dk1PE

International Cyber Intelligence & Situational Awareness (SA)…Operation Middle Kingdom

Good day Folks;

Here is an extensive list of the recent International Cyber Intelligence & Situational Awareness (SA) you should be cognizant of…something cyber for everyone including the People’s Republic of H@cking, HUAWEI, Pakistan ~ People’s Republic of China relations and much, much more cybernia related…and coming soon to a computer and networked system near you OP Middle Kingdom…

Innovation and Disruption, & Why the People’s Republic of China Needs the Latter

http://www.techinasia.com/difference-innovation-disruption-important/

A Breakdown of the People’s Republic of China’s New Visa Rules
http://www.haohaoreport.com/l/43604
A New Anti-American Axis? People’s Republic of China & Russia…

http://www.nytimes.com/2013/07/07/opinion/sunday/a-new-anti-american-axis.html?

People’s Republic of China’s Huawei Zambia to invest $500,000 in brand promotion | Times of Zambia
http://www.times.co.zm/?p=22996
People’s Republic of China, Pakistan Build Communication, Transportation Links

http://www.ibtimes.com/china-pakistan-agree-communications-transport-links-huawei-board-fiber-optic-project-1335227?ft=w18y0

PM urges People’s Republic of China’s Huawei to set up research centre in Pakistan

http://www.pakistantoday.com.pk/2013/07/07/news/profit/pm-urges-huawei-to-set-up-research-centre-in-pakistan/

People’s Republic of China’s Huawei-Imperial plan renews Chinese cyber-security fears

http://theconversation.com/huawei-imperial-plan-renews-chinese-cyber-security-fears-15788

People’s Republic of China’s Huawei deploys high speed 4G on Mount Everest

http://www.theinquirer.net/inquirer/news/2279724/huawei-deploys-high-speed-4g-on-mount-everest

People’s Republic of China’s Huawei to build China-Pakistan link

http://www.defence.pk/forums/economy-development/262482-huawei-build-china-pakistan-link.html

People’s Republic of China’s Huawei Ready to Outspend Ericsson in R&D Race to Woo Clients

http://www.bloomberg.com/news/2013-07-02/huawei-woos-carriers-with-research-boost-beyond-me-too-networks.html

People’s Republic of China’s Huawei supports Asia Pacific hospitals

http://www.itwire.com/it-industry-news/market/60579-huawei-supports-asia-pacific-hospitals

People’s Republic of China’s Huawei boosts spending on research

http://www.scmp.com/business/companies/article/1275572/huawei-boosts-spending-research

People’s Republic of China, Switzerland sign free trade agreement
Switerland is latest OP MIddle Kingom acquistion by the People’s Republic of China…

http://www.reuters.com/article/2013/07/06/us-china-trade-idUSBRE96503E20130706

Studies: Cyberspying Targeted SKorea, US Military

http://abcnews.go.com/International/wireStory/studies-cyberspying-targeted-skorea-us-military-19602444

Turkish Agent Hacked US Air Force Culture & Language Center Website | Cyberwarzone
Didn’t the USAF tell the US Senate they were lead DoD on Cyber & were going to protect US Critical INfrastructure againsts hackers?
Hell, they cannot even protect themselves….
USAF CYBER ….MASSIVE FAIL….


http://cyberwarzone.com/turkish-agent-hacked-us-air-force-culture-language-center-website

Taiwanese Military to stage computer-aided war game later this month: MND
“tested the armed forces ability to fend off a simulated invasion by Chinese forces.”


http://www.chinapost.com.tw/taiwan/national/national-news/2013/07/03/382727/Military-to.htm

EU and People’s Republic of China close in on solar panel deal

http://www.reuters.com/article/2013/07/05/us-china-solar-idUSBRE9640L720130705

Pakistan, China set sights on Arabian Sea link |

http://www.ksl.com/?nid=235&sid=25866836&title=pakistan-china-set-sights-on-arabian-sea-link

Is People’s Republic of China’s Huawei Becoming Less Chinese?

http://blogs.wsj.com/digits/2013/07/04/is-huawei-becoming-less-chinese/?

People’s Republic of China’s Huawei to overtake Ericsson in R&D spending

http://www.intomobile.com/2013/07/05/huawei-overtake-ericsson-rd-spending/?

Papua New Guinea’s fixed line incumbent Telikom recruits People’s Republic of China’s Huawei for NBN project

http://www.telegeography.com/products/commsupdate/articles/2013/07/05/telikom-recruits-huawei-for-nbn-project/?

FCC approves deals between Japan’s Softbank, Sprint, Clearwire
Softbank signs huge deal with Huawei….backdoor to United States critical infrastructure now wide open for Huawei courtesy of Japan…


http://www.washingtonpost.com/business/technology/fcc-approves-deals-between-softbank-sprint-clearwire/2013/07/05/f48c88d8-e5ad-11e2-a11e-c2ea876a8f30_story.html

People’s Republic of China’s Huawei, Imperial College, London announce big data joint venture |

http://www.zdnet.com/huawei-imperial-college-announce-big-data-joint-venture-7000017582/

Chinese Web giant Tencent faces obstacles in its goal to expand in global IM market

http://www.washingtonpost.com/business/economy/chinese-web-giant-tencent-faces-obstacles-in-its-goal-for-a-global-im-market/2013/07/05/6ee4016c-cff4-11e2-8845-d970ccb04497_story.html?

People’s Republic of China Says Private Banks Possible

http://www.npr.org/templates/story/story.php?storyId=198990603

Emerging market giants quick to grab Australian foothold
Chinese banks, among the world’s largest, are busy in Australia


http://www.brisbanetimes.com.au/business/emerging-market-giants-quick-to-grab-australian-foothold-20130705-2phh7.html

NJRAT ESPIONAGE MALWARE TARGETS MIDDLE EASTERN GOVERNMENTS, TELECOMS AND ENERGY

http://threatpost.com/njrat-espionage-malware-targets-middle-eastern-governments-telecoms-and-energy/

Current cybercrime market is all about Cybercrime-as-a-Service |
http://www.net-security.org/secworld.php?id=15173
TARGETED ESPIONAGE ATTACK BORROWING FROM CYBERCRIMINALS

http://threatpost.com/targeted-espionage-attack-borrowing-from-cybercriminals/

Traitorous Snowden Says the NSA and Israel Wrote Stuxnet Malware Together

http://news.softpedia.com/news/Snowden-Says-the-NSA-and-Israel-Wrote-Stuxnet-Malware-Together-366371.shtml?

EU adopts stricter penalties for cyber criminals
http://www.net-security.org/secworld.php?id=15183
EU Parliament to launch inquiry into US surveillance programs
http://www.net-security.org/secworld.php?id=15181
Piratin Nocun über den Überwachungsskandal…Cyberwar governments against their citizens

http://www.sueddeutsche.de/digital/ueberwachungsskandal-cyberwar-der-regierungen-gegen-ihre-buerger-1.1713200

Iran to hold nationwide cyber maneuver

http://www.presstv.ir/detail/2013/07/06/312582/iran-to-hold-nationwide-cyber-maneuver/

United Kingdom Cyber War ‘At Its Gunpowder Moment’

http://www.huffingtonpost.co.uk/2013/07/05/cyber-war-gunpowder-moment_n_3549048.html

Beware the Internet and the danger of cyberattacks

http://www.dallasnews.com/opinion/sunday-commentary/20130705-robert-j.-samuelson-beware-the-internet-and-the-danger-of-cyberattacks.ece
U.S. military realm extends to cyberspace

http://www.upi.com/Science_News/Technology/2013/07/02/US-military-realm-extends-to-cyberspace/UPI-85321372770741/

The cyber-intelligence complex and its useful idiots
“Those who tell us to trust the US’s secret, privatised surveillance schemes should recall the criminality of J Edgar Hoover’s FBI”

http://www.guardian.co.uk/commentisfree/2013/jul/01/cyber-intelligence-complex-useful-idiots
Cyberwar: Angriffe auf Industrieanlagen wachsen…Cyberwar: Attacks on industrial plants grow

http://business.chip.de/news/Cyberwar-Angriffe-auf-Industrieanlagen-wachsen_62848164.html

Blind Fear Of Cyberwar Drives Columnist To Call For Elimination Of The Internet |

https://www.techdirt.com/articles/20130701/10561323680/blind-fear-cyberwar-drives-columnist-to-call-elimination-internet.shtml

Cyberwar ist kein Kalter Krieg
http://www.dradio.de/dkultur/sendungen/interview/2162803/
Brazil was target of U.S. signals spying, Globo newspaper says
http://www.reuters.com/article/2013/07/07/brazil-espionage-snowden-idUSL1N0FD05120130707

Enjoy –

Semper Fi –

謝謝紅龍

People’s Republic of Hacking…Latest Cyber Threat SA…

Good day folks, here’s the most current People’s Republic of Hacking…Latest Cyber Threat SA…

People’s Republic of Hacking: Chinese Hackers Behind ‘NetTraveller’ Global Cyber Surveillance

http://www.techweekeurope.co.uk/news/chinese-hackers-nettraveller-global-cyber-surveillance-118140?

People’s Republic of China has ‘mountains of data’ about U.S. cyber attacks: official

http://www.reuters.com/article/2013/06/05/us-china-usa-hacking-idUSBRE95404L20130605

People’s Republic of China is victim of hacking attacks – People’s Daily Online
Incredible Infographic about the People’s Republic of China as a victim of hacking….


http://english.peopledaily.com.cn/90883/8271052.html

How the People’s Republic of China’s ZTE is winning the US market – People’s Daily Online

http://english.peopledaily.com.cn/90778/8270807.html

Global IT and techno-jingoism – People’s Daily Online

http://english.peopledaily.com.cn/90778/8270803.html

This week Barack Obama must avoid the start of a cold war with People’s Republic of China
Guess no one told the Guardian that the Cold War with the People’s Republic of China started months ago…


http://www.guardian.co.uk/commentisfree/2013/jun/05/obama-china-superpower-decline

Shaming Chinese hackers won’t work because cyber-espionage is here to stay

http://www.guardian.co.uk/commentisfree/2013/may/30/china-hacking-cyber-espionage-obama?INTCMP=ILCNETTXT3487

People’s Republic of Siamese Copycats: Lei Jun Builds His Xiaomi Empire by Aping Apple and Steve Jobs

http://www.nytimes.com/2013/06/05/business/global/in-china-an-empire-built-by-aping-apple.html?partner=rssnyt&emc=rss&_r=0&pagewanted=all

People’s Republic of Hacking: Cyber-attacks likely to take centre stage when Obama and Xi meet in California

http://www.guardian.co.uk/world/2013/jun/04/obama-xi-cyberattacks-california-summit

Michelle Obama ‘snubs’ China’s first lady

http://www.telegraph.co.uk/news/worldnews/michelle-obama/10100017/Michelle-Obama-snubs-Chinas-first-lady.html

Cyber Command Redefines the Art | SIGNAL Magazine

http://www.afcea.org/content/?q=node%2F11117

Enjoy –

Semper Fi,

謝謝
紅龍

International Cyber Threat Situational Awareness…

Good morning Folks;

Here is a very comprehensive list of the latest International Cyber Threat Situational Awareness…

Silicon Valley at front line of global cyber-war…People’s Republic of China dominates US

http://gadgets.ndtv.com/internet/news/silicon-valley-at-front-line-of-global-cyber-war-375258

China’s military to drill on digitalized forces – Xinhua | English.news.cn

http://news.xinhuanet.com/english/china/2013-05/29/c_132415053.htm

OP Middle Kingdom: PLA joint cyberwarfare drill to show new strength and sophistication
The People’s Liberation Army will conduct its first joint combat drills involving cyberwarfare, special troops, army aviation and electronic countermeasures units next month to test the integration and co-ordination of its land and air forces, state media reported yesterday.


http://asitimes.blogspot.com/2013/05/pla-joint-cyberwarfare-drill-to-show.html

People’s Republic of China Developing ‘Digital’ Military Forces

http://www.thetelecomblog.com/2013/05/30/china-developing-digital-military-forces/

PLA joint cyberwarfare drill to show new strength and sophistication

http://www.scmp.com/news/china/article/1249255/pla-prepares-massive-drill-show-its-new-strength-and-sophistication

Chinese army to include digital forces in June military drill
The drill will be carried out in late June at the Zhurihe training base in North China’s Inner Mongolia autonomous region, which is the country’s largest military field, it said. Forces from the Beijing Military Area Command, as well as eight military academics will be participating.


http://www.zdnet.com/cn/chinese-army-to-include-digital-forces-in-june-military-drill-7000016008/

People’s Republic of China Doesn’t Care if Its ‘Digitalized’ Military Cyberwar Drill Scares You

http://www.theatlanticwire.com/technology/2013/05/china-cyberwar-drill/65678/

People’s Republic of China army to conduct first digital exercise

http://www.reuters.com/article/2013/05/29/us-china-defence-idUSBRE94S03O20130529

People’s Republic of China army to conduct first “digital” exercise

http://news.yahoo.com/china-army-conduct-first-digital-exercise-022542367.html

People’s Republic of China’s Huawei Denies Involvement in US Cyber-Attacks

http://www.thetelecomblog.com/2013/05/10/huawei-denies-involvement-in-us-cyber-attacks/

People’s Republic of China’s Huawei Security Chief: We Are the Most “Poked” Company in the World

http://news.softpedia.com/news/Huawei-Security-Chief-We-Are-the-Most-Poked-Company-in-the-World-356340.shtml

People’s Republic of China Denies Stealing New ASIO Headquarters Plans
Chinese military spokeswoman says ” we have already colonized Australia, why would we steal anything?”


http://news.softpedia.com/news/China-Denies-Stealing-New-ASIO-Headquarter-Plans-356487.shtml

People’s Republic of China’s digitalized troops begin to take shape – People’s Daily

http://english.peopledaily.com.cn/90786/8245879.html

People’s Republic of China willing to hold dialogues with U.S. on cyber security – People’s Daily

http://english.peopledaily.com.cn/90786/8269498.html

People’s Republic of China’s Doublethink on the Law of the Sea

http://thediplomat.com/the-naval-diplomat/2013/06/05/chinas-doublethink-on-the-law-of-the-sea/?

Tiananmen Square online searches censored by Chinese authorities

http://www.guardian.co.uk/world/2013/jun/04/tiananmen-square-online-search-censored

People’s Republic of China signals hunger for Arctic’s mineral riches
Operation Middle Kingdom focuses on further colonization of Iceland and eventually most of Scandinavia including Norway….


http://www.guardian.co.uk/environment/2013/jun/04/china-arctics-mineral-riches

Xi Jinping’s Chinese Dream
People’s Republic of China’s President Xi Jinping decsribes Operation Middle Kingdom as the reformist/nationalist view aka The Chinese Dream


http://www.nytimes.com/2013/06/05/opinion/global/xi-jinpings-chinese-dream.html?partner=rssnyt&emc=rss&_r=0&pagewanted=all

Soft Power? The People’s Republic of China Has Plenty
Great article defining Operation Middle Kingdom and the colonization of Australia, British Isles and Canada….


http://thediplomat.com/2013/06/04/soft-power-china-has-plenty/?all=true

TAIWAN: President Ma takes part in computerized war games

http://www.chinapost.com.tw/taiwan/national/national-news/2013/05/29/379836/President-Ma.htm

Commentary: People’s Republic of China should publish report on U.S. military power – People’s Daily

http://english.peopledaily.com.cn/90786/8244270.html

People’s Republic of China, Canada sign initiative on military cooperation – People’s Daily
OP Middle Kingdom – the People’s Republic of China now successful in adding Canada as the latest country to be colonized…United Kingdom and Australia have already initiated mandatory “Learn Chinese” courses…


http://english.peopledaily.com.cn/90786/8269530.html

Chinese defense minister meets Canadian Minister of National Defence – People’s Daily

http://english.peopledaily.com.cn/90786/8268981.html

Intellectual property theft detection is the best prevention

http://www.scmagazineuk.com/intellectual-property-theft–detection-is-the-best-prevention/article/295643/

IT security: M&A transactions are a different matter

http://www.scmagazineuk.com/it-security-ma-transactions-are-a-different-matter/article/295689/

American Gets Targeted by Digital Spy Tool Sold to Foreign Governments

http://www.wired.com/threatlevel/2013/06/spy-tool-sold-to-governments/

Google believes zero-day vulnerabilities should be responded to within a week

http://www.scmagazineuk.com/google-believes-zero-day-vulnerabilities-should-be-responded-to-within-a-week/article/295641/

DEFEATING INTERNET BLOCKING WITH LAHANA VPN-TOR BRIDGE

http://threatpost.com/defeating-internet-blocking-with-lahana-vpn-tor-bridge/

Microsoft to offer threat data in ‘near real-time’ to Certs and ISPs

http://www.scmagazineuk.com/microsoft-to-offer-threat-data-in-near-real-time-to-certs-and-isps/article/295448/

Semper Fi,

謝謝
紅龍

Cyber Threat SA for Thursday from Abu Dhabi…

Good morning from Abu Dhabi, United Arab Emirates…

Here are the latest cyber threat intelligence notes you need to be aware of…enjoy!

People’s Republic of China says it is opposed to all forms of hacking

http://www.news-journalonline.com/article/20130529/API/1305290639

People’s Republic of China’s military to drill on digitalized forces – Xinhua |

http://news.xinhuanet.com/english/china/2013-05/29/c_132415053.htm

Chinese hackers have access to major US weapons designs, report says

http://www.scmp.com/news/china/article/1248077/chinese-hackers-stole-plans-australian-spy-headquarters-says-report

People’s Republic of China’s Huawei all governments hack secret data using their kit –

http://phys.org/news/2013-05-hack-secret-huawei.html

U.S., Australia reports allege new spying by People’s Republic of China hackers –

http://www.cbc.ca/news/technology/story/2013/05/28/australia-china-hacking.html?cmp=rss

Australia: People’s Republic of China spy agency hack claims ‘will not hit ties’ – Hack claims over Australia spy HQ

http://www.bbc.co.uk/news/world-asia-22685332

Spy claim no threat to People’s Republic of China ties: Foreign Minister Carr

http://news.smh.com.au/breaking-news-national/spy-claim-no-threat-to-china-ties-carr-20130528-2n87j.html

Australian spy HQ plans stolen by Chinese hackers: report

http://www.reuters.com/article/2013/05/28/us-australia-hacking-idUSBRE94R02A20130528

REPORT: Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems

http://newsle.com/article/0/76807927/

Researchers uncover new global cyberespionage operation dubbed Safe

http://www.pcworld.com/article/2039011/researchers-uncover-new-global-cyberespionage-operation-dubbed-safenet.html

Cyber Attack on Norway’s Telenor was part of large cyberespionage operation with Indian origins, report says

http://www.pcworld.com/article/2039257/attack-on-telenor-was-part-of-large-cyberespionage-operation-with-indian-origins-report-says.html

US accuses Iran of hacking energy companies

http://www.itproportal.com/2013/05/24/us-accuses-iran-hacking-energy-companies/

Semper Fi,

謝謝

紅龍

Horrible Ideas, Modeled & Profiled

Just a quick note this time about the HITME (HoneyPoint Internet Threat Monitoring Environment). One of the best uses for having the kind of global honeynet that we have deployed in the incarnation of the software is that you can create actual working models for a mistake or a horrible security idea.

Want to know what happens if you accidentally expose an internal system to the public Internet for 24 hours? We can quickly (in less than 30 mins) build an emulation for it and use a decoy dropped into place on your network to measure and model that risk over a period of time. You can get a real life set of metrics for how many probes it receives, from where and for what the attackers are looking. You can find out how long the average time is before the issue is identified by an attacker. You can even work up a profile of what sources, their locale and their capability to add to your risk assessments. These kinds of metrics, tied to a strong mathematical model (like FAIR) make for fantastic real world analysis.

You can do the same with web applications. Want to know what kind of attacks you can expect if you put in a new VPN portal at your managed hosting provider? No problem. We create an emulation and drop a decoy into their ESX(i) infrastrcuture, monitor it for 30 days and work up the data into a report for you. Now you can take that data and feed into a risk assessment, work out compensating controls and even get a budget idea for what it will take to secure such an infrastructure. We can also do this in multiple places and then work with the reporting you get from several vendors, using this mock up as a bake off data point to help you determine if your exposures and risks are higher from one hosting provider to another, what kinds of reporting you get from each, how effective their prevention and detection programs are, etc. We’ve even had a couple of organizations drop in temporary HoneyPoint decoys while being audited or undergoing penetration testing to get a third party view of how effective and capable their assessment and testing process has been.

The coolest thing to me about HoneyPoint is not the bleeding-edge attacks you can capture, nor the insights into attacker behavior it brings. Instead it’s the wide array of business problems that it can lend real world insight to inside the security world. It truly makes it easy to model and measure some of the most horrible ideas that an admin or developer can have. Wanna know more about the mistakes you make or might make in the future? Wanna measure attack interactions or generate metrics to feed a better risk assessment? Give us a call, we’ll be glad to discuss how you can take the next step in threat-centric information security with HoneyPoint!