CMHSecLunch for July is going to be held Monday, July 8 at the Tuttle Mall food court. The time is 11:30am – 1pm. Look for the security geeks in the mall and come hang out with your infosec peeps. FREE and open to the public, you can register and find out more information here.
This time around on Ask The Security Experts, we have a question about holiday coverage for the security team:
Q: “With the upcoming summer holidays and heavy vacation schedules, what are some things I need to pay attention to in order to make sure attackers don’t catch us off guard while we are short on staff?”
Jim Klun weighed in with:
1. Make sure all staff have been reminded of the reality of phishing attacks and what they need to watch out for.
Use real-world examples like this one: http://labs.ft.com/2013/05/a-sobering-day/ ( courtesy of Adam Hostetler )
Its important that staff understand the potential severity of a successful phishing attack.
Such attacks are more likely over holiday periods when attackers can rely on short-staffing.
2. Make sure all systems( both network/OS/application ) are logging and that you are reviewing those logs for anomalies
Make it a particular point to review those logs after the holidays.
Log review can be automated but should not be reduced to a formality. Staff with familiarity with what is normal should be reviewing daily log reports and periodically
examining the raw logs themselves.
3. Consider internal alerting systems such as Microsolved’s “Honeypoint” solution. They can act as tripwires in your network, alerting you to the presence of an intruder.
See: http://www.microsolved.com/honeypoint
Bill Hagestad added:
To prevent surprise cyber attacks the number one focus should be proactive cyber threat intelligence specifically related to your company based upon the following Essential Elements of Information (EEI):
– What are your priorities for intelligence?
– Competitor’s needs/focuses?
– External vendors interests on behalf of competitor?
– Foreign economic interests
– Commercial cyber espionage
– Foreign cyber espionage?
– Potential insider threats?
Once you have prioritized what you consider the information security threats are to your organization MicroSolved can help develop a information a security/assurance strategy.
First step determine a quick list of cyber intelligence targeting baed upon the EEI above;
Second – from the priorities determine your internal High Value Targets that the prioritized list of adversaries might focus on;
Third – install or fine tune your HoneyPoint Security Server to capture attacker and threat vector information; and,
Fourth – focus holiday staffing levels and efforts to mitigate list of potential cyber threats based upon both the EEI and steps 1 -3 above.
John Davis stated:
One of the things to pay particular attention to during vacation season is the security of returning portable devices. Employees will probably be traveling all over the place on their vacations, include foreign countries. And while traveling, people like to let their hair down and take it easy. They also like to keep abreast of their emails or surf the Internet looking for restaurants and places of interest.
Hotel networks and public hot spots are usually open networks and liable to sniffing by enterprising cyber criminals. Because of this, it is relatively easy for these attackers to implant Malware on laptops or other portable devices used by traveling employees. And, as we know, lots of enterprises these days have bring your own device policies in place or tolerate the casual use of company laptops for non-business purposes. To protect the network from this scenario, run anti-virus and other Malware detecting software on these devices, and/or boot them up in a stand alone test environment and look for problems before allowing them onto the production network.
There’s a LOT of good advice here. Hopefully, some of it helps you. Until next time, thanks for reading and have a safe holiday!
Good Day from the Front Line of Cyber – Here are today’s top Chinese Cyber Threat Stories from an international perspective….your daily dose of Cyber Threat Situational Awareness (SA)….
Codan network hacked by Chinese
http://www.electronicsnews.com.au/news/codan-network-hacked-by-chinese
Report: Australia spy plans hacked by Chinese
http://www.aljazeera.com/news/asia-pacific/2013/05/20135284536511454.html
Cybersecurity and the Limits of Leader Summits
http://thediplomat.com/the-editor/2013/06/28/cybersecurity-and-the-limits-of-leader-summits/
Trial flight photos of China’s J-31 stealth fighter – Xinhua | English.news.cn
http://news.xinhuanet.com/english/photo/2013-07/02/c_132502418_4.htm
InterDigital loses first round of U.S. case against People’s Republic of China’s Huawei
http://www.reuters.com/article/2013/07/01/us-interdigital-huawei-patent-idUSBRE96019420130701
Former Nokia head of sales takes his expertise to Huawei (updated)
http://www.engadget.com/2013/07/02/colin-giles-huawei/?
Nokia doubles up in networks to fight People’s Republic of China
http://blogs.ft.com/businessblog/2013/07/nokia-doubles-up-in-networks-to-fight-china/?
GCHQ claims British networks hit by 70 cyber attacks a month |
http://www.itpro.co.uk/security/20106/gchq-claims-british-networks-hit-70-cyber-attacks-month
NSA hacking and spying on EU officials
http://www.net-security.org/secworld.php?id=15169
U.S. intelligence community is out of control |
http://www.cnn.com/2013/07/01/opinion/rothkopf-surveillance-revelations/index.html?
Why the Story on Snowden and the NSA Doesn’t Add Up |
http://www.motherjones.com/kevin-drum/2013/07/nyt-snowden-was-hacker-nsa
The danger of what Edward Snowden has not revealed
http://www.washingtonpost.com/opinions/marc-thiessen-the-danger-of-what-edward-snowden-has-not-revealed/2013/07/01/67f95a18-e251-11e2-aef3-339619eab080_story.html?
HACKED!
http://www.abc.net.au/4corners/stories/2013/05/27/3766576.htm
People’s Republic of China: US should ‘explain hacking activity’ – People’s Daily Online
Uh oh – NSA has compromised US National Security as the People’s Republic of China demands to know why it is being hacked by the Top US Spy Agency….
http://english.peopledaily.com.cn/90883/8284267.html
People’s Republic of China’s Foreign Ministry sets up cyber security office – People’s Daily Online
http://english.peopledaily.com.cn/90883/8285401.html
提醒大家新的APT高峰期即將出現, 新 PDF Exploit CVE-2013-2729 已經用在 APT Email 攻擊中
http://blog.xecure-lab.com/2013/06/apt-pdf-exploit-cve-2013-2729-apt-email.html
Will People’s Republic of China Offer Snowden Freedom in exchange for Information?
http://www.slate.com/blogs/the_slatest/2013/06/14/edward_snowden_reveals_details_of_hong_kong_and_china_nsa_hacking.html
Booz Allen’s Snowden Smuggled Documents From NSA on a Thumb Drive |
http://www.wired.com/threatlevel/2013/06/snowden-thumb-drive/
“Snowden is a ‘card’ that People’s Republic of China never expected… But China is neither adept at nor used to playing it.”
http://althouse.blogspot.com.au/2013/06/snowden-is-card-that-china-never.html
Who’d You Rather Be Watched By: People’s Republic of China, or the U.S.?
http://www.theatlantic.com/china/archive/2013/06/whod-you-rather-be-watched-by-china-or-the-us/276898/
Chinese Telecoms ‘A Security Risk’ To Britain
http://news.sky.com/story/1100187/chinese-telecoms-a-security-risk-to-britain
People’s Republic of China’s Huawei faces UK heat over cyber-attack fears
http://www.theaustralian.com.au/news/world/huawei-faces-uk-heat-over-cyber-attack-fears/story-fnb64oi6-1226658100939
OP Middle Kingdom: People’s Republic of China Becoming The Most Important Factor In Global Gold Markets
http://seekingalpha.com/article/1502512-china-becoming-the-most-important-factor-in-global-gold-markets?
Operation Middle Kingdom ~ Canada…Ottawa delaying Wind Mobile deals on national security concerns
http://www.theglobeandmail.com/report-on-business/security-concerns-delay-wind-deal/article12538800/
PRISM Whistle-Blower: US Has Been Hacking the People’s Republic of China For Years
http://www.techweekeurope.co.uk/news/prism-america-hacking-china-119004?
People’s Republic of China newspaper: Booz Allen’s Snowden could be useful to China
http://www.kimt.com/2013/06/14/china-newspaper-snowden-could-be-useful-to-china/
U.K. Warns on People’s Republic of China’s Huawei Cyber Security Risk
http://online.wsj.com/article/SB10001424127887323844804578529141741985244.html
UK defends China telecom firm deals
http://www.bbc.co.uk/news/uk-politics-22795226
Can N.S.A. Surveillance Be Likened to Chinese Spying?
http://rendezvous.blogs.nytimes.com/2013/06/13/can-n-s-a-surveillance-be-likened-to-chinese-spying/?
People’s Republic of China: U.S. in “Awkward Position” After Latest Hacking Claims
http://chinadigitaltimes.net/2013/06/netizens-on-us-hacking-what-a-hypocrite/?
Booz Allen Whistleblower Edward Snowden claims US targets Chinese computers for cyber attacks
http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10117690/Whistleblower-Edward-Snowden-claims-US-targets-Chinese-computers-for-cyber-attacks.html
Pressure builds on US over Hong Kong civilian hacking allegations
http://www.guardian.co.uk/world/2013/jun/13/hong-kong-demands-us-answer-hacking-allegations
Booz Allen’s Edward Snowden claims US hacks Chinese Military & Political targets
http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10117478/Edward-Snowden-claims-US-hacks-Chinese-targets.html
Chinese State Media Suggest That N.S.A. Disclosures Will Hurt U.S. Ties
http://www.nytimes.com/2013/06/14/world/asia/chinese-media-suggest-nsa-disclosure-will-hurt-us-ties.html?
Australia gets ‘deluge’ of US secret data, prompting a new data facility…Recall Aussie Company Codan was haced by the People’s Republic of China….
http://www.theage.com.au/it-pro/security-it/australia-gets-deluge-of-us-secret-data-prompting-a-new-data-facility-20130612-2o4kf.html
Calls Grow in People’s Republic of China to Press Claim for Okinawa…Now that US Marines are gone to Austraia…we know the PLA will overrun the USAF Base @ Kadena…
http://www.nytimes.com/2013/06/14/world/asia/sentiment-builds-in-china-to-press-claim-for-okinawa.html?&pagewanted=all
Taking the West’s Technology, Leaving its Freedoms – China Digital Times
http://chinadigitaltimes.net/2013/06/taking-the-wests-technology-leaving-its-freedoms/?
How China Got There First: Beijing’s Unique Path to ASBM Development and Deployment
http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40994&cHash=4be1b6f4d1da712a29057d94f181c32c#.UbpnRPaG1JE
Thousands of Iranian Gmail Users Targeted in Attempted Hacks Before Election
http://www.wired.com/threatlevel/2013/06/iran-hack-election/
OWASP Top 10 for 2013 has been released! “Injection” tops the chart again. Download your copy here:
https://www.owasp.org/index.php/Top10
Enjoy –
Semper Fi,
謝謝
紅龍
Good day Folks;
My apologies for the late entry – international travel will do that to a person once in a awhile –
Nonetheless, here is a lengthy compilation of some of the latest International Cyber Situational Awareness for the Beginning of July 2013 –
Remember to search for “OP Middle Kingdom”…
Enjoy!
U.S. to press People’s Republic of China on cyber theft: Lew
http://www.reuters.com/article/2013/07/01/us-treasury-china-idUSBRE96009X20130701
People’s Republic of China Accuses U.S. of Hypocrisy on Cyberattacks |
http://world.time.com/2013/07/01/china-accuses-u-s-of-hypocrisy-on-cyberattacks/?
People’s Republic of China’s Huawei’s Best-Kept Secret: An Army of Engineers
http://blogs.wsj.com/digits/2013/07/01/huaweis-best-kept-secret-an-army-of-engineers/?
U.S. Is a ‘Hacker Empire,’ Says Chinese Military Analyst
http://rendezvous.blogs.nytimes.com/2013/06/26/u-s-is-a-hacker-empire-says-chinese-military-analyst/?
U.S. Prism, Meet People’s Republic of China’s Golden Shield
http://rendezvous.blogs.nytimes.com/2013/06/28/u-s-prism-meet-chinas-golden-shield/?
LAP Green & the People’s Republic of China’s Huawei ink settlement agreement
http://www.telegeography.com/products/commsupdate/articles/2013/07/01/lap-green-huawei-ink-settlement-agreement/?
The Willie Suttons of the Cyberage – Can we stop bad guys from getting into U.S. networks? |
http://www.foreignpolicy.com/articles/2013/06/26/the_willie_suttons_of_the_cyberage_cybercrime?page=full
JFQ-70: Unpacking Cyberwar: The Sufficiency of the Law of Armed Conflict in the Cyber Domain
http://www.ndu.edu/press/unpacking-cyberwar.html
Awaiting Cyber 9/11
http://www.ndu.edu/press/awaiting-cyber-9-11.html
Snowden spy row grows as US is accused of hacking People’s Republic of China
http://www.guardian.co.uk/world/2013/jun/22/edward-snowden-us-china
EXCLUSIVE: NSA targeted People’s Republic of China’s Tsinghua University in extensive hacking attacks
“…Tsinghua University, widely regarded as the mainland’s top education and research institute, was the target of extensive hacking by US spies this year.”
http://www.scmp.com/news/china/article/1266892/exclusive-nsa-targeted-chinas-tsinghua-university-extensive-hacking
EXCLUSIVE: US hacked Pacnet, Asia Pacific fibre-optic network operator, in 2009
http://www.scmp.com/news/hong-kong/article/1266875/exclusive-us-hacked-pacnet-asia-pacific-fibre-optic-network-operator
EXCLUSIVE: Ex-Booz Hamilton NSA Contractor safe in Hong Kong, more US cyberspying details revealed
http://www.scmp.com/news/hong-kong/article/1266777/exclusive-snowden-safe-hong-kong-more-us-cyberspying-details-revealed
US hacks Chinese mobile phones: Booz Hamilton Contractor: US National Security FAIL
http://www.theaustralian.com.au/news/breaking-news/us-hacks-chinese-mobile-phones-snowden/story-fn3dxix6-1226668185301
Civic Party demands the US respond to hacking claims
http://www.scmp.com/news/hong-kong/article/1266716/civic-party-demands-us-respond-hacking-claims
Edward Snowden alleges US hacking People’s Republic of China phone firms
http://www.adelaidenow.com.au/news/world/edward-snowden-alleges-us-hacking-china-phone-firms/story-fnd11ay0-1226668186230
People’s Republic of China completes internet monitoring scheme in Tibet
http://www.guardian.co.uk/world/2013/jun/19/china-internet-monitoring-tibet
Xi Jinping’s Decade And The Future Of Sino-American Relations – Analysis
http://www.eurasiareview.com/22062013-xi-jinpings-decade-and-the-future-of-sino-american-relations-analysis/?
People’s Republic of China’s Xi harks back to Mao in party ‘cleanup’
http://wanderingchina.org/2013/06/20/chinas-xi-harks-back-to-mao-in-party-cleanup-ap-risingchina-corruption/
What to Make of Xi Jinping’s Maoist Turn
http://wanderingchina.org/2013/06/22/what-to-make-of-xi-jinpings-maoist-turn-wsj-risingchina-newleadership/
Hagel Vows to Prioritize Cyber, Nuclear Capabilities…Si vis pacem, para bellum
US DoD Defense.gov News Article…矽對海洋和平,帕拉戰爭
http://www.defense.gov/news/newsarticle.aspx?id=120339
People’s Republic of China: U.S. should not hold multiple standards in cyber world – People’s Daily Online
http://english.peopledaily.com.cn/90786/8290745.html
People’s Republic of China ~ Snowden spying claims rejected – People’s Daily Online
http://english.peopledaily.com.cn/90883/8287831.html
U.S. charges Snowden with espionage
http://www.washingtonpost.com/world/national-security/us-charges-snowden-with-espionage/2013/06/21/507497d8-dab1-11e2-a016-92547bf094cc_story.html
Edward Snowden: US government has been hacking Hong Kong and People’s Republic of China for years
http://www.scmp.com/news/hong-kong/article/1259508/edward-snowden-us-government-has-been-hacking-hong-kong-and-china
Snowden’s Leaks on People’s Republic of China Could Affect Its Role in His Fate |
http://www.nytimes.com/2013/06/15/world/asia/ex-nsa-contractors-disclosures-could-complicate-his-fate.html?
Chinese Ministry of Foreign Affairs sets up cyberdiplomacy office
http://www.scmp.com/news/china/article/1261181/chinese-ministry-foreign-affairs-sets-cyberdiplomacy-office
People’s Republic of China asks U.S. to explain Internet surveillance
http://www.reuters.com/article/2013/06/17/us-usa-security-china-idUSBRE95G06R20130617
People’s Republic of China’s Huawei, ZTE see vindication amid US cyber-spying scandal
http://www.scmp.com/business/companies/article/1263200/huawei-zte-see-vindication-amid-us-cyber-spying-scandal
People’s Republic of Acquisition: Nokia stock rises on rumors of Huawei acquisition
Operation Middle Kingdom – Finalnd technology now acquistion target of People’s Republic of China’s HUAWEI
http://www.washingtonpost.com/business/technology/nokia-stock-rises-on-rumors-of-huawei-acquisition/2013/06/18/3aca3fba-d83a-11e2-a016-92547bf094cc_story.html?
People’s Republic of China completes Internet, phone monitoring scheme for Tibet
http://www.reuters.com/article/2013/06/19/china-tibet-idUSL3N0EV1W920130619
People’s Republic of China’s Huawei says has no plans to buy Nokia
http://www.crn.com.au/News/347193,huawei-says-has-no-plans-to-buy-nokia.aspx
Soft Power: A U.S.-China Battleground?
http://thediplomat.com/china-power/soft-power-a-u-s-china-battleground/?
People’s Republic of China’s tyranny of uniqueness
http://cmp.hku.hk/2013/06/14/33486/
Reforming the People’s Republic of China’s State-Owned Enterprises
http://thediplomat.com/2013/06/19/reforming-chinas-state-owned-enterprises/?
People’s Republic of China lands three astronauts on Tiangong-1 space station
http://www.guardian.co.uk/world/2013/jun/13/china-astronauts-tiangong-1-space-station
Home Office Throws £4m At Educating Britain On Cyber Security
Awareness push from government celebrated by industry
http://www.techweekeurope.co.uk/news/home-office-4m-cyber-security-awareness-119696?
Report: UK spies hacked foreign diplomats
http://www.news.com.au/technology/report-uk-spies-hacked-foreign-diplomats/story-e6frfro0-1226665303140
GCHQ taps fibre-optic cables for secret access to world’s communications
http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa?CMP=twt_gu
People’s Republic of China diversifies UK interests as Dalian Wanda invests £1bn in luxury brands
http://www.guardian.co.uk/business/2013/jun/19/china-uk-interests-dalian-wanda-luxury-brands
Use Tor, Get Targeted By the NSA –
http://yro.slashdot.org/story/13/06/21/1443204/use-tor-get-targeted-by-the-nsa?u
What the NSA Does With the Data It Isn’t Allowed to Keep
http://www.nextgov.com/cloud-computing/2013/06/what-nsa-does-data-it-isnt-allowed-keep/65324/
Schneier on Security: US Offensive Cyberwar Policy
http://www.schneier.com/blog/archives/2013/06/us_offensive_cy.html?
The keyboard: The weapon of choice in new type of warfare
http://www.irishexaminer.com/lifestyle/features/the-keyboard-the-weapon-of-choice-in-new-type-of-warfare-234768.html
Iran oil ministry denies cyber attack
http://en.trend.az/regions/iran/2164035.html
Semper Fi,
謝謝紅龍