Cyber Threat SA from Abu Dhabi Homeland Security Summit Middle East

Good day from Abu Dhabi, Additional Cyber Threat Situational Awareness @ the Homeland Security Summit Middle East –

People’s Republic of China High-ranking Military Spies Woo Australia Business Leaders


http://chinaview.wordpress.com/2013/05/26/china-high-ranking-military-spies-woo-australia-business-leaders/

Watch a Chinese “Cyber Espionage Unit” Steal Files from an American Hard Drive in Real-Time

See it @
http://motherboard.vice.com/read/watch-a-chinese-cyber-espionage-unit-steal-files-from-an-american-hard-drive

People’s Republic of China PLA’s “Department of Enemy Work” Reachs Out to Western Elites in Australia and US


http://chinaview.wordpress.com/2013/05/26/china-armys-department-of-enemy-work-reachs-out-to-western-elites-in-australia-and-us/

No Chrome, No Firefox: Why Chinese Online Banking Still Requires Internet Explorer


http://www.techinasia.com/chrome-firefox-chinese-online-banking-requires-internet-explorer/

People’s Republic of China’s Huawei: ‘trust us, we are being transparent’


http://www.theregister.co.uk/2013/05/28/huawei_trust_us_we_are_being_transparent/

People’s Republic of China’s Huawei’s Middle East Revenue Up 18% – ChinaTechNews.com –


http://www.chinatechnews.com/2013/05/28/19369-huaweis-middle-east-revenue-up-18

ASIO hack: Julia Gillard defends intelligence funding for spy agency after Four Corners report


http://www.abc.net.au/news/2013-05-28/gillard-defends-intelligence-funding-in-wake-of-asio-hack/4718166

People’s Republic of China dismisses Australian spy HQ hacking claims


http://www.guardian.co.uk/world/2013/may/28/china-asio-australian-spy-hq-hacking-claims

People’s Republic of China ‘hacked’ new Australian spy HQ | News | DW.DE | 28.05.2013


http://www.dw.de/china-hacked-new-australian-spy-hq/a-16841717?maca=en-rss-en-all-1573-xml-atom

Telecoms official: G20 could be platform for cybersecurity


http://www.euractiv.com/infosociety/huawei-cyber-chief-use-g20-platf-interview-528069?

Iran’s approaching vote brings receding Web access


http://www.sfgate.com/business/technology/article/Iran-s-approaching-vote-brings-receding-Web-access-4551232.php

New Computer Attacks Traced to Iran, Officials Say


http://www.nytimes.com/2013/05/25/world/middleeast/new-computer-attacks-come-from-iran-officials-say.html?

This Pentagon Project Makes Cyberwar as Easy as Angry Birds | Danger Room | Wired.com


http://www.wired.com/dangerroom/2013/05/pentagon-cyberwar-angry-birds/

Frustrated Chinese send complaints to White House website


http://www.guardian.co.uk/world/2013/may/28/chinese-complaints-white-house-website

Semper Fi,

謝謝

紅龍

An Explanation of Our HoneyPoint Internet Threat Monitoring Environment #HITME #security

One of the least understood parts of MicroSolved is how the HoneyPoint Internet Threat Monitoring Environment (#HITME) data is used to better protect our customers. The engineers have asked me to drop this line into the newsletter and give you a “bees knees” perspective of how it works! First, if you don’t know about the #HITME, it is a set of deployed HoneyPoints that gather real world, real time attacker data from around the Internet. The sensors gather attack sources, frequency, targeting information, vulnerability patterns, exploits, malware and other crucial event data for the technical team at MSI to analyze. You can even follow the real time updates of attacker IPs and target ports on Twitter by following @honeypoint or the #HITME hash tag. MSI licenses that data under Creative Commons, non-commercial for FREE as a public service to the security community.

That said, how does the #HITME help MSI better protect their customers? Well, first, it allows folks to use the #HITME feed of known attacker IPs in a blacklist to block known scanners at their borders. This prevents the scanning tools and malware probes from ever reaching you to start with. Next, the data from the #HITME is analyzed daily and the newest, bleeding edge attack signatures get added to the MSI assessment platform. That means that customers with ongoing assessments and vulnerability management services from MSI get continually tested against the most current forms of attack being used on the Internet. The #HITME data also gets updated into the MSI pen-testing and risk assessment methodologies, focusing our testing on real world attack patterns much more than vendors who rely on typical scanning tools and back-dated threats from their last “yearly bootcamp”.

The #HITME data even flows back to the software vendors through a variety of means. MSI shares new attacks and possible vulnerabilities with the vendors, plus, open source projects targeted by attackers. Often MSI teaches those developers about the vulnerability, the possibilities for mitigation, and how to perform secure coding techniques like proper input validation. The data from the #HITME is used to provide the attack metrics and pattern information that MSI presents in its public speaking, “State of the Threat,” the blog, and other educational efforts. Lastly, but certainly not least, MSI provides an ongoing alerting function for organizations whose machines are compromised. MSI contacts critical infrastructure organizations whose machines turn up in the #HITME data and works with them to mitigate the compromise and manage the threat. These data-centric services are provided, pro-bono, in 99% of all of the cases!

If your organization would be interested in donating an Internet facing system to the #HITME project to further these goals, please contact your account executive. Our hope is that the next time you hear about the #HITME, you’ll get a smile on your face knowing that the members of my hive are working hard day and night to protect MSI customers and the world at large. You can count on us, we’ve got your back!