Category Archives: General InfoSec

International Cyber Threat Situational Awareness…

Posted on by
Reply

Good morning Folks;

Here is a very comprehensive list of the latest International Cyber Threat Situational Awareness…

Silicon Valley at front line of global cyber-war…People’s Republic of China dominates US

http://gadgets.ndtv.com/internet/news/silicon-valley-at-front-line-of-global-cyber-war-375258

China’s military to drill on digitalized forces – Xinhua | English.news.cn

http://news.xinhuanet.com/english/china/2013-05/29/c_132415053.htm

OP Middle Kingdom: PLA joint cyberwarfare drill to show new strength and sophistication
The People’s Liberation Army will conduct its first joint combat drills involving cyberwarfare, special troops, army aviation and electronic countermeasures units next month to test the integration and co-ordination of its land and air forces, state media reported yesterday.

http://asitimes.blogspot.com/2013/05/pla-joint-cyberwarfare-drill-to-show.html

People’s Republic of China Developing ‘Digital’ Military Forces

http://www.thetelecomblog.com/2013/05/30/china-developing-digital-military-forces/

PLA joint cyberwarfare drill to show new strength and sophistication

http://www.scmp.com/news/china/article/1249255/pla-prepares-massive-drill-show-its-new-strength-and-sophistication

Chinese army to include digital forces in June military drill
The drill will be carried out in late June at the Zhurihe training base in North China’s Inner Mongolia autonomous region, which is the country’s largest military field, it said. Forces from the Beijing Military Area Command, as well as eight military academics will be participating.

http://www.zdnet.com/cn/chinese-army-to-include-digital-forces-in-june-military-drill-7000016008/

People’s Republic of China Doesn’t Care if Its ‘Digitalized’ Military Cyberwar Drill Scares You

http://www.theatlanticwire.com/technology/2013/05/china-cyberwar-drill/65678/

People’s Republic of China army to conduct first digital exercise

http://www.reuters.com/article/2013/05/29/us-china-defence-idUSBRE94S03O20130529

People’s Republic of China army to conduct first “digital” exercise

http://news.yahoo.com/china-army-conduct-first-digital-exercise-022542367.html

People’s Republic of China’s Huawei Denies Involvement in US Cyber-Attacks

http://www.thetelecomblog.com/2013/05/10/huawei-denies-involvement-in-us-cyber-attacks/

People’s Republic of China’s Huawei Security Chief: We Are the Most “Poked” Company in the World

http://news.softpedia.com/news/Huawei-Security-Chief-We-Are-the-Most-Poked-Company-in-the-World-356340.shtml

People’s Republic of China Denies Stealing New ASIO Headquarters Plans
Chinese military spokeswoman says ” we have already colonized Australia, why would we steal anything?”

http://news.softpedia.com/news/China-Denies-Stealing-New-ASIO-Headquarter-Plans-356487.shtml

People’s Republic of China’s digitalized troops begin to take shape – People’s Daily

http://english.peopledaily.com.cn/90786/8245879.html

People’s Republic of China willing to hold dialogues with U.S. on cyber security – People’s Daily

http://english.peopledaily.com.cn/90786/8269498.html

People’s Republic of China’s Doublethink on the Law of the Sea

http://thediplomat.com/the-naval-diplomat/2013/06/05/chinas-doublethink-on-the-law-of-the-sea/?

Tiananmen Square online searches censored by Chinese authorities

http://www.guardian.co.uk/world/2013/jun/04/tiananmen-square-online-search-censored

People’s Republic of China signals hunger for Arctic’s mineral riches
Operation Middle Kingdom focuses on further colonization of Iceland and eventually most of Scandinavia including Norway….

http://www.guardian.co.uk/environment/2013/jun/04/china-arctics-mineral-riches

Xi Jinping’s Chinese Dream
People’s Republic of China’s President Xi Jinping decsribes Operation Middle Kingdom as the reformist/nationalist view aka The Chinese Dream

http://www.nytimes.com/2013/06/05/opinion/global/xi-jinpings-chinese-dream.html?partner=rssnyt&emc=rss&_r=0&pagewanted=all

Soft Power? The People’s Republic of China Has Plenty
Great article defining Operation Middle Kingdom and the colonization of Australia, British Isles and Canada….

http://thediplomat.com/2013/06/04/soft-power-china-has-plenty/?all=true

TAIWAN: President Ma takes part in computerized war games

http://www.chinapost.com.tw/taiwan/national/national-news/2013/05/29/379836/President-Ma.htm

Commentary: People’s Republic of China should publish report on U.S. military power – People’s Daily

http://english.peopledaily.com.cn/90786/8244270.html

People’s Republic of China, Canada sign initiative on military cooperation – People’s Daily
OP Middle Kingdom – the People’s Republic of China now successful in adding Canada as the latest country to be colonized…United Kingdom and Australia have already initiated mandatory “Learn Chinese” courses…

http://english.peopledaily.com.cn/90786/8269530.html

Chinese defense minister meets Canadian Minister of National Defence – People’s Daily

http://english.peopledaily.com.cn/90786/8268981.html

Intellectual property theft detection is the best prevention

http://www.scmagazineuk.com/intellectual-property-theft–detection-is-the-best-prevention/article/295643/

IT security: M&A transactions are a different matter

http://www.scmagazineuk.com/it-security-ma-transactions-are-a-different-matter/article/295689/

American Gets Targeted by Digital Spy Tool Sold to Foreign Governments

http://www.wired.com/threatlevel/2013/06/spy-tool-sold-to-governments/

Google believes zero-day vulnerabilities should be responded to within a week

http://www.scmagazineuk.com/google-believes-zero-day-vulnerabilities-should-be-responded-to-within-a-week/article/295641/

DEFEATING INTERNET BLOCKING WITH LAHANA VPN-TOR BRIDGE

http://threatpost.com/defeating-internet-blocking-with-lahana-vpn-tor-bridge/

Microsoft to offer threat data in ‘near real-time’ to Certs and ISPs

http://www.scmagazineuk.com/microsoft-to-offer-threat-data-in-near-real-time-to-certs-and-isps/article/295448/

Semper Fi,

謝謝
紅龍

Ask the Experts: Travel Abroad with Electronics

Posted on by
6

This time around, a reader wrote in with a very common question:

Q: “A member of my management team is about to go on a business trip to a country with known cyber-spying capabilities. She wants to take her phone, tablet and laptop so she can be productive on the road. What can I do to make this safer for her and our organization without restricting her work capability on the road in an unreasonable manner?”

Adam Hostetler opened with: 

The standard here is don’t bring anything electronic, if you can help it. In most cases, that’s not probable so don’t bring your normal personal phones or laptops, no smartphone at all is advisable. Bring loaner devices that have only exactly what they need and can be burned when they get back. Only connect through a VPN, and have that account monitored on the other end. Don’t leave phone or laptop in a hotel room, even in the safe, and don’t talk business there either.

Jim Klun added:

There is likely no way to do this without restricting – or at least significantly changing – the way she works. 

It has to be assumed that any information on her personal devices will be compromised. 
It also can be assumed that any information flowing between her devices and the outside world will be compromised. 

I would recommend two things:

1. Take only what you can afford to lose. Communicate only what you can afford to lose. 

        So – take a small number of devices (e.g. phone, laptop) minimally configured with only that information absolutely required for this trip. 
        Better to have corporate staff respond to email requests from her rather than to allow access to critical corporate resources from suspect location. 
        If internal connectivity to corporate resources must be allowed ( e.g VPN) it should be ideally require 2-factor auth of some sort, use strong encryption, and grant access only to a limited subset of resources. 
        All credentials can be assumed to be lost – hence the utility of two-factor.  All of the employees credentials should be changed on return. 

        All devices brought back should be assumed to be compromised and will need complete re-imaging. 
                

2.  Consider creating “go-kits” and well-defined repeatable processes for employees who travel to such locations. 

     A special set of devices ( laptop, phone, etc) that are minimally configured and can be wiped on return.  No personally owned devices should be allowed. 
     Connectivity for those devices – if absolutely needed – that allows access only to a tightly restricted and monitored subset of internal corporate resources. 
     Most importantly – training for employees who make these trips.  The employee must understand the special risks being incurred and be aware of their responsibility to protect the company and the companies existing customers.   
      As above – all of the employees credentials should be changed on return.

Bill Hagestad summed it up with this: 

This one is near and dear to my heart…I call these rules of counter cyber espionage the  李侃如的中國旅遊規則 (Lieberthal’s China Travel Rules)

Cellphone and laptop @ home brings “loaner” devices, erased before he leaves home country & wiped clean immediately upon returns;

In China, disable Bluetooth & Wi-Fi, phone never out of his sight;

In meetings, not only turn off his phone but also remove battery, microphone could be turned on remotely;

Connect to the Internet only via encrypted, password-protected channel, copies & pastes his password from a USB thumb drive;

Never type in a password directly, “the Chinese are very good at installing key-logging software on your laptop.”

The article can be found @ http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all

Brent Huston closed with:

Any electronic items they do take on the road with them should be current on patches, AV signatures and detection capabilities. All data, drives, systems, etc. should be strongly encrypted when possible to do so (Pay special attention to export restrictions on crypto depending on where they are going.) Also, turn and burn EVERYTHING when they come back. Treat all media and data obtained during the travel as suspicious or malicious in nature. Trojans of data and documents are common (and usually they scan as clean with common tools). This is especially true for high value targets and critical infrastructure clients. Trust us! Safe travels! 

李侃如的中國旅遊規則

(Lieberthal’s China Travel Rules)


ØCellphone and laptop home brings “loaner” devices, erased before he leaves home country & wiped clean immediately upon returns;
ØIn China, disable Bluetooth Wi-Fi, phone never out of his sight;
ØIn meetings, not only turn off his phone but also remove batterymicrophone could be turned on remotely;
ØConnect to the Internet only via encrypted, password-protected channel, copies & pastes his password from a USB thumb drive;
ØNever types in a password directly, “the Chinese are very good at installing key-logging software on your laptop.”

Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?!

Posted on by
1

Good morning Folks..Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?! All this and a bag of chips…

People’s Republic of China’s digitalized troops begin to take shape
http://english.peopledaily.com.cn/90786/8245879.html

What to Expect June 4, People’s Republic of China’s Unofficial and Orwellian ‘Internet Maintenance Day’
http://www.techinasia.com/june-4-china-unofficial-orwellian-internet-maintenance-day/

People’s Republic of China’s Government is Stifling Tech Innovation and Prolonging Social Problems
http://www.techinasia.com/chinas-government-stifling-tech-innovation-prolonging-social-problems/

Raspberry Pi: Beating the Censorship of The People’s Republic of China’s Great Firewall
http://www.techinasia.com/censorship-china-great-firewall-raspberry-pi/

US & People’s Republic of China to discuss cybersecurity at high-level diplomatic meetings
United States is next target of OP Middle Kingdom…colonization by the People’s Republic of China….
http://www.guardian.co.uk/world/2013/jun/02/us-china-cybersecurity-hacking-espionage-meetings

US Sec Def Chuck Hagel accuses People’s Republic of China of ‘cyber intrusions’ on US
Didn’t Hagel get the memo from POTUS…?
http://www.telegraph.co.uk/news/worldnews/asia/china/10092909/Chuck-Hagel-accuses-China-of-cyber-intrusions-on-US.html

What happens when People’s Republic of China hacks U.S. weapons designs?
http://killerapps.foreignpolicy.com/posts/2013/05/31/what_happens_when_china_hacks_us_weapons_designs

People’s Republic of China, US agree to talks on cyber theft and espionage
http://www.theage.com.au/it-pro/security-it/china-us-agree-to-talks-on-cyber-theft-and-espionage-20130602-2nk06.html

Hackers Are Spying On You: Inside the World of Digital Espionage
http://www.thedailybeast.com/newsweek/2013/05/29/hackers-are-spying-on-you-inside-the-world-of-digital-espionage.html

Hagel says Chinese cyberattacks a “growing threat” People’s Republic of China |
http://www.homelandsecuritynewswire.com/dr20130603-hagel-says-chinese-cyberattacks-a-growing-threat

US Cyber Chief: Military Is Unprepared for Hacking
http://thediplomat.com/the-editor/2013/05/31/us-cyber-chief-military-is-unprepared-for-hacking/?

Government-developed standards not an effective cybersecurity approach..Hire the People’s Republic of China
http://www.homelandsecuritynewswire.com/dr20130602-governmentdeveloped-standards-not-an-effective-cybersecurity-approach-analyst

Why the US needs People’s Republic of China’s Huawei more than Huawei needs the US
http://gigaom.com/2013/05/31/why-the-us-needs-huawei-more-than-huawei-needs-the-us/

Australian Defence electronics manufacturer hacked by Chinese
http://www.manmonthly.com.au/features/defence-electronics-manufacturer-hacked-by-chinese

If Britain wants greater prosperity, we need to look East to People’s Republic of China
United Kingdom colonization by People’s Republic of China is now complete…OP Middle Kingdom
http://www.telegraph.co.uk/news/worldnews/asia/china/10092754/If-Britain-wants-greater-prosperity-we-need-to-look-East-to-China.html

Kuwait Commercial and government enterprise market key to Huawei’s growth in 2013 | Huawei Technologies
http://www.ameinfo.com/kuwait-commercial-government-enterprise-market-key-344164

Los Alamos director: cyber-securing U.S. electrical grid key to energy security
http://www.homelandsecuritynewswire.com/dr20130602-los-alamos-director-cybersecuring-u-s-electrical-grid-key-to-energy-security

An Elizabethan Cyberwar
http://www.nytimes.com/2013/06/01/opinion/an-elizabethan-cyberwar.html?src=recg

A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 | Atlantic Council
http://www.acus.org/afiercedomain

U.S. & People’s Republic of China to Hold Regular Talks on Hacking
http://www.nytimes.com/2013/06/02/world/asia/us-and-china-to-hold-talks-on-hacking.html?src=recg

People’s Republic of China Rapidly Taking Over World Economically
http://www.newsmax.com/Newsfront/chine-buying-corporations-economic/2013/06/02/id/507585

People’s Republic of China Reaps Biggest Benefits of Iraq Oil Boom
http://www.nytimes.com/2013/06/03/world/middleeast/china-reaps-biggest-benefits-of-iraq-oil-boom.html?

People’s Republic of China And The Biggest Territory Grab Since World War II
http://www.forbes.com/sites/gordonchang/2013/06/02/china-and-the-biggest-territory-grab-since-world-war-ii/

People’s Republic of China’s Economic Empire
http://www.nytimes.com/2013/06/02/opinion/sunday/chinas-economic-empire.html?_r=2&pagewanted=all

How to Play Well With People’s Republic of China
http://www.nytimes.com/2013/06/02/opinion/sunday/how-to-play-well-with-china.html?_r=0&smid=tw-share&pagewanted=all

China Voice: Pentagon report deviates from building trust – People’s Daily Online
http://english.peopledaily.com.cn/90786/8237325.html

People’s Republic of China skeptical of expanded US role in the Pacific
http://www.apnewsarchive.com/2013/China-questions-expanded-US-role-in-the-Pacific;-Hagel-warns-Beijing-on-computer-based-attacks/id-526b8c8f680443d9ac415836133521be

Chinese navy begins US economic zone patrols – FT.com
US Navy Admiral Samual Locklear says”It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….
http://www.ft.com/intl/cms/s/0/02ce257e-cb4a-11e2-8ff3-00144feab7de.html

Chinese general reveals ‘strategy’ for Panatag takeover
Major General Zhang Zhaozhong reflects on US Navy Admiral Samual Locklear comments “It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….
http://www.philstar.com/headlines/2013/05/31/948591/chinese-general-reveals-strategy-panatag-takeover?

People’s Republic of China accused the U.S. of interfering in China’s internal affairs by the June incident
中国指责美国借六四事件干涉中国内政 – 中国数字时代
https://kexueshangwang.info/chinese/2013/06/bbc-中国指责美国借六四事件干涉中国内政/?

People’s Republic of China’s Ministry of Truth: Japan-Africa, South China Sea – China Digital Times (CDT)

Ministry of Truth: Japan-Africa, South China Sea

People’s Republic of China warns U.N. against ‘irresponsible remarks’ on North Koreans | Reuters
http://uk.reuters.com/article/2013/06/03/uk-korea-north-china-idUKBRE9520AB20130603

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

Hacking the Drone War’s Secret History
http://www.wired.com/dangerroom/2013/05/drone-api/

Hackers Spawn Web Supercomputer on Way to Chess World Record
http://www.wired.com/wiredenterprise/2013/06/43651/

USSR’s old domain name attracts cybercriminals
http://news.yahoo.com/ussrs-old-domain-name-attracts-cybercriminals-070143935.html

U.S. Targets Iran’s Petrochemical Industry
http://www.nytimes.com/2013/06/01/world/middleeast/us-targets-irans-petrochemical-industry.html?src=recg

Iran prepared to counter US cyber threats: Lawmaker
http://www.presstv.ir/detail/2013/06/01/306540/iran-ready-to-counter-us-cyber-threats/

Marine Corps prepares to cut cord on NMCI…NON MISSION CAPABLE INTERNET…
http://www.federalnewsradio.com/412/3342421/Marine-Corps-prepares-to-cut-cord-on-NMCI

Back to the Basics: Chess, Poker & the Future of Warfare
http://smallwarsjournal.com/jrnl/art/back-to-the-basics-chess-poker-the-future-of-warfare

Interpol filter scope creep: ASIC ordering unilateral website blocks

Interpol filter scope creep: ASIC ordering unilateral website blocks


Anticipating Cyber Threats Beyond APT
http://blog.zeltser.com/post/50497161014/anticipating-cyber-threats-beyond-apt

Semper Fi,

謝謝

紅龍

HoneyPoint Used to Confirm Skype URL Indexing

Posted on by
4

Last week, several sources were talking about the indexing of URLs that happen inside supposedly secure and private Skype sessions. There was a bit of press about it and we thought it would be fun to test it out and easy to do with HoneyPoint Personal Edition. Here’s how we did it:

  • First, we stood up a HoneyPoint Personal Edition and dilated port 80 with a web listener. We configured it to look like a default under construction page on an IIS box. We then exposed it to the Internet.
  • In order to cut down on noise from scanning while we were testing, we decided we would use a target page in our test URL of vixennixie.htm, since scanners aren’t generally looking for that page, if we get scanned while we are testing, it won’t interfere with our data gathering and analysis.
  • Next, we created a Skype chat between to members of the team and made sure each of us was configured for full security.
  • Once this was confirmed, we passed the URL: http://target_ip/vixennixe.htm between us. The time was 1:13pm Eastern.
  • Then, we waited.
  • Lo and behold, we got this nearly 12 hours later:

                     2013-05-22 01:09:45 – HoneyPoint received a probe from 65.52.100.214 on port 80 Input: HEAD /vixennixie.htm HTTP/1.1 Host: target_ip Connection: Keep-Alive

A whois of 65.52.100.214 shows:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# Query terms are ambiguous. The query is assumed to be:
# “n 65.52.100.214”
#
# Use “?” to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=65.52.100.214?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 65.52.0.0 – 65.55.255.255
CIDR: 65.52.0.0/14
OriginAS:
NetName: MICROSOFT-1BLK
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
RegDate: 2001-02-14
Updated: 2012-03-20
Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1

OrgName: Microsoft Corp
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2011-04-26
Ref: http://whois.arin.net/rest/org/MSFT

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com
OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN

RTechHandle: ZM23-ARIN
RTechName: Microsoft Corporation
RTechPhone: +1-425-882-8080
RTechEmail: noc@microsoft.com
RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

I’ll leave it to the reader to decide what they think about the data. You can draw your own conclusions. We just appreciated yet another use for HoneyPoint and a quick and dirty project to play with. Thanks for reading!

Save The Date: June 10 is CMHSecLunch

Posted on by
8

Save the date of June 10th for the next CMHSecLunch. This month’s event is at the Polaris Mall food court. It’s 11:30 to 1pm.

As usual, you can sign up here. You can also talk to @cahnee about it on Twitter if you would prefer. She can help you find folks wherever we meet.

The event is FREE, open to anyone interested in IT and InfoSec. You can brown bag it, or get food from the vendors. But, the conversations are amazing. You get to see old friends and make some new ones. Check it out! 

Cyber News Today from Homeland Security Middle East – Abu Dhabi, UAE

Posted on by
3

Happy Memorial Day Readers;

The Red Dragon and MicroSolved are at the Homeland Security Summit- Middle East taking place in Abu Dhabi, United Arab Emirates…

Latest World Cyber News you should be maintaining cyber situational awareness on comes to you today after 6 different flights across 4 different continents and a total of 30,000 airmiles…oh yes 5 hours of sleep –

Nonetheless – here are some developing stories out of the International Cyber World….

General Alexander – Four-star general in eye of U.S. cyber storm… Read more @ http://newsle.com/article/0/76523525/

The covert battle over Beijing’s defence policy heats up…People’s Republic of China gets into the business of making friends

Read more @ http://www.smh.com.au/world/china-gets-into-the-business-of-making-friends-20130524-2k6q3.html#ixzz2UTeO2Fht

People’s Republic of China’s Huawei a victim of its success

Read more @: http://www.chinadaily.com.cn/cndy/2013-05/25/content_16530834.htm &
http://wanderingchina.org/2013/05/26/huawei-a-victim-of-its-success-china-daily-risingchina-trade/

All for now from the Middle East…more to come as the world wakes to a new day…

Semper Fi,

謝謝

紅龍

What YOU Can Do About International Threats

Posted on by
4

Binary eye

With the addition of RedDragon Rising (@RedDragon1949) to the blog, we are now pushing forth a new stream of threat data and insights about the growing problem of international threats. Since we added that content to the site, many of you have written in or asked me on Twitter, what is it that YOU can do about these threats? I wanted to take a few minutes and expand on my responses.

First of all, you can remain aware and vigilant. Much of the information we post here isn’t directly actionable. It isn’t designed to be a roadmap of actions for you to take. It’s designed to be a continual source of data that slowly helps you see a clearer picture of the threat, the actors and their capability. It’s designed to keep you AWAKE. It’s custom made to help you understand your adversary. Knowledge is power and insight is key. We make this content to give you both!

Second, you can communicate the threat and knowledge to your management. This helps them remain aware. It also presents to them that you are monitoring the threats and keeping your eye on the rising tides, even as you help them steer the ship through safe waters. You can use this information to build rapport with them, to give them new insights into your decisions when you explain to them various risks and to help them understand the changing nature of the interconnected world.

You can use the information here as an impetus to get the basics of information security right. While there aren’t any panaceas to fight off the threat and there isn’t a single thing you can buy to make it better ~ we do know that focusing on the basics of infosec and getting them done efficiently, effectively and well is the best defense against a variety of threats. That said, consider doing a quick and dirty review of your security initiatives against our 80/20 Rule for Information Security. This is a set of simple projects that represent the basics of information security and map easily to other standards and baselines. Simply judging your maturity in these areas and following the roadmap to improvement will go a long way to getting the basics done right in your organization. 

Invest in detection and response. If your organization is doing the basics of prevention, that is you have hardening in place and are performing ongoing assessment and mitigation of your attack surfaces, then the next thing to do is invest in detection and response capabilities. Today, one of the largest advantages that attackers enjoy is the lack of visibility and effective response capabilities in our organizations. You should have some visibility into every segment and at every layer of your environment. You should be able to identify compromises in a timely manner and move to isolate, investigate and recover from any breaches LONG BEFORE they have become widespread and heavily leveraged against you. If you can’t do that today, make it your next major infosec goal. Need help?Ask us about it.

Lastly, share information with your peers. The bad guys are good at information sharing. They have excellent metrics. They openly share their experiences, successes, failures and new techniques. Much of crime and espionage (not all, but MUCH) is “open source” in nature. The cells of attackers free float in conglomerations of opportunity.  They barter with experience, tools, data and money. They share. The more we begin to share and emulate their “open source” approaches, the better off we can be at defending. If knowledge is power, more brains with more knowledge and experience equals MORE POWER. Be a part of the solution.

That’s it for now. Just remain calm, get better at the basics, improve your visibility and stay vigilant. As always, thanks  for reading State of Security and for choosing MicroSolved as your information security partner. We are striving to dig deeper, to think differently and to give you truly actionable intelligence and threat data that is personalized, relevant to your organization and meaningful. If you’d like to hear more about our approach and what it can mean for your organization, get in touch via Twitter (@lbhuston), email (info(at)microsolved/dot/com) or phone (614-351-1237 ext 250). 

Latests News from AusCERT 2013 & the People’s Republic of Hacking…

Posted on by
2

G’day from Gold Coast, Australia and AusCERT 2013!

The persistent nature about the People’s Republic of Hacking, er, umm, sorry, China, is ceaseless…

People’s Republic of China’s Huawei Vows Revenge On U.S. Competitors Who Drag Its Name Through The Mud

http://au.businessinsider.com/huawei-fighting-back-against-cisco-hp-and-dell-2013-5?

Hackers Find People’s Republic of China Is Land of Opportunity ** AWESOME ARTICLE **

http://www.nytimes.com/2013/05/23/world/asia/in-china-hacking-has-widespread-acceptance.html?&pagewanted=all

Google hackers wanted intel on People’s Republic of Chinese spook monitoring

http://www.scmagazine.com.au/News/344069,google-hackers-wanted-intel-on-chinese-spook-monitoring.aspx?

Chinese hackers said to have accessed law enforcement targets
Cyber marauders sought more than just information on activists — they wanted access to FBI, DOJ investigations on spies in the U.S.

http://www.computerworld.com/s/article/9239440/Chinese_hackers_said_to_have_accessed_law_enforcement_targets?

3 N.Y.U. Scientists Accepted Bribes From People’s Republic of China, U.S. Says

http://www.nytimes.com/2013/05/21/nyregion/us-says-3-nyu-scientists-took-bribes-to-reveal-work-to-china.html?

All for now from Down Under…

Semper Fi,

紅龍

May’s Touchdown Task: Egress Audit

Posted on by
4

The touchdown task for May is a quick and dirty egress filtering audit. Take a look at your firewalls and make sure they are performing egress filtering (you do this, right? If not, make it happen now ~ it’s the single most effective defense against bot-nets). Once you know egress is in place, give a once over to the firewall rules that enforce it. Make sure they are effective at blocking arbitrary ports, outbound SSH, outbound VPN connections, etc. Verify that any exposed egress ports are to specific IPs or ranges. If you find any short comings, fix them.

Also take a look and make sure that violations of the firewall rules are being alerted on, so your team can investigate those alerts as potential infection sites. 

Lastly, check to make sure that you have egress controls for outbound web traffic. You should be using an egress proxy for all HTTP and HTTPS traffic. Yes, you should be terminating SSL and watching that traffic for signs of infection or exfiltration of sensitive data. Take a few moments and make sure you have visibility into the web traffic of your users. If not, take that as an immediate project. 

That’s it. This review should take a couple of hours or so to complete. But, the insights and security enhancements it can bring are HUGE. 

Until next month, thanks for reading and run for the goal line!

Most Recent Cyber Conflict Information ~ People’s Republic of China

Posted on by
3

Good day from AusCERT –

Here are some of the Most Recent Cyber Conflict Information ~ People’s Republic of China:

The People’s Republic of China’s culture of hacking cost the United States $873 million in 2011

http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/20/chinas-culture-of-hacking-cost-the-country-873-billion-in-2011/?

How The Great Firewall of China Shapes Chinese Surfing Habits

http://www.technologyreview.com/view/515056/how-the-great-firewall-of-china-shapes-chinese-surfing-habits/

Goldman exits China’s ICBC, seven years and billions later

http://uk.reuters.com/article/2013/05/21/uk-goldman-icbc-idUKBRE94K07120130521

Semper Fi,

Bill