Save The Date: June 10 is CMHSecLunch

Save the date of June 10th for the next CMHSecLunch. This month’s event is at the Polaris Mall food court. It’s 11:30 to 1pm.

As usual, you can sign up here. You can also talk to @cahnee about it on Twitter if you would prefer. She can help you find folks wherever we meet.

The event is FREE, open to anyone interested in IT and InfoSec. You can brown bag it, or get food from the vendors. But, the conversations are amazing. You get to see old friends and make some new ones. Check it out! 

Cyber News Today from Homeland Security Middle East – Abu Dhabi, UAE

Happy Memorial Day Readers;

The Red Dragon and MicroSolved are at the Homeland Security Summit- Middle East taking place in Abu Dhabi, United Arab Emirates…

Latest World Cyber News you should be maintaining cyber situational awareness on comes to you today after 6 different flights across 4 different continents and a total of 30,000 airmiles…oh yes 5 hours of sleep –

Nonetheless – here are some developing stories out of the International Cyber World….

General Alexander – Four-star general in eye of U.S. cyber storm… Read more @ http://newsle.com/article/0/76523525/

The covert battle over Beijing’s defence policy heats up…People’s Republic of China gets into the business of making friends

Read more @ http://www.smh.com.au/world/china-gets-into-the-business-of-making-friends-20130524-2k6q3.html#ixzz2UTeO2Fht

People’s Republic of China’s Huawei a victim of its success

Read more @: http://www.chinadaily.com.cn/cndy/2013-05/25/content_16530834.htm &
http://wanderingchina.org/2013/05/26/huawei-a-victim-of-its-success-china-daily-risingchina-trade/

All for now from the Middle East…more to come as the world wakes to a new day…

Semper Fi,

謝謝

紅龍

What YOU Can Do About International Threats

Binary eye

With the addition of RedDragon Rising (@RedDragon1949) to the blog, we are now pushing forth a new stream of threat data and insights about the growing problem of international threats. Since we added that content to the site, many of you have written in or asked me on Twitter, what is it that YOU can do about these threats? I wanted to take a few minutes and expand on my responses.

First of all, you can remain aware and vigilant. Much of the information we post here isn’t directly actionable. It isn’t designed to be a roadmap of actions for you to take. It’s designed to be a continual source of data that slowly helps you see a clearer picture of the threat, the actors and their capability. It’s designed to keep you AWAKE. It’s custom made to help you understand your adversary. Knowledge is power and insight is key. We make this content to give you both!

Second, you can communicate the threat and knowledge to your management. This helps them remain aware. It also presents to them that you are monitoring the threats and keeping your eye on the rising tides, even as you help them steer the ship through safe waters. You can use this information to build rapport with them, to give them new insights into your decisions when you explain to them various risks and to help them understand the changing nature of the interconnected world.

You can use the information here as an impetus to get the basics of information security right. While there aren’t any panaceas to fight off the threat and there isn’t a single thing you can buy to make it better ~ we do know that focusing on the basics of infosec and getting them done efficiently, effectively and well is the best defense against a variety of threats. That said, consider doing a quick and dirty review of your security initiatives against our 80/20 Rule for Information Security. This is a set of simple projects that represent the basics of information security and map easily to other standards and baselines. Simply judging your maturity in these areas and following the roadmap to improvement will go a long way to getting the basics done right in your organization. 

Invest in detection and response. If your organization is doing the basics of prevention, that is you have hardening in place and are performing ongoing assessment and mitigation of your attack surfaces, then the next thing to do is invest in detection and response capabilities. Today, one of the largest advantages that attackers enjoy is the lack of visibility and effective response capabilities in our organizations. You should have some visibility into every segment and at every layer of your environment. You should be able to identify compromises in a timely manner and move to isolate, investigate and recover from any breaches LONG BEFORE they have become widespread and heavily leveraged against you. If you can’t do that today, make it your next major infosec goal. Need help?Ask us about it.

Lastly, share information with your peers. The bad guys are good at information sharing. They have excellent metrics. They openly share their experiences, successes, failures and new techniques. Much of crime and espionage (not all, but MUCH) is “open source” in nature. The cells of attackers free float in conglomerations of opportunity.  They barter with experience, tools, data and money. They share. The more we begin to share and emulate their “open source” approaches, the better off we can be at defending. If knowledge is power, more brains with more knowledge and experience equals MORE POWER. Be a part of the solution.

That’s it for now. Just remain calm, get better at the basics, improve your visibility and stay vigilant. As always, thanks  for reading State of Security and for choosing MicroSolved as your information security partner. We are striving to dig deeper, to think differently and to give you truly actionable intelligence and threat data that is personalized, relevant to your organization and meaningful. If you’d like to hear more about our approach and what it can mean for your organization, get in touch via Twitter (@lbhuston), email (info(at)microsolved/dot/com) or phone (614-351-1237 ext 250). 

Latests News from AusCERT 2013 & the People’s Republic of Hacking…

G’day from Gold Coast, Australia and AusCERT 2013!

The persistent nature about the People’s Republic of Hacking, er, umm, sorry, China, is ceaseless…

People’s Republic of China’s Huawei Vows Revenge On U.S. Competitors Who Drag Its Name Through The Mud

http://au.businessinsider.com/huawei-fighting-back-against-cisco-hp-and-dell-2013-5?

Hackers Find People’s Republic of China Is Land of Opportunity ** AWESOME ARTICLE **

http://www.nytimes.com/2013/05/23/world/asia/in-china-hacking-has-widespread-acceptance.html?&pagewanted=all

Google hackers wanted intel on People’s Republic of Chinese spook monitoring

http://www.scmagazine.com.au/News/344069,google-hackers-wanted-intel-on-chinese-spook-monitoring.aspx?

Chinese hackers said to have accessed law enforcement targets
Cyber marauders sought more than just information on activists — they wanted access to FBI, DOJ investigations on spies in the U.S.

http://www.computerworld.com/s/article/9239440/Chinese_hackers_said_to_have_accessed_law_enforcement_targets?

3 N.Y.U. Scientists Accepted Bribes From People’s Republic of China, U.S. Says

http://www.nytimes.com/2013/05/21/nyregion/us-says-3-nyu-scientists-took-bribes-to-reveal-work-to-china.html?

All for now from Down Under…

Semper Fi,

紅龍

US Government Urges Offensive Right to Cyber Self-Protection

Good day from AusCERT!

If you haven’t heard the latest regarding the People’s Republic of Hacking and countering cyber espionage and the significant loss of intellectual property you should be aware of the New York Times story today… “As Chinese Leader’s Visit Nears, U.S. Urged to Allow Retaliation for Cyberattacks”….folks we have reached a critical inflection point as US Government Urges Offensive Right to Cyber Self-Protection for commercial enterprises to defeat and disrupt the loss of key American inventions and ideas to the People’s Republic of China…this all stated in advance of China’s President Xi Jinping set to meet with President Obama in the next few weeks on US soil…

Read the full New York Times story here:

http://www.nytimes.com/2013/05/22/world/asia/as-chinese-leaders-visit-nears-us-urged-to-allow-retaliation-for-cyberattacks.html?

May’s Touchdown Task: Egress Audit

The touchdown task for May is a quick and dirty egress filtering audit. Take a look at your firewalls and make sure they are performing egress filtering (you do this, right? If not, make it happen now ~ it’s the single most effective defense against bot-nets). Once you know egress is in place, give a once over to the firewall rules that enforce it. Make sure they are effective at blocking arbitrary ports, outbound SSH, outbound VPN connections, etc. Verify that any exposed egress ports are to specific IPs or ranges. If you find any short comings, fix them.

Also take a look and make sure that violations of the firewall rules are being alerted on, so your team can investigate those alerts as potential infection sites. 

Lastly, check to make sure that you have egress controls for outbound web traffic. You should be using an egress proxy for all HTTP and HTTPS traffic. Yes, you should be terminating SSL and watching that traffic for signs of infection or exfiltration of sensitive data. Take a few moments and make sure you have visibility into the web traffic of your users. If not, take that as an immediate project. 

That’s it. This review should take a couple of hours or so to complete. But, the insights and security enhancements it can bring are HUGE. 

Until next month, thanks for reading and run for the goal line!

Most Recent Cyber Conflict Information ~ People’s Republic of China

Good day from AusCERT –

Here are some of the Most Recent Cyber Conflict Information ~ People’s Republic of China:

The People’s Republic of China’s culture of hacking cost the United States $873 million in 2011

http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/20/chinas-culture-of-hacking-cost-the-country-873-billion-in-2011/?

How The Great Firewall of China Shapes Chinese Surfing Habits

http://www.technologyreview.com/view/515056/how-the-great-firewall-of-china-shapes-chinese-surfing-habits/

Goldman exits China’s ICBC, seven years and billions later

http://uk.reuters.com/article/2013/05/21/uk-goldman-icbc-idUKBRE94K07120130521

Semper Fi,

Bill

Latest People’s Republic of China Internet Controls & News from Down Under

Good day from AusCERT –

The latest Cyber Conflict news out the People’s Republic of China is very curious indeed and firmly supports the fact that Chinese State Sponsored hackers are targeting other international governments – including intelligence, military, and political objectives…

Earlier today here in Asia the alleged Chinese People’s Liberation Army (PLA) hacking unit of PuDong neighborhood in the City of Shanghai has resumed cyber targeting see the Foreign Policy article (http://www.foreignpolicy.com/node/1426054)…and yet today the People’s Republic of China demonstrated a new form of Internet Control for disaffected bloggers who disagree with the Communist Party of China (CPC)…death – you can see the story here; http://www.foreignpolicy.com/node/1426054.

Remember that with the Golden Shield Project (colloquially known as the Great Firewall of China), a Chinese State Sponsored DNS cache poisoning policy, the Internet the Western world enjoys is not what the average Chinese experiences in the People’s Republic of China…So, with the renewed Chinese hacking someone in Beijing must have approved certain Chinese state sponsored hacking activity through the Great Firewall of China…otherwise why would the CPC be putting to death those Chinese bloggers who would challenge the legitimacy of the current Chinese political regime? Hmmm….

Red Dragon Rising @ AusCERT 2013

Good day from Gold Coast Australia!

Red Dragon Rising has arrived in Australia for AuSCERT 2013!

And of course, 5 hours ago here in Asia Pacific those pesky Dark Guests from the People’s Republic of China are up to their old hacking tricks again reports the New York Times:

“Chinese Hackers Resume Attacks on U.S. Targets”

You can read the direct story at the following link:

http://www.nytimes.com/2013/05/20/world/asia/chinese-hackers-resume-attacks-on-us-targets.html?&pagewanted=all

Latest People’s Republic of China Cyber Conflict News….中華人民共和國 信 息战争

Latest People’s Republic of China Cyber Conflict News….中華人民共和國 信 息战争

Pentagon Continues Use of People’s Republic of China Satellite in New Lease – Bloomberg
…AFRICOM renews lease with People’s Republic of China’s APT Satellite Holdings Ltd.!

People’s Republic of China’s software industry growth quickens – Xinhua | English.news.cn
The growth of China’s software industry quickened last year despite sluggish market demand caused by an economic slump at home and abroad, showed official data revealed on Wednesday.

India’s NSC points to Huawei, ZTE’s links with Chinese military project PLA-863 http://articles.economictimes.indiatimes.com/2013-05-15/news/39282046_1_huawei-and-zte-telecom-equipment-nsc

Beijing’s ‘Bitskrieg’ – 中國人民解放 總參謀部…信 息战争
http://www.foreignpolicy.com/articles/2013/05/13/beijings_bitskrieg?page=full

US Intelligence & Military fears after People’s Republic of China missile test – Telegraph
http://www.telegraph.co.uk/news/worldnews/asia/china/10063455/US-fears-after-Chinese-missile-test.html