Tag Archives: Threat Monitoring

Day Three Homeland Security Summit Middle East…Cyber Threat Intelligence SA You Need To Know….

Posted on by
2

Good morning from Abu Dhabi – yes I know it is Zero Dark Thirty here… thank you my Australian friends for pointing that out…

The restless, passionate and wicked never sleep…

Nonetheless, here is the latest Cyber Threat Intelligence you need to be aware of…

This one is my favorite! IN fact this is a very well written article…

Chinese Cyber Espionage: Don’t Believe the Hype


http://securitywatch.pcmag.com/security/311911-chinese-cyber-espionage-don-t-believe-the-hype

Of course, then this list of compromised US Military technology is also hype, isn’t?

The following is reproduced from the nonpublic version of the Defense Science Board report “Resilient Military Systems and the Advanced Cyber Threat” as posted originally by the Washington Post:

Table 2.2 Expanded partial list of DoD system designs and technologies compromised via cyber exploitation

SYSTEM DESIGNS

Terminal High Altitude Area Defense

Patriot Advanced Capability-3

Extended Area Protection and Survivability System (EAPS)

F-35

V-22

C-17

Hawklink

Advanced Harpoon Weapon Control System

Tanker Conversions

Long-term Mine Reconnaissance System

Global Hawk

Navy antenna mechanisms

Global Freight Management System

Micro Air Vehicle

Brigade Combat Team Modernization

Aegis Ballistic Missile Defense System

USMC Tracked Combat Vehicles

Warfighter Information Network-Tactical (WIN-T)

T700 Family of Engines

Full Authority Digital Engine Controller (FADEC)

UH-60 Black Hawk

AMRAAM (AIM-120 Advanced Medium-Range Air-to-Air Missile)

Affordable Weapons System

Littoral Combat Ship

Navy Standard Missile (SM-2,3,6)

P-8A/Multi-Mission Aircraft

F/A and EA-18

RC-135 Detect./Collect.

Mk54 Light Weight Torpedo

TECHNOLOGIES

Directed Energy

UAV video system

Specific Emitter identification

Nanotechnology

Dual Use Avionics

Fuze/Munitions safety and development

Electronic Intelligence Processing

Tactical Data Links

Satellite Communications

Electronic Warfare

Advanced Signal Processing Technologies for Radars

Nanostructured Metal Matrix Composite for Light Weight Ballistic Armor

Vision-aided Urban Navigation & Collision Avoidance for Class I Unmanned Air Vehicles (UAV)

Space Surveillance Telescope

Materials/processing technologies

IR Search and Track systems

Electronic Warfare systems

Electromagnetic Aircraft Launch

Rail Gun

Side Scan sonar

Mode 5 IFF

Export Control, ITAR, Distribution Statement B,C,D Technical Information

CAD drawings, 3D models, schematics

Software code

Critical technology

Vendor/supply chain data

Technical manuals

PII (email addresses, SSN, credit card numbers, passwords, etc.)

Attendee lists for program reviews and meetings

Indeed – don’t believe the hype, these are not the Chinese Hackers you are looking for…they already took your data! 🙂

Chinese vice premier, military leader meet US nat’l security adviser


http://english.peopledaily.com.cn/90883/8261728.html

China demonstrates defence determination to US: ministry


http://english.peopledaily.com.cn/90786/8223335.html

People’s Republic of Hacking: Chinese hackers ‘access sensitive US weapons systems’


http://www.telegraph.co.uk/news/worldnews/asia/china/10083296/Chinese-hackers-access-sensitive-US-weapons-systems.html

Russia Uses ‘Single Register’ Law To Selectively Block Internet Content


http://www.infosecurity-magazine.com/blog/2013/5/22/russia-uses-single-register-law-to-selectively-block-internet-content/905.aspx

Semper Fi,

謝謝

紅龍

Cyber Threat SA from Abu Dhabi Homeland Security Summit Middle East

Posted on by
Reply

Good day from Abu Dhabi, Additional Cyber Threat Situational Awareness @ the Homeland Security Summit Middle East –

People’s Republic of China High-ranking Military Spies Woo Australia Business Leaders


http://chinaview.wordpress.com/2013/05/26/china-high-ranking-military-spies-woo-australia-business-leaders/

Watch a Chinese “Cyber Espionage Unit” Steal Files from an American Hard Drive in Real-Time

See it @
http://motherboard.vice.com/read/watch-a-chinese-cyber-espionage-unit-steal-files-from-an-american-hard-drive

People’s Republic of China PLA’s “Department of Enemy Work” Reachs Out to Western Elites in Australia and US


http://chinaview.wordpress.com/2013/05/26/china-armys-department-of-enemy-work-reachs-out-to-western-elites-in-australia-and-us/

No Chrome, No Firefox: Why Chinese Online Banking Still Requires Internet Explorer


http://www.techinasia.com/chrome-firefox-chinese-online-banking-requires-internet-explorer/

People’s Republic of China’s Huawei: ‘trust us, we are being transparent’


http://www.theregister.co.uk/2013/05/28/huawei_trust_us_we_are_being_transparent/

People’s Republic of China’s Huawei’s Middle East Revenue Up 18% – ChinaTechNews.com –


http://www.chinatechnews.com/2013/05/28/19369-huaweis-middle-east-revenue-up-18

ASIO hack: Julia Gillard defends intelligence funding for spy agency after Four Corners report


http://www.abc.net.au/news/2013-05-28/gillard-defends-intelligence-funding-in-wake-of-asio-hack/4718166

People’s Republic of China dismisses Australian spy HQ hacking claims


http://www.guardian.co.uk/world/2013/may/28/china-asio-australian-spy-hq-hacking-claims

People’s Republic of China ‘hacked’ new Australian spy HQ | News | DW.DE | 28.05.2013


http://www.dw.de/china-hacked-new-australian-spy-hq/a-16841717?maca=en-rss-en-all-1573-xml-atom

Telecoms official: G20 could be platform for cybersecurity


http://www.euractiv.com/infosociety/huawei-cyber-chief-use-g20-platf-interview-528069?

Iran’s approaching vote brings receding Web access


http://www.sfgate.com/business/technology/article/Iran-s-approaching-vote-brings-receding-Web-access-4551232.php

New Computer Attacks Traced to Iran, Officials Say


http://www.nytimes.com/2013/05/25/world/middleeast/new-computer-attacks-come-from-iran-officials-say.html?

This Pentagon Project Makes Cyberwar as Easy as Angry Birds | Danger Room | Wired.com


http://www.wired.com/dangerroom/2013/05/pentagon-cyberwar-angry-birds/

Frustrated Chinese send complaints to White House website


http://www.guardian.co.uk/world/2013/may/28/chinese-complaints-white-house-website

Semper Fi,

謝謝

紅龍

An Explanation of Our HoneyPoint Internet Threat Monitoring Environment #HITME #security

Posted on by
Reply

One of the least understood parts of MicroSolved is how the HoneyPoint Internet Threat Monitoring Environment (#HITME) data is used to better protect our customers. The engineers have asked me to drop this line into the newsletter and give you a “bees knees” perspective of how it works! First, if you don’t know about the #HITME, it is a set of deployed HoneyPoints that gather real world, real time attacker data from around the Internet. The sensors gather attack sources, frequency, targeting information, vulnerability patterns, exploits, malware and other crucial event data for the technical team at MSI to analyze. You can even follow the real time updates of attacker IPs and target ports on Twitter by following @honeypoint or the #HITME hash tag. MSI licenses that data under Creative Commons, non-commercial for FREE as a public service to the security community.

That said, how does the #HITME help MSI better protect their customers? Well, first, it allows folks to use the #HITME feed of known attacker IPs in a blacklist to block known scanners at their borders. This prevents the scanning tools and malware probes from ever reaching you to start with. Next, the data from the #HITME is analyzed daily and the newest, bleeding edge attack signatures get added to the MSI assessment platform. That means that customers with ongoing assessments and vulnerability management services from MSI get continually tested against the most current forms of attack being used on the Internet. The #HITME data also gets updated into the MSI pen-testing and risk assessment methodologies, focusing our testing on real world attack patterns much more than vendors who rely on typical scanning tools and back-dated threats from their last “yearly bootcamp”.

The #HITME data even flows back to the software vendors through a variety of means. MSI shares new attacks and possible vulnerabilities with the vendors, plus, open source projects targeted by attackers. Often MSI teaches those developers about the vulnerability, the possibilities for mitigation, and how to perform secure coding techniques like proper input validation. The data from the #HITME is used to provide the attack metrics and pattern information that MSI presents in its public speaking, “State of the Threat,” the blog, and other educational efforts. Lastly, but certainly not least, MSI provides an ongoing alerting function for organizations whose machines are compromised. MSI contacts critical infrastructure organizations whose machines turn up in the #HITME data and works with them to mitigate the compromise and manage the threat. These data-centric services are provided, pro-bono, in 99% of all of the cases!

If your organization would be interested in donating an Internet facing system to the #HITME project to further these goals, please contact your account executive. Our hope is that the next time you hear about the #HITME, you’ll get a smile on your face knowing that the members of my hive are working hard day and night to protect MSI customers and the world at large. You can count on us, we’ve got your back!