Updates on Cyber Security

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance solutions, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. Every year RSA host a conference for the security industry, presenting the latest research, findings, treats and challenges of the internet. Here’s a collection of this years headlines, as they were published during the conference in San Fransisco last week.

“Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.”

RSA, The Security Division of EMC

RSA fraud prevention solutions reduce the risk of fraud and identity theft by assuring user identities, monitoring for high-risk activities and mitigating the damage caused by external threats such as phishing, pharming, Trojans and other cyber threats. The key words of 2011 is “cloud computing;” “phishing,” “smart grids” and “espionage.”

The Top Story:

Cloud computing contracts: tread carefully

RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

FULL STORY

Collaboration crucial for fighting phishing techniques
Phishing’s not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the web mail providers that filter those emails can help cut down on the number of phishing attempts that hit in boxes, said a panel at RSA Conference 2011.

McAfee-Wind River partnership to foster mobile, embedded system security
The deal will put McAfee’s ePolicy Orchestrator agent inside Wind River’s embedded operating systems, enabling enterprises to boost embedded system security to non-traditional endpoints.

RSA attendees skeptical about cloud service provider security
Attendees at the RSA Conference 2011 said cloud computing is good for certain business applications, but they’re leery of putting sensitive applications, such as those used in health care or education, in the cloud.

Smart grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.

Cloud computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.

APT detection, prevention are hard, but possible
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks and what organizations can do to detect and respond to APT.

Unique attacks highlight Internet espionage trends
Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.

Survey reveals skills needed in IT security pros
A survey by certification firm (ISC)² found a need for IT security professionals to improve application development processes and expertise to weigh cloud computing risks.

RSA panel debates cyberwar definition, realities
At RSA Conference 2011, a panel of experts, including Bruce Schneier and former DHS secretary Michael Chertoff, discussed cyberwar, espionage and how the ground rules for handling such conflicts will be decided.

Move to IPv6 could help spambots churn out more spam, malware says botnet expert
Antispam measures that rely on IP blacklisting could be less effective if Internet Service Providers take the wrong approach to IPv6, said prominent malware expert Joe Stewart.

RSA 2011: Schmidt-led Town Hall confronts public-private cooperation – again
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, pressed for continued public-private sector cooperation.

Kaminsky, DNSSEC deployments experts say protocol will boost security
Network security expert Dan Kaminsky touts the security improvements DNSSEC provides, but admits that it will take time for businesses and consumers to reap the benefits.

Signature-based antivirus dying, but bigger problems loom
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.

Cloud computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

Microsoft security chief stumps for Internet health check system
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft’s proposed Internet health check system for consumer computers, and how it should be implemented not by governments and ISPs, but by enterprises.

Focus on people, not technology, cryptographer says
A prominent encryption expert at the annual cryptographer’s panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.

Software fraud, phony electronic parts pose serious security risks, expert says
A supply chain management expert studying ways companies can crack down on cheaply made imitation parts and software is urging software makers and manufacturers of electronic devices to develop better technologies to weed out fraudulent items.

White House CIO talks up cloud computing strategy
White House chief information officer (CIO) Vivek Kundra on Monday outlined the U.S. government’s strategy for cloud computing, a shift he said is critical in order to cut costs and improve efficiency.

Better methods needed to discover network configuration flaws
Examining firewall logs is not enough and most common network penetration tests often miss network misconfiguration issues, leaving sensitive information vulnerable to outside attackers, said a prominent network security expert.

Symantec turns to reputation security to bolster malware signatures
Symantec Corp. is adding new reputation scoring technology to its enterprise endpoint protection suite in a move security experts and analysts say will force its competitors to react by bolstering similar technologies.

Emerging theme at RSA Conference 2011 may be ‘mostly cloudy’
For the last several years, security experts and vendors at the RSA Conference have explained the risks associated with the use of cloud-based services. Far fewer have identified specific ways to protect data in the cloud. That may change at RSA Conference 2011..

Cloud computing security summit draws growing crowd
Cloud Security Alliance event expands to accommodate growing interest.

IT security career experts to dish out practical advice at RSA Conference 2011
Information security growth is fueling fierce competition among job applicants, according to Lee Kushner and Mike Murray, IT security career experts who follow the industry closely. Both career experts will be participating in an information security career development session at the RSA Conference 2011.

Security B-Sides brings its buzz back to San Francisco and RSA Conference
Security B-Sides isn’t just for big conference rejects any more. This little-conference-that-could has grown up and become a force on the information security speaking scene. Its latest incarnation springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from the giant Moscone Center, home to the security industry’s biggest annual event.

Source: SearchSecurity.com

Related by the Econotwist’s:

• Hackers Release Cloned Stuxnet Worm Online
• Egyptian Government Has Internet Kill Switch
• NASDAQ Comments On Hackers, Lack of Information
• And Here We Go: Nasdaq Stock Exchange Hacked!
• Internet Nuke Bomb Ready To Blow
• Cyber Criminals Attack Critical Water, Oil and Gas Systems
• The REAL Weapon of Mass Destruction

Related Articles:

• Cloud Computing Is Just Outsourcing, Says Forum (pcworld.com)
• Top CISO’s need to reinvent themselves to face new world challenges (luciusonsecurity.blogspot.com)
• RSA: Defining Cyberwar And Rallying Defenders (informationweek.com)
• Expert panel: As cyber security risks grow, architected protection and best practices must keep pace (zdnet.com)

Cyber Security Is Waste of Money, OECD Advisers Says

Under the pseudonym “Hugo Cornwall”,Peter Sommer published the infamous “Hacker’s Handbook” in 1985. Since then he has become a noted security researcher and expert witness. Now he has co-authored a report for the Organisation for Economic Co-operation and Development (OECD) which warns governments against swallowing wholesale stories about “cyber-war” and “cyber-weapons”.

“Governments should take a calm, disciplined approach and evaluate the risks of each type of attack very carefully rather than be swayed by scare stories.”

Peter Sommer

According to the report “Reducing Systemic Cybersecurity Risk,” published today, a true cyber-war would have the same destructive effects as a conventional war, only that it will be fought exclusively in cyberspace. However, such a war is “highly unlikely” to occur, the OECD report says.

“Governments should take a calm, disciplined approach and evaluate the risks of each type of attack very carefully rather than be swayed by scare stories,” says Peter Sommer of the London

Peter Sommer

School of Economics, one of the two authors of the just released report on cyber security.

Co-authored with computer scientist Ian Brown of the Oxford Internet Institute, UK, the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks.

But they say “localized misery and loss” could be caused by a successful attack on the Internets routing structure, which governments must ensure are defended with investment in cyber-security training.

Jay Abbott, security manager at the consultancy PricewaterhouseCoopers, agrees that the routing structure is indeed vulnerable, new scientist.com writes.

“Short of physically cutting the wires, it’s the best way to take down a country from the internet,” he says.

Analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language, the report points out.

“Cyber-espionage is not a few keystrokes away from cyber-war, it is a method of spying,” the authors write.

Controversially, the OECD advises nations against adopting the Pentagon’s idea of setting up a military division – as it has under the auspices of the US air force‘s Space Command – to fight cyber-security threats.

“While vested interests may want to see taxpayers’ money spent on such ventures,” says Sommer, “the military can only defend its own networks, not the private-sector critical networks we all depend on for gas, water, electricity and banking.”

Here’s a copy of the report: “Reducing Systemic Cyber Security Risk”

.

.

I just have one question: Who will decide which hardware, computers and software that is “systemically important,” or not?

Blogger Templates

Related by The Swapper:

• Internet Nuke Bomb Ready To Blow (Update)
• Cyber Criminals Attack Critical Water, Oil and Gas Systems
• The REAL Weapon of Mass Destruction
• Report: Details On China’s Internet Hijacking
• Hey, You HFT Bashers! Are You Ready For This?
• “Artificial Intelligence” To Be Implemented In HFT
• The Ultimate Trading Weapon
• A Hompage For The Homeless
• WikiLeaks: The Diversion of A Decade?

.

Related Articles:

• Cyberwar countermeasures a waste of money, says report (newscientist.com)
• Cyber attacks could create “perfect storm:” OECD (canada.com)
• Internet ‘kill switch’ could cause chaos, OECD report warns (infoworld.com)
• OECD: Cyber attacks could create ‘perfect storm’ (theglobeandmail.com)
• Cyber Attacks Set to Increase (blogs.wsj.com)

Student Design Software to Combat Modern Cyber Crime

Deian Stefan, now a graduate student in the computer science department at Stanford University, have developed an authentication framework called “Telling Human and Bot Apart” (TUBA) – a remote biometrics system based on keystroke-dynamics information. The software is able to determine if a file is malicious or not by analyzing the way its creator/programmer have been using  the computer keys. According to the recently graduated computer scientist, the so-called botnet are run by organized cyber criminals.

“Keystroke dynamics is an inexpensive biometric mechanism that has been proven accurate in distinguishing individuals.”

Daphne Yao

One of the serious threats to a user’s computer is a software program that might cause unwanted keystroke sequences to occur in order to hack someone’s identity. This form of an attack is increasing, infecting enterprise and personal computers, and caused by “organized malicious botnet,” according to Daphne Yao, now assistant professor of computer science at Virginia Tech.

To combat the “spoofing attacks,” Yao and her former student, Deian Stefan, now a graduate student in the computer science department at Stanford University, developed an authentication framework called “Telling Human and Bot Apart” (TUBA), a remote biometrics system based on keystroke-dynamics information.

Yao holds a patent on her human-behavior driven malware detection technology, including this keystroke anti-spoofing technique.

Her technology for PC security is currently being transferred to a company.

The license agreement between the company, Rutgers University (Yao’s former institution), and Virginia Tech is expected to be finalized in the coming weeks, according to ScienceDaily.com.

Internet bots are often described as web robots.

They act as software applications that run automated tasks over the internet. Bots usually perform simple and repetitive tasks, but at a much higher rate than would be possible for a human alone. (When used for malicious purposes they are described as malware).

How a botnet infection works

“Keystroke dynamics is an inexpensive biometric mechanism that has been proven accurate in distinguishing individuals,” Yao explains, and most researchers working with keystroke dynamics have focused previously on an attacker being a person.

The uniqueness of Yao and Stefan’s research is they studied how to identify when a computer program designed by a hacker was producing keystroke sequences in order to “spoof” others, they say.

Then they created TUBA to monitor a user’s typing patterns.

Using TUBA, Yao and Stefan tested the keystroke dynamics of 20 individuals, and used the results as a way to authenticate who might be using a computer.

“Our work shows that keystroke dynamics is robust against the synthetic forgery attacks studied, where the attacker draws statistical samples from a pool of available keystroke datasets other than the target,” Yao says.

Yao and Stefan also describe in their paper, “Keystroke-Dynamics Authentication Against Synthetic Forgeries”  – how keystroke dynamics can be used as a tool to identify anomalous activities on a personal computer including activities that can be due to malicious software.

Their work won a best paper award at CollaborateCom ’10, the 6th International Conference on Collaborative Computing, held in Chicago and sponsored by the Institute of Electrical and Electronic Engineers‘ Computer Society, Create-Net, and the Institute for Computer Sciences.

When The Bots Attack

The 2007 Cyber Attack On Estonia

If you want to bring down a country’s information infrastructure and you don’t want anyone to know who did it, the weapon of choice is a distributed denial of service attack.

Using rented botnet, you can launch hundreds of thousands — even millions — of infobombs at a target, all while maintaining total deniability.

In this hypothetical scenario, a single attack launched by China against the US lasts only a few hours, but a full-scale assault lasting days or weeks could bring an entire modern information economy to its knees.

.

1. Attacker
In this scenario, tension over proposed US legislation to raise tariffs on Chinese imports triggers a crisis. Beijing orders a limited attack on the computer systems of US congress members and corporations that support the bill. Chinese security officials hire criminal bot herders to launch the denial of service attacks. Payments are routed via anonymous services like PayPal (often using branches based in Latin America). Target IP addresses and email accounts (harvested in earlier operations) are distributed through private chat rooms used by criminal hackers. Once the attack is under way, a Chinese media and diplo matic campaign will portray the attackers as cybervigilantes operating on their own.

.

2. Bot Herder
Freelance computer hackers function as the project managers for the DDoS attacks. Typically, a hacker or a syndicate of hackers control one or more giant botnet, worldwide networks that can include 100,000 computers. Each machine has been surreptitiously infected by the bot herder with a bot, a remotely controlled piece of malicious software. Herders usually make their living by renting these networks out for commercial spam, phishing fraud, and denial-of-service extortion. On the bot herder’s signal, his network of bots can launch millions of packets of information toward a single target, overwhelming its defenses and either crashing it or driving its owners to shut it down as a defensive precaution.

.

3. Zombie
Once an ordinary computer is infected by a bot, it becomes one of the unwitting drones that make up a global botnet. When these machines, known as zombies, receive a signal from the bot herder, the bot takes control of its host and sends out multiple packets of information — usually spam — to designated targets. Thanks to the distributed nature of these networks, attacks appear to be coming from random personal computers located all over the world. In this scenario, many will even be from within the US. And if you’re wondering if your PC is infected, detection isn’t easy. Fortunately, new versions of home security software, like Norton AntiBot, are targeting this new strain of malware. But bots keep mutating, so the game is far from over.

.

4. Target
A full-scale DDoS attack meant as an act of war might target military and government servers, civilian email, banks, and phone companies. But in this more likely scenario, the targets are Web sites and email systems of congress members and corporations that support higher trade barriers. These groups blame the Chinese government, but can’t prove it. Nevertheless, targets will be effectively shut down while they undergo security upgrades and damage assessment, inhibiting their ability to work on behalf of the legislation.

(Source: www.wired.com)

Related by The Swapper:

• Hackers Attact Norway’s Peace Prize Institute
• Cyber Wars Enter Center Stage At NATO Summit
• EU Respond To Cyber Threath Alarm
• EU Demand Explanation On US Plan To Monitor Money Transfers
• Europe: Cyber Criminals Attack Critical Water, Oil and Gas Systems
• Hackers Steal CO2-emission Permits Worth $4bn
• Another Carbon Fraud Raid Reveals Firearms, Piles Of Cash

Related Articles

• Japan has national botnet warriors; why don’t we? (arstechnica.com)
• AuthenWare Expands Global Reach to South Korean Market (prweb.com)
• Dutch Team up With Armenia for Bredolab Botnet Take Down (pcworld.com)
• Two million US PCs recruited to botnets – Putian, Fujian, China (travelpod.com)
• Chinese Botnet Sells Point-And-Click Cyberattacks (blogs.forbes.com)