Religious groups find their calling in threat sharing

When it comes to protecting faith-based organizations from hackers, divine intervention will only get you so far. Congregations, like any other collection of people, can benefit from trading threat intelligence to mitigate the spread of malware. With that in mind, religious groups recently became the latest sector to create a threat-sharing hub by setting up the Faith-Based Information Sharing and Analysis Organization (FB-ISAO). Citing growing threats to donor data and religious websites, the FB-ISAO’s backers said it will fill a void by working with technology vendors to offer faith-based groups threat analysis and make them more resilient to attacks. The organization, founded in June but publicized on Monday, is open to American citizens of all faiths. Among the FB-ISAO’s services, promoted on its website, is a “simple, sensor-informed system and an intuitive user interface that integrates threat intelligence directly with your network. You won’t have to purchase high-cost equipment or software.” Many faith-based groups collect information […]

The post Religious groups find their calling in threat sharing appeared first on Cyberscoop.

Continue reading Religious groups find their calling in threat sharing

Schneider Electric snafu shows the need to stay vigilant over supply chain

Energy-management software giant Schneider Electric has alerted customers that they may have received malware-laced USB drives in recent shipments of some of the company’s products. The USB drives contained product documentation and “non-essential software utilities” in support of Schneider Electric’s Conext Combox and Conext Battery Monitor solar-power-related products, the company said in a security advisory dated Aug. 24. Some USB drives shipped with the products “were contaminated with malware during manufacturing by one of our suppliers,” the advisory states. The USB drives do not contain operational software and the products’ operational security is therefore unaffected, according to Schneider Electric. “All major anti-malware” scanners can detect and block the malware, the company said. “Users are strongly encouraged to securely discard any USB removable media provided with these products,” the advisory says. “Users who believe they may have used one of the potentially-affected USB removable media are encouraged to perform a full scan […]

The post Schneider Electric snafu shows the need to stay vigilant over supply chain appeared first on Cyberscoop.

Continue reading Schneider Electric snafu shows the need to stay vigilant over supply chain

Analysts expect Lazarus Group to evolve, clean up opsec

In crossing the threshold of unmasking an alleged Lazarus Group member last week, the Department of Justice showed the efficacy of combining private digital forensics with the long arm of the law. Yet if history is any guide, experts say outing the alleged hacker will do little to curb North Korea’s behavior. Instead, research believe the group will likely clean up its operational security and continue to evolve. In the years that Eric Chien, technical director of Symantec’s Security Response, has been tracking the Pyongyang-linked hacking group, “all we’ve seen is an escalation,” he said. “They’ve only gotten more bold and more experienced in their attacks.” The charges announced Thursday by the Justice Department against North Korean computer programmer Park Jin Hyok showed slip-ups in Park’s operational security, known colloquially as OPSEC. For example, investigators were able to tie email accounts apparently used by Park’s front company in China to spearphishing and reconnaissance conducted ahead of some of Lazarus’s alleged hacking […]

The post Analysts expect Lazarus Group to evolve, clean up opsec appeared first on Cyberscoop.

Continue reading Analysts expect Lazarus Group to evolve, clean up opsec

Spurred by security incidents, DOT goes looking for its software flaws

The Department of Transportation has recently completed a set of thorough security tests on software used in the Transportation Secretary’s office, yielding surprising results about the software’s vulnerabilities. The testing program, which was partly motivated by three cybersecurity incidents at the department in the last year, began with software “we thought was pretty rock-solid,” DOT CIO Vicki Hildebrand said. “[W]e were pretty sure we wouldn’t find vulnerabilities. And we did.” A team of researchers from security-testing company Synack carried out the assessment of the DOT software, which uncovered flaws in commercial products and networked systems.  DOT’s security team worked with Synack to promptly fix the vulnerabilities, according to Mark Kuhr, Synack’s co-founder and CTO. Hildebrand, a former executive at Hewlett Packard Enterprise, said she wanted to expand the testing program to other parts of DOT’s vast IT enterprise. “There’s going to be a team approach to whacking these [vulnerabilities] as […]

The post Spurred by security incidents, DOT goes looking for its software flaws appeared first on Cyberscoop.

Continue reading Spurred by security incidents, DOT goes looking for its software flaws

House passes deterrence bill that would call out nation-state hackers

The House of Representatives on Wednesday passed a bipartisan bill aimed at deterring foreign governments from conducting operations against U.S. critical infrastructure. The Cyber Deterrence and Response Act put forth by Rep. Ted Yoho, R-Fla., calls on the president to identify individuals and organizations engaged in state-sponsored hacking that significantly threatens U.S. interests., and then to impose one or more of a slew of sanctions on them. That “naming and shaming” approach is an effort to ward off future cyberattacks from China, Russia, Iran, and North Korea — four countries that U.S. officials routinely label as top adversaries in cyberspace. The bill, which passed the House by voice vote, also calls for a uniform list of foreign hacking groups to be published on the Federal Register. Sen. Cory Gardner, R-Colo., last month introduced companion legislation in the Senate. “Our foreign adversaries have developed sophisticated cyber capabilities that disrupt our networks, […]

The post House passes deterrence bill that would call out nation-state hackers appeared first on Cyberscoop.

Continue reading House passes deterrence bill that would call out nation-state hackers

DHS chief warns of ‘pandemic’ cyber vulnerabilities

Homeland Security Secretary Kirstjen Nielsen painted a daunting picture of the global digital landscape in a speech Wednesday, describing “a worldwide outbreak of cyberattacks and cyber vulnerabilities” that had moved from the “epidemic” to the “pandemic” stage. “Cyberattacks, in terms of their breadth and scope and possible consequences, now exceed the risk of physical attacks,” Nielsen said at The George Washington University in Washington, D.C. “[C]yberspace is now the most active battlefield, and the attack surface extends into every single American home.” The Department of Homeland Security “was founded 15 years ago to prevent another 9/11,” Nielsen added, “but I believe an attack of that magnitude is much more likely to reach us online than on an airplane.” The department “wasn’t built for a digital pandemic” at its founding, she said, urging Congress to pass legislation to turn DHS’s cyber and physical infrastructure agency into an “full-fledged operational agency.” Nielsen also […]

The post DHS chief warns of ‘pandemic’ cyber vulnerabilities appeared first on Cyberscoop.

Continue reading DHS chief warns of ‘pandemic’ cyber vulnerabilities

NSA official: Foreign hackers have ‘pummeled’ U.S. by stealing IP

Hackers sponsored by foreign governments have chipped away at the United States’ global economic advantage through a steady campaign of intellectual property theft, according to a top National Security Agency official. “It pains me to see the core of how we’ve defined ourselves over the last century” – in terms of innovation and intellectual property – “be continuously pummeled by external nation-state and non-nation-state-sponsored malicious cyber activity,” NSA Deputy Director George Barnes said Tuesday at the Intelligence and National Security Summit (INSA) in National Harbor, Md. Rather than one, devastating cyberattack, Barnes said there has been a “slow drop” of “continual theft of intellectual property from our industries.” Former NSA director Keith Alexander has repeatedly called the theft of U.S. intellectual property “the greatest transfer of wealth in history.” In a New York Times op-ed last year, Alexander and Dennis Blair, a former Director of National Intelligence, said such theft costs the U.S. $600 billion per year. […]

The post NSA official: Foreign hackers have ‘pummeled’ U.S. by stealing IP appeared first on Cyberscoop.

Continue reading NSA official: Foreign hackers have ‘pummeled’ U.S. by stealing IP

After arrests, FIN7 group shows resilience in attacking banks anew

An infamous hacking group is back to aggressively targeting banks less than a month after the U.S. Justice Department announced the arrest of three of its high-level members, according to new research. The group known as FIN7, Carbanak, or the Cobalt Group, has reportedly stolen over a billion dollars from financial institutions in recent years. Now it has two more banks in Russia and Romania in their sights, according to Netscout’s ASERT threat intelligence group. The hackers have gone after the two banks with spearphishing emails that mimic the banks’ vendors. “ASERT believes Cobalt Group will continue targeting financial organizations in Eastern Europe and Russia based on the observables in this campaign and their normal modus operandi,” the researchers wrote, describing the activity as ongoing. ASERT spotted the renewed activity on Aug. 13, less than two weeks after the Justice Department unsealed the indictment of three alleged FIN7 members from […]

The post After arrests, FIN7 group shows resilience in attacking banks anew appeared first on Cyberscoop.

Continue reading After arrests, FIN7 group shows resilience in attacking banks anew

House panel rips CVE contracting and oversight policies

The industry-wide program for documenting hardware and software vulnerabilities suffers from fluctuating funding and insufficient oversight, according to a more than year-long investigation by the House Energy and Commerce Committee. “The historical practices for managing the…program are clearly insufficient,” members of the committee wrote in letters Monday to the Department of Homeland Security, which sponsors the program, and the not-for-profit MITRE Corp., which maintains it. “Barring significant improvements, they will likely lead again to challenges that have direct, negative impacts on stakeholders across society.” The program in question, the Common Vulnerabilities and Exposures (CVE) database, has for nearly two decades been a common lexicon for researchers and companies that document security flaws. But the program has experienced a significant backlog as some researchers have struggled to get a response to their submissions. MITRE has undertaken reforms of the program, but House lawmakers say the “root causes” of the program’s woes – its lack […]

The post House panel rips CVE contracting and oversight policies appeared first on Cyberscoop.

Continue reading House panel rips CVE contracting and oversight policies

Cisco Talos’ Craig Williams on the hunt for bugs and abnormal behavior

Look at some of the biggest cybersecurity incidents in the last year and one threat intelligence organization tends to pop up: Talos. Researchers from Talos, a division of networking giant Cisco, have helped expose VPNFilter, the massive botnet that loomed over Ukraine and tracked cybercriminals who have used mobile device management servers to distribute malware. On the sidelines of the Black Hat and DEF CON conference in Las Vegas this month, CyberScoop sat down with Craig Williams, Talos’s director of outreach, to get his take on some of these high-profile threats and how he approaches the craft of investigating malware campaigns. Like most other threat intelligence units, Talos has to manage a critical relationship with law enforcement, deciding when to loop-in the public sector as it comes across all different kinds of attacks.  Williams provides some insight into how Talos handles these interactions, which can often be as complex as the malware he pores over daily. This conversation […]

The post Cisco Talos’ Craig Williams on the hunt for bugs and abnormal behavior appeared first on Cyberscoop.

Continue reading Cisco Talos’ Craig Williams on the hunt for bugs and abnormal behavior