Category Archives: Advanced Persistent Threat (APT)

‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats

Posted on by

FBI Director Christopher Wray has been clear to Congress: cyberthreats are outpacing the FBI’s capacity to track them, and the bureau needs more money and people to catch up. Boosting the FBI’s roster of cybersecurity talent, rather than playing whack-a-mole with an expanding docket of threats, is of the essence. “[The cyber] threat has grown exponentially in terms of actors, methods, targets, and so we need personnel and tools there in a big, big way,” Wray told Senate appropriators in May. In fiscal 2020, the FBI is asking Congress for $70.5 million more in funding compared with the prior year for cybersecurity programs, and for 33 more personnel dedicated to the issue. Any new hires would be stepping into an agency that has transformed its approach to cyberspace in the last several years. The FBI has had to get more out of its cybersecurity personnel as the types of malware, and the number of actors willing […]

The post ‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats appeared first on CyberScoop.

Continue reading ‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats

Why Cyber Command’s latest warning is a win for the government’s information sharing efforts

Posted on by

When U.S. Cyber Command warned last week that a hacking group was using a Microsoft Outlook vulnerability previously leveraged by an Iran-linked malware campaign, it appeared to be signaling just how much the military knows about those operations. But the alert was significant in other ways: behind-the-scenes details uncovered by CyberScoop show that it is an example of how the U.S. government has built up its use of the information-sharing platform VirusTotal so the private sector gets more information sooner. Along with Cyber Command’s warning, which also was shared in a tweet, the Department of Homeland Security (DHS) released its own private warning to industry, CyberScoop has learned. The department’s traffic light protocol (TLP) alert covered the same threat that Cyber Command would eventually post to VirusTotal. In going public with the malicious files, Cyber Command appears to have revealed new information about how Iran-linked actors leveraged another malware family, known as Shamoon, as recently as 2017, according to Chronicle, which owns VirusTotal. Not only is it […]

The post Why Cyber Command’s latest warning is a win for the government’s information sharing efforts appeared first on CyberScoop.

Continue reading Why Cyber Command’s latest warning is a win for the government’s information sharing efforts

Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says

Posted on by

A cyber-espionage group widely believed to be carrying out attacks on behalf of the Iranian government resorted to new hacking tools after its malicious activity was unveiled earlier this year, according to research scheduled to be published Wednesday. The threat intelligence company Recorded Future determined the hacking group APT33 or “a closely aligned threat actor” has used more than 1,200 web domains to conduct cyberattacks since March 28. That’s the date researchers from Symantec released findings exposing an APT33 operation that targeted 50 organizations in Saudi Arabia and the United States. But Recorded Future also found that in the months since, APT33 apparently has resorted to new remote access trojans, which is yet another indication that suspected Iranian hackers are ramping up their activity amid ongoing international tension. “Our research found that APT33 or a closely aligned threat actor continues to conduct and prepare for widespread cyber-espionage activity … with a […]

The post Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says appeared first on CyberScoop.

Continue reading Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says

What happens when one APT hijacks another’s infrastructure

Posted on by

Like any group of spies or soldiers, state-sponsored hacking groups are acutely interested in what their peers are using. Servers, domains and other digital tools can be contested resources just like others in in espionage or warfare. And there’s no guarantee that any group can keep a tight grip on its own internet infrastructure. In documenting how Turla, a Russia-linked outfit, hijacked the server of OilRig, a group associated with Iran, new research from Symantec shows what that overlap looks like in action. “This is the first time Symantec has observed one actor hijack another’s infrastructure,” said Alexandrea Berninger, senior cyber intelligence analyst at Symantec. “Although we don’t expect this to become a common tactic, we do expect to see deceptive operations like this amongst the most capable threat actor groups.” The apparently hostile takeover took place in January 2018, when a computer in a Middle Eastern government organization downloaded a variant of the […]

The post What happens when one APT hijacks another’s infrastructure appeared first on CyberScoop.

Continue reading What happens when one APT hijacks another’s infrastructure

Get Ahead of Cybersecurity AI Maturation by Building a Cognitive SOC

Posted on by

Cybersecurity AI is approaching maturity. Are you prepared to defend against a new wave adversarial machine learning risks?

The post Get Ahead of Cybersecurity AI Maturation by Building a Cognitive SOC appeared first on Security Intelligence.

Continue reading Get Ahead of Cybersecurity AI Maturation by Building a Cognitive SOC

4 Information Security Slipups From ‘Star Trek: Discovery’ to Avoid in the Enterprise

Posted on by

How does Star Trek’s information security stack up against current cybersecurity hygiene best practices? Turns out the future’s not so bright.

The post 4 Information Security Slipups From ‘Star Trek: Discovery’ to Avoid in the Enterprise appeared first on Security Intelligence.

Continue reading 4 Information Security Slipups From ‘Star Trek: Discovery’ to Avoid in the Enterprise

The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018

Posted on by

In 2018, IBM X-Force researchers observed organized cybercrime groups collaborating, rather than competing over turf or even attacking each other, for the first time.

The post The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018 appeared first on Security Intelligence.

Continue reading The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018

Embrace the Intelligence Cycle to Secure Your Business

Posted on by

Whether you’re protecting data, financial assets or even people, the intelligence cycle can help you gather data and contextualize it in terms of what you already know and what you hope to learn.

The post Embrace the Intelligence Cycle to Secure Your Business appeared first on Security Intelligence.

Continue reading Embrace the Intelligence Cycle to Secure Your Business

Stay Ahead of the Growing Security Analytics Market With These Best Practices

Posted on by

Armed with security analytics tools, organizations can benefit from big data capabilities to analyze data and enhance detection with proactive alerts about potential malicious activity.

The post Stay Ahead of the Growing Security Analytics Market With These Best Practices appeared first on Security Intelligence.

Continue reading Stay Ahead of the Growing Security Analytics Market With These Best Practices

Close the Gap on Advanced Threats With Integrated Security

Posted on by

Advanced threats are evolving faster than enterprise security, despite record spend. Organizations need an integrated ecosystem of solutions that provide visibility into anomalies and potential risks.

The post Close the Gap on Advanced Threats With Integrated Security appeared first on Security Intelligence.

Continue reading Close the Gap on Advanced Threats With Integrated Security