ADVANCED PERSISTENT ADWARE: ANALYSIS OF NATION-STATE LEVEL TACTICS

Abstract The Booz Allen Dark Labs’ Advanced Threat Hunt team discovered a unique form of adware lurking on networks that evades all traditional forms of cyber defense. The adware is a previously known threat that is commonly used to inject advertisements into a user’s browser and covertly collect information about the user’s browsing activity. This adware employs advanced techniques commonly seen in Nation-State-level APTs to evade detection, maintain persistence, and connect to Command and Control (C2) servers to initiate a stage 2 attack. Dark Labs Advance Hunt team identifies adware with Nation State APT behavior – evasion, persistence and C2 connection points The Booz Allen Dark Labs’ Advanced Threat Hunt team recently discovered a unique form of adware lurking on networks that evades all traditional forms of cyber defenses. The adware is a previously known threat that is commonly used to inject advertisements into a user’s browser and covertly collect information about […]

The post ADVANCED PERSISTENT ADWARE: ANALYSIS OF NATION-STATE LEVEL TACTICS appeared first on Cyberscoop.

Continue reading ADVANCED PERSISTENT ADWARE: ANALYSIS OF NATION-STATE LEVEL TACTICS

Tech Brief: Is your SOC ready for the next-generation threat?

Just as hackers develop new offensive tools, tactics and procedures, agencies must constantly change their techniques to match today’s sophisticated threats. A “next-generation” Security Operations Center (SOC) lets defenders find these new threats while making networks harder to exploit and data more secure. While most organizations already have the tools for a next-generation SOC, a full transition will allow analysts to hone their skills so they become more effective and efficient, stopping threats faster than ever before. The hunt is on The primary goal of a next-generation SOC is to identify and respond to cyberthreats in rapid fashion – even the so-called “unknown-unknowns” that do not meet any predefined rules. Tools alone will not stop malicious actors, as they’ve continually learned to evade and adapt to the latest tech. With a transition to a next-generation SOC, these threats can be quickly discovered, allowing security analysts to find the unfindable, such […]

The post Tech Brief: Is your SOC ready for the next-generation threat? appeared first on Cyberscoop.

Continue reading Tech Brief: Is your SOC ready for the next-generation threat?

Booz Allen scores $621M DHS contract for government-wide cybersecurity program

Multinational consulting giant Booz Allen Hamilton has been awarded a six-year, $621 million contract to further develop and implement the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, a government-wide cybersecurity effort to monitor and protect federal networks. The award is tied to the Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Program, part of CDM Phase 3. Booz Allen was among a small group of contractors also involved in prior stages, providing a total of 13 federal departments and agencies with cybersecurity software that can help spot and mitigate malicious activity. “Our work will expand into new areas of cybersecurity, like incident response and automation,” Marcie Nagel, a Booz Allen principal and leader of the firm’s CDM work, said in a release. “This work aims to help these federal departments and agencies leverage new capabilities that will ultimately empower our clients to defend their networks faster with […]

The post Booz Allen scores $621M DHS contract for government-wide cybersecurity program appeared first on Cyberscoop.

Continue reading Booz Allen scores $621M DHS contract for government-wide cybersecurity program

Booz Allen Hamilton seeks to boost commercial cybersecurity service with new acquisition of startup

Management consulting firm Booz Allen Hamilton is acquiring Morphick, a small, Cincinnati-based cybersecurity firm which has developed a digital platform for threat detection, breach investigation and response. Booz Allen Hamilton announced the agreement to purchase Morphick in a press release on Friday, saying the acquisition will bolster the cybersecurity profile available to clients. Company executives explained that the acquisition will complement existing cybersecurity services already provided by Booz Allen Hamilton. “The addition of the Morphick team and technology further solidifies the firm’s ability to solve increasingly advanced cyber challenges,” said Booz Allen Hamilton President and CEO Horacio Rozanski. The consulting giant already offers threat intelligence products through another service called Cyber4Sight. Morphick, a firm of about 40 people, sells a managed detection and response service, which can provide “organizations with the ability to effectively detect and remediate cyber attacks of all types; ranging from zero-day exploits and privilege escalation to ransomware,” according to […]

The post Booz Allen Hamilton seeks to boost commercial cybersecurity service with new acquisition of startup appeared first on Cyberscoop.

Continue reading Booz Allen Hamilton seeks to boost commercial cybersecurity service with new acquisition of startup

Viacom left master keys exposed on a public AWS server

The American media giant Viacom left one gigabyte of sensitive files publicly exposed, according to researchers from the cybersecurity firm UpGuard. It’s the latest in a long string of incidents in which a wide spectrum of companies have found out that moving to cloud computing like Amazon Web Services can come with cybersecurity pitfalls resulting from misconfiguration mistakes. The exposed files included Viacom’s secret cloud keys — information that a hacker could have used to take control of the company’s cloud servers. “Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies,” UpGuard’s Dan O’Sullivan explained. “The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen.” UpGuard researcher Chris Vickery originally found the leak Aug. 30 and notified Viacom the […]

The post Viacom left master keys exposed on a public AWS server appeared first on Cyberscoop.

Continue reading Viacom left master keys exposed on a public AWS server

NSA inspector general nominee pledges to investigate contractor leaks, whistleblower protections

The National Security Agency’s prospective new inspector general testified on Wednesday that he will investigate the intelligence agency’s problem of repeated contractor leaks. Robert Storch, the Justice Department’s deputy inspector general since March 2015, was first nominated in November by then-President Barack Obama. President Donald Trump nominated Storch again in June. Storch would become the NSA’s first independent watchdog. Storch sat before the Senate Intelligence Committee Wednesday, with questions about leaks sandwiched between inquiries about whistleblower protections at the NSA, two intimately related subjects that have moved to the center of the U.S. political universe over the last several years. Sen. Dianne Feinstein, D-Calif., asked that Storch’s new job quickly turn to the issue of NSA’s security woes. “I want to express a concern I have about NSA,” Feinstein said. “Beginning with [Edward] Snowden, we have had three major thefts of people walking out with classified material. I have spoken to the heads […]

The post NSA inspector general nominee pledges to investigate contractor leaks, whistleblower protections appeared first on Cyberscoop.

Continue reading NSA inspector general nominee pledges to investigate contractor leaks, whistleblower protections

Recruitment and retention of ‘cyber ninjas’ doesn’t have to be a dark art, report says

Those on the front lines of the cybersecurity workforce crisis are dogged by one question above all others: how to recruit and retain the highly technically skilled personnel they need. Now, thanks to the SANS Institute, they have some fresh answers — at least in the government contracting sector. The institute, an information-security training provider and research clearinghouse, analyzed a list of the top 100 U.S. government contractors, and identified the eight companies which score highest on two indices reflecting metrics developed by the Center for Strategic and International Studies think tank last year. The eight firms are all major U.S. defense and intelligence  contractors, called systems integrators because they build IT and other business systems for the government by assembling hardware, software and services from multiple vendors. According to the SANS analysis, the eight companies have had “remarkable success” in recruiting and retaining the highly technically skilled individuals that the CSIS report dubbed “cyber […]

The post Recruitment and retention of ‘cyber ninjas’ doesn’t have to be a dark art, report says appeared first on Cyberscoop.

Continue reading Recruitment and retention of ‘cyber ninjas’ doesn’t have to be a dark art, report says

Booz Allen Hamilton leaves 60,000 unsecured DOD files on AWS server

Leading U.S. military contractor Booz Allen Hamilton has been found to have left over 60,000 sensitive files on a publicly accessible Amazon Web Services server, according to a leading cybersecurity researcher. The files were discovered by Chris Vickery, an analyst at the cybersecurity firm UpGuard, who told CyberScoop it’s “highly likely” that malicious actors are downloading this publicly exposed data but said it remains unclear if anyone realized and acted on the gravity of the exposed data. On May 26, four days after the discovery was first made, the U.S. government requested UpGuard preserve the data they discovered during their investigation. UpGuard is not naming the specific agency they spoke with in compliance with their request. The data leakage was first reported by Gizmodo on Wednesday. The revelation came just hours after a company spokesperson said the former FBI director Robert Mueller’s review of Booz Allen Hamilton security, personnel and management practices is “substantially complete.” The final report […]

The post Booz Allen Hamilton leaves 60,000 unsecured DOD files on AWS server appeared first on Cyberscoop.

Continue reading Booz Allen Hamilton leaves 60,000 unsecured DOD files on AWS server

US Defense Contractor left Sensitive Files on Amazon Server Without Password

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation’s top intelligence contractor without a password, according to a new report.

UpGuard cyber risk analyst Chris Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon

Continue reading US Defense Contractor left Sensitive Files on Amazon Server Without Password