source: tripwire.com

The war between security experts charged with the responsibility of protecting information and cyber-criminals who threaten to compromise the integrity of data for different entities has become a cat and mouse game.

For instance, as soon as white hats counter one form of malicious behavior using encryption tools, there is the almost immediate development of yet another malevolent form of threat for information systems.

The increasing digital connectivity and the automation of virtually all processes in the world of business throughout the whole value chain have led to the creation of agility. This has also led to the development of extremely high levels of threat and significantly raised the risk of cybersecurity.

The building of cyber-security into applications is critical in addressing such risks, as well as all the devices that are interconnected from the very beginning. In this article, we are going to highlight the emerging technologies that will boost the security of information systems from being compromised by hackers.

HARDWARE AUTHENTICATION

It is a well-known fact that passwords and usernames used by a majority of data users are weak. This makes it easy for hackers to get access to the information systems and compromise sensitive data of a business entity or government agency.

In turn, this has exerted pressure on experts of systems security to come up with authentication methods that are more secure. One of the ways that has been used is the development of user hardware authentication.

 source: securityweek.com

Adversaries Most Likely Want to Acquire a “Red Button” Capability That Can be Used to Shut Down the Power Grid

Last October the United States Computer Emergency Readiness Team (US-CERT) published a technical alert on advanced persistent threat (APT) activity targeting energy and other critical infrastructure sectors. Recently, it was updated with new information uncovered since the original report, and there are some interesting revelations this time around.

Since the initial alert, The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), working with U.S. and international partners, determined that attacks were already underway and being carried out by unspecified threat actors. The new report contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by APT actors on compromised victims’ networks.

The boldest revelation is the decisive manner in which the unspecified “threat actors” are explicitly identified. There is no equivocation; what was once believed to be an amorphous “threat actor” has now been identified as the “Russian Government”.

Also eye opening is the update of the campaign timeline. In the original alert, the earliest detection of the threat was May 2017. It has been subsequently amended to March 2016. This underscores that the threat and targeting of critical infrastructure began nearly 15 months earlier than previously thought. One thing that hasn’t changed in the updated alert is that the attack campaign is “still ongoing,” meaning targets are still vulnerable and at risk.

As for reconnaissance and weaponization, in the original alert DHS identified the then “threat actor” as being interested in website and open source material pertaining to critical infrastructure. The report stated that no compromise was detected. The new alert reneges the “no compromise” statement and provides a very detailed description of how the Russians used malware to compromise industrial control system (ICS) networks. Moreover the use of zero day, APT and backdoor techniques all indicate the sophistication and intent of the activity designed to take over US critical infrastructure.

The breadth of these attacks are not only deeper but also broader than originally thought. Because it is infinitely easier to hack into a trade magazine website than into a critical infrastructure network, the report also notes the use of “watering hole” attacks; architected to compromise machines belonging to ICS personnel that visited popular online news outlets. Once installed this malware could be easily used for account takeovers.

The updated alert also reveals the effort put into exploitation. The October alert stated, “there is no indication that threat actors used Zero Day exploits to manipulate the sites.” This statement has been removed from the March report, meaning the Russians were specifically targeting and significantly investing in advanced exploits in order to access U.S. critical infrastructure. Also new, for the first time, the attackers attempted to cover their tracks, making it much harder to understand exactly what facilities were compromised.

 source: cnet.com

A Russian man accused of orchestrating hacks of LinkedIn, Dropbox and Springform systems in 2012 is now on US soil after being extradited from the Czech Republic to San Francisco.

The US Department of Justice indicted Yevgeniy Nikulin in 2016 with aggravated identity theft and computer intrusion that compromised millions of usernames and passwords. Nikulin traveled to Prague and was arrested in October 2016. Soon after, he was subject to two competing extradition orders. One was from the US, and the other was from Russia.

Nikulin appeared in a San Francisco federal courtroom on Friday. He denies all the charges, according to CNN.

"Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans," US Attorney General Jeff Sessions said in a statement. "This is deeply troubling behavior once again emanating from Russia."Extraditions of Russians accused of hacking are rare. The Russians accused of hacking Yahoo in 2012 are still at large in Russia, although one person accused of working with them has been extradited from Canada. The US hasn't indicted any of the Russians it says are responsible for the hacks on the Democratic National Committee and other organizations leading up to the 2016 elections in the US. In March, the White House announced sanctions against Russia for the alleged hacking campaign.

LinkedInDropbox and Formspring (now under the brand Twoo) all experienced hacks of millions of their users' account information in 2012. 

"We've been actively monitoring the FBI's case to pursue those responsible for the 2012 breach of LinkedIn member data," LinkedIn said in a statement. "We are glad to see this progress and appreciate the hard work of law enforcement to resolve this investigation."

Dropbox and Formspring didn't immediately respond to requests for comment.

The Russian Embassy in the US didn't immediately respond to a request for comment.

 source: securityweek.com

Do you allow your employees to surf using open wireless networks from their phones or laptops? What are the easiest ways that attackers can sniff email or gain access to corporate information from these devices? What are the best ways to protect corporation information on the go?

Open Wi-Fi is becoming increasingly pervasive on Main Street, but it's rarely secure. Ubiquitous franchise operations, including Starbucks and McDonald's, now offer their customers free wireless Internet access from tens of thousands of branches throughout the United States and beyond. A productivity boon to mobile workers using laptops, smartphones or tablets, these convenient services nevertheless present security risks of which security officers should be aware.

Facing the trade-off between user friendliness and security, operators of public Wi-Fi hot spots are increasingly choosing in favor of customer convenience. Free Wi-Fi can be a cheap loss leader to attract business, and making hot spots easily accessible reduces the time and expense required to retrain baristas as technical support operatives. This means, though, that the responsibility for data security is delegated to the user. But if the user is one of your employees who is using public Wi-Fi to access corporate systems such as e-mail, the onus is actually on you. Attacks over unsecured Wi-Fi are often surprisingly easy to execute, but there are defenses that can be deployed.

Packet Sniffing

Unencrypted traffic passing over the public airwaves is prone to be captured by attackers. Packets can be "sniffed" from the air and reassembled into usable information, such as passwords and cookies, on the attacker's laptop. Some older forms of wireless encryption, such as Wireless Equivalent Privacy (WEP), are not sufficient to prevent such attacks; tools have existed for several years that let inexperienced hackers crack WEP keys in as little as five minutes.