Top Cybersecurity Boss Talks Priorities

The country’s top cybersecurity boss said the country is headed the wrong way when it comes to cybersecurity.

BOSTON–Citing Mirai and WannaCry as recent examples, Rob Joyce, special assistant to the president and cyber security coordinator for the White House, said the global landscape of cyber threats can’t be ignored and the U.S. needs to sharpen its defenses when it comes to fending off attacks.

“If you step back and look at the trend lines for cybersecurity, they are going the wrong way. You only have to look at last week at WannaCry to understand,” Joyce said during a talk sponsored by Massachusetts Technology Leadership Council.

Last week, President Donald Trump signed an executive order that prioritizes the protection of federal networks, critical industries and works to implement the NIST Framework. It’s Joyce’s job to carry it out. Joyce, former chief of the NSA’s office of Tailored Access Operations, was tapped by Trump in March for the role.

“The Trump administration signed an executive order that allows us to get our legs underneath us in terms of cybersecurity,” he said. “With this executive order we are going to step back and we are going to manage the federal government’s IT activity as a single enterprise. Even though we are talking millions-upon-millions of assets and thousands-upon-thousands of networks, we are going to step back and try to view it as a sum total of risks.”

Joyce said Trump’s cybersecurity executive order consisted of three main pillars, or priorities. One included securing the federal networks. Joyce said that pillar shared many of the same challenges of private enterprise faces, from difficulties in finding qualified cybersecurity professionals, handling risk between agencies and being able to defend against hacks and contain breaches should they happen.

“We know we aren’t going to be able to defend against all breaches. So we need to have methods for detecting early and defend against them and compartmentalize them so that breaches don’t cascade into massive data losses… We need to able to take hits and contain damage and restore capability quickly,”  he said.

The second pillar is working with private industry to make sure portions of the United States’ privately owned critical infrastructure, made of 16 sectors, can defend against attacks and rebound if it should take a hit.

“So, with those interrelated and interdependent systems, we understand our critical infrastructure is probably not in the state we need to be to survive a deliberate or natural hazard,” he said.

Part of working with private industry will include an initial focus on defending against Mirai-like DDoS attacks and mitigating against IoT botnets. “Recent events, Mirai botnet and others, showed how just how vulnerability we are to technologies that have been pushed into the ecosystem–often without really strong plans for security.”

Joyce added that much of the Trump’s cybersecurity focus would also include working with private companies to better identify APTs  and improve the amount of sharing between government and private companies.

Lastly, strengthening cyber defenses and boosting deterrence was another priority along with reaching out to other countries to fight global threats.

“It’s going to take a coalition of like-minded countries to advance the global common space we have here,” he said. “We will be looking to foster an open interoperable, reliable and secure global internet that benefits the U.S. and the rest of the world. We built the internet and gave it to the world, we think it’s very important that it continues to reflect our values.”

In his hour-long address, Joyce also touched on hot button topics such as net neutrality and recent proposed changes to the Vulnerabilities Equities Process.

“When you look at net neutrality, that is one of the sticky decisions that has to be made in the regulator space… But, we have to find a balance point between what we have today and allow some changes… If you are just are going to have a pipe that lets everything straight through, you are inviting people through your unlocked door,” Joyce said.

He said that government and private service providers can’t be hamstrung in cases where internet traffic used for malicious purposes must be left alone.

When asked about the Vulnerabilities Equities Process, Joyce said he was noncommittal about pending changes, however leaned toward the status quo.

“There is a process to legislate the VEP. We are working with Congress about that right now. I do have some concerns because legislators are talking about giving authority to a non-neutral entity. I think the processes right now gives us the balance where we don’t have the offense or the defense with too much thumb on the scale.”

via Trump’s Cybersecurity Boss Talks Priorities — Threatpost | The first stop for security news

Share

Digital Forensics and Security Toolkit to be made available online

My student Mattias Huber presenting a tool for detecting Malware at the CSU Channel Islands Computer Science Capstone Showcase on May 11, 2017.

This tool can be used to upload a target file, directory, or URL to Virus Total, a website that scans the target with around 60 virus scanners from the industry. If the target is not already in the Virus Total database, the scan will be queued and completed shortly. As this is an asynchronous process, this tool is useful in uploading jobs, checking if jobs have completed, and displaying reports on completed jobs. The system also keeps track of all files uploaded, performs checks on already uploaded files to save bandwidth, saves all completed reports in a list, and all positive reports in a separate list.

Utilizing Amazon Web Services (AWS), Elastic Compute Cloud (EC2), and Simple Storage Service (S3), this system can be set up allow users to place files into a S3 bucket which will then be scanned automatically and user can be notified of any possible positives found.

  1. The User places a file they wish to scan into the S3 bucket, such as http://mybucket.s3.amazonaws.com
  2. A dedicated EC2 instance watches the bucket, detects the new file, and uploads the file to Virus Total.
  3. The EC2 instance waits until Virus Total returns a completed report.
  4. If any positives are found the instance notifies the user, otherwise the report is added to the completed list.

Virus total has a public API that is limited to 6 uploads per minute, but CSU Channel Islands was granted research API access which is limited to 600 uploads per minute.

Mattias is going to make this tool available for everyone through GitHub.

Capstone Showcase Spring 2017; see here for more details and here for more pictures.

Share

The day after: world-wide cyberattack has companies and institutions scrambling

What is it?
Attackers, using a tool allegedly stolen from the U.S. National SecurityAgency, took advantage of flaws in Microsoft Windows systems to spread malware around the world on Friday. The “ransomware” encrypts files, effectively hijacking computer systems, and demands money, in the form of bitcoin, in exchange for decrypting them. Microsoft Corp. had issued a fix, or patch, for the flaw on March 14.

How big is it?
Kaspersky Lab, an antivirus vendor, said it has tracked 45,000 instances of the attack, dubbed WannaCry, in 74 countries around the world, mostly in Russia. Other hot spots include Ukraine, India and Taiwan. Computer security experts say, however, the virus’s spread has been contained by the actions of a private security researcher who found a “kill switch” inside the virus.

Who has been hit?
Victims include Britain’s National Health Service, FedEx Corp., car makers Nissan Motor Co. and Renault SA, Germany’s biggest train operator as well as Russian banks. China state media reported early Saturday that some gas stations and universities have been affected.

Has anyone paid the ransom?
It is impossible to say. Screenshots of affected computers indicate hackers are asking for as little as $300 in bitcoin from affected users. The chief data officer at Telefónica, a Spanish telecom provider hit by the virus, said in a personal blog post that a bitcoin account associated with the attackers shows they haven’t “achieved much real impact.” That account had received only 25 payments by midafternoon Saturday in Europe. It is very likely though that the attackers used many accounts. U.K. Home Secretary Amber Rudd told the British Broadcasting Corp. that the government has advised the NHS not to pay.

https://apple.news/AKF-mEQ9GTWGfgHb8_ke9bA

Share

WannaCry

A cyber-attack that hit organisations worldwide including the UK’s National Health Service was “unprecedented”, Europe’s police agency says.
Europol also warned a “complex international investigation” was required “to identify the culprits”.
Ransomware encrypted data on at least 75,000 computers in 99 countries on Friday. Payments were demanded for access to be restored.
European countries, including Russia, were among the worst hit.
Although the spread of the malware – known as WannaCry and variants of that name – appears to have slowed, the threat is not yet over.
Europol said its cyber-crime team, EC3, was working closely with affected countries to “mitigate the threat and assist victims”.
In the UK, a total of 48 National Health trusts were hit by Friday’s cyber-attack, of which all but six are now back to normal, according to the Home Secretary Amber Rudd.
The attack left hospitals and doctors unable to access patient data, and led to the cancellation of operations and medical appointments.
Who else has been affected by the attack?
Some reports say Russia has seen more infections than any other country. Banks, the state-owned railways and a mobile phone network were hit.
Russia’s interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised.
In Germany, the federal railway operator said electronic boards had been disrupted; people tweeted photos of a ticket machine.
France’s carmaker Renault was forced to stop production at a number of sites.
Other targets have included:
■ Large Spanish firms – such as telecoms giant Telefonica, and utilities Iberdrola and Gas Natural
■ Portugal Telecom, a university computer lab in Italy, a local authority in Sweden
■ The US delivery company FedEx
■ Schools in China, and hospitals in Indonesia and South Korea
Coincidentally, finance ministers from the G7 group of leading industrial countries had been meeting on Friday to discuss the threat of cyber-attacks.
They pledged to work more closely on spotting vulnerabilities and assessing security measures.
Read more:
‘I was the victim of a ransom attack’
Who has been hit by the NHS cyber attack?
Explaining the global ransomware outbreak
A hack born in the USA?
How did it happen and who is behind it?
The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down “one by one”.
NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.
The infections seem to be deployed via a worm – a program that spreads by itself between computers.
Most other malicious programs rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.
By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.
It is not clear who is behind the attack, but the tools used to carry it out are believed to have been developed by the US National Security Agency (NSA) to exploit a weakness found in Microsoft’s Windows system.
This exploit – known as EternalBlue – was stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a “protest” about US President Donald Trump.
A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled.
Microsoft said on Friday it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such Windows XP (which the NHS still largely uses), Windows 8 and Windows Server 2003.
The number of infections seems to be slowing after a “kill switch” appears to have been accidentally triggered by a UK-based cyber-security researcher tweeting as @MalwareTechBlog.
But in a BBC interview, he warned that it was only a temporary fix. “It is very important that people patch their systems now because there will be another one coming and it will not be stoppable by us,” he said.
‘Accidental hero’ – by Chris Foxx, technology reporter
The security researcher known online as MalwareTech was analysing the code behind the malware on Friday night when he made his discovery.
He first noticed that the malware was trying to contact an unusual web address but this address was not connected to a website, because nobody had registered it.
So, every time the malware tried to contact the mysterious website, it failed – and then set about doing its damage.
MalwareTech decided to spend £8.50 ($11) and claim the web address. By owning the web address, he could also access analytical data. But he later realised that registering the web address had also stopped the malware trying to spread itself.
“It was actually partly accidental,” he told the BBC.
Blogger halts ransomware ‘by accident’

Share

Rebuild our defenses for the information age – AEI

The Defense Department still uses 8-inch floppy disks and computers from the 1970s to coordinate nuclear forces, according to a report last year from the Government Accountability Office. Many of the Pentagon’s communications systems are so vulnerable to sabotage that the Army and Navy regularly practice fighting without them. Satellites can be shot down by missiles or have their sensors dazzled by lasers. Their ground links can be jammed or hacked.

Dale Hayden, a senior researcher at the Air Force’s Air University, told an audience of aerospace experts earlier this month that proliferation of antisatellite technology has put America’s communications networks at risk. “In a conflict, it will be impossible to defend all of the space assets in totality,” he said. “Losses must be expected.”

It has never been easier for America’s adversaries—principally Russia and China, but also independent nonstate actors—to degrade the U.S. military’s ability to fight and communicate. Senior military officials have expressed grave doubts about the security of the Pentagon’s information systems and America’s ability to protect the wider commercial virtual infrastructure.

Source: Rebuild our defenses for the information age – AEI

Share

CI press release re my forthcoming SAME talk on cybersecurity

CSUCI Cyber-security expert to speak at on-campus engineering convention.

Camarillo, Calif., Feb. 20, 2017—Whether it’s personal information, medical records, national security or election results, computer hacking is a rising national and global concern.

CSU Channel Islands (CSUCI) Computer Science Chair and Professor Michael Soltys, Ph.D., will share his cybersecurity expertise to an audience of professional engineers from 11 a.m. to 2 p.m. on March 23 in the Grand Salon.

“Our society is under constant cyber-threat, as our infrastructure, our economy, and our privacy, depend on secure IT systems,” Soltys said. “My talk will consider the major threats, and present examples of how hackers attack our systems.”

Sponsored by the nonprofit Oxnard Ventura Post of the Society of American Military Engineers, the presentation is geared toward an audience with a high degree of computer expertise, so Soltys plans to share cybersecurity best practices.

“I plan to give more of a technical talk from the engineering point of view,” Soltys said. “How to write code that is more defended. I plan to show techniques hackers use to get into systems.”

One of the principal causes of cyber-vulnerability is faulty software, a problem Soltys addresses in a textbook on algorithms he wrote for software engineers.

Aside from his teaching at CSUCI, Soltys also acts as Director of IT Security for Executek International where he specializes in forensic work.

The public is welcome at the presentation, which is on campus at One University Drive in Camarillo. Cost is $30 a person for lunch.

Follow the directional signage to Parking Lots A-4 and A-11, then follow “walk this way” signage to the Grand Salon.

To register for the presentation, click on:

http://www.same.org/Oxnard-Ventura

 

Share

Study examines websites’ password practices

Global IT giants including Amazon and LinkedIn could be doing far more to raise awareness of the need for better password practices among their users.

Analysis by Professor Steve Furnell, Director of the Centre for Security, Communications and Network Research at Plymouth University, looked into the password security controls in place among ten of the world’s most visited websites.

It revealed very few of them give detailed guidance about the importance of providing secure passwords, either when users were creating or updating accounts.

The majority also provided little or no information about the reasons why password protection is important, and while some did make suggestions about best practice, very few went on to enforce their own advice.

via Study examines websites’ password practices – Plymouth University.

Share

Cybercrime: Thieves in the night

CRIME has been falling in Britain since the mid-1990s, as it has in much of the rich world. Car-related theft has plummeted by 79% since 1995 and burglary by 67%. The decline is partly due to technology; car immobilisers and house alarms make such crimes harder. The increased use of CCTV and DNA databases means criminals are more likely to be caught, and the rewards for burglary have decreased anyway because electronic gadgets are so cheap. The falling crime rate has come alongside big recent cuts in police budgets. By 2015, the coalition government will have trimmed 20%. Meanwhile, crime has moved online.

Britain is particularly at risk when it comes to cybercrime, argues Charlie McMurdie, a cyber-security expert at PricewaterhouseCoopers (PWC), a consultancy. It is rich, its infrastructure for moving money around is slick, and it is saturated with technology. Over 60% of the population use smartphones. More than 80% of households are connected to the internet. Three-quarters of them shop online. According to PWC, 69% of companies in Britain experienced a cyber-security incident in the past year, compared to 59% globally.

via Cybercrime: Thieves in the night | The Economist.

Share

About to attend ACM Webinar Getting Cyber Safety Through to Employees

People are and always will be the weakest link in security. Yet, it’s an often overlooked topic. This session discusses people skills, influence, and social engineering in security education. This session will educate attendees on human motivation and interaction, how security controls may be bypassed by a person’s intentional or unintentional acts, and methods for reducing the cyber risks associated with people. It concludes with online references that can be immediately used to inform on simple steps for cyber safety.

via Event Lobby (EVENT: 904250).

Share