Cyber Security Intelligence

Twitter< Follow on Twitter>

May Newsletter #1 2015

Elite cyber crime group strikes after attack by APT gang

One day last year, an obscure cyber espionage group sent a spear phishing e-mail. It carried the usual trappings of a spear phish sent by advanced persistent threat actors. It was short, appeared to come from an address the target knew, and attached a payload that when clicked surreptitiously installed potent malware on the reader's computer.

But there was something highly unusual about this spear phish, one that would throw the once-shadowy Hellsing group into the limelight. According to analysis from antivirus provider Kaspersky Lab, the targeted group in the spear phish wasn't a government agency or embassy as is usually the case. Instead, it was Naikon, one of Asia's largest APT (Advanced Packaging Tools) gangs and a rival to Hellsing. Naikon has been active for years and is known for attacks targeting government and military leaders, diplomats, aviation authorities, and police in countries such as the Philippines, Malaysia, Cambodia, and Indonesia.

Parenthetically, a few weeks after Kaspersky Lab researchers observed Naikon targeting Hellsing came the March 8, 2014 disappearance of Malaysia Airlines Flight 370. Three days later, Naikon launched a campaign that hit most of the countries involved in the search, with booby-trapped e-mails sent to political and military leaders, diplomats, civil aviation authorities, and police. The Naikon gang, it seemed, was eager to learn whatever it could about the behind-the-scenes recovery mission for the missing flight.

Kaspersky Lab researchers said Hellsing is known to have infected only about 20 organizations, an indication of just how niche and selective the attack group is. Hellsing is also highly selective about the regions it targets, limiting them to the US, Malaysia, the Philippines, Indonesia, and India. The name Hellsing comes from the project title a developer carelessly left in some of the malicious binaries the group uses in its campaigns. It remains unknown if Hellsing succeeded in its attempt to infect Naikon.

An analysis of the command and control infrastructure shows Hellsing has ties to fellow groups known as PlayfulDragon, Mirage, and Vixen Panda.

Server locations also suggest links to the APT group known as Cycldek or Goblin Panda. Kaspersky's blog post lays out a feast of other technical details about the gang. This may have been one of the first times an APT-on-APT attack has been witnessed, but it's probably not the last.

Ars Technica:

Russian Hackers Use Flash Zero-Day Flaws

Chinese hacker groups were among first to target networks isolated from Internet, so-called air-gapped networks that are not directly connected to the Internet, according to FireEye. And now there has been?a fresh attack by a long-known hacking group suspected to be linked with Russia.

The computer security firm FireEye wrote that the group, called APT 28, attacked an "international government entity", using two recently disclosed software flaws, one of which has not been patched.

The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems' Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.

In a white paper released last year, FireEye said APT 28 had conducted attacks against political and military-related organizations since at least 2007. The group compiles "malware samples with Russian language settings during working hours consistent with the time zone of Russia's major cities, including Moscow and St. Petersburg."

The malware delivered in the latest attack is very similar to CHOPSTICK, a backdoor known to be used by APT 28. In fact, the malware delivered in the latest attack used the same RC4 encryption key that was used by CHOPSTICK, FireEye said.


US Army Shares Cyber Warriors with Hollywood & Wall Street

At a time when the Pentagon arguably is losing a battle with industry for top tech talent, the Army is offering companies the resumes of its best cyberwarriors. This is one strategy US organizations are trying out to deal with a workforce challenge as persistent as the cyber threat.

In Colorado Springs, eight universities, eight industry employers and various federal agencies will gather to formalize the Army Reserve's Cyber Private Public Partnership, or Cyber P3.
Two soldiers already have landed jobs at Lockheed Martin and a national security-related firm through Cyber P3, which launched in February.

Part of the effort involves creating equivalent military and university cyber training programs, hence the meeting of the minds in Colorado Springs, home to program participant University of Colorado.

The initiative is designed to pump out 3,500 to 5,000 Army reserve soldiers. So far, 21 private employers have signed up to transition service members into civilian careers at Citibank, Microsoft, Fox Entertainment and Chevron, among other companies.

Recently, the Pentagon's principal cyber adviser Eric Rosenbach said preparations are underway for up to 2,000 reserve and National Guard personnel Defensewide to support surge forces in the event of a catastrophic cyberattack.

Cutting-edge competency is important for any professional, but especially for cybersecurity workers, who face new hacker tricks almost every day.

The Army estimates that cyber professional vacancies in the government, alone, number around 40,000. Each military service is moving to establish a cyber reserve component, with the Air Force being the furthest along. For example, by 2013, the Maryland Air National Guard had a volunteer network warfare squad to respond to military network intrusions. At the time, the Estonian ambassador likened the Air Force's program to her country's longstanding civilian cyber reserve.


Iran's Cyber attacks are now far more Sophisticated

In February, a year after the Las Vegas Sands was hit by a devastating cyber-attack that ruined many of the computers running its casino and hotel operations, the director of national intelligence, James Clapper, publicly told Congress what seemed obvious: Iranian hackers were behind the attack.

Sheldon Adelson, the billionaire chief executive of Sands, who is a major supporter of Israel and an ardent opponent of negotiating with Tehran, had suggested an approach to the Iran problem a few months before the attack that no public figure had ever uttered in front of cameras.

"What I would say is: 'Listen, you see that desert out there? I want to show you something,'" Adelson said at Yeshiva University in Manhattan in October 2013. He then argued for detonating a US nuclear weapon where it would not "hurt a soul," except "rattlesnakes and scorpions or whatever," before adding, "Then you say, 'See, the next one is in the middle of Tehran."

Instead, Tehran directed an attack at the desert of Nevada. Now a new study of Iran's cyber-activities, to be released by Norse, a cyber-security firm, and the American Enterprise Institute, concludes that beyond the Sands attack, Iran has greatly increased the frequency and skill of its cyber-attacks, even while negotiating with world powers over limits on its nuclear capabilities.
"Cyber gives them a usable weapon, in ways nuclear technology does not," said Frederick Kagan, who directs the institute's Critical Threats Project and is beginning a larger effort to track Iranian cyber-activity. "And it has a degree of plausible deniability that is attractive to many countries."

Kagan argues that if sanctions against Iran are suspended under the proposed nuclear accord, Iran will be able to devote the revenue from improved oil exports to cyber-weapons. But it is far from clear that that is what Iran would do.

When Clapper named Iran in the Sands attack, it was one of the few instances in which the United States had identified a specific country that it believed was using such attacks for political purposes. The first came in December, when President Barack Obama accused North Korea of launching a cyber attack on Sony Pictures. Other United States officials have said that Iran attacked US banks in retaliation for sanctions and that it destroyed computers at the oil giant Saudi Aramco in retaliation for the close Saudi ties with the United States.

The evidence from the Norse report, along with analyses by US intelligence agencies, strongly suggests that Iran has made much greater use of cyber-weapons over the past year, despite international sanctions.


Google Adds Real-Time Analysis to its Cloud Service

Google is betting that real-time processing is the future of big data analysis, and has updated two of its cloud services to help enterprises understand what is happening in the moment with their customers and operations.

Think of the mobile gaming company that wants to know which of its products has gone viral, or the security-sensitive enterprise culling its vast server logs for evidence of the latest security attacks.

Big data analysis growing

To this end, Google has launched a real-time data processing engine called Google Cloud Dataflow, first announced a year ago. It has also added new features to its BigQuery analysis tool, introduced in 2010. The two cloud services can be used together to facilitate the real-time processing of large amounts of data.

Now available as a beta, Google Cloud Dataflow provides the ability to analyze data as it comes from a live stream of updates. Google takes care of all the hardware provisioning and software configuration, allowing users to ramp up the service without worrying about the underlying infrastructure. The service can also analyze data already stored on disk, in batch mode, allowing an organization to mix historical and current analysis in the same workflow.

In addition to moving Cloud DataFlow into an open beta program, Google also updated its BigQuery service.

BigQuery provides a SQL (Structured Query Language) interface for large unstructured datasets. SQL is commonly used for traditional relational databases, so it is, almost universally understood by database administrators. With this update, Google has improved the service so it can now ingest up to 100,000 rows per second per table.


United Nations will Improve Cybersecurity

The 2012-2013 Report from the Group of Governmental Experts (GGE) recommended "regular institutional dialogue with broad participation under the auspices of the United Nations, as well as regular dialogue through bilateral, regional and multilateral forums, and other international organizations."

In typical UN fashion, the sentence attempts to please a number of constituencies without saying very much. First, it appeals to the United States and its allies by referring to "broad participation" and regular dialogue in venues outside the UN system.

Second, it appeals to Russia, China, India, Brazil, and others that would like to see the UN take a more central role in cyber matters, not only on issues related to international peace and security, but when they are related to broader issues like Internet governance.

Despite reaching a consensus on the need to talk more, the current GGE group will continue to argue over the appropriate place of the UN in discussions about cyber activity that can undermine international peace and security. The GGE will have two options to consider: status quo or something new.

While the GGE process has been instrumental in promoting the norm that international law applies to state behavior in cyberspace, the model is not sustainable for two reasons. First, GGEs have to be periodically renewed by the UN General Assembly, a process that can be upheld by politicking, deal-trading on unrelated issues, and pressures on the UN budget.
Second, the cyber GGEs are limited to a small number of states, five of which have always been the permanent members of the UN Security Council, and the membership changes every time a new GGE is created.

The UN's role in the military dimensions of cyberspace is likely to become a bargaining chip. While Russia and China may not push for a new UN cyber committee, middle income and developing countries in the current GGE such as Brazil, Kenya, Malaysia, and others may find it appealing as a way to develop expertise on the topic and could want to see a recommendation for a new group in the GGE's report.

The United States, which is comfortable with the status quo approach, will likely resist such a move unless it can obtain some concessions in return.


Cyber Insurance - An Ineffective Way of Dealing with Hacks ?

"In the long run, insurance, while it might mitigate the cost of a single catastrophic loss, is not an effective method of dealing with cyber breaches," said cybersecurity expert Alan Calder, the founder of international cybersecurity firm IT Governance Ltd.

He explained that while insurance may seem a good short-term means of reducing the cost of data breaches, coverage does not make you any safer; it merely provides a cushion for when you inevitably fall.

A much more sensible approach to addressing cybersecurity risks involves improving cybersecurity throughout the organization in order to prevent breaches in the first place, rather than spending on increasingly costly premiums.

This is why more and more organizations throughout the US are implementing the internationally recognized cybersecurity standard ISO 27001. ISO 27001 sets out the requirements of an information security management system (ISMS), an enterprise-wide approach to information security that addresses people, processes, and technology.

With their unique combination of standards, books, toolkits, software, training, and online consultancy, IT Governance's packages provide US organizations with all they need to implement the Standard and ensure their cybersecurity.

Ein News:

US Healthcare: Data Breaches Are Increasingly Common

Health care organizations are rethinking their reliance on compliance requirements as the primary way to protect patient data, according to a Harris Poll survey of 920 IT decision makers, which was conducted on behalf of Vormetric.

The survey results indicate that data protection in healthcare organizations has been driven largely by compliance requirements – 54 percent reported compliance requirements as the top reason for protecting sensitive data, and 68 percent rated compliance as very or extremely effective at stopping insider threats and data breaches.

At the same time, more than a quarter of respondents (26 percent) reported that their organization had previously experienced a data breach, and nearly half (48 percent) reported that in the last year their organization had failed a compliance audit or encountered a data breach.

However, the study indicates that priorities are changing, with respondents reporting that compliance is now their second priority for IT security spending at 39 percent. Preventing a data breach ranks first at 53 percent.

In addition, 63 percent of health care IT decision-makers report that their organizations are planning to increase spending to offset data threats.

An overwhelming 92 percent of respondents said their organizations are either somewhat or more vulnerable to insider threats, and 49 percent felt very or extremely vulnerable.

Additionally, 62 percent of respondents identified privileged users, those who have access to all resources available from systems they manage, as the most dangerous insiders. Partners with internal access and contractors ranked second and third.

The top factors driving IT security spending were data breach prevention at 53 percent, fulfilling compliance requirements and passing audits at 39 percent, and protection of financial and other assets at 38 percent.

"There is an evolution in process from a fixation on meeting compliance requirements, to protecting their organizations and patients from the consequences of data breaches," Kessler said. "In effect, they are beginning to protect patients' data as another element of protecting patients' health. Frankly, we think we'll see more health care organizations reset priorities as more breaches lead to financial and legal headaches. Sometimes, lessons need to be learned the hard way."


Will Biometrics Take Over From Passwords?

People are fed up with battling to remember dozens of passwords. Entering them several times a day on various devices disrupts users' flow and wastes time. Employers and service providers have started to realise this and are offering alternatives in the form of sensors and biometrics.

Fingerprint biometrics have been available on mobile phones for a while, but the addition of Apple's Touch ID marks a point of no return in the second coming of biometrics. While some security experts may be concerned about the use of fingerprints on their own, for customers it is a welcome escape from the struggle with passwords and the widely disliked two-factor authentication the banks inflict on them.


Dark Reading:

The 2016 USA Election Cyberwar Has Begun

While listening to National Public Radio the other morning, a government official was saying how it was getting difficult to attract the necessary cyber warriors that the our nation needed to protect itself. There was also discussion about raising the maximum age for folks wanting to join the military, so mid-career cyber professionals could enter the service.

So who is hiring all the cyber experts? Political groups are hiring computer savvy information technology companies to build voter profiles of millions of Americans. Recently, there is even discussion on the need to draft the necessary individuals if the need should arise. Only men are currently registered for the Selective Service. Selection could get interesting. The cyber personnel could be identified by their political leanings and drafted out of the opposition's companies. As secondary effects, programmers and mathematicians supporting stock traders working the markets would be fair game.

Cyber cleaners searching the Internet for information harmful to their clients' candidates could be drafted. Yes, we are certainly engaged in fighting cyber wars these days, but priorities appear to be more on waging a war for the hearts and minds of American voters than national security. Every search, message, post and purchase can be data mined to make sure your voting decisions can be influenced when required. The 2016 US Election Cyber War is well underway.

Ein News:

Cyber War Can Be Real War

While we're worrying, with justification, about the possibility of all-out nuclear war in the Middle East we also need to consider the possibilities inherent in a simple device that you are looking at right now.

That device is your computer, and the means of delivery of untold mayhem is the Internet. Revenge hacking is an old deal and recently The Democrats for Life web site, was maliciously hacked for by pro abortionists. Now big web sites experience frequent malicious attacks.

Recently, the Vatican was hacked. A group of hackers took credit for it, with a pompous statement claiming that they were attacking the Catholic Church, not individual Christians. Last month The World Weekly, which is a UK magazine, was shut down by hackers after they had criticized the Turkish president.

Cyber warfare has the potential to cripple entire nations in one swoop, and it can do it without spending a dime or firing a shot.

The primary purpose of bombing in warfare is to destroy the war-making capacity of a nation. The targets are the means of building armaments, transportation links and the infrastructure of the nation. If bombing is able to destroy these things, it will destroy the ability of the nation to carry war forward on a mass scale.

Cyber warfare can accomplish most of these same purposes. It can shut down economic systems, cripple or even halt modern manufacturing, bring the flow of traffic to a halt, and destroy communication at all levels of government, including among first responders. It can completely scramble the internal communications of nations or whole regions of the world.

Cyber warfare also has the potential to be the ultimate code-breaker. It can obtain data of all types from government, business and individuals, revealing their plans, finances and secrets.

Cyber warfare can be real warfare. If it is backed up with more traditional forms of war making such as bombing and troop deployment, its tactical impact is almost beyond reckoning.

Ein News:

How Can You Survive Cyber Warfare

As the threats of hacking and cyber attacks continue, and as Jews and the Jewish state increasingly become targets, how can you navigate the Internet without exposing yourself to attack?

Shlomi Adar, an Israeli information security specialist, has released eight simple instructions to avoid the common mistakes that allow hackers to target employees working at organizations.

1. Custom Permissions according to Position and Necessity – Adar began his list by calling to use organized permission definitions in having organization supervise employees' computer activities.

He recommended the limitation of installation permissions according to employee's positions, allowing the installation of applications needed for that position.

2. Surfing the Internet – the specialist warned against visiting websites not used for work, particularly free game sites which often have spyware or tracking software, as well as sports sites and online chats.

3. Using a Laptop – Adar warned against having employees carry a laptop between their work and home environment, noting the home network is less secure than an organizational connection.

He called to separate work and home connections and not allow children and other users to access the work laptop.

4. Loss or Theft of Laptops – laptops, tablets and smartphones are more prone to loss or theft given their portability, noted Adar, who called to encrypt mobile devices and install a system that can locate and erase information remotely if needed.

5. E-Mail – the most common cyber threat has become "phishing," or sending messages or e-mails to bait employees to click on links and then gaining access to sensitive information.

Hackers often disguise links to look as if they are from reputable sites like PayPal, banks, Gmail, Facebook and others, and a single click on such links may implant a virus in the computer or make the users update their personal information in a dummy imposter site, and that is how they actually give away extremely sensitive details to the hacker, including passwords, unknowingly.

6. Setting Passwords – Adar recommended opting for complex passwords with upper case and lower case letters along with numbers and special characters to block automatic password cracking software.

He also warned against using birth dates, children's names, or other information that can be reasonably guessed, and suggested changing passwords relatively often without reusing similar passwords.

7. Physical Security – information security is not just in the realm of the Internet; it also requires physically making sure that visitors to an organization's offices are closely escorted and have to identify themselves, and documenting their arrival and departure.

8. IT Department – no organization would be complete - or secure - without an IT department, which should be assigned on the organizational level with managing information security, control and monitoring.

The IT department likewise is tasked with implementing procedures to prevent human error.
Also, the organization has to hire external advisers (specialists) to fill in the needs the IT department is not expected to answer, such as handling emergency incidents and events or general unusual occurrences relating to information security.

Ein News:

NY Bank Regulator: Third Party Vendors Are a Backdoor to Hackers

Benjamin M. Lawsky, Superintendent of the New York State Department of Financial Services (NYDFS), released a report warning banks that insufficient security at third-party vendors could provide a backdoor for hackers to gain access to critical systems and pilfer sensitive financial information.

"A bank's cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data," Lawsky said.

Financial institutions rely on third-party vendors for a broad-range of services, ranging from law firms to companies contracted to maintain HVAC systems, and those vendors often have access to a bank's information technology networks, providing a potential point of entry for hackers as was seen in the Target breach.

NYDFS conducted a survey of 40 banks, including many of the largest institutions it regulates, examining the security standards those firms have in place in regards to their third-party vendors.

"Among other findings, the NYDFS report uncovered that nearly 1 in 3 banks surveyed do not require their third-party vendors to notify them of cyber security breaches," NYDFS said in a statement.

"I am deeply worried that we are soon going to see a major cyber attack aimed at the financial system that is going to make all of us to shudder. Cyber hacking could represent a systemic risk to our financial markets by creating a run or panic that spills over into the broader economy, "Lawsky.

"We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time."


United Airlines Bans Researcher After 'joke tweet'

United Airlines banned a security researcher from a flight after he tweeted that he might be able to hack the aircraft's systems. Chris Roberts was due to fly from Colorado to San Francisco to talk at a major security conference. Earlier, he tweeted he thought he could deploy the oxygen masks on board.

Despite the ban, United said: "We are confident our flight control systems could not be accessed through techniques [Mr. Roberts] described."

Mr. Roberts is the founder of cybersecurity firm called One World Labs that tries to find vulnerabilities in IT systems and alerts companies about them before they can be exploited by hackers. Mr. Roberts was taken from a United Airline's flight by the FBI who took his laptop away and then questioned him for four hours.

Chris Roberts had tweeted:
"Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)"

As part of his job, Mr. Roberts had given several interviews to the media in recent weeks in which he commented on the possible weak points of airline systems. He told Fox News: "Quite simply put, we can theories on how to turn the engines off at 35,000ft (10,668m) and not have any of those damn flashing lights go off in the cockpit." He had also told CNN that he could connect to a computer under his seat to view data from the aircraft's engines, fuel and flight-management systems.


Cyber Security in China: Internet Security is a Key Location Factor and a Challenge to Western Businesses

China's Internet and telecommunication giants are becoming more and more successful not only within China, but also outside the country. But how did they become that successful and why is the Chinese IT market increasingly challenging for western businesses?

In his latest China Monitor, Hauke Gierow (German Research Associate, MERICS) argues China is resolutely pushing /supporting the development of its own IT industry. But it is also isolating itself from international IT technology. By exercising control over major state-run businesses, the PRC is also maintaining its sovereign position in the IT sector.

Furthermore, the Chinese government supports the international expansion and sales endeavors of Chinese IT companies, the so-called 'national champions'. With their products, they are stepping up competition with Western companies in developing and emerging countries, while on the other side, companies like Huawei or Lenovo are also frequently alleged to open back doors for Chinese spying in the West.

According to Gierows findings, isolationism and protectionism within China lead to another problem for Chinese IT companies: the obligation to censor the Internet. Not only does censorship affect freedom of speech, but it also impacts the entire economy. 86% of European Companies now regard Internet censorship as a major obstacle to doing business in China, a survey quoted in the report finds.

In terms of foreign companies, censorship, cyber attacks, and protectionism in China do not only hurt their businesses but have also become a key location factor for foreign companies. They must comply with ever more stringent regulations in the IT sector, impeding their ability to protect business secrets and hindering international co-operation.

Hauke Gierow concludes that, instead of insistently calling for fundamental changes in Chinese internet policy, the Federal Government of Germany should negotiate specific improvements for German businesses, for example in terms of market access or protection of intellectual property rights.


IBM Watson is 'Our Moonshot' in Healthcare

A new IBM business unit launched last week to help physicians, researchers, insurers and patients use big data, analytics and mobile technology to achieve better health outcomes is being described by the company's chief executive officer as their "moonshot" in healthcare.

IBM has announced a new business unit called Watson Health that will offer cloud-based access to its Watson supercomputer for analyzing healthcare data. Big Blue has partnered with Apple, Johnson & Johnson and Medtronic to make it easier for healthcare organizations to store and analyze patient data by leveraging Watson's cognitive capabilities and creating "new health-based offerings that leverage information collected from personal health, medical and fitness devices" providing "better insights, real-time feedback and recommendations to improve everything from personal health and wellness to acute and chronic care."

With the first generation of computers they counted things. The second generation you have to program them. What Watson represent, we use the word cognitive, and this is a system that learns.

Three technology trends are converging at once, big data, cloud, and mobility, making medical breakthroughs possible. These technologies already represent 27 percent of IBM's business.
IBM says each person generates one million gigabytes of health-related data across his or her lifetime, the equivalent of more than 300 million books.

In July 2014, IBM and Apple joined forces to bring Big Blue's core competencies in big data and analytics to Apple's iPhone and iPad in an exclusive agreement whose goal is to create a new class of more than 100 industry-specific enterprise solutions, including native apps developed from the ground up for healthcare.


How Terrorists Are Turning Robots Into Weapons

Terrorists and college kids already have hacked into government drones. It's time to rethink security with the rise of robotics.

Their missions varied from intelligence collection to "kinetic operations against high value targets" such as launching Hellfire missiles against insurgents. The drone pilots remotely carrying out these operations seven thousand miles away in the Nevada desert intently watched live video feeds of their targets as they navigated their UAVs in pursuit of their quarry. As it turns out, they weren't the only ones watching.

Shia militants had figured out a way to hack the American flying robotic fleet and capture its live video feeds. Using a $26 piece of Russian hacker software known as SkyGrabber, commonly sold in the digital underground to steal satellite television signals, the insurgents were able to intercept the video footage emanating from the classified Predator drones. Thus as the Americans were watching the insurgents, the insurgents were watching back, providing them with a tactical advantage and vital intelligence on coalition targets. If the militants saw their house coming into close video focus, they knew it was definitely time to rapidly consider alternative housing options.

The students carried out their attack by successfully spoofing the drone's GPS and changing its coordinates, all using hardware and software they had built at school for under $1,000.

Unsurprisingly, others have taken notice, including the Iranians, who successfully used the same technique to jam the communication links of an American RQ-170 Sentinel drone overflying their country, forcing it into autopilot mode. The drone followed its programming and returned to base in Afghanistan, or so it thought. In reality, the Iranians had successfully spoofed the UAV's GPS signals, flying the robotic soldier right into the hands of the Islamic Revolutionary Guard Corps. The capture of the drone and its classified technology was a significant intelligence coup for the Iranians and provided yet further evidence that the day of robo-hacking has arrived.

But in this day and age, we not only have to worry about drones themselves being hacked. Terrorists are turning to robots as weapons, and they aren't limited to consumer-grade UAVs with small payloads. In both Iraq and Afghanistan, terrorists have deployed VBIEDs (vehicle-borne improvised explosive devices), commonly known as car bombs, to destroy multiple buildings and rock entire neighborhoods, with some vehicles' containing up to seven thousand-pounds of explosives.

Importantly, the rise of the criminal UAV is also completely incompatible with our current security paradigms. Prisons use tall, sharp, often electric fences to isolate criminals for reasons of public safety, a system that worked relatively well for hundreds of years. But our security and defense mechanisms were meant to protect us from offending human criminals, not robotic ones.

It's time to rethink that since drones can circumvent not only prison fences but, any fence, including those protecting your backyard, office building, or even national borders. In other words, the cyber threat is morphing from a purely virtual problem into a physical world danger.


Threat Intelligence Is a Two-Way Street

Intelligence analysis should be looked upon as less of a service and more of a partnership.

In the wake of public breaches of large enterprises, organizations are quickly realizing the need to develop cybersecurity strategies that include developing or acquiring technical and analytical solutions to support network defenders and decision makers alike. As a result, there has been a noticeable boon in the global cybersecurity industry, which is expected to grow to $155.7 billion by 2019, according to a report from Cybersecurity Ventures, a world market research organization.

One capability being offered by many of these cybersecurity companies is Cyberthreat intelligence, which usually encompasses a fusion of technical and threat analysis. Vendors promote their analytic capabilities to deliver accurate, timely threat information in order to provide advanced warning or decision-making advantage to their customers.

However, one challenge that all private security companies have in this space is getting the proper guidance and information from customers, which could be used to improve and focus analysis. An intelligence production cycle will typically have these components, though some organizations may have an added or subtracted step:

During the setting-requirements phase is when a customer will engage with an intelligence unit to identify and determine the issues that need to be covered and shape any intelligence requirements that need to be addressed. Granted, there are those occasions when customers may not know exactly what they want or don't know how to communicate it via their intelligence requirements. At these times, it is incumbent upon intelligence analysts to help educate and inform customers about the potential pitfalls that may result if requirements are not more advantageously scoped.

This is a critical stage of the process because if questions are not properly scoped and prioritized, collection strategies will be impacted, and the finished intelligence product may not be responsive or may be too vague to be useful. Time invested up front in setting prioritized focused requirements will prevent this from happening.

This is particularly important with cyber-intelligence because organizations can provide information unique to their particular environment and receive indicators and intelligence that help shape their cybersecurity postures. Indeed, Carnegie Mellon's Software Engineering Institute (SEI) echoes this sentiment in a January 2013 report reviewing how private companies conduct cyber-intelligence. SEI's key findings cited scoping the cyber-environment to an organization's mission as one of its recommended best practices for the cyber-intelligence industry.

Ultimately, intelligence analysis should be looked upon as less of a service and more of a partnership whose success relies on the full commitment and engagement of both intelligence producer and intelligence consumer. Organizations that adopt the intelligence cycle into their business practices will find that the more they provide to the process, the more they will receive. Sharing pertinent data such as technical data collected from hostile activity transpiring against networks, and providing advanced notice of business activities, will help focus analytic efforts on the most pertinent cyberthreats against the enterprise. In turn, this information can contribute to the larger community via threat indicators, thereby strengthening the greater collective's cybersecurity efforts.

Dark Reading:

US Defense Dept Has A New Cyber Strategy

The Defense Department plans to release a new cyber strategy to govern operations and efforts, senior Pentagon official Eric Rosenbach said in testimony before the Senate Armed Services Committee's emerging threats and capabilities subcommittee.

Rosenbach, assistant secretary of defense for homeland defense and global security, said "next week we'll release a new strategy for the department that will guide the way forward for the next several years in cyber."

The DoD has the largest enterprise network in the world, and all military operations depend on that network, Rosenbach said. "I know that may be surprising when you think about the Department of Defense. We're very network-reliant and network-centric."

In addition to protecting those critical DoD networks, Rosenbach said, the Defense Department also needs to defend the nation's infrastructure against some of the most significant cyberattacks.

"The Department of Defense is not here to defend against all cyberattacks — only that top 2 percent — the most serious," Rosenbach said, drawing a distinction between lesser events like distributed denial of service (DDoS) attacks and those that threaten critical systems, "unless it would cross the threshold of armed attack for most instances."

Rosenbach also said the department wants to "provide full-spectrum cyber options to the president or the defense secretary" in cases that would be advantageous to national interests, and that the DoD is committed to a comprehensive, whole-of-government cyber strategy to deter attacks.

"This strategy depends on the totality of U.S. actions, to include declaratory policy, overall defensive posture, effective response procedures, indication and warning capabilities, and the resilience of U.S. networks and systems" Rosenbach said.

"Within this, the department has three specific roles within the U.S. government from a deterrent perspective. First, we need to develop capabilities to deny a potential attack from achieving its desired effect, Second, the U.S. must increase the cost of executing a cyberattack. In this regard, DoD must be able to provide the president with options to respond to cyberattacks on the U.S., if required, through cyber and other means."

Rosenbach also emphasized that potential responses to cyber attacks are considered in light of existing foreign policy and military standards in an effort to ensure resilience in the event of an attack.

"This, when it comes down to it, is pure cost benefit-type analysis to make sure the cost is much higher than the benefit to the adversaries who want to attack us," Rosenbach said.

"We have built robust intelligence. I do think that it's an important part of it, although not the core part, and we know that we need to reduce the anonymity of cyberspace so that adversaries who attack us don't think they can get away with it."

Rosenbach said the nation's attribution capabilities have increased significantly in recent years, and that the DoD continues to work closely with the intelligence and law enforcement communities to improve attribution accuracy.

The DoD is in the process of standing up a Cyber Mission Force of some 6,000 personnel organized into 133 individual teams, set to be in place by the end of 2016, with 2,400 staffers having been hired since 2013.

"There's an important role for the National Guard and the reserve," Rosenbach said. "We want to capitalize on the expertise that folks who are in the private sector, but still want to serve their country, have."

Rosenbach said that building strong partnerships with the private sector and other government agencies is key to having success in the cyber realm, and emphasized the important role Congress must play in passing legislation that improves the cybersecurity posture of the nation..

"The geography of the Internet itself means we can't do this alone. We've invested a lot of time – even recently – in Asia, the [Persian] Gulf and other places in the Middle East, and of course, [with] our traditional allies … and in NATO, in this area."


Belgian Newspaper hit by Cyber Attack

One of Belgium's biggest daily newspapers, Le Soir, was recently hit by a cyber attack.
After the attack, the Rossel group, which owns Le Soir and other titles, had to shut down its website overnight, Xinhua news agency reported. The website of the title Sudpresse was also affected by the attack. The print editions of the newspapers appeared as normal soon after.

Director general of Le Soir, Didier Haman, said in a statement: "We are trying to determine the origin of the attack. We have shut down the sites to avoid getting infected by more information or propaganda that appears on the pages. We have the system internally already able to recover."

The individual or group behind the attack is not yet known. A statement by the newspaper said that at present, there is no reason to suspect a link to the cyber attack launched against the French television channel TV5MONDE.

A group that claimed to be affiliated with the radical Islamic State hacked TV5MONDE on the night of April 8, interrupting broadcast for around three hours.

In January, the offices of Le Soir received a bomb threat after it re-published controversial cartoons from the French satirical magazine Charlie Hebdo.

Business Standard: