30 September 2012

Chinese hackers linked to breach of control systems used in electric grids



.....Experts detected digital fingerprints implicating a Chinese hacking group that has been tied to cyber-espionage campaigns against Western interests.
...
KrebsOnSecurity cited Joe Stewart, director of malware research at Dell SecureWorks, who said that website and malware names mentioned in a more recent letter from Telvent can be traced to a Chinese hacking team known as the "Comment Group."
.....
Researchers told Bloomberg that during two months of monitoring last year, targeted companies spanned a vast scale as data "bled from one victim to the next":
...from oilfield services leader Halliburton Co. (HAL) to Washington law firm Wiley Rein LLP; from a Canadian magistrate involved in a sensitive China extradition case to Kolkata-based tobacco and technology conglomerate ITC Ltd. (ITC)
.......
Evidence indicates that at least 20 organizations have been harvested for data, many of whose secrets could give China a leg up on its path to becoming the world’s largest economy.
Bloomberg cited unnamed security experts who said that the breaches have sprung data leaks in major oil companies, who've lost seismic maps charting oil reserves, while patent law firms have been squeezed for clients' trade secrets and investment banks have been targeted for market analysis regarding global ventures of state-owned companies.
.....
Meanwhile, the Obama adminstration and Congress have grown increasingly vocal about Chinese and Russian cyber espionage and attacks, with the White House close to completing the first draft of a cybersecurity executive order designed to bring about stronger cyber security around the nation's water, electrical and transportation systems.
.....

Click here to read more ....

Network Surveillance Devices Discovered via Shodan



shawn merdinger 


It’s no secret that Shodan has turned up some interesting findings over the past few years – everything from critical infrastructure devices, to VoIP phones, solar and wind farms, HVAC systems, even a online crematorium.
Now, we can add surveillance devices like BlueCoat Proxy and PacketShaper boxes, Cisco routers running Lawful Intercept code and various vendors’ CALEA Mediation Devices into what Shodan has pre-scanned and savvy researchers searching Shodan can find.
.....
BLUECOAT
In the case of Blue Coat, the company’s filtering technology was identified in October, 2011 by Citizenlab.org based out of the University of Toronto and documented here: https://citizenlab.org/2011/11/behind-blue-coat/  Highlights include 12 BlueCoat devices identified in Syria.  This research was also picked up by Forbes and Bruce Schneier as well.
Finding BlueCoat devices by searching Shodan can reveal these filtering and packet shaping boxes deployed around the world.
.....
CISCO SYSTEMS' LAWFUL INTERCEPT
Other vendors’ products in the surveillance space are also identifiable via Shodan searches.  Cisco Systems’ Lawful Intercept is a specialized architecture that is well documented and utilizes specific Cisco IOS images on certain platforms.  Unfortunately, hundreds of Cisco routers running Lawful Intercept code versions are in the Shodan database simply because the router owners configured the SNMP community read string as “public.”  As a result, Shodan scanners queried the router using SNMP and public community string and the router returned the Cisco IOS version, along with other SNMP details.
.......
IMPACT
So what is the impact of these kinds of devices being exposed through researchers’ Shodan searches and disclosure?  That is not an easy question to answer, given the unknowns in this kind of situation.
Obviously, there is a risk of attackers targeting and sabotaging these surveillance devices for any number of reasons, from political or criminal motivations to simple personal amusement, a.k.a. "Teh Lulz"
...........
Overall, one must treat these search results with skepticism.  After all, they may be honeypots, or test systems, or not in use, or whatever.  Simply because a router is on the Internet and has a Lawful Intercept capable image loaded doesn’t necessarily mean it is being used for that purpose.
Then again, they could be live systems... who knows?







Click here to read more .... 

New Russian DIY DDoS bot spotted in the wild

By Dancho Danchev
Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem.

These maturing business models require constant innovation on behalf of the cybercriminals providing the easy to use and manage DIY DDoS bots, the foundation of these business models.

......
Sample screenshot of the command and control interface of the Russian DIY DDoS Bot:
  • The bot supports SYN flooding, HTTP flooding, POST flooding and the special Anti-DDoS protection type of flooding. 
  • It has also built-in anti-antivirus features allowing it avoid detection by popular host-based firewalls.... 
  • t will not work under a virtual machine preventing potential analysis of the malicious binaries conducted by a malware researcher. 
  • Randomization of the HTTP requests using multiple user-agents in an attempt to trick anti-DDoS protection on the affected hosts. ........
......

Click here to read more .... 

State Sponsored Cyber Threats – The Long View

Strategic Penetration for Future Exploitation
So, what is “strategic penetration or future exploitation”? It is an attack strategy that hedges long-term bets on two potential future worldviews, namely PROSPERITY and CONFLICT that allows for the pursuit of PROSPERITY while seeking out strategic advantage in the event of CONFLICT.
During these types of attacks, critical infrastructure and high-value targets are compromised not for the purpose of stealing intellectual property or engaging in traditional espionage and intelligence activity, but rather to establish a foothold to diminish the operation of those infrastructures in the event of future hostilities.

........................

Key components of a strategic compromise include:

  • Initial compromise....
  • Narrowly focused scope .....
  • Time-shifted intent .....
  • Long-term stealth and patience ....
  • A Team only......
......

Strategic Penetrations have Strategic Implications
In an environment where existing security models are already broken, addressing this type of threat will be a persistent challenge. It requires us to think not only about how we are vulnerable now, but how we will be vulnerable in ten years or how today’s vulnerabilities could be time shifted for future strategic advantage. It requires new detection techniques focused on host security, supply chain integrity,and implementation and infrastructure management controls. It also requires a vibrant cyber intelligence capability that is not dependent exclusively on technical collection.
Most importantly, it requires a shift in our mindset of how we view the current threat space and breaking our cultural disposition to only think about these issues in a short-term context.



04 September 2012

Powerful cyber attack tools widely available, say researchers


Online cyber criminal markets are putting very sophisticated attack tools into the hands of more low-level attackers, say cyber intelligence specialists.
More attackers are now getting their hands on tools like Zeus and SpyEye, according to the cyber intelligence team at the Online Threats Managed Services (OTMS) group of RSA, the security division of EMC.
Such tools are widely available at relatively low cost. The barriers to entry are falling all the time because these tools are also increasingly easy to use with well-developed user interfaces.
…………………….
However, apart from targeted attacks, there has also been an increase in the number of malware infections on machines within business networks.
…………………..
It is now in the open that countries are using malware as part of their cyber espionage programmes, and companies should be planning their cyber security in light of that fact.
………………..
…………………

Click here to read more ...... 
Solutions : www.xcyss.in

Two techies arrested for hacking cell recharge site


Two members of the hacker group, "Indishell", and its offshoots were arrested on Saturday after an extensive investigation by the Gautam Budh Nagar cyber crime cell. The accused, who did BTech in computer science, were charged with hacking into an e-commerce website that specializes in mobile recharge.
..............................
The hackers have cheated a Delhi-based company of more than Rs 50 lakh, police said. The accused, Sumit Gupta (24) and Ankit Singh (22), are from Moradabad in UP, and are considered one of the "most sophisticated hackers in the country". They were arrested from Noida and booked under Sections 420 of the IPC and 66C of the IT Act, 2008.
.............................

Click here to read more ...... 
Solutions : www.xcyss.in

03 September 2012

'Fake' Jaitley surfaces on Twitter again


Senior BJP leader Arun Jaitley has once again become a victim of cyber crime after another fake Twitter account cropped up in his name.

This is the second time in eight months that the leader of the Opposition in the Rajya Sabha has been subjected to such a predicament.
..........................
..........................

Click here to read more ...... 
Solutions : www.xcyss.in