Threat Intelligence

GDPR Doesn’t Need to be GDP-Argh!

These 10 steps will ease the pain of compliance with the General Data Protection Regulation, the EU's new privacy law that goes into effect in a little over a year.

Fight Back Against Ransomware

The No More Ransom project helps those affected by ransomware and works to prevent the problem's spread.

Hacker 'Guccifer' Extradited To US

Romanian man accused of breaching several high-profile online accounts including two former US presidents faces multiple hacking charges. Romanian cybercriminal Marcel Lehel Lazăr, 44, aka Guccifer, who was indicted for unauthorized access to protected computers, identity theft, and various cyberattacks, has been extradited from Romania to the US. “Mr. Lazar violated the privacy of his victims and thought he could hide behind the anonymity of the Internet,” said US Attorney Dana J.

Boente of the Eastern District of Virginia. “No matter where they are in the world, those who commit crimes against US citizens will be held accountable for their actions, pursued by our investigators and prosecutors and brought to justice.” Guccifer faces charges for nine US cases:  three of wire fraud, three of unauthorized access to protected computers, and one each in identity theft, cyberstalking, and obstruction of justice.

According to the accusation, from December 2012 to January 2014, Lazăr broke into the online of high-profile victims, including former members of US government and their families, and publicly released their personal information and photographs. He is also accused of impersonating a victim after compromising the victim’s account in July and August of 2013. The FBI’s Washington Field Office, the DSS, and the US Secret Service in association with the Romanian National Police ,are probing this case. For more information on the case, read this DOJ release. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights

The Power of the Crowd: 3 Approaches to Sharing Threat Intel

Crowdsourced intelligence can help you build a stronger, more informed cyberdefense. Here's how.

Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says

Fighting ransomware at an international level will require cooperation between law enforcement and State Department, Sen. Lindsey Graham, said at a Senate hearing.A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups.In opening comments at a Senate Judiciary subcommittee hearing Wednesday, Senator Lindsey Graham described ransomware attacks as a “terrible crime” affecting schools, hospitals, and the lives of thousands of others. “[Ransomware] has a psychological, violent aspect to it,” Graham said. “It is just a matter of time before somebody gets physically hurt,” he said while expressing the government’s intention to give law enforcement the tools needed to combat the scourge. “Maybe what we should think about when it comes to the nation state aspect of [ransomware] is to have a collaboration between the Department of Justice and maybe the State Department,” he said. The goal should be to identify nations that are doing a good job in trying to deal with the problem and to help them in that effort while weeding out the ones that are not doing enough or are actively sponsoring such attacks. “We have a state-sponsor of terrorism list that the State Department collects,” Graham noted. “If you are on that list, bad things come your way because you are a bad actor.” Graham said it may be time to consider adopting a similar approach to countries that are either aiding and abetting ransomware operators or not doing enough to stop them: “If we don’t wake up some of the nation-states where these problems reside in large measure, you are never going to fix this problem.” Richard Downing, deputy attorney general at the US Department of Justice and one of the witnesses at the hearing, characterized the scope of the ransomware problem as "staggering." One of his recommendations is for Congress to enact legislation that will close loopholes in existing laws and make it easier for FBI and law enforcement in general to pursue and prosecute those involved in ransomware schemes. Current statutes such as the Computer Fraud and Abuse Act (CFAA) already make it a crime for people to create botnets by breaking into computers or using a botnet to carry out ransomware attacks.

But the law is less clear on the implications for people who might be renting or selling a botnet but are not actually using it, he said. Similarly, while federal law gives courts the authority to issue injunctions for disrupting the operation of a botnet, such action is limited to botnets that are being actively used to commit specific categories of crime.

There is little in existing law pertaining to what actions law enforcement would be able to take in situations where a botnet might be used to send phishing emails or to launch denial of service attacks, or if a botnet is known to exist but is inactive, Downing said. “The revenue generated by ransomware is not insignificant,” said Adam Meyers, vice president of intelligence at security vendor CrowdStrike, who also spoke as a witness at the hearing. The only way to slow down those behind such campaigns is to make it harder and costlier for them to operate, Meyers said.

The goal should be to make the potential downsides of running a ransomware campaign greater than any upside for the criminals. Only by turning the tables on the economic factors that fuel ransomware can the scourge be eliminated, he said. Related stories: Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ...
View Full BioMore Insights

China's Economic Cyber-Spying Drops Post Sept Talks: US Official

U.S.

Assistant Attorney General John Carlin's statement finds support in FireEye report of a 90% fall in China-based hacking. Cyber-espionage activities coming out of China appear to have dropped after September talks in which the country said it would stop supporting the hacking of US trade secrets, Reuters says quoting US Assistant Attorney General John Carlin. This statement finds support in a recent report from security firm FireEye, which witnessed a dramatic 90% drop in breaches by China-based groups in the last two years. Speaking at the Center for Strategic and International Studies think tank in Washington, Carlin said last year’s talks with China and Group of 20 nations were vital to a uniform cyber law. However, he says it remained to be seen how long this reduction in hacking activities would last.

Carlin added that private sector and US intelligence officers were "better positioned to assess hacking trends." For details, click here. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights

FBI Arrests NSA Contractor For Alleged Code Theft

The FBI has arrested a contractor from the National Security Agency for the possible theft of secret codes created to break into foreign government networks. A National Security Agency contractor was recently arrested by the FBI, the New York Times ...

Florida Man Gets 48 Months For $1.3M Spam Email Scheme

Timothy Livingston committed identity theft and sent bulk spam emails on behalf of clients, generating $1.3 million in profit.

Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets...

Whether it's due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Here's how to make it better. Congratulations, you’re the new CISO! Whether you have served in the role previously or it’s new to you, you’ll be asked to observe your new organization, to develop a 100-day plan, to evaluate people, processes, and technology, and of course you’ll need to tell the CEO where you would attack the organization and how you will protect against that.
It’s a daunting and exciting task to be the new CISO.  There is so much to observe, learn, and then you have to formulate a plan of action. You are inundated with learning the new organization from the CISO’s chair.

Finally, the day comes when you tour the Security Operations Center. You are looking forward to this, because it’s operational; it’s where you fight the adversary—hackers with various forms of capabilities, motives, and sponsorship.  Of course you want to see the chess match in action between your cyber analysts and threat actors. You look around: it looks like a SOC (analysts at monitors), and then your SOC Director briefs you on manpower, processes, technology, annual budget, measures and metrics.

As the briefing continues your smile transitions to furrowed eye brows.

As you investigate, and question, and seek to understand, you can see what has happened, your SOC is sick. You have seen the symptoms before and you know the diagnosis, it’s SOC-atrophy.   SOC-atrophy: An omissive noun. 1. When your technology has remained dormant too long. 2. Unrefreshed cyber technology. 3.

The absence of intelligence and heuristics. 4. Plagued by false positives.
Your SOC became sick for several reasons. The technology you have is antiquated and completely signature-based, best suited for static threats, not advanced threats. While signature-based solutions have a role, it’s a secondary protection role. The organization failed to keep up with technology and the evolving threat.

For years, the organization has relied on incremental funding.

This budget strategy has a typical result; a disparate mix of capabilities purchased individually as security silos without consideration for how the capabilities will work together.

The tools don’t work together.  It’s an integration nightmare! But SOC-atrophy is not a technology problemAs you sit down with your analysts, you observe that each analyst must be knowledgeable about several different tools and that they spend a lot of time collecting data and alerts. You observe the waterfall of alerts overflowing your analysts with data -- mostly false positives.

The analysts have alert fatigue; they just can’t keep up. The bottom line: the organization didn’t see the evolution of the threat, didn’t keep up with technology, and has not figured out how to use threat intelligence, much less integrate intelligence as a key enabler.

The old technology in your SOC was the right decision for a different time, but not for today.  Capital planning for cyber investment has also been a challenge.

Typically SOCs are developed and funded piecemeal, a silo of capability at a time.

This has a cause and effect, the tools are hard to integrate or don’t integrate at all, which in turn make it virtually impossible for an analyst to perform. Whether it has been lack of attention, inadequate measurement of effectiveness, poor capital planning, or alert fatigue, there are several ways for a SOC to become sick. Your goal now is to bring it back to a healthy state. Here are five strategies to overcome SOC-atrophy. Research to understand all SOC investments. You need to analyze the costs of each tool, effectiveness, and cost, and then prioritize the value of what you have. You will want to keep the best value, and get rid of the lower value, higher cost, solutions.

This is your available trade space. Perform a SOC-focused assessment.

This will gauge operational effectiveness and highlight gaps. Knowing your current health is a relatively low-cost endeavor and helps you in building a business case for investments to close the gaps. Study the threat landscape.

From CEO to cyber analysts, your organization needs to clearly understand the threat landscape and how the threat is escalating.

This understanding will help you focus on the technology, expertise, and intelligence you need to protect your organization. Resist the urge to fund your tools piecemeal. Develop the business case for an integrated platform with the ability to visualize web, email, file servers, endpoints, mobile, and SIEM, in one picture, enabling the ability to detect and remediate threats earlier in the kill chain.

The board needs to understand the business case for an integrated platform. Encourage cross-organizational collaboration. It’s critical to build partnerships for vetting the business case and gaining consensus on your SOC plans.
Spending quality time with your fellow IT executives and other business leaders to discuss -- at a strategic level -- what you are working on, your timeline, and your forthcoming proposal.

There is no greater feeling than going into a board meeting with many of the members clearly in your corner. Related Content:  Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business.

Click to register.
Lance Dubsky, CISSP, CISM, is Chief Security Strategist, Americas, at FireEye and has over two decades of experience planning, building and implementing large information security programs.

Before joining FireEye, he served as the Chief Information Security Officer at two ...
View Full Bio More Insights

Trojan Android App Bullies Google Play Users Into Giving It 5...

Users who download "Music Mania" get pounded by ads until they say uncle.

The Implications Behind Proposed Internet Privacy Rules

The FCC's overreach needed to be undone to protect the FTC's authority over privacy.

Lloyds Bank Hit By DDoS Attack

Hacker fails to extort $93,600 from bank for the attacks between January 11 and 13, a report says.