11.5 C
London
Saturday, October 21, 2017
Home Tags Cyber

Tag: Cyber

Degree-level apprenticeships in cyber security have been launched in the UK as part of an employer-backed "Cyber Academy". The Cyber Academy, which was launched by the National Skills Academy for IT and e-skills UK, will see employers work in collaboration with academic institutes and government to motivate young people to consider careers in cyber security, provide new entry routes for them into the sector and improve access to the necessary training. The programme is backed by Atos, IBM, John Lewis, National Grid and General Dynamics, as well as organisations such as CREST and the Cyber Security Challenge. Minister of state for universities and science David Willetts recently told Computing that the government was working to create different entry routes to the cyber security profession. "Work is under way to both strengthen and raise awareness of the variety of potential entry routes to the cyber security profession," he said. On the announcement of the Cyber Academy, Willetts said: "The government is committed to improving cyber security, which is why the recent Spending Review included a further £210m investment in addition to the £650m already dedicated to the National Cyber Security Programme."The Cyber Academy will help develop the expertise the nation needs to tackle this important issue, and keep the UK ahead in the global race. In particular, we are excited to see the development of cyber security apprenticeships". Organisations of all sizes have backed the programme, including smaller businesses that form part of the Malvern Cyber Security Cluster. Ben Farrell, head of operational risk management at John Lewis, said: "Like many businesses today, we're acutely aware of the risks of cyber crime and are continually seeking to improve our teams' skills in the field.

This fresh approach will help us in a variety of ways - from recruiting new staff to ensuring our existing people are aware of the latest threats and technologies." Karen Price, CEO of e-skills UK, said her organisation's research showed that the cyber security sector had an ageing workforce, with only seven per cent of professionals working in the field under the age of 29. "For the UK to retain its innovative edge in this fast-moving field, we need to do more to bring new talent into the industry and continue to up-skill existing staff - that's exactly what the Cyber Academy aims to do," she said. Computing's Securing Talent campaign aims to raise awareness of the growing need for people with cyber security skills in industry and government, and for clearer pathways into the cyber security profession.
US intelligence services conducted 231 offensive cyber operations in 2011, the latest leaked documents from whistleblower Edward Snowden reveal. The leaked US intelligence budget documents also reveal a $652m project – codenamed "Genie" – in which US spy agency hackers break into foreign computer networks, according to the Washington Post. According to the paper, the documents and interviews with former US officials reveal a campaign of computer intrusions far broader and more aggressive than previously understood. By the end of 2013, Genie is projected to control at least 85,000 spy code implants in strategically chosen machines around the world – four times the number available in 2008 – the documents show. William Lynn, former deputy defense secretary, told the paper that the US policy debate has moved so that offensive options in cyber space are more prominent. “There’s more of a case made now that offensive cyber options can be an important element in deterring certain adversaries,” he said. In October 2012, defense secretary Leon Panetta admitted that the US was developing a cyber offensive capability. The US defence department had developed tools to trace attackers, he said, and a cyber strike force that could conduct operations via computer networks. The latest leaked documents show that of the 231 offensive operations conducted in 2011, nearly three-quarters were against top-priority targets, which former officials say includes adversaries such as Iran, Russia, China and North Korea. According to a presidential directive issued in October 2012, offensive cyber operations are defined as activities intended to manipulate, disrupt, deny, degrade or destroy information resident in computers or computer networks, or the computers and networks themselves. According to the Washington Post, US intelligence services make routine use of government-constructed malware around the globe that differs little in function from the advanced persistent threats (APTs) that US officials attribute to China. The paper said an unnamed US National Security Agency (NSA) spokesman had confirmed that the Defense Department does engage in computer network exploitation, but said it does not engage in economic espionage. Snowden, a former NSA contractor, was granted temporary asylum in Russia on 1 August.

He is wanted in the US on espionage charges linked to media disclosures about US surveillance programmes. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
For years now the US has been bleating about how it is a poor victim to Chinese cyber attacks, however, it turns out that the US has an aggressive attack plan of its own. According to papers obtained by the Washington Post, US spooks carried out 231 offensive cyber-operations in 2011. This seems to indicate that it has been running a clandestine war across the web. The disclosure was part of a classified intelligence budget provided by NSA whistleblower Edward Snowden. The programme costs the US $652 million a year and is code-named GENIE. This requires US computer specialists to break into foreign networks so that they can be put under surreptitious US control. So far the project has placed "covert implants" in computers, routers and firewalls on tens of thousands of machines every year. The US wanted to expand those numbers into the millions. The documents provided by Snowden indicate that the US campaign of computer intrusions is far broader and more aggressive than previously understood.

The reason for this is that the government treats all such cyber-operations as clandestine and declines to acknowledge them. Nearly three-quarters of the US attacks were against top-priority targets, which former officials say includes adversaries such as Iran, Russia, China and North Korea and activities such as nuclear proliferation. The report says that there have been few cases of actual sabotage. Most attacks have been actual snooping and the user would only have seen a slight slowing down of their computer. 
Minister of state for universities and science David Willetts has exclusively told Computing that the government is working to create different entry routes to the cyber security profession. In December last year, the government released documents detailing how much money it expected to be spent in the first two years of its Cyber Security Strategy by each department. The report stated that £9m would be spent on education, skills and awareness through the Cabinet Office, and on the unveiling of the report, senior government officials disclosed some of their plans to address a cyber-security skills deficit in the UK, such as incorporating cyber security modules into ICT teaching at schools. However, many experts have told Computing that the problem does not just lie with a lack of awareness, but a lack of clear pathways into the cyber security profession, and Willetts claims that this is something that the government is trying to tackle. "Work is under way to both strengthen and raise awareness of the variety of potential entry routes to the cyber security profession," he said. "This is vital if we are to harness the interest shown by new young talent, and provide effective stepping-stones for those already in the workforce but keen to enter this field," he added. Willetts pointed to several initiatives that were already in place to tackle the issue, such as the Cyber Security Learning Pathways project led by the National Skills Academy for IT, which is a self-assessment tool to help people considering cyber security work identify particular gaps on their CV and in their repertoire of skills. "There are several initiatives backed by the National Cyber Security Programme that are helping to highlight cyber security as an attractive career option, including the Cyber Security Challenge, the development of a cyber-security profile within the Graduate Prospects careers website, and a pilot employer-sponsored MSc bursary scheme," Willetts said. Last month, Labour MP Chi Onwurah told Computing that the amount spent on cyber security awareness and education is disproportionately small. "There needs to be a greater profile of cyber security in a positive way and I don't believe the balance of spend right now is right. In terms of priority it is given to national cyber security over the awareness more generally among the UK population," she said. Computing's Securing Talent campaign aims to raise awareness of the growing need for people with cyber security skills in industry and government, and for clearer pathways into the cyber security profession. 
The US National Security Agency (NSA) has a secret hacking group within its Tailored Access Operations (TAO) unit, the latest leaked documents from whistleblower Edward Snowden reveal. The hacker group specialises in installing spyware and tracking devices on targeted computers and mobile phone networks, according to Washington Post reports on leaked US intelligence budget documents. The 600-member hacker group works around the clock to collect intelligence about foreign targets by hacking into their computers, stealing data and monitoring communications. The group was instrumental in tracking down Osama bin Laden and is reportedly responsible for developing cyber weapons to destroy or damage foreign computers and networks. The Washington Post highlights the possible link between the TAO hacking unit and the development of cyber weapons, such as Stuxnet, which has been linked to the US and Israel. Despite the secrecy, the paper found current and former workers on professional networking site LinkedIn who list some of the unit’s achievements. One TAO senior computer network operator claims that a group of 14 personnel have performed over 54,000 global network exploitation operations for the NSA. The leaked budget documents also show that US intelligence agencies are also faced with the increasing problem of big data as technology evolves at ever greater rates. The documents show that for the 2013 fiscal year, the NSA was projected to spend $48.6m on research projects to assist in “coping with information overload”. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Last week’s three-hour shutdown of the tech-heavy Nasdaq raised fears over cyber attacks, but now the company that owns and operates the stock exchange has admitted partial responsibility. However, the Nasdaq OMX Group also blamed rival stock exchange operator NYSE Euronext for swamping Nasdaq’s systems with “a stream of inaccurate symbols”, according to the BBC. Bob Greifeld, Nasdaq OMX CEO admitted that the company’s backup systems failed to handle the data volume due to “a bug in the system”. The shutdown highlighted how technology failures can impact financial markets, and is the latest of several high-profile glitches to hit US markets that have undermined market confidence. Analysts believe it will refocus attention on regulatory efforts to strengthen the technology behind major stock exchanges. US regulators are considering making reviews of backup plans mandatory to ensure they keep up with technological changes and cyber threats. Nasdaq OMX said it would report to regulators within 30 days on how it intends to fix its faulty "securities information processor" (SIP) to ensure the problem does not arise again. The stock exchange said that the data traffic generated by NYSE Euronext’s Arca system on 22 August 2013 was double what the SIP's data ports were able to handle, revealing a flaw in the SIP’s software. Although the problem was identified and fixed within half an hour, Nasdaq OMX said testing of the system delayed the re-opening of the stock exchange for nearly three hours. The dependency of stock markets on technology is a long running concern for cyber security experts, who warn that hackers have a keen interest in manipulating stock prices for financial gain. In June, Andrew Haldane, director of financial stability at the Bank of England, told parliament’s Treasury Select Committee that cyber attacks are the top risk for UK banks. Concerns over cyber attacks top even those around the eurozone crisis and the UK’s banks must do more to protect themselves, he said. Just days before the Nasdaq trading freeze, a report by business consultancy KPMG said cyber attack or disruption could cause the next systemic shock to the UK banking industry rather than a liquidity crunch. While the banking industry has addressed many of the problems that led to the financial crisis in 2008, the KPMG report said cyber attacks or massive systems outages represented new threats. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
The Washington Post reports NSA spends $48.6M to cope with "info overload."    
Snooping on a person or company is not new, it is just that the internet age has brought an added dimension: the cyber thief. The old techniques of safeguarding one’s possessions - and that includes information and intellectual property (IP) - are still valid.  Examples include properly vetting new staff by taking up references, checking out the CV etc; ensuring staff are happy and cared for as disgruntled employees pose one of the bigger threats in this computer and internet age; escorting visitors; operating a clear-desk policy for unattended desks; ensuring the physical security of sites, building, offices, storage facilities (including filing cabinets etc) is fit for purpose, properly maintained and used appropriately. But these seemingly "motherhood and apple pie" techniques have their parallel in the cyber world. The clear-desk policy translates to powering off a PC outside of office hours (where practical) and having a password-protected screen lock that kicks in after a reasonably short period of inactivity (say, five minutes). Physical security translates to electronic security, and that is where many companies are not doing a sufficiently good job, mainly out of ignorance.

The computer, like the car, needs to be maintained and used properly to get the best out of it. So, in the world of electronic security, what are we looking at? Starting at the internet and working our way in, we have the firewall. Is one installed? Is it running the latest version of its software? And is it configured appropriately and maintained? For example, was the rule set installed for a test removed, and are the rule sets as minimalist as possible and consistent with being able to operate the company? Associated with the firewall we may have a demilitarised zone (DMZ) where email gateways and web servers would be installed.

Are any servers on the DMZ security patched to the latest level? Have unused services been removed? If you do not use FTP, then none of the DMZ servers should have that application.

This is a case of removing the unused application or service, not merely disabling it.  While on the firewall and DMZ it is fair to say that any service that is offered to the internet should be from servers running on the DMZ and not from servers running within the main company network. Moving on and into the company's network, all servers and network infrastructure devices such as Ethernet switches should be running a supported version of software and be security patched up to date.  Servers should also be running antivirus or similar anti-malware software and that should likewise be maintained fully up to date and these statements equally apply to the servers and devices in the DMZ and of course to PCs connected to the network - remember that Windows XP, like Server 2003, is close to its end of life. Modern operating systems have firewall capabilities and these should be used, not to replace the internet firewall but to supplement it and add a defence-in-depth dimension.  All users should have a unique logon to the network and for people with system administration duties, they should have two unique logons - one for “normal” users for day-to-day tasks, and one with higher privilege for the actual system administration work. Passwords should be system enforced for complexity and lifetime, for example: eight printable characters, 90-days life, and cannot reuse recent passwords. The whole issue of bring your own device, use of personal USB memory sticks and so on, is a whole separate subject. Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com This was first published in August 2013
Computing is kicking off a new campaign, dubbed Securing Talent, to raise awareness of the growing need for people with cyber security skills in industry and government.  The campaign hopes to distinguish a clear pathway for people to get into the cyber security profession. As part of the campaign, Sooraj Shah will be talking to industry experts, educational institutes and government to find out what is currently being done to raise awareness of job opportunities within the cyber security field. In this video, Labour MP and Shadow Minister of the Cabinet Office, Chi Onwurah, explains why she believes there is a cyber security skills gap.
Cyber threat protection must shield the most targeted end-user applications, says security firm Trusteer. These applications usually include the most common applications because attackers have more targets and they typically receive external content and have security vulnerabilities for which there is an exploit. By focusing on these applications, organisations can maximise the effectiveness of their cyber defences. Targeted applications must receive external content because attackers must have some way of delivering malicious content to end-users, said Dana Tamir, director of enterprise security at Trusteer. This can be an HTML webpage that contains a hidden Java applet or an email attachment like a Word document, Excel spreadsheet or PDF document that contains hidden code. This code executes when the application such as the browser, Java, Word, Excel or Adobe Acrobat reader opens the content, and exploits vulnerabilities in these applications to download malware on the endpoint.  “If an application does not receive external content, it would be impossible for the attacker to deliver the weaponised content and the exploit,” said Tamir. Vulnerable applications provide the attacker an opportunity to develop an exploit and an application that has many exploitable vulnerabilities will be targeted more often, she said. According to Tamir, zero-day vulnerabilities – which are vulnerabilities that are unknown – are more likely to be successfully exploited because there is no patch available. However, Tamir said known application vulnerabilities are still exploited because many users do not apply security patches in a timely manner. Considering the characteristics of targeted applications, Tamir said it is not surprising that the most targeted end-user applications include browsers, Java applications, Adobe Acrobat, Flash, Word, Excel, PowerPoint and Outlook. “These are all common applications found on most user endpoints.

They all receive external content that can be weaponised.

They all contain vulnerabilities: most of them are known but periodically we hear about zero-day vulnerabilities.

And exploit kits that contain exploit codes are widely available,” she said The RSA breach illustrates this, said Tamir, because according to the blog RSA posted, the attacker used a spear-phishing campaign to deliver a weaponised attachment to employees. “The spear-phishing email included a weaponised attachment - an Excel spreadsheet, containing a zero-day exploit object,” she said. It exploited an Adobe Flash vulnerability (CVE-2011-0609) to install a customised remote access Trojan known as the Poison Ivy RAT.   “Both Excel and Adobe Flash are common targeted applications that can be found on most user endpoints,” said Tamir. For this reason, she said any advanced threat protection and exploit prevention technology must ensure that these targeted end-user applications are not successfully exploited. But because these applications are very different from each other, special controls may be required for each application, said Tamir. For example – Java applications are vulnerable to both native exploits (execute at the memory level) and applicative exploits (execute in the user space by breaking out of the JVM sandbox). “Solutions that apply granular controls at the OS level to protect against native exploits would not be able to protect against applicative exploits,” she said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
The Syrian Electronic Army struck again, this time in a broad cyber-attack on Aug. 27 affecting multiple online properties, including Twitter and The New York Times’ Website. The Syrian Electronic Army (SEA), an online hacktivist group with ties to embattled Syrian President Bashar al-Assad has launched its most devastating cyber-attack yet, taking down multiple Web destinations, including The New York Times. The New York Times' Twitter feed first publicly acknowledged that the NYtimes.com site was down at 4:47 p.m. EDT on Aug. 27 and commented that, "The New York Times Web site is experiencing technical difficulties. We are working on fully restoring the site." The New York Times also suffered an outage on Aug. 14.

At the time, that incident was also labeled as technical difficulties.

The incident today, however, has now been confirmed to be a malicious cyber-attack by the SEA. New York Times Editor Eileen Murphy confirmed at 4:27 EDT that the,"... issue is most likely result of malicious external attack." HD Moore, Chief Research Officer at security vendor Rapid7, told eWEEK that in his analysis the attack took aim at the NYtimes.com domain registrar Domain Name System (DNS) provider.

The registrar is the vendor that hosts the DNS records for a given domain, linking a common name (i.e., NYtimes.com) to an IP address.

If an attacker, such as the SEA, can get access to the DNS records, they can redirect the traffic for a domain to an arbitrary location. "It appears that all of the affected domains are part of the MelbourneIT registrar," Moore said. "My guess is that SEA found a way to hijack other people's domains through this provider's Web interface." In addition to NYtimes.com, Moore noted that other domains managed by MelbourneIT include Yahoo.com, Google.com, Ikea.com, Microsoft.com, AOL.com and Adobe.com. Initial reports indicate that the SEA exploitation was limited to The New York Times, Twitter's image service and The Huffington Post. "The fact that they were able to compromise Twitter, The New York Times and The Huffington Post points to a deeper problem at the registrar and not a weakness on the part of one of the affected organizations," Moore said. Last week, the SEA was able to exploit the widely deployed ShareThis.com service by way of its domain registrar, GoDaddy. GoDaddy told eWEEK that they were not breached, leading to speculation that in fact ShareThis.com was the victim of a phishing credential attack from the SEA.  A phishing credential attack is one where a malicious email is sent to the victim.

The victim clicks on a message, infecting their computer and eventually leading to information disclosure including user name and password information. On Aug. 15, the SEA was implicated in the breach of third-party widget provider Outbrain, which was on The Washington Post Website. In that incident, the Outbrain breach enabled some traffic from The Washington Post to be redirected to the SEA. What Should Enterprises Do Now? With three attacks against media Websites in as many weeks, the SEA is definitely a cause for concern among Website operators in general.

For the current attack, Moore suggests at this point that enterprises block access to domains managed by MelbourneIT. "The challenge is that since the registrar appears to be affected, there is little users or the owners of those domains can do about the situation," Moore said. "All traffic to and from a domain hosted by MelbourneIT should be considered suspect until the situation is resolved." Moore added that the risk is that until the situation is conclusively resolved, for example, it would be possible for SEA to redirect all email destined to one of those domains to the SEA. Jason Lancaster, Senior Intelligence Analyst at Hewlett-Packard Security Research told eWEEK that DNS is a vital system to the operation of the Internet. "Domain owners must be protective of administrative access to their domain management and vigilant to domain hijacking," Lancaster said. "Domain owners should monitor for host name, mail exchange, name server and other important record changes." If a change is made outside an approved process, administrators should be alerted, Lancaster added. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
The government's "digital by default" agenda should be accompanied by one of "security by default" if public sector organisations are to truly protect themselves against cyber security threats and avoid a cyber security skills crisis.  That's according to Graeme Stewart, director for UK public sector strategy at security software vendor McAfee. "There is no bigger indicator of a cyber security skills crisis than the world's most prestigious security agencies struggling to compete for staff," he said. "With the UK government driving its own digital transformation agenda, and cyber security being reclassified to a tier-one national security threat, never has there been more pressure for the public sector to rectify a very real cyber security skills gap." Stewart argued that the government needs to do more to ensure that service providers at every level of the "public sector supply chain" are educated about the need for proper cyber security.  "With the UK government opening doors for more and more small and medium-sized businesses to become suppliers to the G-Cloud, and an influx of international players, it is critical that every level of the supply chain, not just the top tier, must be approached with the utmost seriousness.  "Ultimately, governments must take responsibility for the security of the supply chain but, in part, this should be about educating and supporting the full ecosystem of businesses involved," he said. "Security by default should be embedded alongside ‘digital be default' as a cornerstone of our public services, rather than the afterthought it has often been in the past," Stewart added. Last month, Shadow Cabinet Office minister Chi Onwurah MP told Computing that the government isn't spending enough on raising cyber security awareness. "There needs to be a greater profile of cyber security in a positive way and I don't believe the balance of spend right now is right. In terms of priority, it is giving it to national cyber security over the awareness more generally among the UK population," she said.