Home Tags Intel

Tag: Intel

IT organizations are increasingly being asked to do more tasks, while not being afforded additional staffing resources.
It's a challenge that has a major impact on IT security groups as attackers continue to hit enterprise networks, with no considerati...
New China-based threat intelligence company ThreatBook wants to be the 'trusted contact in China.' SAN FRANCISCO, RSA Conference -- The DarkHotel threat group is targeting executives at telecommunications companies in North Korea and China, already compromising at least one, according to researchers at Beijing-based threat intelligence start-up ThreatBook. In operation since 2007, DarkHotel is named for their habit of exploiting executives while they were using unsecured hotel WiFi networks, a behavior the group has since abandoned.
In this campaign, which ThreatBook refers to as DarkHotel Operation 8651, the group is using spearphishing messages with malicious documents attached -- specifically, a crafted SWF file embedded as a downloadable link in a Word document. The SWF file exploits Adobe Flash vulnerability CVE-2015-8651.

According to ThreatBook, the earliest infections associated with that bug and this campaign are Dec. 24.

Adobe released an out-of-band patch for it Dec. 28. The payload, update.exe, is a Trojan downloader, disguised as a component of OpenSSL.
It then uses a variety of anti-detection measures, including anti-sandbox, and anti-anti-virus, as well as just-in-time decryption. Feng Xue and Hong Jia, friends from their days working at Microsoft, first had the idea to start ThreatBook in May.

After a hurried meeting at the Beijing airport Starbucks during Jia's two-hour layover en route to Redmond, Wash., the two quit their jobs -- Jia as principal anti-virus research manager at Microsoft and Feng as CISO of Amazon.cn -- and launched ThreatBook in June. "I never thought I would leave [Microsoft]," says Jia. "The career path was quite good and I love Microsoft." "I got excited and I could not sleep," says Xue. The idea that hooked Xue and Jia was realizing that there was no threat intelligence market in China, but the need for one was great. "Threat intelligence is not just a tool, it's a new wave.

A trend," says Xue. ThreatBook uncovered information about the identity and intentions of the XCodeGhost authors in October.

This week they are exhibiting at RSA, introducing their security threat analysis platform and Threat Intelligence Center. Xue says that at previous positions he's held there was a lack of understanding of China's unique landscape. He'd have to spend some of time at old jobs educating colleagues about, for example, enormous cybersecurity incidents in China that are so underreported in the West that they aren't even mentioned in yearly wrap-ups of top global attacks. "I feel sometimes frustrated," Xue says. Jia says this is one of the things she wants ThreatBook to be able to fix.
She says their focus is China-focused threat intelligence, and they're very open to exchanging information with other companies and other organizations. "Our company is a bridge," she says. "We want to be the trusted contact in China." Related Content:   Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights
US peppered Iran with thousands of cyberwar weapons The super worm known as Stuxnet was but a cog in an active US war program in which hundreds of thousands of network implants and backdoors in Iran networks were actively maintained to facilitate a devastating barrage of hacking attacks, a documentary claims. Zero Days, due to screen at the Berlin Film Festival today, claims that Stuxnet was just one part of an operation called "Olympic Games" that is itself part of a wider effort dubbed "Nitro Zeus" that involves hundreds of US defence personnel. Nitro Zeus may also involve Israel, the film alleges. Reports from those who've seen or been briefed on the film suggest it alleges that Stuxnet's authors attempted to keep the program covert by restricting the malware to infect only Iranian machines. Forte Mead hackers worked furiously to mop-up infected computers after a leak became apparent. Israeli counterparts reportedly screwed the pooch when they later unleashed a more aggressive and noisier version of Stuxnet that infected thousands of computers across more than 115 countries. The worm was soon discovered in 2010 and promptly analysed - and gaped at askance - by the security industry and media. The film asserts that Stuxnet contained four zero day vulnerabilities and was precision-designed for the Natanz facility using intelligence supplied by Britain's GCHQ. It is not stated in the documentary whether the GCHQ had knowledge of Nitro Zeus, a fact that could breach national laws regarding use of intelligence material in that country. US State Department and National Security Agency officials expressed concern over the likelihood that Nitro Zeus would devastate civilian infrastructure. One unnamed source said Nitro Zeus planners had "no f**king clue" regarding the potential impacts of the attacks. Former CIA and NSA director Michael Hayden says while he had no knowledge of Nitro Zeus the program has prematurely legitimised state-backed network centric warfare before rules of engagement could be agreed. ® Sponsored: Building secure multi-factor authentication
Respondents to a Pew Internet study say a major cyber-attack by 2025 is likely. Security experts have ideas on how the risk might be mitigated. A majority of industry experts foresee a major cyber-attack by 2025 that will cause harm, according to the findings of a new study from the Pew Internet and American Life Project. The study, based on a poll of 1,642 experts in technology and other fields, found that 61 percent indicated they expect a major cyber-attack that would cause "widespread harm to a nation's security and capacity to defend itself and its people." The report also cited a number of key themes among respondents—for example, the fact that cyber-attacks are already happening, including infrastructure attacks like Stuxnet, which targeted Iran's nuclear program. While the Pew report warns that respondents anticipate an attack, security experts eWEEK contacted didn't necessarily think that all is bad in the state of online security. The Pew Research Survey raises some genuine concerns, Mike Fey, executive vice president, general manager of corporate products and CTO at Intel Security, told eWEEK. However, while a large attack is likely, there is a lot of work in the threat detection and threat intelligence sharing spaces, within and across industries, to hold these attacks at bay and minimize damage, Fey added.  "Like all the technology systems we rely on every day—the airline system, the electric grid—our electronic banking networks are very safe, and our industry is continuing to innovate to make them even safer," Fey said. Risks J.J. Thompson, CEO and managing director of Rook Security, does not think that the risk of a major cyber-attack by 2025 is like the folk tale of Chicken Little, who thinks that the sky is falling. "We are moving toward a connected world through not only the Internet of things, but through critical infrastructure," Thompson said. "In the absence of adequate security controls, the results can be catastrophic." Marc Maiffret, CTO of BeyondTrust, said that cyber-attacks are now likely part of normal military operations. "So yes, one should assume that if there is a major war between now and 2025 that the style of attacks will be a component of war just as any ground or air capabilities," Maiffret said. Although there is risk, there has also been much progress made to improve the security of systems, he added, pointing out that the popular attack surface of the last 10 to 15 years—Windows desktops and servers—has become increasingly hardened as Microsoft and other technology companies continue to pour a large amount of resources into protecting their ecosystems. The emerging Internet of things world, however, hasn't yet reached that level of security maturity. "I think the Internet of things world needs a major wake-up call, and in fact, it will probably be a major attack that is the wake-up call, but hopefully, that is more of a computer worm or mass infection-style attack, which ultimately can be more annoying than devastating," Maiffret said. Overall though, when it comes to limiting the risk of whatever cyber-attack may or may not occur by 2025 and whatever the attack vector is, collaboration and continued vigilance are the keys to defense. "Organizations are increasingly good at repelling low-level cyber-incursions against governments and private interests, and increasingly quick to address newly discovered vulnerabilities," Fey said. "Governments are learning a great deal from observing each other's cyber-practices and developing capabilities in cooperation, sharing lessons learned and training together." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  
Feds claim he maintained lavish lifestyle instead of paying $26 million in taxes.