You are viewing 'Advanced Persistent Threat'
Over the years, cyberespionage has gone from being a fascinating Hollywood script plot to the topic of newsworthy, political discussions. It is likely that such activity has been going on for decades in various forms. Now, as technology increasingly becomes a cornerstone of a global society, these attacks have increased in terms of sophistication and impact. The nation-state actor, previously a distant threat, has become a real, if not intimidating foe.
Between recent events such as Russia attacking Ukrainian power and media infrastructure and the United States and Israel being credited with attacks against Iran with the Stuxnet, Duqu, and Flame malware, you might be wondering how your organization would stand up to a cyberespionage... read more >
Black Energy (BE) malware is back in the news as of early January 2016. This time it is being blamed for contributing to a power outage on December 23, 2015 in Ukraine, which left nearly half the populace in the Ivano-Frankivsk region without power for several hours.
Discovered in 2007, BE was originally designed as a distributed-denial-of-service (DDoS) toolkit but has since evolved to its current state, supporting a multitude of plug-ins. The newest features of the BE malware include:
- KillDisk, a destructive data-wiping utility capable of destroying an estimated 4000 file types, including registry files. This function could render the host unbootable, and depending on the infected host, could have dire consequences. Based on the malware’s typical target set of Industrial Control Systems (ICS), an infected host could prove to be disastrous, not to mention expensive.
- Researchers also identified a previously unknown Secure Shell (SSH) backdoor...
Last month, I had the pleasure of presenting an ISMG webinar with Jeremy Scott on the benefits of mapping the Center for Internet Security Critical Security Controls (formerly known as the SANS 20 Critical Security Controls) with the Cyber Kill Chain® (as defined by Lockheed Martin), abbreviated as kill chain.
The webinar is based on the “Defense Strategies for Advanced Threats – Mapping the SANS 20 Critical Security Controls to the Cyber Kill Chain“ white paper published by Solutionary.
As we continuously look at ways to better approach security challenges,... read more >
Recent SANS survey reveals major impediments to Incident Response efforts
A recent white paper, “The Race to Detection: A Look at Rapidly Changing IR Practices” published by the SANS Institute and authored by Alissa Torres, sheds some reasonable light into the current state of incident response (IR) practices. The white paper surveyed a wide variety of incident response professionals for recommendations and experiences. All of the concerns from the various IR professionals resonated with what I have seen in my experience as an incident responder.
The report states that the threat landscape is rapidly changing; with many respondents to the survey reporting that cyber attackers are increasing in their sophistication and efficiency. In fact, many of the criminal organizations involved in cybercrime are adopting the same techniques and tools... read more >
Many of this week’s articles serve as a great reminder that intentions alone do not, and will not protect an organization. I think one of the better stories came from John Dunn. His article in CSO highlighted an exercise where a U.S. Army commander sent a phishing email to a select-few of his staff with the intention of proving how susceptible they are, and were to these types of attacks. An otherwise harmless activity, given the phishing email was “just” part of an exercise, resulted in borderline mass hysteria. The phishing email warned the recipients that “their 401k Thrift Savings Plan retirement account had been breached and asking them to reset their passwords.”
This sparked a bevy of emails to fellow staffers in many, many different departments. Dunn writes,... read more >