National Cybersecurity
United States. Congress. House. Committee on Energy and Commerce. (2012, February 8). Cybersecurity: Threats to communications networks and private-sector responses. Retrieved from http://energycommerce.house.gov/hearings/hearingdetail.aspx?NewsID=9250
Hearing featuring testimony from representatives of the Internet Security Alliance, the Center for Strategic and International Studies, McAfee, and other organizations.
United States. Department of Homeland Security. Industrial Control Systems Cyber Emergency Response Team. (2012, February 3). SSH scanning activity targets industrial control systems (ICS-Alert-12-034-01). Retrieved from http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-034-01.pdf
ICS-CERT
is issuing this alert to inform critical infrastructure and key
resource (CIKR) asset owners and operators of recent and ongoing
activity involving secure shell (SSH) scanning of Internet facing
control systems. As recently as this week, ICS-CERT received a report
from an electric utility experiencing unsuccessful brute force activity
against their networks.
Enterprise Cybersecurity
Manners, D. (2012, February 7). The user agent field: Analyzing and detecting the abnormal and malicious in your organization. http://www.sans.org/reading_room/whitepapers/hackers/user-agent-field-analyzing-detecting-abnormal-malicious-organization_33874
Hackers are hiding within the noise of HTTP traffic. They understand that
within this noise it is becoming increasingly difficult to detect
malicious traffic. They know that overworked analysts have little time
to detect malicious/abnormal HTTP traffic hiding amongst a mountain of
legitimate HTTP traffic. However hackers may be using unusual, alien to
your organization, unique or just plain evil HTTP header request user
agents. When they do they become easier to identify. This paper aids
intrusion analysts in understanding the use agent field and how it can
be used to detect malicious traffic.
Global Cybersecurity
& broadly applicable items
Beyeler, W., Glass, R., & Lodi, G. (2012). Modeling and risk analysis of information sharing in the financial infrastructure. In R. Baldoni & G. Chockler (Eds.), Collaborative financial infrastructure protection. Berlin, Germany: Springer. Retrieved from http://goo.gl/tlO70
This chapter defines the community of banks as a Complex Adaptive System of Systems and analyses the value of information sharing as a general policy to protect the community against cyber attacks.
ICT SCRM Community Framework Development Project. (2012, February 3). Final report. Retrieved from http://csrc.nist.gov/scrm/documents/umd_ict_scrm_initiatives-report2-1.pdf
Report of the UM Robert H. Smith School of Business team hired by NIST to analyze and make recommendations on improving supply chain risk management. Cybersecurity is one of the aspects covered by the report.
New Android malware bags millions in revenues. (2012, February 9). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/23803/new-android-malware-bags-millions-in-revenues/
A new piece of Android malware named Bmaster has infected hundreds of thousands of devices in China
and is able to generate millions of dollars in annual revenue. The Android malware, first highlighted by researcher Xuxian Jiang at North Carolina State University, was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings, Symantec researcher Cathal Mullaney wrote in a blog posting.
ODVA. (2012). Securing Ethernet / IP networks. Retrieved from http://www.odva.org/Portals/0/Library/Publications_Numbered/PUB00269R0_ODVA_Securing_EtherNetIP_Network
Best practices from the industrial control systems industry association.
Rubin, J. (2012, February 8). Google Wallet security: PIN exposure vulnerability. Retrieved from https://zvelo.com/blog/entry/google-wallet-security-pin-exposure-vulnerability
Interesting discussion, with links to other resources, of the recently revealed susceptibility of Google Wallet to brute force attacks. [Related article from Infosecurity.]
Zetter, K. (2012, February 7). Flaw in home security cameras exposes live feeds to hackers. Wired. Retrieved from http://www.wired.com/threatlevel/2012/02/home-cameras-exposed/
A flaw in home security cameras made by Trendnet potentially exposed
thousands of customers to hackers who could access the live video feeds
without a password. The vulnerability was discovered by a blogger who uses the name “someLuser” and who posted details of the flaw in January, describing how he was able to find vulnerable cameras online by using the Shodan search engine, which allows users to find internet-connected devices using simple search terms . . .
Within days of his revelation, readers had found more than 600 cameras
through their web addresses, which included cameras inside businesses
and children’s bedrooms. As more cameras were exposed, some readers
posted screenshots from the cameras as well as Google Maps purporting to
identify the exact location of the cameras.
Zetter, K. (2012, February 7). Hackers release Symantic source code after failed $50K extortion attempt. Wired. Retrieved from http://www.wired.com/threatlevel/2012/02/symantec-extortion-attempt/
Hackers with the Anonymous collective have released source code for
Symantec’s pcAnywhere product after failing to secure $50,000 from the
company in an extortion attempt. A hacker going by the online name YamaTough published 1.27 GB of the
source code on Pirate Bay Monday night after negotiations to extort
money from someone he believed was a Symantec employee fell through. In
reality, the Symantec “employee” was an undercover law enforcement agent
who was using a fake Symantec email address to communicate with the
hacker.
