Friday, February 23, 2018

cyberwar update

2-22-18   Between the third and fourth quarters of 2017, cyberattacks rose 82% and malware spread at a rapid pace, according to new data from digital security firm Fortinet.  http://www.cutimes.com/2018/02/22/cyberattacks-nearly-double-in-q4-report-says
2-20-18   Phil Quade, chief information security officer, Fortinet:  "The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organization.  There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate.  Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale.”...  
Digital transformation isn’t just reshaping business, cybercriminals are leveraging the expanding attack surface it creates for new disruptive opportunities to attack.  They are implementing newer swarm-like capabilities while simultaneously targeting multiple vulnerabilities, devices, and access points.  The combination of rapid threat development combined with the increased propagation of new variants is increasingly difficult for many organizations to combat....
An example is an attack codenamed Triton.  It is sophisticated in nature and has the ability to cover its tracks by overwriting the malware itself with garbage data to thwart forensic analysis.  Because these platforms affect vital critical infrastructures, they are enticing for threat actors....
 Fortinet Global Threat Landscape Report is a quarterly view that covers global, regional, industry sector, and organizational perspectives.  It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software, and botnets.  It also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyberattacks affecting organizations over time.  To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to that week’s most valuable Fortinet research.
http://markets.businessinsider.com/news/stocks/fortinet-threat-landscape-report-reveals-attacks-per-firm-increased-by-82-swarm-cyberattacks-target-the-internet-of-things-iot-with-growing-intensity-1016444776
................................................................................................................................
2-9-18     Personal information is boosting the phenomenal innovations happening in the AI, machine learning and deep learning spaces,” says Anton Jacobsz
, managing director at value-added distributor, Networks Unlimited.  “But, where there is a door in to reach this info, there is also the danger of cyber criminals slipping through keyholes and squeezing in under doorframes, all with the basic aim of using data maliciously.  Of course, the more machines that are connected – think Internet of Things (IoT) and all things smart: cars, homes, mobile devices, industry machines, utilities, and more – the more widespread the potential cybercrime infestation and destructive aftermath becomes.”...
“We expect to see new service offerings from the dark web as Crime-as-a-Service organisations use new automation technology for their offerings.  We are already seeing advanced services being offered on dark web marketplaces that leverage machine learning.  For example, a service known as FUD (fully undetected) is already part of several offerings.  This service allows criminal developers to upload attack code and malware to an analysis service for a fee.  Afterwards, they receive a report as to whether security tools from different vendors are able to detect it,” the blog points out, and also observes that “Infected machines leveraging Coinhive is a latest example – browser plugins that infect end-user machines to hijack their CPU cycles to mine for virtual currency. This process is rapidly accelerating the time from concept to delivery of new malware that is both more malicious and more difficult to detect and stop.  Once true AI is integrated into this process, offense vs defence (time to breach vs time to detect/ protect) will be reduced to a matter of milliseconds rather than the hours or days it does today.”...
  it is easy to predict that cybercriminals will eventually replace botnets built with mindless zombie devices with intelligent clusters of compromised devices to create more effective attacks.  This would be a hivenet instead of a botnet.  It would be able to use millions of interconnected devices, or swarmbots, to simultaneously identify and tackle different attack vectors, enabling attacks at an unprecedented scale,” explains the blog.  “Such hivenets are especially dangerous because, unlike individual zombies, individual swarmbots are smart.  They are able to talk to each other, take action based on shared local intelligence, use swarm intelligence to act on commands without the botnet herder instructing them to do so, and recruit and train new members of the hive.  As a result, as a hivenet identifies and compromises more devices it will be able to grow exponentially, and thereby widen its ability to simultaneously attack multiple victims.”  -Jcobsz   http://www.itnewsafrica.com/2018/02/cyber-security-the-winner-takes-it-all/
.................................................................................................................................................
2-23-18   Attacks are also increasing, with Akamai's State of the Internet / Security report for 4Q17 showing a 14 percent year-over-year gain in the number of Distributed Denial of Service (DDoS) attacks....
According to Trend Micro, there was a 32 percent increase in new ransomware families from 2016 to 2017....
93 percent of organizations surveyed by Verizon stated that mobile devices present a growing threat.  Furthermore, 79 percent of the organizations are concerned about  employee misuse of mobile devices.  "As mobility becomes more integral to business operations in today’s digital economy—from supply chain management to IoT-enabled sensors to customer-facing mobile apps—protecting mobile platforms is critical," Thomas Fox, senior vice president with Verizon, stated....
Raytheon 2018 Study on Global Megatrends in CyberSecurity...."Every day the cyber-threat is growing more sophisticated and aggressive, posing a real threat to global businesses across all sectors," Raytheon Chairman and CEO Thomas A. Kennedy, stated.
The primary issue highlighted by Centrify is that there is a disconnect between executive management and technical staff.  For example, 35 percent of technical officers identified malware as the primary threat to cyber-security.  In contrast, 62 percent of CEOs cited malware as the primary threat to cyber-security.    http://www.eweek.com/security/cyber-security-reports-reveal-growing-concerns-about-data-breach-risks
.................................................................................................................................
The report surveyed 1,911 respondents in 80 countries, including Allianz’ customers, brokers, risk consultants, underwriters, senior managers and claims experts.

“The jump that cyber incidents have taken in the past year – from third to first for medium-sized companies and from sixth to second for small-sized companies – is significant and reflects an uptick in the attention paid to data breaches both by SME companies and their insurance brokers,” said Vinko Markovina, global head of MidCorp, AGCS, who was quoted in the report.  https://www.insurancejournal.com/news/international/2018/02/21/481113.htm
...............................................................................................................................
2-23-18  McAfee, in partnership with the Centre for Strategic and International Studies (CSIS), today announces that cybercrime costs the world close to $600 billion – a $150 billion increase since 2014. 
 The research has also found the following below key findings:
  • Nation states are the most dangerous source of cybercrime, with Russia ranking No. 1 and North Korea No. 2. China is the most active player in cyber espionage.
  • Banks are the favourite targets of cybercriminals, even though financial institutions spend three times what other companies spend on cybersecurity.
  • Ransomware is the fastest growing type of cybercrime, aided by cybercrime-as-a-service, which is also flourishing
  • Cryptocurrencies are enabling cybercrime by allowing criminals to hide their identity while paying for services
  • Since 2014, nearly three billioninternet credentials and other personally identifiable information (PII) have been stolen by hackers
  • Two-thirds of people online– more than two billion individuals – have had their personal information stolen or compromised       
    Raj Samani, Chief Scientist and Fellow at McAfee
  • :https://www.informationsecuritybuzz.com/expert-comments/mcafee-research-reveals-cybercrime-takes-almost-600billion-toll-global-economy/
  • ......................................................................................................................
2-20-18   CrowdStrike, another top cyber security firm, told NBC News it identifies the N. Korean group by the name "Labyrinth Chollima." 
"Their malware is quite sophisticated and is capable of stealing documents from the air-gapped or disconnected networks," says a CrowdStrike intelligence paper. "Primary targets include government, military, defense, finance, energy and electric utility sectors."...
Kim Heung-Kwang, a former North Korean computer expert who defected to the south in 2004, told NBC News in an interview in Seoul last year that the North has trained thousands of military hackers capable of inflicting damage on South Korean and Western infrastructure.  https://www.nbcnews.com/news/north-korea/watch-out-north-korea-keeps-getting-better-hacking-n849381
....................................................................................................................
2-23-18    at the end of 2017 North Korea got a look at South Korean and American war plans and were alarmed at what they found. The northerners had every reason to believe this information was accurate because in late 2017 South Korean military networks were hacked and a large quantity of secret documents appear to have been copied. This apparently included several OPLANs (Operational Plan, a plan for a single or series of connected operations to be carried out simultaneously or in succession by specified military units).... OPLANs also include a lot of operational details that do not change much over time so grabbing even one version of a particular OPLAN has its uses.
South Korea and the United States have a number of shared OPLANs....In response to this latest hack South Korea quickly ordered some changes in its Cyber War defenses.   https://www.strategypage.com/htmw/htintel/articles/20180223.aspx
..............................................................................................................................
2-4-18   The ability of terrorist groups to launch cyber attacks will only increase, a senior counter-terror official has warned
ISIL and other terrorist groups are turning to the underworld to try to secure tools to carry out cyber-attacks on critical infrastructure.
Terrorist groups have taken part in low-grade “cyber vandalism” and their ability to wage more damaging attacks will only increase, according to a former operations chief at the UK’s spy centre GCHQ.
Many of the required tools to launch crippling attacks are becoming increasingly available on criminal markets on the so-called Dark Web, part of the world wide web that needs special software to penetrate.  https://www.thenational.ae/world/europe/isil-likely-to-switch-to-cyber-war-after-battlefield-loss-1.701733
.......................................................................................................................................
1-29-18   The Defence Secretary, Gavin Williamson, has warned Russia could cause “thousands and thousands and thousands” of deaths in an attack on Britain’s energy supply. He said Moscow had been looking at UK critical infrastructure such as power stations and links transferring electricity across borders.  https://www.informationsecuritybuzz.com/expert-comments/defence-secretary-says-russia-kill-thousands-cyber-attack/
..............................................................................................................................

No comments:

Post a Comment