• US power grid needs defense against looming cyber attacks
    This month, the U.S. government revealed its concerns about Russian incursions into the operating systems of domestic electric power plants and noted that the efforts to disrupt date back to 2013. The Departments of Energy and Homeland Security identified the grid’s vulnerability to cyberattacks some time ago and called for new protective measures in the DOE-led January 2017 Quadrennial Energy Review . The study, which analyzed the entire U.S. electricity system, noted that that the key critical infrastructures underpinning the nation’s economy and national security — transportation, water, finance, natural gas, oil, communications/IT — depend upon a reliable electricity “uber-network.” This followed 2015 and 2016 cyberattacks that disabled part of Ukraine’s electric grid. We need to fund development and deployment of advanced designs and technologies to protect our grid and to provide states the tools they need to contribute to the defense of the nation’s electricity system. The DOE study concluded that the electricity system is a national security asset.Read More
  • SamSam ransomware attacks have earned nearly $850,000
    First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments, and education. Still, the fact the group behind SamSam has collected any ransom at all, let alone 98.5 BTC, tells an interesting story about the balance between security and business. When victims of ransomware pay the ransom, most people assume it's because they didn't have proper backups, or the backups themselves were either outdated or corrupt. Paying the ransom during a ransomware attack is a bad idea. If you suggest to a security professional that you should pay the ransom in the event of a ransomware attack, you'll usually get one of two reactions. The group behind SamSam knows this, which is why they price their ransoms in a way that almost ensures their victims can pay.Read More
  • The Cambridge Analytica data probably isn't on the dark web - but more dangerous personal information might be
    Security experts told Business Insider that data obtained by Cambridge Analytica isn't likely on the dark web. The type of personality data harvested by Cambridge Analytica might allow researchers to predict who someone might vote for, but it pales in comparison to what data advertisers collect or what sensitive data is for sale on the dark web. "If people really knew how much data was used for companies to learn about them, track them, and sell products to people, they'd probably be a little more careful with their data," said Corey Milligan, a senior threat analyst at cybersecurity firm Armor. But it's unlikely the Cambridge Analytica data, which was improperly obtained from 50 million Facebook users, has made its way on the dark web. The UK-based firm used the data internally, so unless hackers stole it from Cambridge Analytica, the data probably isn't for sale, security experts told Business Insider "I haven't seen psychographic data on the dark net, and the reason for that is because if you think about a criminal who is buying data, their desire is to get access to data that can be immediately monetized," Turnage told Business Insider.Read More
  • The world's best hackers: Why Iran is a bigger threat to the U.S. than Russia, China or North Korea
    The Trump administration indicted members of an Iranian hacker network on Friday, claiming that the group was responsible for “one of the largest state-sponsored hacking campaigns” the U.S. has prosecuted.Officials said the hackers allegedly targeted dozens of U.S. universities, companies and government agencies—as well as the United Nations—and stole around 31 terabytes of data and intellectual property from entities worldwide. The group was allegedly hired by the Iranian Revolutionary Guard Corps (IRGC), a small division of Iran’s military tasked with defending the country’s Islamic Revolution. Nine of the 10 people named in the indictment were connected to the Mabna Institute, an Iranian tech firm that allegedly hacks on behalf of the IRGC.Iranian hackers have often been viewed as less skilled and less tenacious than hackers from countries like China and Russia.Read More
  • Why University Networks Are Such a Tempting Target for Foreign Hackers
    As a cybersecurity professor, I follow a lot of breach stories, but few hit quite as close to home for me as the indictment that the Department of Justice announced Friday charging nine Iranians with compromising thousands of computer accounts belonging to university professors. According to the indictment, the nine people charged—with conspiracy to commit computer intrusions, wire fraud, unauthorized access of computers, and other crimes—are affiliated with a company called the Mabna Institute, which “conducted massive, coordinated cyber intrusions” into the computer systems of 144 U.S. universities and another 176 foreign universities. The nine Iranians charged by the DOJ allegedly sent targeted spear-phishing emails to some 100,000 university professors worldwide and succeeded in compromising the accounts of at least 7,998 of them.Read More
  • To Illustrate the Dangers of Cyberwarfare, the Army Is Turning to Sci-fi
    Illustration: Matt Haley/Army Cyber Institute Self-Preventing Prophecies: The U.S. Army Cyber Institute’s graphic novels are aimed at making soldiers think about future threats. Photo: Don Hudson and Kinsun Lo/Army Cyber Institute At first glance, Dark Hammer [PDF] looks a lot like any other science fiction comic book: On the front cover, a drone flies over a river dividing a city with damaged and burning buildings. Dark Hammer is the first of four recently released comic books set in the near future that depict some of the emerging threats identified by the ACI. “The army really has a large history of using graphic novels or fiction to help our workforce understand somewhat intangible concepts.” The books grew out of the ACI’s collaboration with the Threatcasting Lab at Arizona State University, in Tempe. You write science fiction stories based on science facts to explore possible futures.Read More
  • Netflix, Dropbox promise not to sue security researchers, with caveats
    The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines. Dropbox Dropbox Head of Security Chris Evans announced on Wednesday that they’ve updated their vulnerability disclosure policy to clearly say that the company will “not initiate legal action for security research conducted pursuant to the policy, including good faith, accidental violations,” and that they “won’t bring a Digital Millennium Copyright Act (DMCA) action against a researcher for research consistent with the policy.” “Anything that stifles open security research is problematic because many of the advances in security that we all enjoy come from the wonderful combined efforts of the security research community,” he pointed out.Read More
  • Better Threat Sharing is Just the First Step in Securing Elections, Senate Committee Says
    Providing better, faster cyber threat information to states should be the beginning, but not the end, of the federal government’s efforts to ensure future elections aren’t marred by the same security concerns as the 2016 contest, according to a preview of Senate Intelligence Committee recommendations released Tuesday. The State Department should also work with allies to create a global understanding that election meddling is out of bounds, according to the recommendations, while the intelligence community should speed the process of attributing cyberattacks to nations and groups that violate those norms. The Trump administration last week imposed sanctions against Russian intelligence agencies and individuals responsible for meddling in the 2016 election, including probing state election systems in roughly 21 states and penetrating at least one voter database. Tuesday’s recommendations also include funneling more federal money to state election systems to ensure they’re digitally secure and segregated from the internet and that votes include an auditable paper trail.Read More
  • The web will soon be a little safer with the approval of this new security standard
    It’s almost as if thousands of spooks and hackers suddenly cried out at once… The Internet Engineers Task Force has just unanimously approved a security framework that will make encrypted connections on the web faster and more resistant to snooping. The IETF is a body of engineers from all over the world who collaborate on standards like this — and their approval of TLS 1.3 has been long in coming, more than four years and 28 drafts. That’s because the internet is a delicate machine and changes to its fundamental parts — such as how a client and server establish a secure, encrypted connection — must be made very, very carefully. The “handshake” between client and server has been streamlined and encryption initiated earlier to minimize the amount of data transmitted in the clear. The whole standard is 155 pages long, and really only other engineers will want to dig in. It doesn’t magically take effect, of course — but the IETF approval is a big step towards the standard being adopted by big companies, web services, and other, higher-level standards.Read More
  • Atlanta Trying to Recover From SamSam Ransomware Without Paying Up
    According to Jarvis, the attackers scan for open ports, typically a Windows RDP (Remote Desktop Protocol) port, and then apply a brute force attack until they get in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Jarvis said that the attackers in the Atlanta case are asking for six Bitcoins, which comes out to about $51,000.00. So far, it seems, the attacker running the SamSam ransomware have been decrypting the servers they’ve attacked after they’ve been paid. “If they backed up their data, that’s the only way to recover from a ransomware attack,” Weiss said. Once the city recovers from the ransomware attack, the next step is what to do to keep it from happening again.Read More