US Cyber Command Shares Malware Samples with Cybersecurity Community

US Cyber CommandUS Cyber Command has begun sharing unclassified malware samples with the cybersecurity community through the website VirusTotal.

“Recognizing the value of collaboration with the public sector, the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity,” said an announcement from the US Cyber Command’s Cyber National Mission Force (CNMF), which is overseeing the program.

The cybersecurity industry can also receive unclassified malware samples through the CNMF’s Twitter feed, @CNMF_VirusAlert.

In 2012, the Joint Staff and US Cyber Command directed the services to collectively build a cyber mission force. That force consists of 133 cyber mission teams, four Joint Force Headquarters-Cyber, and the CNMF.

The CNMF plans, directs, and synchronizes cyberspace operations to deter, disrupt, and defeat adversary cyber actors.

The 133 cyber mission teams became operational in May of this year. The teams execute the command’s mission to direct, synchronize and coordinate cyberspace operations in defense of US interests.

“As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” US Cyber Commander Gen. Paul Nakasone said. “We must ensure we have the platforms, capabilities and authorities ready and available to generate cyberspace outcomes when needed.”

The cyber mission force teams have been building capability and capacity since 2013. The force structure was developed then, and the services began to field and train more than 6,200 military personnel from all services as well as civilians.

Roles of Cyber Mission Force Teams

Cyber mission force teams support US Cyber Command in the following areas:

  • Identify adversary activity, block attacks, and maneuver to defeat them
  • Conduct military cyberspace operations in support of commander priorities and missions
  • Defend the DoD’s information network, protect priority missions, and prepare cyber forces for combat
  • Provide analytic and planning support

“It’s one thing to build an organization from the ground up, but these teams were being tasked operationally while they were growing capability,” Nakasone said. “I am certain that these teams will continue to meet the challenges of this rapidly evolving and dynamic domain.”

Mirai Botnet Creator Ordered To Pay $8.6M for Rutgers DDoS Attacks

Mirai botnetA federal court has ordered Mirai botnet creator Paras Jha to pay $8.6 million to Rutgers University for distributed denial of service (DDoS) attacks on the university’s networks.

Jha also must serve six months of home detention for the DDoS campaign carried out between November 2014 and September 2016, which shutdown the university’s central authentication server.

The server maintained the gateway portal through which staff, faculty, and students exchanged assignments and assessments. The DDoS attacks took the portal offline on a number of occasions.

Jha, along with Josiah White and Dalton Norman, plead guilty in December last year to creating and operating the Mirai botnet, which recruited Internet of Things devices to launch DDoS attacks.

The defendants uncovered vulnerabilities that allowed them to surreptitiously attain administrative or high-level access to victim devices for the Mirai botnet.

The Mirai botnet at its peak enslaved hundreds of thousands of compromised IoT devices. Jha subsequently posted the source code online in the fall of 2016.

On Sept. 18, 2018, a federal court sentenced all three defendants to five year’s probation and 2,500 hours of community service. They were ordered to pay restitution in the amount of $127,000 and to abandon cryptocurrency seized during the course of the investigation.

Jha, Norman Plead Guilty to More Charges

Jha and Norman also plead guilty to successfully infecting more than 100,000 U.S.-based Internet-connected computing devices with malware between December 2016 and February 2017.

The two then used the compromised devices as a network of proxies through which they routed Internet traffic. The victim devices were used primarily in “clickfraud,” a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue.

Last month, European law enforcement agency Europol warned that DDoS attackers were targeting critical infrastructure. Europol said that DDoS attacks were becoming more accessible and involved low cost and low risk for attackers.

IDC Forecasts Security Spending Will Reach $133.7B in 2022

cybersecurity spending

Market research firm IDC forecasts that security spending on hardware, software, and services will reach $133.7 billion in 2022.

The security market should deliver a compound annual growth rate (CAGR) of 9.9 percent through 2022. By then, security spending will be 45 percent greater than the $92.1 billion forecast for 2018.

Security services will be both the largest ($40.2 billion in 2018) and the fastest growing category of worldwide security spending. Managed security services will be the largest segment within the services category, delivering nearly half of the category total in 2022.

Security software takes the second spot, with spending expected to total $34.4 billion in 2018. Endpoint security software will be the largest software segment throughout the forecast period. This will be followed by identity and access management software and security and vulnerability management software.

Hardware spending will be led by unified threat management solutions, followed by firewall and content management.

Banking Leads Other Industries in Security Spending

Banking will make the largest investment in security solutions, growing from $10.5 billion in 2018 to $16.0 billion in 2022. Security-related services, led by managed security services, will account for more than half of the industry’s spend throughout the forecast.

The second and third largest industries will be discrete manufacturing and federal/central government ($8.9 billion and $7.8 billion in 2018, respectively). They will follow a similar pattern with services representing roughly half of each industry’s total spending.

The industries that will see the fastest growth in security spending will be telecommunications (13.1 percent CAGR), state/local government (12.3 percent CAGR), and the resource industry (11.8 percent CAGR).

“Security remains an investment priority in every industry as companies seek to protect themselves from large-scale cyber attacks and to meet expanding regulatory requirements,” said IDC Customer Insights and Analysis Program Director Eileen Smith.

“While security services are an important part of this investment strategy, companies are also investing in the infrastructure and applications needed to meet the challenges of a steadily evolving threat environment,” she added.

The United States will be largest market for security solutions with total spending of $39.3 billion this year. The United Kingdom will be the second largest geographic market in 2018 at $6.1 billion. Rounding out the top five are China ($5.6 billion), Japan ($5.1 billion), and Germany ($4.6 billion).

Study Finds $250B Economic Benefit from NIST Encryption Standard

encryption standardThe NIST advanced encryption standard (AES) has had at least a $250 billion global economic impact over the past 20 years, a new report concluded.

AES uses a cryptographic algorithm that was approved for federal government use in 2001. It has since been widely adopted by private industry.

As a result, AES protects everything from classified data and bank transactions to online shopping and social media apps.

For the report, RM Advisory Services relied on a survey of encryption users and developers of encryption hardware or software.

Search for New Encryption Standard

In 1997, NIST launched its effort to identify a new standard encryption algorithm for the federal government. It recognized that the 20-year-old Data Encryption Standard (DES) was growing vulnerable in the face of advances in cryptanalysis and computing power.

Following an open international competition, in 2000 NIST announced its proposal for the replacement standard. Rijndael, an algorithm that was submitted by two cryptographers from Belgium, Vincent Rijmen and Joan Daemen, was selected.

The unclassified, publicly disclosed encryption algorithm used in the AES standard is available royalty free, worldwide. And it is used by the US government in its FIPS standard and voluntarily by private organizations worldwide.

The development process involved the collaboration of the worldwide cryptography community. The AES program continues to create economic value by transferring know-how into the network of communications and transactions.

“AES has been tremendously successful at helping to establish trust in IT systems around the world,” said NIST’s Charles Romine. “We are pleased with how it has stood the test of time in its ability to provide security in a wide range of commercial products and public and private systems.”

DDoS Attacks Targeting Critical Infrastructure, Europol Warns

ddos attacksDDoS attacks are being used to target critical infrastructure, warned European law enforcement agency Europol in its 2018 Internet Organised Crime Threat Assessment report.

Last year, a DDoS attack crippled train networks in Sweden by targeting internet service providers. Another attack shut down communications on the Finnish Aland Island after a telecom provider was targeted.

Europol noted that DDoS attacks are becoming more accessible and involve low cost and low risk for attackers.

DDoS attackers are increasingly using botnets of infected IoT devices to carry out their attacks. The Mirai botnet in 2016 is just one example.

This week, the Department of Justice said the creators of the Mirai botnet cooperated with the FBI and were given five years’ probation.

Close to two-thirds of EU law enforcement reported cases of DDoS attacks last year. And one-third of those emphasized the growing number of cases.

More than one-third of organizations faced a DDoS attack last year, compared to 17 percent in 2016, according to ENISA. Other reports cited by Europol indicated that DDoS attacks accounted for around 70 percent of incidents that compromised network integrity.

DDoS-for-Hire Services on the Rise

One of the reasons for the increase in DDoS attacks is the use of booters or stressers. These are DDoS-for-hire services that provide access to botnets for a small fee. The use of these services is making it much easier for unskilled attackers to launch major DDoS attacks.

In April of this year, the operators of the DDoS marketplace webstresser.org were arrested as result of Operation Power Off. This was an investigation led by Dutch Police and the British National Crime Agency with support from Europol and a dozen law enforcement agencies.

Webstresser.org was the largest DDoS marketplace with more than 136,000 registered users and 4 million attacks. When it was shut down, there was a 60 percent decrease in DDoS attack across Europe, the report noted.

Malware Samples Targeting Internet of Things Devices Soar

Internet of ThingsThere was a dramatic rise in malware samples targeting Internet of Things devices, according to a new report by Kaspersky Lab.

In fact, the security firm found three times as many malware samples in the first half of 2018 as in all of 2017. Last year, there were ten times more malware samples targeting Internet of Things devices than in 2016. “That doesn’t bode well for the years ahead,” the researchers observed.

Kaspersky Lab set up honeypots to catch cybercriminals in the act. What it found was that that one of the most popular attack and infection vector was cracking Telnet passwords.

Surprisingly, Brazil was the top country from which Telnet password attacks originated. Perennial favorite Russia only finished fourth, behind China and Japan. Better luck next time, Vlad.

Once the criminals crack the Telnet password, their favorite malware to download is Mirai.

For the first six months of 2018, the Telnet honeypot registered more than 12 million attacks from 86,560 unique IP addresses. Malware was downloaded from 27,693 unique IP addresses.

Reaper Botnet Infects Internet of Things

An alternative vector to Telnet password cracking is the Reaper botnet. Its assets at end-2017 numbered about two million Internet of Things devices. Instead of targeting Telnet passwords, this botnet attacks known software vulnerabilities.

With the Reaper botnet, infections occur faster. And it is much harder to patch a software vulnerability than change a password.

“Although this method is more difficult to implement, it found favor with many virus writers,” the researchers wrote.

Infected devices that attacked Kaspersky’s honeypots included MikroTik, TP-Link, SonicWall, AV tech, Vigor, Ubiquiti, D-Link, Cisco, AirTies, Cyberroam, HikVision, ZTE, and Miele.

“Malware for smart devices is increasing not only in quantity, but also quality. More and more exploits are being weaponized by cybercriminals, and infected devices are used to steal personal data and mine cryptocurrencies, on top of traditional DDoS attacks,” the researchers concluded.

Critical Infrastructure Protection Firm Indegy Raises $18M in Financing Round

critical infrastructure protection
Photo by Zorba the Greek

Critical infrastructure protection firm Indegy closed Aug. 28 on an $18 million Series B round of financing led by Liberty Technology Venture Capital, a subsidiary of Liberty Media.

Energy firm Centrica, O.G. Tech Ventures, and existing investors Shlomo Kramer, Magma Venture Partners, Vertex Ventures, and Aspect Ventures also participated in the financing round.

Centrica supplies energy and services to 25 million customers mainly in the UK, Ireland, and North America through British Gas, Direct Energy and Bord Gáis Energy. Centrica made the investment through its Innovations arm.

“With a growing customer portfolio that spans 35 countries, we’re working to bring businesses world-leading energy management solutions that will allow customers to take greater control of their energy,” said Christophe Defert, vice president of ventures for Centrica Innovations.

“In an increasingly connected world, we’re looking forward to working with Indegy as we explore ways to deploy distributed energy resources with the optimal security solution.”

Indegy will use the money to accelerate growth and expand market initiatives for its critical infrastructure protection suite of products, which protect systems used in manufacturing, energy, water, pharmaceuticals, and other critical infrastructures from cyberattacks.

“Recent reports by the DHS and FBI regarding attacks against critical infrastructures have created a greater sense of urgency among industrial organizations to shore up their defenses, and produced a major spike in new business for Indegy,” said Indegy CEO Barak Perelman.

“This capital infusion provides the financial resources required to scale up the company and capitalize on this market opportunity,” he added.

Scotto, Warwick Join Indegy

Furthermore, Indegy appointed two new executives to its management team. Joe Scotto joins as chief marketing officer, and Todd Warwick takes over as vice president of sales for the Americas.

Scotto joins Indegy from BAE Systems, where he served as vice president for Americas marketing. Previously, he held positions with KPMG, Avaya and Time Warner, where he led product and solutions marketing for their multichannel global SMB business.

Warwick joins Indegy from Imperva, where he served as AVP of sales. He has held sales management positions at Check Point Software and Alcatel-Lucent which was acquired by Nokia in 2016.

CVE Program Takes Heat from Republican Lawmakers

CVE programRepublican leaders of the House Energy and Commerce Committee are calling for changes to the CVE program, which provides common identifiers for known cybersecurity vulnerabilities.

Common Vulnerabilities and Exposures (CVE) program is sponsored by the Department of Homeland Security (DHS) under contract with MITRE.

The lawmakers want DHS to transition the CVE program from a contract-based funding model to a cost-neutral dedicated program, project, or activity line item in the department’s annual budget. In addition, they want DHS and MITRE to perform biennial reviews of the program’s stability and effectiveness.

CVE Is Critical Cyber Infrastructure

“The CVE program has become inextricably integrated with cybersecurity practices during its nearly 20-year existence. Yet the documentation produced to the Committee suggests that neither DHS nor MITRE fully recognize CVE’s status as critical cyber infrastructure,” wrote Energy and Commerce Committee Chairman Greg Walden (R-OR), Oversight and Investigations Subcommittee Chairman Gregg Harper (R-MS), Communications and Technology Subcommittee Chairman Marsha Blackburn (R-TN), and Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta (R-OH) in letters to DHS and MITRE.

“The historical practices for managing the CVE program are clearly insufficient. Barring significant improvements, they will likely lead again to challenges that have direct, negative impacts on stakeholders across society,” the lawmakers noted.

“The Committee understands and appreciates that DHS and MITRE have already undertaken reforms to try and address the issues that prompted the Committee’s initial request. However, many of these reforms target symptoms that stem from what the Committee considers to be underlying root-causes – the contract-based nature of the program and the lack of oversight – which have yet to be addressed. For DHS and MITRE to address these deep-seated issues, they will have to make significant changes to the very foundation of the CVE program.”

The committee gave DHS and MITRE until September 10 to respond to the lawmakers’ recommended changes.

Worldwide Information Security Spending to Exceed $124B in 2019, Says Gartner

IT_securityGarner forecasts that worldwide information security spending will top $124 billion in 2019, an 8.7 percent increase from $114 billion this year.

The top drivers are security risks, business needs, industry changes, and privacy concerns. As a result, privacy concerns will drive at least 10 percent of market demand for information security services through 2019. In particular, privacy worries will impact identity and access management, identity governance and administration, and data loss prevention, according to Gartner.

“Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” said Gartner Research Director Siddharth Deshpande. “Persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation [GDPR] are driving continued growth in the security services market.”

Deshpande said publicized data breaches reinforce the need to view sensitive data and IT systems as critical infrastructure.

Therefore, “security and risk management has to be a critical part of any digital business initiative,” he said.

A focus on building detection and response capabilities, privacy regulations, and the need to address digital business risks are the main drivers for information security spending.

Key IT security trends

Gartner has identified a number of key trends affecting information security spending in 2018-2019:

1) At least 30 percent of organizations will spend money on GDPR-related consulting and implementation services through 2019.

Organizations are continuing their journey toward compliance with the GDPR. Implementing, assessing, and auditing the business processes related to the GDPR will be the focus of security service spending for EU-based organizations and for those whose customers and employees reside there.

2) Risk management and privacy concerns within digital transformation initiatives will drive additional security service spending through 2020 for more than 40 percent of organizations.

Consulting and implementation service providers have retooled their service offerings over several years to support customers on their digital transformation journey. Security is a key factor in the uptake of that transformation process for regulated data, critical operations, and intellectual property protection spanning public cloud, SaaS and the use of IoT devices.

3) Services (subscription and managed) will represent at least 50 percent of security software delivery by 2020.

Security-as-a-service is on the way to surpassing on-premises deployments. And hybrid deployments are enticing buyers. Respondents to Gartner’s security buying behavior survey said they plan to deploy security technologies in a hybrid deployment model in the next two years. Managed services represented roughly 24 percent of deployments.

“On-premises deployments are still the most popular, but cloud-delivered security is becoming the preferred delivery model,” said Deshpande.

Smart Irrigation System Botnets Threaten Public Water Supply

smart irrigation system

Smart irrigation system vulnerabilities could pose risks to the public water supply, warned researchers from Israel-based Ben-Gurion University of the Negev.

The researchers found that attackers could employ a botnet of smart irrigation systems used by city and local governments to remotely turn watering systems on and off at will. This would enable attackers to empty public water supplies held in towers and reservoirs.

The researchers demonstrated how a bot running on a compromised device can detect a smart irrigation system connected to its local area network in less than 15 minutes. The bot can turn on watering of each smart irrigation system using a set of session hijacking and replay attacks.

“By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty flood water reservoir overnight,” said Ben Nassi, one of the researchers who conducted the study.

The researchers examined three popular smart irrigation systems: GreenIQ, BlueSpray, and RainMachine. “We have notified the companies to alert them of the security gaps so they can upgrade their smart system’s irrigation system’s firmware,” said Nassi.

“Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers,” he added.

Countermeasures to Stop Attacks

For countermeasures, organizations running these smart irrigation systems should consider monitoring unusual water consumption in urban water services. Once unusual activities is detected, the organizations can stop the water distribution. Unfortunately, this also prevents people from getting water, which is not a long term solution.

The organization can upgrade from HTTP to HTTPS in their communications. This would prevent attackers from spoofing TCP packets.

Also, organizations can disable SSH because it is not needed to communicate with a smart irrigation system when a cloud serves as a mediator. This will prevent attackers from executing a code on a smart irrigation system by detecting weak passwords, the researchers concluded.