US Cyber Command Shares Malware Samples with Cybersecurity Community

US Cyber CommandUS Cyber Command has begun sharing unclassified malware samples with the cybersecurity community through the website VirusTotal.

“Recognizing the value of collaboration with the public sector, the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity,” said an announcement from the US Cyber Command’s Cyber National Mission Force (CNMF), which is overseeing the program.

The cybersecurity industry can also receive unclassified malware samples through the CNMF’s Twitter feed, @CNMF_VirusAlert.

In 2012, the Joint Staff and US Cyber Command directed the services to collectively build a cyber mission force. That force consists of 133 cyber mission teams, four Joint Force Headquarters-Cyber, and the CNMF.

The CNMF plans, directs, and synchronizes cyberspace operations to deter, disrupt, and defeat adversary cyber actors.

The 133 cyber mission teams became operational in May of this year. The teams execute the command’s mission to direct, synchronize and coordinate cyberspace operations in defense of US interests.

“As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” US Cyber Commander Gen. Paul Nakasone said. “We must ensure we have the platforms, capabilities and authorities ready and available to generate cyberspace outcomes when needed.”

The cyber mission force teams have been building capability and capacity since 2013. The force structure was developed then, and the services began to field and train more than 6,200 military personnel from all services as well as civilians.

Roles of Cyber Mission Force Teams

Cyber mission force teams support US Cyber Command in the following areas:

  • Identify adversary activity, block attacks, and maneuver to defeat them
  • Conduct military cyberspace operations in support of commander priorities and missions
  • Defend the DoD’s information network, protect priority missions, and prepare cyber forces for combat
  • Provide analytic and planning support

“It’s one thing to build an organization from the ground up, but these teams were being tasked operationally while they were growing capability,” Nakasone said. “I am certain that these teams will continue to meet the challenges of this rapidly evolving and dynamic domain.”

Malware Samples Targeting Internet of Things Devices Soar

Internet of ThingsThere was a dramatic rise in malware samples targeting Internet of Things devices, according to a new report by Kaspersky Lab.

In fact, the security firm found three times as many malware samples in the first half of 2018 as in all of 2017. Last year, there were ten times more malware samples targeting Internet of Things devices than in 2016. “That doesn’t bode well for the years ahead,” the researchers observed.

Kaspersky Lab set up honeypots to catch cybercriminals in the act. What it found was that that one of the most popular attack and infection vector was cracking Telnet passwords.

Surprisingly, Brazil was the top country from which Telnet password attacks originated. Perennial favorite Russia only finished fourth, behind China and Japan. Better luck next time, Vlad.

Once the criminals crack the Telnet password, their favorite malware to download is Mirai.

For the first six months of 2018, the Telnet honeypot registered more than 12 million attacks from 86,560 unique IP addresses. Malware was downloaded from 27,693 unique IP addresses.

Reaper Botnet Infects Internet of Things

An alternative vector to Telnet password cracking is the Reaper botnet. Its assets at end-2017 numbered about two million Internet of Things devices. Instead of targeting Telnet passwords, this botnet attacks known software vulnerabilities.

With the Reaper botnet, infections occur faster. And it is much harder to patch a software vulnerability than change a password.

“Although this method is more difficult to implement, it found favor with many virus writers,” the researchers wrote.

Infected devices that attacked Kaspersky’s honeypots included MikroTik, TP-Link, SonicWall, AV tech, Vigor, Ubiquiti, D-Link, Cisco, AirTies, Cyberroam, HikVision, ZTE, and Miele.

“Malware for smart devices is increasing not only in quantity, but also quality. More and more exploits are being weaponized by cybercriminals, and infected devices are used to steal personal data and mine cryptocurrencies, on top of traditional DDoS attacks,” the researchers concluded.