Ralph Langner is one of the foremost experts on the security of critical infrastructure that we have. So, generally, when Ralph says something – whether its about Stuxnet, or cyberwar or the security of nuclear power plants – folks listen. And these days, Ralph is wondering, out loud, whether our reliance on digital systems to manage critical infrastructure has gone too far. The answer, he suggests, may be to go “back to the future,” as it were: reintroducing analog systems into the control process chain as a backstop for cyber attacks. Case in point: the Department of Homeland Security’s ICS-CERT warned on Friday that firmware for Siemens SIMATIC S7-1500 CPUs (Central Processing Units) contain nine vulnerabilities that could enable attacks such as cross site request forgery, cross site scripting and URL redirection. (Siemens has issued a firmware update that patches the holes.) Langner is among the world’s foremost experts on […]

If you’re working in IT at a Fortune 500 firm, Cisco Systems has some unwelcome news: you have a malware problem. According to the 2013 Annual Security Report from the networking giant, 100 percent of 30 Fortune 500 firms it surveyed sent traffic to Web sites that host malware. Ninety-six percent of those networks communicated with hijacked servers operated by cyber criminals or other malicious actors and 92 percent transmitted traffic to Web pages without content, which typically host malicious activity. “It was surprising that it was 100 percent, but we know that it’s not if you’re going to be compromised, but when,” said Levi Gundert, a technical lead in Cisco’s Threat Research, Analysis and Communications (TRAC) group in an interview with The Security Ledger. Among the high points (or low points) in Cisco’s Report: Cisco observed the highest number of vulnerabilities and threats on its Intellishield alert service in the 13 years […]

The German magazine Der Spiegel made headlines this week with its story detailing the US National Security Agency’s (NSAs) offensive hacking capabilities. The story is based on classified NSA documents absconded with by former contractor Edward Snowden and lays bare a Webster’s Dictionary full of classified hacking tools and programs.   Among the highlights of the story: + The NSA developed and deployed a wide range of hacking tools that could compromise hardware from leading IT and networking equipment makers including Cisco Systems, Juniper Networks and the Chinese vendor Huawei and Dell Inc.   + The NSA tools were designed to provide persistent access that allowed the NSA to monitor activity on the compromised endpoint, avoid detection by third party security software and survive software and firmware updates. One such tool, DEITYBOUNCE, provided persistent access to Dell’s PowerEdge servers by “exploiting the system BIOS” and using “System Management Mode to […]

Fresh off their discovery of a previously unknown (‘zero day’) security hole in Microsoft’s Internet Explorer web browser, researchers at the security firm Fireeye say that they have evidence that a string of sophisticated attacks have a common origin. In a report released on Monday (PDF), the firm said that many seemingly unrelated cyber attacks identified in the last year appear to be part of a “broader offensive fueled by a shared development and logistics infrastructure” — what Fireeye terms a ‘supply chain’ for advanced persistent threat (APT) attacks. At least 11 APT campaigns targeting “a wide swath of industries” in recent months were found to be built on a the same infrastructure of malicious applications and services, including shared malware tools and malicious binaries with the same timestamps and digital certificates. “Taken together, these commonalities point to centralized APT planning and development,” Fireeye wrote. The attacks link at least 11 separate […]

Computer security has always been a game of Spy vs. Spy, with the bad guys trying to stay one step ahead of the latest tactics and tools used to catch them. And that’s still true today, in an age of so-called “advanced persistent threats.” So what’s the next big thing in advanced malware? How about ghostly, ephemeral malware that never exists outside of memory and disappears whenever the infected system is rebooted?   The security firm Triumfant issued a warning on Monday about what it calls “advanced volatile threats” or AVT. The malware is already a common component in attacks against high value targets, including government agencies and intelligence services John Prisco, Triumfant’s CEO and President told The Security Ledger. The terminology here is a bit tricky – as Prisco admits. Technically, almost every online attack begins in memory, where attackers seek to overwrite the memory space used by a […]

This site and others have been writing about the “Advanced Persistent Threat” problem, which has generally been treated as a euphemism for the government and military of The People’s Republic of China or – in some cases – Russia, Iran, North Korea or other un-friendlies. Firms like Mandiant have taken pains to separate the concept of APT from run of the mill cyber criminal hacking groups whose motivation is profit, rather than the acquisition of information that can be used to advance geopolitical or economic goals. Cyber criminal groups may well use “advanced” in their attack methods and “persistent” in their efforts to compromise victim networks, but they weren’t “APT.” Now Symantec Corp. has put a fly into that ointment: publishing a report that pulls the covers off an APT group dubbed “Hidden Lynx” that it claims is responsible for some of the most sophisticated and large scale hacks of […]

The revelations about US government spying keep coming fast and furious, thanks to Edward Snowden, the former Booz Allen Hamilton contractor who absconded with reams of classified (and highly classified) documents from the National Security Agency. The latest details come courtesy of The Washington Post which on Thursday published documents detailing the so-called “Black Budget” – government spending on its intelligence services including the CIA and NSA – over the last nine years, including the $52 billion spent in 2013. The documents give the most detailed accounting to date on U.S. government spending on intelligence in the post September 11 world and contain quite a few surprises. Among them: proof that the CIA receives far more money than does the NSA. But it is Uncle Sam’s work on cryptanalysis  that has attracted a lot of attention from computer security and privacy experts. First, the Black Budget reveals that the NSA […]

The U.S. government’s federal technology agency has published a draft version of a voluntary framework it hopes will guide the private sector in reducing the risk of cyber attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) published a draft of its Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure on Monday. The document provides a guide for critical infrastructure owners of different maturity levels to begin documenting and understanding their risk of cyber attack, and – eventually – to measure their performance in areas such as asset management, threat detection and incident response. The framework was called for by Executive Order 13636, signed by President Obama in February. In that order, NIST was charged with creating a framework for sharing cyber security threat information and information on successful approaches to reduce risks to critical infrastructure. The Framework is comprised of five major cybersecurity functions: Know […]

Lots of aspiring technology start-ups dream of getting their product written up in The New York Times or Wall Street Journal when it launches. For Crowdstrike Inc. a two year-old security start-up based in Laguna Niguel, California, media attention from the papers of record hasn’t been an issue. This reporter counted twelve articles mentioning the company in The Times in the last year, and another two reports in The Journal. Much of that ink has been spilled on stories related to Crowdstrike research on sophisticated attacks, or the company’s all-star executive team, including former McAfee executives George Kurtz (CEO) and Dmitri Alperovitch (CTO), as well as former FBI cybersecurity chief Shawn Henry (Crowdstrike’s head of services), who left the Bureau in April, 2012 to join the company. For much of that time, Crowdstrike has been known mostly as a security services and intelligence firm, but the goal was always to […]

It was hard to escape the big news this week: revelations from The Guardian and The Washington Post about a program of widespread surveillance of online social networks and mobile phone use. The news, both the result of high-level leaks of classified information, has embroiled the Obama Administration in the most serious questions about domestic spying since the Nixon administration. To discuss the week’s events, Paul sat down with Ron Gula, the CEO of Tenable Network Security (and a former NSA security ninja) and Rick Forno, director of the University of Maryland Baltimore County’s Graduate Cybersecurity Program and a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS).  While neither guest was surprised to read about the government’s monitoring of cell phone activity or data from social networks, the latest reports lay bare the dimensions of the U.S. government’s domestic spying post 9/11, and raise serious […]