Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Thursday, October 03, 2013 Pierluigi Paganini

Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare, the cyberspace. As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units.

Network security company, FireEye, has released a report titled "World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks" which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks.

Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destructive cyber strikes on Iran and Georgia have signed the evolution of the military doctrine.
"Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible theater of operations. Once limited to opportunistic criminals, cyber attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power."

In the arsenal of government militias are entering strongly DDoS tools, spyware and computer viruses, nation-state driven cyber attacks are considerable an optimal option by governments for the following reasons:
  • Reduced costs compared to conventional strikes.
  • Efficiency
  • The asymmetric nature of the cyber attacks makes difficult the defense.
  • The anonymous nature of the offense allows the attacking government to circumvent the approval by the world community to a military offensive.
  • Possibility to conduct cyber attacks in peacetime for immediate geopolitical ends, as well as to prepare for possible future kinetic attacks.
As explained in the study the attribution of responsibility for a cyber attack is a very hard task, FireEye experts correctly highlighted that to uncover the perpetrators is necessary to apply a multi layered approach based on forensic “reverse-hacking” techniques, build a deep knowledge of "patterns" of attack, evaluate the geopolitical context of cyber attacks aims associated to specific government.

A cyber attack, viewed outside of its geopolitical context, allows very little legal maneuvering room for the defending state,” “False flag operations and the very nature of the internet makes tactical attribution a losing game. However, strategic attribution – fusing all sources of intelligence on a potential threat – allows a much higher level of confidence and more options for the decision maker,” “And strategic attribution begins and ends with geopolitical analysis." said Professor Thomas Wingfield of the Marshall Centre, a joint US-German defense studies institute.

The biggest challenge to deterring, defending against, or retaliating for cyber attacks is the problem of correctly identifying the perpetrator,” said Prof. John Arquilla, Naval Postgraduate School “Attribution” for a nation-state driven cyber attack is difficult due to similarity with the methods adopted by single individuals, organizations, or state-sponsored hackers. States are often mistakenly identified as non-state entities, and vice versa.

Another dangerous phenomenon that we are assisting is the growth of number of cyber mercenary groups close to governments that are structured as cyber criminal gangs but that are able to offer hacking services to involve in nation-state driven cyber attacks.

"Cybercrime organizations offer anyone, including governments, cyber attack services to include denial-of-service attacks and access to previously compromised networks." states the World War C report.

FireEye experts analyzed the Nation-state driven cyber attacks identifying the tactics and characteristics for the offensive in various regions:
  • Asia-Pacific: home to large, bureaucratic hacker groups, such as the “Comment Crew” who pursues targets in high-frequency, brute-force attacks.
  • Russia/Eastern Europe: More technically advanced cyber attacks that are often highly effective in evading detection.
  • Middle East: Cybercriminals in the region often using creativity, deception, and social engineering to trick users into compromising their own computers.
  • United States: origin of the most complex, targeted, and rigorously engineered cyber attack campaigns to date, such as the Stuxnet worm. Attackers favor a drone-like approach to malware delivery.
New players are entering the arena of cyber warfare strongly, countries such a North Korea, Iran and Syria have demonstrated to represent a serious menace also for the most industrialized superpower, this is the democracy of the new military doctrine. Examining most advanced countries in cyber warfare, China is considered responsible for the largest number of Nation-state driven cyber attacks, it uses high-volume noisly cyber attacks mainly for cyber espionage.

On the other end U.S., and Israel, providing the most advanced technologies, are able to conduct more sophisticated and surgical cyber operations, Stuxnet and Duqu are just a couple of examples of products of joint effort spent by the two governments. The Russian Government is considered one of the entities with major cyber capabilities, like Israel and US it is able to perform sophisticated nation-state driven cyber attacks, but little is known about the internal organization of its cyber units. According to rumors, a group of hackers that report directly to the President is the core of Russian cyber command that has operated in a stately way in cyberspace against hostile governments and on the domestic front against opponents of the regime.

"Though relatively quiet, Russia appears to be home to many of the most complex and advanced cyber attacks FireEye researchers have seen. More specifically, Russian exploit code can be significantly stealthier than its Chinese counterpart—which can also make it more worrisome. The “Red October” campaign, including its satellite software dubbed “Sputnik,” is a prominent example of likely Russian malware." states the report.

 FireEye's World War C ends proposing a list of factors that could influence the cyber security landscape in the medium term:
  • Outage of national critical infrastructure - we have still not assisted to cyber attacks that have compromised a national infrastructures like a power grid, but that day may not be far.
  • Cyber arms treaty - we are already assisting with the cyber army race for the above reasons, governments will continue to invest to increase their cyber capabilities. Following the table reporting the investment in cyber capabilities I presented to the Cyber Threat Summit 2012, let's consider that that the expense has grown despite the cuts in most cases.
  • PRISM, freedom of speech, and privacy - Disclosure of PRISM and other US surveillance activities will further complicate the delicate scenarios. The debate on topics such as freedom of speech and privacy could bring some "annoyance" to the intelligence activities conducted by the various governments, and nothing else in my judgment. No mistake, privacy and technology are like two separated spouses that live in the same house.
  • New actors on the cyber stage - cyberspace is a crowded place, Iran, Syria, North Korea, and even non state actors such as Anonymous have employed cyber attacks as a way to conduct diplomacy and wage war by other means. FireEye researchers wager of growing cyber capabilities of Poland, Brazil and Taiwan.
  • Stronger focus on evasion - due to the evolution of cyber defense attackers may be improve the offense with sophisticated techniques to avoid detection and fly under the radar.
Information warfare is ongoing ...

Tuesday, April 14, 2015 Wang Wei

Cyber-Security-Training
I frequently receive emails and messages on how to hack my friend’s Facebook account, how to become a hacker, how to penetrate networks, how to break into computers, and how to compromise routers?

These are some of the most frequent queries I came across, and in this article I’ll attempt to answer these along with a solution on how to get started as a beginner. Before we begin, first let’s know…

...What is Ethical Hacking?

Most people want to learn hacking just for fun to hack into their friend’s Facebook account or Gmail. Remember, Hacking is a skill and if you are here for the same reason, sadly but this platform may not work for you.

Ethical hacking is testing the IT resources for a good cause and the betterment of technology.

Ethical hackers are none other than computer security experts and researchers who focus on penetration testing and weaknesses in the organization’s information systems they associated.

A way to become an ethical hacker is to get Cyber Security Training from any Cyber Security University or by joining Online IT Training Courses.

Now:

Why Should I Join Security Training Courses, Cyber Security Certifications or a Cyber Security Awareness Training? Obviously, I need a Job!!

Yes, the main reason for me to learn Ethical Hacking is to apply my programming skills greatly to advance my career as a network administrator, a cyber security specialist, a network security specialist, web application security expert or a freelancer online.

Government and most of the Businesses-related organizations that are very serious about their network security mostly hire penetration testers and ethical hackers to help issues and improve their security of networks, applications, and other systems with the ultimate goal to prevent data theft and fraud.

Cyber Security, Digital Forensics and Hacking is an incredibly fastest growing job sector. In year 2013 alone, there were over 200,000 national postings for open cyber security positions in various government and private organizations.

The bottom line?

If you want to learn hacking and cyber security, you need a huge fee to enter into this industry.

People spend lots of dollars in order to learn cyber security, network security and grab a degree in cyber security.

Well, I have a cheap, wait wait…

...FREE SOLUTION to your problem, CYBRARY.IT — Free online IT (Information Technology) and Cyber Security Training.

This new revolutionary training program by Cybrary is designed both for anyone seeking a career in information technology (IT) and cyber security, as well as programmers and technology experts who want to develop their hacking prevention skills.

This course is fantastic, Why?

One of the most important things of Cybrary is that it is Free online IT and cyber security training environment for the world, so that anyone can join it in one shot.

The folks at Cybrary are committed to keeping all the IT and cyber security professionals across the world prepared for this ever changing industry and its upcoming technologies.

This course offers you to learn almost everything about IT and cyber security related for free. You can have a look at the courses you could learn from Cybrary:
  • Cryptography
  • Security+
  • Computer Forensics,
  • MCSA, Linux+,
  • CCNA and Network+
  • CISSP
  • Social Engineering and Manipulation
  • Python for Security Professionals
  • Malware Analysis
  • Metasploit and Advanced Penetration Testing
  • Ethical Hacking and many more.
Their Free and Online Cyber Security Training video classes include everything from cyber security certifications, including CISSP, Certified Ethical Hacker and CCNA to advanced top skill sets like advanced penetration testing and cloud administration.

This online IT training courses also includes instructional lectures, white papers, exam study guides, interactive lab demonstrations, case studies and many more.

The Cybrary.IT is a new school in cyberspace and based on the knowledge you gain here could help you to grab various cyber security degrees from popular universities as well as cyber security certifications offered by CompTIA, Cisco, and Microsoft.

So, choose one of your best courses in cyber security and network security that you want to brush up.

JOIN it Now by Registering for Free.

Monday, December 16, 2013 Pierluigi Paganini

The Evolution of the Cyber Threat Interview with IntelCrawler Researcher
Today I desire to propose an interview with Andrey Komarov, CEO of IntelCrawler and Dan Clements, President of IntelCrawler. IntelCrawler is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result.

I have prepared for them a series of answers and questions to analyze significant evolutions in the cyber-threat landscape:

Q. Which are the most concerning cyber threats for private businesses and government organizations?
A. Avoiding talking about usual and standard things, of course, the most dangerous and annoying is the emergence of fundamentally new vulnerabilities in critical applications and systems. "Zero day" vulnerabilities market is developing every day and taking the shape of a part of the future cyber warfare market, as it is still in the process of formation. Neither consumers in the face of government or companies, nor vendors are not ready for such kind of threat, which makes mitigation actions very complicated.
Q. Which are the industries most exposed to cyber attacks and why?
A. Just imagine, what would be interesting for you, if your main interests were money and information? It is two main reasons of all past and today's cyber attacks in the world. First of all, it is all related to profitable commercial business, such as private banking and industrial sector, ending with government infrastructures, which relates to state sponsored attacks. It is true, as cyber offensive approaches displace "old school", such as signal intelligence, as it is much cheaper and easier in the 21st century. The role of information takes new forms, making the computer communications as a battlefield of modern cyber warfare.

Which are the factors that most of all have influenced the design of malicious code in the last year (e.g. P2P communication protocols, advanced evasion techniques, hiding C&C in Tor networks)

Malware coders are interested in hiding of the communications between the infected host and C&C, that's why the stable trend is to create or to use alternative means of communications. That's why, there were lots of new kinds of samples, which used C&C in TOR or I2P, which was really exotic for the first time, but then became one of the standards for the cybercriminals.

Q. Which is the role of the intelligence in the fight to the cybercrime?
A. The role of e-crime intelligence is huge, as sometimes only timely notification about planned threat can help to prevent cyber attack or fraud. There are some difficulties in this niche as well, such as the heterogeneity of geographies cyber criminals live, the languages they speak, opportunity of deep infiltration in Underground communities, gathering information on the real identity of the criminals in the age of anonymity and impersonality and etc., all these aspects forcing us to organize systematical monitoring of several the most important regions, such as Asian segment, former USSR, risky EU-based countries, such as Romania, and use a large network of trusted sources. Software protection ways can't help on 100%, that's why human resources and intelligence are one of the most important additional elements.

Q. Malware and Internet of things, what to expect in the next months?
A. First of all, new variants of mobile malware, as it will be one of the most actual for the nearest future, because of global "mobilization". Secondly, new kinds of online-banking trojans and the appearance of medication of POS/ATM malicious code, as "skimming" becomes too expensive and risky. Thirdly, hacking and surveillance will damage your privacy more and more, as it is inseparable.

Q. Does it exist a marked distinction between cybercrime and state-sponsored hacking?
A. Yes, as state-sponsored hacking has more specifics. Interesting fact, that firstly cybercriminality creates the trend for further state-sponsored hacking, governments copy its actions and explore the methods and means they use in that or this country, as it is really different. Just compare, Chinese hackers and Latin American hackers, absolutely different style of intrusions, fundamentally different approaches on malicious code, as Chinese stuff is more sophisticated, because of great experience and scientific potential across the whole country.

Q. Which are the governments most active in cyberspace?
A. You should be very cautions talking about exact governments in cyber world, because it is still not very transparent. Good example, we have detected the C&C placed in Morocco, but the owners of the botnets who were behind using email accounts registered on GMX.DE. Another is when the malware after reverse engineering and unpacking had strings written in Hebrew, but hosted in Latvia. Despite these facts, the leaders of this industry certainly are: China, USA, Russia, Germany, France, UK, UAE and Saudi Arabia and Israel.

Q. Do you think it is possible a major cyber attack against a government network or a critical infrastructure in the next year?
A. Yes, as it is one of the today's main interests of bad actors, doesn't matter state sponsored or general criminals.

Q. Do you think it is possible that a Stuxnet like malware is already operating on the Internet?
A. You never know, but I think that the topic of embedded systems backdooring or malware distribution under PLC/RTU/SCADA is still very actual. And was not deleted from the plans of the intelligence community.

Dan Clements: IntelCrawler President, former Cardcops president, one of the first cybercrime intelligence company, which worked with major banks in the US on compromised data recovery.

Andrey Komarov: IntelCrawler CEO, author of OWASP SCADA Security Project. Expert in critical infrastructure protection (CIP) and SCADA security assessment. Responsible for cyber intelligence and e-crime intelligence topics in the company, as well as for R&D on Big Data and IPv4/IPv6 address space research.

Sunday, December 08, 2013 Pierluigi Paganini

Growing market of zero-day vulnerability exploits pose threat to Privacy and Security
NSS Labs issued the report titled "The Known Unknowns" to explain the dynamics behind the market of zero-day exploits.

Last week I discussed about the necessity to define a model for "cyber conflict" to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided to give more info to the readers on cyber arsenals of governments.
Governments consider the use of cyber weapons as a coadiuvant to conventional weapons, these malicious application could be used for sabotage or for cyber espionage, they could be used to hit a specifically designed software (e.g. SCADA within a critical infrastructure) or they could be used for large scale operations infecting thousand of machines exploiting zero-day in common application (e.g. Java platform, Adobe software).
Growing market of zero-day vulnerability exploits pose threat to Privacy and Security
The zero-day flaw are the most important component for the design of an efficient cyber weapon, governments have recently created dedicated cyber units to the discovery and exploitation of unknown vulnerabilities, but in many cases this precious knowledge is sold by private entities on the underground, consider that governments are the primary buyers of the growing market of zero-day. But governments aren't unique buyers, exploit kits including zero-day are acquired also by non government actors buying, it has been estimated that the market is able to provide 85 exploits per day, a concerning number for the security industry.
Growing market of zero-day vulnerability exploits pose threat to Privacy and Security
Zero-day hunters are independent hackers but in the majority of cases are structured security firms that analyze every kind of software to discover flaws exploitable during a cyber attack and resell their knowledge to the highest bidder, no matter if it is a private company that will use it against a competitor of a foreign government.

The NSS Labs have recently issued an interesting study study titled "The Known Unknowns", it reports that every day during a period of observation lasted three years, high-paying buyers have had access to at least 60 vulnerabilities targeting common software produced by Adobe, Apple, Microsoft and Oracle.
"NSS Labs have analyzed ten years of data from two major vulnerability purchase programs, and the results reveal that on any given day over the past three years, privileged groups have had access to at least 58 vulnerabilities targeting Microsoft, Apple, Oracle, or Adobe. Further, it has been found that these vulnerabilities remain private for an averagfe of 151 days. These numbers are considered a minimum estimate of the “known unknowns”, as it is unlikely that cyber criminals, brokers, or government agencies will ever share data about their operations.

Specialized companies are offering zero-day vulnerabilities for subscription fees that are well within the budget of. A determined attacker (for example, 25 zero-days per year for USD $2.5 million); this has broken the monopoly that nation states historically have held regarding ownership of the latest cyber weapon technology. Jointly, half a dozen boutique exploits providers have the capacity to offer more than 100 exploits per year. "
It has been estimated that every year zero-day hunters develop combined 100 exploits resulting in 85 privately known exploits at the ready on any particular day. Consider that this is a row estimation that not consider the data related to an independent group of hackers which activities are poorly known.

On the black market an exploit for a Windows OS sells for up to $250,000 according the BusinessWeek , a good incentive for hackers to focus their efforts in the discovery of zero-day.

What is very concerning is that in many cases the entity that discovers the zero-day, to maximize the gains offers its knowledge to hostile governments, governments that use it also to persecute dissidents or to attack adversary states.
Growing market of zero-day vulnerability exploits pose threat to Privacy and Security
The zero-day market follows its own rules, the commodities are high deperible, the transactions are instantaneous and the agreement between buyers and sellers is very sensitive.
"According to a recent article in The"New"York"Times, firms such as VUPEN (France), ReVuln (Malta), Netragard, Endgame Systems, and Exodus Intelligence (US) advertise that they sell knowledge of security vulnerabilities for cyber espionage. The average price lies between USD $40,000 and USD $160,000. Although some firms restrict their clientele, either based on country of origin or on decisions to sell to specific governments only, the ability to bypass this restriction through proxies seems entirely possible for determining cyber criminals. Based on service brochures and public reports, these providers can deliver at least 100 exclusive exploits per year."
In particular the US contractor Endgame Systems reportedly offer customers 25 exploits a year for $2.5 million.

The knowledge on the zero-day vulnerability could be bought on the underground market or it could be acquired through open "bug bounty" processes, following some interesting data on the principal programs:
  • Google paid approximately USD $580,000 over three years for 501 vulnerabilities discovered in the Chrome browser (= 28 percent of the patched vulnerabilities in the same period)
  • Mozilla paid approximately USD $570,00 over three years for 190 vulnerabilities discovered in its Firefox browser (= 24 percent of the patched vulnerabilities in the same period)
  • Facebook has paid approximately USD $1 million since the 2011 inception of its program.
  • Microsoft has paid approximately USD $100,000 since the June 2013 inception of its program for reporting new exploitation techniques
I've found the report very interesting, but we have to consider the lack of reliable information to further quantify “known unknowns” "that are in the hands of cyber criminals or that are privately developed through consulting contracts, the assertion that there are 100 exploits available to privileged groups on any given day must be considered a reasonable minimum estimate those privileged category.

The uncontrolled and unregulated sale of zero-day pose a real and present threat to the security of government organizations and private corporations and software users, it's quite impossible to imagine a future scenario.

Friday, July 31, 2015 Khyati Jain

smart-cities-security-vulnerability
Imagine…

You drive to work in your Smart-Car connected to the GPS automatically, but a hacker breaks into your car's network, takes control of the steering wheel, crashes you into a tree, and BOOM!

Believe it or not, such cyber attacks on smart devices are becoming reality.

Car Hacking was recently demonstrated by a pair of security researchers who controlled a Jeep Cherokee remotely from miles away, which shows a rather severe threat to the growing market of the Internet of Things (IoT).

Internet of Things (IoT) — A technology that connects objects to a network or the Internet, and enables interaction among varied devices such as:
  • Smart Cars
  • Smart TVs
  • Refrigerators
  • Wearables
  • Routers
  • Other embedded computing as well as non-computing devices.
Few days back, I had read about Smart Dustbins that are the latest smart objects to become Wi-Fi-enabled.

Internet of Things to make Cities Smart or Dumb?


Cities around the world are becoming increasingly smarter and more connected to the Internet in an attempt to add convenience and ease to daily activities.

By 2020, there will be more than 50 Billion Internet-connected devices that will transform the way we live and work.

However, every new technology and innovation bring new challenges and problems. In this article, I am focusing on cyber security related issues that are currently affecting or will affect our smart life in the near future.

We all know that everything connected to the Internet is vulnerable and can be supposedly compromised, and as the number of Internet-connected devices is increasing, the potential security challenges of IoT devices can no longer be ignored.

Top 7 Smart Cities Prone to Cyber Attacks


Below is the list of Top 7 developed smart cities around the world, but also labelled as the most vulnerable Cities to Cyber threats:
  • Santander, Spain
  • New York City, USA
  • Aguas De Sao Pedro, Brazil
  • Songdo, South Korea
  • Tokyo, Japan
  • Hong Kong
  • Arlington County, Virginia, USA

These Cities become smarter by deploying new technologies like:

Smart-Cities-Features.png
  • Smart street lights: Centrally managed and can adapt to weather conditions, report problems, or be automated by time of the day.
  • Smart Public Transportation and Traffic control Systems adjust traffic lights based on current traffic conditions.
  • Smart parking application to find available parking slots.
  • Smart Water and Energy Management, provides information regarding the quality of air, water needs.
Sadly these cities are implementing new technologies without first testing cyber security.

In case if a cyber attack on these smart cities causes an inadequate supply of electricity or water, dark streets, or/and no cameras. Then how would citizens respond to it?

I guess such attack would cause a lot of chaos in the city.

People residing in such a city might face a panic attack when they are made slaves of their "cyber masters/criminals."

As hackers may bring more sophisticated viruses to you that a day comes when you plan to go to a movie on a Friday night, all set to go, but your house keys are in the hands of your master sitting in some other country!

Smart IoT devices create huge attack surfaces for potential cyber attacks, making the future of smart cities more vulnerable than today's computers and smartphones.

Cyber Attacks Leverages Internet of Things


Smart devices such as traffic and surveillance cameras, meters, street lights, traffic lights, smart pipes, and sensors are easy to implement, but are even easier to hack due to lack of stringent security measures and insecure encryption mechanisms.

WiFi-Trash-Can.jpg
Last year, we saw a real cyber attack scenario involving IoTs in which hackers compromised more than 100,000 Smart TVs, Refrigerator, and other smart household appliances to send out millions of malicious spam emails.

In a separate case, researchers discovered a Linux worm 'Linux.Darlloz' that hijacked a number of smart home appliances including Home Routers, Set-top boxes, Security Cameras and printers, to mine Cryptocurrencies like Bitcoin.

Modus Operandi of a Cyber Criminal


A vulnerability in the technology, when comes in the sight of a person with malicious intent, poses as a threat and as the threat/risk associated with the system (to be compromised) is bypassed takes the form of an attack.

With the technological shift in the lives of the people from desktop PCs to mobiles, wearables and now to IoT devices, cyber criminals are also focusing on all sorts of threats to compromise them.

In one of our introductory articles to IoT we discussed about the desktop viruses coming our way through refrigerators and home appliances, therefore, emphasis is to be paid on the type of threats that can affect our digital appliances, including Ransomware, Spyware, DDoS attacks, and many more.

So, in such a scenario where every single object is dependent on the network and making our lives comfortable can be of a kind where sooner or later we are going to become "Digitally Handicapped."

No doubt, the IoT devices are said to be the next evolutionary step in our connected world and will incredibly grow, but it is very much possible to see cyber-criminals exploiting and compromising them.

By saying this, we are not making your lives more vulnerable; rather a secure one.

Sunday, September 29, 2013 Pierluigi Paganini

The Wall Street Journal reported that Iranian hackers have successfully penetrated unclassified US Navy computers, the allegations were made by US officials that consider the attacks a serious intrusion within the Government network.

"The U.S. Officials said the attacks were carried out by hackers working for Iran's government or by a group acting with the approval of Iranian leaders. The most recent incident came in the week starting Sept. 15, before a security upgrade, the officials said. Iranian officials didn't respond to requests to comment."
US officials revealed that a group of Iranian state-sponsored hackers have repeatedly violated US Navy computer systems for cyber espionage purpose, despite no sensitive information has been leaked the event is considered very concerning. US Intelligence fears that such attacks could expose confidential information like the blueprints of a new cyber weapon.

US officials added that Congress has been briefed on the attack, Defense Secretary Chuck Hagel and Chairman of the Joint Chiefs of Staff Gen. Martin Dempsey discussed on the necessity further improve government network security.

"The Pentagon wouldn't confirm the alleged Iranian hacks. A department spokesman said its networks are attacked daily. We take these attempts seriously and work to learn lessons from every one of them," the spokesman said.

"Their ability to also play in this [cyber] sandbox compounds that concern," "The series of Iranian intrusions revealed a weakness in the Navy network and a shortcoming in the service's defenses compared with other unclassified military networks, according to U.S. Officials.

Once the intruders got into the Navy computer system, they were able to exploit security weaknesses to penetrate more deeply into the unclassified network, the officials said."

Iran’s cyber abilities have increased gradually reaching a concerning level, US Intelligence believes that Iranian cyber units today have sufficient cyber abilities to attack the US causing serious damages to the critical infrastructures of the country.

The situation is very serious if we consider that the foreign hackers could sabotage the critical infrastructure using malicious code and tools freely available on the internet and purchased in the underground.

The study “Iran: How a Third Tier Cyber Power Can Still Threaten the United States” (PDF), published by the Atlantic Council sustains that despite the Iranian cyber capabilities are considered modest, they could be sufficient to launch attacks against the US that would do more damage to public perceptions than actual infrastructure.

The Iranian menace continues, Iranian state-sponsored hackers already hit US in the past the US major banks and energy industry computer networks, but if the event is confirmed there is the concrete risk that the cyber conflict may escalate.

Between US and Iran, there is a dangerous tension that has repercussions in the cyber space while US President Barack Obama and Iranian President Hassan Rouhani are trying to define a diplomatic conduct to reach an agreement on the development of Iranian nuclear program. The two leaders spoke on Friday, from the White House Friday afternoon, Obama announced he just got off the phone with Iranian President Hassan Rouhani and discussed “our ongoing efforts to reach an agreement over Iran's nuclear program.

The cyber war between US and Iran started a long ago, US in a joint effort with Israel is considered responsible for the sabotage of Iranian uranium enrichment facilities made with a cyber weapon known as Stuxnet.

Cybersecurity experts are not concerned only by Iran, most dangerous players in the cyberspace like China and Russia that have more sophisticated hacking capabilities than Iran.

The conflict between US and Iran is ongoing in the cyberspace and could have serious repercussions on the diplomatic dialogue established between the two governments, a cyber attack could have the same effect of a conventional strike ... This could be just the beginning.

Saturday, August 08, 2015 Wang Wei

Researchers to Share Details of Cyber-Terrorists Targeting Indian Government Officials
The Potential threat, range from very narrow to very broad, posed by Cyber-Terrorism has provoked considerable alarm.

Terrorists involved in Cyber Espionage and Operations aim at gaining access to Nation's critical infrastructure involving both Government as well as Private sectors.

The Frequency and Intensity of such Cyber-attacks are increasing rapidly and extending into absolute cyber-war between states, allowing terrorist organizations to pilfer data from financial and military organizations.

Similar Incident happened, few months back, when a group of Middle-east terrorists tried to infiltrate Indian Government officials operational in Cyber related divisions.

In response, a team of Independent Indian security researchers planned a counter operation to track down the terrorist organization behind the cyber attack.

Shesh Sarangdhar, a security researcher at Seclabs & Systems Pvt. told The Hacker News that his team successfully penetrated the source computer (using zero-day exploits) used for spreading malware to Government officials and found that the attacker’s IP address belongs to Pakistan Telecommunication company limited.
Upon Analysis, the infected system appeared be a part of an elaborately designed cyber operation center,” Mr. Sarangdhar explained.
Researchers found a directory called “Umer Media” on that compromised system, which contained Excel files maintaining a list of “multiple social media profiles of terrorism bent.
Excel file elaborately maintained the details of individuals who comment and like on these pages. Many of these social media profiles were later analyzed and revealed some key players behind the cyber-terror organization,” he told The Hacker News team.
The goal of cyber counter operation conducted by the Indian researchers was to prevent cyber attacks against any and all critical infrastructures.

Moreover, the researchers obtained mobile numbers of those key players and compromised their devices using a zero-day vulnerability in Maxthon browser.
The mobile communication revealed that around 1000 mujahids were being trained to infiltrate Indian borders,” Mr. Sarangdhar told us.
Shesh Sarangdhar and his team will present the complete technical details of their operation, zero-day vulnerabilities used and the malware analysis at upcoming “1337Con” CyberSecurity Conference.

Thursday, October 30, 2014 Mohit Kumar

APT28 Hacker Group — Cyber Espionage Attacks Tied to Russian Government
Nearly a decade-long cyber espionage group that targeted a variety of Eastern European governments and security-related organizations including the North Atlantic Treaty Organization (NATO) has been exposed by a security research firm.

The US intelligence firm FireEye released its latest Advanced Persistent Threat (APT) report on Tuesday which said that the cyber attacks targeting various organisations would be of the interest to Russia, and "may be" sponsored by the Russian government.

The Report entitled "APT28: A Window Into Russia's Cyber Espionage Operations" published by FireEye has "evidence of long-standing, focused operations that indicate a government sponsor - specifically, a government based in Moscow."
"Despite rumours of the Russian government's alleged involvement in high-profile government and military cyber attacks, there has been little hard evidence of any link to cyber espionage," Dan McWhorter, FireEye vice president of Threat Intelligence, wrote in a blog post discussing the report.
"FireEye's latest APT report sheds light on cyber espionage operations that we assess to be most likely to be sponsored by the Russian government, long believed to be a leader among major nations in performing sophisticated network attacks."
The cyber-espionage group believed to have been operating since at least 2007 in order to steal political and state secrets from businesses and foreign governments. The group launched a cyber attack on government in Georgia, Eastern Europe, as well as NATO and the Organisation for Security and Co-operation in Europe, according to the report.

Whereas the Russian cyber criminal groups are known for conducting massive cyber campaigns aimed at stealing money and financial information, but APT28 focuses on "privileged information related to governments, militaries and security organizations."
This group, unlike the China-based threat actors we track, does not appear to conduct widespread intellectual property theft for economic gain,” FireEye stated in the report. “Nor have we observed the group steal and profit from financial account information.
The security firm analyzed that the malware used by APT28 features a consistent use of the Russian language. Moreover, more than 96 percent of malware samples analyzed by the researchers were compiled between Monday and Friday, between 8AM and 6PM in the time zone paralleling working hours in Moscow and St. Petersburg. This regularity in the work suggests that the hackers were in Moscow, the report argues.
APT28 Hacker Group — Cyber Espionage Attacks Tied to Russian Government
The APT28 group has constantly updated their software and made the resulting binaries difficult to reverse engineer. It used a downloader tool that FireEye dubbed "SOURFACE", a backdoor labelled "EVILTOSS" that gives hackers remote access and a flexible modular implant called "CHOPSTICK" to enhance functionality of the espionage software.

Infection is usually achieved via a spear phishing email with a relevant lure and the malware hidden in the attachment. The hacker group has also created a number of fake domains for UK-based defence events, including the Counter Terror Expo, as part of the operation to gather intelligence on attendees.

Together with the help of above mentioned tools, the group gained access to the file system and registry; enumerate network resources; create processes; log keystrokes; access stored credentials; execute shellcode, and encrypt exfiltrated data uploaded with an RSA public key.
The coding practices evident in the group’s malware suggest both a high level of skill and an interest in complicating reverse engineering efforts,” the report stated.
In  another report , a top White House official has confirmed that Russian hackers have hacked into the unclassified White House computer networks. "we identified activity of concern on the unclassified Executive Office of the President network,".

Russia has been suspected of attacks on Ukraine too, including attempts to gain access to politicians’ mobile phone communications.

Thursday, July 17, 2014 Swati Khandelwal

FBI warns Botnets Infecting 18 Computers per Second. But How Many of Them NSA Holds?
Botnets - a secretly compromised networks of ordinary home and office computers with rogue software or "malware" that are controlled by an individual criminal or a group - has dramatically increased over the past several years and are considered to pose the biggest threat to the Internet.

Cyber criminals have brushed-up their hacking skills and are using Botnets as a cyber weapon to carry out multiple crimes like DDoS attacks (distributed denial of service), mass spamming, page rank and advertising revenue manipulation, mining bitcoins, cyber espionage and surveillance etc.

18 BOTNET INFECTIONS PER SECOND
According to the director of FBI’s cyber division, Joseph Demarest, Botnet has become one of the biggest enemies of the Internet today, and therefore its impact has been significant. Yesterday during a hearing before a U.S. Senate committee, he says that every second 18 computers worldwide are part of botnet armies, which amounts to over 500 million compromised computers per year.

The network of compromised systems can do a drastic cyber crime activities without the knowledge of their computer’s owner. Botnet allows its operator to steal personal and financial information, get into system owners’ bank accounts, steal millions of credit cards, shut down websites, monitor your every keystroke and can even activate systems’ cameras secretly which can take users’ at great risk.

On Tuesday, a U.S. Senate committee assembled to discuss the progress of FBI agency’s current and future anti-cyber crime strategy to disrupt Botnets, with agenda: “Taking Down Botnets: Public and Private Efforts to Disrupt and dismantle Cyber Criminal Networks.

BOTNET FETCHED MILLIONS OF DOLLARS
Joseph Demarest said the news is troubling as the botnets' high infection rate costs the US and global economies billions of dollars. Several successes "But our work is never done," noted the FBI chief.
"The use of botnets is on the rise. Industry experts estimate that botnet attacks have resulted in the overall loss of millions of dollars from financial institutions and other major US businesses," Demarest said.
"As you well know, we face cyber threats from state-sponsored hackers, hackers for hire, organized cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas—things of incredible value to all of us.
TWO FACES OF THE SAME GOVERNMENT - FBI & NSA
FBI trying to take down cyber criminals and putting its all effort to shut down botnet networks - which really sounds cool! But could you answer me that ‘How NSA is conducting its wider spread mass surveillance program..??’ Yes, of course, with the use of similar exploits and botnet malware. It was revealed few months ago from the Edward Snowden leaks that NSA is taking over entire networks of already-hacked machines (Botnets) and using them for their own purposes.

Also at the end of last year, Dutch newspaper NRC Handelsblad reported that the document leaked by Snowden also revealed that NSA had established an army of "sleeper cells" – malware-infected, remote-controllable computers – on 50,000 networks by the middle of 2012, which waits for months or longer before it activates by the agency and begins harvesting data.

So, when one side of U.S. government is trying every effort to shut down the widely spread botnet networks and at the same time, the other side of government is building up their weapons with the use of similar malwares and botnets, it is difficult to mitigate the problem and, this unbalanced situation of the Internet is the main cause of terror in the digital world.

Well, botnets, malware, viruses, worms and other cyber threats are really a big issue for all of us, and also these attacks become more sophisticated and wider when become money motivated.

We also appreciate U.S. government efforts to combat cyber crimes. A month ago, FBI and Europol also took down the GameOver Zeus botnet that have stolen more than $100 million from banks, businesses and consumers worldwide.

Monday, October 28, 2013 Pierluigi Paganini

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology.

Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack, that caused massive traffic congestion in the City.

Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale.

Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government's website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second.

In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel's "essential systems," including its water facilities, electric grid, trains and banks.
"Every sphere of civilian economic life, let's not even talk about our security, is a potential or actual cyber attack target," said Netanyahu.

Israel's military chief Lt. Gen. Benny Gantz made a high-profile speech recently outlining that within the greatest threats his country might face in the future there is the computer sabotage as a top concern. A sophisticated cyber attack could be used to shut down a banking system of Israel, the national electric grids or a defense system, this is a nightmare for the Defense.
Cybersecurity experts revealed to The Associated Press that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack that has caused serious logistical problems and hundreds of thousands of dollars in damage.

The tunnel is a strategic thoroughfare in the third largest city of the country, and as a demonstration of its importance in the city is exploring the possibility to use the structure as a public shelter in case of emergency.
It seems that the attackers used a malware to hit the security camera apparatus in the Carmel Tunnel toll road in Sept. 8 and to gain its control.

"The attack caused an immediate 20-minute lockdown of the roadway. The next day, the expert said, it shut down the roadway again during morning rush hour. It remained shut for eight hours, causing massive congestion."

The experts that have investigated on the incident exclude that the hypothesis of a state-sponsored attack because the malicious code used was not sophisticated enough to be the work of a hostile government, it is likely the involvement of a group of hacktivists.

Carmelton company that oversees the toll road, blamed a "communication glitch" for the incident, while Oren David, a manager of security firm RSA's anti-fraud unit, said that although he didn't have information about the tunnel incident similar attacks could represent a serious menace for population.

"Most of these systems are automated, especially as far as security is concerned. They're automated and they're remotely controlled, either over the Internet or otherwise, so they're vulnerable to cyberattack," "among the top-targeted countries." said David.

In reality Iranian hackers and other hostile entities have penetrated successfully Israeli systems, Israel has controlled the attacks to track back the hackers, profile their methods of attack and to conduct a disinformation campaign making available false information.

To improve security of critical infrastructure the Israeli civilian infrastructure, Israel's national electric company has recently launched a training program, jointly with cyber defense company CyberGym, to teach engineers and managers of critical plants to detect ongoing cyber attacks.

The attack scenario revealed portends to an escalation of attacks by hostile entities, whether they are cyber criminals, hacktivits or state-sponsored hackers, it's crucial for the Israeli government to invest in improvement of cyber capabilities for its survival.

Thursday, January 26, 2017 Mohit Kumar

protect-critical-infrastructure
The IT threat landscape has changed dramatically over the last three-four years.

With no shortage of threat actors, from hacktivists to nation-states, criminals to terrorists, all of them are now after something new.

It's no more just about stealing your money, credit cards and defacing websites, as now they are after the intellectual property, mass attacks and most importantly, our critical infrastructures.

We have long-discussed nightmare scenarios of cyber attacks against nation's critical infrastructure, but now these scenarios have come to the real world, and we have seen many such incidents in the past years.

The latest example is cyber attacks against Ukrainian power grid. Just two weeks back, Ukraine's national power company Ukrenergo confirmed that electricity outage on 17-18th December last year was caused by a cyber attack.

Such sophisticated cyber attacks have revealed the extent of vulnerabilities in the systems that are operating the most critical sectors in a country.

Around 13 years ago, the Indian government established the Computer Emergency Response Team (CERT-In), and just like CERTs in other nations; it is responsible for collecting and sharing reports on cyber attacks against non-critical systems.

Every minute, we see about half a million attack attempts that are happening in cyberspace.

But, we are living in a dramatically fast changing world and unfortunately, which now includes threats not only against people, places, and information but also against strategic sectors and critical infrastructure of a nation, for which most organizations were never prepared for.

In order to address cybersecurity of critical infrastructure and evolve related practices, policies, and procedures to protect our most critical properties, the government set up a special body in 2014, named NCIIPC.

NCIIPCNational Critical Information Infrastructure Protection Centre — works under the country's technical Intelligence Agency, NTRO and vowed to work with public and private sectors to identify the nation's most critical assets and systems, and help them to create a foolproof firewall around these networks and overall risk management strategies.

Just last week, NCIIPC organized an event to celebrate its third anniversary of its foundation day, and I got an opportunity to attend the event and represent The Hacker News, among others, including — cyber security experts, policymakers, industry leaders, Academia and Government representatives.
The event aimed to provide a platform for all stakeholders of the CII ecosystem to converge, deliberate and formalize action plans for optimizing and improving protection of the vast array of CII deployed across the nation.

 Here's a brief of last week's main events, in case you've missed them:

The event was inaugurated with the welcome address from Mr. Alok Joshi, Chairman NTRO, who briefly said that the cybersecurity threats are becoming more severe over time.

Attacks are happening now… but not only this, it is constantly changing and, in the case of cyber, the threats are becoming ever more sophisticated and insidious.

And It’s true, everything is under attack… from highly critical infrastructures to medical devices.

Mr. Joshi’s talk was followed by Dr.Arvind Gupta, Deputy National Security Advisor (NSA), Chief guest for the event, who primarily focused his talk on critical issues originated due to a massive number of unreported cyber-attacks.

He also showed support for the need of developing capabilities to strengthen cybersecurity research and development (R&D) community, which must include researchers, industry experts, and academia.

The event also witnessed insightful keynotes including Dr.Gulshan Rai, India’s first National Cyber Security Coordinator and Dr. Sanjay Bahl, Director General CERT-In.

Both officials collaboratively said that NCIIPC is intended to promote collaboration and information sharing between government and industry to facilitate safe, secure and resilient Information Infrastructure for Critical Sectors of the Nation.

Moreover, delegates also discussed the security of Internet of Things -- the next generation critical Infrastructure.

Just as critical infrastructure is essential for everyday living, the rapidly growing "Internet of Things" is changing the way we use technology and helping people live more efficiently.

So, it has been concluded that to prevent our critical assets from sophisticated cyber attacks, we and organizations like NCIIPC, need to work together to identify the list of infrastructures that need special protection and know, who are after them.... waiting for opportunities to harm nation's economy and steal our secrets.

Wednesday, January 27, 2016 Swati Khandelwal

power-grid-cyberattack
The country which built a Digital Iron Dome, Israel had undergone one of the largest serious cyber attack this year.

This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid Authority's Network.

"Yesterday we identified one of the largest cyber attacks that we have experienced," Energy Minister Yuval Steinitz confirmed at the CyberTech 2016 Conference at the Tel Aviv Trade Fair and Convention Center on Tuesday, according to an article published by The Times of Israel.
"The virus was already identified and the right software was already prepared to neutralize it," Steinitz added. "We'd to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over...but as of now, computer systems are still not working as they should."

Severe Cyber Attack on Israel Electricity Infrastructure


The 'severe' attack occurred earliest this week, as Israel is currently undergoing record-breaking electricity consumption for last two days with a demand of 12,610 Megawatts due to the freezing temperature, confirmed by Israel Electric Corporation.

However, the officials did not comment upon the perpetrators as they do not suspect any currently, but they did tell Israeli newspaper Haaretz that '[they] are going to solve this problem in the coming hours.'

In Mid-July 2015, the Israel's National Cyber Bureau had already warned about the computer-based hacking attacks, which shut down portions of the country's electricity grid.

The identity of the suspects behind this attack has not been known, neither the energy ministry provides any details about how the attack was carried out.

However, a spokesperson for Israel's Electricity Authority confirmed some of its computer systems had been shut down for two days due to the cyber attack.

Previous Known Cyber Attacks on SCADA Systems


Israel had been the continual victim for many of the cyber attacks previously like OpIsrael (a coordinated attack by anti-Israeli Groups & Palestinians), which was conducted on 7th April 2013, on the eve of Holocaust Remembrance Day with the goal of "Erase Israel from Internet."

Another attack on the Israeli Civilian communication was carried out by Iran & Hezbollah Group last year.

In response to these attacks, Israel had broadened their skills to combat cyber war and become a center for cybersecurity, R&D Labs with multinationals from the US, Europe, and Asia. Israeli Cyber Security firms claimed to export $3 Billion last year.

A similar incident of power outbreak took place a couple of months back in Ukraine on 23rd December, when the country's SCADA system was hit with a trojan named BlackEnergy that resulted in the total power cut across the region named Ivano-Frankivsk of Ukraine.

This Article has been written by our editorial intern. Special Thanks to Rakesh Krishnan for covering this article.

Tuesday, April 19, 2016 Swati Khandelwal

artificial-intelligence-cyber-security

In Brief

What if we could Predict when a cyber attack is going to occur before it actually happens and prevent it? Isn't it revolutionary idea for Internet Security?

Security researchers at MIT have developed a new Artificial Intelligence-based cyber security platform, called 'AI2,' which has the ability to predict, detect, and stop 85% of Cyber Attacks with high accuracy.

Cyber security is a major challenge in today's world, as government agencies, corporations and individuals have increasingly become victims of cyber attacks that are so rapidly finding new ways to threaten the Internet that it's hard for good guys to keep up with them.

A group of researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) are working with machine-learning startup PatternEx to develop a line of defense against such cyber threats.

The team has already developed an Artificial Intelligence system that can detect 85 percent of attacks by reviewing data from more than 3.6 Billion lines of log files each day and informs anything suspicious.

The new system does not just rely on the artificial intelligence (AI), but also on human input, which researchers call Analyst Intuition (AI), which is why it has been given the name of Artificial Intelligence Squared or AI2.

How Does AI2 Work?


The system first scans the content with unsupervised machine-learning techniques and then, at the end of the day, presents its findings to human analysts.

The human analyst then identifies which events are actual cyber attacks and which aren't. This feedback is then incorporated into the machine learning system of AI2 and is used the next day for analyzing new logs.

It's simple:

"The more data it analyzes, the more accurate it becomes."

In its test, the team demonstrated that AI2 is roughly 3 times better than similar automated cyber attack detection systems used today. It also reduces the number of false positives by a factor of five.

Video Demonstration


You can also watch the video for a quick overview of the way AI2 works.
According to Nitesh Chawla, computer science professor at Notre Dame University, AI2 "continuously generates new models that it can refine in as little as a few hours, meaning it can improve its detection rates significantly and rapidly. The more attacks the system detects, the more analyst feedback it receives, which, in turn, improves the accuracy of future predictions – that human-machine interaction creates a beautiful, cascading effect."
The team presented their work in a paper titled, AI2: Training a big data machine to defend [PDF], last week at the IEEE International Conference on Big Data Security in New York City.

So, let's see how AI2 helps create The Internet the safer place and how long it will take to be implemented into large-scale security platforms in the near future.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!