November 21, 2013 in Department of Homeland Security
This Note describes a new combination of tactics by cyber criminals that disrupts telephone systems of targeted organizations. This information is provided to assist and inform the Department and federal, state, local, territorial, tribal, and private sector partners in mitigation efforts regarding criminal activity that could affect their operations.
November 19, 2013 in Department of Homeland Security
The National Cybersecurity and Communications Integration Center (NCCIC) Resource and Capabilities Guide is intended to enhance cross-sector cyber security efforts and collaboration by better informing our cybersecurity and communications partners of the NCCIC’s tools, assets, and collaboration mechanisms offered. This guide also identifies the Center’s resources and capabilities as well as describes the processes for accessing NCCIC information portals and products, incident reporting systems, and relevant point of contact information for our community of partners.
November 18, 2013 in Department of Homeland Security
As related to malware which may exhibit a potentially destructive capability, organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. Destructive malware presents a direct threat to an organization’s daily operations, directly impacting the availability of critical assets and data. In addition, the response required for such an event can be extremely resource intensive.
November 18, 2013 in Department of Homeland Security
The following product is a coordinated effort between NCCIC, U.S. Secret Service and The Cyber Intelligence Network (CIN), provided to assist in prevention, detection and mitigation of a new ransomeware campaign. Ransomware is malware that restricts access to infected computers and requires victims to pay a ransom in order to regain full access. Cryptolocker is particularly interesting in that it functions by encrypting victims computer files with a combination of RSA-2048 and AES-256 encryption. Once encrypted, victims are provided a window of time in which they can pay the actors to receive the key needed to decrypt their files.
October 30, 2013 in U.S. Army
This Environmental Assessment (EA) has been prepared to analyze the potential environmental, cultural, transportation, and socioeconomic effects associated with the establishment and operation of a U.S. Army Cyber Command / 2nd Army (ARCYBER) Command and Control Facility at Fort George G. Meade, Maryland (hereinafter referred to as Fort Meade), or at Fort Gordon, Georgia. ARCYBER leads a corps of 21,000 soldiers and civilians who serve worldwide operating and defending all Army networks with supporting organizations such as the Army Network Enterprise Technology Command, 780th MI Brigade, and 1st Information Operations. ARCYBER plans, coordinates, integrates, synchronizes, directs, and conducts network operations and defense of all Army networks; when directed, ARCYBER conducts cyberspace operations in support of full spectrum operations to ensure U.S./Allied freedom of action in cyberspace, and to deny the same to our adversaries.
October 25, 2013 in Romania
A presentation given at a Hungarian cybersecurity conference in September 2013 by members of Romania’s domestic intelligence service Serviciul Român de Informaţii covering cyber crime and other issues.
August 23, 2013 in Department of Homeland Security, Federal Bureau of Investigation
Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions. The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date.
August 15, 2013 in Featured
Since June, advanced persistent threat (APT) actors have been targeting the aviation industry and attempting to extract confidential information by sending “spear-phishing” emails designed to trick recipients into opening malicious attachments or follow links to infected websites. According to an FBI Cyber Division bulletin from July 8, “individuals associated with the air travel industry” have received an increased number of spear-phishing emails often using spoofed senders “in an attempt to make the e-mail appear more legitimate.”
August 15, 2013 in Department of Homeland Security, Federal Bureau of Investigation
Since June 2013, the FBI has observed advanced persistent threat (APT) actors’ increased interest in the aviation industry. APT actors have sent spear-phishing e-mails targeting individuals associated with the air travel industry. Some of the spear-phishing e-mails originated from a spoofed sender in an attempt to make the e-mail appear more legitimate. E-mail recipients should be aware of suspicious and potentially malicious e-mail attachments or links.
July 31, 2013 in U.S. Army
Two guides released in November 2012 by the U.S. Army Office of the Provost Marshal General in collaboration with the Army Cyber Command on cyber threat awareness.
July 11, 2013 in Joint Chiefs of Staff
This instruction provides policy and guidance for planning, programming, and implementing the modernization of cryptographic products certified by the National Security Agency (NSA) and held by Department of Defense (DOD) components.
June 20, 2013 in Department of Defense
DIB CS/IA is the DoD program to protect critical DoD unclassified program, technology, and operational information residing on, or transiting, DIB unclassified networks. DoD Components and industry participants collaborate to protect DoD information through the development, implementation, and execution of DoD and DIB processes and procedures.
May 30, 2013 in Department of Homeland Security, Federal Bureau of Investigation
State, local, tribal and territorial (SLTT) computer networks have been increasingly targeted by cyber adversaries. At the same time, the expansion of mobile devices integrated into SLTT networks provides new opportunities for cyber adversaries seeking to collect information or disrupt operations by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.
May 27, 2013 in National Security Agency
Many networks run by public and private organizations have experienced intrusions in recent years, and this cyber exploitation has resulted in an unprecedented transfer of wealth due to lost intellectual property. The threats to our networks and systems exist across numerous components that include end-user-devices, servers, and infrastructure devices. To address threats to routers and other network infrastructure devices, the National Security Agency’s Information Assurance Directorate (IAD) is publishing this IAA to guide U.S. Government systems accreditors’ strategic plan for network hardening.
May 14, 2013 in Defense Security Service
A Defense Security Service presentation from December 2012 outlining information and statistics on defense industrial base cyber incidents and intrusions.
May 12, 2013 in Department of Homeland Security, Federal Bureau of Investigation
Multiple groups, and individual hacker handles have claimed their intent to attack U.S. websites as part of OpUSA. As seen in many hacktivist operations (Ops), willing participants have posted free tools to assist other like minded individuals in their attack efforts. Often, more coordinated attacks will name a specific tool, target, day and time for the attack. That has not been the case for OpUSA thus far. Individual hacker groups seem to be conducting attacks independently, each claiming responsibility for individual defacements and data breaches that have supposedly recently taken place. Below you will find some of the tools being posted in conversations about OpUSA and links to US-CERT sites which provide background on the vulnerabilities exploited by these tools as well as mitigation advice for computer network defense actions.
May 10, 2013 in Intelligence Fusion Centers, New Jersey
Websites and emails referencing the Boston Marathon bombing should be viewed with caution, as malicious actors are using the incident to disseminate malware and conduct fraud. While other agencies investigate the frauds, the NJ ROIC provides this information for situational awareness.
March 31, 2013 in Department of Homeland Security
A DHS presentation from March 11, 2013 regarding the implementation of Executive Order 13636 “Improving Critical Infrastructure Cybersecurity” authored by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG).
January 23, 2013 in Department of Homeland Security, Federal Bureau of Investigation
Terrorists or cyber criminals might try to discover vulnerabilities in computer systems by engaging in unauthorized testing of cybersecurity in order to exploit those vulnerabilities during an attack. These attempts might include port scanning, phishing, and password cracking. “Social engineering,” another technique, leverages unwitting insider access by eliciting information about operational and security procedures from employees, personnel, and their associates.
November 20, 2012 in Federal Bureau of Investigation
A document detailing investigative tools and materials utilized by the FBI when conducting cyber investigations. The document was distributed by the Oklahoma Bankers Association after being provided by a local branch of the FBI Cyber Division.
November 20, 2012 in Federal Bureau of Investigation
A presentation on recent cyber attacks on the U.S. financial industry included in a collection of documents provided to banks and financial institutions by a local branch of the FBI Cyber Division office and distributed by the Oklahoma Bankers Association.
May 22, 2012 in Department of Homeland Security
Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches. Information systems supporting the Games, transport infrastructure, law enforcement communications, financial operations and similar will become prime targets for criminals. A collective of approximately eighty-seven UK banks exercised their ability to withstand cyber attacks last November. Olympic organizers anticipated cyber threats and began testing their cybersecurity posture during ‘technical rehearsals’ by running scenarios from their Technology Operations Center (TOC) situated on Canary Wharf. The TOC will be manned with over one hundred personnel continuously monitoring critical applications, such as the Commentator Information System, organizers’ intranet, and a telecom infrastructure encompassing 900 servers, 1,000 network and security devices, and 9,500 computers. In addition, British law enforcement organizations have been collaborating with the U.S. Secret Service and other industry experts to understand attack vectors, detection methods and mitigation strategies to combat the threat. However, the cyber implications are more expansive than localized attacks against systems and encompass globally distributed Olympic-themed malware, spam campaigns and scams.
May 7, 2012 in National Security Agency
A letter from the Commander of U.S. Cyber Command Keith Alexander to Senator John McCain describing the role of U.S. Cyber Command and its position on current efforts to pass cybersecurity legislation.
April 16, 2012 in Featured
A fascinating article in the San Jose Mercury News discusses the recent expansion of public-private partnerships in the growing effort to combat cyber threats from foreign governments and criminals. These partnerships occur through formal agreements between major corporations and government-backed organizations, such as law enforcement, the military or research institutions. The agreements usually involve sharing of intelligence between the government and corporate representatives, as well as participation in threat reporting programs and security exercises. In some cases, the partnerships relate directly to research and development regarding ways to mitigate security threats.
April 10, 2012 in Featured
Rather than combating natural disasters or a nuclear detonation in a major U.S. city, this year’s National Level Exercise will focus on cyber threats to critical infrastructure and the “real world” implications for government and law enforcement of large-scale cyber attacks. National Level Exercise 2012 (NLE 2012) is scheduled to take place in June and will involve emergency response personnel from at least thirteen states, four countries, nearly every major governmental department as well as a number of private companies, non-governmental organizations, institutions of higher education and local fusion centers. The exercise will span four FEMA regions and will include scenarios affecting the National Capital Region.