Tag Archive for Cybersecurity

DHS US-CERT Understanding Distributed-Denial-of-Service Attacks


One of the most significant cyber threats to businesses, local and federal government agencies is the Distributed-Denial-of-Service attack (DDoS). A Distributed Denial of Service attack (DDoS) occurs when an attacker commands a number of computers to send numerous requests to a target computer. The overwhelming flood of requests to the website or computer network can cause it to shut down or fail to handle the requests of legitimate users, much like a rush hour traffic jam on the freeway. This type of attack can completely disrupt an organization’s operations until the network is able to be restored. Understanding the basic concept and methods of a DDoS attack can help operators of both large and small networks mitigate the severity of the attack.

(U//FOUO) FBI Report: ATM Skimmers Target Standalone ATMs with Wiretap Devices


The purpose of this LIR is to inform DSAC and other relevant private sector partners about new methods ATM skimming crews use to target standalone or kiosk-style ATM terminals such as those found at casinos, hotels, airports, shopping malls, gas stations, restaurants, and supermarkets. The skimming crews intercept customers’ account data through the ATMs’ external cables. The activity observed to date in the United States was discovered at convenience store locations in California, Delaware, and Pennsylvania. This LIR provides details on the methods used in these skimming attempts as well as previously reported use of internal wiretap skimming devices.

(U//FOUO) DHS Field Analysis Report: Growing Trend of Ransomware Attacks Targeting Hospitals


The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.

FBI Report on Hillary Clinton E-Mail Investigation for Mishandling of Classified Information


On July 10, 2015, the Federal Bureau of Investigation (FBI) initiated a full investigation based upon a referral received from the US Intelligence Community Inspector General (ICIG), submitted in accordance with Section 811 (c) of the Intelligence Authorization Act of 1995 and dated July 6, 2015, regarding the potential unauthorized transmission and storage of classified information on the personal e-mail server of former Secretary of State Hillary Clinton (Clinton). The FBI’s investigation focused on determining whether classified information was transmitted or stored on unclassified systems in violation of federal criminal statutes and whether classified information was compromised by unauthorized individuals, to include foreign governments or intelligence services, via cyber intrusion or other means.

DoD Online Privacy and Operational Security Smart Cards: Smartphone EXIF Removal


EXIF (Exchangeable image File Format) is a standard format for storing and exchanging image metadata. Image metadata is included in a captured image file and provides a broad range of supplemental information. Some social networks and photo-sharing sites, such as Flickr, Google+, and Instagram, have features that share EXIF data alongside images. Others, including Facebook and Twitter, do not share EXIF data but my utilize the information internally. EXIF data is stored as tags, some of which reveal unique identifying information.

DoD Online Privacy and Operational Security Smart Cards: LinkedIn


LinkedIn is a professional networking service that allows you to establish connections with co-workers, customers, business contacts, and potential employees and employers. You can post and share information about current and previous employment, education, military activities, specialties, and interests. To limit exposure of your personal information, you can manage who can view your profile and activities.

DoD Online Privacy and Operational Security Smart Cards: Facebook Mobile


As of January 2015, Facebook Mobile hosts 745 million daily mobile active users who accounts for over 60% of all mobile posts published to any online social networking service. Though privacy can still be achieved, mobile users place their personal identity data at a greater risk when compared to users logging in via desktop computer. This is in large part due to the fact that mobile devices provide Facebook with a means to access additional location information, contact lists, photos, and other forms of personal data. Use the following recommendations to best protect yourself against oversharing.

FBI Cyber Bulletin: Malware Targeting Foreign Banks


The FBI has obtained information regarding a malicious cyber group that has compromised the networks of foreign banks. The actors have exploited vulnerabilities in the internal environments of the banks and initiated unauthorized monetary transfers over an international payment messaging system. In some instances, the actors have been present on victim networks for a significant period of time. Contact law enforcement immediately regarding any activity related to the indicators of compromise (IOCs) in the attached appendix that are associated with this group.

FBI Cyber Bulletin: Identification of Locky Ransomware


The ‘Locky’ malware is a ransomware variant, which has extensively utilized spam campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery, and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. Historically, while payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommended the victim pay the ransom.

FBI Cyber Bulletin: United Cyber Caliphate Releases PII of U.S. Business Personnel Directory


As of 5 May 2016, the Islamic State of Iraq and the Levant (ISIL) Sympathizer hacking group United Cyber Caliphate (UCC) defaced a Nigerian-hosted Web site, posting an html file containing the heading “USA Online Company Data Dumped by United Cyber Caliphate,” there was no other message or threat associated with the file. The file contained approximately 1,137 entries, many of which appeared to be US-based individuals with corresponding personally identifiable information (PII) fields such as name, company, e-mail, phone, city, state, and zip code. The PII was doxed from the personnel directory of a US business, according to FBI and open source reporting.

DHS Report Finds “Immeasurable Vulnerabilities and Attack Vectors” Against U.S. Critical Infrastructure


A Department of Homeland Security assessment released in April states that critical infrastructure throughout the U.S. faces “immeasurable vulnerabilities and attack vectors” due to the increasingly prominent role of information and communication technology (ICT) in critical infrastructure sectors. The strategic risk assessment, authored by the Office of Cyber and Infrastructure Analysis within DHS, was obtained by Public Intelligence and describes the “convergence of cyber and physical domains” as a strategic threat to the nation’s infrastructure.

FBI Cyber Bulletin: Android Malware Phishing for Financial Institution Customer Credentials


The FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums. At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions.

DHS Healthcare Bulletin on Ransomware Attacks Against Hospitals


The Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has notified the Department of Health and Human Services (HHS) of an increase in ransomware incidents at some healthcare organizations in the U.S. This Bulletin provides Healthcare and Public Health (HPH) Partners with information regarding ransomware, mitigation strategies, as well as additional materials to reference located within the HSIN HPH Cyber Threat Library.

FBI Bulletin: Criminals Hacking Law Firms to Steal Information for Insider Trading


A financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information (MNPI). This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit.

EU Cybercrime Committee: Criminal Justice Access to Data in the Cloud for Foreign Providers


The purpose of the present background paper is to provide a snapshot of policies and practices of some major US service providers regarding their “voluntary” disclosure of information to law enforcement authorities in foreign jurisdictions, and thus to facilitate discussion of future options regarding criminal justice access to electronic evidence in the cloud.

FBI Cyber Division Bulletin: KeySweeper Wireless Keystroke Logger Disguised as USB Device Charger


KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.
Technical Details

DHS Infrastructure Report: Nuclear Reactors, Materials, and Waste Sector Cyberdependencies


The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS OCIA) produces cyberdependency papers to address emerging risks to critical infrastructure and provide increased awareness of the threats, vulnerabilities, and consequences of those risks to the Homeland. This note informs infrastructure and cybersecurity analysts about the potential consequences of cyber-related incidents in the Nuclear Reactors, Materials, and Waste Sector and its resilience to such incidents. This note also clarifies how computer systems support infrastructure operations, how cybersecurity incidents compromise these operations, and the likely functional outcome of a compromise.