Social engineering, an age old threat, continues to play a significant role in successful attacks against people, enterprises, and agencies. The advent of the Internet, its diverse and increased use, and the reliance on it by almost every element of society, amplifies social engineering opportunities. Cybercriminals enjoy an expansive attack surface, novel attack vectors, and an increasing number of vulnerable points of entry. Threat actors, both cyber and physical, continue to leverage social engineering due in part to its high rate of success. Security experts believe complex social engineering threats will continue across all vectors and attack levels will continue to intensify.
The FBI has obtained information regarding a group of cyber actors who have compromised and stolen sensitive military information from US cleared defense contractors (CDCs) through cyber intrusions. This group utilizes infrastructure emanating from China to conduct their nefarious computer network exploitation (CNE) activities. Information obtained from victims and subsequent analysis indicates that they were targeted based on their US Navy Seaport Enhanced contracts. The actors did not target information pertaining to a specific contract but instead stole all information that they accessed via their malicious cyber activities. Any activity related to this group detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
As technology pervades into our everyday lives, once simple devices have become smarter and more interconnected to the world around us. This technology is transforming our cities into what are now referred to as “Smart-Cities”. Smart Cities have been defined as urban centers that integrate cyber-physical technologies and infrastructure to create environmental and economic efficiency while improving the overall quality of life. The goal of these new cities is to create a higher quality of life, a more mobile life and an overall increased efficient use of available resources. Some examples of Smart-City technologies are interconnected power grids reducing power waste, smarter transportation resulting in increased traffic management, and smarter infrastructures that reduce hazards and increase efficiency.
Disruptive cyber attacks by criminal hackers—primarily distributed-denial-of-service (DDoS) attacks—targeting local law enforcement websites have increased since August 2014. We judge that this is almost certainly a result of the heightened coverage surrounding the alleged use of excessive force by law enforcement and an increased focus on incidents of perceived police brutality. The primary impact from the majority of these attacks has been the temporary disruption of the targeted public-facing websites.
Targeting of high profile and international events by state-sponsored or other foreign adversaries, cyber criminals and issue motivated groups is a real and persistent threat. The information contained on government systems, whether classified or unclassified, is of strategic interest to cyber adversaries. Information gathered through cyber espionage can be used to gain an economic, diplomatic or political advantage.
Our BSA analysis of 6048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity, most frequently account takeovers, might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses. Darknets are Internet based networks used to access content in a manner designed to obscure the identity of the user and his or her associated Internet activity.
This report fulfills the requirement contained in the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2014, Section 933(e) “National Guard Assessment.” The results of the National Guard’s assessment reflect the Chief of the National Guard Bureau’s (CNGB) view for successfully integrating the National Guard into the Department of Defense’s (DoD) Cyber Mission Force (CMF) and across all Cyber missions to create a Whole of Government and Whole of Nation approach to securing U.S. cyberspace.
This report fulfills the requirement contained in the National Defense Authorization Act (NDAA) for Fiscal Year 2014, Section 933 “Mission Analysis for Cyber Operations of the Department of Defense (DoD).” The Department undertook an accelerated but deliberate process to conduct the analysis, the outcomes of which are contained in this report. The analysis addressed each sub-section of the statute and was fully vetted across the Department. The results of this analysis reflect the Department’s current view of its requirements for successful conduct of cyberspace operations, leveraging a Total Force solution. As cyberspace capabilities, force structure, and command and control (C2) constructs evolve, the Department will conduct periodic reviews of its cyberspace requirements and adjust them as necessary.
As of July 2015, an APT actor that has previously targeted the U.S. financial sector used an implant to provide command and control (C2), according to credible reporting. Implant communications were observed between administrative infrastructure and known malware C2 nodes used in spear-phishing campaigns in July 2015. The communication from administrative infrastructure was an HTTP POST request.
Following the Office of the Inspector General’s (OIG) April 2011 report on the FBI’s ability to address the national cyber intrusion threat, in October 2012 the FBI launched its Next Generation Cyber (Next Gen Cyber) Initiative to enhance its ability to address cybersecurity threats to the United States. In fiscal year 2014, the FBI initially budgeted $314 million for its Next Gen Cyber Initiative, including a total of 1,333 full-time positions (including 756 agents). In addition, the Department of Justice (Department) requested an $86.6 million increase in funding for fiscal year 2014 to support the Initiative. The objective of this audit was to evaluate the FBI’s implementation of its Next Gen Cyber Initiative.
This is the first unclassified Australian Cyber Security Centre (ACSC) Threat Report. All ACSC partner agencies have contributed to provide information tailored for Australian organisations about the threats their networks face from cyber espionage, cyber attacks and cybercrime. It also contains mitigation and remediation information to assist organisations to prevent, and respond to, the threat.
FBI Cyber Division Bulletin: Hacking Team Exploit Used in Spearphishing Campaign Targeting U.S. Government
A bulletin issued by the FBI Cyber Division discusses a spearphishing campaign targeting U.S. government agencies in June and July of 2015. The campaign utilized a Adobe Flash exploit CVE-2015-5119 that was discovered in the 400GB data archive from hacked Italian surveillance technology company Hacking Team that was released publicly earlier this month. The exploit was being sold as a product of Hacking Team and was listed in their product knowledge base. The bulletin notes that the Flash exploit was being used in phishing emails in June 2015 despite the fact that the Hacking Team data was only made public on July 5, 2015.
FBI Cyber Division Bulletin: Distributed Denial of Service Attack Bitcoin Extortion Campaigns Expanding
Recent FBI investigations and open source reporting reveal that extortion campaigns conducted via e-mails threatening Distributed Denial of Service (DDoS) attacks continue to expand targets from unregulated activities, such as illegal gaming activity, to now include legitimate business operations. The increase in scope has resulted in additional attacks with Bitcoin ransom amounts trending upwards as well.
In recent years, the growing number and sophistication of threats to the nation’s cyber infrastructure have motivated governors to consider adding or expanding cybersecurity capabilities within state fusion centers. Through fusion centers, states receive classified and unclassified information and intelligence from multiple sources across the nation and combine or “fuse” that information into “products” (for example, law enforcement notices and warnings) that help improve state and national readiness to respond to an attack or threat. Since their inception, fusion centers have become more sophisticated, uniform, and nationally networked. As they have matured and evolved, so have their missions. Originally designed to focus on terrorism, they now address a wider array of threats and hazards, including “accidents; technological events; natural disasters; warfare; and chemical, biological (including pandemic influenza), radiological, nuclear, or explosive events.”
The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and Personally Identifiable Information (PII). Information obtained from victims indicates that PII was a priority target. The FBI notes that stolen PII has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups. Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
Department of Commerce, Department of Defense, Department of Energy, Department of Health and Human Services, Department of Homeland Security, Department of Justice, Department of the Treasury, Office of the Director of National Intelligence
Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.
(U//FOUO) Northern California Fusion Center Bulletin: Sabotage Against Electricity and Telecommunications Targets
This document identifies recommended actions and guidance for state and major urban area fusion centers (fusion centers) to integrate information technology, cybersecurity, and cybercrime1 prevention (cyber) intelligence and analytic capabilities. Development of these capabilities will inform local, state, and national detection, mitigation, response, recovery, investigation, and criminal prosecution activities that support and maintain the United States’ cybersecurity.
The FBI is providing the following information with HIGH confidence: The FBI has obtained information regarding one or more groups of cyber actors who have compromised and stolen sensitive business information from US commercial and government networks through cyber espionage. Analysis indicates a significant amount of the computer network exploitation activities emanated from infrastructure located within China. Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
The FBI and TSA are currently analyzing claims in recent media reports which included statements that critical in-flight networks on commercial aircraft may be vulnerable to remote intrusion. At this time, the FBI and TSA have no information to support these claims but continue to leverage public and private sector partnerships to evaluate potential threats posed by intrusions into a commercial aircraft’s secure networks. The FBI and TSA also continuously monitor and analyze reporting on cyber and technical threats to proactively deter individuals from using remote intrusions to disrupt any portion of the aviation sector, including its business networks, critical navigation and air traffic control signals, and the onboard networks of commercial aircraft.
Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber attack. A quick, effective response to cyber incidents can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response is now, before an incident occurs.