Tag Archive for Cybersecurity

U.S. Army Cyber Command and Control Facility Environmental Assessment

This Environmental Assessment (EA) has been prepared to analyze the potential environmental, cultural, transportation, and socioeconomic effects associated with the establishment and operation of a U.S. Army Cyber Command / 2nd Army (ARCYBER) Command and Control Facility at Fort George G. Meade, Maryland (hereinafter referred to as Fort Meade), or at Fort Gordon, Georgia. ARCYBER leads a corps of 21,000 soldiers and civilians who serve worldwide operating and defending all Army networks with supporting organizations such as the Army Network Enterprise Technology Command, 780th MI Brigade, and 1st Information Operations. ARCYBER plans, coordinates, integrates, synchronizes, directs, and conducts network operations and defense of all Army networks; when directed, ARCYBER conducts cyberspace operations in support of full spectrum operations to ensure U.S./Allied freedom of action in cyberspace, and to deny the same to our adversaries.

(U//FOUO) DHS-FBI Bulletin: Threats to Mobile Devices Using the Android Operating System

Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions. The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date.

FBI Warns of Cyber Espionage Targeting the Aviation Industry

Since June, advanced persistent threat (APT) actors have been targeting the aviation industry and attempting to extract confidential information by sending “spear-phishing” emails designed to trick recipients into opening malicious attachments or follow links to infected websites. According to an FBI Cyber Division bulletin from July 8, “individuals associated with the air travel industry” have received an increased number of spear-phishing emails often using spoofed senders “in an attempt to make the e-mail appear more legitimate.”

(U//FOUO) FBI Cyber Division Bulletin: Advanced Persistent Threat (APT) Actors Targeting Aviation Industry

Since June 2013, the FBI has observed advanced persistent threat (APT) actors’ increased interest in the aviation industry. APT actors have sent spear-phishing e-mails targeting individuals associated with the air travel industry. Some of the spear-phishing e-mails originated from a spoofed sender in an attempt to make the e-mail appear more legitimate. E-mail recipients should be aware of suspicious and potentially malicious e-mail attachments or links.

(U//FOUO) DHS-FBI Bulletin: Increasing Exploitation of Mobile Device Vulnerabilities

State, local, tribal and territorial (SLTT) computer networks have been increasingly targeted by cyber adversaries. At the same time, the expansion of mobile devices integrated into SLTT networks provides new opportunities for cyber adversaries seeking to collect information or disrupt operations by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.

(U//FOUO) NSA Hardening Network Infrastructure: Security Recommendations for System Accreditors

Many networks run by public and private organizations have experienced intrusions in recent years, and this cyber exploitation has resulted in an unprecedented transfer of wealth due to lost intellectual property. The threats to our networks and systems exist across numerous components that include end-user-devices, servers, and infrastructure devices. To address threats to routers and other network infrastructure devices, the National Security Agency’s Information Assurance Directorate (IAD) is publishing this IAA to guide U.S. Government systems accreditors’ strategic plan for network hardening.

DHS and FBI Bulletins on OpUSA Tools and Tactics

Multiple groups, and individual hacker handles have claimed their intent to attack U.S. websites as part of OpUSA. As seen in many hacktivist operations (Ops), willing participants have posted free tools to assist other like minded individuals in their attack efforts. Often, more coordinated attacks will name a specific tool, target, day and time for the attack. That has not been the case for OpUSA thus far. Individual hacker groups seem to be conducting attacks independently, each claiming responsibility for individual defacements and data breaches that have supposedly recently taken place. Below you will find some of the tools being posted in conversations about OpUSA and links to US-CERT sites which provide background on the vulnerabilities exploited by these tools as well as mitigation advice for computer network defense actions.

(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Testing of Cybersecurity

Terrorists or cyber criminals might try to discover vulnerabilities in computer systems by engaging in unauthorized testing of cybersecurity in order to exploit those vulnerabilities during an attack. These attempts might include port scanning, phishing, and password cracking. “Social engineering,” another technique, leverages unwitting insider access by eliciting information about operational and security procedures from employees, personnel, and their associates.

DHS Report: Criminals and Hacktivists May Use 2012 Summer Olympics as Platform for Cyberattacks

Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches. Information systems supporting the Games, transport infrastructure, law enforcement communications, financial operations and similar will become prime targets for criminals. A collective of approximately eighty-seven UK banks exercised their ability to withstand cyber attacks last November. Olympic organizers anticipated cyber threats and began testing their cybersecurity posture during ‘technical rehearsals’ by running scenarios from their Technology Operations Center (TOC) situated on Canary Wharf. The TOC will be manned with over one hundred personnel continuously monitoring critical applications, such as the Commentator Information System, organizers’ intranet, and a telecom infrastructure encompassing 900 servers, 1,000 network and security devices, and 9,500 computers. In addition, British law enforcement organizations have been collaborating with the U.S. Secret Service and other industry experts to understand attack vectors, detection methods and mitigation strategies to combat the threat. However, the cyber implications are more expansive than localized attacks against systems and encompass globally distributed Olympic-themed malware, spam campaigns and scams.

Public-Private Partnerships Expand Amidst Cybersecurity Fears

A fascinating article in the San Jose Mercury News discusses the recent expansion of public-private partnerships in the growing effort to combat cyber threats from foreign governments and criminals. These partnerships occur through formal agreements between major corporations and government-backed organizations, such as law enforcement, the military or research institutions. The agreements usually involve sharing of intelligence between the government and corporate representatives, as well as participation in threat reporting programs and security exercises. In some cases, the partnerships relate directly to research and development regarding ways to mitigate security threats.

National Level Exercise 2012 Will Focus on Cyber Attacks Against Critical Infrastructure

Rather than combating natural disasters or a nuclear detonation in a major U.S. city, this year’s National Level Exercise will focus on cyber threats to critical infrastructure and the “real world” implications for government and law enforcement of large-scale cyber attacks. National Level Exercise 2012 (NLE 2012) is scheduled to take place in June and will involve emergency response personnel from at least thirteen states, four countries, nearly every major governmental department as well as a number of private companies, non-governmental organizations, institutions of higher education and local fusion centers. The exercise will span four FEMA regions and will include scenarios affecting the National Capital Region.

U.S. Strategic Command Workshop Report: Deterring Violent Non-State Actors in Cyberspace

Like Damocles’ sword, this global interconnectivity both strengthens us and moderates us at the same time. We are strengthened because we are better connected to others than ever before and thus capable of spreading the seeds of liberty and opportunity to populations that yearn for it and where the lack of it is still being justified. We are moderated by this interconnectivity because others can more easily exploit the seams and turn our freedoms against us to infect with vitriolic propaganda that violently radicalizes populations across this interconnected web. It is the matter of moderation of our strength that brought together the remarkable group of thinkers whose words are reflected within this report. We are concerned here with the problem of deterring violent non-state actors from doing harm to our nation and to our allies. The questions of extending freedom through access while mitigating the misuse of that freedom to harm us were the dominant questions we took up in this workshop.

(U//FOUO) Los Angeles Fusion Center: Steganography Intelligence Bulletin

Steganography—the practice of concealing data within a carrier—may be used to obscure malicious or criminal information and activity from law enforcement. While steganography dates to the fifth century BC, it has long been regarded as, and remains, one of the most advanced forms of clandestine communication. In modern usage, the Internet allows accessibility to, and broad dissemination of, steganography tools, and its application continues to evolve with technology. Understanding steganography in its current state is essential to its identification and detection.

(U//FOUO) Los Angeles Fusion Center: Detecting and Mitigating Cyber Threats

US citizens and assets – including the White House, the Central Intelligence Agency, InfraGard, the state of Arizona, and major defense contracting companies – experienced high-profile cyber threats and attacks in the first half of 2011. Most of the tactics and techniques used were not new, however the increase in attacks during the past few months exemplifies the growth of cyber incursions and reinforces the need to be aware of risks and mitigation techniques associated with cyber threats.