Tuesday, 30 April 2013
Price said that the threat posed by state-sponsored hackers and hacktivist groups to national security and stability is increasing to worrying levels.
"From my perspective the state sponsored and terrorist groups [are a major issue], and to a lesser extent the hacktivist groups as they try to deface our websites as a matter of routine or get into our systems to steal our information to pass on to the press," he said during a debate at Infosec in London.
"Any of these could affect a military operation or damage the reputation of the government - depending on sensitivity they could even bring about a vote of no confidence in parliament, taking down the current regime."
Price said the government will have to work more closely with academia and private industry to ward of the increased threat posed by cyber attacks.
"We are looking to join up and get clever about this but we could still do a lot more. It's really about educating people that we're all in this together and get people to share information amongst the community," he said.
FBI legal attaché at the US embassy London, Scott Cruses, supported Price, saying the US government is detecting a similar increase in the number of cyber attacks targeting its systems.
"I've sat in a number of meetings over the last few years with directors and senior members of the FBI and cyber is fast emerging as the next threat on the horizon to eventually surpass counter terrorism," he said.
"We've also changed some of our priorities, to prevent cyber-attacks against our critical infrastructures, reduce the national vulnerability of these cyber-attacks and lastly, to minimise the damage and recovery time of cyber-attacks when they do occur."
Price and Cruses' comments mirror those of numerous other politicians and security vendors. Prior to it UK minister for Universities, David Willetts issued a similar call-to-arms for businesses to work more closely with the government to combat cyber attacks.
Russian security expert Eugene Kaspersky also warned that it is only a matter of time before terrorist groups begin mounting cyber attacks on governments and businesses.
International Cyber Defence Exercise Locked Shields ended yesterday evening with NATO’s Blue Team receiving the first place among the ten teams participating. The two-day exercise aimed to test the defence skills of IT experts under real-life conditions and also practise working side-by-side with different nations.
“It is good to see that the Blue Teams have really prepared well for this year’s exercise and the opposing team had to work a lot harder to keep the difficulty level high for the defenders,” said Mr Jaan Priisalu, White Team leader and Director General of the Estonian Information Systems' Authority. “This is a highly positive sign because it shows that the teams take the exercise very seriously and also that they are learning from the best practises and lessons from previous years.”
“The exercise has come a long way since the first event in 2008 and the fact that the teams are improving shows that the exercises do what they were developed for, namely train the IT specialists to work together and enhance their skills,” noted Colonel Artur Suzik, Director of the NATO Cooperative Cyber Defence Centre of Excellence. “I firmly believe that we owe the success of the exercise to our partners without whom this event could not take place and we are hoping to cooperate with all of them again for the Locked Shields 2014.”
In the end of the exercise Mr Jaan Priisalu received the honorary title of a Senior Fellow of the NATO Cooperative Cyber Defence Centre of Excellence for his outstanding contribution to the Centre’s technical exercises since 2008 and for his continuous support to Centre’s activities.
The exercise was organised by NATO Cooperative Cyber Defence Centre of Excellence, Finnish Defence Forces, Estonian Defence Forces, Estonian Cyber Defence League and Estonian Information Systems' Authority. Great technical support was received from Cisco, Clarified Networks, Clarified Security and Bytelife.
The ten Blue Teams were from Estonia, Finland, Lithuania, Germany, Holland, Italy, Poland, Spain, Slovakia and NATO. Exercise control was located on the premises of NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.
NATO Cooperative Cyber Defence Centre of Excellence is an International Military Organisation located in Tallinn, Estonia. It is not an operational centre and does not fall within the NATO command structure; it is guided and financed by the nations participating in its work. Centre’s mission is to enhance the capability, cooperation and information sharing among NATO, its member nations and partners in cyber defence by virtue of education, research and development, lessons learned and consultation.
Shell is undertaking a huge bring your own device (BYOD) project which will see it supporting around 135,000 devices picked by users rather than dictated by the IT department.
At the CA World show in Las Vegas on Monday, Ken Mann, enterprise information security architect at the oil and gas firm, outlined Shell’s shift to become a cloud-first and BYOD outfit.
Shell had already undertaken a project to centralise all its IT, and has outsourced its infrastructure to three main suppliers – AT&T, EDS – since purchased by HP –and T-Systems. Two years ago, the firm adopted a cloud-first policy, which means that any new applications have to be in the cloud unless there is a business case for them to be on-premise.
The next project for Mann’s department was BYOD – which Mann’s boss defines as buy rather than bring your own device.
The BYOD scheme is a major undertaking. Shell has 90,000 permanent employees, and an additional 60,000 on a contract basis so the company is managing 150,000 clients, from desktops to portables to tablets.
Of those users, 10,000 are already on a BYOD scheme, but Mann said Shell expects that in a few years, less than 10 percent of its users will be using company-provided IT equipment. Or taken another way, Shell will soon have 135,000 BYOD users to support.
“We’re looking at true BYOD, not just for mobile, but bring in your own laptop,” he said.
“Windows, iOS and Android are key operating systems for us, but if Windows Phone 8 becomes popular, we’ll look into using that.”
Part of the decision for the BYOD drive is around recruitment and staffing.
“In about five to 10 years, 50 percent of our staff worldwide will retire,” Mann explained.
“We’re going to have a lot of people turning over, and we want to be able to attract and retain talented and young staff. They don’t want to come into a locked corporate environment.”
To support this major BYOD drive, Mann’s job was to secure the different devices accessing the corporate network.
“We had two-factor authentication using smartcards and one time passwords (OTP) as default. But we started to look at how we could do two-factor authentication in the cloud. We wanted a solution for single sign-on from any device, whether in the cloud or an in-house app, and we wanted to support authentication standards like SAML and OAuth and translate between these,” he explained.
“We also wanted device authentication – is it from a Shell device or a kiosk in an airport?”
Mann said that four IT companies were in the running to provide Shell with its desired cloud authentication system, and each was visited to carry out an on-site proof of concept, with CA being one of the four.
“We didn’t find one company that could do everything we wanted to do. CA showed us the guts and development code, but they didn’t have a solution ready at the time,” he noted.
“Based on the four firms, we ended up selecting CA CloudMinder – it didn’t have a name at the time – as it was highly focused on cloud apps, and we’re already using SiteMinder, which focuses on in-house authentication, so there was a good bridge to link cloud and on-premise apps.”
CA CloudMinder was released in February, and is designed to offer enterprises key security capabilities including advanced authentication, identity management, and federated single sign-on as cloud services.
CA also unveiled a partnership with SAP at the Las Vegas show, to license the latter's Afaria software for mobile device management.
Eset senior research fellow, Righard Zwienenberg, told V3 the backdoor, codenamed Linux/Cdorked.A, is one of the most advanced attacks to target the Apache platform, boasting advanced detection dodging powers.
"The configuration of Linux/Cdorked.A is pushed to the system using obfuscated HTTP requests not apparent in Apache's log. This hides the fact that the web server is compromised. Linux/Cdorked.A can also receive commands with HTTP-POST," he said.
"The problem here is that Linux/Cdorked.A leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. It will be difficult to assess the dangers and actions of specific compromised systems if only the binary is found and the active shared memory is not.
Zwienenberg said the compromised servers are being used to drive web traffic to a number of malicious websites containing malware and exploits from the Blackhole exploit kit. The campaign has already compromised hundreds of Apache servers, meaning that thousands of websites could potentially have been affected.
The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.
"With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Other than modifying the existing httpd daemon service, all other traces are only in memory. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit," said Zwienenberg.
"Businesses must make sure they are always are up to date in applying all security patches. The days when patch management was a luxury are long gone. These must be completed so every employee is safe, and complemented with appropriate prevention measurements, such as anti-malware security suites."
The backdoor is one of many advanced threats uncovered targeting businesses over the last month. Prior to it security firm Seculert uncovered a 'Magic Malware' that features several detection dodging capabilities.
The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.
Figures from analyst firm Social Bakers show that the decline in users has picked up pace recently, particularly over the last month.
During the last six months, the social networking giant has lost over five percent of its US user base, the equivalent of 8.6 million people. Meanwhile 6.5 percent of UK users and over four percent of Canadian users have deserted the social networking giant over the same period.
The biggest losses over the period for Facebook occurred in Japan with a drop of nearly 20 percent of its users, Nigeria with over a 26 percent drop, and South Africa with a 19 percent drop.
Nearly four percent of the US losses and nearly five per cent of the UK's have occurred in the last month. The last month has also seen a decline in Facebook users in France and Germany.
Facebook could not immediately be reached for comment on the news.
Ovum analyst Richard Edwards told V3 that there could be a multitude of factors responsible for the decline.
"It could be that users are concerned over the privacy or that simply exam season is coming around," said Edwards. "The loss could also be due to a fashion element with other social networking services, whether it be LinkedIn or Instagram, gaining traction."
Edwards also suggested that the loss of Facebook users could be because the service had reached saturation point in a number of markets.
In related news, V3 last week reported that Facebook has confirmed plans to build a massive new datacentre in rural US that will make extensive use of wind power.
McAfee's advanced exploit detection system (AEDS) uncovered the threat on Friday, and it relates to an unpatched security flaw contained in every version of Adobe Reader, including the latest 'sandboxed' Reader XI (11.0.2).
McAfee declined to reveal the details of the vulnerability as Adobe is yet to release a patch for it. The vendor said that it has already detected a number of groups and people exploiting it, potentially for malicious purposes.
"We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an ‘email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks," wrote McAfee's Haifei Li.
"Some people might leverage this issue just out of curiosity to know who has opened their PDF documents, but others won't stop there. An APT attack usually consists of several sophisticated steps. The first step is often collecting information from the victim; this issue opens the door. Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, internet service provider, or even the victim's computing routine."
Despite its potential application, McAfee confirmed that it has made Adobe aware of the issue and the company is working on a patch. At the time of publishing Adobe had not responded to V3's request for comment when the patch will be released.
The zero-day vulnerability is one of many targeting popular platforms to have been discovered in recent weeks. Many of the vulnerabilities have related to Oracle's Java platform. The number of attacks led Finnish security firm F-Secure to list Java as the victim of choice for criminals.