Hacking, Security & Privacy - Page 34

Norse has developed a network of 8 million sensors worldwide designed specifically to absorb various types of internet attacks. These sensors analyze the malicious traffic and trace it back to its source. This vast network of global trackers is called the DarkMatter Platform, and it delivers real-time threat tracking and intelligence within five seconds.

Norse provides this service to companies to protect their web services, but they also provide an amazing real-time view for everyone of malicious traffic at their comprehensive monitoring site. The view of ongoing attacks is amazing due to the sheer scale of the attacks, and their continuing nature highlights the intense threats companies face every day. The site identifies each type of attack, and DDoS attacks are easily visible as attacks from multiple locations worldwide converge on a single target.

The DarkMatter platform analyzes malicious traffic, including IRC, Tor, P2P, DNS, SSH, VPN, private IP and SOCKS proxies, assigned and unadvertised address spaces, among others. This covers the entire range of threats, and Norse crunches terabytes of data per day, and takes up to four years of historical data into account, to assign threat levels to provide a complete threat analysis.

Right about now you've really got to feel sorry for Sony. Alongside numerous hacking scandals surrounding their pictures department, they've been targeted by the infamous North Korea and even had their PlayStation Live Network service taken down on the 26th of December thanks to a timely DDoS. Just when you thought it couldn't get worse, hackers have released 13,000 username-and-password combinations alongside stolen credit card details, claiming these were stolen from large-scale websites like Sony's PlayStation Network, XBOX Live and Amazon plus more.

Released via the Twitter account "@AnonymousGlobo", this hack is also said to target some of the largest porn websites alongside these gaming and retail web portals. This gives the hack yet another tie to the group known as Anonymous, who have been involved in recent Klu Klux Klan altercations alongside many other large-scale operations in recent years.

This recent mission saw their explanation read "we did it for the lulz," a common claim among the hacker collective. Translated this basically means "we did it because we could" or "we did it for a laugh".

For the second time in less than one week, it appears the fragile North Korean Internet infrastructure has been dropped offline from cyberattacks. Reports from Chinese media indicate the Internet and 3G mobile phone networks in North Korea have gone offline, following the US government's accusations that Pyongyang had a direct hand in breaching Sony Pictures.

In the incident reported earlier in the week, it appears a distributed denial of service (DDoS) attack stopped Internet access for a brief period. Most Internet access in North Korea is reserved for high-ranking government officials and military personnel, reports indicate.

Despite countries focusing on developing cyberespionage weapons able to target foreign companies and governments, clearly not enough is being done to help improve cybersecurity. The United States, UK, North Korea, China, Russia, Iran, and other nations have greater cyberattack capabilities - but fall prey to their own data incidents on a frequent basis.

The malware software and cybercriminal technique demonstrated against Sony Pictures could be used in additional attacks targeting US companies, according to a recent alert from the U.S. Computer Emergency Readiness Team (US-CERT). Specifically, the malware, which is similar to code used to target South Korean companies, is able to communicate with operators while spreading quickly and conducting brute-force password attacks against systems.

"Due to the highly destructive functionality of this malware, an organization infected could experience operational impacts including loss of intellectual property and disruption of critical systems," the US-CERT warning stated. It's true that next-generation malware, written by increasingly skilled cybercriminal groups, has a wide variety of different purposes. Although stealing and compromising infected PCs remains lucrative, cyberespionage would be better served by disrupting day-to-day operations of necessary systems.

North Korea has been blamed by the US government for the attack against Sony Pictures, a charge it vehemently denies - has dedicated resources to improving its cyberattack capabilities.

Thanks to the "Lizard Squad", many bright-eyed youngsters were left out of luck - being unable to connect their new Santa-given PlayStation's and XBOX's to their respective online gaming and content networks.

This group of hackers targeted both of these large-scale online mediums on the 25th of December, seeing Kim Dotcom come in as some kind of savior - offering them 3,000 lifetime premium Mega accounts worth $99 each in return for PSN and XBOX Live's safety. The squad accepted, stopping the DDoS atacks instantly, vowing never to return.

According to a Twitter post, this deal is only made true if "they don't attack Xbox Live & PSN again. #ThatsTheDeal," in the words of Dotcom himself.

The Iranian government will move ahead with an effort to use "smart filtering" of the Internet for Iranian users, with "undesirable" content censored - Iran has some of the strictest regulation and controls of the Internet, with many foreign websites blocked.

Despite Facebook, Twitter, YouTube and other populations blocked, a growing number of Iranian users access these websites with virtual private networks (VPNs). However, Tehran wants to filter the content, hoping it's a more effective method of preventing some blocked content - and President Hassan Rouhani previously promised to begin opening up technology access.

"Presently, the smart filtering plan is implemented only on one social network in its pilot study phase and this will process will continue gradually until the plan is implemented on all networks," said Mahmoud Vaezi, Iranian Communications Minister, in a statement to the IRNA news agency.

The North Korean government has steadily increased capabilities of its secretive Bureau 121 cyberespionage unit, but very little is known about how it operates. A North Korean defector recently shed light on the division of specialized "cyber warriors," with specific training of programming languages, operating systems research, and IT network security vulnerabilities.

By the time hackers are officially hired by Bureau, some candidates have almost nine years of training, according to Jang Se-yul, a graduate of the top North Korean engineering college. Bureau 121 cybercriminals - and their families - are moved to Pyongyang and become among the country's top 1 percent, including a high salary, free apartment, and free Internet access.

The US and other western nations are focused more on limiting cyberespionage, especially from North Korea, Iran, China and Russia - but the cybercriminals have had a step up on us for quite some time. North Korea understands it wouldn't be able to win a conventional war against political rivals, but is able to cause chaos using their hacker branch.

Cybercriminals from China are increasingly targeting Japanese bank account holders, with more than $16 million stolen from the Sumitomo Mitsui Financial Group and Mitsubishi UFJ Financial Group during the first six months of 2014. Japanese police officials report a rising number of Chinese nations being arrested for cyber-related crimes, and security experts point towards Chinese-based IP addresses.

The chaos begins by a phishing attack that tricks users into providing their passwords. Money is transferred out of Japan and people are recruited to visit ATMs and withdraw as much money as they can. Products are purchased in Japan and the stolen items are shipped and re-sold in China.

Earlier in the year, Japanese government websites were compromised by suspected Chinese hackers, with most of the sites temporarily dropped by distributed denial of service (DDoS) attacks. However, other websites were defaced with political messages related to Japan-China sociopolitical propaganda - as both countries continue their efforts to rebuild an extremely tumultuous relationship.

Cybercriminals compromised a German factory and caused "massive" damage to a blast furnace inside of the facility, according to a Federal Office for Information Security report made available by the German government. The company impacted remains unknown, but it looks like they fell victim to a phishing attack that led to malware installation on company computers - and it didn't take long before PCs and factory systems to suffer.

Since the company's employees were not able to maintain control of the blast furnace, there was "massive damage to [the] plant." "The attackers were knowledgeable in conventional IT security and had extensive knowledge of applied control and production processes," according to a recently published report.

As cybercriminals find new methods to conduct cyberespionage, there is growing concern that they can breach critical infrastructure - and cause significant damage - and this German foundry incident is a worrying sign. It's unknown if the hackers intended to just steal data, or cause physical damage, but show how vulnerable computer systems can be.

The Lizard Squad reportedly has taken credit for dropping Microsoft's Xbox Live and Sony's PlayStation Network on Christmas Eve and Christmas day. It's not a complete surprise to hear of the cyberattacks, with the group promising them all month long. Lizard Squad used a distributed denial-of-service (DDoS) attack, with the FBI and other hacker groups reportedly targeting them.

Unfortunately, the group demanded 10,000 retweets of a message posted on Twitter, so gamers will be able to access Xbox.com, Xbox Live and other services - and regain playability on PSN. Both Microsoft and Sony are working on connectivity issues, with spotty service available in North America.

It's not a surprise to hear they wanted to target the attack for Christmas, as many gamers plug in their consoles for the first time - or hit the power switch to begin playing a new title.

Following a successful data breach targeting Sony Pictures, the Japanese government is increasingly weary of potential North Korea-based cyberattacks. Japan is used to China's ambitious cyberespionage campaigns, but North Korea has steadily improved its own ability to launch successful attacks.

Japanese Prime Minister Shinzo Abe wants to boost internal cybersecurity defense as the threat of foreign-based attacks reaches frightening levels. There is specific interest in ensuring critical infrastructure, such as its power grid, transportation networks, and gas supplies can continue to function even under continued attack.

"Japan is maintaining close contact with the United States and supporting their handling of this case," said Yoshihide Suga, Japanese Chief Cabinet Secretary, during a press conference. The Japanese government is relying on strong ties with Washington in a joint-cooperation to increase cybersecurity.

The long saga of the Sony hack is far from over, but Sony has finally taken the step of releasing "The Interview" for purchase on a variety of digital platforms. The Interview is available on Google Play, YouTube Movies, Microsoft's Xbox Video, and a Sony website. The movie was released at 1 PM EST today and is available to stream for $5.99, and for purchase at $14.99. Sony also announced that 300 theaters will play the movie on Thursday.

Sony has taken a considerable beating over the massive hack of the Sony Pictures outfit. The satirical film outlines an assassination attempt of North Korean leader Kim Jong-un. The pending release triggered strong condemnation from North Korea, which threatened action. Soon after, Sony Pictures was hacked, and the US government claims to have proof that North Korea was behind the attack. After the hacking attack, embarrassing internal Sony documents were released to the public, and the hacking group also threatened violence at any theaters showing the film. Several prominent film distribution companies refused to air the movie, leading Sony Pictures to pull the movie. That announcement met with widespread criticism, particularly from President Obama, who likened the move to cowing to terrorists.

The digital release of a mainstream movie is unprecedented, but provides Sony with an easy distribution method that also allows them to save face. The major film distribution companies are still refusing to show the film, and the 300 theaters that will be showing the film are all independent chains. The movie will undoubtedly garner much more interest due to the press coverage of the hacking attack. If demand is strong enough it might provide an interesting insight into the possibility of future mainstream movies being released on digital platforms.

South Korea hopes the Chinese government will be cooperative in a data breach investigation recently suffered by the Korea Hydro and Nuclear Power Co. just a few days ago. Some of the IP addresses used to compromise the Korean company are linked to a northeastern Chinese city close to the border with North Korea, according to an unnamed South Korean government official.

Despite its geographic location, there still isn't enough evidence to accuse China or North Korea of being directly involved in the cyberattack - although China is suspected of targeting the United States and its allies, while North Korea has been accused of previous cyber breaches suffered by South Korean companies.

"When we have the cooperation of the Chinese, where of course we don't have jurisdiction, we will be asking for checks or maybe a search of the location of the IP address," a South Korean official recently said. "As we're doing this, there is a possibility that the IP addresses in China are not the final source but used in a routing. It's possible (the network) in China was used (remotely) from some other location."

Sony doesn't want a repeat of its data breach suffered by Sony Pictures, and hopes a new Director of Vulnerability Management Engineering will be able to lend a hand. The company is still trying to lick its wounds after foreign cyberattackers brought Sony Pictures to its knees, with corporate emails and movies stolen, along with employee personal information.

Applicants must have a minimum of 10 years information security experience and five years of experience in penetration testing/red teaming. The qualified candidate must have a Master's degree in computer science or another appropriate field, or have equivalent experience.

Sony also posted job listings for junior analysts on the "security operations team," a senior risk management analyst job, senior governance, and a risk and compliance analyst dedicated to security and privacy training.

If companies needed another reminder on the importance of improving cybersecurity, they can learn from the current predicament tormenting Sony Pictures. C-level executives need to be more involved when it comes to being proactive ensuring cybersecurity strategies at their companies are being implemented properly.

It has been a brutal year for data breaches in the United States, with Sony Pictures joining the unfortunate list of Home Depot, Target, JPMorgan Chase, and multiple other companies that suffered high-profile, very public cybersecurity incidents. Trying to prevent these data breaches is much easier said than done, but many companies have either ignored security recommendations - or overlooked potential fallout - related to security.

"I think the scale of this impact on Sony is what's going to make a lot of C-suites sit up and say 'Wow, we really do need to take this seriously,'" said Rob Sloan, cyber data and content head at Dow Jones Risk & Compliance, in a statement published by Fortune. "They can see the damage being done and it's potentially career-threatening for them and business-ending if they don't have the funds to support them through their troubles."

Sony Pictures CEO Michael Lynton has received a letter from Rep. Elijah Cummings, the top Democrat of the US House Oversight and Government Reform Committee, asking the besieged company to turn over information regarding its catastrophic data breach. There has been an increased number of cyberattacks targeting US government infrastructure, and it has been difficult to collectively learn from these incidents.

The US government, which is learning valuable lessons regarding proper cybersecurity efforts, wants to use Sony's "knowledge, information and experience" to determine what types of new cybersecurity laws - and general practice steps - that can be used to help better defend consumer and government data.

"The increasing number and sophistication of cyberattacks on both public and private entities pose a clear and present danger to our national security and highlight the urgent need for greater collaboration to improve data security," Cummins wrote in his letter.

The catastrophic data breach of Sony Pictures helped reveal a major issue that many Americans often ignore: the important need for proper cybersecurity, as companies and government agencies are under attack. Most data breaches occur silently, with companies being breached and often not realizing for many months that data has been stolen.

"From a critical infrastructure and economic perspective, we've seen a lot worse than Sony," said Jeff Bardin, Treadstone 71 cyberintelligence training firm, in a statement to NBC News. "Let's put it in the context of the real issues: attacks on our power grid, our banks, are happening."

It might not matter how it occurs, as long as people become more aware that cybersecurity will remain a significant problem for years to come. Whether it's small hacker groups - or organized state-sponsored cybercriminal groups - they love stealing US data, which often means consumer personal information.

South Korea is under cyberattack from an unknown source, as its Korea Hydro and Nuclear Power Co. has been breached, with "non-critical" data being stolen. The country's nuclear installations and atomic reactors aren't at risk, but cybersecurity experts remain highly concerned the country's nuclear reactors could be at risk from future attacks.

"This demonstrated that, if anyone is intent with malice to infiltrate the system, it would be impossible to say with confidence that such an effort would be blocked completely," said Suh Kune-yull, from the Seoul National University, in a statement to reporters. "And a compromise of nuclear reactors' safety pretty clearly means there is a gaping hole in national security."

As organized cyberattacks from foreign states continue to launch attacks, stealing data from utility providers and other critical infrastructure remains high on the list.

The "Operation Poisoned Helmand" operation, as part of the "Poisoned Hurricane" campaign, is reportedly targeting visitors to Afghan government websites, according to the ThreatConnect cybersecurity company. The attacks reportedly originated from China and looks to compromise Internet users visiting gov.af websites - using corrupted JavaScript files.

"We found continued activity from Chinese specific actors that have used the Afghan government infrastructure as an attack platform," said Rich Barger, ThreatConnect CIO, in a statement to Reuters.

As the United States and NATO slowly wind down operations in Afghanistan, it looks like China wants to step up and become more active in the volatile country. This isn't the first time Afghan ministry websites have been targeted, with malware found on justice, foreign affairs, commerce, industry and education ministry websites in the past.

North Korea is having Internet problems, as the country - which has limited and restricted Internet access - with problems dating back a few days, though the nation's infrastructure took a severe beating over the past few days.

"Their networks are under duress," said Doug Madory, Dyn Research Internet analysis director, in a published statement. "I haven't seen such a steady beat of routing instability and outages in KP before. Usually there are isolated blips, not continuous connectivity problems. I wouldn't be surprised if they are absorbing some sort of attack presently."

Internet access in North Korea typically is reserved for government and military users, and it's unknown who is behind the attack. Internet outages wouldn't impact normal citizens of the country, but could set a dangerous precedent if the United States is responsible for the attack.