ClearSky Cyberdefense Forum

The United States should be prepared to use every military option, including nuclear retaliation, in response to a huge computer attack, an independent Department of Defense task force said.

But the nation must determine whether its nuclear arsenal can withstand computer hackers, the Defense Science Board warns in a newly declassified report obtained by the Tribune-Review. In a full-scale cyber war, the board’s experts say, the United States’ weapons could be disabled or turned against its troops.

Link to the report :

http://ctovision.com/wp-content/uploads/ResilientMilitarySystems.CyberThreat.pdf

http://www.military.com/daily-news/2013/03/05/report-us-should-keep-nuke-option-for-cyberattack.html?comp=700001075741&rank=3

Kaspersky Analyzing The MiniDuke PDF 0-day Government Spy Backdoor 

By analyzing the logs from the command servers, we have observed 59 unique victims in 23 countries: Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Germany, Hungary, Ireland, Israel, Japan, Latvia, Lebanon, Lithuania, Montenegro, Portugal, Romania, Russian Federation, Slovenia, Spain, Turkey, Ukraine, United Kingdom and United States.

Link to Kaspersky research:

http://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf

Link to CrySyS Lab analysis:

http://blog.crysys.hu/2013/02/miniduke/

n the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

Link to the Report :

http://intelreport.mandiant.com/

There’s a war going on, and it’s raging here at home — not in the streets or the fields, but on the Internet. You can think of it as a war on the digital homeland. If you work for a power company, bank, defense contractor, transportation provider, or other critical infrastructure type of operation, your organization might be in the direct line of fire. And everyone can become collateral damage.

http://www.infoworld.com/d/security/unseen-all-out-cyber-war-the-us-has-begun-211438?page=0,0&source=fssr

Link To the report: 

http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation

Advanced Cyber-espionage Network: The attackers have been active for at least several years, focusing on diplomatic and governmental agencies of various countries across the world.

Information harvested from infected networks was reused in later attacks. For example, stolen credentials were compiled in a list and used when the attackers needed to guess secret phrase in other locations. To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries (mainly Germany and Russia). The C&C infrastructure is actually a chain of servers working as proxies and hiding the location of the ‘mothership’ control server.

Unique architecture: The attackers created a multi-functional kit which has a capability of quick extension of the features that gather intelligence. The system is resistant to C&C server takeover and allows the attack to recover access to infected machines using alternative communication channels.

Broad variety of targets: Beside traditional attack targets (workstations), the system is capable of stealing data from mobile devices, such as smartphones (iPhone, Nokia, Windows Mobile), enterprise network equipment (Cisco), removable disk drives (including already deleted files via a custom file recovery procedure).

Importation of exploits: The samples we managed to find were using exploit code for vulnerabilities in Microsoft Word and Microsoft Excel that were created by other attackers and employed during different cyber attacks. The attackers left the imported exploit code untouched, perhaps to harden the identification process.

Attacker identification: Basing on registration data of C&C servers and numerous artifacts left in executables of the malware, we strongly believe that the attackers have Russian-speaking origins. Current attackers and executables developed by them have been unknown until recently, they have never related to any other targeted cyberattacks.

This paper is providing details on the attacks in use today, suggest realistic defensive architectures and tactics, and explain the basic process required to have a chance of defending your organization against a DoS attack.

The report: https://securosis.com/assets/library/reports/Securosis_Defending-Against-DoS_FINAL.pdf

The Website: https://securosis.com/research/publication/defending-against-denial-of-service-dos-attacks

The United States could be on the cusp of a major cyber attack that would rival the destruction that was seen on 9/11, a retired lieutenant general and cybersecurity executive said.

“The day of the cyber-9/11 is looming and gaining on us,” said Ret. Air Force Lt. Gen. Harry D. Raduege Jr. who serves as the chairman of the Deloitte Center for Cyber Innovation in Arlington, Va.

The destruction felt by this type of cyber attack would not be reserved to computers, but could result in real loss of life, huge economic damage and could affect the entire world, he warned.

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=965

The Critical Controls are specific guidelines that CISOs, CIOs, IGs, and various computer emergency response teams can provide to their technical system administration and information security personnel to ensure that their systems have the most critical baseline controls in place.  To help organizations with different levels of information security capabilities design a sound security baseline and then improve beyond that, the sub-controls included in each of the Critical Control summaries specify actions that organizations can take to improve their defenses:

• Quick wins on fundamental aspects of information security to help an organization rapidly improve its security stance without major procedural, architectural, or technical changes to its environment.
• Visibility and attribution measures to improve the process, architecture, and technical capabilities of organizations to monitor their networks and computer systems to detect attack attempts, locate points of entry, identify already-compromised machines, interrupt infiltrated attackers’ activities, and gain information about the sources of an attack.
• Improved information security configuration and hygiene to reduce the number and magnitude of security vulnerabilities and improve the operations of networked computer systems, with a focus on protecting against poor security practices by system administrators and end-users that could give an attacker an advantage.
• Advanced sub-controls that use new technologies that provide maximum security but are harder to deploy or more expensive than commoditized security solutions.

http://www.sans.org/critical-security-controls/cag4.pdf

http://www.sans.org/critical-security-controls/guidelines.php

According to a leaked draft of the US-China Economic and Security Review Commission’s annual  report to Congress, obtained by Bloomberg News a week before its scheduled  release, Chinese hackers are employing “increasingly advanced types of  operations or operations against specialized targets.”
A US intelligence  official interviewed by Bloomberg describes the Chinese as having been “relentless” in its efforts to “blind or disrupt” those targets, which include “deployed US military platforms,” as well as “US intelligence and communications  satellites, weapons targeting systems, and navigation computers.”

http://www.bloomberg.com/news/2012-11-05/china-most-threatening-cyberspace-force-u-s-panel-says.html

Latest published report on China in the cyber arena :http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf