Adm. Michael Rogers, head of the National Security Agency (NSA), recently explained to the Wall Street Journal CEO Council that “uneven” cooperation among the private sector and the government has led to a “literal onslaught” of malicious cyber-attacks from both state-sponsored hackers and cybercriminals across the globe. What’s more, the number of hackers is “so large and so diverse” that cybercriminals are nearly impossible to identify before a hacking attempt is made. Nearly two-thirds of hackers are looking to hack personal and financial information for monetary gain while the rest are said to be state-supported hackers. To assist the government in the war against cybercrime, Rogers explained that company execs must personally engage in cybersecurity, which cannot be the sole responsibility of IT departments in this day in age. “You need to shape the discussion,” he said. “I don’t pretend that this needs to totally dominate your life, but there is a significant role for you to play.”
In a poll at the CEO conference, just 9 percent said they would never trust the government with their information during a cyber-attack. However, 34 percent said they would cooperate only if it was their own company being attacked. Lastly, 57 percent would “readily cooperate.” While the government has made recent efforts to increase cyber threat information sharing, particularly through the Cybersecurity Information Sharing Act (CISA) and DHS’ free Automated Indicator Sharing (AIS) capability, private entities have so far been slow to participate. Nonetheless, Rogers explained to the group of CEOs, “If you want me to defend something, I can’t do it from the outside,” he said. “I can’t defend something if I don’t have access to the network structure – it’s like fighting with one hand tied behind your back.”
An 18-year-old named Meetkumar Hiteshbhai Desai created a malware bug that was designed to send DDoS attacks to public service answering points (PSAPs). The virus worked by first compromising iPhones and from there contacting various emergency personnel services. As a result, 911 call centers were unable to tell which calls were coming in from the malware and which were actual calls for help. In total, The Department of Homeland Security revealed that call centers in up to 12 different states were affected by the bug before it was shut down. Desai had attached the virus to a link on social media, which resulted in nearly 150,000 views prior to the page being shut down. He was arrested on three counts of computer tampering. In a world where social media is the largest platform for communication, Desai’s malware highlights the growing ability for malware to reach a multitude of hosts in a very short amount of time.
The Lansing Board of Water and Light was forced to pay a $25,000 ransom due to a cyber-attack that held the company’s main controls hostage. The attack originated when an employee unknowingly opened an email which contained the ransomware. While the Michigan-based company estimated a total of $2.4 million dollars in both damages to internal operations from the attack and upgrades to prevent future cyber breaches, all but $500,000 of that sum was covered by insurance. In response, the BWL Board of Commissioners’ Committee agreed unanimously to implement a new information technology communication policy, which hadn’t been updated since 2007.
In what preliminary reports are indicating could be one of the biggest breaches of 2016, the Friend Finder’s Network (FFN) and the six properties operating under its domain, including Adult Friends Finder, have been breached. The breach was triggered by local file inclusion vulnerability (LFI) and resulted in over 412 million users being compromised. Most passwords were stored with SHA-1 encryption, which is too weak to thwart off modern attackers. Experts are saying that this breach could be worse than the one that occurred at MySpace earlier this year. Consequently, the FFN breach is likely to cause a domino effect of smaller breaches resulting from password reuse and spear-phishing. The breach at FFN indicates a growing need for data systems to update and modernize security as the cyber landscape continues to grow and evolve.
Over the past several weeks, we have seen a spark in Distributed Denial of Service (DDoS) attacks across the globe. Kaspersky Lab, an international cybersecurity provider based in Moscow, has confirmed that 5 of Russia’s largest banks, including Sberbank, have been experiencing persistent DDoS attacks over the past several days. At the peak of the DDoS attacks, Kaspersky Lab reached over 660,000 requests per second. Experts believe that the hackers have carried out these attacks through the botnet of a hacked Internet of Things device, similar to the recent DDoS attack on Dynamic Network Services Inc. (Dyn) in the United States. While the origins of the attacks are unknown, some speculate that they have originated from anger about Russian involvement in the U.S. elections. In response to the attacks, the Online Trust Alliance (OTA) has produced a framework for a kite mark standard in securing IoT devices. While this DDoS attack on Russian banks was just one of 68 in total this year, experts say it is one of the largest they have ever seen.
A group of researchers from Indiana University Bloomington, University of California Santa Barbara and the Georgia Institute of Technology discovered more than 600 cloud repositories that contained malware and other potentially unwanted programs (PUP). According to Liao et al.’s report, up to 10 percent of the 140,000 sites and 20 major cloud platforms researched, including those of Google, Amazon and Groupon, contained compromised content. Additionally, the researchers also found the presence of several hundred malicious “buckets,” which actively dump malware into these repositories. Threat actors have utilized a variety of common attacks including fake antiviruses, phishing, as well as drive-by downloads. Liao et al.’s findings are an indication of the growing difficulty in securing big data repositories and the possible vulnerability of these cloud platforms.
President Obama’s Commission on Enhancing National Cybersecurity will hold its final public meeting this month, which will prepare policy recommendations for the transition to the new Trump administration. President Obama created the Commission to improve the nation’s cybersecurity posture with both short and long-term strategies in mind, including an industry-government partnership on voluntary standards. The presidential group has also been working hard to finish the Cybersecurity National Action Plan (CNAP) which includes a government-coordinated response plan for significant cyber-attacks.
President Obama has been vocal about his pledge of a peaceful transition, something he credits the Bush administration with mastering in his first days in office. They “could have not been more professional or gracious” in assisting the Obama team during the transition. While President-elect Trump has promised to undo many of Obama’s major policies, both the President and President-elect have stressed the need for better cybersecurity practices and more funding for the federal government regarding cyber. As a result, the White House hopes it can help “guide the incoming Trump administration on advancing cybersecurity polices that build on the progress of an industry-government partnership on voluntary standards, while going further to address emerging and evolving threats,” according to a recent Inside Cybersecurity article. The Commission on Enhancing National Cybersecurity will hold a call-in meeting on November 21 asking for public input and will address their progress on developing policy recommendations for the transition.
The recent distributed denial of service (DDoS) attack on internet service provider Dynamic Network Services Inc. (Dyn), which disabled the websites for major corporations such as Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, The New York Times and many others, not only serves as a wake-up call for organizations of all sizes, but a warning as well, according to the FBI. The agency has warned private companies that cyber-attacks through thousands of connected devices, known as the Internet of Things (IoT), will only increase in number. “The exploitation of the IoT to conduct small-to-large scale attacks on the private industry will very likely continue,” explained the FBI in an October 26 bulletin to private organizations.
Further, an FBI spokeswoman explained, “In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cybercriminals.” The reason this threat will remain, the FBI explained, is because the source code used in the attack, known as Mirai, is publically available. Anyone with technical skills can set up their own “botnet” of hacked IoT devices to overload websites with tens of thousands of IP addresses. Director of National Intelligence James Clapper said Russia is not believed to be the culprit, as the attacks do not appear to be government-based.
Los Angeles, a target for movie stars and warm weather, is also one of the largest for cyber-attacks in the world. Being the second largest city in the nation, L.A.’s massive data responsibilities create an enormity of security challenges. “We receive a massive amount of automated cyber-attacks every month, about 100 million,” said Ted Ross, the city’s CIO. To combat this issue, Ross reports that the city has made significant improvements to its cybersecurity in the last two years, such as the construction of a $1.8 million Integrated Security Operations Center which consolidates threat intelligence. Consolidation has helped to speed up threat response and coordination. L.A. is sharing their findings with the FBI, Homeland Security, and the Secret Service in efforts of unifying with other governments and cyber professionals. The issue of ransomware remains at the top of the list of L.A.’s worries, but they do feel confident in their security behind their internet of things infrastructure.
Ransomware attacks are on the rise across the country, with hackers reportedly extracting $209 million in ransom payments in the first three months of 2016. Madison County fell victim to a ransomware attack on Saturday, shutting down nearly all country services. Following the attack, commissioners gathered in an emergency session to discuss their options. Although the full implications of the attack remain unknown, and no personal information appears to have been released, the commissioners issued a unanimous vote to pay the ransom, but they are still hoping to find way to fight back. “We’re following the directions of our insurance carrier,” said Madison County Commissioner, John Richwine. While he did not reveal the amount paid to the cybercriminals, Richwine explained that it was not as much as one might think, and is covered by the county’s cyber insurance policy with Travelers after a deductible is paid.