cybersecurity


On the heels of a well publicized distributed denial of service (DDoS) attack on U.S. financial institutions came a warning about another coordinated and planned cyber attack against this critical infrastructure sector.

Cyber intelligence uncovered a fairly large, coordinated cyber attack that is said to use fraudulent wire transfers as the means of attack. This cybersecurity attack is said to leverage session hijacking in a man-in-the-middle cyber attack.

Man-in-the-middle cyber attack is defined as a compromise where the attacker is able to insert themselves between its target and the system or service in which the target is trying to access or use. An attacker accomplishes this by impersonating the system or service that the target is attempting to connect with by falsely rerouting the traffic to and from the service or by hijacking session data.

This attack is known to be initiated by spam and phishing emails, keystroke loggers as well as Trojans with remote access. A high attack concentration has been seen in the small and medium sized organizations and the transfer amounts have ranged from $400,000 to $900,000.

Multiple cyber intelligence sources have warned that an estimated 30 U.S. based financial services institutions may be the targets of an organized cyber criminal gang that is said to be the entity behind this attack.

Just recently the FBI issued a warning about this threat. Their warning stated that the criminals behind this cyber attack were using multiple techniques to obtain customer log-in credentials. Once the criminals have these credentials, they initiate international wire transfers.

For additional information you should monitor the FBI, in association with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center (IC3).

Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute weekly blog for Breaking Gov on the topic of cyber intelligence. Keep reading →

Rep. Mike Rogers, chairman of the House intelligence committee, slammed the administration’s cybersecurity approach Thursday but expressed guarded optimism that his own stalled legislation — which the White House has threatened to veto — might be revived when Congress reconvenes after the election.

“There was a very good meeting with some members of the Senate,” Rogers told the audience at the U.S. Chamber of Commerce’s cybersecurity conference this afternoon, speaking immediately after NSA director Gen. Keith Alexander. (The Chamber has campaigned, successfully, against some cybersecurity legislation but endorsed Roger’s Cyber Intelligence Sharing and Protection Act, CISPA). Keep reading →

WASHINGTON: NSA director and Cyber Command chief Gen. Keith Alexander stepped into the lion’s den Thursday to address the Chamber of Commerce, which helped kill cybersecurity legislation Alexander had strongly backed.

Over and over, Alexander reassured the business-dominated audience at the Chamber’s cybersecurity conference Thursday that the government sought to work together with industry as a “team” through “discussion” to secure the nation’s networks “in a way that is acceptable, and perhaps more importantly fiscally acceptable, to industry.” Over and over, he emphasized that “we don’t need the government in our networks to do this.” In other words: don’t fret about us; don’t fight against us; we won’t push a cybersecurity solution that business (read the chamber) finds intrusive or unaffordable. Keep reading →

Government is at a crossroads in having the ability to process vast volumes of data, but too few executives who understand how to tap its potential, according to a report on “big data” released today.

The TechAmerica Foundation report offers recommendations for public policy, research and development, privacy issues and overcoming barriers based on government leaders who have established early successes in leveraging big data, such as the Internal Revenue Service and Centers for Medicare and Medicaid Services. Keep reading →


A few years ago I was headed into a meeting with the president of a critical infrastructure provider when I saw and photographed a picture of a yellow Post-it note with the user name a password written on it.

As with most people reading this blog I was angered that this could happen in 2007 after all the efforts and training that had occurred to increase the level of user security awareness. Here we are some 5 years later and I am sorry to say we have not made that much progress. Keep reading →

Commercial industry needs to step up and share more information about cyber attacks on its networks with Federal agencies responsible for cyber defense government officials said at a cybersecurity event in Washington this week.

Cyber attacks are showing increasing sophistication across the board – from basement hackers to foreign intelligence agencies, said Sean Kanuck, national intelligence officer for the National Intelligence Council during a daylong INSA Cyber Innovation Symposium Sept. 26. Keep reading →

The United States is “losing the cyber espionage war” against China, Russia and other countries, but even in the face of such a grave threat the country cannot agree on how to protect its precious intellectual seed capital from these predations, the chairman of the House Intelligence Committee says.

“We are running out of time on this,” Rep. Mike Rogers, respected for working closely with his ranking member, said in a speech at today’s Intelligence and National Security Alliance‘s (INSA) cyber conference here. Keep reading →

A top National Security Agency executive argued today that if the nation is to defend against escalating cyber threats, it will be increasingly important for individuals, corporations and institutions, including government, to be held more accountable for their contributions to, and their actions within, cyber space.

At the same time, there are limits to what actions private enterprises can take in protecting their networks, said NSA Deputy Director Chris Inglis, speaking at an Intelligence and National Security Alliance forum in Washington. Keep reading →

The Obama Administration is pushing ahead with a series of cybersecurity initiatives to protect critical national infrastructure from attack. At the heart of the process are a series of steps designed to improve how government networks detect and deter intruders, report incidents and work with local and international law enforcement to imprison cyber criminals.

Michael Daniel, special assistant to the president and White House cybersecurity coordinator, explained White House priorities for cybersecurity today at the INSA Cyber Innovation Symposium in Washington, DC. They include: securing federal networks, protecting critical infrastrucure, cyber reporting and response, cyber intelligence, and international engagement. Keep reading →

Citing a near tripling in the number of malicious software programs aimed at mobile devices in less than a year, a Congressional report is recommending the FCC and other federal agencies take a greater role urging private industry to develop stronger mobile security safeguards.

Cyber criminals are taking increasing advantage of inherent weaknesses in mobile devices and the applications that run on them, said Gregory Wilshusen, director of information security issues for the Government Accountability Office, an investigative arm of Congress.

Wilshusen, who oversaw the just-released report, said that in less than a year, the number of variants of malware programs has risen from about 14,000 to 40,000, or about 185%, according to figures supplied by Juniper Networks. These threats and attacks exploit vulnerabilities in the design and configuration of mobile devices, as well as the ways consumers use them.

Attacks against mobile devices generally occur through four different channels of activities, the report found: Keep reading →

Page 5 of 29123456789...29