Category Archives: Network

It’s a bird, it’s a plane, no it’s a Perdix

What’s small, fast, and is launched from the bottom of a fighter jet? Not missiles, but a swarm of drones.

I watched a 60 minute report on Tuesday night that had me so intrigued in what the military is doing with new technology.  This is not just about Drones, it’s about where the future is going with the following technologies.

  • Unmanned ground vehicle (UGV), such as the autonomous car.
  • Unmanned aerial vehicle (UAV), unmanned aircraft commonly known as a “drone” …
  • Unmanned surface vehicle (USV), for the operation on the surface of the water.
  • Autonomous underwater vehicle (AUV) or unmanned undersea vehicle (UUV), for the operation underwater.

U.S. military officials have announced that they’ve carried out their largest ever test of a drone swarm released from fighter jets in flight. In the trials, three F/A-18 Super Hornets released 103 Perdix drones, which then communicated with each other and went about performing a series of formation flying exercises that mimic a surveillance mission.

But the swarm doesn’t know how, exactly, it will perform the task before it’s released. As William Roper of the Department of Defense explained in a statement:

Perdix are not pre-programmed synchronized individuals, they are a collective organism, sharing one distributed brain for decision-making and adapting to each other like swarms in nature. Because every Perdix communicates and collaborates with every other Perdix, the swarm has no leader and can gracefully adapt to drones entering or exiting the team.

Releasing drones from a fast-moving jet isn’t straightforward, as high speeds and turbulence buffet them, causing them damage. But the Perdix drone, originally developed by MIT researchers and named after a Greek mythical character who was turned into a partridge, is now in its sixth iteration and able to withstand speeds of Mach 0.6 and temperatures of -10 °C during release.

A Washington Post report last year explained that they had been developed as part of a $20 million Pentagon program to augment the current fleet of military drones. It’s hoped that the small aircraft, which weigh around a pound each and are relatively inexpensive because they’re made from off-the-shelf components, could be dropped by jets to perform missions that would usually require much larger drones, like the Reaper.

Clearly, they’re well on the way to being that useful. Now the Pentagon is working with its own Silicon Valley-style innovation organization, the Defense Innovation Unit Experimental, to build fleets of the micro-drones.

I’ll be talking about some of the individual technologies in the future.

Let me know your thoughts and what you think of this type of technology.

Internet of Things (IOT), Big Data, Business Intelligence, Data Science, Digital Transformation: Hype or Reality? Facts and Figures


The Internet of things (IoT) is the internetworking of physical devices, vehicles, connected devices and smart devises, buildings and other items, embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data without requiring human-to-human or human-to-computer interaction.

The worldwide IOT market spend will grow from $592 billion in 2014 to $1.3 trillion in 2019 according to IDC, while the installed base of IoT endpoints will grow from 9.7 billion in 2014 to 30 billion in 2020 where 40% of all data in the world will be data resulting from machines to machines communication (M2M).

Gartner survey shows that 43 % of Organizations are using or plan to implement the Internet of things in 2016. Gartner predicts $2.5M per minute in IoT spending and 1M new IoT devices sold every hour by 2021.

Industrial IOT (Internet of Things) market is estimated at $60 trillion by 2030.

By 2020, IoT will save consumers and businesses $1 trillion a year in maintenance, services and consumables.

By 2022, a blockchain-based business will be worth $10B, Blockchain being a digital platform that records and verifies transactions in a tamper and revision-proof way that is public to all.

By 2018, Cloud Computing infrastructure and platforms are predicted to grow 30% annually. Many enterprises have failed to achieve success with cloud computing, because they failed to develop a cloud strategy linked to business outcomes. Many companies are unsure how to initiate their cloud projects. The key success factors for Cloud projects are the good design of the Business Processes, the focus on the Services delivered and a good design of the transition from “As Is” to “To Be” Applications Architecture.

By 2019, Global Business Intelligence market will exceed $ 23 billion and Global Predictive Analytics market will reach $ 3.6 billion by 2020, driven by the growing need to replace uncertainty in business forecasting with probability and the increasing popularity of prediction as a key towards improved decision making. Predictive analytics is the branch of the advanced analytics which is used to make predictions about unknown future events. Predictive analytics uses many techniques from data mining, statistics, modeling, machine learning, and artificial intelligence to analyze current data to make predictions about future. It is about the increased need & desire among businesses to gain greater value from their data. Over 80% of data/information that businesses generate and collect is unstructured or semi-structured data that need special treatment using Big Data Analytics.

Big Data investments will account for over $46 Billion in 2016 reaching $72 Billion by the end of 2020.

A new brand of analysts called “data scientists” are introducing data science courses into degrees ranging from computer science to business. Data Scientists usually require a mix of skills like mathematics, statistics, computer science, algorithmic, machine learning and most importantly business knowledge. If Data Scientists are lacking business knowledge, they will definitely fail. They also need to communicate the findings to C-Level management to be able to take the right strategic decisions.

Data science needs to be a fundamental component of any digital transformation effort.

All Sectors will have to hire and educate a significant number of Data Scientists.

Let’s take the example of the Energy Sector where the Digital Transformation is playing a crucial role to reach Global and European Energy targets:

87% of CFOs agree that growth requires faster data analysis and 50% of Networked enterprises are more likely to increase their market-share.

With the 2020 energy climate package and the 2050 energy roadmap, Europe has engaged early in the transformation of its Energy system.

As the Industrial Revolution was the transition to new manufacturing processes between 1760 and1840, the digital revolution will be the disruptive transformation of the 21st century to a new economy, a new society and a new era of low-emission energy.

Many large Energy players will appoint Chief Digital Officers to drive the digital transformation of their processes and create new businesses.

Four recommendations to boost Customer Centric Energy innovations will heavily require the Digital Transformation roadmap to be adopted:

  1. Accelerate Customer innovations by making the Data available for Market participants
  2. Build massive Energy Services as downloadable Apps through Energy Exchange Platforms B2B, B2C and C2C
  3. Full Customer participation by making customer usability as simple as one click
  4. Build the pan-European Energy Union of Customer Services by extending to cross-border Energy Management

With the enablement of IOT, BI, Predictive Analytics and Data Science and the proven business models, we predict that 90% of Commercial and Industrial Customers and 70% of Residential Customers will be adopting Smart Energy technologies by 2025.

Let me ask you the following questions:

  • What are the Top 3 priorities that justifie Digital Transformation in your business?
  • Are you planning to setup a Data Science team?
  • Are you considering Digital for existing business improvement or for creating new businesses?


Weak Passwords Pose Cybersecurity Risk for Campus Networks

Colleges and universities already present prime targets for hackers, and easily guessable passwords make the problem worse.

Using a weak password is the equivalent of laying out the welcome mat for hackers, but that hasn’t stopped some users from prioritizing convenience over password strength.

A SplashData analysis of 2 million passwords found that “123456” and “password” once again topped of the list of the most popular passwords in 2015. Other frequently used passwords included “12345678,” “qwerty” and “12345.”

Easy to type and just as easy to guess, these risky passwords are especially problematic for colleges and universities, which not only have a large number of users accessing the network but also represent enticing targets for cybercriminals.

Higher ed IT professionals can help protect users’ personally identifiable information and researchers’ intellectual property by teaching faculty, staff and students the importance of strong passwords and passphrases.

What is the cloud and how does it work, “Unlock the Cloud”. Part 2


We  kicked off a  cloud series called, “Unlock the Cloud” yesterday. In this blog, we talk about established and emerging cloud services that are contributing to the dramatic 19.4% compound annual growth rate in public cloud services spending, from $70 billion in 2015 to $141 billion by 2019.

Many enterprises are juggling three primary “as-a-service” categories to best scale their business and IT service delivery via the cloud: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). These services enable organizations to build, deploy and buy virtualized computing resources using more cost-effective, pay-as-you-use pricing models that have changed the way companies everywhere are consuming IT. Here’s a look at all three and some of their data-driven, cloud storage offshoots.

IaaS (Infrastructure as a Service)

Imagine an IT service delivery infrastructure that you don’t have to purchase, house, manage or update. IaaS makes all of your physical and virtual computing resources (compute, storage, operating systems and to some extent networking, etc.) accessible as you need them. The main benefit is you can still design and control the IT infrastructure you want without investing heavily in CAPEX and OPEX.

PaaS (Platform as a Service)

PaaS falls somewhere in between SaaS and IaaS. What makes it distinct is that it enables you to develop and deploy applications using the programming languages, libraries, services, and tools supported by the PaaS provider to bring products and services to market faster. So application developers don’t have to worry about available computing resources because they can leverage the PaaS provider’s IaaS environment, as well as its SaaS-like application development tools and hosting services.

SaaS (Software as a Service)

Don’t want the expense or hassle of deploying and revving applications? Then SaaS is the way to go. Companies don’t need to own or maintain software applications, and updates can be delivered in real time versus waiting for them to be pushed out by IT. Just run a thin-client or Web browser on your device of choice to access a wealth of applications over the Internet as needed (Yes, there’s an app for that!).

Much of the confusion around these services is rooted in the fact that many cloud providers now offer all three. That makes it almost impossible to differentiate each type of service by provider. The real work for your business will be to decide which services and providers best match the workloads you are trying to support.

Cloud Storage Offshoots

Cloud Storage services could possibly mash-up into one of the fastest growing niche cloud service markets based on their growing prevalence along-side SaaS, IaaS and PaaS offerings. Here are some notable cloud storage services:

STaaS (Storage-as-a-Service) – You’re using SaaS if you are storing photos from your smartphone or sharing documents with other users. As the amount of data increases and storage costs rise exponentially, parking portions of your personal and business storage in the cloud is inevitable.

DBaaS (Database-as-a-Service) – The complexity of database management often requires a team of database administrators to select and maintain single or multiple database platforms, and continuously optimize them. DBaaS eliminates the need for costly management resources and storage infrastructure by placing the burden on the DBaaS provider.

DRaaS (Disaster-Recovery-as-a-Service) – DRaaS eliminates the muss, fuss and cost of physically creating and maintaining a geographically separate data center for disaster recovery. It replicates your data center resources in the cloud and makes them available when you most need them. If you don’t need to completely replicate your IT infrastructure, but want to still protect your data, then consider BaaS (Backup-as-a-Service).

In this new “there’s a service for that,” world, choosing the best cloud services will depend on your workloads, and connecting to that service will depend on your cloud interconnection strategy. Stay tuned for upcoming “Unlock the Cloud” articles to learn more.

What is the cloud and how does it work, “Unlock the Cloud”. Part 1


By 2018, at least according to a Gartner report half of the IT spending will be cloud based.  So I thought I would write a series of articles on  “Unlock the Cloud”.  We will tackle cloud terms widely used, but often misunderstood: public, private, hybrid and multi-cloud.  We will look at Cloud Services, and Cloud interconnection strategies.

The word “cloud” defines shared, automated hardware or software services that offer customers a high degree of resource scalability, elasticity and self-service. Using the cloud is a lot like using a utility like electricity. Rather than spending a lot of time, capital and resources purchasing, configuring and managing their own hardware and software, customers provision, orchestrate and scale IT resources in the cloud, paying for only what they use, when they use it.

Public Cloud: Do you need a quick, cost-efficient way to ramp up and down software test beds, offload applications such as e-mail or customer relationship management, or cover seasonal spikes in customer usage? Consider using a public cloud service.

A public cloud describes a third-party provider of infrastructure, platform, storage or application cloud services  ̶ such as Amazon Web Services (AWS), Microsoft Azure, Dropbox or Salesforce. These services rent shared hardware and/or software resources to organizations and individuals as a pay-as-you-play service. Public cloud services also come in a variety of types, which we will discuss in another post.

Private Cloud: Do your in-house customers need the agility and elasticity advantages of the public cloud, but with more stringent control, customization, security and compliance capabilities? Consider a private cloud, which may be managed by your organization or an outside service via a private network connection, with hardware and software specifically assigned to your organization only.

Private clouds allow more customization than public clouds. However, private clouds may require a lot of organizational investment up front and internal IT resources to run. As with public clouds, private cloud resources are shared among internal departments and users, allowing users to self-provision and scale hardware or software resources as needed. Private clouds that are shared among different organizations in a closed environment, such as agencies in a state government, are sometimes called a community cloud.

Hybrid Clouds: Are you looking for the best of both clouds? Hybrid clouds combine at least one public and private cloud to deliver a particular IT service(s). Organizations may want to run an application entirely or partially in the public cloud but keep its sensitive data in a more secure private cloud. Or they may run an application internally, but “burst” it out automatically to a public cloud during peak demand periods. The latter is very cost-efficient, making it unnecessary to purchase and manage all the necessary hardware and software real estate for those occasional peak loads.

Multi-cloud describes a number of public and/or private cloud services used to deliver a single enterprise service, such as big data analysis or applications with multiple components. Hybrid clouds are a subcategory of multi-cloud, which has become a popular choice with enterprises. Nearly half of the respondents that were surveyed are currently pursuing a multi-cloud strategy. By 2020, 86% of those companies will have deployed multiple clouds across multiple locations.

“The Cloud” can be confusing but we will continue to offer clarity in this series on “Unlock the Cloud” 

FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen


he FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data.

The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts are now shining a bright light on the alert and the mysterious group behind the attack.

“This is a rare alert and a little late, but one that is welcomed by all security vendors as it offers a chance to mitigate their customers and also collaborate further in what appears to be an ongoing FBI investigation,” said Deepen Desai, director of security research at the security firm Zscaler in an email to Threatpost.

Details regarding the actual attack and what government systems were infected are scant. Government officials said they knew the initial attack occurred in 2011, but are unaware of who specifically is behind the attacks.

“Given the nature of malware payload involved and the duration of this compromise being unnoticed – the scope of lateral movement inside the compromised network is very high possibly exposing all the critical systems,” Deepen said.

In its February bulletin, the FBI wrote: “The FBI has obtained and validated information regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks.

The FBI said the “group of malicious cyber actors” (known as APT6 or 1.php) used dedicated top-level domains in conjunction with the command and control servers to deliver “customized malicious software” to government computer systems. A list of domains is listed in the bulletin.

“These domains have also been used to host malicious files – often through embedded links in spear phish emails. Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement,” wrote the FBI in its bulletin.

When asked for attack specifics, the FBI declined Threatpost’s request for an interview. Instead, FBI representatives issued a statement calling the alert a routine advisory aimed at notifying system administrators of persistent cyber criminals. “The release was important to add credibility and urgency to the private sector announcements and ensure that the message reached all members of the cyber-security information sharing networks,” wrote the FBI.

Deepen told Threatpost the group has been operating since at least since 2008 and has targeted China and US relations experts, Defense Department entities, and geospatial groups within the federal government. According to Deepen, APT6 has been using spear phishing in tandem with malicious PDF and ZIP attachments or links to malware infected websites that contains a malicious SCR file. The payload, Deepen said, is often the Poison Ivy remote access tool/Trojan or similar. He said the group has varied its command-and-control check-in behavior, but it is typically web-based and sometimes over HTTPS.

Experts believe that attacks are widespread and not limited to the US federal government systems. “The same or similar actors are compromising numerous organizations in order to steal sensitive intellectual property,” wrote Zscaler in a past report on APT6.

In December 2014, US government systems were compromised by hackers who broke into the Office of Personnel Management computer systems. That data breach, where 18 million people had their personal identifiable information stolen, didn’t come to light until months later in June of 2015.

FBI Warns of Cyber Threat to Electric Grid

DHS intel report downplayed cyber threat to power grid

Silhouette of power lines under sunset sky (Blend Images via AP Images)

Silhouette of power lines under sunset sky (Blend Images via AP Images)

Three months after a Department of Homeland Security intelligence report downplayed the threat of a cyber attack against the U.S. electrical grid, DHS and the FBI began a nationwide program warning of the dangers faced by U.S. utilities from damaging cyber attacks like the recent hacking against Ukraine’s power grid.

The nationwide campaign by DHS and the FBI began March 31 and includes 12 briefings and online webinars for electrical power infrastructure companies and others involved in security, with sessions in eight U.S. cities, including a session next week in Washington.

The unclassified briefings are titled “Ukraine Cyber Attack: Implications for U.S. Stakeholders,” and are based on work with the Ukrainian government in the aftermath of the Dec. 23 cyber attack against the Ukrainian power infrastructure.

“These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack,” the announcement by the DHS Industrial Control Systems Cyber Emergency Response Team read.

“The attacks leveraged commonly available tools and tactics against the control systems which could be used against infrastructure in every sector.”

The briefings will outline the details of the attacks, the techniques used by the hackers, and strategies to be used to limit risks and improve cyber security for grid organizations.

Security researchers have concluded the attack was carried out by Russian government hackers based on the type of malicious software, called BlackEnergy, that was detected in the incident.

The threat briefings followed an internal DHS intelligence report published in January that stated the risk of a cyber attack against U.S. electrical infrastructure was low.

“We assess the threat of a damaging or disruptive cyber attack against the U.S energy sector is low,” the report, labeled “for official use only,” says.

The report said advanced cyber attackers, such as nation states like Russia and China, are mainly seeking to conduct “cyber espionage.”

Penetration by foreign hackers into industrial control systems used to remotely control the electrical power grids as well as water and other infrastructure “probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States,” the eight-page report states.

The majority of malicious cyber attacks against energy companies was downplayed as “low-level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, [and] is financially or ideologically motivated, and is not meant to be destructive.”

The report also sought to dismiss public references to “cyber-attacks” as exaggeration. “Overuse of the term ‘cyber attack,’ risks ‘alarm

“Overuse of the term ‘cyber attack,’ risks ‘alarm fatigue,’ which could lead to longer response times or to missing important incidents,” the report said.

The report raises questions about whether DHS, which has primary responsibility for protecting U.S. government computer networks and works with the private sector to prevent cyber attacks, understands the infrastructure cyber threat and is seeking to downplay the threat for political reasons.

The Obama administration has adopted an approach that seeks to play down foreign national security threats under conciliatory foreign policies pursuing warmer relations with states such as Russia, China, and Iran.

The DHS report, however, contrasts sharply with recent statements by Adm. Mike Rogers, commander of the Cyber Command, who warned recently that a major cyber attack by nation-states against critical infrastructures poses a major security threat.

“It is only a matter of the ‘when,’ not the ‘if’—we’re going to see a nation-state, group, or actor engage in destructive behavior against critical infrastructure in the United States,” Rogers, who is also director of the National Security Agency, said in a speech March 2.

Rogers described the Ukraine cyber attacks as “a well-crafted attack” that temporarily disrupted electrical power in Ukraine.

The four-star admiral said the cyber attack also included the use of sophisticated monitoring of how Ukrainian authorities reacted to the attack. The attackers then took additional cyber measures designed to slow down the process of restoring electrical power, he said.

“Seven weeks ago it was the Ukraine. This isn’t the last we’re going to see this, and that worries me,” Rogers said.

A report by the State Department-led Overseas Security Advisory Council, a public-private security group, provided details of the Ukrainian electrical grid attack from open sources.

“While cyber attacks on critical infrastructure systems have long been viewed as digital aggression with physical consequences, very few have been documented to date, making the late December events in Ukraine a hallmark incident,” the report said, adding that in addition to the power grid, hackers targeted airport, rail and mining system networks.

On Dec. 23, the Ukrainian power provider Prykarpattyaoblenergo, in the western Ukrainian region of Ivan-Frankivsk, was hit by a large-scale breakdown that left 200,000 people in the region without power for several hours.

The cause was determined to be interference with the automated control system from malicious software.

The research group SANS Institute investigated and determined the blackout was caused by hackers who gained remote access and inflicted changes on the electrical distribution system.

“The cyber attack was allegedly timed to occur during a telephone flood aimed at the help desks of Ukrainian electric companies, intending to keep support staff pre-occupied and divert attention from the network intrusion,” the report said.

Other outages occurred in Kyiv Oblast that produced loss of electrical power to 80,000 people. Another unidentified power company in Ukraine also was hit.
The malware used against the three power companies was identified as BlackEnergy 3, which is believed to be Russian in origin and designed to attack infrastructure systems.

“A unique feature of BlackEnergy 3 is its KillDisk function, enabling the attacker to rewrite files on the infected system with random data and blocking the user from rebooting their system, rendering it inoperable,” the report said. “The virus also searches victim computers for software that is primarily used in electric control systems, indicating a potential focus on critical infrastructure systems.”

The Ukraine security service said in a statement that Russia was behind the power grid attack, and the Ukrainian Energy Ministry concluded Feb. 12 that the hackers “used a Russian-based Internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine’s power grid.”

The security firm iSight Partners traced the Ukraine cyber attack to a team of Russian hackers called Sandworm and noted that it was among the first destructive cyber attacks by the group that in the past had limited its activities to cyber theft.

The State Department report said some analysts believe power failures from malware cyber attacks “could entice nation-states and other nefarious threat actors to execute similar cyber attacks in the future.”

“However, the incident in Ukraine still remains the first possible instance of a blackout caused by a malicious network intrusion, not yet indicative of a trend,” the report said.

Ukrainian authorities this week disclosed that police and IT companies disrupted a Russian “botnet” server of some 4,000 computers that were hijacked and operated covertly in Ukraine and 62 other countries. The botnet, apparently used for criminal purposes, was code-named Mumblehard.

An FBI spokeswoman referred questions to DHS. A DHS spokesman declined to comment, citing a policy of not commenting on “purportedly leaked documents.”


Six Strategies for Achieving Connected Security

A Holistic Approach is Critical for Securing Your Network

But a holistic approach is probably most critical when it comes to securing your network. Just when you think you have your network secured, there is always another threat — from outside or from inside. These threats have many names: spear phishing, botnets, zero-day threats, distributed denial-of-service (DDoS) attacks, insider threats and former employees. They are determined to exploit disconnected security — security tools, processes, user profiles and information that are separated in silos, leaving dangerous gaps in between.

The increasing complexity of IT environments only increases these gaps, providing attackers with many new opportunities to exploit. Consider the number of operating systems you are now slated to secure and the number of BYO devices that are a normal part of your organization’s operation, from smartphones and tablets to network-connected devices such as printers, scanners and kiosks. Yet BYOD is still in its infancy — just 24 percent of organizations say that BYOD is widely used and supported. And the Internet of Things (IoT) promises complexity on a scale that’s difficult to fathom, with analysts predicting that 6.4 billion connected things will be in use worldwide in 2016, and that the number will swell to 20.8 billion by 2020.

There’s no turning back. Your users want the mobility and flexibility BYOD provides, and your organization needs to remain agile and attractive to both current and prospective talent. But neither can you ignore the security threats that continue to grow in both number and sophistication.

6 Strategies for Achieving Connected Security

By abolishing technology tunnel vision and adopting a holistic, connected approach to security, you can embrace BYOD and new technologies while also protecting your IT network and systems from attackers. Here are the six key strategies:

  1. Discover and inventory all devices — Establish a complete and accurate inventory of all connected devices and keep it current with IT asset management software. You can’t secure what you don’t know about.
  2. Keep software up to date — Make sure that you are patching your operating systems and applications regularly. Using the latest versions of software is the starting point for eliminating vulnerabilities. Gartner, Inc., reports that nearly a third (30 percent) of system weaknesses can be resolved through patch management.
  3. Maintain antivirus software on all endpoints — Antivirus software was once considered the only line of defense against attackers. Although today you need other strategies as well, it’s still imperative that current antivirus software be in force on all of your managed systems.
  4. Deploy a modern firewall — Next-generation firewalls are no longer just for larger organizations. They offer critical new technologies that provide added protection and peace of mind, and they can be both affordable and easy to manage for organizations of any size.
  5. Conduct regular IT security audits and vulnerability assessments — With OVAL and SCAP scanning, you can get ahead of the curve in finding and remediating security holes in your IT endpoints.
  6. Encrypt your data — Security from the data level to the cloud is today’s mantra. Start with endpoint data encryption, which provides a solid defense against data loss from lost or stolen devices.

APTs – Understanding the Ghost in the Machine

One of the biggest threats to all businesses is an APT attack. This means that the attacker has gathered enough sensitive information, weighed out all the possible outcomes, and is ready to attack at a moment’s notice. APT (Advanced Persistent Threat) is a form of cyber attack in which the attacker gains access to a network and finds a way to remain there hidden for a long time. Virtually undetected gathering information and waiting to attack. It is usually not an easy process to do, in a usual hack, the intruder will want to get in and get out as fast as possible with whatever data they can get. With an APT attack, the intruder wants to get in and stay in without being detected.
Once the attacker is in, there are many of things they can do to damage your internal network. Some of the most common ones are spear fishing attacks(sending false emails internally to try and wire money or get information) and social engineering attempts to get actual full network access. With this access, the attacker will try and set up a back door to come in and out when they please.

Now these APT attacks are hard to identify upfront and usually companies do not detect until the intruder is already on the inside. The most common way to detect an APT attack is to monitor the outgoing data with your IDS (intrusion detection system). This will catch the culprit if they are trying to send out any data prematurely. Below are some clear cut signs that you may be a victim of an APT attack.

  • Unexpected information flows inbound or outbound
  • Finding of backdoor Trojans
  • Increased activity with information movement or logins late at night
  • Detecting unexpected data packets or toolkits

There are several ways to limit the threat of an APT attack. As a security team you need to sit down with your manager and discuss which approach you would like to take.

  • Eliminate Low-hanging fruit vulnerabilities
  • Ensure end users do not have admin access to reduce social engineering attacks
  • Effective use web and email reporting to consistently scan the network for anomalies
  • Implement SIEM capabilities

Lastly one of the most important steps you can take is to understand that not all threats can be stopped, and the best way to prepare is to have a fast turnaround time as far as remediating the active threats once they do occur. Insuring that it is always aware of any threats, then have the ability to respond second is key. When you are reacting learn to make it as fast as possible to eliminate as much of the damage to you internal networks. Overall an APT prevention measure should be in your information security plan.

Cybercriminals Target IRS E-filing PIN application


IRS counters efforts to hack e-filing PIN system.

The Internal Revenue Service (IRS) has released details about a cyber attack upon its Electronic Filing PIN application. The IRS reported that it has stopped the cyber attack.

IRS officials said they identified unauthorized attempts involving approximately 464,000 unique Social Security Numbers (SSNs), of which 101,000 were used to successfully access an E-file PIN. The automated attack used personal data stolen elsewhere outside the IRS to attempt to generate E-file PINs for the SSNs.

“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for SSNs,” the IRS said in a prepared statement. “No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application.”

All affected taxpayers will be notified by mail of the attack. “The IRS is also protecting their accounts by marking them to protect against tax-related identity theft,” the agency added.

The IRS was also quick to assure that the attack was not related to the temporary shutdown of the e-filing system, during which time the IRS could not accept many returns due to a system-wide computer failure, according to Fortune.

IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.

In this recent event, cyber criminals used a list of known SSNs to make repeated attempt to access the IRS’s Get My Electronic Filing PIN portal. But as Naked Security pointed out, “Ironically, an E-Filing PIN is a sort of second factor of authentication (2FA), that you need, along with other personal data, when submitting online tax returns. In other words, it seems that you can request your second factor of authentication by using your first factor, which isn’t quite the idea of 2FA.”

This new attack follows a 2015 massive data breach at the IRS, during which hackers stole information from approximately 330,000 taxpayers to obtain $50 million in federal funds through false tax returns. An inspector general report following the breach discovered that the computer system the IRS had been using to detect identity theft may have been vulnerable to hackers.

These breaches underscore the importance of ensuring proactive data security that circumvents the opportunities for such events to occur in federal databases. It also highlights concerns about requiring multi-factor authentication to access sensitive data.