For those of you unfamiliar with Project Enlightenment, it was a six month investigation about a sustained espionage campaign against dozens of U.S. and international private sector companies and organizations across a dozen of business verticals.  The motivation behind the attack of these particular victims was likely to gain tactical and strategic advantage over large commercial transactions, and to collect information on issues such as international trade, commerce, legislation and human rights.

The first victim use case being featured is from the Mining Industry.  During the webinar, Rich Barger, Cyber Squared’s Chief Intelligence Officer, will walkthrough details of how a Steel executive was targeted and compromised during a three week period.  In addition, the use case will include an assessment as to why the adversary had targeted the executive given their organizational role in the company, timing of the compromise, and relevant geo-political conditions.

A second use case will explain why the Canadian Government was compromised in mid July 2011 along with granular details of how the attack was conducted and what the motivation of the attackers during the time of compromise.

Cyber Squared chose these two use cases for the Project Enlightenment webinar, because of their diversity.  They represent both an economic and a political target from different countries, yet each of victims were part of a sustained cyber espionage campaign by the same adversary.

Webinar registration is available at the Cyber Squared website.

The Project Enlightenment Case Study is available for download, and a whitepaper that includes technical details of the compromise is available from Cyber Squared under non-disclosure.

In response to growing interest in their Project Enlightenment Case Study, Cyber Squared has scheduled a webinar, “Anatomy of a sophisticated cyber-attack and how it affects your organization”, for May 30^th to publically release information about the attack.

For those of you unfamiliar with Project Enlightenment, it was a six month investigation about a sustained espionage campaign against dozens of U.S. and international private sector companies and organizations across a variety of business verticals.  The motivation behind the attack of these particular victims was likely to gain tactical and strategic advantage over large commercial transactions, and to collect information on issues such as international trade, commerce, legislation and human rights.

What initially appeared to be an isolated cyber-attack possibly associated with the Taiwan Airpower Modernization Act (TAMA) S.1539, unraveled the thread of a pervasive and coordinated military grade cyber espionage campaign. During the course of the investigation, technical intricacies emerged, such as how the attack was carried out and who the likely perpetrator was.

By applying real-time Security Intelligence, which required both a bottom-up victim approach along with a top-down technical assessment of the adversarial capability surrounding this single incident, Cyber Squared was able to discover the following types of victims were compromised by the same threat:

1. U.S. Public Policy Think Tanks and Research Organizations

2. North American Technology Companies

3. European Food Safety Organizations

4. North American Immigration Organizations

5. European Environmental Organizations

6. Southern Pacific Agriculture & Fisheries Organizations

7. European Maritime & Shipping Organizations

8. International Steel, Gold and Copper Mining and Raw Materials Organizations

9. International Law Firms & Public Relations Organizations

10. East Asian Economic Policy and Diplomacy

The webinar will cover highlights of the cyber espionage campaign and offer tips on how to protect your company from sophisticated attacks.  It will feature Rich Barger, Cyber Squared’s Chief Intelligence Officer, who served as the lead investigator throughout the study.  In addition to sharing details about the initial attack and the subsequent exploitation patterns, Mr. Barger will cover how Security Intelligence was applied during the investigation and how it could have been used prior to, during and after the incident response phases.

The webinar is scheduled for Wednesday, May 30^th.  Webinar registration as well as the case study are available at the Cyber Squared website.

Who is attacking the small business and why?

The threat to the small business is the same as any business.  The adversary is after company information and customer data, and since small businesses don’t have multi-million dollar security budgets they can be a much easier target.

The growing trend is for competitors to steal corporate information as an easy way to level the playing field.  Not only does this put your new highly innovative product or idea at risk while your Intellectual property sits “safely” within your own network, but this also means that all your vendors will be targets too.  As corporations increase their cyber security protection (spend more $), attackers will look for new routes to target their most prized Intellectual Property (IP).  For example, think of the treasure trove of corporate secrets that your legal firm has in their possession at any given time.

Another major issue for small businesses is theft of personal information.  Why should cyber criminals target fortune 1,000 companies when there are thousands of small businesses that are far easier to penetrate?

“I recently had a client who owns a restaurant where credit card information got released to the public,” said Scott Hauge whom is the president of the Small Business California, a small-business advocacy group.” As a result, MasterCard is looking to collect $200,000 in fines and he is also looking at numerous credit card holders bringing action against him. Visa recently stated that 95% of credit card thefts originate at small businesses”, Hauge said.

This quote demonstrates a small businesses worst fear – hundreds of thousands of dollars, potentially more, in unexpected fines disrupting their business.  Most small businesses cannot survive such a situation.

Small businesses are susceptible to sophisticated attacks too. 

If we consider law firms, they offer the cyber adversary valuable information on international mergers/acquisitions and trade, public policy, and export controlled technology as examples.  On two separate occasions, Cyber Squared’s investigations have identified sophisticated threats targeting international law firms.  In the first case, the law firm under attack advises on public policy and regulatory issues.  The second victim was a very large international law firm representing global 1,000 and Fortune 500 companies on high tech issues and emerging growth areas.

A well-executed cyber-attack can effectively put a small business out of business.   While cyber insurance may help offset costs associated with the loss itself and contain the damage and litigation, it won’t cover the loss of reputation.  Customers have little tolerance for having their sensitive data stolen.  Most states have enacted breach laws, so customers must be notified.

How does a small business protect itself?

FEMA, under the Department of Homeland Security, has released a “Common Sense Guide to Cyber Security for Small Businesses”.   This is a 12-step good practices list that includes case study examples of what goes wrong when these practices are not applied.  (Notice that Case #12 includes two law firm examples.)

Are good practices enough?

While applying good practices in a consistent timely approach reduces risk, they don’t offer adequate protection against a sophisticated adversary.

As enterprise corporations continue to increase spend on cyber security protection, many companies in the “protection” business focus primarily on solutions for these enterprise customers.  In many cases, their solution is incident response based, which doesn’t necessarily help the small business, where the first incident can put the small business out of business.

Cyber Squared believes that everyone deserves affordable protection.  This is especially important for small businesses’ that don’t have large budgets for cyber defense.  With our understanding of how sophisticated cyber threats exploit gaps in network defense and security policies, we identify risks to your organization’s business process and tailor our response based on timeline, acceptable cost, requirement from legal authorities, and acceptance of risk.  Doing this upfront allows our customers to feel comforted that they are prepared when, not if, the sophisticated threat comes knocking.  This also minimizes costly response efforts, or losses resulting from a successful breach of your business.

Before you online shop or catch-up that post-game commentary, make sure that your favorite Internet Browser is secure.  Should your surfing accidentally take you to a malicious site, a Virus, Trojan or Worm may be waiting to steal sensitive data from your pc – financial information, tax information, etc.

Cyber Squared has a few quick pointers to help secure your Internet Browser.  We are not going to recommend a browser for you, because they each offer different features.  Depending on the browser and version you use, the steps provided (below) may differ slightly.

Cookies aren’t just for eating

Once you hop on the Internet and go to a web page, pieces of information about your browsing behavior on a site are tracked in cookies.  While cookies are essential for some online activities, shopping for instance, we recommend that you manage these cookies yourself to better protect your data from harmful spyware.

Here’s how to do it:  In most browsers, go to the Tools menu then Options.  For Firefox it’s a tab called Privacy, and click where it says “Accept cookies from sites” and “Accept 3^rd party cookies”.  Choose “Keep until:  Ask me every time”.  Applying this setting will enable you to better manage your cookies. (and go make some chocolate chip cookies).

Anti-Virus can help browsing too

As cyber criminals and evil doers of the digital age get more and more sophisticated, the anti-virus companies have upped their game by increasing the protection offered.  Many vendors now provide an Internet browsing plug-in via a toolbar or safe searching website feature.  Norton, as a “heads-up” to their subscribers, checks websites and provides a green check mark if it is believed to be a safe site.  It gives you a bit of information before you proceed to a site that hasn’t been determined as safe.

All I want is a Push-Pop

Cyber criminals like to use little pop-up boxes on websites that are invisible to the naked eye.   This small box actually contains malicious code that can provide a handle into your pc or tablet.  To avoid these, we suggest going to your Tools menu and “disabling pop-ups”.  This simple setting can make you less vulnerable against this method of an attack.

Don’t be too active

Software developers have new tools and techniques for improving website functionality.  ActiveX and Cross-Site scripting are two such examples.  When in the hands of evildoers, they can be a nice backdoor into your computer’s sensitive files.  To be safe, we suggest disabling this feature on your browser.

Here’s how to do it:  When using Internet Explorer, click on Tools and then Options.  From there go to the Security tab and then Custom level.  While looking at the Security settings, scroll down and you will see “Run ActiveX controls and plug-ins” and click Disable.

Some add-ons are good

There is a simple browsing extension called NoScript.  This simple open source program is a browsing extension that provides another layer of protection to your browsing experience.  As you surf to a website, it asks you to ensure you want scripting languages like Java, Javascript, Flash and other plugins to be executed prior to your knowledge.

There are additional ways to secure your browsing experience.  Implementing them really depends on how secure you want to be; you must balance the risk and the functionality of the website.  While this isn’t a complete list, it is a good start to a more secure path.  Stay safe by staying vigilant, and making sure the site you are accessing is really secure.

As you unbox that new computer this holiday, take some precautions before you start using it for banking online, playing the latest computer game, or hitting your favorite social networking spot.    Just like any new house would have locks and an alarm system, a new computer should have appropriate protection too.  Unfortunately, not all the necessary protection comes pre-packaged.

Anti-Virus, more IS better

Despite what you may hear, all Operating Systems (Windows, Linux, MacOS) are susceptible to malicious software (malware) such as Viruses, Worms, etc.  Most new computer’s come with a free trial Anti-Virus (AV) from one of the major AV vendors such as McAfee or Symantec, and a trial period can last anywhere from 30-days to a year (or more).  We’re not going to recommend one AV products over another, but we do recommend that you have one running at all times.   Take note that certain malware will not be caught by every AV products, so if you are truly worried about malware, run 2-3 different AV products on your computer.  There are many free AV products that you can download and install, that don’t conflict with your purchased products and provided added protection.

Updates, not just annoying, also useful

Most, if not all, software has vulnerabilities that a malicious person can exploit.  Software companies continually release patches to remove these vulnerabilities as they are discovered by security researchers.  Keep your software up to date – apply patches as they become available.  It can go a long way toward keeping your system safer.  When you first remove your computer from its packaging, it is most vulnerable, because no patches have been applied to its pre-installed software.  Despite how annoying it is to wait for EVERYTHING to be updated, you need to make sure your Operating System (OS), your AV, your Browser are the most up to date version and have all the patches, service packs, etc. before you get started.

Your new computer is only as secure as your home network

If you are going to plug your new computer into your home network, make sure it’s secure.  If you have a dedicated Internet line for that one computer, then you don’t need to do anything additional, but if you have a router for your network, then we recommend you check out our blog that tells you how to secure your wireless router.

Disable the stuff that is just plain bad

There are some basic functions that computers have that tend to leave you much less secure then you should be.  While you can use these functions, if you don’t know them very well, they can be very dangerous.  If you don’t know how to apply any of these recommendations, Google “How to” whichever item you need to do.  (For example, “How to turn off Auto-Run for Windows 7”)

• Make sure Auto-Run is turned OFFfor removable media (Thumb Drives, CDs, etc)
  • Remember, never a good idea to put a Thumb Drive in your computer if you don’t know where it came from!
• If your computer has a Bluetooth function, make sure it is turned OFF (unless you are using it)
• Make sure fire-sharing is turned OFF
  • File sharing is very useful, but if you aren’t sure what you are doing, you are likely sharing those files with EVERYONE.

There are additional things you can do to protect your computer.  Consider what you use it for when deciding how much protection is needed.  These basic tips will ensure that your system has a good baseline of security.  Be safe, be secure and Happy Holidays from Cyber Squared.

This technology has made wireless network connections much more available in public places.  Many hotels, cafes and restaurants, airports, and city offices and buildings offer the amenity of free Wi-Fi for their patrons. Some cities and countries, Estonia, for instance, offer free Wi-Fi.

“Nothing in life is free” and bad things that can happen when you access a public Wi-Fi connection, so connect with care.

This blog will focus on securing your shiny new 802.11 wireless router by preventing unauthorized use of your wireless connection.

Listed below are some tips to help secure your wireless router.  Note that the particular brand you have purchased may have slightly different menu configurations.  Take the concepts covered (below) and consult the user guide for the particular configuration syntax and proper installation methods associated with your device.

WEP, WPA? What is this?

Wireless Encryption Protocol (WEP) is an older version of encryption that should be included with your router.  It is critical to have this piece of security in place.  There will be a passphrase associated with router, and this will generate a key (series of numbers and letters).  Anyone with this passphrase can obtain access to your router.  A more secure protocol is Wireless Protected Access (WPA).  It’s definitely more difficult to crack than WEP, and its newer version is WPA2.  WPA and WPA2 have keys that change dynamically, and your protection will be based on an encryption key.  It’s highly suggest that a strong password/passphrase which is at least 14 letters/numbers is used.

Passwords

Just like your computer, iPhone, Blackberry, etc, your router has an admin password.  To prevent unauthorized access, you must change the default password.  Without password protection, access to your router can be as simply as typing http://192.168.0.1 or http://192.168.1.1 (generally the IP address of your router).  By knowing the model of your router and typing in the default password, an unwelcomed guest can change all the configurations.  This is a pretty simple security measure to implement that makes your home network much more secure.

Naming – SSID (Service Set Identifier)

A feature of many of the today’s devices is the ability to name your own devices.  Much like we discussed in the iDevice blog, you need to recognize that wireless router name is visible; anyone can see the name of your home network.  If you don’t name your router, the name is likely the actual router brand name and model number.  With a modest amount of research, it’s possible for an adversary to learn the vulnerabilities associated with your router, and hack into your home network.  Choose a name that is not personal and doesn’t give away too much information.  For fun, try out the name of a famous person.  It probably won’t give you away, and should be to easily remember.

Who is stealing my stuff?

If ever you every notice your connection going incredibly slow while you are browsing the Internet, you should diagnose the cause.  It could be that someone else is using your wireless router, and eating up your bandwidth.  To determine if this is the cause:

• Connect to your router’s admin page.
• Consult your manual to find the IP address, and enter in your STRONG password to access the router
• Look for something called Attached Devices,Active Devices or Connected Devices
• If you see something you don’t recognize, you have probably found the culprit
  • If you do discover non-authorized access to your network, change your WEP, WPA or WPA2 encryption key immediately

Filter it all out

Another technique to help keep your home network protected is to secure your wireless network with MAC Address filtering.  This technique may be a bit more complicated than the others.  (If you have visitors regularly who access your network, you may wish to skip this tip.)  A MAC address is a unique identifier for a physical network device.  Each computer, for example, has its own unique MAC address.  MAC address spoofing is a possibility, but it takes skill, so we’ll focus on how apply filters to restrict access to your home network.

To enable your router’s filtering feature, you will need to look at configuration manual.  (Some routers don’t offer this capability.)  If yours does, a simple way to check is to:

• Logon to the router homepage.
• Look for a menu option saying MAC Address Filtering
• Click enable
• Enter in your MAC address
  • To find your MAC address click (for Windows users go to Start à Run à type ‘cmd’
    • Type ‘ipconfig /all’
    • It is the series of numbers and letters after Physical Address
    • Example:  01:23:45:67:89:ab

Since most computers, printers, and electronic game devices come wireless ready, wired connections are becoming obsolete.  After all, who can resist accessing the Internet with complete freedom of movement?  Follow the simple steps above, and operate your wireless router with the peace of mind knowing that the information sitting behind your router is safer.

While Blackberry innovation makes life easier, you need to also understand its vulnerabilities.  It’s unfortunate, but all devices that connect to the World Wide Web have inherent flaws.  Most users don’t understand that their Blackberry is just susceptible to viruses and Trojans as their home computer.  However, as these devices become more advanced, they become increasingly attractive targets for evil doers.

Cyber Squared wants to make sure that you operate your Blackberry safely, and recommends following these simple tips.

Passwords

Maintaining a strong password is a simple thing you can do to keep outsiders away from your business/personal information and prevent unauthorized use.  Putting password on your Blackberry is a simple task, but you need a password that’s more than just “follow the keys” (aka keyboard crawler).

• Find the Options button – click it
• Click Password
• Make the Password field Enabled
• Click Menu
• Click Save
• Put the STRONG (letters, numbers, and special characters) password in twice hitting Enter after each time. An example of a STRONG password is “Cyb3rSqu@r3d-R0cks!”

Encryption is your Friend

In the event your Blackberry is stolen or malware is downloaded, you’ll be relieved if your data is protected.  Encrypting your Blackberry’s data makes it more difficult for a person to pilfer and use for their own unauthorized needs.  Don’t follow the Hollywood’s starlets (stolen picture scandals –anyone?); and always encrypt your data.

• On the main screen there should be an Options button – click it
• Click Security Options
• Click Encryption and make it Enabled
• Set the Device Memory field to be Enabled
• Set the Media Card field to be Enabled
• Choose either to encrypt via a password, the device or both (it’s your choice)
• Click Menu and Save it

Be wary of Bluetooth

A Bluetooth-enabled device can facilitate communication in a hands-free manner. However, leaving this feature turned on indiscriminately can make your Blackberry unnecessarily vulnerable.  Information could be stolen off of your Blackberry, and you may not even realize it.  Proper management of your Bluetooth connectivity can protect this valuable asset.

• Go to the Main screen and click Manage Connections
• Click Bluetooth options
• Click Menu
• Click Options
• Make Discoverable set to NO
• Press Menu and Save

Emails are not always trusted

One of the advantages of the Blackberry is to have your corporate email access right on your hand – an “always on” virtual connection to your office.  An added bonus is being able to stay connected to family and friends through email on the same device.

Emails are a popular medium for malicious actors.  Attachments can be infected. If you receive an email with an attachment or with a link in it, first make sure it comes from a trusted source, ensure the domain is correct and does not contain any typos or misspellings, and then – proceed with vigilance.  Attachments or links can lead to installation of malicious software on your Blackberry.  It you receive an email and if you don’t know who sent it, do not access on the attachment or go to the link.  As wise Ben Franklin put it, “an ounce of prevention is worth a pound of cure!”

Browse safely

Blackberries bring the Internet right to your fingertips.  Easy access to most everything you need, a phone number, directions to a location, or just catching-up on the news during your morning commute.

Whether you are at home, or browsing with your Blackberry, the Internet is a virtual playground for malicious people to harm unsuspecting victims out there, so browse with care.  Accessing an infected website can lead to Trojans and/or worms being downloaded onto your device.

Apply these few tips, and benefit from knowing that you’ve made your Blackberry more secure.

All devices that connect to the Internet are susceptible to malicious software (malware).  Some operating systems or devices may be targeted more frequently than Apple’s, but none are truly infallible.

The techniques outlined below provide simple tips to protect your iDevices.  While some of the recommendations will seem to be common sense, they are often overlooked and put your favorite gadget at risk.  You may not have considered others.  So, apply the list below, and protect your iDevice and more importantly your data.

Use a passcode

Who hasn’t lost or misplaced their device?  If it happens in a public place, and your device isn’t passcode/password protected, a stranger can pick up your iPhone, browse through your email, make unauthorized calls, send text messages to your contacts, and make unauthorized purchases or downloads.  They have direct access to your personal information too.  Setting a passcode offers a lot of protection.

• Click on Phone Settings
• Click General
• Hit the Passcode Lock
• Important – use a random passcode. Do not use 0000, 2580, 1111, or 1234 as these combinations are the most common and easily guessed passcodes in use today.

Update/Upgrade your device
This may be common sense to those who work in the IT industry, but who makes upgrading their personal device a priority? Out of date “apps”, operating systems and firmware present a risk of a malware infection through web browsing and opening email attachments. Keep your iPhone/iPad/iPod up to date with the latest software, operating systems and firmware. Apple attempts to close security holes, fix battery longevity issues and stop users from “jail breaking” their devices through updates. You can expect incremental updates in between significant upgrades of the Apple iOS, Apple’s mobile operating system.  Staying current is a simple way to stay secure.

Name your device

Something you probably didn’t consider during set-up was how to name your new device. Very often a real name is given to the device (e.g. John Appleseed’s iPhone).  While this doesn’t seem like a big deal, using a real name for a device can expose the owner to malicious activity.  When you utilize the device on a public Wi-Fi hotspot, like Starbucks or a hotel, you inadvertently broadcast a lot of information to those “listening”. One protocol that is particularly “noisy” is the “Apple Filing Protocol” or afp. When afp “talks”, it is searching for iTunes or another OS X device to respond. If someone is “sniffing” this traffic, they will be able to see who is broadcasted over the public Wi-Fi. If you name device after yourself, your name is exposed and you can be easily identified.

When using your device on a public network, strangers can see your device name. If you don’t want to expose your personal identify in a public place, don’t use a personal name for your device.

Handle Email Attachments with Care

Again, this may seem obvious.  Due to the large number of attachments that Apple iOS is able to natively open, Apple devices have been targeted via email with malicious attachments.  To date, Apple has been able to respond quickly to any issues, however I imagine that this issue will get worse before better.  Be cautious opening email attachments.  As a general rule, if you do not know the sender and are not expecting the email, don’t open it. If you know the sender, but we’re not expecting an attachment, contact the sender to make sure they actually sent you the email. Unlike a PC, most Apple products do not run virus scanner software, and they are still vulnerable to viruses.

Cyber Squared will continue to provide updates on mobile device AV products and other important mobile security information. Mobile devices are a target, and although the frequency of attacks has not become critical, it is only a matter of time.

Beware of Public WiFi

Public Wi-Fi continues to increase in availability and popularity.  Know where you are connected.  In some cases, the free Wi-Fi you thought you connected to is not what/where you think it is, and you connect to an unexpected network, down the road, run by a person whom is collecting information.  Be vigilant.  Always be aware of which network you are actually connecting to.  Your iPhone comes with a handy feature establishes your network connection preferences.

• Click the Phone Settings
• Click Wi-Fi
• Click Ask to Join Wi-Fi

Browse Safely
It’s pretty well established that browsing unfamiliar web sites, especially those hosting wares and mp3’s, expose your device to infection. Mobile devices are just as susceptible as a computer.  Since many of these sites offer “mobile” versions of their primary site to better facilitate content viewing on the smaller Apple devices, attackers can actually tailor their attacks to Apple iOS. Once you’ve hit a compromised website with your Apple device, delivering an exploit to the device is trivial and often very difficult to detect.  Here are a few tips to make web browsing safer.

• Ensure Pop-ups are blocked
  • Click on iDevice settings
  • Scroll down and click on Safari
  • Make sure pop-ups blocked is on
• Disable Cookies
  • Click on iDevice settings
  • Scroll down and click on Safari
  • Click Accept Cookies and say Never
• Clear Cookies (in case there are any)
  • Click on iDevice settings
  • Scroll down and click on Safari
  • Click Clear Cookies

“Jailbreak” or Installing 3rd Party Software

This section is aimed at the more adventurous iDevice user, who isn’t satisfied with the constraints Apple places on their devices and apps, and deliberately chooses to “unlock” or “jailbreak” their device. (The actual process of jail breaking your Apple device is out of the scope of this article.)

It’s important to understand that what actually occurs when you jailbreak your Apple device. Utilizing 3rd party software on your Mac or PC, “jailbreaking” involves installing a controlled exploit of vulnerability into your Apple iOS. This allows for the install of a custom operating system with access to the underlying file system, and the ability to install software from a 3rd party.

There are benefits to unlocking your device, but can be serious consequences as well.  If the process fails, you risk the device’s warranty being voided thus rendering your device a very expensive paper weight.

If you do choose to open your device to 3rd party software installation, not approved by Apple, your iDevices’s capabilities can be enhanced.  Beware though, 3^rd party software can provide an avenue for malware delivery, and app developers face little or no restrictions when creating apps. While malicious developers have a community of unhappy users to help keep them in-check, it’s not the same as dealing with the rigorous development rules that Apple imposes. When an app developer chooses to include a “back door” into your device or force the phone to do something that you have not approved, the chances of detection are slim.

If you unlock your device, change the root password, “alpine”, as soon as possible. The default password for the “root” account is the same on all unlocked devices. If you do not know how to do this, reconsider unlocking your device.

Keep these tips in mind, and safeguard your Apple devices.  By doing so, you can avoid a number of threats that target the Apple iOS.

Cyber Squared wants to promote safe computing practices during the holidays and throughout the year, so we are providing a blog series containing in-depth strategies for operating your new devices safely. Each blog will tackle a different security-themed topic.

This year our holiday favorites will connect to the Internet in even faster ways than their predecessors; thus, providing a convenient way for cyber adversaries to acquire your sensitive information. Beyond exposing personal information to unknown adversaries, these devices can also serve as a gateway into your home network and quite possibly reach into your work network as well.

You must serve as the first line of defense.  To do so, you need to understand the vulnerabilities your gadgets expose.  It is possible to safely enjoy your new iPhones (other smart phones), Blackberries, iPads (other tablet devices), routers, computers, and TVs.  If you couple the vendor provided “out-of-box” security with the techniques from our blog series, your personal information and your devices will be much more secure – giving you a little peace of mind.

Here are a few of the topics we will cover in this series.  Consider this blog series our holiday gift to you, and check back regularly for additional topics.

iPhones (Smart Phones)

iPhone viruses are here, and becoming infected can be as simple as opening a malicious SMS message.  If your iPhone becomes infected with this virus, the malicious entity could obtain remote control over your phone.  This problem isn’t isolated to iPhones however, other smart phones, like an Android, are just as susceptible to the same kind of attack.  Your device can fall victim to viruses if your phone is not properly patched or secure.

iPad (Tablets)

iPads are increasing in popularity.  They are convenient, lightweight and portable, and boast a fast processor for accessing favorite programs or browsing the web without delay.  Be careful though!  These devices run on similar technology to your iPhones and Computers, and are susceptible to same kinds of attacks.  Browsing to a malicious website using “Safari” can infect your iPad the very same way it could if you browsed using your laptop.

Blackberry

Blackberries have the power to make a combination of work and life flow smoother and quicker.  Like other Smart Phones on the market, the business person’s phone is not immune to attacks from malicious actors.  Zeus is an example of a Trojan virus that targets Blackberry owners.  A recent variant of Zeus has been known to do harmful things to the device such as turning it on and off, blocking phone calls, and sending SMS messages to expensive phone numbers.

Computers

Who doesn’t love a new computer?  Whether it is for gaming, for work, watching a favorite show, or browsing your favorite sports site for news and scores, these new systems can’t be beat.  Most computers are coming packaged with 30 day free trials to AV companies, which is great, but that is only a first step toward making sure your computer is secure.  Almost daily a new Trojan or Worm propagates throughout the Internet causing harm to many unsuspecting victims, and each is more harmful than the previous.

New gadgets expose new vulnerabilities.  So, what are you going to do to protect yourself?  Never connect to the Internet?  Of course not…

Embrace new technology and maximize the value of your investment, but respect the risk of exposure by  remaining vigilant and adequately protecting yourself.

Stay tuned.  We’ll tell you how.

Verizon’s Marc Spitler, and AT&T’s Brian Rexroad. Daniel O’Donnel from Network Critical and Ajay Uggirala from NetScout, and Martin Huddleston from United Kingdom (UK) Ministry of Defense (MoD) accompanied me on the panel.

In essence, cyber-attack is big business.  In 2010, studies from Symantec’s newest Norton Cybercrime Report sited that the financial losses resulting from cyber-attack were resulting in similar losses worldwide to the business of illegal drug trade – 388B. Recent studies from the UK Cabinet office state that cyber espionage and intellectual property theft account for the same or greater financial losses to all the other categories of financial loss due to cyber combined[1]. Making an assumption that cyber espionage and intellectual property theft are as significant as this report states, and many organizations either haven’t reported or simply do not know that they have been breached, I think it is safe to assume that the number as it relates to Cyber is likely higher than the Norton report states. In one example in particular, a company lost 1B in Intellectual property over the course of a couple days.  This was a technology that this company worked on for 20-plus years. Cyber presents a relatively low risk, high reward business today, and it is safe to assume that is going to get worse, before better.

Sophisticated cyber attackers are not just aiming their capabilities at big business.  It’s hard for me even to say anymore that there are companies that aren’t being targeted by sophisticated threats since the types and sizes of organizations being attacked by sophisticated threats have become so broad.  In a blog post “Cyber Espionage – Knowing You Are a Target” Cyber Squared provided some basic questions to determine if you or your business is potentially a target of a sophisticated adversary.

During the panel, I discussed that the sophisticated attacker is not your typical smart high school kid; instead we are dealing with strategic, well-funded, and motivated organizations with a plan. The unfortunate reality is that these types of organized attacks are increasing in frequency and are leveraging military grade capabilities against businesses that have immature or no past experiences dealing with such an threat.  Although the sophisticated threat is operating against strategic goals, their attack model is largely tactical.    They utilize attack tools that are just sophisticated enough to penetrate your network defenses, while holding the more powerful tools in reserve for more robust situations.

Annie our moderator at some point in the panel asked “what do you see as being the single most important approach to respond to these changing challenges “.

There were varying answers to this question from the panel.  One panelist, Martin Huddleston from UK MOD stated that a large portion of attack could be averted with simple patch management, and locking down systems.  Another panelist, Ajay Uggirala, offered the advice that combining various systems, most of which are already in place would give the organization better visibility across the attack.  Obviously both are critical; however I think the problem runs deeper than just fixing what we have. You simply can’t defend against these types of threats as you would from a common cyber attacker.  Imagine yourself defending your home against the common criminal.   You would have locks on all your doors and windows, and possibly even have an alarm system or a mean looking dog.  Now imagine that a well-trained, possibly nation-state sponsored and trained fighting force wants to infiltrate your home.  You are simply not prepared, and preparation will cost more than most organizations can afford.  We may force them to use their more advanced capabilities by tightening down our security controls and having better visibility across our networks, but the likelihood that this will be good enough to stop a highly motivated and dedicated attacker, is difficult for me to imagine.

I said something during the panel, which likely made some, or maybe all of the audience cringe.  I said that you should be operating your network as though the sophisticated threat is already inside, because they probably are, and if they aren’t today, they will be at some point.  To further clarify this statement, one must remember that the threat is persistent; they don’t try and move on, they make it their job “literally” to gain and maintain access to your network. Here are a few thoughts that I would share with any organization that believes that they may be targeted by a persistent sophisticated threat.

• The first step in understanding your risk is to understand the threat that is targeting you.  You can’t count on Symantec or McAfee providing you a burglar alarm for the sophisticated threat, instead you need to understand how the adversary will approach, what tools they will utilize, and how once they are in your network – you can continue to do business.  It’s a strategic effort to counter a strategic adversary.
• Make investments in countering the particular threat that has, is, and will be targeting you.   Make investments in the people whom understand this threat.  Although generalists are good, it is critical to realize that no one person can answer all questions.  Utilize products that provide dynamic capabilities to defend against the attack and that allow constant adaptation given changes in the tactical capabilities of the threat. Practice as though you are being attacked.  The threat does this every day, and you are only one stop along their way.
• Share and collaborate your experiences about the threat.  This is critical because you are one stop along the road, or potentially being targeted similarly to your business partners and/or competitors.  We can become stronger as a group than you are on your own.
• Instrument defenses to allow community knowledge of the attacker.  This is critical because the security community takes days, weeks, and months to make a change, while you and your partners can immediately share indicators or patterns of attack, and use this information to defend against the attack.

I enjoyed the opportunity to speak as a member of the panel and hope that the TM Forum will invite me back in the future.