Category Archives: Cyber Security

Cyber Warfare Is Bigger and Scarier Than You Think, Security Expert Says

170121-N-FI568-020 PENSACOLA, Fla. (Jan. 21, 2016) Cryptologic Technician (Networks) 1st Class Brandon Janice, a Joint Cyber Analysis Course instructor at Information Warfare Training Command (IWTC) Corry Station, helps a high school student, complete cybersecurity challenges during the third annual CyberThon event at Naval Air Station Pensacola. CyberThon provides northwest Florida high school and college students an opportunity to gain experience in cyber defense and engagement procedures under the instruction of active industry experts. IWTC Corry Station staff members volunteered to act as mentors for participating students. (U.S. Navy photo by Mass Communication Specialist 2nd Class Taylor L. Jackson/Released)
U.S. Navy photo by Mass Communication Specialist 2nd Class Taylor L. Jackson/Released

Applied Technology Institute (ATIcourses) offers a variety of courses on Cyber Security.  We thought the information below would be of interest to our readers.

Cyber Leader Course (CLC)

Cyber Security – Certified Ethical Hacker (CEH)

Cyber Warfare – Global Trends- D131

Of all the keynotes at this year’s t3 Enterprise conference in Las Vegas, the one most illuminating and alarming was delivered by Isaac Ben-Israel, the chairman of the Israel Space Agency and head of the Israeli Ministry of Science, Technology and Space. A military scientist who is also a retired general of the Israel Defense Forces and former member of parliament, Ben-Israel presented his views on the development of artificial intelligence and the impact it has on the cyber threats that can lead to ransomware attacks or breaches such as the one Equifax experienced this year.

Using the Stuxnet virus, which took an Iranian uranium facility offline, Ben-Israel noted that real physical effects — in this case the collapse of the centrifuge machines — can result from “virtual” information such as the computer virus. This led him to propose four false dogmas relating to cyber warfare.

First, cyber warfare is not only about information, as evidenced by the Stuxnet virus.

Second, cyber warfare is not only about the internet — the Iranian facility wasn’t even connected to the internet.

Third, cyber warfare is not only about computers, as there was not a computer to be seen in the Iranian nuclear facility. Stuxnet attacked the centrifuge machine controllers instead of computers.

Finally, cybersecurity is not only about technology, as without taking into account the psychology of individuals and social behavior, legal problems or business considerations, one would not be able to choose the right technology to develop in the first place.

Ben-Israel says cyber security is simply the dark side of computing, and our industry is tasked with minimizing that dark side by taking preventative steps.

Enter artificial intelligence based on machine learning algorithms, now known as deep learning.

AI plays two distinct roles in the financial advisor community, first as intelligence to drive trading — Ben Israel estimates 95% of all trades in the exchanges are now computer-driven — and AI also is the underpinning of modern robo software that is increasing in popularity.

However, AI may play a bigger role in the future, as the engine in cybersecurity tools that help prevent socially engineered phishing attacks and viruses from impacting the machines and networks that increasingly are the lifeblood of businesses.

He left the audience with some points to ponder. “When we make a biological virus, we have to check that it won’t cause a pandemic,” said Ben-Israel. “But, we don’t have to do that for computer viruses.”

His final, echoing thought: “You have to run very fast to be one step ahead with cybersecurity … if you want to survive.”

 

 

Cyberwarfare: US Launched DDoS Attacks Against North Korean Spy Agency

Applied Technology Institute offers a variety of courses on Cyber warfare and Cyber Security.

  1. Cyber Leader Course (CLC)
  2. Cyber Security – Certified Ethical Hacker (CEH)- D124
  3. Cyber Warfare – Global Trends- D131

We think the news below would be of interested to our readers.

The United States has reportedly been engaged in offensive cyber attacks against North Korea, but with no destructive results. According to a report by the Washington Post, President Donald Trump signed a directive earlier this year of putting pressure on North Korea that involved several diplomatic and cyber-military actions, including using cyber activities against the country.

The United States Cyber Command, which was elevated to a Unified Combatant Command by the President earlier this year, targeted North Korea’s military spy agency, the Reconnaissance General Bureau. The attack was a distributed denial of service (DDoS) campaign with an aim to flood North Korean spy agency’s servers with traffic, crippling its access to the internet.

“The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries,” the White House had said when the President had elevated its status to a combatant unit. “Through United States Cyber Command, we will tackle our cyberspace challenges in coordination with like-minded allies and partners as we strive to respond rapidly to evolving cyberspace security threats and opportunities globally.”

It is unclear when exactly the DDoS attack was launched and how long it lasted, but the Post said that the operation “was due to end” on September 30. The overall campaign – that included a diplomatic campaign to push other countries to sever all ties with Pyongyang – was started in March, this year.

The officials in the US believe that the campaign wasn’t destructive and was merely designed to put pressure on the country. “Nonetheless, some North Korean hackers griped that lack of access to the Internet was interfering with their work,” WaPo reported citing an official. While North Korea isn’t going to find any vocal allies, the latest DDoS attack does make a point that the United States is capable of crippling an adversary’s cyberwar capabilities, even if temporarily.

Russia started providing a second internet route for North Korea, that showed up on Dyn Research according to Security Week. “In effect, it went live with a stable link between Russia and North Korea shortly after the US Cyber Command action finished,” the report adds. Analysts believe that with the DDoS attacks, the US could have had two goals: send a warning to the country and push it to reveal its other channels of internet access or use those that are potentially being monitored.

Some, however, worry that the operation – while not destructive when looked through the US officials’ eyes – might be taken as an act of war by the North Korean administration that could retaliate against the United States using its critical infrastructure that some believe has already been compromised.

Russian hacker group ‘CyberBerkut’ returns to public light with allegations against Clinton

CyberBerkutCyberBerkutA Twitter account tied to a group that the Defense Intelligence Agency recently described as “Russian hackers … supporting Russia’s military operations” returned to the spotlight Wednesday by posting a message that alleges Ukrainian government officials and businessmen laundered money and sent it to Hillary Clinton by making donations to the Clinton Foundation.

These allegations, a vague and loosely defined set of financial connections described in a single graphic and related blog post, could not be confirmed. The blog post alludes to an inappropriate relationship between Ukrainian billionaire Victor Pinchuk and the Clinton family. But emails that were supposedly stolen and posted in this blog post do not prove that such a conspiracy occurred. An attempt to contact the group went unanswered.

The Tweet posted Wednesday by this “CyberBerkut” group is the first such message posted publicly since January after the account shared an image of a redacted email it claims revealed plans by the U.S. government to doctor evidence to suggest that Russian hackers had interfered in the 2016 U.S. election.

Read More Here.

Russian hacker group ‘CyberBerkut’ returns to public light with allegations against Clinton

CyberBerkut

 

A Twitter account tied to a group that the Defense Intelligence Agency recently described as “Russian hackers … supporting Russia’s military operations” returned to the spotlight Wednesday by posting a message that alleges Ukrainian government officials and businessmen laundered money and sent it to Hillary Clinton by making donations to the Clinton Foundation.

These allegations, a vague and loosely defined set of financial connections described in a single graphic and related blog post, could not be confirmed. The blog post alludes to an inappropriate relationship between Ukrainian billionaire Victor Pinchuk and the Clinton family. But emails that were supposedly stolen and posted in this blog post do not prove that such a conspiracy occurred. An attempt to contact the group went unanswered.

The Tweet posted Wednesday by this “CyberBerkut” group is the first such message posted publicly since January after the account shared an image of a redacted email it claims revealed plans by the U.S. government to doctor evidence to suggest that Russian hackers had interfered in the 2016 U.S. election.

HACKING TRIDENT: A Growing Threat

This 38 page paper reviews the growing potential for cyber-attack on the UK’s operational fleet of Vanguard-class submarines armed with nuclear-tipped Trident II D-5 ballistic missiles, and some of the implications for strategic stability. http://www.basicint.org/sites/default/files/HACKING%20UK%20TRIDENT.pdf

Malware injection during manufacturing, mid-life refurbishment or software updates and data transmission interception allow potential adversaries to conduct long-term cyber operations. BASIC has already highlighted the future potential for emerging technologies to deliver high confidence in global detection of submarines.1 Future weaponized underwater drones may facilitate close proximity kinetic and cyber-attacks on ballistic missile submarines (SSBNs).

The report concludes that the vulnerability to cyber attacks is real. It can be reduced by significant, vigilant and continuous cyber protection, but cannot be eliminated. It is therefore essential that in addition to significant investment in cyber defense, those responsible also need to consider strategies that build resilience within the systems, and to incorporate this threat into broader assessments relevant to the choice of weapon systems, platforms and broader defense and security strategies

For more information on this cyber threat, visit the article: https://www.linkedin.com/pulse/hacking-nuclear-submarines-matthew-rosenquist

The Applied Technology Institute (ATI) offers courses in cyber security to help government and private facilities worldwide from learning how to mitigate or prevent such occurrences. Among the courses ATI offers in cyber security is Cyber Leadership Course (CLC) with the following upcoming dates in Hanover, Maryland:

http://www.aticourses.com/Cyber_Leader_Course.htm
September 6–7 2017 and October 1–2 2017.

In addition, ATI offers Tactical Digital Forensics from December 4–15 2017, also in Hanover, MD.

For more information or to view ATI’s schedule of courses, visit aticourses.com or contact us at (410) 956-8805.

Protecting Against the Cyber Insider Threat

This is a good article on protecting against the cyber insider threat. I quote below the action items, but you should read the full article for more insight.

https://www.linkedin.com/pulse/cyber-insider-threat-mellisa-wagner?trk=prof-post

What you can do

There are ways you can protect your organization’s (and your customer’s) data. It’s not difficult, but it will require diligence.

  1. On-board your employees in a consistent manner that properly trains them in cyber vulnerabilities
  2. Maintain this training regularly
  3. Assess your organization’s and employee’s weakness so you can better mitigate cyber vulnerabilities and risks
  4. Understand cyber risks

Your IT professionals aren’t the true gatekeepers – your employees are! 

ATIcourses offers several practical cyber security training programs that can help with the ongoing need for cyber technical training. 

Cyber Leadership Course(CLC)

Cyber Security -Practical Boot Camp

Cyber Security, Communications & Networking courses