Google Accounts Of US Military, Journalists Targeted By Russian Attack Group

The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks. A Russian attack group used the Bitly URL-shortener to disguise malicious links in order to carry out spearphishing campaigns not only against the Democratic National Committee, but also against some 1,800 Google accounts of US military and government personnel and others. Researchers at SecureWorks Counter Threat Unit today said the spearphishing campaign, carried out in mid-2015 by Threat Group 4127 (TG-4127), mostly targeted people inside Russia and former Soviet states, but it also targeted individuals who were publicly critical of the Russian Federation or who had information valuable to the Russian Federation.  SecureWorks tracks them as Threat Group 4127 (TG-4127), but "components of their operations have been reported under the names APT28, Sofacy, Sednit, Fancy Bear, and Pawn Storm" by other security companies.
SecureWorks assesses with "moderate confidence" that TG-4127 operates from the Russian Federation and gathers intelligence on behalf of the Russian government. The group registered the domain "" to host a spoofed Google login page, and used the Bitly URL-shortener to cloak that location within the spearphishing messages.
In all, some 1,881 Google account users were phished.
Some were only sent one message, while others were sent several; the attackers used a total of 4,396 phishing URLs. Betweeen March 2015 and September 2015, 59% of the malicious URLs were accessed, "suggesting that the recipients at least opened the phishing page," and were possibly compromised.  SecureWorks believes that TG-4127's information-gathering efforts primarily focus on individuals and organizations inside Russia and former Soviet states However, certain groups in the US and Western Europe are also targeted. The researchers break TG-4127's Western targets into two main groups: those who are publicly critical of Russia, including journalists, activists, NGOs, and authors; and those who have information that is useful to the Russian government, like current and former US military personnel, government personnel, and people in the defense supply chain.   The group also targeted a considerable number of authors who write about being military spouses or family members -- 22% of the targeted authors and journalists fell into that category, compared to 53% who were experts on either Russia or Ukraine.
SecureWorks theorized that the attackers might be looking for information on "broader military issues in the US or gain operational insight into the military activity of the target's spouse." Of the current and former military and government personnel targeted (excluding the "military spouses"), 64% were American personnel, according to SecureWorks' report. The cybersecurity industry was also in the bullseye. Other targets included a security consultant for NATO and the director of federal sales for the security arm of a multinational technology company.
It is not clear how many organizations were actually compromised through this campaign.  Related Content: Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights

What Security Teams Need to Know about the NIAC Report

Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?

The Hidden Dangers Of 'Bring Your Own Body'

The use of biometric data is on the rise, causing new security risks that must be assessed and addressed. The term “BYOB” might have more interpretations than you think.
Increasingly, in the area of enterprise security and data, it could mean “bring your own body.” The use of biometric data, in both consumer and enterprise technology, is on the rise.

The average worker in a business environment now generates more types of data more quickly than ever, and at higher volumes.
Increasingly, some of that data might be biometric. To understand the sensitive role of biometric data in enterprise information governance, you first have to understand its basic nature -- mainly, that it is very difficult to alter and often inextricable from the individual that it came from. You can easily change your debit card number if it has been stolen, right? But doing the same for your fingerprints or iris is impossible.

Biometric information doesn’t simply provide a code or number permanently assigned to a person, it provides a measure of that person.

Biometric systems provide data on the fundamental physical identity of the self -- a self that has the right to change jobs, move on from an organization, and still have the reasonable expectation that his or her identity and data will remain protected. So, for professionals who work in information governance, this brings up two critical questions: 1. Who, exactly, has ownership of this data? 2. How should the business manage this data? The first, unfortunately, is nearly impossible to answer now. Privacy laws for nonmedical biometric data are still nascent in the US, and determining data ownership between the enterprise and the individual can be difficult and is influenced by many variables. Many businesses harbor some sort of biometric data originating from employees.
So, while the first question may remain unanswered now, it’s clear that data management itself must be considered before biometric data becomes more commonplace.

Failure to think about governance and security practices today could mean beginning too late to prevent a breach or misappropriation tomorrow. There may not be that much biometric data currently in the average enterprise, but its use is on the rise.

Both the private and public sectors probably (and legally) have some of your biometric data right now.
If you’ve ever worked for a government-affiliated organization and achieved any type of security clearance, it has your fingerprint data.
If you have a US driver’s license  -- even if you have no criminal record -- there’s a good chance that the FBI is already analyzing your photo for a facial-recognition database.

The information that HR departments handle on a regular basis -- Social Security numbers, home addresses, health insurance details, tax information, etc. -- all pose threats to privacy and security that are practically incomparable to traditionally stolen data types such as credit card numbers. These hypothetical threats may seem nebulous given today’s relatively low use of biometrics in the average business, but they’re still a concern.
If a regular breach of business documents is a disaster, one with inherently personal data is a legal, monetary, and PR disaster. As of 2016, the average three-year cost of a breach in the US is $4 million over three years, and the average cost of an individual breached business record is $158.

Because most of these breaches until now have been of more traditional data types such as business records, emails, and financial data, the enterprise should expect increasing costs with the availability of increasingly granular data belonging to individuals.

The most-prized data types currently are those that the individual can’t change; medical records have far surpassed credit card numbers in their value on the black market.
It’s not unlikely that personal biometric data -- especially types that are unalterable -- will have similar value. The most logical first step for today’s information governance professionals would be to simply identify what biometric data may exist within the enterprise.

This can include (but isn’t limited to) the following: Fingerprints Iris scans/images Close-up facial photos EEGs (used in neuromarketing research) Fitness tracker and heartrate data Personal handwriting and signatures Once that’s done, mapping the potential locations where that data exists is necessary to determine where the most likely risks exist. Possible places that biometric data reside within the enterprise can include: File-sharing environments Archives and information governance platforms Building entry and physical security systems Third-party password management software Productivity platforms (such as Evernote) Scanned and photographed note repositories Enterprise social media accounts Software-as-a-service products The key objective for the immediate future is to determine what’s within the realm of control, and how security can be strengthened for the locations where there is most likely to be sensitive items.

This relatively simple task today will be important for the future, regardless of how common biometric data becomes in business. So “bring your own body” isn’t quite the HR policy violation it sounds like.
It’s a call to action for information governance and security.
It’s time to identify sources of employee biometric data, and to ensure that it is properly governed and secured within enterprise systems.  Related Content: Kon Leong is CEO/Co-founder of ZL Technologies.

For two decades, he has been immersed in large-scale information technologies to solve "big data" issues for enterprises. His focus for the last 14+ years has been on massively scalable archiving technology to solve records ...
View Full Bio More Insights

The Problem with Data

The sheer amount of data that organizations collect makes it both extremely valuable and dangerous.

Business leaders must do everything possible to keep it safe.

The Folly of Vulnerability & Patch Management for ICS Networks

Yes, such efforts matter.

But depending on them can give a false sense of security.

Microsoft to Buy Hexadite for AI, Enterprise Security

Acquisition of Israeli security startup aims to strengthen Windows 10 security with artificial intelligence, company says.

Security Worries? Let Policies Automate the Right Thing

By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.

Best Practices for Securing Open Source Code

Attackers see open source components as an obvious target because there's so much information on how to exploit them.

These best practices will help keep you safer.

Mandia Replaces DeWalt As CEO Of FireEye

In major shake-up of company's top brass, DeWalt moved to executive chairman.In a major reshuffle of the company’s top management, FireEye has appointed existing president Kevin Mandia to take over as CEO from David DeWalt, who will stay on as executive chairman.

DeWalt was previously also board chairman.In addition, Mandiant president Travis Reese has been named FireEye president, while Mike Berry, chief financial officer, gets the additional responsibility of chief operating officer.

Board member Enrique Salem has been appointed lead independent director. These moves were made with a view to strengthening the company’s position globally and to “prepare for growth opportunities going forward,” according to FireEye. Mandia is the founder of Mandiant, which FireEye acquired in 2013. “With the combination of FireEye services, intelligence, and products, I believe that our global threat management platform is poised to dominate the future of cybersecurity, and we’ve taken steps to create a senior leadership team that can build on this opportunity,” Mandia said. These executive changesl take effect on June 15 For more on this story, see FireEye's announcement here. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full BioMore Insights

Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled

Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame. Although ISIS has not officially acknowledged or laid claim to a hacktivist group, there are several acting on the terrorist organization's behalf. New groups are emerging at an accelerate rate, others are joining forces, they're expanding their list of targets, but thankfully their capabilities are currently unsophisticated, according to a new report by Flashpoint.   The groups are low on homegrown hacking talent and have little success recruiting highly skilled attackers to the cause.

The most skilled hackers known to be connected to these groups: Jumaid Hussain (a.k.a.

Abu Hussain al-Brittani, a.k.a. "TriCk"), British citizen and previously a member of TeaMp0isoN.
Served time in British prison for hacking Tony Blair. Upon release, fled the United Kingdom to fight with ISIS.

Became leader of Cyber Caliphate Army, the first pro-ISIS hacking squad. Killed by an American drone strike in Raqqa in August 2015.    Ardit Ferizi (a.k.a. "Th3Dir3ctorY"), Kosovo citizen.

Believed to be the leader of the Kosova Hacker’s Security (KHS) hacking group, which is not a pro-ISIS group.

Ferizi allegedly hacked an unnamed victim organization, stole personal data -- including physical location -- of approximately 1,350 U.S. government and military personnel, then passed it to Hussain.  Hussain then published it on Twitter, with a message encouraging attacks on the individuals (and branding the data dump for "Islamic State Hacking Division," not Cyber Caliphate Army).

Ferizi was arrested in October and is the first person to face charges of cyber terrorism in the U.S. courts.
If convicted, he faces up to 35 years in prison.  Siful Haque Sujan, British-educated Bangladeshi citizen, who replaced Hussain as the leader of Cyber Caliphate after his death.
Sujan was also killed by a subsequent American drone strike in Raqqa in December 2015. One place that new recruits are both found and trained is the Gaza Hacker web forum, which is full of educational resources, according to the Flashpoint report. The pro-ISIS hacking groups tend to coordinate their attacks in private...but not very private. "We believe that while private communications between hackers takes place, they rely heavily on social media to generate support for their campaigns," the report states.

Flashpoint analysts have seen "security-savvy jihadists, but not necessarily hackers, [emphasis added] using encrypted online platforms for communications, such as Surespot and Telegram." Social media are used to declare intent of attacks, often with hashtags. Yet, some of the threats and claims may not be entirely genuine, according to analysts.

For example: When Hussain published the personal and location data on US government and military officials that Ferizi had allegedly provided, he stated they came from sensitive databases, but Flashpoint believes the data came from unclassified systems and that no military systems were compromised.  When the Islamic Cyber Army (users of the #AmericaUnderAttack hashtag) claimed they had "a list containing '300 FBI Agents emails hacked.' However, as purported FBI emails/passwords are a staple of low-level hacker dumps, Flashpoint analysts cross-checked the data and found that the list was a duplicate of a LulzSec leak from 2012." The Flashpoint report goes on to explain that the Islamic Cyber Army also defaced an Azerbaijani bank. "Lacking sophistication, ICA resorted to attacking any low-hanging fruit in its anti-American campaign, regardless of target relevance." Rabitat Al-Ansar used to be solely a propaganda engine until it added hacking.

A subgroup claimed to have obtained American credit card account information and told followers to use the information "for whatever Allah has made permissible." Yet, Flashpoint analysts' findings suggest that the data was not pilfered by Rabitat Al-Ansar hackers themselves, but rather, "may have been sourced from the so-called 'Scarfaze Hack Store.'" Despite their current limitations, Flashpoint researchers state that pro-ISIS hackers' "willingness to adapt and evolve in order to be more effective and garner more support indicates that while these actors are still unsophisticated, their ability to learn, pivot, and reorganize represents a growing threat." Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full BioMore Insights

Preparing For The Future Of Online Threats

Gaze into the crystal balls of a panel of forward-thinking security experts during Dark Reading's virtual event, tomorrow, Nov. 15. Where will cybercrime be in three years? In five? And what new exploits will attackers be using and vulnerabilities will they be seeing? Join me and a panel of industry security thought leaders as we ponder the future of online attacks – and how your organization can prepare today for tomorrow’s new exploits. My guests include Cheryl Biswas, cybersecurity analyst for threat intel at KPMG; Keith Brogan, managing director, Deloitte Cyber Risk Services; Thom Bailey, head of product marketing for endpoint, Sophos Central, and security analytics, Sophos; and Brian NeSmith, co-founder and CEO, Arctic Wolf. We’ll be tackling a range of critical questions and issues, among them, Where the new battlegrounds are in terms of actors - hackers, criminals, nation states - and threats; How to build a security organization and integrate actionable intelligence into daily operations; What technology breakthroughs are on the horizon and how that will change cyber defense; Future-proofing the human failures in online attacks.   I hope you’ll join me tomorrow, November 15, from 3:45pm – 4:30pm ET for the "The Future Of The Online Threat" panel during Dark Reading's virtual event, Rethinking Your Enterprise IT Security Strategy.
It’s free to register and you can chat online with the panelists immediately after the session. For more information on keynote speakers and other discussion topics, check out the information below: Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path.  Related Content: Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ...
View Full Bio More Insights

Staying in Front of Cybersecurity Innovation

Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.