[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 222.mp3[/podcast]
ISDPodcast Episode 222 for September 28, 2010. Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.
The Louisville Metro InfoSec Conference:
When: Thursday, October 7th, 2010
Where: Churchill Downs
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St. Suite 600, Atlanta, Ga (The Earthlink Bldg).
MyHardDriveDied.com Data Recovery Class:
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.
SANS Mentoring Program:
Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.
Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.
When: Oct 15-17 2010
Where: Nashville, TN
When: Oct 23-24 2010
Where: Charleston, WV
Stories of Interest:
Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target — a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran’s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.
Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.
Experts from Iran’s Atomic Energy Organization also reportedly met this week to discuss how to remove the malware.
Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month later Microsoft acknowledged that the worm targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies.
Those control systems, called SCADA, for “supervisory control and data acquisition,” operate everything from power plants and factory machinery to oil pipelines and military installations.
According to researchers with U.S.-based antivirus vendor Symantec, Iran was hardest hit by Stuxnet. Nearly 60% of all infected PCs in the earliest-known infection were located in that country.
While the Stuxnet worm attack has raised the bar for targeted attacks on the critical infrastructure, it’s not the first time the power grid has been in the bull’s eye. Attacks against these systems are actually quite common — it’s just that they are mostly kept under wraps and rarely face public scrutiny like Stuxnet has.
Nearly 60 percent of critical infrastructure providers worldwide, including oil and gas, electric, and telecommunications, say they have been targeted by “representatives” of foreign governments, according to a study published earlier this year by The Center for Strategic and International Studies and commissioned by McAfee. More than half of the respondents had experienced a targeted, stealthy attack akin to the Aurora attacks that hit Google, Adobe, and nearly 30 other companies earlier this year. In addition, nearly 90 percent of the respondents said their networks had been infected with malware, and more than 70 percent had been hit with low-level DDoS attacks and vandalism, insider threats, leakage of sensitive data, and phishing or pharming.
As reported last week, Stuxnet has shed light on just how vulnerable their control systems really are, and as the first known malware attack to target power plant and factory floor systems, it has been a wake-up call for the potential damage that could be inflicted on a power plant and the potential consequences to the physical world. Though no one knows for sure who created and launched it (speculation has pointed to nation-state sponsorship) or what the endgame really was, the concentration of infections has mostly been in Iran and India. Nearly 60 percent of Stuxnet infections were located in Iran, according to Symantec.
Speculation that the worm was specifically gunning for Iran’s nuclear power plant gained a bit more traction in the past couple of days: Iran’s official news agency reported over the weekend that Stuxnet had infected employee machines at the plant, according to an AP report. And some 30,000 IP addresses had been across Iran, according to other reports.
Although some computers at Iran’s Bushehr nuclear reactor were infected by the Stuxnet worm, none of the facility’s crucial control systems were affected, Iranian officials claimed Sunday.
The news followed Saturday’s admission by Iran that Stuxnet had infected at least 30,000 computers in the country. The worm, which researchers have dubbed the most sophisticated malware ever, targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility companies.
Those control systems, called SCADA, for “supervisory control and data acquisition,” manage and monitor machinery in power plants, factories, pipelines and military installations.
“The studies show that few PCs of Bushehr nuclear power plant workers are infected with the virus,” Mahmoud Jafari, the facility’s project manager, told Iran’s state-run Islamic Republic News Agency on Sunday.
Romanian authorities said they have detained a man suspected of absconding with more than $3m by snaring 3,305 eBay employees in a spear phishing campaign last year.
Liviu Mihail Concioiu is under investigation for carrying out two phishing attacks that were directed solely at eBay employees, according to a press release (translation here) from Romania’s DIICOT agency. In the first, he netted user names and passwords for 1,784 employees and in the second he got another 1,521 employee credentials.
The suspect then used 417 of the stolen accounts to log in to eBay’s internal network, where, according to computer-forensics expert Gary Warner of the University of Alabama at Birmingham, he accessed details about high-value eBay customers.
With that information, Concioiu was able to fleece 1,183 eBay users of more than $3m. One of the reasons the scam was so successful, Warner said, was its extremely small footprint. The detailed information about high-value customers allowed him to fly under the radar of traditional phishing defenses because he sent out relatively few emails compared with more common phishing attacks.
To say the least, it’s a startling revelation that more than 3,300 eBay employees were tricked into turning over credentials to highly restricted parts of their company’s network.
One of the fastest growing segments of the world economy is cybercrime. The opportunity is created by the inexorable digitization and interconnection of enterprises both Government and Commercial, and is exacerbated by increasingly sophisticated and well-funded attackers. The modern IT security approach to countering this threat has been reactive, not proactive. Intrusion detection systems, firewalls, Web filters, anti-malware software and Patch Tuesdays represent the state of the art, and while there are a lot of great security products and technologies available, the concept of allowing connectivity to critical information and networks while trying to filter and detect malicious activity is fundamentally flawed. The black hats simply change tactics to circumvent defenses, they are always one step ahead.
- Learn from Others’ Mistakes
- Do your Homework
- What Not to Do
- Ask the Experts
Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.
Skimming can occur in a few different ways;
- Wedge Skimming
- POS Swaps
- ATM Skimmers
- Data Interceptors
- Dummy ATM’s