Information Security News
Posted by InfoSec News on Jul 19Forwarded from: d.lin (at) icitst.org
Posted by InfoSec News on Jul 19http://www.afr.com/p/national/huawei_spies_for_china_says_ex_cia_QoPS9JWsvg6bMYqmPbtqLK
Posted by InfoSec News on Jul 19http://www.koreaherald.com/view.php?ud=20130719000709
Posted by InfoSec News on Jul 19http://www.computerworlduk.com/news/security/3459487/hackers-breach-nasdaq-community-forum-website/
A code of conduct for young hackers
r00tz is the amazing kid-track of programming at DEFCON, the giant hacker conference held annually in Las Vegas. The organizers have created a "code of conduct" for young hackers that is good advice for anyone doing infosec work, or exploring computers ...
South Korea confronts uphill battle against hackers
The Korea Herald
“The existing security solutions cannot block APT attacks, so we need a new protection system,” said Shin Soo-jung, CEO of information security firm Infosec Co. Amid growing concerns over cyber security, the Korean government announced a comprehensive ...
This week fellow handler Chris posted about gathering intelligence from Blog Spam, and the SANS ISC has posted a number of times about Cyber Intelligence as a valuable resource, and as by now you all should know that Russ may have posted on his Blog about CIF, the Collective Intelligence Framework.
CIF, out of the box links with only a little bit of configuration with a number of automated ingested intelligence feeds, including some from the SANS ISC.
So, once you have all this open source intelligence gathered, we know that one of the powers of CIF is that you can produce SNORT rules, IPTABLES rules etc, but that is only the start.
MITRE has this year released definitions for STIX, TAXII and CYBOX to aid in this space, to allow analysts to describe and transfer cyber intelligence from place to place, from peer organisation to peer organisation, or indeed from cyber intelligence hub to their members. There are other ways this has been defined, and IODEF is one of those.
So, what is the next step, assuming you have implemented some sort of automated intelligence gathering operation, you will have a database or similar now full of actionable information. How do you apply that to your organisations, how do you enrich that information to make it true actionable intellgence.
The next step is to bolt into (or implement if you have not already) the automation you have in place within your organisation to search your security logs for potential hits for these indicators.
Examples here can include utilising the SPLUNK! API to automate the searches for C2 indicators, or other searches across your logs using regex of the data you have collected. A good open source example of this is using MalwareSigs to provide regular jobs you can run to search for badness.
So, once your searches have found hits, what do you do with them? You should certainly automate, or at least make as light touch as possible as many of your processes as possible. Automation of blocking / recategorisation of IP's/Domains which intelligence shows as being highly likely to be malicious could be blocked automatically with the understanding that its not always 100% accurate and may have an impact.
Which other examples can you think of which would allow the automation of intelligence lead analysis to releave you, your team members and your organisation from what will become the Cyber Intelligence Tsunami?
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
They won't hack me
Crain's Cleveland Business (blog)
One of the reasons we in Infosec hear most often as to why smaller businesses don't make security more of a priority is that their data isn't interesting enough to steal. Perhaps your widgets are (in your estimation) in a niche that, while lucrative ...
New DDoS attacks launched, targeting online newspapers
According to CMC Infosec, a security firm, while considering the measures to fight against the DDoS attacks to online newspapers recently, internet security agencies found the malware pieces that created botnets, and discovered a malicious piece called ...