McAfee » public sector http://blogs.mcafee.com Blog Central Thu, 30 Oct 2014 21:39:39 +0000 en-US hourly 1 Operation Dragonfly Imperils Industrial Protocol http://blogs.mcafee.com/mcafee-labs/operation-dragonfly-imperils-industrial-protocol http://blogs.mcafee.com/mcafee-labs/operation-dragonfly-imperils-industrial-protocol#comments Wed, 02 Jul 2014 19:52:54 +0000 http://blogs.mcafee.com/?p=36338 Recent headlines (here and here) may have struck fear into those living near major energy installations due to references about the Stuxnet malware. In 2009, this particular strain of malware caused significant damage to the Nantanz nuclear facility, reportedly destroying a fifth of Iran’s nuclear centrifuges. Recent reports about Operation Dragonfly, however, appear to be […]

The post Operation Dragonfly Imperils Industrial Protocol appeared first on McAfee.

]]>
Recent headlines (here and here) may have struck fear into those living near major energy installations due to references about the Stuxnet malware. In 2009, this particular strain of malware caused significant damage to the Nantanz nuclear facility, reportedly destroying a fifth of Iran’s nuclear centrifuges. Recent reports about Operation Dragonfly, however, appear to be focused on espionage (at least for now), and the scope of the attack appears to be considerably broader than that of Stuxnet.

The various elements associated with Operation Dragonfly draw comparison with Operation Shady RAT; in which at least the first phase targeted specific individuals via email. Beyond the specifics of the operation, however, Operation Dragonfly raises very significant concerns regarding the safety of systems that comprise our critical infrastructure, and in particular regarding the ever-growing supply chain.

This threat was covered in detail in the recently published book “Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure,” coauthored by Raj Samani and Eric Knapp, and edited by Joel Langill. The espionage from Dragonfly could lead to another attack. In the book the authors write: “the SCADA and automation systems within the grid also provide a blueprint to the inner workings of the grid operations. This is valuable intellectual property that could be used for malicious purposes ranging from the influence of energy trading to the development of a targeted, weaponized attack against the grid infrastructure or against the grid operator.”

One of the primary tools leveraged in Operation Dragonfly is Havex. The Havex remote access tool (RAT) can be traced back to (at least) mid-2012 and is not necessarily exclusive to this attack or campaign or actor. Havex is closely related to the SYSMain RAT, and may even be a derivative. We have also observed them used in conjunction. The Trojan is distributed via spear phishing, watering-hole attacks, and by inclusion in exploit kits (such as LightsOut). This family takes advantage of OLE for Process Control (OPC) servers.

The method by which the Havex RAT targeted industrial control systems owners was clever. In addition to spear phishing, the control system vendors’ websites were used as watering holes, ensuring that the delivery of the RAT was highly focused. The next stage, the enumeration of OPC servers, is also clever and very concerning. The malware focuses enumeration on OPC Classic, which lacks the security features of newer OPC variants, and indicates that the attacker is knowledgeable about industrial security—a niche that, to some, benefited from “security through obscurity.” The biggest concern, therefore, is that once again we’re seeing malware targeting an industrial protocol.

In “Applied Cyber Security” the authors wrote, “Industrial protocols in and of themselves represent a challenge to cyber security. … Because most of these protocols provide command and control functionality to the system, an interruption could result in the failure of [a variety of critical systems].

“Industrial protocols in and of themselves represent a challenge to cyber security. … Because most of these protocols provide command and control functionality to the system, an interruption could result in the failure of substation automation, dynamic load management, fault isolation, and even protection systems.”

By specifically targeting OPC Classic, the attacker is likely to discover more vulnerable legacy systems. OPC is extremely common, and can interface with a variety of key systems within almost every industrial environment, from almost every sector. From a network design perspective, OPC uses a wide range of ports; unless OPC is tunneled, firewalls allowing OPC are as open as Swiss cheese. Although there’s still a lot to learn about Havex, this event should inspire asset owners to harden OPC servers, and to assess their networks with this type of attack in mind. Inspection and enforcement of OPC using application-layer firewalls is a good start. Without an industry-wide effort to stem the inherent vulnerabilities in OPC, Havex could prove itself to be another devastating “industrial” RAT—alongside DisktTrack (a.k.a. Shamoon), Duqu, Stuxnet, and Gauss—capable of remote command of control systems. That is something that no one wants to see happen.

For more information, please refer to “Applied Cyber Security and the Smart Grid.”

The post Operation Dragonfly Imperils Industrial Protocol appeared first on McAfee.

]]>
http://blogs.mcafee.com/mcafee-labs/operation-dragonfly-imperils-industrial-protocol/feed 0
Don’t Forget Investments in Cyber Talent http://blogs.mcafee.com/business/security-connected/dont-forget-investments-cyber-talent http://blogs.mcafee.com/business/security-connected/dont-forget-investments-cyber-talent#comments Mon, 05 May 2014 15:22:33 +0000 http://blogs.mcafee.com/?p=35230 At McAfee we’re dedicated to providing the most comprehensive and effective toolsets to defend against dangerous cyber threats. This mission is at the core of why we exist as a company. And as cybersecurity experts in DC, we recognize the important components that go into an effective cybersecurity strategy for government entities. These organizations need […]

The post Don’t Forget Investments in Cyber Talent appeared first on McAfee.

]]>
At McAfee we’re dedicated to providing the most comprehensive and effective toolsets to defend against dangerous cyber threats. This mission is at the core of why we exist as a company. And as cybersecurity experts in DC, we recognize the important components that go into an effective cybersecurity strategy for government entities. These organizations need the best firewall, the most sophisticated diagnostic and monitoring tools and the most advanced threat detection technology (the Security Connected platform that ties them all together doesn’t hurt either).

But as our country thinks about making the best investments to protect our cyber infrastructure, we must not forget the most critical asset: the people. The most advanced technology in the world is not useful unless it is paired with the people who know how to leverage it. With cybercrime on the rise and cybersecurity increasingly becoming integrated into national defense strategies, the demand of cyber experts has never been higher.

Unfortunately, on the personnel front, we still face challenges as a country.  A recent poll by Frost & Sullivan, Booz Allen Hamilton and (ISC)2 showed that 56 percent of cybersecurity professionals feel that their organizations are understaffed in this regard. This is true across the public and private sector, with agencies like DHS finding they are unable to maintain the staff levels to meet demand for cyber services. We need a plan to combat this shortage and prepare the next generation of IT workers to jump into the ever-important field of cybersecurity.

So what would this plan look like? Solving this problem will require clear public/private cooperation, strong leadership and a commitment to setting priorities. That isn’t to say that we need regulation or legislation right now (as we saw with the rollout of the NIST framework, these aren’t essential ingredients for successful cybersecurity initiatives). What we do need is to make sure there is an integrated effort between government and industry to set priorities and work toward a common goal of increasing education and access to cybersecurity jobs.

We have many of the pieces in place already. In the DC area for example, 20 of the top universities, colleges and community colleges offer programs in computer science and IT. That being said, industry needs to take a more proactive role to work with these academic institutions to promote the importance of cybersecurity and the rewards of a cybersecurity career to young people enrolled in these programs. Many other growing industries, like energy and healthcare, engage in partnerships with universities and colleges to attract talented young people from the beginning. On the government side, we know that the military engages in on-campus recruitment through programs like ROTC. There is no reason that cybersecurity branches of government organizations could not do the same.

In addition to education, we need to do outreach to professionals about cybersecurity jobs. Last year, the average cybersecurity professional made $116,000. And the industry accepts all professionals, ranging from Ph.Ds and masters degree holders down to individuals with just a high school education or associate’s degree (who can still pull in a salary of above $90,000 on average). As an industry, it’s important to get out the message about these opportunities to the right audiences.

Despite some of the bad news we’ve heard about the cybersecurity talent shortage, there have been a few bright spots. As part of the DoD’s strategic shift toward cybersecurity, the Pentagon recently announced that it will be tripling its security staff to 6,000 professionals by 2016 – a huge step in the right direction. With personnel investments like these, defense agencies are putting their ‘money where their mouths are’ on the shift to cybersecurity priorities.

With cybersecurity in the news every day, we are really starting to grab the public’s attention on this issue.  We encourage readers to get the word out that our industry needs bright, talented, eager people who are looking for rewarding careers. It’s a national imperative to find people like this, and a rewarding experience for individuals who join the industry.

 

The post Don’t Forget Investments in Cyber Talent appeared first on McAfee.

]]>
http://blogs.mcafee.com/business/security-connected/dont-forget-investments-cyber-talent/feed 0
Latest McAfee Threats Report Highlights Troubling Trends for Public Sector http://blogs.mcafee.com/business/security-connected/latest-mcafee-threats-report-highlights-troubling-trends-public-sector http://blogs.mcafee.com/business/security-connected/latest-mcafee-threats-report-highlights-troubling-trends-public-sector#comments Fri, 14 Mar 2014 15:40:51 +0000 http://blogs.mcafee.com/?p=33911 This week, the experts at McAfee Labs released their latest quarterly threats report, which recapped emerging cyber-threats they saw at the end of last year. In addition to some of the trends we know of that afflict big companies and individuals, there are a number of interesting threats that affect users in the federal government […]

The post Latest McAfee Threats Report Highlights Troubling Trends for Public Sector appeared first on McAfee.

]]>
This week, the experts at McAfee Labs released their latest quarterly threats report, which recapped emerging cyber-threats they saw at the end of last year. In addition to some of the trends we know of that afflict big companies and individuals, there are a number of interesting threats that affect users in the federal government space.

One disturbing trend was the proliferation of malicious signed binaries, the growth of which rose 52% since our last quarterly report. In other words, these are malicious applications in disguise. The attacker “signs” them with a certificate from a presumably trusted source, and users may think they are accepting an application that they identify. But this exploit is a wolf in sheep’s clothing.  What’s further troubling is that these binaries throw into question the effectiveness of the Certificate Authority Model– the primary asset verification structure employed in government agencies. If a hacker can sign malware with a stolen trusted certificate, how does one effectively weed out unwanted programs? In the absence of an alternative to the Certificate Authority model, network administrators will have to be vigilant whenever they’re installing software.

The high-profile attacks we heard about at retailers like Target and Neiman Marcus in late 2013 were part of a growing Cybercrime-as-as-Service (or CaaS) market that Labs researchers also identified in the report. This illicit marketplace, with roots on the Deep Web, allows attackers to easily purchase, modify and employ point-of-service (POS) malware that could then be used against conglomerates, government agencies and individuals. This malware isn’t particularly complicated or expensive for hackers, and it can be quite effective. As we’ve noted before, 80% of cyberattacks could be prevented by following simple cybersecurity best practices – but if that care isn’t taken, relatively simply malware can wreak havoc. Government agencies must monitor in the face of a growing number of simplistic but damaging cyber-attacks. If cybercriminals could execute such large-scale attacks on retailers, they could attempt the same against government agencies. The administrators of federal sites that are citizen-facing and store large amounts of personal information need to be especially vigilant.

The final major trend in the report is the continued growth of mobile malware – up 197% from the end of 2012. This trend, which has grown in prominence and relevance in every quarterly report, shows the continued risk that government agencies have to mitigate as more of their operations go onto portable devices. Mobile computing brings unparalleled speed and convenience to its users, but many mobile devices don’t bear the cybersecurity suites that protect other endpoint devices like PCs. The data that government employees work with on their mobile devices may be sensitive and can be shared or exploited without the proper protection in place. This is especially true in a BYOD setting, where employees are being implicitly trusted to follow security guidelines.

The senior vice president of McAfee Labs, Vincent Weafer, said that late 2013 would be the time that cybercrime became “real” for more people than ever. From mobile attacks to malware black markets to an authority model that you can’t necessarily trust, I’m fully inclined to agree. Watch the McAfee blogs as we delve into these threats further and talk about potential solutions.

The post Latest McAfee Threats Report Highlights Troubling Trends for Public Sector appeared first on McAfee.

]]>
http://blogs.mcafee.com/business/security-connected/latest-mcafee-threats-report-highlights-troubling-trends-public-sector/feed 0
Cybersecurity Emphasized in the President’s Budget http://blogs.mcafee.com/business/security-connected/cybersecurity-emphasized-presidents-budget http://blogs.mcafee.com/business/security-connected/cybersecurity-emphasized-presidents-budget#comments Thu, 06 Mar 2014 16:42:32 +0000 http://blogs.mcafee.com/?p=33741 This week, President Obama released his annual draft budget for Fiscal Year 2015. The budget calls for reductions in defense, leaving the physical U.S. military at is smallest level since WWII. At the same time, spending levels for cybersecurity could be increasing – or at least they won’t be declining. This reflects a strategic realignment […]

The post Cybersecurity Emphasized in the President’s Budget appeared first on McAfee.

]]>
This week, President Obama released his annual draft budget for Fiscal Year 2015. The budget calls for reductions in defense, leaving the physical U.S. military at is smallest level since WWII. At the same time, spending levels for cybersecurity could be increasing – or at least they won’t be declining. This reflects a strategic realignment as more threats that face our country come through cyberspace. I had a chance to connect with several McAfee experts to discuss the policy implications of this budget as well as its implications on cybersecurity strategies.

To get an update from a DHS and NIST perspective, I connected with Standards and Technology Policy Director Kent Landfield.  Kent’s a new member of my team who brings important insight from his time working with the federal government, most recently in helping develop the NIST framework over the last year or so. Several offices within NIST, and relevant offices within DHS, will see their funding increase, despite the fact that DHS will see a smaller overall budget than it had last year. The program that helps promote and facilitate the framework, known as C3 or C-Cubed, received $8.5 billion. Kent said it’s difficult to know right now how that figure will play out. We should learn more at a March 13 hearing of the House Homeland Security Committee. In other news, Kent noted that implementation of the Continuous Diagnostics and Mitigation (CDM) program, in which McAfee plays a big role, is slated to receive more than $143 million.

For insight on the effectiveness of these investments, I spoke to our VP of Federal, Ken Kartsen. Ken said we have to dive into how this money is actually allocated in the agencies to truly assess whether we’ll be able to defend against damaging cyber-attacks. Having the right technology in place, like our interoperable Security Connected platform, is vital. And even if the budgets for cyber tools stay at current levels or increase, it’s unlikely there will be increased funding for training and personnel – two very important pieces of implementing effective cybersecurity. This means government organizations need to choose tool sets that are smart, integrated and efficient. It only makes sense to go for COTS solutions, as these can deliver a great deal of value at a reasonable price point. Government buyers have to make sure they’re getting as much efficiency and value as possible out of each cyber dollar.

At the same time, Ken emphasized that agencies need to be investing in human capital, because we need more skilled specialists to keep us safe from bad actors on the web. Avoiding a federal government “brain drain” during this time of downsizing will be an important part of making smart cybersecurity investments.

I also connected with Dr. Jarno Limnell, Director of Cyber Security based in Finland, who was in town presenting at a major cyber conference this week. Jarno observed that the growing investments in cybersecurity at a time when traditional defense budgets are shrinking reflect a restructuring of priorities in the United States and other NATO countries. The growing convergence of the digital and physical world, he said, has created a situation where strong cybersecurity assets are as important for protection as physical weapons, vehicles and artillery. As one of the foremost experts on global cybersecurity trends, Jarno noted that we should expect to see cybersecurity growing in the defense budgets of many Western countries, who will follow the US’s lead on matters of national security, especially when it comes to cyber realignment. He echoed Ken’s advice about investing more in training people, not just in purchasing technology.

The budget will of course see many revisions and permutations before becoming a reality. One thing will not change, though: Cybersecurity will become a more important part of our country’s national security strategy over the coming years, and it’s encouraging to see that the government recognizes as much.

The post Cybersecurity Emphasized in the President’s Budget appeared first on McAfee.

]]>
http://blogs.mcafee.com/business/security-connected/cybersecurity-emphasized-presidents-budget/feed 0
Intelligence Sharing and the RSA 2014 Conference http://blogs.mcafee.com/business/security-connected/intelligence-sharing-rsa-2014-conference http://blogs.mcafee.com/business/security-connected/intelligence-sharing-rsa-2014-conference#comments Wed, 26 Feb 2014 20:39:11 +0000 http://blogs.mcafee.com/?p=33507 This week, the city of San Francisco is hosting one of the biggest cybersecurity events of the year – the RSA conference. The meeting draws hundreds of prominent cyber exhibitors and thousands of guests, spurring a discussion on the cyberthreat landscape and the solutions companies are employing to keep us safe from bad actors on […]

The post Intelligence Sharing and the RSA 2014 Conference appeared first on McAfee.

]]>
This week, the city of San Francisco is hosting one of the biggest cybersecurity events of the year – the RSA conference. The meeting draws hundreds of prominent cyber exhibitors and thousands of guests, spurring a discussion on the cyberthreat landscape and the solutions companies are employing to keep us safe from bad actors on the web. I’m at the event this year on behalf of McAfee to meet with customers and get their responses to the solutions we’re announcing at RSA.

The theme of this year’s conference is “Share. Learn. Secure. Capitalizing on Collective Intelligence.” Appropriately, we’re expanding our Comprehensive Threat Protection, a solution that tightly binds and shares threat intelligence and workflows across endpoints, networks and the cloud. This collective intelligence helps detect and stop threats to our systems immediately, rather than trying to repair damage retroactively. McAfee’s expanded Comprehensive Threat Protection now conducts even more advanced malware analysis, plus it has the ability to find, freeze and fix any problem in milliseconds.

In the same spirit of this year’s RSA theme, I’m excited to announce six new partners in our Security Innovation Alliance (SIA), which allows us to integrate solutions and provide a greater value proposition to our customers. The expansion of this alliance gives our government, enterprise and consumer customers a deeper bench of expertise and market leadership to tap into.  We take the theme of collective intelligence seriously, and building out the SIA is one way we “share, learn and secure.”

These announcements are compelling but they’re by no means our only new solutions. Nor are they the only feature of the conference that we’re excited about. It’s also nice to see some other McAfee heavy hitters in attendance, including McAfee Chief Privacy Officer Michelle Dennedy. Michelle is the author of the recently-published guidebook “The Privacy Engineer’s Manifesto,” where she argues that from an engineering perspective, privacy must be built into software and systems from the core, rather than tacked on at the end. Michelle will be showcasing her groundbreaking book throughout the week.

And after a week of great sessions and meetings, I’ll look forward to lightening it up a bit with the closing keynote from Stephen Colbert. We’ll be recapping more of RSA’s high points in a follow-up post next week.

The post Intelligence Sharing and the RSA 2014 Conference appeared first on McAfee.

]]>
http://blogs.mcafee.com/business/security-connected/intelligence-sharing-rsa-2014-conference/feed 0