threat

now browsing by tag

 
 

HACKING #NUCLEAR SYSTEMS IS THE #ULTIMATE #CYBER THREAT. ARE WE #PREPARED?

Source: National Cyber Security – Produced By Gregory Evans

The nuclear plant employees stood in rain boots in a pool of water, sizing up the damage. Mopping up the floor would be straightforward, but cleaning up the digital mess would be far from it.

A hacker in an adjacent room had hijacked a simulated power plant, using the industrial controls against themselves to flood the cooling system.

It took officials from three different Swedish nuclear plants, who were brought in to defend against an array of cyberattacks, a couple of hours to disconnect the industrial computer (known as a programmable logic controller) running the system and coordinate its repair.

Though the exercise was conducted in a simulated coal plant, not a nuclear one, the tactile nature of the demonstration — the act of donning rubber boots to fix the flooding — drove home the potential physical consequence of a cyberattack on critical infrastructure. “The next step for them is to go back home and train in their real environment,” Erik Biverot, a former lieutenant colonel in the Swedish army who planned the event, told The Verge.

The drill, which took place this past October at a research facility 110 miles southwest of Stockholm, was the most technically sophisticated cyber exercise in which the UN’s nuclear watchdog — the International Atomic Energy Agency (IAEA) — has participated.

Security experts say more of these hands-on demonstrations are needed to get an industry traditionally focused on physical protection to think more creatively about growing cyber threats. The extent to which their advice is heeded will determine how prepared nuclear facilities are for the next attack.

“Unless we start to think more creatively, more inclusively, and have cross-functional thinking going into this, we’re going to stay with a very old-fashioned [security] model which I think is potentially vulnerable,” said Roger Howsley, executive director of the World Institute for Nuclear Security (WINS).

The stakes are high for this multibillion-dollar sector: a cyberattack combined with a physical one could, in theory, lead to the release of radiation or the theft of fissile material. However remote the possibility, the nuclear industry doesn’t have the luxury of banking on probabilities. And even a minor attack on a plant’s IT systems could further erode public confidence in nuclear power. It is this cruelly small room for error that motivates some in the industry to imagine what, until fairly recently, was unimaginable.

The Nuclear Threat Initiative, a Washington-based nonprofit co-founded by Ted Turner, has tallied about two-dozen cyber incidents since 1990, at least 11 of which were malicious. Those include a December 2014 attack in which suspected North Korean hackers stole blueprints for South Korean nuclear reactors and estimates of radiation exposure to local residents. The affected power company, which provides 30 percent of the country’s electricity, responded by carrying out cyber drills at plants around the country.

In another attack, hackers posing as a Japanese university student sent malicious emails to researchers at the University of Toyama Hydrogen Isotope Research Center, one of the world’s top research sites on the radioactive isotope that makes a hydrogen bomb. From November 2015 to June 2016, the hackers stole over 59,000 files, according to media reports, including research on the ill-fated Fukushima nuclear plant.

Any list of cyber incidents in the nuclear sector, however, is very likely incomplete. The US Nuclear Regulatory Commission, for example, only requires operators to report to the commission cyber incidents that affect the safety, security functions, or emergency preparedness of the plant, excluding potentially significant attacks on IT systems. It is, in general, extremely difficult for a hacker to breach a plant’s inner control systems implicated in the former category, but not nearly as challenging to penetrate the non-critical IT networks included in the latter.

“We are absolutely undercounting [the number of non-safety-related incidents] and we’re not looking so we can’t pretend that our count is accurate,” said Robert M. Lee, a former Air Force cyber officer and founder of Dragos, a firm specializing in industrial control systems (ICS) cybersecurity. By probing their networks for more of these lower-level threats, nuclear operators can bolster their security, he added.

Regulatory requirements have strengthened US nuclear plants’ cybersecurity, and most plants were built decades ago on analog systems that are shielded from direct internet-based attacks. But the growing digitization of the industry is opening up new potential vectors for hackers.

One of the first known cyber incidents at a nuclear plant took place in 1992 when rogue programmer Oleg Savchuk deliberately infected the computer system of a plant in Lithuania with a virus. Savchuk was arrested and became a precautionary footnote in the history of nuclear security. It would take a set of much more seismic events to illuminate the danger of cyber threats to nuclear operators.

In March 2007, with US energy regulators looking on, engineers at the Idaho National Lab showed how 21 lines of computer code could cripple a huge generator, as journalist Kim Zetter writes in her book. It was only through this jaw-dropping experiment, known as Aurora, that some energy industry officials came to accept that digital tools are capable of physical destruction.

Before Aurora, “there were many people who simply denied the concept that any kind of physical damage could be caused or triggered by a cyber event,” Marty Edwards, an ICS expert who helped design the experiment, told The Verge. Two years later, the destructive potential shown in Aurora became a reality. The famed Stuxnet attack injected a formidable computer worm into Iran’s Natanz enrichment facility in 2009, destroying about 1,000 centrifuges. The United States and Israel are suspected of being behind the attack, which used a USB drive to deliver malware to “air gapped” systems, or those with no direct or indirect connections to the internet. In doing so, the attackers refuted the notion that such a system was immune to hacking.

Stuxnet’s creators used four “zero-days,” or previously unknown software exploits, whereas most big cyberattacks use one at most. The attackers managed the improbable feat of breaching and manipulating a nuclear facility’s heavily protected industrial controls. In doing so, they changed the cybersecurity conversation in the nuclear industry, prompting new regulations and more investments in defenses.

As instructive as Stuxnet was, nuclear officials can only learn so much from one attack and, because successful attacks are rare, there is a small pool of data from which to learn. For some, the answer is to create your own attacks in a controlled environment.

The exercise conducted this past October took advantage of the high-tech environment provided by Sweden’s Defense Research Agency. Officials from the IAEA and at least 20 of its member countries, including the US and China, watched on TV screens as offensive and defensive cyber teams did battle. The defenders grappled with everything from straightforward denial-of-service attacks to the more insidious scenario of a contractor’s laptop exposing a facility to malware.

In one instance, they used an actual Siemens programmable logic controller. In another, they modeled one of the exercise’s attacks on the 2015 hack of the Ukrainian power grid, one of the biggest energy-sector attacks since Stuxnet.

The Swedes meticulously documented what amounted to a scientific experiment. Audio and video captured participants’ every move and may be later analyzed by a research team. The biggest early takeaway from the experiment, however, was decidedly low-tech: participants had to trust each other to navigate a stressful environment.

The IT specialists who participated normally work individually rather than as a team to handle cyber incidents, according to Biverot. For each participant, knowing that “I can give this guy a call if I’m in trouble” would be invaluable during a security incident, he told The Verge.

Security experts say there is no substitute for putting an organization’s cyber teams under the gun in an intense, credible scenario. “It’s very important to understand the link between what’s happening in cyberspace and what’s happening in real life,” said Dennis Granåsen, a senior scientist at the Defense Research Agency. “If you don’t do that, it’s very easy to just think of these exercises as a game where you need to perform and get a good score and that’s it.”

The less that exercises seem like a game to participants, the better prepared they’ll be for the real thing. The challenge, however, is that exercises as technically rigorous as the Swedish one have not been the norm across the global nuclear sector. They can be expensive, take many months to plan, and may require bringing in outside cyber expertise to drill plant personnel. Exercise programs are growing in maturity and are including more red-teaming, but experts say more work is needed.

Without outside help, many operators will struggle to keep pace with cyber threats, according to Roger Brunt, a former top official at the UK’s Office for Nuclear Regulation. For that reason, Britain’s larger nuclear operators have recently begun hiring security firms to probe their computer networks for vulnerabilities, he said.

While safety and security are paramount at nuclear plants, business considerations also come into play as many plants, including the vast majority of the 61 in the US, are privately owned. The financial and reputational damage that a successful cyberattack could wreak has led some executives to walk through them in advance.

Two weeks before the Swedish exercise, a group of lawyers, insurers, and nuclear executives huddled in central London to consider an alarming scenario: malware had hit a workstation at a nuclear plant, triggering a shutdown of the reactor and a power cut for nearby residents during a dangerous heatwave.

Whereas the Swedish drill was geeks and computer code, the London one was lawyers and the lofty words of judges and defendants.

A fictional power company was on mock trial for decisions its executives had taken leading up to the made-up incident. They had failed to ensure that software on the plant had been updated and that employees were trained in security. Despite an eloquent defense from executives, the judges found the company criminally and civilly liable for the $1.7 billion in economic and other damages incurred by the power cut, and for the 10 people who died in the heat wave.

Howsley said he was surprised at the criminal verdict, thinking the bar for damning security practices would be higher. But that may be where legal norms are headed, given that companies like Uber and Anthem have been sued for allegedly shoddy cybersecurity regimes.

Among nuclear executives, “accountability is going to drive better behavior” on cybersecurity, said Kathryn Rauhut, a lawyer and nonresident fellow at the Stimson Center, which hosted the exercise.

Rauhut said that when drawing up the exercise, she considered several scenarios that might spur strong interest from nuclear executives. Nothing resonates like the threat of a civil or criminal lawsuit for bad security practices. “The CEOs said, ‘Whoa, this is huge. I didn’t know I was liable,’” she told The Verge.

Howsley, a 35-year veteran of the nuclear industry, has seen the industry adapt its safety standards after the 1986 Chernobyl disaster, its security standards after the September 11th attacks, and its cybersecurity standards after Stuxnet. The guessing game of where the next threat might come from can be maddening.

“Someone once said to me, ‘The future is actuarial, history is forensic,’” said Howsley, a cerebral Englishman with a PhD in botany. “If something awful happens at 3 o’clock this afternoon, people will look back and say, ‘How did we allow this to happen?’ But we forget all the things that we worried about and didn’t happen.”

As training in the lab and boardroom continues, hackers in the real world are sharpening their skills. The years since Stuxnet have seen an uptick in advanced hacking operations targeting energy infrastructure. The Ukrainian power grid has been a playground for hackers, some of whom analysts have traced to Russia.

A year after the December 2015 attack, which cut power for 225,000 people, the Ukrainian grid was hit again in what Dragos says was an even more sophisticated operation. “Adversaries are getting smarter, they are growing in their ability to learn industrial processes and codify and scale that knowledge, and defenders must also adapt,” states the firm’s analysis of the attack.

Just last week, energy software giant Schneider Electric acknowledged that hackers had exploited a flaw in its safety system software, known as Triconex, at an industrial plant, causing the plant to shut down. The company has declined to identify the plant. Triconex systems are used at a variety of plants, including oil, gas, and nuclear.

This changing digital landscape is prompting governments and energy companies to get more ambitious in how they drill for attacks. The goal is tighter communication and unalloyed trust between the government and operators of critical infrastructure, the vast majority of which is privately owned in the US.

In the event of a serious cyberattack, nuclear operators would need to have agencies on speed dial to mitigate the damage. In the waning days of the Obama administration, US and British officials tested these lines of communication in an unprecedented exercise they called Ionic Shield.

On a conference call in November 2016, officials at the White House and Downing Street watched as a piece of malware hit the administrative networks of hypothetical nuclear plants in the US and Britain. Participants tested how well they could pass the word of a spreading attack through the chain of command and take corrective action. Communication between the two governments and between government and industry went well, according to Caitlin Durkovich, a former official for the Department of Homeland Security (DHS).

However, Durkovich told The Verge, “I think we walked away with the sense we need to improve how the industry here [in the US] is communicating with the industry there [in Britain], especially as it relates to sharing threat information.”

In June 2017, DHS officials warned the energy industry that hackers had targeted the computer network of the Wolf Creek nuclear facility in Kansas. The threat was limited and did not involve safety or other critical systems, security experts told The Verge, but it served as a reminder that nuclear facilities are still very much in hackers’ crosshairs.

“The threat is not going to go away,” Howsley said. “It will get more subtle.”

Some hackers play the long game, lingering on peripheral networks for months in the hope of gaining a foothold into more critical systems. For network defenders, maintaining urgency in the absence of regular, successful attacks can be difficult. The shock value of events like Aurora and Stuxnet can only last so long as those who study them fall back into their routines. Rigorous exercises based on unnerving scenarios are critical to keeping engineers and cyber specialists on their toes.

The post HACKING #NUCLEAR SYSTEMS IS THE #ULTIMATE #CYBER THREAT. ARE WE #PREPARED? appeared first on National Cyber Security .

View full post on National Cyber Security

Champions #League #final ‘faces #hacking #threat’

Ukrainian state security accuses Russia of preparing huge attack as Cisco details VPNFilter threat
Russia is preparing a large-scale cyber attack on Saturday’s Champions League final in Kiev, according to Ukrainian state security.

The Ukrainian Security Service (SBU) accused the Russian government of “cyber aggression”, with the aim of infecting hardware and “destabilising” Ukraine’s hosting of the match between Real Madrid and Liverpool.

The statement came just hours after networking giant Cisco’s cybersecurity division, Talos, warned that hackers had infected some 500,000 internet routers and storage devices, mainly focusing on Ukraine, with state-developed malware called VPNFilter.

Talos said it was releasing the information before fully completing its investigation because of the urgent need to prevent the potential attack.

“Both the scale and the capability of this operation are concerning,” Talos said. “The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”

VPNFilter is a multi-stage, modular platform, the first stage of which can survive a device reboot, which sets it apart from other malware, Talos said. Once it gains a foothold in a device, it deploys other stages of the malware, which can steal website credentials and even cause infected devices to self-destruct.

While Talos didn’t say who was behind VPNFilter, it did say the malware shared similarities with BlackEnergy, which destroyed a huge part of Ukraine’s power grid in 2015, an attack Ukraine linked to Russia at the time.

“The type of devices targeted by this actor are difficult to defend,” Talos added, saying VPNFilter had grown quietly since 2016. “They are frequently on the perimeter of the network, with no intrusion protection system (IPS) in place, and typically do not have an available host-based protection system such as an anti-virus (AV) package.”

As yet, no details have been released as to how the attack would affect the final.

Earlier in the year, Russian spies were accused of hacking South Korea’s hosting of the 2018 Winter Olympics in South Korea. The attack caused large disruption to the opening ceremony, affecting TV and web broadcasting, knocked out display monitors, Wi-Fi networks and the Winter Olympics official website.

advertisement:

The post Champions #League #final ‘faces #hacking #threat’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

UK #businesses face #growing #threat from #cyber-attacks

Criminal cyber-attacks on UK businesses increased last year, according to the annual report of the National Cyber Security Centre.

Firms face a growing threat from ransomware, data breaches and weaknesses in the supply chain, according to the report, published on Tuesday. Emerging threats include theft from cloud storage, which the NCSC argues too many businesses put their faith in.

“Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.

The NCSC, in effect the shop window for the government surveillance agency GCHQ, was set up in late 2016 amid alarm over potential attacks on UK institutions, infrastructure and businesses.

The report, Cyber Threat to UK Business Industry 2017-2018, is published to coincide with the opening of a organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector.

Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.

“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”

The report was written in collaboration with the National Crime Agency. Donald Toon, director of economic and cybercrime at the NCA, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences.”

Under-reporting of cybercrime by businesses means crucial evidence and intelligence about threats and offenders can be lost. Toon called for full and early reporting of cybercrime.

by the NCSC show 34 significant cyber-attacks took place between October 2016, when the agency was launched, and the end of 2017. A further 762 attacks were less serious. “2018 will bring more of these attacks,” the report said.

It does not break down the figures to distinguish which attacks were purely criminal and which were state-sponsored. The report said that the distinction can be blurred, making attribution difficult.

Among the surveys cited was one by , which recorded a 91% increase in ransom attempts between the first and third quarters of last year.

Vulnerabilities highlighted in the NCSC report included the spread of the , which includes the interconnection of household appliances and other devices. “The internet of things and its associated threats will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity,” the report said.

“Many internet-connected devices sold to consumers lack basic cybersecurity provisions. With so many devices unsecured, vulnerabilities will continue to be exploited.”

The NCSC has also issued a warning over cloud security: “As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals.

“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”

The report warns that no matter how good a company’s cybersecurity, it is at risk if this is not matched by the management of service providers and software, which can offer a potential stepping stone into the networks of thousands of clients.

“It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third-party suppliers in the supply chain,” the report said. “Attackers will target the most vulnerable part of a supply chain to reach their intended victim.”

advertisement:

The post UK #businesses face #growing #threat from #cyber-attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

PRIMARY #CYBERSECURITY #THREAT TO #OMAN IS #EMAIL-BORNE #MALWARE, SAYS #EXPERT

Like most of government and private sectors and industries around the world, organisations in Oman also face the same cyberthreats, including ransomware, malware attacks as well as data privacy and protection challenges.

The primary cybersecurity threat to Oman is email-borne malware. Ransomware and phishing attacks are also on the rise, says an expert.

Speaking exclusively to Muscat Daily, Raj Sabhlok, president of ManageEngine, the brand known for making efficient and thoughtful IT management software and a division of the popular Zoho Corporation said, “Going forward, one of the key challenges Oman will face is risk that Internet of Things (IoT) and Artificial Intelligence (AI) pose to enterprise data and IT security. In the IT departments, those external threats compound the internal threat of poor IT management practices. The internal threats range from lax endpoint management such as failure to containerise enterprise data on employee-owned devices to inconsistent application patching, weak password management, and more. Healthcare and financial services are top targets of cyberattacks.”

Speaking on the integration to the role of IT management and cybersecurity in addressing the latest technology developments in global cloud, networking, and security management, he added, “Recent security breaches have made it clear that just about any IT element can become an attack vector, and improper IT management just paves the way for cybercriminals. With latest technology developments in cloud and elsewhere, organisations need to be proactive in IT management, so that the opportunities and benefits do not come at the cost of breaches, data theft, and other cyberattacks.

“Of course, the IT management tools must support that proactive posture, both as individual products as well as an integrated suite.”

On the safety of cloud, Sabhlok said, “Over the years, cloud companies have invested heavily in the security of their cloud infrastructure and applications. The investments include the resources needed to create redundant copies of data, encrypt data, authenticate users, and more. Amazon Web Services (AWS) has more than 1,800 security controls for its services, the BBC reports. And the exponential adoption of cloud technologies in the recent past is a testament to the overall security of the cloud.

“Meanwhile, cloud vendors continue to enhance the security of their offerings so that they comply with the growing array of data protection and data privacy laws such as EU’s General Data Protection Regulation, and South Africa’s Protection of Personal Information Act. Going forward, cloud vendors will have to scale their IT to accommodate relentless growth: Gartner predicts worldwide public cloud services revenue will reach US$411.4bn in 2020 compared to the 2017 revenue of US$260.2bn. Mobility will be another challenge for cloud vendors as well as keeping operating and capital expenses in check as demand for their services grow.”

advertisement:

The post PRIMARY #CYBERSECURITY #THREAT TO #OMAN IS #EMAIL-BORNE #MALWARE, SAYS #EXPERT appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Threat Analyst

U.S. Federal Government – Washington, DC

Duties 

Summary 

Within the Directorate of Analysis (DA), incomplete and sometimes contradictory information is transformed into unique insights that inform US policy decisions. The DA helps provide timely, accurate and objective all-source intelligence analysis on national security and foreign policy issues to senior policymakers in the US Government. Learn more about the Directorate of Analysis at 

advertisement:

https://www.cia.gov/offices-of-cia/intelligence-analysis/ 

As a Cyber Threat Analyst for the CIA, you will conduct all-source analysis, digital forensics, and targeting to identify, monitor, assess, and counter the threat posed by foreign cyber actors against US information systems, critical infrastructure and cyber-related interests. You will support the President, the National Security Council, and other US policymakers with strategic assessments and provide tactical analysis and advice for operations. 

Cyber Threat Analysts apply their scientific and technical knowledge to solving complex intelligence problems, produce short-term and long-term written assessments, and brief US policymakers and the US cyber defense community. This work demands initiative, creativity, analytic skills, and technical expertise. 

You will also have the opportunity to maintain and broaden your professional ties throughout your career through academic study, collaboration with Intelligence Community peers, and attendance at professional meetings. 

Opportunities exist for foreign and domestic travel, language training, analytic tradecraft and management training, training to deepen substantive expertise, and assignments to other offices in the Agency and throughout the US Government.

Read More….

The post Cyber Threat Analyst appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Engineering #needs #cyber security #specialists to #beat the #threat

Source: National Cyber Security News

Awareness and concern over security against cyber threats is growing. It’s about much more than the risk of personal data being hacked into.

A hostile cyber attack is classed by the UK’s National Security Risk Assessment as a Tier 1 risk, putting it in the most serious category alongside international terrorism, an international military crisis and a major accident or natural hazard. The National Cyber Security Centre was set up in 2016 (as a branch of GCHQ), and later the same year the government confirmed a cyberstrategy budget of £1.9bn over five years.

And although there have been high-profile examples of cyber security breaches, including the ‘Wannacry’ ransomware attack on the NHS last year, the centre’s head Ciaran Martin recently said that the UK had been fortunate so far to avoid a so-called ‘category 1’ attack – an assault that could cripple critical infrastructure such as water or electricity supplies or financial services. He warned that it was a matter of “when, not if” such an attack occurred.

There is little wonder, then, that demand for cyber security specialists has grown dramatically in the past few years, as has demand for the services of companies seeking to hire their expertise.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cyber Security Threat Hunter

Source: National Cyber Security – Produced By Gregory Evans

Job Description:
In this highly visible role, you will perform research and analysis searching for indications of advanced threat actors existing on the network. Analyze available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks against the enterprise. Works with the Cyber Security Research and Development team to operationalize new and innovative techniques of discovering advanced threat actors. Works in Global Information Security in the Cyber Security Defense organization to ensure there are good data sources to enrich hunting capabilities.

Required Skills:
4-7 years of background in information security, cyber security or network engineering.
Must understand typical threat actor profiles, the typical indicators associated with those profiles, and be able to synthesize the two to develop innovative techniques to detect threat actor activity.
Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
Analyze available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks against the enterprise
Ability to analyze logs, normalize and perform automated log correlations utilizing big data analysis or hunt tools to identify anomalous and potentially malicious behavior
Strong experience with Digitial forensics on host or network from malware perspective, ability to identify anomalous behavior on network or endpoint devices
Experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security, and security monitoring solutions (NSM,DLP,Insider, etc)
Self-starting, organized, proactive, and requiring minimal management oversight.
Ability to quickly learn new and complex concepts.
Strong analytical skills/problem solving/conceptual thinking/attention to detail.
Ability to work effectively with peers and multiple levels of management.
Well organized, thorough, with the ability to balance and prioritize competing priorities.
Excellent verbal and written communication skills across multiple levels of the organization.

Desired Skills:
A passion for Cyber Threat Hunting, research, and uncovering the unknown about threats and threat actors
Bachelors degree in Computer Science.
Ability to effectively code in a scripting language (Python, Perl, etc.)
Ability to understand big data and query languages (Splunk, SQL, etc)
Experience with either Red team or Blue team operations and ability to think both like an attacker and defender.
Experience setting up infrastructure to support Hunt Team operations
Previous experience working in the financial industry

Enterprise Role Overview
Key individual contributor, with accountability for researching, designing, engineering, implementing, and supporting information security & directory technology systems (software & hardware). Utilizes in-depth technical knowledge and business requirements to design & implement secure solutions to meet customer / client needs while protecting the Bank’s assets. Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.). Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.

Shift: 1st shift (United States of America)

Hours Per Week: 40

The post Cyber Security Threat Hunter appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Threat Technical Analyst

Source: National Cyber Security – Produced By Gregory Evans

We’re looking for Eagle Ray people. Eagle Ray is a rapidly growing, woman owned business specializing in strategic transformation services. We deliver complex professional services across the IC, DoD and DHS. With Eagle Ray’s help, our clients reduce cost and program risk, enhance operational performance and drive the development of new capabilities to end users in the National Security Enterprise. We offer an engaging corporate culture, a dynamic work environment and competitive total compensation.

Insight. Impact. Innovation. Eagle Ray people are hands-on, results-oriented, and invested in the success of our customers’ missions. Come work with us, you can really make a difference!

Produce, per analyst on average, 36 weekly threat reports, eight monthly threat reports, three quarterly threat reports, and one annual threat study for their specific focus or area. In addition, each analyst will average six reports of inquiry (ROI) and or requests for information (RFI) and publish or contribute to nine Intelligence Information Reports (IIR) annually. Finally, each analyst will produce, on average, 48 weekly status reports.

Responsibilities
Support team members in completing forensics reports, CI Cyber Inquiries, and monthly, quarterly, and annual CI Cyber Threat reports.
Identify, analyze, define, and coordinate user, customer and stakeholder needs and translate them into technical requirements.
Detect anomalous activity through network data analysis.
Develop custom scripts/programs for automated cyber analytical tools.
Record best practices, lessons-learned, processes and procedures, and other pertinent quality topics in appropriate formats.
Design, construct and maintain a working lab environment for testing and research of advanced technical attack techniques and potential detection solutions.
Evaluate and analyze Intrusion Detection, incident tickets, event and log analysis, security change tracking and other network security systems and devices to identify risks and if required make recommendations for corrective actions.
Investigate instances of malicious code to determine attack vector, payload, potential origin, and determine extent of damage and data exfiltration and provide written reports based on findings.
Assist in the development and delivery of malware threat awareness products and briefings.
Collaborate with customers and team members to facilitate a premier malware program.
Qualifications
Required

TS/SCI clearance
Bachelor’s Degree in Computer Science, Engineering, or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience.
7 years of network analysis experience.
Mandatory Travel = 25%
Experience with network analysis tools, such as Wireshark.
Strong research, critical thinking and analytic skills.
Strong written and oral communication skills.
Strong listening and recognition skills.
Understanding of mission urgency.
Strong time management, prioritization, production, leadership and followership skills.
Graduate of an accredited federal or DoD CI training academy.
Desired

Post-graduate degree in Computer Science, Engineering, or a related technical discipline or the equivalent combination of education, technical certifications or training, or work experience.
Equal Opportunity Employer/M/F/Disability/Vet/Sexual Orientation/Gender Identity

The post Cyber Threat Technical Analyst appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ignorance Of #Cyber Threat Creates #Conundrum For Small #Business #Data #Security

Ignorance Of #Cyber Threat Creates #Conundrum For Small #Business #Data #Security

McAfee Labs recently published its 2018 Threats Predictions report, and after a year of high-profile cyberattacks and data breaches, analysts say the threat won’t let up in the new year. A rising challenge for the enterprise is the fact that cyberattackers are becoming increasingly sophisticated in their methods. According to McAfee, while companies are embracing innovations like machine learning to safeguard their systems, attackers, too, are using these same tools.

“Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior and zero-day attacks,” McAfee said in its report. “But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models and exploiting newly discovered vulnerabilities faster than defenders can patch them.”

If there’s one thing the enterprise has learned this year, it’s that a data breach can happen to any business — including small businesses (SMBs). Or, according to the latest data, many small businesses haven’t learned this lesson.

In this week’s B2B Data Digest, PYMNTS dives into new research about small businesses’ data security and cybersecurity efforts. Small businesses seem quite confident in their ability to protect themselves and their customers’ data, but according to researchers, that confidence is likely misguided.

—60 percent of SMBs said they don’t follow PCI DSS or HIPPA rules when storing customer credit card and banking information, according to new research from Clutch. The firm surveyed 300 small businesses about how they store data in the cloud and found that the majority aren’t following the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPPA) as required by law. Clutch warned that fines for non-compliance with these rules can reach into the millions of dollars.

—54 percent of SMBs that store medical data in the cloud admit they don’t follow storage industry regulations, meaning these businesses could be putting sensitive company and consumer data at risk, Clutch also found.

—90 percent of SMBs are at least “somewhat” confident in their cloud storage’s security, a 3 percent increase from 2016 figures. That statistic is troubling, considering so many small businesses are actually lagging in cloud data security, according to the survey.

—60 percent of small firms say they use encryption to safeguard data in the cloud, the most common security measure cited by SMBs in Clutch’s survey. More than half (58 percent) said they train employees in data security, and 53 percent said they use two-factor authentication, though Clutch warned that businesses should be using more cybersecurity strategies than these three methods alone.

—74 percent of SMBs don’t have cyber liability insurance, according to separate research from Insureon. The small business insurance company surveyed 2,500 members of the small business community Manta, and the results suggest that the SMBs that aren’t following data storage regulations may not only be at risk for fines, but could face added-on consequences if they go uninsured.

—25 percent of small firms have consumer data that is susceptible to an attack on their business network, Insureon found, while nearly a sixth said they have already experienced a data breach.

—82 percent of small businesses told Insureon they don’t feel they’re at risk for a cyberattack or data breach, echoing similar sentiments found by Clutch: SMBs could be ignorant to their cybersecurity threats, despite many having already experienced an attack. Insureon President Jeff Somers said in a statement that the research is “surprising, considering the amount of media circulating about mass data breaches and cybersecurity. Many small business owners have their whole life savings tied up in their businesses, and they don’t understand how vulnerable they are to a cyberattack.”

View full post on National Cyber Security Ventures

​Australia #fair game when it comes to the #threat of a #cyber attack

Source: National Cyber Security – Produced By Gregory Evans

For a country with a culture based on taking things as they come, Check Point has said Australia is taking the threat of cybersecurity seriously.

Previously, organisations in Australia were protected by the country’s geographic isolation, but as business is now being carried out at scale via the internet, Tony Jarvis, chief strategist of threat prevention at security vendor Check Point, has said everyone is “fair game” when it comes to the threat of a breach.

Speaking with ZDNet, Jarvis said organisations in Australia used to have the luxury of foresight, watching peers from bigger parts of the world deal with security-related incidents six months before the trend entered Australia, providing them with ample time to prepare.

However, that is no longer the case, as highlighted by the WannaCry ransomware that claimed hundreds of thousands of victims across 150 countries, reaching speed and red-light cameras on state roads in Victoria, and Petya, which even halted chocolate production at Cadbury’s Tasmanian factory.

“When you’re doing business on the internet, which everybody is, everybody is fair game at exactly the same point in time, so we have to be cognizant of that,” Jarvis said.

“Australia is good at taking that seriously, they do appreciate that risk, and translating that into taking the necessary actions and preventative measures is definitely on the agenda.

“Australia is making good progress.”

He said it is important to remember there’s no such thing as cybersecurity in the sense that nothing can be 100 percent secure.

“Rather, cyber resilience, and being prepared as you can be while also acknowledging the fact that something might slip through the cracks, and having a plan in place to deal with that should it happen,” he explained.

“Australia is definitely taking the right steps, everybody faces slightly different risks, but more or less they’re all on the same sort of path.”

Australians have a reputation of being heavy consumers of technology, and with the estimation that there will be 20.4 billion Internet of Things (IoT) devices deployed by 2020, Jarvis said securing these devices should be a priority, given that IoT presents a future that is very difficult to secure.

He said it’s important for everyone involved, including designers, manufacturers, retailers, and consumers, to be aware of the security risks.

“There’s always a lot of hype in the security industry, unfortunately, and a good part of our time is spent on deciphering what is hype and what is fact,” Jarvis explained.

“Unfortunately, when we start talking about IoT, a lot of the hype is real.

“We live in a capitalist society; we have manufacturers and companies whose job is to put products on the shelf that we want to go out and buy and they improve our life somehow, such as fitbits and other fitness trackers,

“Unfortunately, security lags quite a number of years behind bringing these products to market.”

While there are a number of best practice guidelines published by the likes of IoT Alliance Australia and the Cloud Security Alliance, there’s no unanimous decision on which standard to adopt, nor is there an overarching body to make sure every part of the process adheres to agreed guidelines.

“Not all manufacturers will adhere to those standards, but even if they do, if there’s a vulnerability that’s found on a specific device, how do you actually go and remediate or patch that, because it’s not always possible,” Jarvis added.

“A lot of the hype in this case is justified.

“We don’t need to be worried, but we do need to be cognizant.”

The post ​Australia #fair game when it comes to the #threat of a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures