Search This Blog

Friday, September 26, 2014

Security Management Weekly - September 26, 2014

header

  Learn more! ->   sm professional  

September 26, 2014
 
 
Corporate Security
Sponsored By:
  1. "'Active Shooter' Incidents on the Rise"
  2. "Year and a Half After Attack, PG&E Security Still Lacking" Pacific Gas & Electric
  3. "Birmingham UPS Shooter Identified"
  4. "FBI Warns of Rise in Disgruntled Employees Stealing Data"
  5. "Bracing for Jihadists from a CSO's Perspective"

Homeland Security
Sponsored By:
  1. "Iraqi Premier: Militants Targeting Subways in U.S., France"
  2. "Murky al-Qaida Cell in Syria is Dealt Blow but Not a Knockout, U.S. Officials Say"
  3. "U.S. Doing a Better Job of Preventing 'Homegrown' Jihadist Attacks"
  4. "New Details in Fence-Jumping Reveal Failures in Security Rings Around White House"
  5. "Turnover at the Top Has DHS Unsettled"

Cyber Security
Sponsored By:
  1. "Home Depot Was Hacked by Previously Unseen 'Mozart' Malware"
  2. "New 'Bash' Software Bug May Pose Bigger Threat Than 'Heartbleed'"
  3. "Significant Security Flaws Plague Controversial 'Healthcare.Gov,' Audit Finds"
  4. "43 Percent of Companies Had a Data Breach in the Past Year"
  5. "High-Volume DDoS Attacks on the Rise" Distributed Denial-of-Service

   

 
 
 
 
 
 

 


'Active Shooter' Incidents on the Rise
USA Today (09/25/14) Leger, Donna Leinwand

The number of active shooter incidents has more than doubled over the past seven years compared to the previous seven-year period, according to a new FBI analysis. The FBI looked at 160 active shooter incidents from 2000 through 2013, and found there were an average of six such incidents per year from 2000 through 2006 and an average 16 incidents annually since 2007. More than two-thirds of all the incidents that took place between 2000 and 2013 occurred at businesses or schools, and often ended before police arrived. There were few common themes among the shooters, although most of the time they acted alone and had a "real or perceived, deeply held personal grievance," said Andre Simons, unit chief for the FBI's Behavioral Analysis Unit 2.


Year and a Half After Attack, PG&E Security Still Lacking
NBC Bay Area (09/23/14) Kovaleski, Tony; Wagner, Liz; Villarreal, Mark

Eighteen months after a major electricity substation in San Jose, Calif., was attacked by a gunman in what some worry was a dry run for a larger coordinated attack, investigative reporters have concluded that efforts made by the operator of that substation, Pacific Gas & Electric (PG&E), to improve security would be insufficient to stop another attack. Among the promises PG&E made about improving its security was posting security guards at each of its substations around the clock. However, reporters observed guards at only seven of the nine substations they visited. Transformers at most substations were clearly visible and in most cases reporters were able to observe substations undisturbed for long stretches of time. The most obvious security upgrades had been made at the San Jose power station that had been attacked, which had two onsite guards, increased lighting, and opaque fencing. However, that site was also the victim of vandals who broke in and stole equipment in an incident last month that went unreported for five hours. A security expert consulted by the reporters to carry out a threat assessment on the substations said PG&E largely complied with its promised security upgrades, but that the improvements would not be enough to stop a determined attacker.


Birmingham UPS Shooter Identified
AL.com (09/23/14) Robinson, Carol

A fatal shooting occurred at a UPS facility in Birmingham, Ala., on Tuesday, leaving the gunman and two others dead. The two victims of the shooting were UPS supervisors, at least one of whom is believed to have been specifically targeted. Although police have not publicly named the shooter, law-enforcement sources and others have identified him as 45-year-old Joe Tesney, who previously worked at the facility but was fired from his job within the past month. Tesney lost an appeal of the firing and was given his final papers on Monday. It remains unclear why Tesney was fired, although he had been suspected of stealing a $4,000 radiator that had been shipped to an auto repair, design and testing shop.


FBI Warns of Rise in Disgruntled Employees Stealing Data
Wall Street Journal (09/23/14) Barrett, Devlin

The FBI said Tuesday that it has seen a spike in the number of disgruntled employees who steal company information, sometimes as part of an effort to extort money from previous employers. There have been cases in which individuals used their access to destroy data, steal software, obtain customer data, make unauthorized purchases, and gain a competitive edge at a new job, the FBI said. A common way to steal information, the FBI noted, is to use cloud storage accounts and personal e-mail. Sometimes, terminated employees still have remote access to the company's system. Organizations that have recently been victimized by data theft have suffered losses of $5,000 to $3 million. The FBI reports that some employees have attempted to extort their employer by restricting access to company Web sites, disabling certain functions in content management systems, or conducting distributed denial-of-service attacks. Companies are advised to quickly end departed employees' access to computer systems, and change administrative passwords after IT personnel quit or are terminated.


Bracing for Jihadists from a CSO's Perspective
SecurityInfoWatch.com (09/18/14) McGarvey, Daniel; Shamess, James

Security consultants Daniel McGarvey and James Shamess say that the U.S.'s current efforts to take the fight to the Islamic State should serve as a reminder of the potential threats such groups can pose to multinational businesses and government agencies, especially those who do business or have employees in countries near active combat zones. These can be threats to physical security, such as threats to facilities or employees in Syria and Iraq or nearby countries. But they can also take the form of cybersecurity threats or the possibility of a malicious insider. Businesses and governments should carryout a comprehensive security review and response effort led by a committee of senior leaders and staff, McGarvey and Shamess recommend. This should consist of a basic threat assessment and a comprehensive review of current physical security and cybersecurity policies and how they match up to current potential threats. The consultants also say companies should be sure to educate their employees to be on the look out for potential threats and to report them if they see them. Consultants and security specialists can also be employed to help comb the ranks for potential insider threats and to protect personnel or executives traveling in risky areas, McGarvey and Shamess say.




Iraqi Premier: Militants Targeting Subways in U.S., France
Washington Post (09/26/14) Gearan, Anne

American officials say they are unaware of any specific threats or plans made by the Islamic State to attack subway systems in the U.S., despite claims made by Iraqi Prime Minister Haider al-Abadi on Thursday that such a plot was indeed in the works. Abadi said Iraqi intelligence agencies learned that some members of the Islamic State, including U.S. and French citizens, were planning the attacks, the targets of which also included subway systems in France. The plot is still in an active stage, Abadi says, adding that the intelligence Baghdad has about the plans is credible. Abadi says he does not know whether or not such attacks are imminent. But Ben Rhodes, President Obama's deputy national security adviser, says the U.S. needs to review intelligence assessments provided by the Iraqis to confirm whether such a plot is really in the works. American intelligence and law enforcement officials also say they have seen no evidence that suggests the Islamic State is preparing to attack subway systems in the U.S. and France. Abadi's remarks came during an interview given at the United Nations, where the Security Council approved new rules intended to stop individuals from traveling to Iraq or Syria to fight with militant groups and to prevent those who have from returning to their home countries.


Murky al-Qaida Cell in Syria is Dealt Blow but Not a Knockout, U.S. Officials Say
Washington Post (09/25/14) DeYoung, Karen; Miller, Greg

U.S. intelligence agencies said Wednesday they are still trying to confirm whether Mushin al-Fadhli, the leader of an al-Qaida offshoot in Syria known as Khorasan, was killed in American airstrikes earlier this week. Officials believe the airstrikes, which were carried out as part of American attacks against the Islamic State, did kill at least one of the group's leaders, although they are not sure who. But officials add that even if al-Fadhli was killed, his death will not spell the end of Khorasan, a group the Obama administration believes was on the verge of carrying out a major terrorist attack against Western targets. American intelligence agencies have become increasingly concerned about the once-unknown group in part because there have been indications that operatives from al-Qaida in the Arabian Peninsula, possibly including some with knowledge about how to make bombs that could go undetected by airport security technologies, have traveled to Syria to work with Khorasan. Former State Department counterterrorism official Daniel Benjamin said those reports were concerning because such undetectable bombs could be more easily moved into Europe if they were brought to Syria. Indeed, American intelligence agencies found that Khorasan was considering ways to smuggle explosives onboard airplanes. Worries about that potential threat lead to increased security at some airports over the summer.


U.S. Doing a Better Job of Preventing 'Homegrown' Jihadist Attacks
Fierce Homeland Security (09/25/14) Sarkar, Dibya

Federal officials are still concerned about the threat from homegrown jihadists, but a new report from the Bipartisan Policy Center suggests that the United States is as difficult a target for them as it is for foreign terrorists. This may be because of systemic security checks, the public's reporting of suspicious activity, and the willingness of Muslim communities to report potential terrorist activity, the report found. Of the 50 plots against the United States since 9/11, only eight were directed by a foreign terrorist organization, the report says. The authors noted that a major threat is "limited," but that the United States should be prepared for smaller attacks, such as the Boston Marathon bombing. The report also discussed the problem of U.S. citizens fighting for terrorist organizations overseas, which it said is a challenge because it is difficult to prevent such travel. About 100 Americans reportedly have joined or tried to join the Islamic State as foreign fighters.


New Details in Fence-Jumping Reveal Failures in Security Rings Around White House
Washington Post (09/24/14) Leonnig, Carol D.; Fahrenthold, David A.

A preliminary review of the fence jumping incident that occurred at the White House on Sept. 19, in which Omar J. Gonzalez made it inside the mansion before being apprehended, found that the Secret Service security perimeter failed at five points. Plain clothes agents on duty outside the fence failed to spot Gonzalez and an officer in a guard booth near where Gonzalez scaled the fence was unable to stop him. An attack dog trained to take down intruders appears not to have been released in time, while a SWAT team that roves the White House lawn was unable to catch Gonzalez, though it was pursuing him. This last failure could be because some or all of the team's members were on the South Lawn just 10 minutes beforehand to guard the president's departure by helicopter. Finally, the unlocked door Gonzalez entered was unguarded for no apparent reason. Gonzalez was finally apprehended by a plain clothes agent on patrol inside the White House. Video of the incident shows Gonzalez being pursued by armed agents and another agent pointing his weapon at the intruder as he entered the White House. Some former Secret Service officials expressed surprise that Gonzalez was not shot as he approached the entrance, which Secret Service policy allows.


Turnover at the Top Has DHS Unsettled
Washington Post (09/22/14) Markon, Jerry; Nakashima, Ellen; Crites, Alice

High levels of turnover at the Department of Homeland Security (DHS), particularly among senior officials, is reportedly hurting the department's ability to stay on top of potential terrorist and cyberattacks. The number of members of DHS's Senior Executive Service who left the department last year was 56 percent higher than it was in 2012, while the federal government as a whole saw virtually no change in the number of these employees who left. Meanwhile, the Office of Personnel Management (OPM) reports that the number of permanent DHS employees who left their jobs with the department increased by 31 percent between 2010 and 2013, compared to a 17 percent increase for the federal government as a whole. The high levels of turnover have been attributed to a number of factors, including low morale and salaries that are lower than what employees can make at private security consultancies. Current and former DHS officials say the high turnover is hurting the department's efforts to track Islamic extremists and analyze and respond to cyberattacks against federal and private-sector computer networks. But Deputy Homeland Security Secretary Alejandro Mayorkas says turnover has not affected the department's ability to protect the country. He added that DHS is working with a consultant to improve morale.




Home Depot Was Hacked by Previously Unseen 'Mozart' Malware
Wall Street Journal (09/24/14) Banjo, Shelly; Yadron, Danny

A report issued by the Department of Homeland Security on Wednesday warns that a previously unseen piece of malware called Mozart was used in the recent Home Depot data breach. Officials say the software appears to have been customized for Home Depot's computer systems. Mozart was designed to steal credit card numbers and act in way that was similar to code used in other large security breaches. However, Mozart stole data in different ways to avoid detection by security software. Home Depot confirmed that the software did indeed appear to be custom made for an attack against it. The company said Mozart used fake file names that blended in with real files unique to Home Depot technology. Home Depot was exploited for five months, and 56 million credit and debit cards may have been exposed. The breach was much larger than the previous attack on Target. Home Depot officials say the company has since been investing in new security technologies to protect against new threats.


New 'Bash' Software Bug May Pose Bigger Threat Than 'Heartbleed'
Reuters (09/24/14) Finkle, Jim

Computers running Unix-based operating systems, including Linux and Mac OS X, can be completely compromised by an attacker who successfully exploits a vulnerability that exists in a commonly used Unix application, cybersecurity experts say. They warn the software flaw could be a greater security threat than the recent Heartbleed bug. The vulnerability is present in Bash, an application developed by the Free Software Foundation that is used to control the command prompt in many Unix computers. Security experts believe an attacker could exploit the flaw to gain complete control over a machine running an OS that uses Bash and accesses sensitive information. Trail of Bits CEO Dan Guido notes carrying out such an attack would be relatively easy. "You can just cut and paste a line of code and get good results," he says. Guido notes an attack that takes advantage of the Heartbleed flaw would enable an attacker to spy on a computer but not gain complete control over the machine, which makes the Bash bug more dangerous. Linux providers have developed patches for the Bash flaw, but it is unclear whether a similar patch is available for OS X. "Everybody is scrambling to patch all of their Internet-facing Linux machines," says Veracode's Chris Wysopal. "It could take a long time to get that done for very large organizations with complex networks."


Significant Security Flaws Plague Controversial 'Healthcare.Gov,' Audit Finds
Homeland Security Today (09/24/14) Vicinanzo, Amanda

Healthcare.gov has significant security flaws that, if exploited, could result in consumers' personal information being compromised, the Government Accountability Office (GAO) reports. The GAO reported that when Healthcare.gov was first launched last fall, its security flaws included incomplete security plans and privacy documentation, incomplete security tests, and a lack of an alternate processing site in case of a major service disruption. GAO also found that, when Healthcare.gov was launched, the Centers for Medicare and Medicaid Services (CMS) allowed four states to connect to the site's data hub even though they had not completed all CMS security requirements. GAO issued a number of recommendations for improving the security of Healthcare.gov. For instance, the agency is calling for all of the site's security plans meet the guidelines required by the National Institute of Science and Technology.


43 Percent of Companies Had a Data Breach in the Past Year
USA Today (09/24/14) Weise, Elizabeth

According to a recent Ponemon Institute report, 43 percent of companies have experienced a data breach in the last year, up 10 percent from a year ago. Michael Bruemmer, vice president of the credit information company Experian's data breach resolution group, said that the size of security breaches is growing, noting, "particularly beginning with last quarter in 2013, and now with all the retail breaches this year, the size had gone exponentially up." He noted that more than 80 percent of the breaches his firm works with "had a root cause in employee negligence," such as giving out passwords, spearphishing, lost USBs, and mishandled files. The study also found that even though breaches are on the rise, 27 percent of companies did not have a data breach response plan or team in place, down from 39 percent one year ago. And of those firms with such plans or teams, only 30 percent of employees believe their firms are effective or very effective at creating response plans and teams. Only 3 percent of companies review their plans quarterly, and 37 percent had not reviewed their plan since it was first adopted.


High-Volume DDoS Attacks on the Rise
Help Net Security (09/23/14)

More than 90 percent of distributed denial-of-service attacks detected lasted less than half an hour, indicating latency-sensitive websites should be prepared to implement security solutions that support rapid response, according to an NSFOCUS study. The study also found more than half of DDoS attacks were above 0.2 Mpps in the first half of this year, climbing from about 16 percent. In addition, more than 2 percent of attacks were launched at a rate exceeding 3.2 Mpps. HTTP Flood, TCP Flood, and DNS Flood were the top three attack types, comprising 84.6 percent of all attacks. DNS Flood attacks remained the most popular attack strategy, responsible for 42 percent of all attacks. Attacks that targeted Internet service providers rose 87.2 percent, enterprise-focused attacks increased by 100.5 percent, and online gaming hacks rose 60 percent. Finally, the longest single attack lasted 228 hours, while the single largest attack in terms of packet-per-second (pps) reached a volume of 23 million pps. "The most popular attacks we see are DNS reflection and NTP," says GigeNET founder Ameen Pishdadi. "NTP was huge at beginning of the year and were substantially larger then normal, now that the NTP bug has been plugged and time has gone by that enough servers have been patched the volume in size and frequency has gone down significantly."


Abstracts Copyright © 2014 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Security Management Online | ASIS Online

No comments: