ISIS use of Cyber Presentation

Very interesting presentation coming up at The George Washington University on the terror group ISIS’ use of social media and cyber attacks:

ISIS Cyber

For more information visit the college’s website.

Advertisements

Community Health Systems Hacked – 4.5 Million Records Stolen

Medical Recrods Hacked

Chinese hackers seem to be at it again. This time hitting Community Health Systems, a large US medical group that runs over 200 hospitals in 29 states. According to reports from Foxnews, the attackers were able to steal 4.5 million records.

A filing with the U.S. Securities and Exchange Commission stated that computer security company Mandiant assisted in the forensics investigation and “believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems.

According to the filing the data was “non-medical patient identification data” and did not include “patient credit card, medical or clinical information“. The company is notifying the affected patients and apparently offering them identity theft protection services.

As financial information was not recovered, the information would most likely be used in further social engineering type attacks – for example, using the information gained to attempt to access patients accounts or data from other companies or websites.

For those interested in learning more about Mandiant and their research of Chinese APT attacks, check out their “APT1: Exposing One of China’s Cyber Espionage Units” intelligence center report.

Real Time Worldwide Cyber Attack Map

real time hacker map 2

IPViking” (what a great name!) by Norse Security provides a real time threat intelligence cyber attack board where you can see a graphical representation of live detected cyber attacks.

More of a straight numbers person? They also provide a running tally of attacks per country for those who just want the facts without the bling:

live cyber attacks by country

According to the website, “Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports).”

The real time map is pretty fascinating to watch, for instance I saw a concentrated attack against a specific US IP from multiple IP addresses in South Africa.

Check it out!

 

 

Cyber Conflict in the Crimea – Russia already on the Offensive

updated 3/4/2014 -As Russian troops surround military bases in Ukraine, the attacks in the cyber realm have already begun. Ukraine lawmakers are reporting that Russians are attacking their mobile phones.

I confirm that an IP-telephonic attack is under way on mobile phones of members of Ukrainian parliament for the second day in row,” said Valentyn Nalivaichenko, head of Ukraine’s SBU security service.

At the entrance to (telecoms firm) Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation.

Russia, looking more and more like Cold War Soviet Union under Putin, has moved combat troops across the Crimean Peninsula. The move is very reminiscent of the Russian invasion of Georgia in 2008.

And as Russian troops attacked Georgia on the ground, they also flooded them with cyber attacks. This has led many wondering when Russia’s very capable cyber forces would begin attacking the Ukraine’s Infrastructure.

Well, it would seem the moves have already begun.

On Friday, Ukraine’s largest telecom company announced that voice and data connectivity between Crimea and the rest of Ukraine had been interrupted. Remember that this also happened in Georgia when Russian troops invaded.

Though it would seem from reports that instead of using cyber attacks to accomplish this, Russian troops physically cut and sabotaged power and communication lines.

Also, the propaganda machine seems to be in full swing as Pro-Ukraine messages and sites have been blocked on Russian social media sites. News media has been involved too.

There seems to be a marked difference between the English and Russian version of news site RT.com, with the English version being very critical of US and Ukraine, while the Russian version is very different. This hasn’t seemed to escape the attention of pro-Ukraine hackers, as RT.com was apparently hacked on Sunday.

The word “Nazi” was inserted in several places on the English version of the main page:

RT.com acknowledged that they had been hacked, and the page was restored within a short amount of time.

But will Ukraine be as susceptible to Russian cyber attacks as Georgia was? It would appear that though not a member of NATO, Ukraine has recently worked with them to address security issues.

In November NATO and partner members examined cyber security strategies in Ukraine. Volodymyr Porodko, Deputy Chairman of the Security Service of Ukraine stressed its importance, “The relevance of cyber security as a component of national security is driven by the global tendency of unlawful activity being transferred into the virtual realm. This problem does not concern only the interests of the state and society as a whole, but has a direct bearing on every individual.”

But has enough been done to protect Ukrainian infrastructure from Russian hackers?

According to reports, Ukraine does have a capable cyber force and will likely pull a lot of support from western hacktivists. And Russia does have more critical online systems than Ukraine.

Only time will tell how this will play out, but for now, all eyes are on the Crimea.