CSCSS/DIG Weekly Summary 17-21 Oct 2014

Effective: 17 October 2014

Validity Period: 17 Oct – 21 Oct 2014

CYBER INTELLIGENCE SUMMARY

EXECUTIVE SUMMARY

Para 2. iSight discovers Russian cyber espionage network

Para 8. Hong Kong Protesters

INTRODUCTION

1. This is a cyber intelligence summary based on a variety of sources, expertise and analysis. It is intended as a weekly summary of events and incidents that may impact on computer security and / or computer operations. This is a general information product for executive awareness.

GENERAL

2. iSight discovers Russian cyber espionage network: iSight, a computer security firm, announced on Oct 14^th that it had discovered a major Russian cyber espionage network. iSight named the campaign “Sandworm” because of references to the “Dune” series of books, hidden in its code. The malware uses a vulnerability in all Microsoft Windows versions starting with Vista. Sandworm was probably initially directed at targets in Poland. Currently it has attacked:

• NATO Sites,

• Ukrainian government organizations,

• Western European government organization,

• Energy Sector firms (specifically in Poland),

• European telecommunications firms, and

• United States academic organizations.

3. iSight worked with Microsoft to close the vulnerability. A patch has been released by Microsoft. It should be applied to all Windows Vista and newer versions of Microsoft Windows. iSight admitted in a webcast, it can not identify all of Sandworms targets. They do not know how extensive it is or who else may be using the vulnerability. Analysis is ongoing.

4. Consumers Tuning Out Computer Hacks: Multiple media reports this week noted that both consumers and businesses are “tuning out” news of computer hacks. Yahoo Finance¹ reported on Oct 8^th that despite reports of security breaches at banks such as JP Morgan Chase and major retailers like Home Depot consumer response is indifference. Consumer response as tracked: by stock sales, retail sales, and social media show little or no change in response to the breaches. The article suggests that the biggest reason for not paying attention to attacks is American consumers believe they are not paying a price for them.

5. In UK news² a 54% increase in cyber crime last year was reported at the World Cities Conference by Met Police Commissioner Sir Bernard Hogan-Howe and Donald Toon, director of the economic crime command at the National Crime Agency (NCA). They went on to say that many businesses have operations centers running 24/7 but are loath to report cyber crime due to legal requirements. Other issues include: the belief that police will not protect the business privacy, that breaches will have a negative impact on brand and share value, and finally that businesses don’t trust the police.

6. Computer Weekly reported that former White House cyber security co-ordinator Howard Schmidt said that “computer security is failing in execution”³. He noted many threats are persistent but are for vulnerabilities that have already been resolved but the patches were not applied. He also noted that computer users ignore [security] warnings in their rush to get things done. Schmidt says he sees the capability to do what is necessary in many organizations, they just have to focus on the execution of those capabilities.

7. COMMENT: The complaint that ‘computer security is failing’ is increasing in frequency and volume. Last year an estimate 440 Billion U.S. dollars was spent on computer security. This year has seen an increase in the number and severity of breaches – despite the resources expended. Para 4 documents consumers tuning out. This increases the risk for businesses as customers become less focused on security. Businesses that don’t or won’t co-operate in a security environment (para 5 refers) remain vulnerable.

8. Hong Kong Protests: The last 48 hours have local and regional media coverage of police removing the barricades placed by pro-democracy demonstrators. Media in the People’s Republic of China continue to call for an end to the protests while showing orderly removal of barricades. The South China Morning Post reported “chaos” in one area as police use batons, pepper spray and dogs to control and remove protestors⁴.

9. COMMENT: There does not appear to be a trigger event that has activated a wider protest. It should be noted that as this summary is being written it is the weekend in Hong Kong and more student protestors will have time to take to the streets.

ASSESSMENT

10. iSight discovers Russian cyber espionage network: The threat to most networks and systems is ASSESSED as LOW. Sandworm is targeted malware and should not affect most systems.

11. Microsoft Patch: It is STRONGLY RECOMMENDED that all Microsoft Windows systems, Vista and newer, be patched as soon as possible to prevent any other group or malware from taking advantage of the vulnerability.

12. Computer Security “Tune Out”: It is ASSESSED that the combination of exaggerated reporting, exaggerated marketing claims and lack of direct impact on consumers will result in a ‘backlash’ against computer security companies and practices. This in turn will PROBABLY increase companies internal vulnerability as employees ignore computer security warnings. The average consumer will also probably ‘tune out’ computer security warnings, increasing their risk.

David Swan CD

CSCSS Defence Intelligence Group writing Cyber Intelligence is a services division within CSCSS. We define Cyber Intelligence as ‘forecasting aggressor cyber activities’. Our services provide our clients with assessments and forecasts of cyber attacks that may impact them, as tools for: strategic planning, operational support and response.

For additional detail on this cyber intelligence report including amplyfing information, comments, assessment and / or specific recommendations, contact David Swan, Executive Vice President, CSCSS Defence Intelligence Group