If you are having trouble viewing this email, click here to view this online

 

VOLUME 25

   ISSUE 25

14 August  2013

Article of the Month Around the World

Benefits of Sensor Deployment at Internet Service Providers to Mitigate Cyber Threats

Part 02 

Threat monitoring and response

The Threat Visualization & Analysis System (TVAS) helps to analyze and identify the alerts generated from the sensors. This helps to analyze near real-time sensor data as well as data that is gathered off-line. These threats fall in to various categories as follows.

A. Unauthorized Scans performed from other networks
B. Identified P2P worm activities
C. Spybot-infected hosts which connect to well known C&C servers
D. Spam relaying servers
E. DDOS attacks

The TVAS is capable of automatically filtering the threats relevant to each ISP. This is a feature which enables effective coordination to proactively mitigate attacks carried out to and from each ISP network.

Figure 3: This graph shows the IP's under attack and the confidence level of the threat

 

Figure 4: This chart shows the types of different malware identified through the analysis


 Figure 5: The identified incoming and outgoing threats to Sri Lanka at a given time


Figure 6: An alert on a specific threat appearing on Sri Lanka CERT|CC website

ISP's responsibility

The infected hosts within an ISP network are used for various malicious activities. These include carrying out denial of service attacks against other servers, generating SPAM and spreading malware. Once the reports identify that a particular IP is infected by a malware or being used to host a phishing site a comprehensive report containing a list of infected IP's within the ISP network is sent to the designated contact person of the ISP.

Figure 7: A sample report sent to an ISP

Conclusion

By cleaning up our local cyberspace we are able to tell the cyber criminals that ours is not the low hanging fruit. This is a favorite discussion topic at security forums, but not always diligently practiced. As a nation, deploying sensor networks is one easy way to ensure that we are not an easy target, whilst avoiding a large portion of potential threats. It also helps to educate the general public as well as to tap the expertise of Sri Lanka CERT | CC, which is the single trusted source of advice about the latest threats and vulnerabilities affecting computer systems and networks.

Kanishka Yapa
Senior Information Security Engineer
Sri Lanka CERT|CC

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

.
.
 

 
   
  Honeypots Lure Industrial Hackers into the Open
   

'Just 18 hours after security researcher Kyle Wilhoit connected two dummy industrial control systems and one real one to the Internet, someone began attacking one of them, and things soon got worse. Over the course of the experiment, conducted during December 2012, a series of sophisticated attacks were mounted on the “honeypots,” which Wilhoit set up to find out how often malicious hackers target industrial infrastructure.'

  China’s Military Preparing for ‘People’s War’ in Cyberspace, Space
   

'.... China’s military is preparing for war in cyberspace involving space attacks on satellites and the use of both military and civilian personnel for a digital “people’s war,” according to an internal Chinese defense report.......'

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech Browser lockdown method also used by PayPal

   
   

'.... Cybercrooks on an underground forum have developed a technique to bypass anti-Trojan technology from Trusteer used by financial institutions worldwide – including HSBC and Paypal – to protect depositors from cybersnoopers.......'

If you think cybercrime is scary now, just wait until hackers can control and monitor every object in your environment

   

'.... Recent work by security researchers indicates that one of the problems with having a “smart” home is that some day, it might be smart enough to attack you. The essence of the forthcoming “internet of things” is that everything we own, from ourrefrigerators and egg cartons to our cars and thermostats, will some day be outfitted with internet-connected sensors and control systems, allowing all our possessions, and ultimately all of our civic infrastructure, to communicate with each other and be controlled remotely.......'

Volkswagen sues UK university after it hacked sports cars

'.... In a statement, the university said it will "defer publication" of an academic paper, which explains how researchers were able to hack the sophisticated systems......'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in July  2013
 
   
 Fake + Harassment
 Hacked
 Abuse
 Other
   
  Gender wise
 
   
 Female
 Male
   
  Statistics - Sri Lanka CERT|CC

Alerts

Twitter turns to app-based two-factor authentication

'.... When Twitter finally offered 2-factor authentication for its users in May, many were disappointed by the offering as its usefulness hinged on verification codes being delivered via SMS, and the feature didn't work with many mobile carriers.But as it turns out, the solution was only temporary, and now a much stronger and easier to use alternative has been added.......'

Expect more Android security issues in 2013

'.... Android vulnerabilities, increased online banking threats and availability of sophisticated, inexpensive malware toolkits are among the growing concerns cited in Trend Micro's Q2 2013 Security Roundup Report.The report describes cyber-security threats from the previous quarter combined with analysis toevaluate and anticipate emerging attacks.......'

SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones

'.... Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there’s still one part of your mobile phone that remains safe and un-hackable: your SIM card.Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud........'

PIN-Punching Robot Can Crack Your Phone's Security Code In Less Than

 
 

'.... There’s nothing particularly difficult about cracking a smartphone’s four-digit PIN code. All it takes is a pair of thumbs and enough persistence to try all 10,000 combinations. But hackers hoping to save time and avoid arthritis now have a more efficient option: Let a cheap, 3D-printable robot take care of the manual labor.At the Def Con hacker conference in Las Vegas early next month, security researchers Justin Engler and Paul Vines plan to show off the R2B2, or Robotic Reconfigurable Button Basher, a piece of hardware they built for around $200 that can automatically punch PIN numbers at a rate of about one four-digit guess per second, fast enough to crack a typical Android phone’s lock screen in 20 hours or less.......'

What Security Researchers Need to Know About the Law

 

 

'.... Security researchers often walk a very thin line between what is legal and what is illegal, and knowing the difference is not all that easy, especially given the current state of the law.So what do security researchers need to know about the law?.......'

 
Notice Board
  Training and Awareness Programmes - August 2013
  
DateEventVenue
- August 5 – 12 Workshop for “e-Thaksalawa” Learning Content Management System ICT Laboratory, Ministry of Education
- August 21-22, 26-27, 29-30 Web development training for newly recruited graduate ICT teachers ICT Laboratory, University of Kelaniya 
- August 16 Workshop for preparation of “Isuru Linux” training module ICT Laboratory, Ministry of Education
- August 21-23 Training Programme on Isuru Linux ICT Laboratory, Ministry of Education
- August 26-28 Training Programme on Isuru Linux ICT Laboratory, Ministry of Education
- August 26-30 Workshop preparing html Content ICT Laboratory , National Institute Education, Maharagama
- August 26-30 Content Development for Science / Maths/English/Sinhala/Arts Language laboratory , National Institute Education, Maharagama
- August 12–18, 21-25, 26-30 Hardware & network solution training Apprentice Training Institute, Moratuwa
- August 24-29

Annual hardware maintenance programme

Schools in North Central Province

Brought to you by: