If you are having trouble viewing this email, click here to view this online
 |
| |
VOLUME 25 |
ISSUE 25 |
14 August 2013 | |
| | Article of the Month | | | | Around the World | |
Benefits of Sensor Deployment at Internet Service Providers to Mitigate Cyber Threats | |
Part 02
Threat monitoring and response
The Threat Visualization &
Analysis System (TVAS) helps to analyze and identify the alerts
generated from the sensors. This helps to analyze near real-time sensor
data as well as data that is gathered off-line. These threats fall in to
various categories as follows.
A. Unauthorized Scans
performed from other networks
B. Identified P2P worm activities
C. Spybot-infected hosts which connect to well known C&C servers
D. Spam relaying servers
E. DDOS attacks
The TVAS is capable of
automatically filtering the threats relevant to each ISP. This is a
feature which enables effective coordination to proactively mitigate
attacks carried out to and from each ISP network.
Figure 3: This graph shows the IP's under
attack and the confidence level of the threat
 | | | | | |
Figure 4: This chart shows the types of
different malware identified through the analysis
Figure 5: The identified incoming and outgoing threats to Sri
Lanka at a given time
Figure 6: An alert on a specific threat appearing on Sri
Lanka CERT|CC website
ISP's responsibility
The infected hosts within an ISP network are used for various malicious
activities. These include carrying out denial of service attacks against
other servers, generating SPAM and spreading malware. Once the reports
identify that a particular IP is infected by a malware or being used to host
a phishing site a comprehensive report containing a list of infected IP's
within the ISP network is sent to the designated contact person of the ISP.
Figure 7: A sample report
sent to an ISP
Conclusion
By cleaning up our local cyberspace we are able to tell the cyber criminals
that ours is not the low hanging fruit. This is a favorite discussion topic
at security forums, but not always diligently practiced. As a nation,
deploying sensor networks is one easy way to ensure that we are not an easy
target, whilst avoiding a large portion of potential threats. It also helps
to educate the general public as well as to tap the expertise of Sri Lanka
CERT | CC, which is the single trusted source of advice about the latest
threats and vulnerabilities affecting computer systems and networks.
Kanishka Yapa
Senior Information Security Engineer
Sri Lanka CERT|CC
References | | |
1 Statistics on the Internet growth in Sri Lanka | | |
http://www.trc.gov.lk/images/pdf/ | | |
statis_sep_2012.doc | | |
2.The Dragon Research Group (DRG) | | |
http://www.dragonresearchgroup.org/ | |
3.TSUBAME (Internet threat
monitoring system) from JPCERT | CC | | |
https://www.jpcert.or.jp/english/tsubame/ | | |
4.Shadowserver Foundation | | |
http://www.shadowserver.org/wiki/ | | |
5. Team Cymru | | |
http://www.team-cymru.com | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | . | | | . |
| | | | | | | | | | | | | | | | | | | | |
| |  | |
| |
|
 |
| |
 |
Honeypots Lure Industrial Hackers into the Open |
| |
|
'Just 18 hours after security researcher Kyle Wilhoit connected two dummy
industrial control systems and one real one to the Internet, someone began
attacking one of them, and things soon got worse. Over the course of the
experiment, conducted during December 2012, a series of sophisticated attacks
were mounted on the �honeypots,� which Wilhoit set up to find out how often
malicious hackers target industrial infrastructure.' | |
| |
|
| |
|
China�s Military Preparing for �People�s War� in Cyberspace, Space |
| |
|
'.... China�s military is preparing for war in cyberspace involving space
attacks on satellites and the use of both military and civilian personnel
for a digital �people�s war,� according to an internal Chinese defense
report.......' |
|
|
|
|
|
REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech
Browser lockdown method also used by PayPal |
|
| |
|
 | |
| |
|
'.... Cybercrooks on an underground forum have developed a technique to bypass
anti-Trojan technology from Trusteer used by financial institutions worldwide
� including HSBC and Paypal � to protect depositors from cybersnoopers.......' |
|
|
If you think cybercrime is scary now, just wait until hackers can control and monitor every object in your environment |
|
|
 |
| |
|
'.... Recent work by security researchers indicates that one of the problems
with having a �smart� home is that some day, it might be smart enough to
attack you. The essence of the forthcoming �internet of things� is that
everything we own, from ourrefrigerators and egg cartons to our cars and
thermostats, will some day be outfitted with internet-connected sensors and
control systems, allowing all our possessions, and ultimately all of our
civic infrastructure, to communicate with each other and be controlled
remotely.......' |
|
|
|
|
|
Volkswagen sues UK university after it hacked sports cars |
|
|
 | | | | |
|
|
'.... In a
statement, the university said it will "defer publication" of an
academic paper, which explains how researchers were able to hack the
sophisticated systems......' | |
|
|
Month in Brief |
|
Facebook Incidents
Reported to Sri Lanka CERT|CC in July 2013 |
| |
 |
| |
| | | | Fake + Harassment | | | | Hacked | | | | Abuse | | | | Other |
| |
|
| |
Gender wise |
| |
 |
| |
| | |
|
|
|
| |
Statistics - Sri Lanka CERT|CC |
|
|
|
Alerts | |
Twitter turns to app-based two-factor authentication | |
| |
 | |
'.... When Twitter finally offered 2-factor
authentication for its users in May, many were disappointed by the
offering as its usefulness hinged on verification codes being delivered
via SMS, and the feature didn't work with many mobile carriers.But as it turns out, the solution was only temporary, and now a much
stronger and easier to use alternative has been added.......' | |
| |
Expect more Android security issues in 2013 | |
 | |
'.... Android vulnerabilities, increased online banking threats and
availability of sophisticated, inexpensive malware toolkits are among the
growing concerns cited in Trend Micro's Q2 2013 Security Roundup Report.The
report describes cyber-security threats from the previous quarter combined
with analysis toevaluate and anticipate emerging attacks.......' | |
SIM Cards Have Finally Been
Hacked, And The Flaw Could Affect Millions Of Phones | |
 | |
'.... Smartphones are
susceptible to malware and carriers have enabled NSA snooping, but the
prevailing wisdom has it there�s still one part of your mobile phone that
remains safe and un-hackable: your SIM card.Yet after three years of
research, German cryptographer Karsten Nohl claims to have finally found
encryption and software flaws that could affect millions of SIM cards, and
open up another route on mobile phones for surveillance and fraud........' | |
PIN-Punching Robot Can Crack Your Phone's Security Code In Less Than | | |
 | | |
'.... There�s nothing
particularly difficult about cracking a smartphone�s four-digit PIN code.
All it takes is a pair of thumbs and enough persistence to try all 10,000
combinations. But hackers hoping to save time and avoid arthritis now have a
more efficient option: Let a cheap, 3D-printable robot take care of the
manual labor.At the Def Con hacker conference in Las Vegas early next month,
security researchers Justin Engler and Paul Vines plan to show off the R2B2,
or Robotic Reconfigurable Button Basher, a piece of hardware they built for
around $200 that can automatically punch PIN numbers at a rate of about one
four-digit guess per second, fast enough to crack a typical Android phone�s
lock screen in 20 hours or less.......' | |
What Security Researchers Need to Know About the Law | | |
 | | |
'.... Security researchers often
walk a very thin line between what is legal and what is illegal, and knowing
the difference is not all that easy, especially given the current state of
the law.So what do security researchers need to know about the law?.......' |
| | |
| | | | Notice Board | | | | Training and Awareness Programmes
- August 2013 | | | | |
| | | | | Date | Event | | Venue | |
| | | | | - |
August 5 � 12 |
Workshop for
�e-Thaksalawa� Learning Content Management System | |
ICT Laboratory, Ministry
of Education | | | - |
August 21-22, 26-27, 29-30 |
Web development training
for newly recruited graduate ICT teachers | | ICT
Laboratory, University of Kelaniya | | |
- |
August 16 |
Workshop for preparation
of �Isuru Linux� training module | |
ICT Laboratory, Ministry
of Education | |
- |
August 21-23 |
Training Programme on
Isuru Linux | |
ICT Laboratory, Ministry
of Education | |
- |
August 26-28 |
Training Programme on
Isuru Linux | |
ICT Laboratory, Ministry
of Education | |
- |
August 26-30 |
Workshop preparing html
Content | |
ICT Laboratory , National
Institute Education, Maharagama | |
- |
August 26-30 |
Content Development for
Science / Maths/English/Sinhala/Arts | |
Language laboratory ,
National Institute Education, Maharagama | |
- |
August 12�18, 21-25, 26-30 |
Hardware & network
solution training | |
Apprentice Training
Institute, Moratuwa | |
- |
August 24-29
|
Annual hardware
maintenance programme | |
Schools in North Central
Province |
|
| | | | | Brought to you by: | |
| |
 | |
|
|