Black Hat Asia 2015: Target: Malware

From: InformationWeek | DarkReading

Hostile software is ever evolving, and Black Hat-associated research is one of the key loci of information on monitoring, defending against, and nullifying it. With that in mind, today we’ll preview a quartet of interesting malware-related Briefings from Black Hat Asia 2015.

Malware commonly turns to API-wrapping techniques to obfuscate API calls, which makes it difficult to reverse-engineer the code. The old way of dealing with this, binary pattern matching, is easily defeated by simply changing the obfuscation pattern. What’s needed is a more robust deobfuscation scheme … how about one based on memory access analysis? API Deobfuscator: Identifying Runtime-Obfuscated API Calls via Memory Access Analysis will detail just such a scheme, which can generate maps between obfuscated API calls and their true invocations. And so the arms race continues.


Using a SIEM to Identify Cryptolocker

From: Network World Asia

By  Bryan Borra

We are seeing more cases of the Cryptolocker/CryptoWall family of malware. Also known as “ransomware”, this type of attack is delivered through spear-phishing methods such as an email attachment. Users must pay a ransom before a set deadline passes or all their files will remain  encrypted. Cryptolocker uses a number of techniques (HTTPS, P2P, TOR) to mask its command and control communications.

Security information and event management (SIEM) technology combined with threat intelligence can be effectively used to detect this type of attack. We recommend you ask your MSSP or SIEM Administrator to create the following use cases:


DHS shutdown: ‘There’s an opportunity cost’

From: FCW

By Mark  Rockwell

Federal agencies won’t lose their existing Department of Homeland Security cyber protections if a DHS spending bill is not enacted this week, but big cyber projects and the security workforce could face longer-term, less tangible effects.


In remarks at a Feb. 20 American Bar Association event, Andy Ozment, assistant secretary of the Office of Cybersecurity and Communications within NPPD, said that a shutdown “grinds to a halt” CDM and Einstein 3A. His comments echoed his Feb. 12 testimony before the House Homeland Security Committee’s Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee that a shutdown could force a furlough of 140 staff members at the National Cybersecurity and Communications Integration Center, as well as stall Einstein and CDM efforts.


Continuous Diagnostics and Mitigation capability requirements need re-prioritization

From: Help-Net Security

by Nir Polak – CEO of Exabeam

There is a lot to like in the $6 billion Continuous Diagnostics and Mitigation (CDM) program being administered by the DHS across more than 100 federal civilian agencies. The DHS has done an excellent job creating 15 different capabilities broken up into four implementation phases that agencies need to have to strengthen their cybersecurity postures.

These measures will also be used to build cybersecurity dashboards that will be reviewed by the Office of Management and Budget (OMB) for determining funding levels and will get congressional review.


Enter the hackers: Cyber-criminals target SCADA embedded systems

From: SourceSecurity.com

By Vicki Contavespi

The Bipartisan Policy Center, the Industrial Control Systems Cyber Emergency Response Team, which is part of the U.S. Department of Homeland Security, reports responding to 198 cyber incidents in fiscal year 2012 across all critical infrastructure sectors. Forty-one percent of these incidents involved the energy sector, particularly electricity, according to a February 2014 report. Considering the enormity of the system, it soon becomes clear that 198 events is the very tip of an enormous iceberg.



FedRAMP Plan of Action and Milestones (POA&M) Template Completion Guide

Editor’s Note: The FedRAMP Plan of Action and Milestones (POA&M) Template Completion Guide, Version 1.o (.docx) is attached here.  The following is an excerpt.

1.1. Purpose

The purpose of the POA&M is to facilitate a disciplined and structured approach to mitigating risks in accordance with the CSP’s priorities. The POA&Ms include the findings and recommendations of the security assessment report and the continual security assessments.

FedRAMP uses the POA&M to monitor progress in correcting weaknesses or deficiencies noted during the security control assessment and throughout the continuous monitoring process.

The POA&Ms are based on the:


Putting the Pieces Together: Continuous Monitoring – Continuous Diagnostics – Authority to Operate – FISMA and OMB Memos Training Workshop for Government

From: Potomac Forum Limted | Government Employees: Early Bird Registration Fee: $795 before February 28th

How does FISMA 2.0, the recent changes in NIST (NIST Special Publication 800-53, Revision 4), and OMB Security Mandates (M-14-03 and M-14-04) affect the way Government Executives, Managers and Staff implement or manage a government information security program

Tuesday, March 24, 2015


Information systems security is considered one of the top priorities for most CIOs and agency heads.  There are many pieces to security management, compliance and reporting requirements.   The new FISMA regulation emphasizes on the importance of including an Information Security Continuous Monitoring (ISCM) program as part of agencies Information Technology (IT) Security Program. With new FISMA requirements on one hand and OMB requirements/DHS reporting requirements and NIST special guidance and standards on the other hand, many executives, managers and staff often  face challenges trying to comply with security regulations while maintaining an increasingly resilient IT security and privacy management Program.


Legislation and the future of federal cybersecurity

From: FCW

By John Lainhart, Dan Chenok

Cybersecurity continues to be at the forefront of national focus, thanks to Congress’ passing and the president’s signing of three cybersecurity-related bills last December.


The act enables federal agencies to be more effective in developing and implementing protective strategies against network intruders. It continues and updates the risk management framework that has been a core tenet of the Federal Information Security Management Act and encourages agencies to use automated security tools to continuously diagnose and mitigate security vulnerabilities. It also codifies the Department of Homeland Security’s role in overseeing the implementation of policy and guidelines for federal civilian agencies.


$1bn cyber heist underlines need for detection, say security experts

From: ComputerWeekly.com

Warwick Ashford

The theft of up to $1bn from financial institutions worldwide, in the most daring cyber crime of its kind to date, underlines the need for continuous monitoring and faster intrusion detection, say security experts.

Some believe the attacks mark a new phase in the evolution of cyber criminal activity, raising the bar even further for information security professionals.

Read Complete Article


How a Homeland Security Shutdown Would Imperil US Cyber Defense

From: DefenseOne

By Jack Moore | Nextgov

An agency official told House lawmakers a partial shutdown at the Department of Homeland Security would do more than just slow a timely response to critical threats.

The Department of Homeland Security is warning lawmakers a shutdown at the agency would not spare its cybersecurity operations.


Ozment told lawmakers a partial shutdown would affect basic cyber operations at the agency, potentially delay two key acquisition programs — including a contract award under its multibillion-dollar continuous monitoring program — and curtail its information-sharing activities with the private sector.

Read Complete Article

Older posts «