Category: Uncategorized

Calling on old friends and new to Join our public/private partnership for critical infrastructure protection – InfraGard. 

InfraGard is an organization dedicated to the protection of the United States and its citizens. In order to maintain a level of trust within the membership, all applicants undergo a background check performed by the FBI (for this reason InfraGard membership is currently limited to United States citizens). Applications are then screened according to a defined criteria and then passed to the local chapter for final acceptance (individual chapters may have more strict criteria).

Along with your InfraGard membership comes great responsibility. We value active members who are willing to devote their time, effort and talent to help build this organization and achieve our goals of protecting our citizens. You will be a representative of the nation’s largest volunteer organization dedicated to critical infrastructure protection.

InfraGard provides a forum where you can network with your peers and access an FBI secure communication network, enabling you to learn time-sensitive, infrastructure related security information from government sources such as DHS and the FBI.  Besides, the no cost membership opens doors to invitations and discounts to important training seminars and conferences.

References:

1. https://www.infragard.org/

All defense-in-depth strategies monitor backdoor channels for communication enabling remote command and control over an internal beachhead.  We conventionally look for private peer-to-peer pathways to known bad botnets. 

Details from recent cyber incidents paint a different story.  Take the banking Trojan discovered late last year targeting South Korean banks which used Pinterest as the C&C channel.  Just last month, the Janicab Trojan was found to use YouTube. 

So who is monitoring mainstream social networks for possible backdoor command and control traffic?  A simple refinement to use a reputable public content site complicates matters, doesn’t it?

Note:

Original links are no longer accessible.

References:

1. http://blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/
2. http://omnifeed.com/article/motherboard.vice.com/read/the-worst-youtube-comments-ever-were-actually-used-to-control-malware

This is the third post in a series on Cyber Security Preparedness, and follows steps to gain Cyber Security Awareness and Assess Security Controls. Today we focus on improving Threat Intelligence and Collaboration.

Electronic crime is no longer confined to the big screen. Real money is being lost, and in an increasingly wide range of industries. It is time to study today’s failures, learn from them, and better prepare for cyber risk.

If a tree falls in the woods, it does make a sound? If you’re not close enough to hear it, find someone who is and learn from them. It’s called collaboration. Begin your learning there.

The single most important source I have for threat intelligence is Infragard. This public/private forum shares confidential DHS and the FBI information to verified members. Unlike other public sources, the threat indicators shared can be configured into my security infrastructure, leading to advanced detection and prevention capabilities. Professional forums such as ISACA, ISSA, ISC2, and the like establish peer contacts which further extend my reach for information sharing and collaboration.

Public forums such as the SANS Internet Storm Center, US-CERT, and the daily Cyberwire keep me informed on the changing threat landscape. Weekly or monthly security updates are no longer acceptable. Increasingly, zero day exception processing overrules standard business as usual threat and vulnerability management activities.

References:

1. https://www.isaca.org/
2. https://issa.org/
3. https://www.isc2.org/
4. https://isc.sans.edu/
5. US-CERT -now- https://www.cisa.gov/
6. https://www.thecyberwire.com/newsletters