Blog

I remember a few years back when the company I was working for was implementing wireless networking. I explained that there were several threats that could deny its services. I suggested it be positioned as a convenience – nice to have and non-essential. Who can really get by without wireless networking these days? Are we being truthful with ourselves?

Two things have changed over the years – the dependency is higher and threat is more real. So are we willingly accepting more risk or are we simply in disbelief?

Check out how WiFi jamming attacks more simple and cheaper than ever. Now look at how many critical processes use technology that operates over this medium. Sick, right?

Now add a new word to your vocabulary: RESILIENCE, and strive for new capacity to recover readily from such adversity.

References:

1. https://www.helpnetsecurity.com/2015/10/13/wifi-jamming-attacks-more-simple-and-cheaper-than-ever/

Calling on old friends and new to Join our public/private partnership for critical infrastructure protection – InfraGard. 

InfraGard is an organization dedicated to the protection of the United States and its citizens. In order to maintain a level of trust within the membership, all applicants undergo a background check performed by the FBI (for this reason InfraGard membership is currently limited to United States citizens). Applications are then screened according to a defined criteria and then passed to the local chapter for final acceptance (individual chapters may have more strict criteria).

Along with your InfraGard membership comes great responsibility. We value active members who are willing to devote their time, effort and talent to help build this organization and achieve our goals of protecting our citizens. You will be a representative of the nation’s largest volunteer organization dedicated to critical infrastructure protection.

InfraGard provides a forum where you can network with your peers and access an FBI secure communication network, enabling you to learn time-sensitive, infrastructure related security information from government sources such as DHS and the FBI.  Besides, the no cost membership opens doors to invitations and discounts to important training seminars and conferences.

References:

1. https://www.infragard.org/

All defense-in-depth strategies monitor backdoor channels for communication enabling remote command and control over an internal beachhead.  We conventionally look for private peer-to-peer pathways to known bad botnets. 

Details from recent cyber incidents paint a different story.  Take the banking Trojan discovered late last year targeting South Korean banks which used Pinterest as the C&C channel.  Just last month, the Janicab Trojan was found to use YouTube. 

So who is monitoring mainstream social networks for possible backdoor command and control traffic?  A simple refinement to use a reputable public content site complicates matters, doesn’t it?

Note:

Original links are no longer accessible.

References:

1. http://blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/
2. http://omnifeed.com/article/motherboard.vice.com/read/the-worst-youtube-comments-ever-were-actually-used-to-control-malware