Posts

Fileless Malware: A New Threat in the Cybersecurity Field

Published with Permission by:
Lint, James R., “Fileless Malware: A New Threat in the Cybersecurity Field”, In Cyber Defense, 29 June 2017, Web, http://incyberdefense.com/james-lint/fileless-malware-new-threat-cybersecurity-field/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Currently, threats to your computer often involve some type of virus or hostile file. But fileless malware is a new and growing hazard in cybersecurity. Consequently, it presents a danger to companies and individuals.

Fileless Malware Leaves Few Traces on Your Computer

What is fileless malware? Zeltser Security Corporation defines fileless malware as “malware that operates without placing malicious executables on the file system. Though initially fileless malware referred to malicious code that remained solely in memory without even implementing a persistence mechanism, the term evolved to encompass malware that relies on some aspects of the file system for activation or presence.”

The fact that there is no file to detect, similar to a virus, makes fileless malware difficult for your antivirus software to find. It also makes protection against malware more difficult, now and in the future.

Cybersecurity Community Becoming Aware of Fileless Malware Threat

In June, the Cyber Security Awareness Lunch and Learn event in Las Vegas hosted by MJ Computer Concepts featured a speaker from the US Secret Service (USSS).  This was the same Special Agent  who also hosted the USSS Electric Crimes Task Force (ECTF) in Las Vegas.  The speaker at the Task Force meeting was Dr. Anthony J. Carcillo on the topic of fileless malware.

The U.S. Secret Service has two major areas of responsibility. The traditional and best-known mission is the protection of senior executive branch leaders. The older mission for the USSS is financial crimes, which include the prevention and investigation of counterfeit U.S. currency, U.S. treasury securities and the investigation of major fraud. This second mission has the modern USSS involved with modern cybercrimes.

During the Lunch and Learn, by MJ Computer Concepts and the ECTF meeting with Dr. Cardillo both discussed the need to protect your computer system. Both of these speakers had similar comments on the criticality of software updates and backups. The information from Dr. Carcillo was thought-provoking because there is very little information in the public domain about fileless malware.

Staying Informed Is Your Best Protection against Fileless Malware

The United States Computer Emergency Readiness Team (US-CERT) regularly publishes information about cybersecurity threats. Reviewing the US-CERT website is a useful way to learn about current threats. Also, you can sign up for tips and emails on new cyber vulnerabilities.

Failing to Update Software Increases Vulnerability to Attack

Discussions at recent cybersecurity events have shown that there is a common reason why victims are selected and attacked. Hackers commonly exploit security weaknesses in computers with outdated software, because those computers are more vulnerable to attackers. In some cases, computer owners neglected to install software updates to protect their computers and data.

What You Can Do to Improve Your Security

There are simple measures you can take to protect your computer. CNN Money Tech stated, “First, install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.”

Another way to protect your files is to use a cloud-based storage service. Cloud storage companies normally keep all their systems updated with the newest software protection and backups in case of a problem.

There are other ways to protect your computer from an attack:

  • Use a backup program for your personal or business computer.
  • Buy two or more USB hard drives and use them to run incremental backups. Use one USB hard drive at a time and set it to back up your computer files for a week. Then, change to a different hard drive and conduct backups.

If you use multiple drives for backups, valuable files and pictures will remain safer, even if your current drive gets corrupted or attacked by ransomware. The more hard drives you have in your rotation, the more likely it is that your earlier files will not become corrupted.

  • Do not click on a link that you do not recognize or download files from sources you do not know.

Although updating your systems and backing up your files is time-consuming, these computer tasks are necessary to protect you from cyberattacks. With all of the problems that viruses, ransomware and malware create, simple protective measures are worth your time and money.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Security Professionals Must Prevent Attacks or Be Terminated

Published with Permission by:
Lint, James R., “Cyber Security Professionals Must Prevent Attacks or Be Terminated”, In Cyber Defense, 14 June 2017, Web, http://incyberdefense.com/james-lint/cyber-security-professionals-must-prevent-attacks-terminated/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

My recent article, “Cyber Defenders Are Often Not Fired, When Others Would Be” stirred responses from many physical security professionals. The common theme was that there are standards in physical security, but the cyber security problem is too difficult to solve. Cyber defenders, however, know standards and solutions are available.

Cyber Defense Standards Can Be Found

The National Institute of Standards and Technology (NIST) has created a cyber security framework for private sector organizations to assess their ability to prevent, detect and respond to cyberattacks.

The “The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure.”

Also, on May 11, 2017, the White House released a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, (US-CERT) website states that US-CERT “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

The US-CERT website has numerous publications, alerts, tips, and resources. It is updated daily, and has many ways to be contacted.  Any cyber defenders who have not signed up for the alerts and tips email list are missing good professional development and also timely protection information for their organizations.

Comparisons of Physical Security and Cyber Security

Many physical security personnel are not trained in cyber security, just as many cyber security personnel are not trained in physical security. Training helps both.

Physical security specialists are trained for many different sectors such as government security, security for intelligence facilities, shopping centers, banks, and hospitals. No one is an expert in all of those sectors. The security standards for a Top Secret intelligence facility are much different from those of a hospital. In turn, a hospital security is different than that of a bank.  With all the knowledge needed in these sectors, why would some people think they can also be experts in cyber security/defense?

Cyber Defenders Must Install Updates

Companies that do not upgrade their software are as derelict as those companies that leave a door open to thieves.

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. As many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan, were affected. Thousands of computers were locked by a program that demanded $300 in Bitcoin for each hacked computer. But in March Microsoft had issued the first patch to prevent the WannaCry attack.

That means all those companies and officials who were affected by WannaCry Ransomware could have prevented the attack if they had installed Microsoft’s update and upgrades two months earlier.

Why are boards of directors not firing CIOs and senior IT managers who fail to take steps to prevent cyberattacks?  Why are they not firing CEOs who did not ensure that their CIOs and IT managers implemented the Microsoft update patches? Why do they treat cyber security personnel so cavalierly but do not reprimand or fire physical security personnel who make similar errors?

Visual Comparison of Security Physical Holes and Unpatched or Upgraded Networks

If a company does not repair a large hole in its building for two months, wouldn’t that be cause for termination of its security manager? Would that business’s insurance company continue to insure a firm with a large hole in its building?

If you don’t patch a hole in your fence, people will think you are incompetent or lazy. If you leave a large hole in your building you should be fired for cause. Why do we not hold CIOs to the same standard of responsibility? It really is that simple. There will be new innovative hacks in the future. But any security professional who does not deal with existing vulnerabilities should be fired.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Defenders Are Often Not Fired, When Others Would Be

Published with Permission by:
Lint, James R., “Cyber Defenders Are Often Not Fired, When Others Would Be”, In Cyber Defense, 01 June 2017, Web, http://incyberdefense.com/news/cyber-defenders-often-not-fired-others/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

If a security guard does not make his rounds at night and a door is left open, should he get in trouble with his superiors? Should he be reprimanded? If a robbery occurs because of the open door, should he be fired?

Is it fair then that cyber defenders or information technology security specialists are not fired after a cyberattack?

Cyber defense used to be a safe job after a crisis, if the IT specialists had documented what the company needed to protect itself from a cyberattack and management did not act on those recommendations and purchased the products or services that could have enhanced security.

Cyber Security Is Still Undefinable

Yahoo, LivingSocialFacebook and Twitter spent millions of dollars to protect their networks and data. Yet all were victims of massive cyberattacks. They discovered the truth in the security managers’ words of wisdom that “there really is no such thing as perfect security.”

Any system, building or company can be penetrated. No set of security measures will completely protect against determined cyber hackers. Security continues to evolve based on the threat actors.

If any company used the same security and firewalls today as it did in 2005, even amateurs in the security field would laugh. It would probably be smarter to invest in a welcome mat instead of a 2005 firewall. (There is a possibility that they would cost the same.)

What Cyber Defense Managers and CIOs Need to Do to Protect Their Jobs

In 2013, a credit card breach at Target put 40 million shoppers at risk. In the end, the CEO and the chief information officer lost their jobs. The incident illustrated how a cyber security incident can affect cyber leaders and managers.

The IT Security for Managers website noted that “Target, in fact, passed their compliance requirements several months before the breach occurred, but as evidence now clearly shows, they were not secure.”

To prove its point that compliant does not mean secure, the website recalled a historic tragedy. “[T]he Titanic was actually compliant with the British Board of Trade, which required all boats over 10,000 metric tons to have 16 lifeboats. It didn’t matter how many passengers were on board. Just put 16 lifeboats on. So was the Titanic compliant? Yes. Did compliance avoid a tragedy? No.”

Law360, a LexisNexis company website, reported on an internal probe of Yahoo’s “trio of data breaches believed to have affected at least 1.5 billion users.” The probe concluded that certain senior executives failed to adequately respond to the incident. As a result, Yahoo‘s general counsel resigned and CEO Marissa Mayer’s annual bonus for 2016 was withheld.

Protect Yourself and Your Organization

Documenting company safeguards is critical when corporate executives have to go to court for a breach of contract dispute or for a management hearing for termination. Here is a brief checklist that can help to protect you and your organization:

  • Know where your security response plans and procedures are located.
  • Can you prove you exercised those plans?
  • Did senior managers participate so they knew their responsibilities and can support you?
  • Alternatively, were senior managers notified of the exercises?
  • If not, why not?

Not involving senior managers in cyberattack plans, procedures and resolutions can be a career-ending decision. Cyber defenders should have written documentation to that effect. Every exercise should have a post-action report that shows what was learned, what was performed well, and where the weaknesses in training, equipment and processes were.

Free Information and Government Readiness

The Department of Homeland Security’s “Ready” program has information on before, during and after a cyber incident. The DHS also has information and a monthly newsletter at its Stop. Think. Connect. campaign.

A more technical email list is from the United States Computer Emergency Readiness Team (US-CERT) provides a more technical mailing list.

The information is out there to protect your organization. So stay secure!

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Giuliani Appointment Puts Administration Spotlight on Cybersecurity

Published with Permission by:
Lint, James R., “Giuliani Appointment Puts Administration Spotlight on Cybersecurity”, In Cyber Defense, 20 Jan. 2017, Web, http://incyberdefense.com/news/giuliani-appointment-cybersecurity/

By James R. Lint
Faculty Member, School of Business, American Military University
Contributor, In Homeland Security

Donald Trump announced last week that former NYC Mayor Rudy Giuliani will be advising the new administration on cybersecurity issues.

Giuliani will head an advisory group from the corporate world because of his “long and very successful government career in law enforcement, and his now sixteen years of work providing security solutions in the private sector,” according to a statement by the Trump transition website.

Trump will host “a series of meetings with senior corporate executives from companies which have faced or are facing challenges similar to those facing the government and public entities today, such as hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure,” the GreatAgain.gov website explains.

The goal is to improve the planning and implementation for increasing security of computer systems by drawing on the knowledge and input of corporate leaders. Cybersecurity has become a key issue for Trump, since U.S. intelligence agencies blamed Russia for recent hacking attacks during the U.S. presidential election campaign.

New Cybersecurity Initiative Using Several Avenues to Share Information

The Department of Homeland Security has several avenues to share information with public corporations. Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing directs DHS to engage “in continuous, collaborative, and inclusive coordination” with information sharing and analysis organizations (ISAOs) via the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC coordinates cybersecurity information sharing and analysis among the federal government and private-sector partners.

These organizations were created for each of the 16 critical infrastructure sectors. The information technology sector has many government and private sector participants. It appears this new initiative aims to get corporate executives to participate and solve cyber security problems.

What Will Giuliani’s Role Be?

Giuliani’s role in this new cybersecurity initiative is not clear. For example, what will his official position be and how will he interact with DHS? The DHS Office of Cybersecurity and Communications (CS&C) is part of the National Protection and Programs Directorate. Will Giuliani coordinate with the CS&C? Or will he plan for or give direction to the office?

The U.S. Computer Emergency Readiness Team (US-CERT) has broad knowledge of and experience with federal computer systems. The Defense Department is required to report an incident to US-CERT within 12 hours. Public-sector organizations can voluntarily report incidents to US-CERT.

Will Giuliani receive briefings from US-CERT? Will he have the reports filtered via CS&C?

The bottom line is that the new administration sees the value of and need for improved cybersecurity. It appears to be a growing business. It will also be an area for improved employment prospects.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”