Department of Homeland Security Daily Open Source Infrastructure Report

 Thereare many sources of news and information regarding information security, infact far too many.  Thus, we are forcedto be selective as to what we read faithfully, those which we scan theheadlines, and the many that we simply ignore lest we cannot complete ourprimary duties.  One source that hasproven reliable and informative to me has been the “DHS Daily Open SourceInfrastructure Report”.  However, even itis too much for most of us because of its comprehensive coverage which goes farbeyond our scope of responsibility and/or influence upon the industry in whichwe work.

 As aresult, on November 1, 2006 I launched a blog which “summarizes” the DHS reportin that it only includes the “Top Stories”, Banking and Finance Sector,Information Technology and the Communications Sector, today.  Early in the blog’s history it included onlythe “Top Stories” and the “Information Technology and TelecommunicationsSector”.  I endeavor to have the blogentry up each day within 30 minutes after DHS publishes its report which rangesfrom 6am to a bit after 9am each U.S. Federal work day.  With this (ISC)²® Blog entry I am launching aweekly summary of the DHS report with a target of publishing it prior to thestart of the Monday business day worldwide. This summary will essentially reproduce the “most significant” storiesof the week based on my judgment and experience.

 Yourresponse to these weekly reports will determine the direction that it takes.  Thus, input from you will determine thefuture of this weekly report.  For thosethat currently do not follow my blog, you will find it at the location belowalong with information as to how to subscribe directly to the full reportshould that be your wish:


 Thefollowing report is the first weekly. Future reports will consist exclusively of what follows:


TheDHS Daily Open Source Infrastructure Report covers the publicly reported materialfor the preceding day(s) not previously covered.  This weekly summary provides a selection ofthose items of greatest significance to the InfoSec professional.




Week Ending:  Friday, May29, 2009

 DailyOpen Source Infrastructure Report for 26 May 2009




Could it happen here?  How will you deal with it?

35. May 21, IDG News Service – (International) DNS attack downs Internet inparts of China. An attack on the servers of a domain registrar in Chinacaused an online video application to cripple Internet access in parts of thecountry late on May 20. Internet access was affected in five northern andcoastal provinces after the DNS (domain name system) attack, which targetedjust one company but caused unanswered information requests to flood China’stelecommunications networks, China’s IT ministry said in a statement on its Website. The incident revealed holes in China’s DNS that are “very strange” forsuch a big country, said the head of Kaspersky’s Virus Lab in China. Internetaccess returned to normal in the late night several hours later, according tothe government statement. Source: http://www.computerworld.com/action/...&intsrc=kc_top

 DailyOpen Source Infrastructure Report for 27 May 2009




Does your business depend upon mobiledevices?  If so, you best keep pace withthe following!

38. May 26, National Science Foundation – (National) Viral epidemics poised to go mobile. Whilecomputer viruses are common, there have been no major outbreaks of mobile phoneviral infection, despite the fact that over 80 percent of Americans now usethese devices. A team headed by the director of the Center for Complex NetworkResearch at Northeastern University set out to explain why this is true. Theresearchers used calling and mobility data from over six million anonymousmobile phone users to create a comprehensive picture of the threat mobile phoneviruses pose to users. The results of this study, published in the May 22 issueof Science, indicate that a highly fragmented market share has effectivelyhindered outbreaks thus far. Further, their work predicts that viruses willpose a serious threat once a single mobile operating system’s market sharegrows sufficiently large. This event may not be far off, given the 150 percentannual growth rate of smart phones. This study builds upon earlier research bythe same group, which used mobile phone data to create a predictive model ofhuman mobility patterns. The current work used this model to simulate Bluetoothvirus infection scenarios, finding that Bluetooth viruses will eventuallyinfect all susceptible handsets, but the rate is slow, being limited by humanbehavioral patterns. This characteristic suggests there should be sufficienttime to deploy countermeasures such as antiviral software to prevent majorBluetooth outbreaks. In contrast, spread of MMS viruses is not restricted byhuman behavioral patterns, however spread of these types of viruses areconstrained because the number of susceptible devices is currently muchsmaller. Source: http://www.usnews.com/articles/scien...go-mobile.html

 DailyOpen Source Infrastructure Report for 28 May 2009




Are you prepared for anotherworm attack?

28. May 25, SiliconRepublic.com – (International) ‘Gumblar’ virus could be biggerthan Conficker worm. A new malware virus is on the loose and within dayshas become accountable for half the malware on the web. It is particularlyvicious because it targets Google users in particular. The worm, also known asJSRedir-R, attacks computers through vulnerabilities in Adobe PDF reader andFlash player. By last week, more than half of all malware found on websites wasidentified as Gumblar, with a new webpage infected every 4.5 seconds. The wormredirects the user’s Google search results to sites that download more malwareonto the machine or allow criminals to conduct phishing attacks to steal logindetails. It has begun to spread on sites where passwords or software have beenpreviously compromised and visitors are infected without realizing it. It isbelieved the malicious worm draws its code from a webpage based in China. Oncecybercriminals are in possession of a victim’s FTP credentials, any sites thatthe victim manages can also be targeted for compromise — a common malwarepropagation tactic, said IT security firm ScanSafe. Source: http://www.siliconrepublic.com/news/...ival-conficker

 DailyOpen Source Infrastructure Report for 29 May 2009




And you thought Twitter usage isharmless!

35. May 26, ZDNet – (International) Twitter API ripe for abuse by Webworms. A security researcher is warning that the Twitter API can betrivially abused by hackers to launch worm attacks. The red-hot socialnetworking/microblogging service has been scrambling to plug cross-sitescripting and other Web site vulnerabilities to thwart worm attacks but, as aresearcher points out, it is much easier to misuse the Twitter API as a “weaklink” to send worms squirming through Twitter. The researcher, well-known forhis research work on browser and Web application vulnerabilities, drawsattention to the fact that a single vulnerability on any of the third-partyservices (Twitpic, etc.) that use the API can trigger the next Twitter worm.Source: http://blogs.zdnet.com/security/?p=3451

 Note:  TheDHS only maintains the last ten days of their reports online.  To obtain copies of earlier reports orcomplete summaries, go to:


 




More...