APT

ICIT Analysis – Carbanak Threatens Critical Infrastructure: Cybercriminal APTs Merit Significant Investigation and Discussion

Carbanak, currently one of the most effective advanced persistent threats (APTs) active, poses a serious threat to critical infrastructure organizations such as banks, government, and data brokers such as Equifax. The Carbanak APT demonstrates how criminal collectives can adapt, divide, and evolve as their tools, techniques, and procedures advance. In this analysis, entitled “Carbanak Threatens .. read more

ICIT Analysis – Equifax: America’s In-Credible Insecurity – Part One

A catastrophic breach of Equifax’s systems was inevitable because of systemic organizational disregard for cybersecurity and cyber-hygiene best practices, as well as Equifax’s reliance on unqualified executives for information security. While Equifax has proven itself to be a compromised, irresponsible data custodian, Experian, TransUnion, and other data brokers may be just as vulnerable, irresponsible, and .. read more

Dragonfly is Nothing New:  An Objective Assessment of this Energy Sector APT

by James Scott, Sr. Fellow, ICIT Show-of-force intelligence gathering and cyber-kinetic sabotage malware attacks against United States Energy infrastructure are neither novel nor warrant mass-hysteria attempts by fear mongers seeking to exploit the incident for personal gain.  They are deliberate campaigns meant to demonstrate capabilities while offering no real threat to the distributed U.S. energy .. read more

ICIT Publication: I Got 99 Problems But a Breach Ain’t One

Critical Infrastructure Information Security systems are failing under persistent adversarial efforts because too many organizations still depend on antiquated legacy systems, un-cyber-hygienic personnel, and devices that lack security-by-design. This is not merely a cyberwar, we are now in a state of cyber-kinetic-meta war. There was no clear beginning and there will be no end. The .. read more

There’s Proof That North Korea Launched the WannaCry Attack? Not So Fast! – A Warning Against Premature, Inconclusive, and Distracting Attribution

By James Scott, Sr. Fellow, ICIT Last week, ICIT urged responsible news outlets to focus on meaningful aspects of the May 12, 2017 WannaCry attack on over 230,000 systems in over 150 countries, such as the desperate need for security-by-design in software and technology, the perpetual failure of organizations across the globe to secure their .. read more

WannaCry Ransomware & The Perils of Shoddy Attribution: It’s the Russians! No Wait, It’s the North Koreans!

By James Scott, Sr. Fellow, ICIT Baseless Attribution Discussions Distract From Meaningful Dialogue It’s the Russians! No, wait, it’s the North Koreans! No, wait it’s…cyber mercenaries posing as PLA hackers moonlighting as cyber mercenaries for the North Korean nation-state? It’s interesting to watch faux experts take such authoritative positions in sinking sand arguments with virtually .. read more

Recommendations for Preventing Ransomware Exploitation

By James Scott, Senior Fellow, Institute for Critical Infrastructure Technology Ever since the WannaCryptor ransomware attack, also known as WannaCry or Wcrypt, began wreaking havoc around the globe, ICIT has received a flood of inquiries from policymakers, governments, and the private sector on how organizations can defend themselves.  ICIT is pleased to provide the following .. read more

ICIT Analysis – S.J. Res. 34 – Introduction of Privatized Censorship

With S.J.Res.34, every citizen will have massive amounts of their data exposed when their ISP or a nebulous third-party intentionally or inadvertently fails to adequately secure the information. By drastically expanding that collection, storage, and exchange of data with a few short lines of legislation, Congress has jeopardized the security and privacy of every citizen, every .. read more

The Know Your Enemies 3.0 Advanced Persistent Threat Advisory is Finally Here!

We Connect the Dots between Nation State, Cyber Mercenary, Cyber Caliphate and Cyber Criminal Advanced Persistent Threats by James Scott, Sr. Fellow, ICIT Allegations of cyber-incidents, IP theft, and cyber-attack have significant tangible results and seismic geopolitical implications. Most compromised organizations do not detect breaches until eight months after the initial incident; consequently, typical attribution .. read more

On March 28th, 2017, posted in: Latest Posts by Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ICIT Analysis: How to Crush the Health Sector’s Ransomware Pandemic

The health sector is the most vulnerable, most targeted, and resoundingly least equipped to defend against hackers who are pummeling healthcare organizations with ransomware attacks.   This ransomware epidemic will only become more severe and costly as the infection volume in 2017 will trump infections in 2016. In this post, entitled “How to Crush the .. read more

Cybersecurity in Non-Profit and Non-Governmental Organizations

Non-Profit and Non-Government Organizations (NGOs) rely greatly on the use of information technology for both their operations and innovative strategic program initiatives.  In a sense, they are no different than any small, medium or large-scale enterprise with regard to computing.  Keeping information confidential and free from integrity and privacy challenges as well as ensuring their .. read more

ICIT Publication: Dragnet Surveillance Nation: How Data Brokers Sold Out America

With recent accusations of fake news and the weaponization of information as a mechanism of steering public perceptions dominating headlines around the world, have you ever considered the reality that private dragnet surveillance via social media properties, ISPs, search engines, health sector organizations etc., heavily contribute to the problems of adversarial intervention and streamlined distribution .. read more

The Cybersecurity Show Must Go On: Surpassing Security Theatre and Minimal Compliance Regulations

The United States Cybersecurity culture is heavily rooted in practices of Security Theater, where an organization that suffers a data breach can invest in countermeasures that provide a feeling or sense of security without actually improving the cybersecurity threat posture of the organization. In this publication, entitled “The Cybersecurity Show Must Go On:  Surpassing Security .. read more

“Fake News” Is “Old News” for Nation State and Mercenary APTs

By James Scott, Senior Fellow ICIT Regardless of your partisan persuasion, your opinion of mainstream media or your opinion of the ‘alt-right,’ one thing is for certain, ‘fake news’ is ‘old news’ when it comes to the weaponization of information by nation states and cyber mercenaries. Cyber adversaries tailor spear phishing and malvertising lures to .. read more

ICIT Brief – Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims

Despite being the most at-risk and perpetually breached critical infrastructure sector in the Nation, virtually all health sector organizations refuse to evolve their layered security to combat a hyper evolving threat landscape. As a result, when a healthcare system is breached and patient records are stolen, the entire brutal impact of the incident that resulted from .. read more

ICIT Analysis: Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures

True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that .. read more

ICIT Brief – The Anatomy of Cyber-Jihad: Cyberspace is the New Great Equalizer

Until now it has been fairly easy to categorize malicious cyber-actors as State Sponsored APT, Hacktivist, Mercenary and Script Kiddie. However, a new threat actor has emerged who uses technological means to bring terror and chaos to our nation and its allies: the Cyber-Jihadist. Cyber-Jihad has quickly arrived on the scene and will only continue .. read more

ICIT Bulletin: Anonsec

This Bulletin is an analysis of the hacktivist group Anonsec, which claimed to have exfiltrated data from NASA servers and drones on January 31, 2016.   On January 31, 2016, Default Virusa, an administrator of the hacktivist group Anonsec, contacted journalist Mikael Thalen, claiming to have exfiltrated between 100-276GB of data from NASA servers and .. read more

On February 5th, 2016, posted in: Latest Posts by Tags: , , , , , , , , ,