Daily Archives: May 12, 2019

MITRE ATT&CK April 2019 Update

MITRE has released an April 2019 update to its ATT&CK framework. It’s been a year since the last major update featuring a new tactic. There are a number of changes for this year: the most major being the addition of a 12th Tactic, Impact, which contains 14 new Techniques. There are also 7 new Techniques […]… Read More

The post MITRE ATT&CK April 2019 Update appeared first on The State of Security.

Cyber Attacks Stopped By An Israeli Bomb

Justice, Israel style, the final judgment of Israeli Defense Force (IDF) against cyber attackers was decisive and literally with the “bang”. The highly contested Gaza strip between Israel and Palestinian Hamas has been going on for many decades, but according to the Israeli military intelligence, the later also house an elite hacker unit along with the areas it controls in the strip. An official video of the airstrike against a building that Palestinian hackers occupied was released by IDF on Twitter.

It shows the target building from a top viewing camera, and it suddenly became just a pile of rubble after the airstrike done by Israeli Defence Force. Though it is not yet know how many bodies were dead inside the building, the IDF is very confident that it housed a considerable number of elite hacker team maintained by Palestinian Jihadist.

“At the end of last week, a joint operation by the General Security Service and the IDF thwarted Hamas’ attempt to use the cyber dimension to hit Israeli targets. Following the technical counterterrorism activities, IDF fighter jets attacked a building from which Hamas’s cyber network operated. We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed,” explained IDF in Twitter (through Google Translate).

IDF has not revealed details who were the leaders of the elite hacker group, and what particular cybercrime they have committed against Israel to justify the military bombing. A leader of IDF who wishes not to be named has underscored the importance of getting ahead compared to their enemies. He is happy with the Israeli forces were able to stop cyber attacks through the use of physical attacks against the structure occupied by the hacker group.

“Hamas no longer has cyber capabilities after our strike. After dealing with the cyber dimension, the Air Force dealt with it in the physical dimension,” emphasized Brig. Gen. Ronen Manlis.

Aside from the hacker group, IDF’s other target is Hamed Ahmed Abed Khudri, allegedly the person behind the funding behind the illegal transfer of funds from Iran to IDF’s enemies in the Gaza strip. The Palestinian Islamic Jihad was linked to numerous money-laundering activities, as the structure of its organization is cellular, anyone tasked to pin down identities has a hard time due to the structure.

“Transferring Iranian money to Hamas and the PIJ [Palestinian Islamic Jihad] doesn’t make you a businessman. It makes you a terrorist,” added IDF.

“Immediately assessing the level of conflict in such a dynamic situation is impossible. However, military activity working along laws of armed conflict should consider principles of proportionality when using force. The scarce official announcement suggests that the potential cyberattack has been thwarted using technical means. That will make analysts wonder what was the point, and justification grounds for using kinetic force. That said, the view that people involved in cyber activity linked to a conflict need to be aware of such risks to them has been more and more crystallizing over the last years,” said Dr. Lukasz Olejnik, Research Associate for Center for Technology and Global Affairs of Oxford University.

Source: https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html

Related Resources:

Israeli Fintech Firms Targeted by Cardinal RAT Malware

Massive Ransomware Attack On Israeli Websites Foiled

The post Cyber Attacks Stopped By An Israeli Bomb appeared first on .

Cisco Security First: Focusing on the Issues of Incident Response and Security Teams

Cisco CSIRT is a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cybersecurity incidents for Cisco-owned businesses. CSIRT engages in proactive threat assessment, mitigation planning, incident detection and response, incident trending with analysis, and the development of security architecture.

CSIRT is a part of the Forum of Incident Response and Security Teams (FIRST). Comprised of over 400 members globally, FIRST provides a collaborative platform for public and private sector CSIRTs from government, commercial, and educational organizations. Among their activities, FIRST holds a series of events including a global annual conference each June, and regional Symposia and Technical Colloquia that provide highly technical sessions to a smaller audience.

Cisco has been involved with the FIRST organization for 28 years, as active SIG, committee, and board members; sponsors, speakers, and participants. CSIRT has been the network sponsor for FIRST events since 2007. This partnership has been a stepping-stone for Cisco Information Security Architect, David Schwartzburg, to be elected to the FIRST Board of Directors. He currently oversees the direction, operations, and security for all FIRST infrastructure.

CSIRT’s involvement with FIRST leads to actionable insights that keep the network and users safer:

  • Keeping up with the complexity and volume of threats
  • Innovating ways to keep assets safe
  • Creating effective network security solutions to face tomorrow’s evolving threats
  • Collaborating with peer organizations and other defenders

The 31st Annual FIRST Conference “Defending The Castle” takes place the 16th through 21st of June 2019 in Edinburgh, Scotland.  More information on Cisco’s lineup of workshops and activities at this year’s FIRST conference are included below.

Tuesday, 18 June

CSIRT Schiltron: Training, Techniques, and Talent   
James Sheppard & Jeff Bollinger
11:45 – 12:45

Optimized Playbook, Roll out! How an optimized playbook can reduce time-to-detect
Christopher Merida & Jason Kmack
17:45 – 18:15

Wednesday, 19 June 

Detecting Covert Communication Channels via DNS
Dhia Mahjoub & Thomas Mathew
11:45 – 12:45

Thursday, 20 June

Cyber Threat Response Clinic,
Hakan Nohre, Luc Billot, and Tobias Mayer
11:45 – 12:45

During the conference, Cisco CSIRT engineers will be monitoring all wireless network traffic for security threats from within a designated Security Operations Center (SOC). Conference participants are invited to receive a free educational tour of the FIRST Conference SOC to see firsthand how Cisco detects and responds to current and emerging threats faster across the entire network and how Cisco puts holistic security innovations and practices into action. During the tour, participants will receive a security briefing and have time for Q&A with engineers. We look forward to seeing you there!


The post Cisco Security First: Focusing on the Issues of Incident Response and Security Teams appeared first on Cisco Blog.