DEFENSE SECURITY SER - PDF document

1 DEFENSE SECURITY SER VICE NATIONAL COU
DEFENSE SECURITY SER VICE NATIONAL COUNTERINTE LLIGENCE AND SECURITY CENTER CYBER THREATS WHY ARE YOU A TARGET?  Publicly available informa�on helps foreign intelligence en��es iden�fy people with placement and access.  Contract informa�on (bid, proposal, award or strategies)  Company website with technical and program informa�on  Connec�ons (partnerships, key suppliers, joint ventures, etc.) with other cleared or non - cleared companies  Employee associa�on with companies or technologies made public through scien��c journals, academia, public speaking engagements, social networking sites, etc. WHAT DO THEY TARGET?  Company unclassi�ed networks (internal and extranets), partner and community portals, and commonly accessed websites  Proprietary informa�on (business strategy, �nancial, human resource, email, and product data)  Export - controlled technology  Administra�ve and user creden�als (usernames, passwords, tokens, etc.)  Foreign intelligence en��es seek the aggregate of unclassi�ed or proprietary documents which could paint a classi�ed picture HOW DO THEY COMPROMI SE NETWORKS, SYSTEMS, AND TECHNIC AL DATA?  Reconnaissance : Research phase used to iden�fy and select targets by browsing websites to obtain names, emails, business and social rela�onships, and technical informa�on.  Weaponiza�on : The foreign intelligence en��es assemble the payload and wrapper, such as coupling a remote access exploit with a prepared spear - phishing email.  Delivery : The foreign intelligence en�ty infects the target, most commonly using email, website hijacking, or removable media (through insiders).  Exploita�on : Successful compromise of targeted vulnerability to allow malicious code to be run.  Installa�on : Executed malicious code inserts malware, such as a Remote Access Trojan or opens a backdoor connec�on to the target system – may allow for persistence.  Command and Control : The malware will communicate to a controller server to send or receive instruc�ons from the foreign intelligence en�ty.  Ac�ons on the Objec�ve : A�er comple�ng the above ac�ons, the foreign intelligence en�ty can ful�ll their requirements. Intelligence requirements can range from ex�ltra�on, using the system as a strategic posi�on to compromise addi�onal systems within the targeted network (hop - point), or sabotaging the system and network. Humans are a weak link in cyber security, and hackers and social manipulators know this. They try to trick people into ge�ng past security walls. They design their ac�ons to appear harmless and legi�mate. Cyber criminals will use every method available to gain valuable informa�on from you. That ’ s why you need to know about the threat. COUNTERMEASURES >> Employees  Remember that everyone is a poten�al target  Use complex passwords, change them regularly, and don ’ t reuse  Be wary when connec�ng with unknown individuals on social networking sites  Spear - phishing can happen on any account, including personal email accounts  Do not open emails, a�achments, or click links from unfamiliar sources, even if they look o�

2 0069;cial >> IT Department & Managemen
0069;cial >> IT Department & Management  Train all personnel on:  Spo�ng a spear phishing, phishing, or whaling email a�empt  Social networking site connec�ons  Proper cyber security procedures and concerns  Implement defense - in - depth: a layered defense strategy that includes technical, organiza�onal, and opera�onal controls  Implement technical defenses: �rewalls, intrusion detec�on systems, internet content �ltering, and a DNS proxy  Update your an� - virus so�ware daily and download vendor security patches for all so�ware  Do not use manufacturers ’ default passwords on so�ware or hardware  Monitor, log, analyze and report a�empted and successful intrusions to your systems and networks – even unsuccessful intrusions present a counterintelligence value!  Maintain open communica�on between company counterintelligence and network defense personnel. Defense only is not a comprehensive strategy WHAT TO REPORT  Advanced techniques and/or advance evasion techniques, which imply a sophis�cated adversary  Password cracking, key logging, encryp�on, steganography, privilege escala�on, and account masquerading  Pre - intrusion aggressive port scanning  Social engineering, electronic elicita�on, email spoo�ng, spear phishing, whale phishing, or direct ques�oning, such as through social networking sites  Unauthorized network access  Actual or a�empted unauthorized access into U.S. automated informa�on systems  Tampering with or introducing unauthorized elements into informa�on systems  Unexplained user accounts, administrator accounts, and expansion of network privileges  Data ex�ltrated to unauthorized domains a�ec�ng classi�ed informa�on, systems or cleared individuals  Malicious codes or blended threats such as viruses, worms, trojans, logic bombs, malware, spyware, or browser hijackers, especially those used for clandes�ne data ex�ltra�on  Unauthorized email tra�c to foreign des�na�ons  Use of DoD account creden�als by unauthorized par�es  Unexplained storage of encrypted data  Network spillage incidents or informa�on compromise  Unauthorized transmissions of classi�ed or controlled unclassi�ed informa�on  Any cyber ac�vity linked to suspicious indicators provided by DSS, or by any other cyber centers and government agencies Reportable ac�vi�es are not just limited to those ac�vi�es that occur on classi�ed informa�on systems. Industrial Security Le�er 2013 - 05 (which NISPOM paragraph 1 - 301) instructs cleared U.S. companies that they must report ac�vi�es that otherwise meet the threshold for repor�ng, including ac�vi�es that may have occurred on unclassi�ed informa�on systems. NISPOM paragraph 1 - 302b reminds cleared U.S. companies that they “ shall report e�orts by any individual, regardless of na�onality, to obtain illegal or unauthorized access to classi�ed informa�on or to compromise a cleared employee. DEFENSE SECURITY SER VICE www.dss.mil NATIONAL COUNTERINTE LLIGENCE AND SECURITY CENTER www.ncsc.go