Cyberbriefs

Sandworm

Posted on June 4, 2020 by ddip

Cyber warfare > Russian missile launcher / Russian flag / binary code

The Russian cyber espionage group know as Sandworm team has operated since 2009. This group consists of Russian pro-hacktivists. This team mainly targets Ukrainian organizations that are associated with energy, industrial control systems, SCADA, government, and media. This team is responsible for the Decemeber 2015 attack on the Ukrainian power sector.

To achieve this attack, the Sandworm team used Blackenergy malware, not that original DDoS type. This version of Blackenergy was advanced and includes several plugins. These plugins include Bypass User Account Control, Credential harvesting, Data destruction, and more.

The Sandworm team is a perfect example of the new era of nation-state digital warfare. Not only does the world need to worry about physical warfare but also digital attacks. We now enter a world where cyber attacks can caused physical damage like Stuxnet.

More information on Sandworm can be found on the Mitre ATT&CK group section and on CSO.

Introduction to FTP

Posted on May 11, 2020 by ddip

In this week’s Cyberbrief I will provide you with an introduction to FTP (File Transfer Protocol). We will discuss the history, uses, and security of FTP in this brief introduction. FTP stands for File Transfer Protocol. Abhay Bhushan developed the original protocol specifications in the early 1970s. FTP has been utilized since then and the protocol has been standardized by the Internet Engineering Task Force (IETF).

FTP is an application layer protocol and runs on top of the TCP/IP protocol. It operates on a client-server model. This means the file transfer connections are initiated by an FTP Client (such as FileZilla) and responded to by an FTP server. Once a connection has been established between the client and the server, files and folders can be transferred (shown in Figure 1).

Figure 1: FTP Server

Yeah, you guessed it, it’s insecure. When FTP was developed and implemented network security wasn’t really a thought. FTP protocol offers no protection for the privacy nor integrity of the files that are transferred, nor does it protect the identities of those communicating. All passwords and data are transferred in cleartext which makes eavesdropping every easy. Hence this protocol should only be utilized in networks that are trusted (What are those today?). In non-trusted networks or public networks, SFTP ( SSH File Transfer Protocol) should be used. We will get into SFTP next week.

I hope you learned and enjoyed this cyberbrief. Please share and leave comments (I enjoy constructive criticism).

References and Further reading

Chung, C. (n.d.). What is FTP? A not-so-basic introduction. Retrieved from https://www.2brightsparks.com/resources/articles/an-introduction-to-ftp.html

FTP Server – Use SFTP for Security and Robustness. (n.d.). Retrieved from https://www.ssh.com/ssh/ftp/server

FTP – Secure File Transfers with SFTP. (n.d.). Retrieved from https://www.ssh.com/ssh/ftp/

APT28 aka Fancy Bear

Posted on April 14, 2020 by ddip

defense-large

APT28 aka Fancy Bear is a Russian hacking group that has been active since 2007. They entered the spotlight in 2016 when they hacked the Democratic National Committee DNC) networks. This group, according to the Department of Homeland Security and the Federal Bureau of Investigation, is linked to the Russian government. APT28 targets insider information related to governments, militaries, and security organizations that would likely benefit the Russian government.

APT28 developers consistently updated their tools over the last seven years. According to FireEye, APT28 malware utilizes modular backdoors that they call CHOPSTICK. This indicates a formal code development environment. This environment would be required to track and define the different modules that can be included in the backdoor. Below is FireEye’s report on APT28 activities that goes into great detail on the group.

Click to access rpt-apt28.pdf

References:

https://www.symantec.com/blogs/election-security/apt28-espionage-military-government

https://www.defenseone.com/technology/2016/12/dnc-hackers-linked-russian-hacks-ukraine-two-years-ago/134098/

First Post

Posted on February 24, 2020 by ddip

First off, I’ve always wanted to start a cybersecurity blog. I’m relatively new to this field so I thought this blog might be a place for me to share what I’m learning and maybe help someone out (like me) along the way. It’s called “CyberBriefs” because that’s what these posts are going to be, brief. They are going to be introductory posts 500 words or less. They will give a general overview of the topic. I plan to write these posts weekly. They will cover everything from cyber history to technical and everything in between. I hope you will subscribe and share. Thank you.

-Dave

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31