When performing research in the cyber security world we often find it hard to identify the proper ethical route and most times question ourselves. But there are some reports present that can help guide us to make the proper ethical decision:
Belmont Report:
-Try to make every effort to respect the person
-Try to get the most benefit with the least harm.
-Everyone should be done justice when spreading the merit
Menlo Report:
-includes all of the three principles from Belmont Report
-Talks about respecting the law and the interest of the public
There is also a program called CREDS that is aimed at looking at and assessing a research project based on some ethical principles. By taking these measures and following certain guidelines researchers in the Cyber Security world can perform research in proper ethical format that not only brings benefits to the world, but is able to do without causing harm.
Read More:
https://www.predict.org/Default.aspx?tabid=157
Sunday, February 28, 2016
Sunday, February 21, 2016
Information vs Intelligence
IP address, exe files, and phising email are observable. We can join these observable and play around with them in order to gain information and then turn that into intelligence. This can be done by tracing IP address to its host and allow exe files to be played with in a test environment.
Most of the time people say intelligence feed is IOC feed. For example, if we find an indicator that is linked with malware X and that this malware is present in our system is good information, but it still cannot answer these questions:
Read more: http://www.isightpartners.com/2015/04/information-vs-intelligence-there-really-is-a-difference/
Most of the time people say intelligence feed is IOC feed. For example, if we find an indicator that is linked with malware X and that this malware is present in our system is good information, but it still cannot answer these questions:
- If an indicator is detected, what role does the identified observable play in the overall threat?
- Does it signify the delivery of a new attack or does it signify the exfiltration of data following a successful compromise?
- How sophisticated is the malware or tools used?
- What is the motivation of the Actors behind the malicious activity?
Read more: http://www.isightpartners.com/2015/04/information-vs-intelligence-there-really-is-a-difference/
Sunday, February 14, 2016
China Disrupts Peace Palace
During a hearing st Peace Palace on July 9, 2015 China was able to use exploit Adobe Flash on Peace Palace website to deliver a message to Philippines and the world that the area around Philippines belongs to China.
China was able to accomplish this by using Google Frame Helper executable file and attaching a malicious DLL file dbghelp.dll.
You can read more about the story By visiting:
https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-belong-to-us/
China was able to accomplish this by using Google Frame Helper executable file and attaching a malicious DLL file dbghelp.dll.
You can read more about the story By visiting:
https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-belong-to-us/
Wednesday, February 3, 2016
BackEngery and KillDisk Attacks
As you might have heard from news that Ukraine has lost power during December 24th and 25th in 2015. And the reason behind this outage was due to malware called BlackEngery. BlackEngery was not something that was developed overnight but actually started coming out in 2014 when it was spotted in some government systems.
BlackEngery attack method was simple: they would send an email with an email address looking like it is coming from the Ukrain parliament and that email would have an attachment. This attachment is similar to a Microsoft excel document which will tell you to run a macro. And when you run this macro you wil be infected by the BlackEnergy malware. BlackEngery malware intention is to corrupt some files that will make the system un-bootable. Also, attacker can combine this BlackEnergy with another malware called wiper that will erase any trails that might be left by the attack.
It was good thing that we were able to encounter of see this attack and some of the damage it can cause. We need to use this attack as an example as a means of building a strategy or intelligence in order to prevent loss of power in any country.
read more: http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/
Subscribe to:
Posts (Atom)