HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 13, 2014

Key Articles of Interest

Mcafee: Net Losses: Estimating the Global Cost of Cybercrime
Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion. (PDF)

Banks: Credit Card Breach at P.F. Chang’s
On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator.so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014.

Feedly And Evernote Go Down As Attackers Demand Ransom
CEO of Feedly, Edwin Khodabakchian, said in a short statement: “Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.”


From the Aether to the Ethernet – Attacking the Internet using Broadcast Digital Television
In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. 

ASERT: Illuminating the Etumbot APT Backdoor
Etumbot is a backdoor used in targeted attacks since at least March 2011. Although previous research has covered a related family, IXESHE, little has been discussed regarding Etumbot’s capabilities. ASERT has observed several Etumbot samples using decoy documents involving Taiwanese and Japanese topics of interest, indicating the malware is used in ongoing, targeted campaigns. This report will provide information on the capabilities of Etumbot and associated campaign activity.

DP5: A Private Presence Service
The recent NSA revelations have shown that “address book” and “buddy list” information are routinely targeted for mass interception. As a response to this threat, we present DP5, a cryptographic service that provides privacy-friendly indication of presence to support real-time communications. DP5 allows clients to register and query the online presence of their list of friends while keeping this list secret. Besides presence, high-integrity status updates are sup- ported, to facilitate key update and rendezvous protocols.


Metadata Analysis as an Intelligence Tool
The legality of the National Security Agency’s (NSA’s) use of US citizens’ metadata to identify and track foreign intelligence organizations and their operatives is currently a subject of much debate. Less well understood (and consequently routinely misreported) are the capabilities and limitations of social network analysis, the methodology often used to evaluate this metadata.

The war against cybercrime goes private
Organised cybergangs cost Britain £27bn a year, and tougher laws are proposed. But one 22-year-old has taken matters into his own hands. He takes on international criminals, refuses to be paid, and laughs in the face of danger. He has received death threats, cracked scams and helped police make arrests. Not a bad evening’s work for a man who spends his day on the car assembly line.

PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks
In addition to their common use for private online communications, anonymous communication networks can also be used to circumvent censorship. However, it is difficult to determine the extent to which they are actually used for this purpose without violating the privacy of the networks’ users. Knowing this extend can be useful to design era and researchers who would like to improve the performance and privacy properties of the network. To address the issue, we propose a statistical data collection system, PrivEx.


Cybercriminals Use What Works: Targeted Attack Methodologies for Cybercrime
At the end of 2013, Trend Micro CTO, Raimund Genes, anticipated that this year, cybercriminals will level up via targeted attack methods. This means that the distinct boundaries that lay between the way cybercriminals and threat actors accomplished things—identifying targets, planning, and implementing attacks—in the past will become increasingly indistinct. 


Women in InfoSec: Building Bonds & New Solutions
There have been a lot of articles lately, suggesting a variety of ways to get young women involved in tech. Some of these ideas sound like fantastic and creative ways to make the true appeal of a career in tech more broadly tempting. Some of them…well, not so much. It got me thinking: What was it that actually drew women who have careers in InfoSec into this industry?


Attackers Rely on Social Engineering to Activate Macros in Malicious Office Documents
Microsoft Office documents offer a convenient way to infect systems through the use of macros. However, the attacker needs to persuade victims to enable macros after opening the booby trapped file. Social engineering is an important aspect of these attack strategies.


Thanks for reading! 

If you missed last week's articles of interest, you can find them here

Labels: security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.