Read the Cyber Risk Report 2015 – Executive Summary and Report Preview the document (Hewlett Packard, 2015), and the article Surveillance programs may cost US tech over $35 billion and its competitive edge (Taylor, 2015).
http://www.techrepublic.com/article/report-surveillance-programs-may-cost-us-tech-over-35-billion-and-its-competitive-edge/ (Links to an external site.) Links to an external site.
Write a paper in APA format answering the following questions - Minimum Two Pages:
1.What were the top threats of 2014?
2.What threats do you think the future holds?
References
Hewlett Packard. (2015). HP Cyber Risk Report 2015. Hewlett-Packard Development Company, L.P.
Taylor, B. (2015, June 29). Report: Surveillance programs may cost US tech over $35 billion and its competitive edge. Retrieved from TechRepublic: http://www.techrepublic.com/article/report-surveillance-programs-may-cost-us-tech-over-35-billion-and-its-competitive-edge/
Read the Cyber Risk Report 2015
–
Executive
Summary and Report
Preview the document
(Hewlett Packard, 2015), and the article Surveillance programs may cost US tech over $35
billion and its competitive edge (Taylor, 2015).
http://www.techrepublic.com/article/report
-
surveillance
-
programs
-
may
-
cost
-
us
-
t
ech
-
over
-
35
-
billion
-
and
-
its
-
competitive
-
edge/ (Links to an external site
.) Links
to an external site.
Write a paper in APA format answering the following questions
-
Minimum Two Pages:
1.What were the top threats of 2014?
2.What threats do you think the future holds?
References
Hewlett Packard. (2015). HP Cyber Risk Report 2015. Hewlett
-
Packard Development Company,
L.P.
Taylor, B. (2015, June 29). Report: Surveillance programs may cost US tech over $35 billion and
its co
mpetitive edge. Retrieved from TechRepublic:
http://www.techrepublic.com/article/report
-
surveillance
-
programs
-
may
-
cost
-
us
-
tech
-
over
-
35
-
billion
-
and
-
its
-
competitive
-
edge/
Read the Cyber Risk Report 2015 – Executive Summary and Report Preview the document
(Hewlett Packard, 2015), and the article Surveillance programs may cost US tech over $35
billion and its competitive edge (Taylor, 2015).
http://www.techrepublic.com/article/report-surveillance-programs-may-cost-us-tech-over-35-
billion-and-its-competitive-edge/ (Links to an external site.) Links to an external site.
Write a paper in APA format answering the following questions - Minimum Two Pages:
1.What were the top threats of 2014?
2.What threats do you think the future holds?
References
Hewlett Packard. (2015). HP Cyber Risk Report 2015. Hewlett-Packard Development Company,
L.P.
Taylor, B. (2015, June 29). Report: Surveillance programs may cost US tech over $35 billion and
its competitive edge. Retrieved from TechRepublic:
http://www.techrepublic.com/article/report-surveillance-programs-may-cost-us-tech-over-35-
billion-and-its-competitive-edge/
Watch the following 4 Ted Talks (links below).
1.http://www.ted.com/ta.
The document analyzes trends in cybersecurity discussions and research in 2014. Key findings include:
1) Malware and data breaches were heavily discussed topics. Mobile malware and Android threats in particular saw increased attention.
2) Security experts' views tended to focus more on negative terms like "targeted attacks" and "exploit kits" compared to the general public.
3) High-profile breaches like Target garnered more initial interest than similar later events, indicating discussion fatigue with repeated security incidents.
The document summarizes key themes from HPE's Cyber Risk Report for 2015. The main themes discussed are:
1) Well-known attacks from past years continue to be successful due to unpatched vulnerabilities in widely used software. Misconfigurations also continue to expose systems.
2) New technologies like mobile devices and the "Internet of Things" introduce new avenues of attack as they connect to networks. Attacks targeted POS systems in 2014.
3) Determined adversaries, including state-sponsored actors, find ways to maintain access to compromised systems despite defenses. North Korea was visible in 2014.
4) Legislation on data privacy and security is increasing in both the US and Europe. Regulations
This document provides an introduction and overview of the Hewlett Packard Enterprise (HPE) Cyber Risk Report for 2016. It discusses the goals and data sources used in the report. It also outlines several key themes in cybersecurity in 2015, including the impacts of major data breaches, challenges with regulations, and a shift toward directly attacking applications. The document previews various topics that will be covered in the full report, such as vulnerabilities, exploits, malware, software analysis, and trends in the security industry.
This document provides an introduction and summary of key themes from the Hewlett Packard Enterprise (HPE) Cyber Risk Report 2016. The report analyzes the 2015 threat landscape based on data from HPE security teams and other sources. Some notable themes discussed include the rise of "collateral damage" from breaches, regulations pushing security research underground, the need to move from point fixes to broader solutions, political pressures attempting to decouple privacy and security efforts, and the industry still struggling with patching vulnerabilities in a timely manner. The full report provides further analysis of trends involving vulnerabilities, exploits, malware, software vulnerabilities, open source security issues, and the security defenses employed by organizations.
This document provides an introduction and overview of the Hewlett Packard Enterprise (HPE) Cyber Risk Report for 2016. It discusses the goals and data sources used in the report. It also outlines several key themes in cybersecurity in 2015, including the impacts of major data breaches, challenges with regulations, and a shift toward directly attacking applications. The document previews various topics that will be covered in the full report, such as vulnerabilities, exploits, malware, software analysis, and defense strategies.
Hewlett Packard Enterprise (HPE) ha pubblicato l’edizione 2016 dello studio HPE Cyber Risk Report, un rapporto che identifica le principali minacce alla sicurezza subite dalle aziende nel corso dell’anno passato. La dissoluzione dei tradizionali perimetri di rete e la maggiore esposizione agli attacchi sottopongono gli specialisti della sicurezza a crescenti sfide per riuscire a proteggere utenti, applicazioni e dati senza tuttavia ostacolare l’innovazione né rallentare le attività aziendali.
La presente edizione del Cyber Risk Report analizza lo scenario delle minacce del 2015, proponendo azioni di intelligence nelle principali aree di rischio, quali la vulnerabilità delle applicazioni, le patch di sicurezza e la crescente monetizzazione del malware. Il report approfondisce inoltre tematiche di settore rilevanti come le nuove normative nell’ambito della ricerca sulla sicurezza, i “danni collaterali” derivanti dal furto di dati importanti, i mutamenti delle agende politiche e il costante dibattito su privacy e sicurezza.
Se le applicazioni web sono una fonte di rischio significativa per le organizzazioni, quelle mobile presentano rischi maggiori e più specifici. Il frequente utilizzo di informazioni personali da parte delle applicazioni mobili genera infatti vulnerabilità nella conservazione e trasmissione di informazioni riservate e sensibili, con circa il 75% delle applicazioni mobili analizzate che presenta almeno una vulnerabilità critica o ad alto rischio rispetto al 35% delle applicazioni non mobili.
Lo sfruttamento delle vulnerabilità software continua a essere un vettore di attacco primario, soprattutto in presenza di vulnerabilità mobili. Basti pensare che, come nel 2014,le prime dieci vulnerabilità sfruttate nel 2015 erano note da oltre un anno e il 68% di esse da tre anni o più. Windows è stata la piattaforma software più colpita nel 2015: il 42% delle prime 20 vulnerabilità scoperte è stato indirizzato a piattaforme e applicazioni Microsoft. Colpisce poi anche un altro dato. Il 29% di tutti gli attacchi condotti con successo nel 2015 ha infatti utilizzato quale vettore di infezione Stuxnet, un codice del 2010 già sottoposto a due patch.
Passando ai malware, i bersagli sono cambiati notevolmente in funzione dell’evoluzione dei trend e di una sempre maggiore focalizzazione sull’opportunità di trarre guadagno. Il numero di minacce, malware e applicazioni potenzialmente indesiderate per Android è cresciuto del 153% da un anno all’altro: ogni giorno vengono scoperte oltre 10.000 nuove minacce. Apple iOS ha registrato le percentuali di crescita maggiori, con un incremento delle tipologie di malware di oltre il 230% anno su anno.
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
We offered companies free penetration tests so they could improve their security and better cope with the emerging cyberattacks.
The report covers top security issues we found and experts' recommendations to avoid attacks that disrupt businesses.
The document analyzes trends in cybersecurity discussions and research in 2014. Key findings include:
1) Malware and data breaches were heavily discussed topics. Mobile malware and Android threats in particular saw increased attention.
2) Security experts' views tended to focus more on negative terms like "targeted attacks" and "exploit kits" compared to the general public.
3) High-profile breaches like Target garnered more initial interest than similar later events, indicating discussion fatigue with repeated security incidents.
The document summarizes key themes from HPE's Cyber Risk Report for 2015. The main themes discussed are:
1) Well-known attacks from past years continue to be successful due to unpatched vulnerabilities in widely used software. Misconfigurations also continue to expose systems.
2) New technologies like mobile devices and the "Internet of Things" introduce new avenues of attack as they connect to networks. Attacks targeted POS systems in 2014.
3) Determined adversaries, including state-sponsored actors, find ways to maintain access to compromised systems despite defenses. North Korea was visible in 2014.
4) Legislation on data privacy and security is increasing in both the US and Europe. Regulations
This document provides an introduction and overview of the Hewlett Packard Enterprise (HPE) Cyber Risk Report for 2016. It discusses the goals and data sources used in the report. It also outlines several key themes in cybersecurity in 2015, including the impacts of major data breaches, challenges with regulations, and a shift toward directly attacking applications. The document previews various topics that will be covered in the full report, such as vulnerabilities, exploits, malware, software analysis, and trends in the security industry.
This document provides an introduction and summary of key themes from the Hewlett Packard Enterprise (HPE) Cyber Risk Report 2016. The report analyzes the 2015 threat landscape based on data from HPE security teams and other sources. Some notable themes discussed include the rise of "collateral damage" from breaches, regulations pushing security research underground, the need to move from point fixes to broader solutions, political pressures attempting to decouple privacy and security efforts, and the industry still struggling with patching vulnerabilities in a timely manner. The full report provides further analysis of trends involving vulnerabilities, exploits, malware, software vulnerabilities, open source security issues, and the security defenses employed by organizations.
This document provides an introduction and overview of the Hewlett Packard Enterprise (HPE) Cyber Risk Report for 2016. It discusses the goals and data sources used in the report. It also outlines several key themes in cybersecurity in 2015, including the impacts of major data breaches, challenges with regulations, and a shift toward directly attacking applications. The document previews various topics that will be covered in the full report, such as vulnerabilities, exploits, malware, software analysis, and defense strategies.
Hewlett Packard Enterprise (HPE) ha pubblicato l’edizione 2016 dello studio HPE Cyber Risk Report, un rapporto che identifica le principali minacce alla sicurezza subite dalle aziende nel corso dell’anno passato. La dissoluzione dei tradizionali perimetri di rete e la maggiore esposizione agli attacchi sottopongono gli specialisti della sicurezza a crescenti sfide per riuscire a proteggere utenti, applicazioni e dati senza tuttavia ostacolare l’innovazione né rallentare le attività aziendali.
La presente edizione del Cyber Risk Report analizza lo scenario delle minacce del 2015, proponendo azioni di intelligence nelle principali aree di rischio, quali la vulnerabilità delle applicazioni, le patch di sicurezza e la crescente monetizzazione del malware. Il report approfondisce inoltre tematiche di settore rilevanti come le nuove normative nell’ambito della ricerca sulla sicurezza, i “danni collaterali” derivanti dal furto di dati importanti, i mutamenti delle agende politiche e il costante dibattito su privacy e sicurezza.
Se le applicazioni web sono una fonte di rischio significativa per le organizzazioni, quelle mobile presentano rischi maggiori e più specifici. Il frequente utilizzo di informazioni personali da parte delle applicazioni mobili genera infatti vulnerabilità nella conservazione e trasmissione di informazioni riservate e sensibili, con circa il 75% delle applicazioni mobili analizzate che presenta almeno una vulnerabilità critica o ad alto rischio rispetto al 35% delle applicazioni non mobili.
Lo sfruttamento delle vulnerabilità software continua a essere un vettore di attacco primario, soprattutto in presenza di vulnerabilità mobili. Basti pensare che, come nel 2014,le prime dieci vulnerabilità sfruttate nel 2015 erano note da oltre un anno e il 68% di esse da tre anni o più. Windows è stata la piattaforma software più colpita nel 2015: il 42% delle prime 20 vulnerabilità scoperte è stato indirizzato a piattaforme e applicazioni Microsoft. Colpisce poi anche un altro dato. Il 29% di tutti gli attacchi condotti con successo nel 2015 ha infatti utilizzato quale vettore di infezione Stuxnet, un codice del 2010 già sottoposto a due patch.
Passando ai malware, i bersagli sono cambiati notevolmente in funzione dell’evoluzione dei trend e di una sempre maggiore focalizzazione sull’opportunità di trarre guadagno. Il numero di minacce, malware e applicazioni potenzialmente indesiderate per Android è cresciuto del 153% da un anno all’altro: ogni giorno vengono scoperte oltre 10.000 nuove minacce. Apple iOS ha registrato le percentuali di crescita maggiori, con un incremento delle tipologie di malware di oltre il 230% anno su anno.
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
We offered companies free penetration tests so they could improve their security and better cope with the emerging cyberattacks.
The report covers top security issues we found and experts' recommendations to avoid attacks that disrupt businesses.
We need Paper on Risk Assessment for the organization (NASA). Th.docxcelenarouzie
We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links.
http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf
https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf
https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf
https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf
The following sections are missing:
• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
• Training: specify a training frequency
• Plan testing: How (and how often) will you test the plan?
• Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.
• Incident Notification: What happens when an incident is detected?
• Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?
Read about the Final Project, "Inclusive Voices," Instructions
Purpose:
to show how a not-so-well-known person or movements’ emergent truth pushes back against dominant cultures’ non-inclusive or discriminatory narrative through using their voice and actions to disrupt, and create positive change.
Method:
1. Conduct research and write an APA formatted Research Essay using 3-5 sources
2. Then from the content of the Research Essay create your Final Presentation. Your Final Presentation, "Inclusive Voices," will teach your reader/viewer what you discovered from conducting your research through a recorded poster presentation, video presentation, or voice-narrated PowerPoint presentation.
3. Create a Script that you will use to present your Final Presentation
Ultimately, you will use the questions below to write your paper and drive the content and organization of your presentation. Completing your research should be organized in the following way and answer the following questions about your person/movement:
The introduction should briefly introduce and state the issue to be examined. It should start with creative, attention-getting hook then state why you chose the person/movement, show how you will critically evaluate the person or movement you chose, and provide a clear thesis statement.
The body of your paper contains information that explains who the person/movement is, what they did, and then provides a status update. The sub-headers used in APA formatting provide your divisions.
(Sub-header:) Who are/were they?
This sections answers the question who are they? This defines them and their power and limitations in the culture of the time. This section provides any historical information that is relevant about them personally.
(Sub-header:) What was happening in culture of the time?
Here you will give some perspective about events and attitudes of the time and what happened that allowed a space for their voice. What was going on in dominant culture at the time that allowed for their entry point into the cultural narrative?
(Sub-header:) What did they do?
This.
Matt_Cyber Security Core Deck September 2016.pptxNakhoudah
The document discusses trends in the cyber security market and the chief information security officer (CISO) role. It notes the growing threat of cyber attacks and increasing importance of the CISO position. The CISO role has evolved from a technical role to require business skills to communicate cyber risk to executives. The document also discusses cyber security organization structures, emerging CISO profiles, and competencies for different types of CISOs. Finally, it briefly mentions the talent implications of digital transformation, including new roles in data analytics and existing roles requiring digital skills.
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application.
The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.
The article discusses DoDTechipedia, a wiki created by the Department of Defense to facilitate collaboration and communication among DoD scientists, engineers, program managers, and operational personnel. DoDTechipedia aims to help share technical information, identify solutions to technological challenges, and avoid duplication of efforts. It contains information on topics like RIPRNET wireless communications systems, GPS satellite programs, and cybersecurity tools. The wiki allows users to directly contribute content, network, and discuss technology solutions to support national security goals more rapidly.
The document is the March 2015 newsletter of the Graduate Information Technology Association (GITA). It includes the following:
- Leadership team and guest speaker for the upcoming meeting on internet of things.
- Summary of the previous meeting presentation on skills for career success.
- Updates on current IT projects including security, databases, Facebook, and the homeroom.
- Articles on cyber security job demand, using drones for archaeology, and wireless charging technology.
- Announcements about mentoring interns, community outreach projects, and help wanted positions.
Academic PaperCurrent Cybersecurity Trends A PowerPoint prese.docxbartholomeocoombs
Academic Paper
Current Cybersecurity Trends: A PowerPoint presentation based on research into a current trend in cybersecurity.
Select and research one of the following topics and prepare a powerpoint presentation:
1. Cyber Insurance: Many organisations are investigating the potential benefits of purchasing cyber insurance. However, there are various aspects to be considered beyond the potential financial compensation should an attack occur. How does contemporary cyber insurance function, and what are the potential benefits and risks to organisations considering cyber insurance?
2. Internet of Things (IoT) Security: The ubiquity of connected devices continues to grow, and with this growth comes associated security risks as we become more reliant on these devices for our everyday activities. What are the key security factors to be considered when deploying IoT devices and how can the major threats against these devices be mitigated?
3. Security Issues with 'Shadow IT' and BYOD: The organisational IT landscape and culture are shifting with less centralised control and an increase in the diversity of services and devices. Managing the security issues associated with this new environment is a substantial challenge for practitioners. What are the major tools and techniques, both technical and managerial, that organisations can leverage to address the inherent risks while still facilitating adequate flexibility?
4. Encrypted Communications: The issue of encrypted communications has received extensive media coverage in recent times. There are a wide variety of differing perspectives on the topic of who should hold encryption keys and/or the means to retrieve plaintext communications content (e.g. governments vs corporations vs users). What are the differing perspectives on this topic and how can they be reconciled?
You should prepare and submit a 1000 word PowerPoint presentation. A minimum of five references from scholarly books, academic journals or conference proceedings is required for this assessment.
However, substantially more references are recommended. Use the Harvard referencing style and include the references either directly on your slides or in the notes section of each slide. The use of third party infographics (i.e. those not developed by you) is not permitted in this presentation.
.
Defense Report began the process of looking beyond
headline-grabbing breaches and the nth stage in the
evolution of cyberthreats to better understand the
perceptions, concerns, and priorities of the IT security
professionals charged with defending today’s networks.
Representative findings from that first report included
the revelation that one in four security professionals
doubts whether their organization has invested
adequately in cyberthreat defenses, the identification of
mobile devices as IT security’s “weakest link,” and the
expectation that more than three-quarters of businesses
will adopt bring-your-own-device (BYOD) policies by
2016.
This document is a website security statistics report from 2015 that analyzes vulnerability data from tens of thousands of websites. Some of the key findings include:
- Compliance-driven organizations have the lowest average number of vulnerabilities but the highest remediation rates, while risk reduction-driven organizations have more vulnerabilities but fix them faster.
- Feeding vulnerability results back to development teams significantly reduces vulnerabilities, speeds up fixes, and increases remediation rates.
- Performing static code analysis more frequently is correlated with faster vulnerability fix times.
- Ad hoc code reviews of high-risk applications appear to be one of the most effective activities at reducing vulnerabilities.
- There is no clear evidence that any particular "best practice"
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government InsightsSplunk
The document outlines an agenda for a Virtual Gov Day event hosted by Splunk. The agenda includes a welcome and keynote presentation, customer use case presentations on security and business analytics, and concurrent breakout sessions on Splunk for security, IT operations, and application delivery. It also includes a presentation by an IDC analyst on challenges governments face with big data and how operational intelligence can help address issues around data management, timely decision-making, and use cases in security, IT operations, and industrial/IoT applications.
The report for Q1 2018 includes:
- WatchGuard Firebox Feed Trends. In this regular section, we analyze threat intelligence shared by tens of thousands of WatchGuard security appliances. This analysis includes details about the top malware and network attacks we saw globally throughout the quarter. Using that data, we identify the top attack trends, and how you might defend against them.
- Top Story: GitHub DDoS Attack In Q1 2018, attackers launched a record-breaking distributed denial of service (DDoS) attack against GitHub using a technique called UDP amplification. In this section we analyze this attack and describe how the lesser-known Memcached service allowed this huge amplification.
- Announcing The 443 Podcast Rather than our normal threat research section, this quarter we announce a new podcast from the WatchGuard Threat Labs team, and the authors of this report. Learn what this new podcast contains and come subscribe wherever podcasts are found.
- The Latest Defense Tips As usual, this report isn’t just meant to inform you of the latest threats, but to help you update your defenses based on the latest attacks. Throughout the report, we share defensive learnings and tips, with a summary of the most important defenses at the end.
Cyberthreat Defense Report Edge 2017-cdr-report
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering, Cyber Security, Encryption Security Protocols, Re-Certifying Cisco Architect in process
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
Finjan is a technology company committed to investing in innovation, advancing the development of new technologies while promoting the value of IP rights.
This document discusses various types of security assessments, including technical security testing, security process assessments, and security audits. It provides details on vulnerability assessments, network penetration testing, web application penetration testing, and source code analysis. It also discusses security process reviews and the differences between security assessments and security audits.
Verizon Publishes 2020 Data Breach Investigation Report (DBIR) With Insights From Thousands of Confirmed Breaches. Verizon's 2020 Data Breach Investigations Report (DBIR) is the most extensive yet, with 81 contributing organizations, and more than 32,000 incidents analyzed (of which 3,950 were confirmed breaches). Credit:Verizon
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Many organizations are not effectively managing applications and vulnerabilities on endpoints. Costs are increasing mainly due to lost productivity and IT staff time spent addressing malware incidents.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). Respondents reported that malware attacks were among the most frequent network incidents and had increased over the past year for many organizations. The top security risks for the coming year were identified as advanced persistent threats, insider threats, and web-based threats. However, many organizations are not effectively addressing these risks through technology solutions or application and policy management.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Current endpoint security approaches were found to be ineffective and costly. IT operating costs were rising mainly due to lost productivity and increased malware incidents.
The document provides an introduction and overview of the Nuix Black Report, which aims to take a unique perspective on cybersecurity threats by directly surveying hackers about their attack methodologies. It notes that typical cybersecurity reports analyze past incidents and trends, but this report seeks to understand the source of threats by asking attackers about their tactics and which defenses are most and least effective. The report found that perceptions of effective defenses often do not align with reality. It aims to illuminate which security measures actually improve protections based on hacker feedback. This perspective could provide new insights on how to best allocate security resources.
Read the following set of facts and identify all the instances w.docxfterry1
Read the following set of facts and identify all the instances where the law enforcement officials violated someone’s Fourth Amendment rights against illegal searches and seizures. All of the acts identified should be subject to the exclusionary rule and the evidence obtained from the illegal act should be excluded in court.
One beautiful Thursday afternoon, Donnie is hanging out with three his friends in Houston, Texas. Donnie’s friends get the idea to rob a local bank and use the stolen money on video games and drugs.
Donnie helps complete details for the bank robbery and the four young men set off to the nearest bank. Donnie and his friends carry out the robbery by storming the bank, pointing guns at bank patrons and staff and threatening to kill anyone who does not cooperate. Unbeknownst to Donnie and his friends, one of the bank employees set off a silent alarm just before Donnie and this co-conspirators leave the bank with cash and personal items of the people inside. The police get the tip and are on the move to find Donnie and the other bank robbers.
Upon leaving the bank and hopping into their getaway car, Donnie has the idea to have the group split up so the police cannot catch all of them. They all agree that if any of them are caught, they will not snitch on the others. The guys part ways just one mile from the bank they just robbed. Despite all of their efforts, the police are unable to locate the four men and the case turns cold.
Owen, police officer #1, believes he sees one of the robbers walking through an apartment complex about three days after the robbery. Owen cleverly follows the young man. Owen briefly loses sight of the suspect when he walks behind one of the apartment buildings. Owen believes the suspect went into an apartment marked 4D. However, thinks he hears the sound of Snoop Lion music playing from apartment 6D, an apartment across the courtyard from 4D. Under the belief that anyone who listens to Snoop Lion is smoking marijuana, Owen kicks down the door to 6D and immediately observes the smell of marijuana. He follows his nose to a back room where he finds marijuana growing in a closet. While he is in the closet he searches between the clothes and find guns with the serial numbers scratched off. Just then, he remembers that the suspect did not come into this apartment, so he got back into his squad car with the illegal items he found and drove back to the police station.
The next day, Tom, police officer #2, believes he saw another bank robbery suspect get into a car that was parked on the street and drive away. Tom follows the car and pulls the driver over. When he walks up to the car, he sees that the driver is a woman. Although Tom has been told that he is looking for four men who were involved in the robbery, he asks the woman out of the car to search it. He figured he had already stopped her, he may as well see if she has anything on her. As Tom is searching the car, he finds thousands of dollar.
Read the following scenarioEmma and Isabella attend the f.docxfterry1
Read
the following scenario:
Emma and Isabella attend the front office at an urgent care facility. They have worked together for over 5 years and enjoy collaborating on projects. As their manager, you have asked them to work together to create a team training on effective communication in the workplace.
Emma feels that it is important to provide hands-on learning (e.g., role play) while Isabella feels that a lecture is the most appropriate format for this team. Emma defends her point by saying that her sister has been a teacher for 10 years, and she has proven that hands-on learning increases the engagement and likelihood of remembering the training material.
Isabella feels that Emma does not account for her 10 years of experience in the medical office and voices her disgust with Emma and her lack of appreciation for her experience. Isabella storms off and leaves Emma to finish the work.
Emma approaches the manager and complains that she has been left to complete the training because Isabella refuses to talk or work with her.
Write
a 500- to 750-word paper that discusses how you would handle the situation. Complete the following in your paper:
Describe the type of conflict illustrated in the scenario.
Identify the strategies the manager could use to resolve the conflict between Emma and Isabella to create a supportive climate again.
Explain how the defensive climate created by the conflict will affect the workplace relationship between Emma and Isabella.
Discuss the impact it could have on the other clinic staff and the consumers who use the clinic.
Cite
any references to support your assignment.
Follow APA formatting
.
More Related Content
Similar to Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx
We need Paper on Risk Assessment for the organization (NASA). Th.docxcelenarouzie
We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links.
http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf
https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf
https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf
https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf
The following sections are missing:
• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
• Training: specify a training frequency
• Plan testing: How (and how often) will you test the plan?
• Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.
• Incident Notification: What happens when an incident is detected?
• Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?
Read about the Final Project, "Inclusive Voices," Instructions
Purpose:
to show how a not-so-well-known person or movements’ emergent truth pushes back against dominant cultures’ non-inclusive or discriminatory narrative through using their voice and actions to disrupt, and create positive change.
Method:
1. Conduct research and write an APA formatted Research Essay using 3-5 sources
2. Then from the content of the Research Essay create your Final Presentation. Your Final Presentation, "Inclusive Voices," will teach your reader/viewer what you discovered from conducting your research through a recorded poster presentation, video presentation, or voice-narrated PowerPoint presentation.
3. Create a Script that you will use to present your Final Presentation
Ultimately, you will use the questions below to write your paper and drive the content and organization of your presentation. Completing your research should be organized in the following way and answer the following questions about your person/movement:
The introduction should briefly introduce and state the issue to be examined. It should start with creative, attention-getting hook then state why you chose the person/movement, show how you will critically evaluate the person or movement you chose, and provide a clear thesis statement.
The body of your paper contains information that explains who the person/movement is, what they did, and then provides a status update. The sub-headers used in APA formatting provide your divisions.
(Sub-header:) Who are/were they?
This sections answers the question who are they? This defines them and their power and limitations in the culture of the time. This section provides any historical information that is relevant about them personally.
(Sub-header:) What was happening in culture of the time?
Here you will give some perspective about events and attitudes of the time and what happened that allowed a space for their voice. What was going on in dominant culture at the time that allowed for their entry point into the cultural narrative?
(Sub-header:) What did they do?
This.
Matt_Cyber Security Core Deck September 2016.pptxNakhoudah
The document discusses trends in the cyber security market and the chief information security officer (CISO) role. It notes the growing threat of cyber attacks and increasing importance of the CISO position. The CISO role has evolved from a technical role to require business skills to communicate cyber risk to executives. The document also discusses cyber security organization structures, emerging CISO profiles, and competencies for different types of CISOs. Finally, it briefly mentions the talent implications of digital transformation, including new roles in data analytics and existing roles requiring digital skills.
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application.
The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.
The article discusses DoDTechipedia, a wiki created by the Department of Defense to facilitate collaboration and communication among DoD scientists, engineers, program managers, and operational personnel. DoDTechipedia aims to help share technical information, identify solutions to technological challenges, and avoid duplication of efforts. It contains information on topics like RIPRNET wireless communications systems, GPS satellite programs, and cybersecurity tools. The wiki allows users to directly contribute content, network, and discuss technology solutions to support national security goals more rapidly.
The document is the March 2015 newsletter of the Graduate Information Technology Association (GITA). It includes the following:
- Leadership team and guest speaker for the upcoming meeting on internet of things.
- Summary of the previous meeting presentation on skills for career success.
- Updates on current IT projects including security, databases, Facebook, and the homeroom.
- Articles on cyber security job demand, using drones for archaeology, and wireless charging technology.
- Announcements about mentoring interns, community outreach projects, and help wanted positions.
Academic PaperCurrent Cybersecurity Trends A PowerPoint prese.docxbartholomeocoombs
Academic Paper
Current Cybersecurity Trends: A PowerPoint presentation based on research into a current trend in cybersecurity.
Select and research one of the following topics and prepare a powerpoint presentation:
1. Cyber Insurance: Many organisations are investigating the potential benefits of purchasing cyber insurance. However, there are various aspects to be considered beyond the potential financial compensation should an attack occur. How does contemporary cyber insurance function, and what are the potential benefits and risks to organisations considering cyber insurance?
2. Internet of Things (IoT) Security: The ubiquity of connected devices continues to grow, and with this growth comes associated security risks as we become more reliant on these devices for our everyday activities. What are the key security factors to be considered when deploying IoT devices and how can the major threats against these devices be mitigated?
3. Security Issues with 'Shadow IT' and BYOD: The organisational IT landscape and culture are shifting with less centralised control and an increase in the diversity of services and devices. Managing the security issues associated with this new environment is a substantial challenge for practitioners. What are the major tools and techniques, both technical and managerial, that organisations can leverage to address the inherent risks while still facilitating adequate flexibility?
4. Encrypted Communications: The issue of encrypted communications has received extensive media coverage in recent times. There are a wide variety of differing perspectives on the topic of who should hold encryption keys and/or the means to retrieve plaintext communications content (e.g. governments vs corporations vs users). What are the differing perspectives on this topic and how can they be reconciled?
You should prepare and submit a 1000 word PowerPoint presentation. A minimum of five references from scholarly books, academic journals or conference proceedings is required for this assessment.
However, substantially more references are recommended. Use the Harvard referencing style and include the references either directly on your slides or in the notes section of each slide. The use of third party infographics (i.e. those not developed by you) is not permitted in this presentation.
.
Defense Report began the process of looking beyond
headline-grabbing breaches and the nth stage in the
evolution of cyberthreats to better understand the
perceptions, concerns, and priorities of the IT security
professionals charged with defending today’s networks.
Representative findings from that first report included
the revelation that one in four security professionals
doubts whether their organization has invested
adequately in cyberthreat defenses, the identification of
mobile devices as IT security’s “weakest link,” and the
expectation that more than three-quarters of businesses
will adopt bring-your-own-device (BYOD) policies by
2016.
This document is a website security statistics report from 2015 that analyzes vulnerability data from tens of thousands of websites. Some of the key findings include:
- Compliance-driven organizations have the lowest average number of vulnerabilities but the highest remediation rates, while risk reduction-driven organizations have more vulnerabilities but fix them faster.
- Feeding vulnerability results back to development teams significantly reduces vulnerabilities, speeds up fixes, and increases remediation rates.
- Performing static code analysis more frequently is correlated with faster vulnerability fix times.
- Ad hoc code reviews of high-risk applications appear to be one of the most effective activities at reducing vulnerabilities.
- There is no clear evidence that any particular "best practice"
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government InsightsSplunk
The document outlines an agenda for a Virtual Gov Day event hosted by Splunk. The agenda includes a welcome and keynote presentation, customer use case presentations on security and business analytics, and concurrent breakout sessions on Splunk for security, IT operations, and application delivery. It also includes a presentation by an IDC analyst on challenges governments face with big data and how operational intelligence can help address issues around data management, timely decision-making, and use cases in security, IT operations, and industrial/IoT applications.
The report for Q1 2018 includes:
- WatchGuard Firebox Feed Trends. In this regular section, we analyze threat intelligence shared by tens of thousands of WatchGuard security appliances. This analysis includes details about the top malware and network attacks we saw globally throughout the quarter. Using that data, we identify the top attack trends, and how you might defend against them.
- Top Story: GitHub DDoS Attack In Q1 2018, attackers launched a record-breaking distributed denial of service (DDoS) attack against GitHub using a technique called UDP amplification. In this section we analyze this attack and describe how the lesser-known Memcached service allowed this huge amplification.
- Announcing The 443 Podcast Rather than our normal threat research section, this quarter we announce a new podcast from the WatchGuard Threat Labs team, and the authors of this report. Learn what this new podcast contains and come subscribe wherever podcasts are found.
- The Latest Defense Tips As usual, this report isn’t just meant to inform you of the latest threats, but to help you update your defenses based on the latest attacks. Throughout the report, we share defensive learnings and tips, with a summary of the most important defenses at the end.
Cyberthreat Defense Report Edge 2017-cdr-report
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering, Cyber Security, Encryption Security Protocols, Re-Certifying Cisco Architect in process
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
Finjan is a technology company committed to investing in innovation, advancing the development of new technologies while promoting the value of IP rights.
This document discusses various types of security assessments, including technical security testing, security process assessments, and security audits. It provides details on vulnerability assessments, network penetration testing, web application penetration testing, and source code analysis. It also discusses security process reviews and the differences between security assessments and security audits.
Verizon Publishes 2020 Data Breach Investigation Report (DBIR) With Insights From Thousands of Confirmed Breaches. Verizon's 2020 Data Breach Investigations Report (DBIR) is the most extensive yet, with 81 contributing organizations, and more than 32,000 incidents analyzed (of which 3,950 were confirmed breaches). Credit:Verizon
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Many organizations are not effectively managing applications and vulnerabilities on endpoints. Costs are increasing mainly due to lost productivity and IT staff time spent addressing malware incidents.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). Respondents reported that malware attacks were among the most frequent network incidents and had increased over the past year for many organizations. The top security risks for the coming year were identified as advanced persistent threats, insider threats, and web-based threats. However, many organizations are not effectively addressing these risks through technology solutions or application and policy management.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Current endpoint security approaches were found to be ineffective and costly. IT operating costs were rising mainly due to lost productivity and increased malware incidents.
The document provides an introduction and overview of the Nuix Black Report, which aims to take a unique perspective on cybersecurity threats by directly surveying hackers about their attack methodologies. It notes that typical cybersecurity reports analyze past incidents and trends, but this report seeks to understand the source of threats by asking attackers about their tactics and which defenses are most and least effective. The report found that perceptions of effective defenses often do not align with reality. It aims to illuminate which security measures actually improve protections based on hacker feedback. This perspective could provide new insights on how to best allocate security resources.
Similar to Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx (20)
Read the following set of facts and identify all the instances w.docxfterry1
Read the following set of facts and identify all the instances where the law enforcement officials violated someone’s Fourth Amendment rights against illegal searches and seizures. All of the acts identified should be subject to the exclusionary rule and the evidence obtained from the illegal act should be excluded in court.
One beautiful Thursday afternoon, Donnie is hanging out with three his friends in Houston, Texas. Donnie’s friends get the idea to rob a local bank and use the stolen money on video games and drugs.
Donnie helps complete details for the bank robbery and the four young men set off to the nearest bank. Donnie and his friends carry out the robbery by storming the bank, pointing guns at bank patrons and staff and threatening to kill anyone who does not cooperate. Unbeknownst to Donnie and his friends, one of the bank employees set off a silent alarm just before Donnie and this co-conspirators leave the bank with cash and personal items of the people inside. The police get the tip and are on the move to find Donnie and the other bank robbers.
Upon leaving the bank and hopping into their getaway car, Donnie has the idea to have the group split up so the police cannot catch all of them. They all agree that if any of them are caught, they will not snitch on the others. The guys part ways just one mile from the bank they just robbed. Despite all of their efforts, the police are unable to locate the four men and the case turns cold.
Owen, police officer #1, believes he sees one of the robbers walking through an apartment complex about three days after the robbery. Owen cleverly follows the young man. Owen briefly loses sight of the suspect when he walks behind one of the apartment buildings. Owen believes the suspect went into an apartment marked 4D. However, thinks he hears the sound of Snoop Lion music playing from apartment 6D, an apartment across the courtyard from 4D. Under the belief that anyone who listens to Snoop Lion is smoking marijuana, Owen kicks down the door to 6D and immediately observes the smell of marijuana. He follows his nose to a back room where he finds marijuana growing in a closet. While he is in the closet he searches between the clothes and find guns with the serial numbers scratched off. Just then, he remembers that the suspect did not come into this apartment, so he got back into his squad car with the illegal items he found and drove back to the police station.
The next day, Tom, police officer #2, believes he saw another bank robbery suspect get into a car that was parked on the street and drive away. Tom follows the car and pulls the driver over. When he walks up to the car, he sees that the driver is a woman. Although Tom has been told that he is looking for four men who were involved in the robbery, he asks the woman out of the car to search it. He figured he had already stopped her, he may as well see if she has anything on her. As Tom is searching the car, he finds thousands of dollar.
Read the following scenarioEmma and Isabella attend the f.docxfterry1
Read
the following scenario:
Emma and Isabella attend the front office at an urgent care facility. They have worked together for over 5 years and enjoy collaborating on projects. As their manager, you have asked them to work together to create a team training on effective communication in the workplace.
Emma feels that it is important to provide hands-on learning (e.g., role play) while Isabella feels that a lecture is the most appropriate format for this team. Emma defends her point by saying that her sister has been a teacher for 10 years, and she has proven that hands-on learning increases the engagement and likelihood of remembering the training material.
Isabella feels that Emma does not account for her 10 years of experience in the medical office and voices her disgust with Emma and her lack of appreciation for her experience. Isabella storms off and leaves Emma to finish the work.
Emma approaches the manager and complains that she has been left to complete the training because Isabella refuses to talk or work with her.
Write
a 500- to 750-word paper that discusses how you would handle the situation. Complete the following in your paper:
Describe the type of conflict illustrated in the scenario.
Identify the strategies the manager could use to resolve the conflict between Emma and Isabella to create a supportive climate again.
Explain how the defensive climate created by the conflict will affect the workplace relationship between Emma and Isabella.
Discuss the impact it could have on the other clinic staff and the consumers who use the clinic.
Cite
any references to support your assignment.
Follow APA formatting
.
Read the following scenario •In 1979, the Three Mil.docxfterry1
Read
the following scenario:
•
In 1979, the Three Mile Island nuclear reactor malfunctioned, releasing radiation into the environment. There were no immediate deaths or injuries resulting from the incident; however, the accident drew much media attention and created concerns in the local area and beyond. The major forms of communication used to report these events were the three major television networks and local radio stations.
In 2005, Hurricane Katrina devastated the New Orleans area and immersed a significant part of the city in water. Local citizens and their families were affected. In contrast to the Three Mile Island incident, newer communication technologies, such as the Internet, were used to disseminate information.
Today, you are the director of a regional Emergency Management Office. You begin receiving official reports that the public water supplies of several towns in the area have become contaminated with a life-threatening biological agent. Contingency plans must be addressed within the organization and with the public without creating a panic.
Write
a 1,400- to 1,750-word paper on essential communication in a community crisis situation described in the scenario.
Include
the following in your paper:
•
The individuals or groups that will be communicating inside and outside the organization during this crisis situation
•
Potential advantages and challenges associated with communicating within the organization and with the public and private sectors during this crisis situation
•
Differences in communication processes used in crisis situations, including what you learned from the situations in the scenario and how you might incorporate that knowledge to improve health care communication strategies
•
Appropriate technology, such as social media, affecting communication during the crisis situation and how these technologies may be used to enhance communication
•
How technology might be used differently now than it was during the crisis situations described in the scenario
•
Media opportunities during this management crisis
Cite
a minimum of three sources, Electronic Reserve Readings, to support your position.
Format
your paper consistent with APA guidelines.
.
Read the following scenario Pretorious Manufacturing has just hired.docxfterry1
Read the following scenario: Pretorious Manufacturing has just hired a new controller, Diana Metcalf. During her first week on the job, Diana was asked to establish a budget for operating expenses in 2014. Since Diana was not yet familiar with the operations of Pretorious Manufacturing, she decided to budget these expenses using the same procedures as the prior controller. Therefore, in order to establish a budget for operating expenses, Diana started with actual operating expenses incurred in 2013 and added 4.3 percent. Diana based this
percentage on inflation as measured by the consumer price index. ○ Comment on the effectiveness of Diana’s budgeting strategy. Be sure to use concepts and principles from the text
250 words
.
Read the following scenario about Mary. Based upon the information i.docxfterry1
Read the following scenario about Mary. Based upon the information in the text and your own online research, discuss Mary’s ethical options. What do you think that she should do?
Mary recently graduated from college and landed her first corporate job. She works as an administrative assistant for an international corporation that manufactures home decorations in the USA and Europe. On many occasions she had had to travel to Europe to assist company executives conduct business in a wide variety of countries. She had a primary boss in the USA and many secondary bosses in a variety of European countries. On the job only four months, Mary feels that she is already starting to loose her idealism about business. She has heard of and observed employees coming to work intoxicated – even sneaking drinks at work. She has seen employees routinely arrive late for work and leave early. Fifteen minute breaks and thirty minute lunches often last twice as long.
Employees routinely use their computers for sending and receiving personal emails, shopping online, checking horoscopes, and the weather, even gambling. And all of that happened in just her department in the USA and Europe. The department manager is very laid back. Mary has tried to talk with him about these problems, but he seems unable or unwilling to confront the problems. It appears to Mary that he wants the employees to like him, and the employees are taking advantage of that. Mary is growing more and more frustrated. She prides herself as a hard worker and assumed the other employees would be too. Mary is tempted to give up and join the other employees, getting paid for doing as little as possible. But she knows that she would not be able to respect herself. She is tempted to go over her managers’ head to his supervisor and complain about the problems. But that would alienate her direct supervisors and the other employees. She has not been at the company long enough to request a transfer, and quitting her job after four months does not seem like a good career move. She is sitting at her desk wondering what she should do.
In response to this scenario, answer the following questions:
Using the internet, the library, and your textbook, compare and contrast the rights of employees and the responsibilities of employers in the United States and Europe. Are the laws, customs, and cultures different?
If Mary chooses to file a formal complaint with a government agency, what challenges will she face?
What kind of reaction will Mary get from her supervisors in the United States and Europe?
Finally, advise Mary on what course of action she should take.
THIS PAPER NEEDS TO BE IN APA FORMAT WITH ABSTRACT, INTRODUCTION, BODY, REFERENCES
.
Read the following scenario about Kaiser Permanente’s Innovati.docxfterry1
Read
the following scenario about Kaiser Permanente’s Innovations Consultancy section from Ch. 12, “The Effective Change Manager: What Does It Take?,” of
Managing Organizational Change: A Multiple Perspectives Approach
:
Scenario: Kaiser Permanente’s Innovations Consultancy
Lew McCreary (2010) describes how Kaiser Permanente, a managed care consortium based in Oakland, California, has developed a novel approach to innovation and improvement. The company set up its own internal Innovation Consultancy unit. This unit employs change experts to observe people, ask them how they feel about their work, take notes and photographs, make drawings, and identify better ways of doing things. This involves, McCreary (p. 92) suggests, “a combination of anthropology, journalism, and empathy,” exploring how staff and patients live, work, think, and feel before trying to solve a problem.
A key part of the approach involves “uncovering the untold story”—finding out “what is really going on here?” For example, to prevent nurses being interrupted during medication rounds, and thus to reduce errors, a “deep dive” event was held, including nurses, doctors, pharmacists, and patients. The event generated around 400 ideas, some straightforward and some “outlandish.” This led to the design of a smock that said “leave me alone” on it (known as “no-interruption wear”) and a five-step process for ensuring the correct dispensing of medication.
Another example concerned the exchange of patient information between nursing shifts. This used to take 45 minutes, and delayed the next shift’s contact with patients. In addition, nurses would compile and exchange information in idiosyncratic ways, potentially missing important details. The revised Nurse Knowledge Exchange is faster and more reliable, with new software and with information presented in standard formats.
Members of the Information Consultancy unit do not dictate the changes that are to be made, but work with staff as “co-designers” on change projects. This approach allows Kaiser Permanente to achieve the aim of implementing innovation and change quickly and economically.
Write
a 525- to 700-word paper in which you:
Identify processes, work units, interdepartmental committees, etc., within an organizational structure that are being evaluated by the Consultancy in order to promote a proactive approach toward change.
Discuss what barriers you perceive existed within the segments of the consortium that hindered change prior to the innovative and improvement approach that waslaunched.
Incorporate the underlying skill sets discussed in the case study. Draw upon your readings in Ch.12, “The Effective Change Manager: What Does It Take?”
Format
your paper consistent with APA guidelines.
.
read the following resources on Dr. Loïc Wacquant’s researchHabi.docxfterry1
read the following resources on Dr. Loïc Wacquant’s research:
“Habitus as Topic and Tool: Reflections on Becoming a Prizefighter”
“A Fleshpeddler at Work: Power, Pain, and Profit in the Prizefighting Economy”
“
Whores, Slaves, and Stallions: Languages of Exploitation and Accommodation Among Professional Boxers
”
“
UC’s ‘boxing sociologist’ / Combative French Professor Spent 3 Years in Ring
(Links to an external site.)
”
A Professor Who Refuses To Pull His Punches
(Links to an external site.)
Boxing Proves a Hit for French Sociologist
(Links to an external site.)
An important part of analyzing research approaches includes understanding the positive and negative aspects of varied forms of social research. Ethnography as an approach allows a researcher to immerse in a unique social world in order to experience the lives of those who live there. The most intriguing aspects of this type of qualitative research is how the researcher maintains an ethical and neutral stance, how the experience can impact them, and how they use the experience for positive social change.
In your paper, you will present the benefits of ethnographical research in terms of understanding a unique social world, as well as understanding the qualitative researcher’s role in performing and reporting on ethnographic research. You will do this through the resources provided, your own research of immersive ethnographical approaches, and also through critiquing Dr. Loïc Wacquant’s work.
In your paper, include the following sections/components:
Role of Researcher (One to two pages)
Explain the researcher’s role in qualitative research in general and specifically in an ethnographic approach.
Discuss the unique issues that researchers should be concerned about in qualitative research.
Explain the challenges researchers face in ethnographical research.
Discuss specific actions researchers can take to ensure they retain their ethical and neutral stance in performing qualitative research and reporting their qualitative research results.
Loïc Wacquant’s Research (One to two pages)
Summarize what Loïc Wacquant’s research was about.
Determine whether or not Wacquant maintained an ethical and neutral stance.
Justify the research approach Wacquant chose to take.
Explain whether or not this could have been possible with a quantitative research study.
Impact of Research (One page)
Discuss how qualitative research and, in particular, ethnographic research, can inform our understanding of unique social worlds.
Describe the potential impact of research in supporting positive social change through public policy.
The Value of Qualitative Research paper
Must be five double-spaced pages in length (not including title and references pages) and formatted according to APA style as outlined in the Writing Center’s
APA Style
(Links to an external site.)
Must include a separate title page with the following:
Title of paper
Student’s name
Course name and number
Instructor’s name
Date submitted
.
read the following resources on Dr. Loïc researchHabitus a.docxfterry1
read the following resources on Dr. Loïc : research:
“Habitus as Topic and Tool: Reflections on Becoming a Prizefighter”
“A Fleshpeddler at Work: Power, Pain, and Profit in the Prizefighting Economy”
“
Whores, Slaves, and Stallions: Languages of Exploitation and Accommodation Among Professional Boxers
”
“
UC’s ‘boxing sociologist’ / Combative French Professor Spent 3 Years in Ring (Links to an external site.)
”
A Professor Who Refuses To Pull His Punches (Links to an external site.)
Boxing Proves a Hit for French Sociologist (Links to an external site.)
An important part of analyzing research approaches includes understanding the positive and negative aspects of varied forms of social research. Ethnography as an approach allows a researcher to immerse in a unique social world in order to experience the lives of those who live there. The most intriguing aspects of this type of qualitative research is how the researcher maintains an ethical and neutral stance, how the experience can impact them, and how they use the experience for positive social change.
In your paper, you will present the benefits of ethnographical research in terms of understanding a unique social world, as well as understanding the qualitative researcher’s role in performing and reporting on ethnographic research. You will do this through the resources provided, your own research of immersive ethnographical approaches, and also through critiquing Dr. Loïc Wacquant’s work.
In your paper, include the following sections/components:
Role of Researcher (One to two pages)
Explain the researcher’s role in qualitative research in general and specifically in an ethnographic approach.
Discuss the unique issues that researchers should be concerned about in qualitative research.
Explain the challenges researchers face in ethnographical research.
Discuss specific actions researchers can take to ensure they retain their ethical and neutral stance in performing qualitative research and reporting their qualitative research results.
Loïc Wacquant’s Research (One to two pages)
Summarize what Loïc Wacquant’s research was about.
Determine whether or not Wacquant maintained an ethical and neutral stance.
Justify the research approach Wacquant chose to take.
Explain whether or not this could have been possible with a quantitative research study.
Impact of Research (One page)
Discuss how qualitative research and, in particular, ethnographic research, can inform our understanding of unique social worlds.
Describe the potential impact of research in supporting positive social change through public policy.
The Value of Qualitative Research paper
Must be five double-spaced pages in length (not including title and references pages) and formatted according to APA style as outlined in the Ashford Writing Center’s
APA Style (Links to an external site.)
Must include a separate title page with the following:
Title of paper
Student’s name
Course name and number
Ins.
Read the following quotes And answer each Part in 2 paragraphs each.docxfterry1
Read the following quotes: And answer each Part in 2 paragraphs each.
"Put yourself in the position of an up-and-coming artist living in early-sixteenth-century Italy. Now imagine trying to distinguish yourself from the other artists living in your town: Michelangelo, Raphael, Leonardo, or Titian. Is it any wonder that the Italian High Renaissance lasted only 30 years?" — Jerry Saltz
"New needs need new techniques. And the modern artists have found new ways and new means of making their statements ... the modern painter cannot express this age, the airplane, the atom bomb, the radio, in the old forms of the Renaissance or of any other past culture." — Jackson Pollock (American abstract-expressionist painter, 1912–1956)
Part 1
A renaissance in a culture can be described as a "rebirth" a "new beginning," or "resurgence." In art, some of the periods of art are considered a "renaissance" of new stylistic choices that inspired artists. However, the culture at large can also be affected by a renaissance as architects, writers, musicians and other creative professionals embrace change. After reflecting on the quotes above, discus with classmates:
What are your impressions of a "renaissance" or a "new birth" occurring in a culture?
Can you think of a renaissance that has happened in the last 20 years in art, music, technology, or education?
Part 2
What are your opinions of what can cause a renaissance?
Is it always a good thing for a culture? Why or Why not?
Is American society in a renaissance now?
References
Pollock, J. (n.d.). Retrieved from the Brainy Quote Web site: http://www.brainyquote.com/quotes/quotes/j/jacksonpol332830.html
Saltz, J. (n.d.).
Jerry Saltz quotes
. Retrieved from the Brain Quote Web site: http://www.brainyquote.com/quotes/authors/j/jerry_saltz.html
.
Read the following essay from Becoming a Critical Thinker (p. 12.docxfterry1
Read the following essay from Becoming a Critical Thinker (p. 129). Create a 3-5 page (title page and references page not included) paper in APA format to substantiate your viewpoint (pro or con as it relates to the essay). Base your paper on the W.I.S.E approach (from Becoming a Critical Thinker, Chapter 2). Look for errors in thinking and explore viewpoints that are different from those expressed in the essay. Conduct research to support your viewpoint and include three references in your paper.
How the Media Distort Reality
TV and movie apologists are forever telling us that we have no business criticizing them because they are only holding a mirror up to reality. Many people buy that explanation, but they shouldn’t.
It would be more accurate to say the media hold a magnifying glass to carefully selected realities—namely, the most outrageous and sensational events of the day, such as the tragic deaths of John F. Kennedy Jr. and Princess Diana, or the trials of celebrities such as O.J. Simpson, Kobe Bryant, and Michael Jackson.
Consider how this happens. The first platoon of media people report the latest sensational story as it unfolds, squeezing each new development for all the airtime or newsprint it will yield. Meanwhile, agents and attorneys are negotiating the sale of movie and TV rights to the story. The sleazier the story, the greater the payoff. After the movie is produced, every situation comedy, detective show, and western drama builds an episode around the successful theme.
In this way a single despicable, disgusting act—real or imagined—can generate months of sensational media fare.
In short, the media exploit our social problems for ratings, feed us a steady diet of debasing material, celebrate irresponsible behavior, and then have the audacity to blame parents and teachers for the social problems that result.
.
Read the following information and understand the content, as you .docxfterry1
Read the following information and understand the content, as you are going to be required to apply this information to three different passages:
Paul-Elder Critical Thinking Framework
Critical thinking is that mode of thinking – about any subject, content, or problem — in which the thinker improves the quality of his or her thinking by skillfully taking charge of the structures inherent in thinking and imposing intellectual standards upon them. (Paul and Elder, 2001). The Paul-Elder framework has three components; two of which we will cover this semester:
The elements of thought (Links to an external site.)Links to an external site.
The intellectual standards (Links to an external site.)Links to an external site.
According to Paul and Elder (1997), there are two essential dimensions of thinking that students need to master in order to learn how to upgrade their thinking. They need to be able to identify the "parts" of their thinking, and they need to be able to assess their use of these parts of thinking.
Elements of Thought (reasoning)
The "parts" or elements of thinking are as follows:
All reasoning has a purpose
All reasoning is an attempt to figure something out, to settle some question, to solve some problem
All reasoning is based on assumptions
All reasoning is done from some point of view
All reasoning is based on data, information and evidence
All reasoning is expressed through, and shaped by, concepts and ideas
All reasoning contains inferences or interpretations by which we draw conclusions and give meaning to data
All reasoning leads somewhere or has implications and consequences
Universal Intellectual Standards
The intellectual standards applied to these elements are used to determine the quality of reasoning. Good critical thinking requires having a command of these standards. According to Paul and Elder (1997 ,2006), the ultimate goal is for the standards of reasoning to become infused in all thinking so as to become the guide to better and better reasoning. The intellectual standards include:
Clarity
Could you elaborate?
Could you illustrate what you mean?
Could you give me an example?
Accuracy
How could we check on that?
How could we find out if that is true?
How could we verify or test that?
Precision
Could you be more specific?
Could you give me more details?
Could you be more exact?
Relevance
How does that relate to the problem?
How does that bear on the question?
How does that help us with the issue?
Depth
What factors make this difficult?
What are some of the complexities of this question?
What are some of the difficulties we need to deal with?
Breadth
Do we need to look at this from another perspective?
Do we need to consider another point of view?
Do we need to look at this in other ways?
Logic
Does all of this make sense together?
Does your first paragraph fit in with your last one?
Does what you say follow from the evidence?
Significance
Is this the most important problem to con.
Read the following excerpt from Understanding Digital Kids (DKs).docxfterry1
Read the following excerpt from "
Understanding Digital Kids (DKs): Technology & Learning in the New Digital Landscape
," an article regarding learning today:
Recently, there were two recent cover stories in Time Magazine: Their conclusion was that children today are different. In fact, based on what we now know from the neurosciences and psychological sciences, what we’re now beginning to understand is that children today are FUNDAMENTALLY different than we are in the way they think, in the way they access, absorb, interpret, process and use information, and in the way they view, interact, and communicate in the modern world because of their experiences with digital technologies. If this is the case, it holds profound implications for all of us personally and professionally (Jukes, 2008, p. 14).
Reflect on this selection and respond to the following questions:
What are your thoughts on this statement?
Do you feel today’s learner has a different way of learning than in the past? Defend your position.
In your future role, how will you use this information?
What implications does this have for your future role?
.
Read the following edited U. S. Supreme Court case regarding student.docxfterry1
Read the following edited U. S. Supreme Court case regarding student speech at a school assembly. Write a one-page legal brief based on your reading of the case. Use an abbreviated format of:
Case, Citation, Facts of the Case, Question, Rulings, Rationale, and Implications.
A sample of a case brief is located on page 28 of the Stader book.
SUPREME COURT OF THE UNITED STATES
478 U.S. 675 (1986)
Bethel School District No. 403 v. Fraser
CHIEF JUSTICE BURGER delivered the opinion of the Court.
We granted certiorari to decide whether the First Amendment prevents a school district from disciplining a high school student for giving a lewd speech at a school assembly.
I
On April 26, 1983, respondent Matthew N. Fraser, a student at Bethel High School in Pierce
County, Washington, delivered a speech nominating a fellow student for student elective office. Approximately 600 high school students, many of whom were 14-year-olds, attended the assembly. Students were required to attend the assembly or to report to the study hall.
The assembly was part of a school-sponsored educational program in self-government.
Students who elected not to attend the assembly were required to report to study hall. During the entire speech, Fraser referred to his candidate in terms of an elaborate, graphic, and explicit sexual metaphor.
Two of Fraser's teachers, with whom he discussed the contents of his speech in advance, informed him that the speech was "inappropriate and that he probably should not deliver it,"
App. 30, and that his delivery of the speech might have "severe consequences." During Fraser's delivery of the speech, a school counselor observed the reaction of students to the speech. Some students hooted and yelled; some by gestures graphically simulated the sexual activities pointedly alluded to in respondent's speech. Other students appeared to be bewildered and embarrassed by the speech. One teacher reported that, on the day following the speech, she found it necessary to forgo a portion of the scheduled class lesson in order to discuss the speech with the class.
A Bethel High School disciplinary rule prohibiting the use of obscene language in the school provides: Conduct which materially and substantially interferes with the educational process is prohibited, including the use of obscene, profane language or gestures.
The morning after the assembly, the Assistant Principal called Fraser into her office and notified him that the school considered his speech to have been a violation of this rule. Fraser was presented with copies of five letters submitted by teachers, describing his conduct at the assembly; he was given a chance to explain his conduct and he admitted to having given the speech described and that he deliberately used sexual innuendo in the speech. Fraser was then informed that he would be suspended for three days, and that his name would be removed from the list of candidates for graduation speaker at the school's commencement e.
Read the following case study to inform the assignmentCase Stud.docxfterry1
Read the following case study to inform the assignment:
Case Study: April
Grade: 4th
Age: 9
April is a fourth grader with a language impairment, but no physical impairment. Her performance on norm-referenced measures is 1.5 standard deviations below the mean for her chronological age. April has good decoding skills, but has difficulty with reading comprehension, semantics, and morphological processing. One accommodation that is prescribed in the IEP is the use of visual cues to support comprehension when learning new skills. She lacks organizational skills for writing and struggles with word choice. She receives services from a speech and language pathologist who is working with her on understanding word parts, vocabulary, and multiple meanings of words. You instruct April in a resource classroom with five other fourth grade students who also struggle with reading and written expression.
Communication goals in IEP:
April will identify at least five key content vocabulary words from an assigned reading using text with Mayer-Johnson symbols in Proloquo2go software and text to speech software with 90% accuracy over 10 consecutive trials.
April will write a definition for up to five key content vocabulary words from an assigned reading with 90% accuracy on a rubric over 10 consecutive trials.
April will use up to five key content vocabulary words in written sentences that use the word correctly in context, and include correct spelling, punctuation, and grammar with 90% accuracy over 10 consecutive trials.
Part 1: 3 Day Unit Plan
Use the “3 Day Unit Plan Template” located on the College Education site in the Student Success Center to complete this assignment.
Create an English language arts (ELA) unit plan for your resource classroom based on Arizona or your state’s ELA fourth grade literacy standards specific to vocabulary acquisition and use. Include the following in the unit plan:
Strategies to enhance students’ language development and communication skills in the Multiple Means of Representation section.
Strategies and technologies that encourage student engagement and the development of critical thinking and problem-solving skills in the Multiple Means of Engagement section.
Using details from the case study, address April’s needs in the Differentiation sections of the Multiple Means of Representation, Multiple Means of Engagement, and Multiple Means of Expression.
Specifically, incorporate the following into the unit plan to meet April’s needs:
The use of the AAC systems and assistive technologies planned in April’s goal to support her communication and learning.
Differentiated formative and summative assessments that measure April’s progress on the IEP goals in Part 1.
Part 2: Rationale
Provide a 250-500 word rationale that explains:
Why the instructional choices specifically meet April’s needs.
How the selected augmentative and alternative communication systems assistive technology used in the lesson plan is app.
Read the following Case Study and Answer the questions that follow..docxfterry1
Read the following Case Study and Answer the questions that follow.
Mr. Munoz is a struggling young actor in Chicago who has battled alcoholism since approximately the age of 13 years.
“There was a lot of fighting in our house when I was growing up,” he says. “Entering my middle school years, it just got worse,” he says. Mr. Munoz’s parents had violent fights. Although they were both very supportive of him, he cannot remember when they ever really got along.
Still, Mr. Munoz was able to get through early adolescence as an honors student and starred on both the debate team and his school’s drama club. He even starred in an elaborate production of Shakespeare’s
Richard III.
“In our school,” he says, “if you were a drama club kind of kid instead of an athlete, you really had to prove yourself to be a real man to avoid getting picked on. I did that by drinking. We had lots of ways to sneak booze into the places we met, and it was kind of exciting at first. You’re 15 years old, you’re outside on a starry night in a big city, you’re with your friends, and there’s plenty of alcohol. It makes you feel like a big man.”
Unfortunately, his parents never seemed to notice; therefore, Mr. Munoz never got help or encouragement to stop.
“After high school, my stress—and the reasons I gave myself for drinking—got worse. Those good grades got me partial scholarships to some local colleges—but mostly for drama awards, which suited me fine. But when my parents found out I wanted to be an actor, they freaked out.”
When Mr. Munoz refused to pursue prelaw, as his parents insisted, they withdrew all financial (and emotional) support, and they dissolved their marriage and household at the same time.
“It wasn’t all bad,” Mr. Munoz says. “I used the best partial scholarship, stayed local, living with friends, and we all went to school part time and worked part time—mostly in bars. The party just sort of—yeah—continued.”
Fourteen years later, Mr. Munoz is well known enough to “make a decent living” as an actor, teaching workshops on the side and waiting tables in the lean times. Half of his friends are now married and no longer trying to pursue acting.
“As the loneliness has increased, so has my drinking,” he says. “I mean, I have friends, but I never married, so those old days are just gone. I never made it to the New York stage as I’d dreamed, so all I have of those old party days is the alcohol. Only the alcohol has remained available. It tastes like nostalgia, you know?”
Because he started so young and because alcohol has played such a central role in his life, for the past 2 years, Mr. Munoz has already begun battling early stages of cirrhosis.
“I sort of didn’t expect this until old age,” he says with a sad smile. “Imagine my shock.”
He tells the nurse that he has not had a drink for 4 months.
1. Mr. Munoz was initially treated with neomycin, followed by lactulose. “The lactulose has worked better for me,” he says, “but it has some side effect.
Read the following article Silence Is Never Neutral; Neither .docxfterry1
Read the following article
"Silence Is Never Neutral; Neither Is Science".
What claims are being made about the intersections of racism, research, and science? Have you heard about Henrietta Lacks (HeLa cells), James Marion Sims' research, or the Tuskegee experiments? Eugenics? What other historical or contemporary connections can you make?
Have you seen the movie
Get Out?
What connections can be made between the film and scientific racism?
.
Read the following background on the time periods and societie.docxfterry1
Read the following background on the time periods and societies in which Freud and Rogers lived.
Sigmund Freud
lived in a time of change that included a catastrophic world war that set the stage for an even bigger world war. Ten years after Freud’s birth in 1856, Austria went to war with Prussia in Germany. The result was the formation of the Austro-Hungarian Empire, which would expand and then disintegrate in the next 50 years. Freud was born into a wealthy, Jewish family and lived most of his life in Vienna, the Austrian capital. He would have been fully aware of the forces that marked profound changes in the 19th and early 20th centuries. He saw nationalist movements that destabilized the Austro-Hungarian Empire. World War I in 1914 was triggered by the assassination of Archduke Franz Ferdinand, the heir to the Austro-Hungarian throne. Consider that of the 7.8 million Austro-Hungarian forces that fought in the war, 90 percent (7.02 million) were causalities—killed, wounded, missing, or taken prisoner. (See the Optional Resource, WWI Casualty, and Death Tables, for these and additional statistics.) Freud also witnessed the rise of communism and fascism in Europe. When he died on September 23, 1939, Nazi Germany had invaded Poland and World War II had begun. As a Jew, he had left Vienna for England, where he died, to escape the Nazi threat. In comparison to the technology in the modern coffee shop, photography developed greatly in his lifetime, and the telephone was invented. But there were no computers or Internet or anything close to them. Telephones were not portable. And while there were hand-held cameras, they were nothing like the cell phone features of today.
The Learning Resources on
Carl Rogers
provide background on his life. Note that he spent much of his early life living on a farm in the U.S. Midwest—the opposite environment from Freud’s urban setting in a major European capital—and initially went to college to study agriculture and then the ministry before becoming a psychologist. Born at the start of the 20th century in 1902, Rogers witnessed tremendous change and development in his lifetime. He was 14 when World War I began and 37 at the start of World War II, from which America emerged as a major world power. He witnessed the Nuclear Age and its arms race, and the Cold War between the U.S. and the Soviet Union for nearly 50 years following World War II. He also saw the Civil Rights Movement and the Women’s Movement in the United States. In terms of technology, when he died in 1987, there were digital cameras, mobile phones, and laptop computers, although not of the convenient size, speed, and multiple features of current devices. The Internet was in primitive use, although social sites like Facebook had not yet been founded.
Reflecting on the settings in which Freud and Rogers lived and how they might view the following behaviors, choose one of these behaviors as the focus of your discussion
Post
a response .
Read the following belowStudents will choose a topic from the.docxfterry1
Read the following below:
Students will choose a topic from the HIST 1301 course and create a digital historical timeline project on ClioVis.
Topics for this course can include but not limited to Indigenous Groups, European Colonization, Early American Slavery, American Revolution, Westward Expansion, the U.S. War with Mexico, the Antebellum South, and the Civil War.
Directions:
Part 1:
1. Create a ClioVis Account.
(User name is ssimo03 ) (PW is
[email protected]
#QWE )
2. Create a Project, Title it, and add a brief (3 sentence) preliminary project description by following the YouTube Link on Blackboard.
(instructions on how to do that in link: https://www.youtube.com/watch?v=ZjieZbKJhUI&feature=youtu.be)
.
Read the following articlesCensoring Student Newspapers An O.docxfterry1
Read the following articles:
Censoring Student Newspapers: An Overview
Student Newspapers Are Part of a Curriculum, Not Forums for Free Speech
School Administrators Have No Right to Censor Student Newspapers
Choose either of the two following arguments:
School newspapers should be subject to censorship by faculty and/or school officials.
Or
School newspapers should have full First Amendment freedoms.
Compose a short (1-2 page) essay addressing your chosen argument.
Use any information you find valid to support your side.
Use
evidence
and
reason
to support your argument.
Avoid emotional appeals as much as possible.
Write your essay in a Word document. Be sure to proofread for grammar and spelling. Include at least two sources in addition to those provided above. Add your sources in APA formatting on a separate page.
.
Read the following article, and answer the questions. (Upload a file.docxfterry1
Read the following article, and answer the questions. (Upload a file with your answers before the submission deadline.)
Cinelli G, Tollefsen T, Bossew P, et al. Digital version of the European Atlas of natural radiation.
J Environ Radioact
. 2019;196:240-252. doi:10.1016/j.jenvrad.2018.02.008
Digital version of the European Atlas of natural radiation.pdf
Question 1:
Visit the website of the European Atlas of Natural Radiation:
https://remon.jrc.ec.europa.eu/About/Atlas-of-Natural-Radiation (Links to an external site.)
Use EURDEP’s Gamma Dose Rates Advanced Map (listed under Real-Time Monitoring) to find the gamma dose rates in the following cities:
Copenhagen
London
Paris
Rome
Warsaw
Moscow
Identify the cities with the highest and lowest dose rates. How many fold do they differ?
Question 2:
Examine the Annual Cosmic Ray Dose Map.
Where are some of the highest hotspots for cosmic radiation exposure in Europe?
Why is Norway’s cosmic radiation exposure so much higher than its neighboring country, Denmark?
Question 3:
Examine the European Indoor Radiation Map.
Which small Central European country seems to have the lowest indoor radon levels?
How does this country’s indoor radon levels compare with the World Health Organization’s recommended concentration limit for indoor radon?
One might guess that this country’s lung cancer rate is among the lowest in Europe. Is it?
Question 4:
Compare the Indoor Radon Concentration Map to the Uranium in Soil Map.
Are there any correlations between the two maps? Describe and explain.
.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
Read the Cyber Risk Report 2015 – Executive Summary and Report Pre.docx
1. Read the Cyber Risk Report 2015 – Executive Summary and
Report Preview the document (Hewlett Packard, 2015), and the
article Surveillance programs may cost US tech over $35 billion
and its competitive edge (Taylor, 2015).
http://www.techrepublic.com/article/report-surveillance-
programs-may-cost-us-tech-over-35-billion-and-its-competitive-
edge/ (Links to an external site.) Links to an external site.
Write a paper in APA format answering the following questions
- Minimum Two Pages:
1.What were the top threats of 2014?
2.What threats do you think the future holds?
References
Hewlett Packard. (2015). HP Cyber Risk Report 2015. Hewlett-
Packard Development Company, L.P.
Taylor, B. (2015, June 29). Report: Surveillance programs may
cost US tech over $35 billion and its competitive edge.
Retrieved from TechRepublic:
http://www.techrepublic.com/article/report-surveillance-
programs-may-cost-us-tech-over-35-billion-and-its-competitive-
edge/
Read the Cyber Risk Report 2015
–
Executive
Summary and Report
Preview the document
(Hewlett Packard, 2015), and the article Surveillance programs
may cost US tech over $35
billion and its competitive edge (Taylor, 2015).
http://www.techrepublic.com/article/report
-
3. 2.What threats do you think the future holds?
References
Hewlett Packard. (2015). HP Cyber Risk Report 2015. Hewlett
-
Packard Development Company,
L.P.
Taylor, B. (2015, June 29). Report: Surveillance programs may
cost US tech over $35 billion and
its co
mpetitive edge. Retrieved from TechRepublic:
http://www.techrepublic.com/article/report
-
surveillance
-
programs
-
may
-
cost
-
us
-
tech
-
over
-
35
-
billion
-
and
-
4. its
-
competitive
-
edge/
Read the Cyber Risk Report 2015 – Executive Summary and
Report Preview the document
(Hewlett Packard, 2015), and the article Surveillance programs
may cost US tech over $35
billion and its competitive edge (Taylor, 2015).
http://www.techrepublic.com/article/report-surveillance-
programs-may-cost-us-tech-over-35-
billion-and-its-competitive-edge/ (Links to an external site.)
Links to an external site.
Write a paper in APA format answering the following questions
- Minimum Two Pages:
1.What were the top threats of 2014?
2.What threats do you think the future holds?
References
Hewlett Packard. (2015). HP Cyber Risk Report 2015. Hewlett-
Packard Development Company,
L.P.
Taylor, B. (2015, June 29). Report: Surveillance programs may
cost US tech over $35 billion and
its competitive edge. Retrieved from TechRepublic:
http://www.techrepublic.com/article/report-surveillance-
programs-may-cost-us-tech-over-35-
billion-and-its-competitive-edge/
Watch the following 4 Ted Talks (links below).
1.http://www.ted.com/talks/edward_snowden_here_s_how_we_t
ake_back_the_internet (Links to an external site.)Links to an
external site.
2.http://www.ted.com/talks/richard_ledgett_the_nsa_responds_t
o_edward_snowden_s_ted_talk/transcript?language=en (Links
5. to an external site.)Links to an external site.
3.http://www.ted.com/talks/mikko_hypponen_how_the_nsa_betr
ayed_the_world_s_trust_time_to_act/transcript?language=en#t-
16216 (Links to an external site.)Links to an external site.
4.https://www.ted.com/talks/mikko_hypponen_three_types_of_o
nline_attack (Links to an external site.)Links to an external site.
Create a PowerPoint presentation on ONE of the topics below to
explain your position on the subject. You have to convince your
audience that you are the expert on the subject. The PowerPoint
will be at least five (5) slides not including the Title and
Reference pages. You need to include a Reference page on
where you researched your material.
1. What is government surveillance?
2. Is it essential to National security or a violation of my
privacy?
3. Is Mr. Edward Snowden a traitor to the United States or a
hero for exposing what the NSA was doing with the public's
personal data?
Watch the following 4 Ted Talks (links below).
1.
http://www.ted.com/talks/edward_snowden_here_s_how_we_tak
e_back_the_internet
(Links to an external site.)Links to an external site.
2.
http://www.ted.com/talks/richard_ledgett_the_nsa_responds_to_
edward_snow
den_s_ted_t
alk/transcript?language=en
(Links to an external site.)Links to an external site.
6. 3.
http://www.ted.com
/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_tru
st_ti
me_to_act/transcript?language=en#t
-
16216
(Links to an external site.)Links to an external site.
4.
https:
//www.ted.com/talks/mikko_hypponen_three_types_of_online_a
ttack
(Links to an
external site.)Links to an external site.
Create a PowerPoint presentation on
ONE
of the topics below to explain your position on the
subject. You have to convince your audience
that you are the expert on the subject. The
PowerPoint will be at least five (5) slides not including the
Title and Reference pages. You need
to include a Reference page on where you researched your
material.
1. What is government surveillance?
2. Is it
essential to National security or a violation of my privacy?
7. 3. Is Mr. Edward
Snowden a traitor to the United States or a hero for exposing
what the NSA
was doing with the public's personal data?
Watch the following 4 Ted Talks (links below).
1.http://www.ted.com/talks/edward_snowden_here_s_how_we_t
ake_back_the_internet
(Links to an external site.)Links to an external site.
2.http://www.ted.com/talks/richard_ledgett_the_nsa_responds_t
o_edward_snowden_s_ted_t
alk/transcript?language=en (Links to an external site.)Links to
an external site.
3.http://www.ted.com/talks/mikko_hypponen_how_the_nsa_betr
ayed_the_world_s_trust_ti
me_to_act/transcript?language=en#t-16216 (Links to an external
site.)Links to an external site.
4.https://www.ted.com/talks/mikko_hypponen_three_types_of_o
nline_attack (Links to an
external site.)Links to an external site.
Create a PowerPoint presentation on ONE of the topics below to
explain your position on the
subject. You have to convince your audience that you are the
expert on the subject. The
PowerPoint will be at least five (5) slides not including the
Title and Reference pages. You need
to include a Reference page on where you researched your
material.
1. What is government surveillance?
2. Is it essential to National security or a violation of my
privacy?
3. Is Mr. Edward Snowden a traitor to the United States or a
8. hero for exposing what the NSA
was doing with the public's personal data?
Brochure
Cyber Risk Report 2015
HP Security
Research
Introduction
Welcome to the HP Cyber Risk Report 2015. In this report we
provide a broad view of the 2014 threat landscape, ranging
from industry-wide data down to a focused look at different
technologies, including open source, mobile, and the Internet
of Things. The goal of this Report is to provide security
information leading to a better understanding of the threat
landscape, and to provide resources that can aid in minimizing
security risk.
Editors’ note: While our previous Cyber
Risk Reports were numbered according
to the year of data covered (e.g., “Cyber
Risk Report 2013” was released in
2014), we are updating our numbering
convention to match industry practices.
It is my pleasure to welcome you to our 2015 Cyber Risk
Report. HP Security Research publishes many documents
throughout the year detailing our research and findings, but our
annual Risk Report stands slightly removed from the
9. day-to-day opportunities and crises our researchers and other
security professionals face.
A look back at security developments over the course of a full
year serves an important purpose for those charged with
shaping enterprise security responses and strategies. In the wake
of the significant breaches of 2014, I believe it’s more
important than ever that our cyber security research team
continues to provide an elevated perspective on the overall
trends
in the marketplace.
The global economic recovery continued this year, and it was
probably inevitable that as businesses rebounded, the security
challenges facing them became more complex. Enterprises
continued to find inexpensive access to capital; unfortunately,
so did adversaries, some of whom launched remarkably
determined and formidable attacks over the course of the year
as
documented by our field intelligence team.
Our researchers saw that despite new technologies and fresh
investments from both adversaries and defenders alike, the
security realm is still encumbered by the same problems—even
in some cases by the very same bugs—that the industry
has been battling for years. The work of our threat research and
software security research teams revealed vulnerabilities
in products and programs that were years old—in a few cases,
decades old. Well-known attacks were still distressingly
effective, and misconfiguration of core technologies continued
to plague systems that should have been far more stable and
secure than they in fact proved to be.
We are, in other words, still in the middle of old problems and
known issues even as the pace of the security world quickens
around us. Our cyber security research team has expanded over
10. the course of the year, and so has this Risk Report, both
covering familiar topics in greater depth and adding coverage of
allied issues such as privacy and Big Data. In addition, our
people work to share their findings and their passion for
security and privacy research with the industry and beyond.
This
Risk Report is one form of that; our regular Security Briefings
and other publications are another form, and we hope to
remain in touch with you throughout the year as themes
presented in this Report are developed in those venues.
Security practitioners must ready themselves for greater public
and industry scrutiny in 2015, and we know that threat
actors—encouraged by public attention paid to their actions—
will continue their attempts to disrupt and capitalize on bugs
and defects. The HP Security Research group continues to
prepare for the challenges the year will doubtless pose, and also
intends to invest in driving our thought leadership inside the
security community and beyond it.
Art Gilliland
SVP and General Manager, Enterprise Security Products
HP Security Research | Cyber Risk Report 2015
Table of contents
2 Introduction
4 About HP Security Research
4 Our data
11. 4 Key themes
6 The security conversation
8 Threat actors
8 Nation-state supported activity
12 The cyber underground
12 Conclusion
13 Vulnerabilities and exploits
15 Weaknesses in enterprise middleware
15 Vulnerability and exploits trends in 2014
(Windows case)
18 Malware and exploits
18 Top CVE-2014 numbers collected in 2014
19 Top CVE-2014 for malware attacks
20 Top CVE numbers seen in 2014
22 Defenders are global
23 Conclusion
24 Threats
24 Windows malware overview
27 Notable malware
12. 29 Proliferation of .NET malware in 2014
31 ATM malware attacks
32 Linux malware
34 Mobile malware
35 Android anti-malware market
36 Top Android malware families in 2014
36 Notable Android malware in 2014
39 Conclusion
40 Risks: Spotlight on privacy
42 Exposures
42 Emerging avenues for compromise:
POS and IoT
42 The evolution of POS malware
46 The Internet of Things
49 Conclusion
49 Controls
50 Distribution by kingdom
52 Breakdown of top five Web application
vulnerabilities
13. 53 Top 10 Web application vulnerabilities
55 Breakdown of the top five mobile
application vulnerabilities
56 Top 10 mobile application vulnerabilities
58 Open source software dependencies
61 The Heartbleed effect
63 Remediation of static issues
65 Conclusion
66 Summary
68 Authors and contributors
69 Glossary
HP Security Research | Cyber Risk Report 2015
4
HP Security Research | Cyber Risk Report 2015
About HP Security Research
HP Security Research (HPSR) conducts innovative research in
multiple focus areas. We deliver
security intelligence across the portfolio of HP security
products including HP ArcSight, HP
14. Fortify, and HP TippingPoint. In addition, our published
research provides vendor-agnostic
insight and information throughout the public and private
security ecosystems.
Security research publications and regular security briefings
complement the intelligence
delivered through HP products and provide insight into present
and developing threats. HPSR
brings together data and research to produce a detailed picture
of both sides of the security
coin—the state of the vulnerabilities and threats comprising the
attack surface, and, on the flip
side, the ways adversaries exploit those weaknesses to
compromise victims. Our continuing
analysis of threat actors and the methods they employ guides
defenders to better assess risk
and choose appropriate controls and protections.
Our data
To provide a broad perspective on the nature of the attack
surface, the report draws on data
from HP security teams, open source intelligence,
ReversingLabs, and Sonatype.
Key themes
Theme #1: Well-known attacks still commonplace
Based on our research into exploit trends in 2014, attackers
continue to leverage well-
known techniques to successfully compromise systems and
networks. Many vulnerabilities
exploited in 2014 took advantage of code written many years
ago—some are even decades
old. Adversaries continue to leverage these classic avenues for
15. attack. Exploitation of widely
deployed client-side and server-side applications are still
commonplace. These attacks are
even more prevalent in poorly coded middleware applications,
such as software as a service
(SaaS). While newer exploits may have garnered more attention
in the press, attacks from
years gone by still pose a significant threat to enterprise
security. Businesses should employ
a comprehensive patching strategy to ensure systems are up to
date with the latest security
protections to reduce the likelihood of these attacks succeeding.
Theme #2: Misconfigurations are still a problem
The HP Cyber Risk Report 2013 documented how many
vulnerabilities reported were related to
server misconfiguration. The trend is very similar again in
2014, with server misconfiguration
being the number-one issue across all analyzed applications in
this category. Our findings
show that access to unnecessary files and directories seems to
dominate the misconfiguration-
related issues. The information disclosed to attackers through
these misconfigurations provides
additional avenues of attack and allows attackers the knowledge
needed to ensure their other
methods of attack succeed. Regular penetration testing and
verification of configurations by
internal and external entities can identify configuration errors
before attackers exploit them.
Theme #3: Newer technologies, new avenues of attack
As new technologies are introduced into the computing
ecosystem, they bring with them new
attack surfaces and security challenges. This past year saw a
rise in the already prevalent
16. mobile-malware arena. Even though the first malware for
mobile devices was discovered a
decade ago, 2014 was the year when mobile malware stopped
being considered just a novelty.
Connecting existing technologies to the Internet also brings
with it a new set of exposures.
Point-of-sale (POS) systems were a primary target of multiple
pieces of malware in 2014. As
physical devices become connected through the Internet of
Things (IoT), the diverse nature
of these technologies gives rise to concerns regarding security,
and privacy in particular. To
help protect against new avenues of attack, enterprises should
understand and know how to
mitigate the risk being introduced to a network prior to the
adoption of new technologies.
HP Security Research | Cyber Risk Report 2015
5
Theme #4: Gains by determined adversaries
Attackers use both old and new vulnerabilities to penetrate all
traditional levels of defenses.
They maintain access to victim systems by choosing attack tools
that will not show on the
radar of anti-malware and other technologies. In some cases,
these attacks are perpetrated by
actors representing nation-states, or are at least in support of
nation-states. In addition to the
countries traditionally associated with this type of activity,
newer actors such as North Korea
were visible in 2014. Network defenders should understand how
events on the global stage
17. impact the risk to systems and networks.
Theme #5: Cyber-security legislation on the horizon
Activity in both European and U.S. courts linked information
security and data privacy more
closely than ever. As legislative and regulatory bodies consider
how to raise the general level
of security in the public and private spheres, the avalanche of
reported retail breaches in 2014
spurred increased concern over how individuals and
corporations are affected once private data
is exfiltrated and misused. The high-profile Target and Sony
compromises bookended those
conversations during the period of this report. Companies
should be aware new legislation and
regulation will impact how they monitor their assets and report
on potential incidents.
Theme #6: The challenge of secure coding
The primary causes of commonly exploited software
vulnerabilities are consistently defects,
bugs, and logic flaws. Security professionals have discovered
that most vulnerabilities stem
from a relatively small number of common software
programming errors. Much has been
written to guide software developers on how to integrate secure
coding best practices into
their daily development work. Despite all of this knowledge, we
continue to see old and
new vulnerabilities in software that attackers swiftly exploit. It
may be challenging, but it is
long past the time that software development should be
synonymous with secure software
development. While it may never be possible to eliminate all
code defects, a properly
implemented secure development process can lessen the impact
18. and frequency of such bugs.
Theme #7: Complementary protection technologies
In May 2014, Symantec’s senior vice president Brian Dye
declared antivirus dead1 and the
industry responded with a resounding “no, it is not.” Both are
right. Mr. Dye’s point is that AV
only catches 45 percent of cyber-attacks2—a truly abysmal rate.
In our review of the 2014
threat landscape, we find that enterprises most successful in
securing their environment
employ complementary protection technologies. These
technologies work best when paired
with a mentality that assumes a breach will occur instead of
only working to prevent intrusions
and compromise. By using all tools available and not relying on
a single product or service,
defenders place themselves in a better position to prevent,
detect, and recover from attacks.
1 http://online.wsj.com/news/article_email/SB100
014240527023034171045795421402358
50578-lMyQjAxMTA0MDAwNTEwNDUyWj.
2 http://securitywatch.pcmag.com/
security/323419-symantec-says-antivirus-is-
dead-world-rolls-eyes.
1001010 10
01001010 100
101001 0101
010 010111
http://online.wsj.com/news/article_email/SB1000142405270230
3417104579542140235850578-
lMyQjAxMTA0MDAwNTEwNDUyWj
19. http://online.wsj.com/news/article_email/SB1000142405270230
3417104579542140235850578-
lMyQjAxMTA0MDAwNTEwNDUyWj
http://online.wsj.com/news/article_email/SB1000142405270230
3417104579542140235850578-
lMyQjAxMTA0MDAwNTEwNDUyWj
6
HP Security Research | Cyber Risk Report 2015
The security conversation
Reflecting on the 2014 threat landscape we undertook a broad
top-level look at public security
research and analysis published in 2014, using key word
analytics targeting specific concepts.
As befitting a look at high-profile trends, our data was drawn
strictly from sources available on
the public Internet. The first set of data was drawn from the
press covering the industry as well
as other sources. We drew the second set from content presented
at industry conferences such
as BlackHat, DefCon, and Virus Bulletin. The yearly Cyber
Risk Report is time-bound and so we
resolved to do a time-oriented analysis.
Working within that dataset, we analyzed two sets of terms for
their frequency of appearance.
The first set, the key words, are the security-associated words
more familiar to a general
audience; for instance, attack, threat, or targeted. These terms
are also more likely to appeal to
headline writers, because what they lack in specificity they
make up for in brevity and “oomph.”
20. The second set, the key phrases, describe more granular and
complex concepts that tend to
be used mainly by security practitioners. Exploit kit and C&C
server are two examples of key
phrases. This distinction allowed us to approach the data in a
progression from less to more
specificity. Between the two, we started our analysis with
approximately 10,000 words and
phrases we found to be of interest.
Our first dive, “total 2014+2013,” looked at which topics rose
and fell in the English-language
trade press over the last 24 months. If we assume that trade
journalism is a good mirror of
what’s actually happening in the real security world, it should
follow that the frequency of key
words and key phrases in the press is a good indicator of what
those in the industry are
thinking about.
One of the strengths of Big Data is its predictive power. From
our 2013+2014 results, we made
linear extrapolations to see what might lie ahead in 2015,
assuming that what is rising will
continue to rise and what is falling will continue to fall.
Our analysis indicated that breaches and malware were
weighing heavily on our minds in 2014.
“Malware” itself was the top key word of 2014 (and of 2013),
outstripping even “security” as
a favored key word and making bold progress among security
practitioners as part of the
key phrase “malware family.” Key phrase analysis indicated
that conversation about mobile
malware, particularly Android malware, was rising even as the
more neutral phrase “mobile
21. devices” fell. The efficacy of anti-malware software was
debated in 2014, but the analysis
indicates that malware as a hot topic isn’t going anywhere
anytime soon.
Digging a bit deeper, we returned to our lists of key words and
key phrases and asked who
“won” 2014—the good guys, the bad guys, or no one in
particular. At this point human
intervention was necessary, and we hand-sorted terms into
categories of “good guys,” “bad
guys,” and “neutral” in order to perform categorical analysis as
to whether attackers or
defenders were better represented over the course of the year.
We found that security experts’ view of the world may in fact
be a bit dimmer than that of the
general public. Though the public (as seen through our key
words) was concerned about things
such as malware (#1 on their list), attacks (#3), and exploits
(#5), by and large consumers
seemed to use fairly neutral terms when diving into security-
related topics online.
The pros, on the other hand, are a skeptical lot. We classified
nearly half of the most popular key
phrases as negative in tone. The value-neutral “operating
system” led the pack, but after that
the misery began with “targeted attacks” (#2), “exploit kit”
(#3), “social engineering” (#5), and
“C&C server” (#6) and continued from there. Interestingly, the
key phrase “security researchers”
nearly doubled in usage between 2013 and 2014, while the more
familiar term key word
“hackers” turned in steady usage numbers and barely
outperformed the longer phrase.
22. “Malware” was the
top key word of 2014, outstripping even
“security” as a favored key word
HP Security Research | Cyber Risk Report 2015
7
Of course, one can always argue that the bad guys get more
attention because they are bad, and
that it is merely human nature to take an interest in things that
might be harmful. But, we asked
ourselves, do people actually learn anything from all the
excitement? Once again we turned to
our data, asking which breaches and vulnerabilities caused the
most excitement in 2014.
We saw human nature at work—particularly the parts of human
nature easily bored when the
same thing (or nearly the same thing) happens repeatedly, as
well as the parts that like looking
at unclothed people. Our comparison of four high-profile
breaches (Target, Home Depot,
Goodwill, and the theft of certain celebrity photos from Apple’s
iCloud service) indicated that
the photo scandal utterly dwarfed the others in public interest.
More interestingly, of the other
three breaches, Target (chronologically the first of the four)
garnered the most attention, even
though each of the remaining two were similar in either size
(Home Depot) or demographic
(Goodwill). Discussion of Target during the 2014 holiday
season—a full year after the initial
23. attack—far outstripped that of the other breaches. We expected
to see that Target had raised
consciousness about breaches; instead, a sort of burnout
appeared to take place, with press
paying less attention to subsequent events but looping back near
the anniversary of the original
breach to reflect.
[Editors’ note: As noted, our data was gathered and analyzed
during the first eleven months
of 2014. Ironically, at the time we were putting the Report
together for publication, the Sony
breach dominated not only tech but entertainment and political
headlines. We have no doubt
that with all that going on it would have posted some impressive
numbers, but we concluded
that far too much was in motion to provide a fair assessment of
its impact for this Report.]
Despite the strong showing of malware and related terms, we
found that the Internet as a whole
took more interest in specific breaches than in specific
vulnerabilities. Heartbleed, the most-
referenced vulnerability of the year by several orders of
magnitude, barely garnered the level
of interest attracted by a moderately attention-getting breach
such as that of JPMorgan Chase,
and nothing like that of a Home Depot or a Target. In turn,
Target at its most interesting was
put in the shade by the celebrity-photo story. We did note that
the photo story caused interest
in celebrity photos themselves to spike, causing references to
such things to spike by about a
third.
What can security practitioners learn from this exercise? Where
24. might one go with a Big Data-
fueled analysis of security trends? One obvious path would be
to deep-dive in tech-support
threads and other venues where bugs are described, in search of
reports that are not just
bugs but probable security holes. At the moment, such forums
can be useful reading to canny
researchers, but the signal-to-noise ratio is poor; introducing
efficiencies into sifting that data
could be fruitful and might help companies with popular
software to spot potential trouble
before it spots them. Taking a more proactive tack, robust data
analysis is already a powerful
tool in the hunt to sift actual attacks from the avalanche of
noise the average network’s
parameter defense “hear” every day. As the security industry
waits for automated security data
exchange platforms to truly come to life, data analysis can
provide us what those not-yet-viable
systems cannot.
On the other end of the complexity spectrum, as we considered
the possibilities for this Risk
Report, one of our colleagues noted with disgust that some
journalists seem to treat Google’s
search-autocomplete function as some sort of Big Data-driven
hivemind oracle. However, what
makes for lazy journalism can provide an excellent reminder of
the foundational questions at
the base of security practitioners’ work:
Indeed. As we present our analyses of the threat landscape
throughout this Report, we are
reminded that what we examine, decide, and do is important.
And a management problem.
25. And, truly, so important.
8
HP Security Research | Cyber Risk Report 2015
Threat actors
2014 saw a shift in how technology was used in local and
regional uprisings. Though hacktivism
can be said to have declined—prompted by a decrease in
anonymous activity following
several high-profile arrests3—we saw an increase in the
malicious use of technology both in
and against protests. Attackers, reportedly from China, used
remote access Trojans (RATs)
masquerading as custom Android apps against protesters in
Hong Kong.4 Attackers also
reportedly intercepted Apple iCloud traffic to collect usernames
and passwords.5 Elsewhere,
the TOR network was hacked by unknown entities and its users
were identified.6 As we closed
the editing cycle for this Report, a massive data breach
involving Sony Pictures Entertainment
captivated world attention, though the provenance of that attack
was unclear at press time.7
Attacks originating from groups based in China continued to
target Western interests. Although
historically these groups have focused on intellectual property
theft, we observed a change
in targets this year to focus on identity information as well. One
high-profile example involved
Community Health Systems, which disclosed a breach allegedly
by a China-based group known
26. as APT 18. In that breach, the Social Security numbers and
other personal information of 4.5
million patients was compromised.8 This was the largest loss of
patient data since the U.S.
Department of Health and Human Services began keeping
records of breaches in 2009.8
Adversaries acted quickly when observed: Mandiant reported
that APT1, on which it had
published an initial report one year before, immediately
abandoned the command-and-control
(C2) structure described in that report and set up a new one.9
2014 saw an increased response to this type of attacker group.
In May 2014 the U.S. Justice
Department charged five officers in Unit 61398 of the Third
Department of the Chinese People’s
Liberation Army (PLA) with hacking into U.S. entities for the
purpose of intellectual property
theft.10 In October, Novetta published reports on a cyber-
espionage interdiction operation
(referred to as Operation SMN), in which Novetta worked with
U.S. security partners to take
down 43,000 installations of tools used by a group called
Axiom. It identified similarities in
attacks seen as far back as Operation Aurora that could be
attributed to this group. Evidence
suggests that this group targeted organizations in China in
addition to those in the West.11
International law enforcement agencies increasingly worked
together as well. In May Europol
and the FBI conducted raids targeting users of the Blackshades
RAT.12 13 The same month, an
international effort identified the leader of a group responsible
for the notorious Gameover
Zeus botnet and CryptoLocker, leading to the dismantling of
27. those networks.14 In November,
agencies from 16 European countries, along with representatives
from the United States,
took down over 400 hidden services on the dark Web, including
many carding and illegal
drug markets.15
Nation-state supported activity
In 2014, we examined the state-sponsored or state-condoned
cyber activity of actors in nations
including Iran and North Korea. Among those nations we found
three different levels of state
involvement in cyber activity: indirect operational involvement,
direct operational involvement,
and condoning with plausible deniability of operational
involvement. The degree of apparent
state involvement was derived based on several factors,
including:
• Evidence of state sponsorship of actor training
• The nation’s cyber warfare infrastructure, capabilities, or
doctrine
• The nation’s cyber laws
• Threat actor group ties to government or military entities
3 http://www.wired.com/2014/06/anonymous-
sabu/.
4 https://www.lacoon.com/chinese-government-
targets-hong-kong-protesters-android-mrat-
spyware/.
29. 15 https://www.europol.europa.eu/content/global-
action-against-dark-markets-tor-network.
HP Security Research | Cyber Risk Report 2015
9
Iran
In HP Security Briefing Episode 11,16 we presented our
findings on threat actors operating within
the Islamic Republic of Iran. Iran’s cyber doctrine pivots on the
belief that “The cyber arena is
actually the arena of the Hidden Imam”17 and relies heavily on
warfare tactics.18 In November of
2010, Iran’s Passive Civil Defense Organization announced a
plan to recruit hackers for a “soft
war” in cyberspace.19 On February 12, 2014, the Ayatollah Ali
Khamenei delivered a message
to the Islamic Association of Independent University Students,
instructing them to prepare for
cyber war:
“You are the cyber-war agents and such a war requires Ammar-
like insight and Malik Ashtar-like
resistance; get yourselves ready for such war wholeheartedly.”
The Ayatollah stressed that this was the students’ religious and
nationalistic duty.20 As noted
in the report, Iran’s cyber landscape has changed significantly
from 2010 to the present. There
was a noticeable transition from Iran’s increasing awareness of
cyber intrusions to the regime’s
institution of defensive cyber capabilities. The focus then
shifted to implementing strategic
30. offensive cyber capabilities. From the discovery of Stuxnet to
the creation of a vast cyber army,
Iran has made significant developments in the cyber war arena
in a relatively short time.21
Our security research uncovered the following factors implying
Iran’s indirect operational
involvement in the activities of the Iranian cyber underground:
• Threat actor group Shabgard’s training portal at Webamooz.ir
offered accredited IT training in
conjunction with Shahid Beheshti University.22
• Threat actor group Ashiyane offered training in conjunction
with the Sharif University
IT center.23
• According to the Iranian Republic News Agency, Ashiyane’s
leader, Behrouz Kamalian,
ordered the group to work for the Iranian government by
attacking foreign government and
media websites.24
• Behrouz Kamalian’s father, Hossein Kamalian, has served as
the Iranian ambassador to
Thailand, Laos, Myanmar, Bahrain, France, and Yemen.
• The European Union exposed Behrouz Kamalian’s
involvement in human rights violations—
namely his involvement assisting the regime with cracking
down on protesters during the
2009 political unrest in Iran.25
• The EU report also linked Ashiyane to Iran’s Revolutionary
Guard.26
31. • A report from Israel’s Institute for Counterterrorism notes that
it has been alleged that
Ashiyane is responsible for training Iran’s Cyber Army
(ICR).27
• Despite Iran’s strict laws regulating Internet access and
content, Ashiyane members do not
fear being held accountable for their actions.28
• Some of the threat actor groups profiled in the report use
gamification as a training
mechanism, including capture the flag (CTF) contests sponsored
by Sharif University29 and the
Atomic Energy Organization of Iran (AEOI).30
It is interesting to note that HPSR Security Briefing Episode 11
had a significant impact on some
of the threat actors profiled in the report. After nearly 11 years
of activity, the website and
forums for Shabgard are now defunct.31
16 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/HPSR-Threat-Intelligence-
Briefing-Episode-11/ba-p/6385243.
17 http://www.memri.org/report/en/print7371.
htm.
18 http://www.inss.org.il/index.
aspx?id=4538&articleid=5203.
19 http://www.forbes.com/sites/
jeffreycarr/2011/01/12/irans-paramilitary-
militia-is-recruiting-hackers/.
20 http://www.haaretz.com/mobile/1.574043.
33. university-ctf-online-qualifier.html.
30 http://ctf.aeoi.org.ir.
31 http://shabgard.org.
Iran
10
HP Security Research | Cyber Risk Report 2015
North Korea
In HP Security Briefing Episode 16,32 we focused on the
enigma that is North Korea’s cyber
threat landscape. North Korea’s cyber warfare doctrine has not
been clearly stated. However,
based on cultural and technical observations, we may deduce
that North Korea’s cyber doctrine
follows the tenets of juche nationalism and the songun doctrine.
North Korea considers its cyber
warfare capabilities an important asymmetric asset in the face
of its perceived enemies.33 In
November 2013, Kim Jong Un referred to cyber warfare
capabilities as a “magic weapon” in
conjunction with nuclear weapons and missiles.34
The North Korean regime plays a direct role in training its
cyber warfare operators via primary
and secondary education and the university system.35
Successful students in the cyber
warrior track often attend Kim Il-sung University, Kim Chaek
University of Technology,36
or the Command Automation University. Some students attend a
34. two-year accelerated
university program, then study abroad before they are assigned
to a cyber-operator role.37
Our research led to the conclusion that any activity originating
from North Korea’s IP space is a
product of the state’s direct operational involvement for the
following reasons:
• North Korea’s cyber infrastructure is divided into two major
parts: an outward-facing Internet
connection and a regime-controlled intranet.
• North Korea’s outward-facing Internet connection is only
available to select individuals, and is
closely monitored for any activity that is deemed anti-regime.
• The North Korean regime strictly controls all Internet
infrastructure,38 meaning cyber activity
by dissidents or autonomous hacker groups is very unlikely.
• The fact that North Korea reportedly spends so much of its
limited resources on training and
equipping cyber operators implies the regime is investing in a
key military asset.
Additionally, we discovered that much of the computer network
operations (CNO) conducted
on behalf of the regime originates from the networks of third
parties such as China, the United
States, South Asia, Europe, and even South Korea.39 When
these networks are used to launch
CNO on behalf of North Korea, attribution is difficult.
The Sony attack in late November was, at press time, not firmly
linked to North Korea. Despite
35. the fact that the regime denies responsibility for the attacks,40
several factors seem to support
that North Korea played a role in them. However, based on our
previous research of North
Korean cyber capabilities, it is difficult to discern whether the
regime acted alone. It is plausible
as of press time that the actors responsible for this attack relied
on the assistance of an insider.
32 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/HP-Security-Briefing-episode-
16-Profiling-an-enigma-North-Korea/ba-
p/6588592.
33 http://h30499.www3.hp.com/hpeb/
attachments/hpeb/off-by-on-software-
security-blog/388/2/HPSR%20
SecurityBriefing_Episode16_NorthKorea.pdf.
34 http://english.chosun.com/site/data/html_
dir/2013/11/05/2013110501790.html.
35 http://www.aljazeera.com/indepth/
features/2011/06/201162081543573839.html.
36 http://www.aljazeera.com/indepth/
features/2011/06/201162081543573839.html.
37 http://www.aljazeera.com/indepth/
features/2011/06/201162081543573839.html.
38 http://www.defense.gov/pubs/North_Korea_
Military_Power_Report_2013-2014.pdf.
39 http://www.csmonitor.com/World/Security-
Watch/2013/1019/In-cyberarms-race-North-
36. Korea-emerging-as-a-power-not-a-pushover/
(page)/5.
40 http://www.voanews.com/content/exclusive-
north-korea-denies-involvement-in-cyber-
attack-sony-pictures/2545372.html.
North
Korea
HP Security Research | Cyber Risk Report 2015
11
Notes on the threat modeling process
In May’s HP Security Briefing Episode 13—the first after the
name of the series changed from
the earlier “Threat Briefing,” to reflect HPSR’s growing scope
of inquiry – we took a step back
from the work of doing threat modeling and looked at the
history and theories of the practice.41
At its base, threat modeling is yet another permutation of risk
management, the soul of
information security.42 Threat modeling asks that we assign
value to our assets, examine
them closely for potential vulnerabilities, assess what risks
those vulnerabilities pose to our
enterprise, and plan to mitigate them (or not). Threat modeling
is not auditing—though auditing
can be useful as we determine which assets or controls merit the
modeling effort—but a way of
learning from the past to manage future risk. Above all, threat
modeling is, as most things are
37. in the enterprise, a method of resource allocation.43
There are three main approaches to threat modeling: software-
centric, asset-centric, and
attacker-centric. Software-centric threat modeling looks at how
applications are built and how
data flows through them. It tries to catch bad behaviors during
the design and implementation
stages—that is, before the application is released. Software
vendors that follow a Software
Development Lifecycle44 process, or SDL, usually have
multiple checkpoints to catch as many
potential issues as possible. Such modeling doesn’t catch every
problem, but it cuts down on
the “low-hanging fruit” and makes it obvious to developers
where problems may lie.45
Asset-centric threat modeling looks at what has value to an
organization, or to its people
or processes. Those valuations are a guide to appropriate
protections.46 The process often
includes a look at what could happen to the assets, and the
effect if something were to happen
to them. Outcomes are usually oriented toward appropriate
controls and budget priorities. This
kind of modeling is an effective way to approach highly
regulated data or industries.
Attacker-centric threat modeling draws on experiences and
theories about attacks on
infrastructure, or against certain types of data or entities.47 Its
goal is to predict how anticipated
attacks might progress, and how to deal with them if they do.
This type of model may be
appropriate when assets are less important than the motivation
of adversaries towards an
38. organization or state, or when a pattern of intrusions is repeated
against multiple targets.
The analyses we do as we examine nation-state activity draw on
multiple forms of information-
gathering, including work done in partnership with HP’s Digital
Investigation Services group
and, when appropriate, independent third-party researchers and
even competitors in the
information-security field. The growing acceptance of prudent
information-sharing is both a
response to current conditions in the world and a hopeful sign
that concerned enterprises and
other entities can find a productive and effective balance
between healthy competition and the
workings of a healthy Internet.
We should note, by the way, that not all threat models attempt
to identify who an attacker
might be. Some models care about attribution, and some do not.
All attacker-centric models,
however, try to map controls to each phase of an attack.48 This
details the actions or tools that
might be appropriate at each stage of the conflict.
Understanding how individual attacks fit into
the chosen schema can help enterprises prioritize spending and
deployment of resources.
41 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/HP-Security-Briefing-
episode-13-The-art-and-near-science-of/ba-
p/6493964#.VR2EofnF8nM
42 https://ssd.eff.org/en/module/introduction-
threat-modeling
39. 43 Chen, Yue. “Software Security Economics and
Threat Modeling Based on Attack Path Analysis;
A Stakeholder Value Driven Approach” Retrieved
from http://sunset.usc.edu/csse/TECHRPTS/
PhD_Dissertations/files/ChenY_Dissertation.pdf
44 http://www.microsoft.com/en-us/SDL/about/
benefits.aspx
45 Jangam, Ebenezer. “Threat Modeling and Its
Usage in Mitigating Security Threats in an
Application.” Retrieved from http://isea.nitk.
ac.in/publications/ThreatModeling.pdf
46 Kayem, Anne. “Attack Centric Threat Modelling
Approach to Social Networks: Hacking and
Counter Measures.” Retrieved from http://
people.cs.uct.ac.za/~rratshidaho/Project/
documents/Lit_Maoyi.pdf
47 http://www.noord-group.com/process-attack-
simulation-and-threat-analysis-pasta-risk-
centric-threat-modeling
48 Ramkumar Chinchani, Anusha Iyer, Hung Ngo,
and Shambhu Upadhyaya. “A Target-Centric
Formal Model For Insider Threat and More”
Retrieved from http://www.cse.buffalo.edu/
tech-reports/2004-16.pdf
12
HP Security Research | Cyber Risk Report 2015
40. The cyber underground
Activity in the cyber underground primarily consists of cyber
crime involving identity theft
and other crimes that can be easily monetized. There have been
other motivations observed
though, as was the case in August when suspected Russian
hackers stole gigabytes of customer
data from U.S.-based JPMorgan Chase during a period of
escalated tension between Russia
and the United States, in which Russia was amassing troops on
the border with Ukraine and the
United States had imposed economic sanctions against Russia in
response. Reports stated that
the FBI believed the attackers to be state-sponsored.49
In September, F-Secure published research on “Quedagh,” a
Russian cyber crime organization,
and its use of BlackEnergy malware to target Ukranian
government organizations to steal
information.50 In its research it found evidence to suggest that
this group could have been
operating during the 2008 Russo-Georgian war, in which cyber
operations paralleled military
offensives.
In October, FireEye published research showing likely Russian
state sponsorship of attacks
targeting various organizations, with a focus on Georgia and the
Caucasus, and primarily using
spear-phishing techniques with embedded malware.51 The
research indicated that this group
may have been acting as far back as 2004.
However, one of the biggest stories this year was the ongoing
spate of credit-card information
41. breaches targeting U.S. retailers, including Staples, Kmart,
Dairy Queen, Jimmy John’s, Home
Depot, PF Chang’s, Goodwill, Sally Beauty Supply, Michaels,
and Neiman Marcus. This followed
the major Target breach during the 2013 holiday season. Many
of the cards stolen from these
stores ended up on carding forums being sold in groups by
Russian actors.52 These breaches
occurred in point-of-sale (POS) systems used by retailers, which
proved to be a target-rich
environment for many attackers. More detailed discussion is
found later in this Report.
Conclusion
There’s the Internet that we see and the Internet that most of us
don’t, and even though it is
mostly invisible, the darker side of the Internet is pervasive and
influential. Our investigations
certainly suggest that the machinations and maneuvers of
criminals and state-sponsored
cyber operators in the cyber underground have significant and
lasting effects on the security
of the greater Internet and society at large. Looking into nation-
state-sponsored cyber activity
highlights the many levels at which cyber operations and state -
sanctioned activity can occur,
and how malware and the tools and techniques of cyber
criminals can be utilized in different
ways to accomplish different goals. (The same techniques
nation states might use to stifle
protest or target opposing state interests can just as easily be
used by criminals to perpetrate
fraud or steal intellectual property.)
Of most concern to enterprises, intellectual property continues
42. to be targeted.53 In 2014,
responses to this long-recognized threat, and international
cooperation to address these
attacks, improved and continued to gain momentum. Cyber
crime comes in many flavors but
it remains vastly driven by financial interests. We expect
attackers to continue to focus on
intellectual property, identity data, and card information. While
systems such as “chip and
pin” are likely to prove more resistant to breach as particular
points in financial processes get
hardened, other points become more attractive to attackers. In a
similar vein, as technology
develops to improve the security of systems, it also conversely
develops to make particular
targets increasingly accessible. We expect escalations in this
area to continue.49 http://www.bloomberg.com/news/2014-08-
28/
russian-hackers-said-to-loot-gigabytes-of-big-
bank-data.html.
50 http://www.f-secure.com/
documents/996508/1030745/blackenergy_
whitepaper.pdf.
51 http://www.fireeye.com/blog/
technical/2014/10/apt28-a-window-into-
russias-cyber-espionage-operations.html.
52 http://krebsonsecurity.com/2013/12/whos-
selling-credit-cards-from-target/.
53 http://www.ipcommission.org/report/ip_
commission_report_052213.pdf.
43. Recent credit-card information breaches
occurred in point-of-sale (POS) systems
used by retailers, which proved to
be a target-rich
environment for many attackers.
HP Security Research | Cyber Risk Report 2015
13
Vulnerabilities and exploits
In the past year, significant shifts occurred in how researchers
go about finding weaknesses in
an enterprise’s attack surface. The hunt is on for vulnerabilities
in foundational technologies on
which corporations rely to provide core business functionality.
Multiple times in the last year,
high-profile vulnerabilities were discovered that left enterprises
scrambling to deploy patches
and clean up compromised machines.
Even with this shift in focus, our adversaries are still leveraging
classic avenues for attack.
Exploitation of widely deployed client-side and server-side
applications are still commonplace.
Browser-based use-after-free (UAF) vulnerabilities are the
vector of choice when attacking
enterprises and government agencies. Corporations are also
unaware of the risk imposed on
them by using poorly coded middleware applications. Trends in
submissions to the HP Zero Day
44. Initiative highlight the dynamic nature of the attack surfaces to
which enterprises are exposed
on a daily basis. Having insight into these trends will help users
better prepare for the evolving
nature of threats.
Exposing weaknesses in OpenSSL
Watching the industry respond to the Heartbleed vulnerability
highlighted how unprepared we
were for this type of disclosure. The flaw allowed for an
unauthenticated remote attacker to
disclose the memory of an application that uses the vulnerable
version of OpenSSL. Successful
attacks could result in the disclosure of SSL private keys,
username/password combinations,
and session tokens. Exploitation of this flaw typically would not
leave any signs of abnormal
behavior in the application’s logs. It was a silent but serious
threat to secure communication
on the Internet.
This vulnerability also changed how the industry responded to
vulnerability disclosures. Due
to the severity and active exploitation of the vulnerability,
corporations were forced to respond
quickly, patching servers that were not routinely patched. The
issue existed in an application
library that did not have a clear update path. Enterprises did not
have a solid understanding
of which applications were using this library and where it was
located inside their networks.
Large software companies such as Microsoft have patching
schedules so IT staff (users) can
plan for the rollout of an update. In this case, network
administrators were left to hunt all
applications using the vulnerable version of the library and then
45. manually apply the patch.
Many organizations could not deploy the patches fast enough
and struggled to defend against
incoming attacks.
14
HP Security Research | Cyber Risk Report 2015
This activity rekindled the conversation around the security
offered by open-source projects
and the lack of financial support provided to the projects used
in critical infrastructure. Many
entities that rely heavily on OpenSSL to work correctly began
donating financial support to the
project. Meanwhile, researchers were upping their efforts to
review OpenSSL source code to find
additional vulnerabilities. It didn’t take long for another critical
OpenSSL vulnerability to show
up in the queues at the Zero Day Initiative. Jüri Aedla is
credited for the original discovery of
this vulnerability.
The issue exists wholly within ssl/d1_both.c and occurs when
handling Datagram Transport
Layer Security (DTLS) fragments. DTLS has a fragmentation
mechanism to break up large
messages for UDP. Each fragment contains a 3-byte length
field, which should be the same for
all fragments in a message. OpenSSL incorrectly assumes that
all DTLS fragments specify the
same message size. Specifically, it trusts that the message
length specified within the header of
the first fragment will be invariant across all fragments.
46. Another significant observation is that the Wireshark protocol
decoder highlights the mismatch
of the length values in the DTLS fragments as a protocol error.
Unfortunately, OpenSSL did not
recognize this as an error condition.
Just sending this single UDP packet results in the application
segfaulting and causing a denial-
of-service condition, but more malicious actions are possible.
An attacker could leverage this
issue to corrupt adjacent metadata, and possibly execute code in
the context of the process
using OpenSSL.
The OpenSSL code does some sanity checking on the length
fields in the DTLS fragments but,
unfortunately, the check occurs too late and could be bypassed.
The developers even left a
prophetic comment in the code about what would happen if the
validation failed.
This vulnerability is interesting from a development
perspective. According to the commit logs,
Robin Seggelmann introduced this vulnerability into the
OpenSSL code base four years ago.
Robin Seggelmann is also responsible for introducing the
Heartbleed vulnerability. Seggelmann
is not completely to blame, of course. OpenSSL is an open
source project. The “many eyes” that
look at this code failed to catch this bug prior to 2014, but a
new breed of individuals are looking
at this code. This code is now known for having vulnerabilities
and white-hat researchers are
now focusing their efforts on auditing and securing this critical
infrastructure.
47. Value of information disclosure
Discovery of information disclosure vulnerabilities such as
Heartbleed is highly valued by
the exploitation community. These issues can also be used in
conjunction with remote code
execution vulnerabilities to bypass modern exploit mitigations.
For example, Microsoft®
Internet Explorer® relies heavily on a mitigation technology
called Address Space Layout
Randomization (ASLR) to increase the complexity of
exploitation of a vulnerability existing in
the browser.
ASLR randomizes the base address of loaded DLLs. In the past,
attackers relied on known
addresses in DLLs to craft exploits. With the introduction of
ASLR, attackers must either find
a way to load a non-ASLR’d DLL or try to leak a DLL address.
Using information disclosure
vulnerabilities, attackers can render this mitigation useless by
cherry-picking pointers within
the leaked data, allowing them to learn the base address of the
randomized DLLs.
Heartbleed was a nice demonstration of a highly controllable
information disclosure
vulnerability due to a buffer over-read, but these types of issues
can also occur due to
race conditions in an application. In April, the HP Zero Day
Initiative received an interesting
vulnerability in Apache httpd mod_status from several Polish
researchers. The root cause
of the vulnerability was a race condition between the updating
of httpd’s “scoreboard” and
mod_status, leading to a heap overflow with attacker-supplied
48. data. ZDI concluded it was
possible, with a well-crafted exploit, to disclose application
memory containing internal server
configuration details, htaccess credentials, and other application
data.
HP Security Research | Cyber Risk Report 2015
15
Weaknesses in enterprise middleware
Corporations are embracing software as a service (SaaS) and
other middleware solutions to
shorten the time it takes to deliver business applications. These
applications contain copious
amounts of sensitive corporate data and personally identifiable
information. Middleware
applications rely heavily on protocols such as HTTP, Simple
Object Access Protocol (SOAP), and
JSON to communicate with each other. Most of these
communication protocols are exposed to
the network and are accessible without authentication. The
attack surface exposed by these
applications can be large and riddled with weaknesses.
These services have become an increasingly popular target for
researchers and the number
of vulnerabilities discovered in 2014 was astonishing. The HP
Zero Day Initiative worked with
numerous middleware and IT management software vendors to
shore up their code. In fact,
during just one week, a single researcher submitted over 40
remotely exploitable vulnerabilities
49. in ManageEngine’s product line. These vulnerabilities ranged
from information disclosure issues
to denial of service conditions and remote code execution
vulnerabilities.
To highlight the ease with which these issues could be
exploited, this Report takes a deeper
look at one of the resolved information disclosure issues. CVE-
2014-8678 (ZDI-14-38654)
was a vulnerability in the ManageEngine OpUtils
ConfigSaveServlet servlet. This vulnerability
allowed remote attackers to disclose files on vulnerable
installations of ManageEngine OpUtils.
Authentication was not required to exploit this vulnerability.
The issue lies in the failure to properly sanitize the saveFile
parameter for directory traversal
characters. A remote attacker can exploit this vulnerability to
disclose files from the system.
Using directory traversal, an attacker can easily disclose
sensitive information residing on the
server running ManageEngine OpUtils. The impact of this
attack can be visualized further by
understanding the type of data handled by the OpUtils software.
According to ManageEngine,
OpUtils helps network engineers manage their switches and IP
address space.55 Specifically,
OpUtils would have details about a corporation’s IPv4 and IPv6
subnets, backups of
configuration files of Cisco routers and switches, and bandwidth
usage statistics. It’s possible
for an attacker to leverage the vulnerability to disclose this
valuable information to aid them
in future attacks. Many corporations are unaware of the risk
imposed on them by using poorly
50. coded middleware and IT management applications. Updates to
these applications should be
applied as soon as they are available to reduce exposure.
Vulnerability and exploits trends in 2014 (Windows case)
2014 saw Microsoft Internet Explorer, Microsoft Office and
Adobe® Flash Player zero days in
the wild. Notably in 2014 there were no major Oracle Java zero
days discovered exploited in the
wild. This is likely due in part to the click-to-play feature
Oracle recently introduced. This section
takes a deeper look at the security technologies and how they
were bypassed.
Defeating ASLR and DEP security protections
Most of the exploits observed in the wild were successful at
defeating ALSR and Data Execution
Prevention (DEP). DEP, like ASLR, is a security feature. It
marks areas of memory as either
“executable” or “nonexecutable,” allowing only data in an
executable area to be run. DEP
protects against some program errors and helps prevent certain
malicious exploits. The ability
to bypass these protections has become a common feature of
modern exploits. While many
different techniques may be used to defeat these protections, the
most popular method is to
corrupt application objects on the heap and change the length
field of the object, as seen in
the multitude of Microsoft Internet Explorer UAF exploits.
Often surgical precision memory
manipulation is performed resulting in a very high exploit
success rate. Object corruption and
code reuse attacks are typical techniques currently used to
defeat ASLR and DEP.
51. 54 http://zerodayinitiative.com/advisories/ZDI-14-
386/.
55 http://www.manageengine.com/products/
oputils/ Page 15.
Many corporations are unaware of
the risk imposed on them by using
poorly coded
middleware and IT management
applications.
16
HP Security Research | Cyber Risk Report 2015
Object corruption
For example, the CVE-2014-1761 exploit in the wild corrupted
an object created from
GFX.dll. The method corrupted is related to a graphical object
and is called constantly with
a short interval of time between each call. This allows the
attacker’s code to execute
immediately following the corruption of the vtable of the
object.
Another example exploit used CVE-2014-0515 and involved
corrupting multiple objects,
including the vector object and FileReference object. Vector
object exploitation uses a buffer
52. overflow vulnerability resulting in an abnormally large field
value length. This allows the
attacker to access a vast range of memory freely from the script.
Some IE exploits also used a similar technique to defeat ASLR
and DEP. The exploit code for
CVE-2014-1776 used a maliciously constructed SWF file to
load Flash Player-related modules
and setup memory containing vector objects. The UAF
vulnerability may be used to overwrite
2 bytes of memory at an arbitrary location. By corrupting the
first 2 bytes of the vector object,
which is used as a length field, the exploit will gain the ability
to access broader read and write
memory space through the vector object.
Code reuse attack
After acquiring out-of-bounds memory read/write access, the
exploit would corrupt another
object’s vtable, reusing existing code fragments from loaded
DLLs to defeat ASLR. For example,
the exploit code for CVE-2014-0515 uses a fake FileReference
function table to run code from
the existing location of the Adobe Flash Player executable
location.
With fake function table setup, the exploit code calls the related
method, “cancel.” This passes
the execution to a location the attacker designates. This
becomes interesting when the location
to which the control flow is passed is inside the Adobe Flash
Player executable itself.
The function calls other functions that in turn call
VirtualProtect to add an executable bit to
the designated memory region. This is a very sophisticated way
53. of defeating DEP—not exactly
return-oriented programming (ROP), but a type of code-reuse
attack.
It is possible to use ROP to defeat DEP and is the more
traditional approach. CVE-2014-1776
exploit code used ROP; after first acquiring read and write
access to the full process memory
area, it sets up the ROP code. When the ROP code is running, it
adds an executable bit to the
shellcode area that follows the ROP code.
Rise of legacy code vulnerabilities
Deprecated features
Vulnerabilities found in legacy code were also a significant
factor in 2014. CVE-2014-0515
was a vulnerability in the Pixel Bender feature of Adobe Flash
Player. The feature is officially
deprecated, but the code remains in the executable. We noted
that the DWORD value at offset
0xEA of Pixel Bender data was responsible for triggering the
vulnerability.
The metadata of defaultValue is intended to be just 4 bytes
long, but the code tries to convert
all 16 arguments and put them in the memory array, incurring a
memory corruption error.
The original binary data is parsed and translated into a bytecode
that is later used for further
operations. The second value from the defaultValue argument
overwrites the index value inside
the SEL instruction’s byte code in memory.
Based on the nature of the issue and the age of the code, we
suspect that this vulnerability was
found using dumb fuzzing that replaced random bytes in the
54. target sample file. The bug itself
appeared very old and was likely present from the earliest
versions of the Pixel Bender feature;
now, even though the feature is no longer supported, the flaw
may still hurt the security of
the products.
HP Security Research | Cyber Risk Report 2015
17
CVE-2014-1761 was a vulnerability in RTF parsing code, as
well as a simple buffer overflow.
The RTF parser has existed in Microsoft Office for decades,
leading us to reasonably assume
the bug has been there for just as long. The overflow bug class
has long been hunted with
stack overflow as the most well-known and easy to locate.
Additionally, the code patched for
this vulnerability is a known problem spot. The patch for CVE-
2014-1761 was released with the
MS14-017 security bulletin, but there was another vulnerability
(CVE-2012-2593) in the same
function two years ago and patched with the MS12-079 security
bulletin. While the bug classes
of the vulnerabilities are different, they involve the same RTF
key word and are very similar
in nature, using an edge case value for the key word. CVE-
2014-4114, another legacy code
vulnerability, exploited the OLE packager feature that has
existed since Windows® 3.1.
The exploitation of vulnerabilities in legacy code is of
significant concern from two angles. It’s
55. important to apply timely patches in the enterprise environment;
however, it’s just as important
for vendors to invest time on legacy code testing and patching.
Creating and implementing new
managed languages and new security features on decades-old
code base is not secure. While
matters have improved with the help of the security community
reporting legacy issues, expect
to see these from time to time in the future.
Highly successful rate vulnerabilities
Oracle introduced click to play as a security measure making
the execution of unsigned Java
more difficult. As a result we did not encounter any serious
Java zero days in the malware space.
Many Java vulnerabilities were logical or permission-based
issues with a nearly 100 percent
success rate. In 2014, even without Java vulnerabilities, we still
saw high success rate exploits in
other areas.
Logical issue
CVE-2014-4114, found in the wild, was a logical issue bug
involving the OLE packager
component. When properly exploited, it was always successful.
The bug involves the OLE object
insertion feature in Office and enabled users to package a non-
OLE object into a document.
In this case, what is included inside the Packager is a UNC path
to an INF file. The document
containing this OLE object would launch for the INF file
automatically without a victim’s
knowledge. Use of the INF file allows for a number of
dangerous operations.
56. By trusting an INF file from an untrusted source it opens a gap
that an attacker can exploit to
use an INF file to do various dangerous things like renaming
files and launching programs.
Surgical precision exploits
Even memory-related vulnerabilities such as CVE-2014-0515,
CVE-2014-1761, and CVE-
2014-1776 showed high exploitation success rates. CVE-2014-
0515, an Adobe Flash Player
vulnerability, was used in an exploit with a heap-spray
technique. By laying out memory such
that the memory corruption changes the length field of one
heap-spray element, it can achieve
full memory read and write access to the process. Once this is
achieved, the attacker has full
power over the process itself.
The CVE-2014-1761 vulnerability was used in a way that
changed the adjacent GFX object with
surgical precision. When the exploit tries to allocate multiple
array members, it can fully control
the contents of the memory data. The controllability of the data,
such that it overwrites a GFX
object, is very important. In this case, every byte of the data is
fully controllable through RTF
key words. The attackers were sophisticated enough to figure
out which bytes are controlled by
which RTF key word.
Implementation of mitigations in software such as Windows
raises the bar on exploitation
difficulty, and attackers respond with sophisticated attacks. The
time when exploits were
dependent on luck with memory layout is nearly past. Today’s
exploits are highly calculated
57. with memory layout and exploitation techniques. Many zero-day
exploits that emerged in 2014
demonstrated a near-perfect success rate. There has been a
decline in attackers using large
heap sprays that take a long time and get the victim’s attention.
Implementation of mitigations in
software such as Windows raises
the bar on exploitation difficulty,
and attackers respond with
sophisticated
attacks.
18
HP Security Research | Cyber Risk Report 2015
Conclusion
Software vendors continue to make it more difficult for
attackers with the implementation
of security mitigations, but they aren’t enough when they are
built on decades-old code still
inherently vulnerable. The one exception seems to be the
success of Oracle’s click-to-play
mitigation in thwarting Java attacks. While it is more difficult
for attackers to succeed, we are
experiencing very high success rates with exploits in the wild,
which may indicate they were
authored by professional exploit developers with high exploit
development skills. The quality
58. of exploits is improving and sometimes reveals a deep
understanding of the nature of the
vulnerability and the internals of the target applications.
Malware and exploits
Year after year, exploits have been the main vector for a wide
range of malware attacks. They
serve as one of the early steps in achieving control over the
target in a cyber-attack sequence.56
Over the years we have seen hundreds of vulnerabilities
exploited with different applications
and operating systems being affected, ranging from Web
browsers to multimedia apps and run-
time environments such as Oracle Java.
Every year thousands of CVE numbers are issued for various
vulnerabilities, but malicious
actors are interested in the most serious class of
vulnerabilities—the ones that allow the
attacker to achieve remote code execution. HP Security
Research, together with ReversingLabs,
has a catalog of more than 100,000 exploits collected over the
course of the year. In this Report
we display and discuss 2014’s top trends.
Top CVE-2014 numbers collected in 2014
The most common CVE-2014 exploit discovered by our teams is
CVE-2014-0322.57 First
reported by FireEye in February,58 CVE-2014-0322 exploits a
use-after-free vulnerability in
Internet Explorer and commonly uses an Adobe Flash stage to
bypass exploit mitigations
in Windows to deliver its final executable payload. The exploit
was first seen in Operation
59. SnowMan, which allegedly targeted U.S. government entities
and defense companies.
CVE-2014-6332,59 also known as “Windows OLE Automation
Array Remote Code Execution
Vulnerability,” is another vulnerability that attracted a lot of
attention in the security
community, especially because the vulnerability has been
present in various versions of
Windows for over 18 years,60 since the days of Windows 95.
The exploit is delivered through VB
Script, so it can only be delivered to Internet Explorer. It allows
for an easy sandbox escape if
combined with a routine that changes flags to disable Internet
Explorer’s Safe Mode.
In the wild, however, the exploit often uses a combination
approach, similar to the delivery
of CVE-2014-0322. The exploit is triggered by redimensioning
an array to transfer control to
Adobe Flash shellcode. This bypasses exploit mitigations,
including older versions of Microsoft’s
Enhanced Mitigation Experience Toolkit (EMET). A specially
crafted JPG image with an appended
encrypted data buffer is loaded into memory space which, when
decrypted by shellcode present
in the SWF file, drops and runs the final executable payload. 61
56 http://www.lockheedmartin.com/content/dam/
lockheed/data/corporate/documents/LM-White-
Paper-Intel-Driven-Defense.pdf.
57 http://www.cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2014-0322.
58 https://www.fireeye.com/blog/threat-
61. exploits are delivered through Internet Explorer; these four
together account for almost two-
thirds of all CVE-2014-based exploits discovered this year, Two
Windows exploits are delivered
using Microsoft Office files, three using Adobe Flash, and one
through Adobe Reader.
In-depth analyses of CVE-2014-0505,64 CVE-2014-1761,65
CVE-2014-4114,66 and CVE-2014-
177667 have been published on the HP Security Research blog
over the course of the year.
62 http://threatpost.com/does-java-8-
delay-mean-oracle-finally-serious-about-
security/99908.
63 http://blogs.msdn.com/b/ie/
archive/2014/08/06/internet-explorer-begins-
blocking-out-of-date-activex-controls.aspx.
64 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/Technical-Analysis-of-CVE-
2014-0515-Adobe-Flash-Player-Exploit/ba-
p/6482744.
65 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/Technical-Analysis-of-CVE-
2014-1761-RTF-Vulnerability/ba-p/6440048.
66 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/Technical-analysis-of-the-
SandWorm-Vulnerability-CVE-2014-4114/
ba-p/6649758.
67 http://h30499.www3.hp.com/t5/HP-Security-
Research-Blog/The-mechanism-behind-
62. Internet-Explorer-CVE-2014-1776-exploits/
ba-p/6476220.
0% 5% 10% 15% 20% 25% 30% 35% 40%
Others
CVE-2014-0502 Adobe Flash
CVE-2014-0497 Adobe Flash
CVE-2014-6332 Microsoft Windows
CVE-2014-0496 Mozilla Firefox
CVE-2014-1776 Microsoft Internet Explorer
CVE-2014-1761 Microsoft Office
CVE-2014-4114 Microsoft Windows
CVE-2014-0515 Adobe Flash
CVE-2014-0307 Microsoft Internet Explorer
CVE-2014-0322 Microsoft Internet Explorer 36%
25%
11%
10%
7%
3%
63. 2%
1%
1%
1%
3%
Figure 1. Top discovered CVE-2014 exploits
20
HP Security Research | Cyber Risk Report 2015
Top CVE numbers seen in 2014
Although we have seen over 30 CVE-2014 exploits used by
malware, the majority of exploits
discovered by our teams attempt to exploit older vulnerabilities.
By far the most common
exploit is CVE-2010-2568,69 which roughly accounts for a third
of all discovered exploit
samples. This vulnerability in shell32.dll allows the attacker to
plant a specially crafted .PIF
or .LNK file, which triggers the vulnerability when a user
browses the content of the folder
containing the malicious files. The exploit was used as one of
the infection vectors for Stuxnet
and quickly gained popularity in the world of malware writers.
0% 5% 10% 15% 20% 25% 30% 35% 40%
64. Others
CVE-2009-3129 Microsoft Office
CVE-2013-2423 Oracle Java
CVE-2012-4681 Oracle Java
CVE-2013-2465 Oracle Java
CVE-2012-0158 Microsoft Office
CVE-2012-0507 Oracle Java
CVE-2012-1723 Oracle Java
CVE-2013-0422 Oracle Java
CVE-2010-0188 Adobe Reader and Acrobat®
CVE-2010-2568 Microsoft Windows 33%
11%
9%
7%
4%
4%
3%
3%
65. 2%
2%
22%
Figure 2. Top exploit samples in 2014; note CVE numbers,
which are a useful guide to when the vulnerability was first
reported
In fact, CVE-2010-2568 is the only exploit for which the
number of discovered samples grew
month over month throughout the year.
The breakdown of the top 10 overall exploit samples discovered
this year is quite different
compared to only CVE-2014 exploit samples. Oracle Java holds
the top place in terms of
numbers with six exploits in the top 10, accounting for 29
percent of all discovered samples,
with CVE-2013-042269 being the most popular of Java exploits.
These are followed by the
already mentioned CVE-2010-2568 targeting Windows; CVE-
2010-0188,70 which targets Adobe
Reader, accounting for 11 percent of samples; CVE-2012-
015871 targeting Microsoft Office with
4 percent of samples; and CVE-2009-312972 targeting
Microsoft Excel®, with less than 2 percent
of all exploit samples discovered in 2014.
The discovered exploit samples indicate that there is still a
significant percentage of Windows
users who do not regularly update their systems with security
patches. This issue may have
been exacerbated by Microsoft ending support for Windows XP
66. security updates in April73 for
most users (and not counting the emergency MS14-021 patch
released in late April).
Looking at the operating systems targeted by exploits, it is
obvious that attackers are still
concentrating on Windows, despite high-profile vulnerabilities
in other technologies, such as
CVE-2014-627174 (Shellshock), that were discovered in 2014.
The most common exploit encountered for non-Windows
operating systems targeted CVE-
2013-4787,75 also known as the Android Master Key
vulnerability. Samples targeting this
vulnerability accounted for a little over one percent of all
exploit samples.
68 https://cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2010-2568.
69 https://cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2013-0422.
70 https://cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2010-0188.
71 https://cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2012-0158.
72 https://cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2019-3129.
73 http://www.microsoft.com/en-us/windows/
enterprise/end-of-support.aspx.
74 https://cve.mitre.org/cgi-bin/cvename.
67. cgi?name=CVE-2014-6271.
75 http://cve.mitre.org/cgi-bin/cvename.
cgi?name=CVE-2013-4787.
HP Security Research | Cyber Risk Report 2015
21
Looking at the file types used to deliver exploits through Web
browsing or email attachments,
Java applets and class files are the most common and account
for 48 percent of all samples of
this set, followed by PDF files, HTML (JavaScript), and Word
(OLE2) documents. These account
for 33 percent, 10 percent, and 5 percent of discovered malware
samples respectively.
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
70. 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
CHM
PowerPoint®
Multimedia
Excel
SWF
Word
HTML
PDF
Java 48%
33%
11%
5%
3%
0.4%
0.18%
0.03%
0.01%
71. Figure 4. Web or email exploit samples by file type
22
HP Security Research | Cyber Risk Report 2015
Figure 5. ZDI researcher coverage map
Defenders are global
Zero Day Initiative’s researchers: Geographic distribution
In its first decade, the HP Zero Day Initiative has received over
7,000 submissions from 80
countries around the world. Taking a closer look at the data, an
interesting perspective emerges
on where in the world vulnerability research is occurring. The
following list shows the countries
with the highest submission rate since the program’s inception:
1. United States
2. Canada
3. Italy
4. France
5. Poland
Over the past two years, several new hot spots popped up with
high submission rates and
quality technical analysis including Germany, South Korea,
China, and the Russian Federation.
72. Researchers in these countries are not only focusing on
vulnerability discovery but also on
innovative exploitation techniques. The coverage map below
pinpoints the countries actively
submitting unpatched vulnerabilities to the program.
HP Security Research | Cyber Risk Report 2015
23
Conclusion
Researchers and analysts in the HP Zero Day Initiative were
busy coordinating the disclosure
and remediation of over 400 high-severity vulnerabilities in
2014. This year marks the highest
number of disclosures in a single year. 2013 brought quite a few
Oracle Java sandbox bypasses
to the program. In 2014, however, researchers shifted to
browser vulnerabilities, focusing most
of their efforts on Microsoft Internet Explorer.
ZDI researchers tuned their browser fuzzers to discover dozens
of UAF vulnerabilities. A use-
after-free vulnerability can occur when memory is allocated to
an object that is used after it is
deleted (or deallocated). Good programming practice dictates
that any reference pointing to an
object should be modified when the memory is deallocated, to
keep the pointer from continuing
to make the area of memory where the object once resided
available for use. (A pointer in this
abandoned condition is broadly called a “dangling pointer.”) If
the pointer isn’t modified and tries
73. to access that area of memory, the system can become unstable
or corrupt. Attackers can use
a dereferenced pointer in a variety of ways, including execution
of malicious code.
Examining 2014 submissions revealed a mix of “old” and “new”
vendors at the top for
most disclosures:
1. Microsoft
2. Hewlett-Packard
3. Advantech
4. SAP
5. Apple
In 2013 there were a number of SCADA vulnerabilities, but
2014 marks the first year where a
SCADA vendor is among the top vendors with vulnerabilities
disclosed against its products.
Advantech focuses on automation controllers, industrial control
products, and single board
computers. SAP is on the list due to an audit ZDI analysts
conducted against one of its products,
which yielded a large number of findings.
Looking ahead, we will continue to see a focus on browsers and
plugins that support them. The
attack surface offered by the complex software is used heavily
when targeting governments
and high-profile organizations.
Looking ahead, we will continue to see
74. a focus on browsers
and plugins.
24
HP Security Research | Cyber Risk Report 2015
Threats
The end game of many attackers that exploit vulnerabilities is to
install various types of
malware. In 2014 the malware problem continued unabated, and
while the anti-malware
industry has introduced multiple new approaches to the issues it
faces, the impact of those
measures on the security of organizations and the public is
questionable. Increasingly, anti-
malware technologies rely on monitoring for particular
behaviors rather than monitoring for the
presence of particular files, and they harness Big Data and
cloud capabilities in order to detect
and address new malware families by aggregating multiple data
points and dimensions. By
utilizing these technologies, the ability to detect malicious files
heuristically (that is, to identify
malware not seen before based strictly on its characteristics) has
improved—but nowhere near
enough. The defenders are worried—are we winning the war
against malware, or are we going
to be swept away by the rising tide?
Windows malware overview
State of protection
75. Year after year, the number of newly created malware samples
balloons. In 2013, AV-Test.
org, a reputable independent anti-malware testing organization,
collected 83 million malware
samples. For 2014 the final number is expected to be close to
140 million. If we simply
extrapolate the numbers, we can be almost certain we will reach
the 200 million mark in the
coming year.
If we consider that 200 million number, we see that to reach it
over the year, AV-Test—or any
reputable anti-malware vendor—should be capable of
processing an average of 600,000
samples every single day. The increasing number of samples
poses great challenges for anti-
malware engines, and the rates of detection for previously
unknown malware instances are
declining.
Our tests on standard scanning engines, conducted over a set of
over 80 million samples
in cooperation with ReversingLabs, show that detection of
previously unknown samples at
the moment of discovery significantly varies from vendor to
vendor. This illustrates the need
for complementary protection technologies that provide more
dynamic protection. These
technologies are usually built into most endpoint security
products.
0
20
40
76. 60
80
100
120
140
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
M
il
li
o
n
s
Figure 6. Unique malware samples collected by AV-Test
HP Security Research | Cyber Risk Report 2015
25
100%
96%
95%
93%
77. 91%
85%
83%
81%
81%
80%
75%
80%
85%
90%
95%
100%
A B C D E F G H I J
Figure 7. Various anti-malware vendors’ detection rates on
previously unknown samples (normalized relative to the best-
performing engine)
Relatively low rates of change of detection for samples a week
or longer after their discovery
show that many malware threats are transient, with their initial
distribution lifecycle lasting a
day or less. In addition, this may indicate the inability of anti-
malware vendors to process an
78. ever-growing number of incoming samples.
The sheer volume of malware samples that appears every day
plays into the hands of
actors with sufficient funds to conduct highly skilled targeted
attacks and evade all layers
of traditional protection. Large organizations have recognized
the need to build security
operations centers (SOCs) with skilled staff able to recognize,
respond to, and remediate
attacks when they happen.
Unfortunately, the level of technical skill, experience, and
knowledge required to address
targeted attacks is high. There is a skill shortage, usually
addressed by installing a combination
of incident response software and systems (such as sandboxes)
designed to detect whatever
portion of the attacker’s tools and malware managed to
penetrate traditional layers of defense.
The focus for organizations is not just how to protect, but rather
how to respond and remediate
attacks—understanding with certainty that attacks will be
successful if carefully planned
and executed.
26
HP Security Research | Cyber Risk Report 2015
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Loring
80. 1%
1%
Figure 8. Top malware samples discovered by ReversingLabs in
2014, by family
Top malware discovered
The top Windows malware discovered shows a slightly different
view on previously unknown
samples. In our practice we have gotten used to a way of
counting unique binary files as single
instances, which works well in the case of Trojans—that is,
malware that is unable to replicate
itself. Our data shows that the most commonly encountered
malware families are the ones that
either have the ability to replicate and create a functionally
identical copy (worms) or an ability
to modify another executable to include its own functionality
(parasitic viruses).
By far the most commonly reported malware name is Agent.
However, this name is not used
for a single family, but rather as a name space for all malware
samples that cannot be easily
classified into any other known existing families. Again, this is
directly related to the volume
of malicious files that need to be processed. The ability to fully
analyze all malware, recognize
what it is, and determine what it does is often beyond the means
of many AV companies. When
a file is determined to be malicious, the pressure to detect large
volumes of files means that
once researchers know enough to add detection for the file, they
move onto the next—only
81. doing the minimum amount of security research necessary.
Most of the other top 10 collected malware has the ability to
replicate: Virut, Sality, and
Expiro are polymorphic infectors that have been present for
many years and may be used
for information stealing, while Ramnit is a worm designed to
steal information such as online
banking credentials. Onlinegames is a password stealing
malware designed to steal the
credentials of online games. In fact, it seems that the majority
of the top 10 malware is geared
toward stealing data as opposed to immediately obtaining
financial benefits, as is the case with
fake anti-malware and ransomware samples.
Agent is a malware name that
is used as a name space for all malware
samples that cannot be easily classified.
HP Security Research | Cyber Risk Report 2015
27
Notable malware
Ransomware
Although the concept of ransomware goes back to the days of
the DOS operating system, it is only
in the last couple of years that it has become a contender to fake
or rogue anti-virus software in
prevalence and the potential to cause damage to victims’ data.
82. Perhaps the most notable ransomware is CryptoLocker, which
appeared at the end of 2013 and
caused a lot of damage to end users and organizations until the
FBI’s operation Tovar76 disrupted its
distribution channel and brought down a large Gameover Zeus
botnet.
Nevertheless, the business model in which users’ data is held
for ransom by malware using
asymmetric encryption algorithms to encrypt it has spurned a
number of copycats, with
CryptoWall77 being the most well-known.
In addition to the ransomware that actually encrypts the data (so
that the only way to recover is to
restore it from unaffected backup media), another class of
malware that simply locks user access
to the operating system (e.g., Reveton78) or to the Web browser
(e.g., Krypterade79) is also very
prevalent but thankfully much easier to remove.
Ransomware threats are here to stay and organizations must
have a sound backup and restore
policy in place for all business data in order to mitigate the
potentially destructive effects of a
successful attack. Not much detail is known about individuals
and organizations that resort to the
last desperate step of paying attackers the money, nor whether
the required data (or the private
key required for decryption) is delivered to victims after the
ransom money is paid. Judging by the
prevalence of ransomware threats, however, this cyber-criminal
business model appears to be
quite successful.
High-complexity malware
83. The best-known example of high-complexity malware is
Stuxnet,80 which was designed to attack
industrial systems, particularly centrifuges used for the
enrichment of uranium in the Iranian
Natanz fuel enrichment plant. Malware such as Stuxnet poses a
lot of questions for a malware
researcher. Some questions are never answered, and some are
answered only after lengthy,
iterative research, where even the smallest clues are followed.
In the case of Stuxnet, new details
were revealed81 in 2014, almost four years after the malware
was first discovered by the malware
research community.
The year 2014 marked the discovery of another highly complex
malware suspected to be developed
by an organized and well-funded group of developers—Regin.82
Regin is a multi-component
malware designed as a framework that allows for the creation of
multiple plugins. Regin employs
sophisticated hiding methods and encrypted virtual file systems,
and was designed for the purpose
of security intelligence gathering by continuously monitoring
individuals and organizations. It may
have been in use since 2008, but the first samples were
discovered by Symantec and Kaspersky
researchers as recently as 2013. The research shows that many
components of Regin are not yet
discovered and additional functionality and versions may exist
in the wild.
Once again, this supports our conclusion that a skilled attacker
will be able to penetrate all
traditional levels of defense and maintain access to victim
systems by choosing attack tools that
will not show up on the radar of anti-malware and other
85. It is worth mentioning a mini-comeback83 for Visual Basic for
Applications (VBA) as a platform
for delivering malicious content through email attachments.
VBA malware was particularly
popular in the last years of the 20th century, with macro viruses
accounting for a significant
proportion of all malicious samples. In the past, the malicious
code would use OLE automation
techniques to access the Microsoft Outlook® automation
interface, sending the infected
document as an attachment or simply propagating to all opened
documents by inserting
malicious code into the standard Normal.dot template.
For a long time it was thought that malicious VBA code was
extinct thanks to Microsoft’s
introduction of additional security features that prevented
automatic startup of code when
a document was opened. However, this year we have observed
VBA, embedded in Microsoft
Office XML format documents, acting as the first stage of
infection and downloading or dropping
additional malware components. This, however, had to be
achieved by using social engineering
tricks to convince users to open the document and explicitly
allow the VBA macro embedded in
the file to run.
Another trend is the reappearance of Visual Basic Script (VBS)
malware, with the most common
family being the Jenxcus84 worm. Jenxcus is a relatively simple
worm, which owes its success to
inventive techniques used for spreading and launching itself.
Figure 9. Top malware samples discovered by ReversingLabs in
2014, by volume per month
86. Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov
Low
116
High
979
0
200
400
600
800
1,000
83 https://www.virusbtn.com/virusbulletin/
archive/2014/07/vb201407-VBA.
84 http://www.microsoft.com/security/
portal/threat/Encyclopedia/Entry.
aspx?Name=Worm:VBS/Jenxcus#tab=2.
85 https://www.f-secure.com/weblog/
archives/00002764.html.
The worm is often delivered through a fake Adobe Flash updater
setup file whose download is
triggered when the user visits a maliciously crafted website—
for example, a spoofed YouTube
site. Once opened, Jenxcus enumerates mounted network drives
87. and copies itself to them. In
addition to that, Jenxcus creates a link with a base file name
identical to the base name of a
file that already exists on the drive. Users may unknowingly
click on the malicious link instead
of the file and launch the malware on their systems. Jenxcus
also provides a backdoor to the
infected computer by connecting to a website and allowing the
attacker to send commands to
control it.
We finish this brief overview of notable malware discovered in
2014 with Onionduke.85
Onionduke is malware delivered by a malicious TOR exit node.
It works by intercepting
downloads of Windows executable files and modifying
downloaded files on the fly to include
additional malicious components designed to gather intelligence
and steal user’s data that is
uploaded to the malware’s command and control servers.
The key take away from the Onionduke story is that using TOR
may help users stay anonymous,
but it will not make them secure. TOR users must remember that
the Internet traffic is routed
through TOR exit nodes, and not all participants in the TOR
network can be considered
benevolent. Furthermore, users should not download executable
files via TOR (or anything else)
without using some sort of network encryption mechanism such
as VPN.
HP Security Research | Cyber Risk Report 2015
88. 29
Proliferation of .NET malware in 2014
There was a marked increase in .NET malware in 2014, and
there are multiple reasons why
malware authors found this platform so attractive. The ease of
the development platform, the
availability of extensive libraries, the promise of multiplatform
support, and the somewhat
rudimentary state of the instrumentation and emulation by AV
engines—as well as the lack of
advanced automated malware analysis that could target .NET
applications—fueled an ongoing
interest in .NET malware development by various actors.
While MSIL platform malware initially lacked the obfuscation
and complexities of Win32
malware, actors have become increasingly inventive in using
MSIL code injections, MSIL
obfuscations and encryption. In 2014 we observed the following
.NET malware and adware in
the wild.
On the top of the list of most prevalent .NET malware families
we see Barys, Ranos, Kryptik,
Disfa, and Bladabindi. Fsysna, Codewall, and Sisbot appear at
about the same level of
prevalence. Beginning from Fsysna the prevalence distribution
becomes considerably more
even, without major spikes. This shows that the vectors of
propagation remain consistent and
are mostly associated with spam and social engineering
downloads and not with major product-
vulnerability exploits.