Emergency Management and Response
Information Sharing and Analysis Center
(EMR-ISAC)

CIP Bulletin 1-10                           January 26, 2010

NOTE: This Bulletin will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response- Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by e-mail at emr-isac@dhs.gov.

Cyber Security Trends for 2010

This New Year is an opportune time to assess the cyber security landscape of Emergency Services Sector departments and agencies, and prepare for new challenges that may lie ahead, as well as the current threats which may continue.

• Malware, Worms, and Trojan Horses: These will continue to spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.” Other methods will require the users to click on a link or button.
  
  
• Botnets and Zombies: These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.
  
  
• Scareware – Fake/rogue Security Software: There are millions of different versions of malware, with hundreds more being created and used every day. This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.
  
  
• Attacks on Client-side Software: With users keeping their operating systems patched, client-side software vulnerabilities are now an increasingly popular means of attacking systems. Client-side software includes things like Internet browsers, media players, PDF readers, etc. This software will continue to have vulnerabilities and subsequently be targeted by various malwares.
  
  
• Ransom Attacks: These occur when a user or company is hit by malware that encrypts their hard drives or they are hit with a Distributed Denial of Service Attack (DDOS) attack. The cyber criminals then notify the user or company that if they pay a small fee, the DDOS attack will stop or the hard drive will be unencrypted. This type of attack has existed for a number of years and is now gaining in popularity.
  
  
• Social Network Attacks: Social network attacks will be one of the major sources of attacks in 2010 because of the volume of users and the amount of personal information that is posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone's page, which could bring users to a malicious website.
  
  
• Cloud Computing: Cloud computing is a growing trend due to its considerable cost savings opportunities for organizations. Cloud computing refers to a type of computing that relies on sharing computing resources rather than maintaining and supporting local servers. The growing use of cloud computing will make it a prime target for attack.
  
  
• Web Applications: There continues to be a large number of websites and online applications developed with inadequate security controls. These security gaps can lead to the compromise of the site and potentially to the site’s visitors.
  
  
• Budget Cuts: These will be a problem for security personnel and a boon to cyber criminals. With less money to update software, hire personnel, and implement security controls, enterprises will be trying to do more with less. By not having up-to-date software, appropriate security controls or enough personnel to secure and monitor the networks, organizations will be more vulnerable.

What Can I Do?

The following are helpful tips to assist in minimizing risk:

• Properly configure and patch operating systems, browsers, and other software programs.
  
  
• Use and regularly update firewalls, anti-virus, and anti-spyware programs.
  
  
• Be cautious about all communications; think before you click.
  
  
• Use common sense when communicating with users you DO and DO NOT know.
  
  
• Do not open email or related attachments from un-trusted sources.

• IBM’s Top Security Trends for 2010
• Symantec’s Top Security Trends for 2010
• SANS Top Cyber Security Risks
• Bankinfosecurity.com article
• PC World
• Panda Labs 2009 Annual Malware Report

DISCLAIMER of ENDORSEMENT
The U.S. Fire Administration/EMR-ISAC does not endorse the organizations sponsoring linked web sites, and does not endorse the views they express or the products/services they offer

FAIR USE NOTICE
This Bulletin may contain copyrighted material that was not specifically authorized by the copyright owner. EMR-ISAC personnel believe this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Reporting Notice
DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by e-mail at NOC.Fusion@dhs.gov.

The FBI regional phone numbers can be found online at www.fbi.gov/contact/fo/fo.htm.

For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a sub-element of the NOC. The NICC can be reached by telephone at 202-282-9201 or by e-mail at NICC@dhs.gov.

When available, each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact support@govdelivery.com.

Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes.

U.S. Fire Administration • U.S. Department of Homeland Security • Emmitsburg, MD 21727 • (301) 447-1325