Click here to close now.

Welcome!

Cloud Security Authors: Lori MacVittie, Liz McMillan, Elizabeth White, Pat Romanski, John Wetherill

Related Topics: Microsoft Cloud, Silverlight, Cloud Security

Microsoft Cloud: Blog Feed Post

Microsoft Partners with World Class Best Cyber Firm Kyrus Tech Inc

Helps Defeat Some Very Bad Criminals

We have previously written about Kyrus Tech Inc and have highlighted their unique capability called Carbon Black. We have worked with the team of experts there in the past and I am very proud to have been professionally associated with Michael Tanji since we were both in government in the mid 1990′s. We have also been privileged to have worked with and learned from cyber teams at Microsoft for years and know many great professionals there.  In part because of that it was especially great to read the press release below that shows how Microsoft and Kyrus Tech have combined their strengths to help reduce a particularly nasty vector of cyber crime. Their collaborative work has helped disrupt the massive Zeus cybercrime operation.

For details on the role of Kyrus see: http://www.kyrus-tech.com/blog/

We also recommend a review of the press release below from: http://www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx

Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft

Microsoft collaborates with financial services industry in unprecedented cross-industry action against notorious cybercrime operation behind online fraud and identity theft.

REDMOND, Wash. — March 25, 2012 — In its most complex effort to disrupt botnets to date, Microsoft Corp., in collaboration with the financial services industry — including the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association — as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organization.

Through an extensive and collaborative investigation into the Zeus threat, Microsoft and its banking, finance and technical partners discovered that once a computer is infected with Zeus, the malware can monitor a victim’s online activity and automatically start keylogging, or recording a person’s every keystroke, when a person types in the name of a financial institution or ecommerce site. With this information, cybercriminals can steal personal information that can be used for identity theft or to fraudulently make purchases or access other private accounts. In fact, since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including approximately 3 million computers in the United States alone.

“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit. “The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come.”

This disruption was made possible through a successful pleading before the U.S. District Court for the Eastern District of New York, which allowed Microsoft and its partners to conduct a coordinated seizure of command and control servers running some of the worst known Zeus botnets. Because the botnet operators used Zeus to steal victims’ online banking credentials and transfer stolen funds, FS-ISAC and NACHA joined Microsoft as plaintiffs in the civil suit, and Kyrus Tech Inc. served as a declarant in the case. Other organizations, including F-Secure, also provided supporting information for the case.

As a part of the operation, on March 23, Microsoft and its co-plaintiffs, escorted by the U.S. Marshals, seized command and control servers in two hosting locations, Scranton, Pa., and Lombard, Ill., to seize and preserve valuable data and virtual evidence from the botnets for the case. Microsoft and its partners took down two Internet Protocol addresses behind the Zeus command and control structure, and Microsoft is currently monitoring 800 domains secured in the operation, which are helping identify thousands of computers infected by Zeus.

This is the second time Microsoft has conducted physical seizures in a botnet operation, and it is the first time other organizations have joined Microsoft as plaintiffs in the legal case for a botnet operation. This is also the first operation for Microsoft that involved the simultaneous disruption of multiple operating botnets in a single action and is the first known time the Racketeer Influenced and Corrupt Organizations (RICO) Act has been applied as the legal basis in a consolidated civil case to charge all those responsible in the use of a botnet.

“As crimes against banks and their customers move from stickups to mouse clicks, we’re also using our own mouse clicks — as well as the law — to help protect consumers and businesses,” said Greg Garcia, a spokesperson for the three major financial industry associations that worked with Microsoft on this initiative. “Disrupting the Zeus botnets is just one strike in our long-term commitment to help defend and protect people.”

Because of the complexities of these targets, unlike Microsoft’s previous botnet operations, the goal of this action was not to permanently shut down all impacted Zeus botnets. However, this action is expected to significantly impact the cybercriminals’ operations and infrastructure, advance global efforts to help victims regain control of their infected computers, and also help further investigations against those responsible for the threat. As with its previous botnet operations, Microsoft will now use the intelligence gained from this operation to partner with Internet service providers and Community Emergency Response Teams around the world to help rescue people’s computers from the control of Zeus, helping to reduce the size of the threat that these botnets pose and to help make the Internet safer for consumers and businesses worldwide. Together, these aspects of the operation are expected to undermine the criminal infrastructure that relies on these botnets every day to make money and to help provide new tools for the industry to work together to proactively fight cybercrime.

Michael Tanji, chief security officer of Kyrus Tech Inc., who helped analyze the Zeus malware and determine which botnets were the most dangerous said, “We are proud to have played a part in this groundbreaking effort and hope that others will start working together to combat malicious activity at the same scale as it is being perpetrated.”

There are steps consumers and businesses can take to better help protect themselves from becoming victims of malware, fraud and identity theft. All computer users should exercise safe practices, such as running up-to-date and legitimate computer software, firewall protection, and antivirus or antimalware protection. People should also exercise caution when surfing the Web and clicking on ads or email attachments that may prove to be malicious. For computer owners worried their computers might be infected, Microsoft offers free information and malware cleaning tools athttp://support.microsoft.com/botnets that can help people remove Zeus and other malware from their computers. For businesses looking for more information about corporate account takeover issues, including those due to malicious software, a fraud advisory from FS-ISAC, the FBI and the U.S. Secret Service can be found at http://www.fsisac.com/files/public/db/p265.pdf.

More information about today’s news and the coordinated action against Zeus is available athttp://www.microsoft.com/presspass/presskits/dcu. Legal documentation in the case can be found athttp://www.zeuslegalnotice.com.

About FS-ISAC

The Financial Services Information Sharing and Analysis Center was formed in 1999 and is a non-profit, private financial sector initiative. It was designed and developed and is owned by financial institutions. Its primary function is to share timely, relevant and actionable information of physical and cyber security threat and incident information to help mitigate the risk associated with these threats. [http://www.fsisac.com/]

About NACHA – The Electronic Payments Association

NACHA manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data. The ACH Network provides a safe, secure, and reliable network for direct account-to-account consumer, business, and government payments. Annually, it facilitates billions of Direct Deposit via ACH and Direct Payment via ACH transactions. Used by all types of financial institutions, the ACH Network is governed by the fair and equitable NACHA Operating Rules, which guide risk management and create payment certainty for all participants. As a not-for-profit association, NACHA represents more than 10,000 financial institutions via 17 regional payments associations and direct membership. Through its industry councils and forums, NACHA brings together payments system stakeholders to foster dialogue and innovation to strengthen the ACH Network. To learn more, please visit www.nacha.org.

AboutKyrus Tech, Inc.

Kyrus is a security innovation company. We have deep expertise in vulnerability research, reverse engineering, computer forensics and custom software development. We apply those skills to conduct research and develop solutions for the business, critical infrastructure and national security communities. We strive to disrupt the status quo. We believe that approaching security problems from diverse perspectives and without preconceptions is the only way for security to become both a valued and a cost-effective capability.

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed athttp://www.microsoft.com/news/contactpr.mspx.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.

@ThingsExpo Stories
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
The worldwide cellular network will be the backbone of the future IoT, and the telecom industry is clamoring to get on board as more than just a data pipe. In his session at @ThingsExpo, Evan McGee, CTO of Ring Plus, Inc., discussed what service operators can offer that would benefit IoT entrepreneurs, inventors, and consumers. Evan McGee is the CTO of RingPlus, a leading innovative U.S. MVNO and wireless enabler. His focus is on combining web technologies with traditional telecom to create a new breed of unified communication that is easily accessible to the general consumer. With over a de...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
Disruptive macro trends in technology are impacting and dramatically changing the "art of the possible" relative to supply chain management practices through the innovative use of IoT, cloud, machine learning and Big Data to enable connected ecosystems of engagement. Enterprise informatics can now move beyond point solutions that merely monitor the past and implement integrated enterprise fabrics that enable end-to-end supply chain visibility to improve customer service delivery and optimize supplier management. Learn about enterprise architecture strategies for designing connected systems tha...
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, deploy, and manage applications integrating voice, video and data. He is the co-founder of TeleStax, a...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., showed what is needed to leverage the IoT to transform your business. He discussed opportunities and challenges ahead for the IoT from a market and technical point of vie...
Grow your business with enterprise wearable apps using SAP Platforms and Google Glass. SAP and Google just launched the SAP and Google Glass Challenge, an opportunity for you to innovate and develop the best Enterprise Wearable App using SAP Platforms and Google Glass and gain valuable market exposure. In his session at @ThingsExpo, Brian McPhail, Senior Director of Business Development, ISVs & Digital Commerce at SAP, outlined the timeline of the SAP Google Glass Challenge and the opportunity for developers, start-ups, and companies of all sizes to engage with SAP today.
Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water, are pursuing SmartGrid initiatives that represent one of the more mature examples of SAE. We have s...
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrategies, will examine why IT must finally fulfill its role in support of its SBUs or face a new round of...
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, described an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-device experiences grounded in people's real needs and desires.
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Can call centers hang up the phones for good? Intuitive Solutions did. WebRTC enabled this contact center provider to eliminate antiquated telephony and desktop phone infrastructure with a pure web-based solution, allowing them to expand beyond brick-and-mortar confines to a home-based agent model. It also ensured scalability and better service for customers, including MUY! Companies, one of the country's largest franchise restaurant companies with 232 Pizza Hut locations. This is one example of WebRTC adoption today, but the potential is limitless when powered by IoT.
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will addresses this very serious issue of profound change in the industry.
SYS-CON Events announced today that BMC will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, BMC pairs high-speed digital innovation with robust IT industrialization – allowing customers to provide amazing user experiences with optimized IT per...
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data a...
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participa...
The world is at a tipping point where the technology, the device and global adoption are converging to such a point that we will see an explosion of a world where smartphone devices not only allow us to talk to each other, but allow for communication between everything – serving as a central hub from which we control our world – MediaTek is at the heart of both driving this and allowing the markets to drive this reality forward themselves. The next wave of consumer gadgets is here – smart, connected, and small. If your ambitions are big, so are ours. In his session at @ThingsExpo, Jack Hu, D...
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data retrieval. They can easily adapt to new data sets and provide access to both structured and unstruc...