On Earth Day this year, we launched the “One Mug, One Planet” campaign to help reduce waste across our operations and encourage all employees to think about the impacts they make both inside and outside the office. Additionally, the campaign supports our corporate-wide goal to reduce paper cup usage by 15%, and to achieve 80% waste diversion at all of our audited sites.

Our goal for the “One Mug, One Planet” campaign is 1,000 pledges signed across Symantec, and 10% of employees at sites that have opted in to join this campaign.

The campaign has been a huge success and since our launch we’ve received 823 pledges from multiple countries across the world, including the United States, Mexico, England, South Africa, and India. We’ve also received over 50 Mug Shots! Here are a few of our favorites:

Cheryl Ng, Jacqueline Lee, Gracia Santos, Kok Siong Wong, Mun Kong Jay, Vivien Oh, and Zeenath Ali - Singapore 

Traci Kent - Springfield, OR

The campaign has not only been effective for raising awareness about the benefits of using a reusable mug, but it has also expanded our Green Teams with our first Latin American Green Team in Mexico City and a new team in Beijing. Four new sites have also joined the One Mug, One Planet campaign – welcome San Francisco, Beijing, Mexico City and Cape Town! 

Remember, if one person used a reusable mug everyday this year it would save 87 lbs of CO2. If all Symantec employees used a reusable mug every day for one year it would save 1,883,400 lbs of CO2.

It’s a small step, but makes a huge difference, and I think many of us will find it brings awareness to other small changes we can make to reduce our impacts, I know it has for me.  

Thank you for your comments and feedback

We received a large number of comments from employees supporting the launch with helpful ideas on how we can expand or improve this effort both regionally and globally. Here I share a few highlights, and some comments in response:

• This is an easy step to reduce your impact on the environment. Many of us have been using a reusable mug for a long time and hope others will continue to join us!

• Some companies incentivize employees to use and return reusable items to the company’s cafeteria – could this be another option to decrease use of paper products? Symantec could also provide mugs on birthdays, holidays, etc. to continually promote reuse.

Great idea that the Green Teams will discuss at our upcoming meeting to incorporate in future phases of the campaign.

• Many companies have eliminated paper cups– is this a potential direction to pursue?

For the first phase of this project, we have opted to keep paper cups in the office as we understand the frustration of not having a means to grab a cup of coffee or water. Until we can fully support reusable cups (e.g. with enough stock and consistent facilities to wash them in), we will continue to encourage our employees to take the initiative and choose a reusable mug, and support them in doing this the best way we can. However, we agree that eliminating paper cups is optimal!

• What about other items such as plastic container and paper usage?

We agree there are many items we need to focus on to reduce the footprint of our facilities. As our Corporate Responsibility website states, a key pillar of our environmental strategy is Resource Conservation, which includes reducing our energy usage, developing energy efficient and sustainable buildings through LEED Certification, reducing waste in our offices, conserving water and more. Additionally, shortly we are launching another Green Team campaign to encourage employees to reduce their use of plastic water bottles. Stay tuned for more on this!

• When you factor the water used to wash mugs, do they really end up being more environmentally friendly?

This is a great question that is constantly up for debate. There are various studies that show the benefits of both recycled paper cups and reusable cups, and indeed, the efficiency of washing mugs impacts the overall footprint of these.

I look forward to sharing more with you as we explore new ways to engage employees in our environmental commitments!

Chris Abess is Symantec's Vice President, Sales & Marketing Operations (SMO)​ and Global Green Team Executive Champion

Hoi Zusammen,

Wisst ihr ob ein nächstes "Backup & Archiving User Group Schweiz" Treffen geplant ist?

Gruess
Michael

Spam emails take advantage of July 4 with fake offers.

Hello Symantec Community,

After the successful launch of Enterprise Vault 11, it is time for another exciting new release that is coming your way. EV 11.0.1 is just around the corner and packed with lots of new features to help you Archive Anything, Access Anywhere and Manage Efficiently. We are delighted to invite you to try out the next update which is on target to be generally available later this year. We expect the Beta program to commence towards end of July.

For Beta sign up please contact your Regional Product Manager by clicking on the appropriate link below:

APJ– Amit Punde

EMEA- Glenn Martin

US– Gregg Karas

We look forward to your continued valuable participation!

Below are some of the new capabilities we currently plan* on including in the release:

SMTP Archiving

Ingesting content into the archive couldn’t be easier with the introduction of a new high performance, highly flexible and robust SMTP agent. Utilizing the SMTP protocol, Enterprise Vault can now archive any content sent to it via any application or product that supports sending email.

Apart from other benefits, the new capability offers huge ROI and reduce infrastructure costs for journaling, with no dependency on MAPI for crawling large journal mailboxes. The journal feed can be sent directly to Enterprise Vault instead of maintaining multiple journal mailboxes on dedicated Exchange servers.

NetApp c-Mode Filer Archiving

Archive content from NetApp Data On-TAP Cluster Mode (cDOT) and replace with Placeholders to preserve seamless end-user experience.

EVS Mobile

Finding your email archived items on the go is now quick and easy with Enterprise Vault Search Mobile edition (EVS Mobile).  

EVS Mobile is a smartphone optimized, archive search solution for iOS, Android and Windows Mobile.

EVS Tablet Support

The power of Enterprise Vault Search (EVS) now optimized for tablet screen sizes and touch devices.

SMTP & Social Media Enhancements for Compliance & Discovery Accelerator

Accelerators are now able to search and sample utilizing two new categories, SMTP and Social Media.

PST Owner Identification

Allow Enterprise Vault to determine true PST ownership by intelligently sampling the contents of each PST. This technique greatly reduces the impact of admin intervention due to not knowing who owns a PST file.

Separately downloadable EV Client

The client package will also be available for download separate from the server package.

Thanks & Regards,

Enterprise Vault Beta Team

* Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change.

Hi Everyone,

News hot off the press; we've just released our first cumulative hotfix for Enteprise Vault 11.0.0.

Head this way for more details and the download:

http://www.symantec.com/business/support/index?page=content&id=TECH215094

As many Enterprise Vault people will know Enterprise Vault 11 Cumulative Hotfix 1, came out on Friday (4th July 2014). Here is a link to the technote where you can download the update:

Enterprise Vault 11.0.0 Cumulative Hotfix 1 Release

I decided to upgrade one of my labs almost straight away because I'm looking to see if resolves a long standing issue we've had with Archive Shuttle and ingesting data into Enterprise Vault.  The 160-something Mb download is a zip file containing an ISO of 350-something Mb.  So it's not a 'small' update let me tell you!  

The installation was kind of strange as well.  The first time I ran it the installer failed to stop any of the services, and after 5 minutes of frustration I decided to abort the installation, set all the Enterprise Vault services to manual, restart the machine, and try again.  The install worked that time, and only took a couple of minutes.

The final bit that as a bit 'odd' was having to run the Database Upgrade via a 'new-style'-command line tool. It was a bit of a pain having to do that manually, especially in my single server site, where it would be nice to just 'do it' as part of the installation.

After that, what's the verdict?

Well I haven't found any issues yet, and it solved the issue where the EV API would take a folder name and just because it has a few digits here and there in the folder path, it would think it was a folder ID, instead of just a path.

Learn why the increased capacity for NetBackup 5230 and 5220 appliances is more than "speeds and feeds" as it is significant for three (3) reasons:
• Confirms Symantec’s commitment to NetBackup and NetBackup appliances.
• Validates Symantec as a leading integrated backup appliance.
• Delivers investment protection to our customers.

There is no way to use a GUI to move MSMQ on Windows Server 2012. You can move MSMQ using PowerShell.

I came across this news last month and was a bit dissapointed. I was aiming to move to Zone just before this accouncement came as I very much liked the idea of holding my own encryption keys. Unlike with some other cloud storage providers, my stuff would remain always remain my stuff in the zone.

If you are a Norton Zone customer, today (7th July) sadly marks the beginning of the end. According to the Zone placeholder page, from today you'll no longer be able to share files or create public links. The end itself comes in one month on the 6th of August at which point Symantec will terminate the service and delete any remaining Zone files.

My heart goes out to all those who shed sweat developing this product.

Full details on http://www.nortonzone.com/

Kind Regards,
Ian./

“This has been a priority for us because six years after the financial crash, many young people are still struggling. In fact, one of the most terrifying statistics is that nearly six million young Americans between the ages of 16 and 24 are out of school and out of work, and for those who don't get a college education or even high school, most doors just won't open no matter how hard they knock. We want to get to work and it's one of the highest priorities for CGI America and I'm delighted that there is so much interest because ultimately it's about more than paychecks.” – Hillary Clinton, former Secretary of State and U.S. Senator

The launch of a new initiative: the SC3

On June 24, 2014, Symantec officially launched its new signature initiative, the Symantec Cyber Career Connection (SC3), at the Clinton Global Initiative America meeting in Denver, CO. The SC3 aims to address the global workforce gap in cybersecurity by training and certifying young adults in cybersecurity and assisting them in landing meaningful internships and jobs.

Addressing large-scale societal issues

It is clear that many companies are ill-equipped to handle the growing problem of cyber crime. Data breaches are becoming all-too common. In 2012, there was only one data breach in which more than 10 million identities were exposed. In 2013, there were 8 of these breaches. In total, more than 550 million people’s identities were exposed last year.

As a result, the market for cybersecurity jobs is large. In 2013, there were more than 200,000 postings for positions related to cyber security, representing nearly 10% of all information technology positions. However, it has proved difficult to fill these positions. Cybersecurity postings remained open 36 percent longer than the average job posting, and many of these positions request qualifications that are in limited supply. Yet, it has been estimated that 60,000 of these jobs could be filled by individuals without a college degree.

Meanwhile, unemployment among young adults (18-29) remains above 15%, more than double the national rate for all ages.

These numbers describe the unacceptable position in which our interconnected world now finds itself. The skills gap in the cybersecurity field is unsustainable. Symantec recognizes this problem, and we are using our knowledge, skills, and resources to do something about it.

Piloting the initiative

To conduct the SC3 initiative, Symantec has entered into partnerships with two nonprofit organizations—Year Up and NPower—to develop educational programs for underserved young adults (ages 18-29) in the field of cybersecurity information. The participants of the programs will receive industry-recognized certifications, such as CompTIA A+, Network+, and Security+, which will greatly increase their earning potential.

A number of our client companies will also become partners to the initiative by providing internships and permanent positions in cyber security. Symantec, together with the Symantec Foundation, will provide $2 million to the pilot, and our employees will serve as trainers and mentors in the programs.

The first class of 45 participants in three pilot locations (New York City, SF Bay Area, and Baltimore) will start in August of this year. They will complete the educational component of the programs within six months, and by February 2015, they will have begun their internships at partner companies. By September 2015, the participants will be qualified for permanent employment in entry-level cybersecurity positions.

Creating shared value for Symantec and society

While a number of existing initiatives share certain elements with the Symantec Cyber Career Connection, this is the only single, accessible pathway for underserved populations to access long-term cybersecurity careers.

In terms of benefits to our company, there is growing evidence that employee engagement and volunteering creates significant business value for companies. Symantec-sponsored initiatives such as the SC3 thus provide a two-fold benefit for the company: increasing loyalty among employees, and strengthening relationships with the broader technology community.

By serving as a model that can be scaled to broader populations across the U.S. and the globe, the SC3 reinforces Symantec’s position as an industry leader, and helps address an issue that will continue to grow in importance in the coming years. 

In August of this year, the first cohort of the Symantec Cyber Career Connection (SC3) initiative will begin comprehensive cyber security training. This training will be conducted simultaneously by two non-profit organizations: NPower and Year Up.

NPower

NPower, headquartered in Brooklyn, is a nonprofit that mobilizes the tech community and provides individuals, nonprofits, and schools access and opportunity to build tech skills and achieve their potential. NPower has provided six-month technology and professional skills training programs for young adults in New York City for 12 years.

Symantec employees have been involved with NPower for several years, volunteering to teach specialty technology skills in NPower workshops. “They’ve done a great job of using their expertise to lead that effort,” says Stephanie Cuskley, CEO of NPower. Indeed, a Symantec employee, Peter Hancock, won NPower’s volunteer of the year award, and now serves on their Advisory Council.

NPower’s upcoming SC3 program will enroll students who have already graduated from one of NPower’s previous courses. Thus, they will already have the “A+” certification, and will use the SC3 course to obtain the higher-level “Network+” or “Security+” certifications, and possibly the “Certified Ethical Hacker” certification.

“We felt like it was a perfect match, because Symantec is so familiar with our programs, is looking to fill the skills gap, and has expertise in this space,” says Patrick Cohen, Director of the Technology Service Corps at NPower.

NPower and Symantec bring complementary sets of skills and knowledge to the collaboration. “What NPower understands is the young person. What are the issues they’re going through? What are the challenges they face? We know how to turn a young person, in six months, into someone who is confident and believes in himself or herself. That’s what we bring,” explains Cuskley, adding, “Symantec brings its expertise as the leading brand in security. They are building a program with a very big vision to help young people succeed. That’s a commitment that is very powerful.”

Year Up

Over the past 14 years, Year Up has built and maintained a successful track record of training young adults in information technology. Year Up’s goal is to bridge the “opportunity divide” between the 6 million young adults who are disconnected from stable career pathways and the 14 million middle-skill jobs that will go unfilled over the next decade.

Year Up’s partnership with Symantec through the SC3 is a perfect fit. “Symantec came to us and said ‘we want to solve the broader problem,’” says Jeff Artis, National Director of Corporate Engagement at Year Up. “They’re a natural leader in the cyber security space and made sense as a partner for Year Up.”

Year Up not only teaches its students technical skills, but also covers the subtleties of working in a professional environment. “People in corporate America think differently, act differently, and even eat differently. It’s a different culture,” says Artis.

This broad perspective on training makes all the difference in guiding the participants into successful long-term careers. Year Up focuses on training these individuals and also ensures that they find meaningful jobs. Eighty-five percent of Year Up graduates are employed (earning an average of $30,000 per year) or attending college full-time within four months of completing the program.

This combination of technical and professional skills training is not only beneficial for the young adults Year Up serves, but will also build a pipeline of qualified cyber security workers for leading companies.  As Artis explains, “we want corporations to be aware that there’s a viable, vibrant source of talent out there.”

With cyber crime on the rise and data breaches hitting an all-time high in 2013, companies need more help than ever in protecting both their own and their customers’ data, which is reflected in the estimated 300,000 unfilled cybersecurity jobs advertised in the United States right now. Meanwhile, nearly 16 percent of Americans aged 18-29 are unemployed—more than twice the national rate.

Marian Merritt, Director of Cyber Education and Online Safety Programs, sat down with us recently to discuss how the new Symantec Cyber Career Connection (SC3) will help close this talent gap.

Q. What are some of the factors perpetuating the shortage of cyber security professionals?

A lack of clarity and standardization. Historically, there haven’t been good definitions of what “cyber security” encompasses or what it takes to be successful in the field. The result is that there are educational programs available and there are nonprofits offering certifications in cybersecurity, but for someone entering the field it’s not entirely clear which to pursue and in what order. To help solve the standardization issue, the Department of Homeland Security is making an effort to codify the jobs as well as the education and certifications they require.

Additionally, we know that there is a problem recruiting women into IT roles. We hope that with better focus on STEM education this can be addressed, but that’s a long-term solution. We’re looking for opportunities that might make a difference more rapidly.

Q. Where is today’s cyber security talent coming from? Are there concerted efforts to fill the career gap?

We’re seeing piecemeal efforts. We do hear a lot about companies sponsoring four year college training in cybersecurity as a subcategory of IT, and that's great, but it means that young people are not available for employment for four years. The Obama Administration has also been keenly focused on this issue, earmarking extra funds for cyber-related education, helping move more veterans into cyber roles, and supporting community colleges in the development of cybersecurity curricula. What’s important, ultimately, is the connection between cybersecurity hiring organizations and educators. In many cases, students are handed a certificate but not a connection to a job. The whole point is to get them jobs. We think we can avoid that pitfall.

We also believe there is no significant barrier to older workers entering the cybersecurity field, particularly those switching careers. Ultimately, we would love for our model to expand and be replicated elsewhere.

Q. Research from Burning Glass—a leading provider of career data and services—shows that 84 percent of cyber security job postings in 2013 required candidates to have at least a bachelor’s degree and 51 percent required at least one form of professional certification. Do the two always go hand-in-hand? Is there a way to pursue a career in cyber security without a college degree?

We’ve seen reports estimating that up to 20 percent of today’s open cybersecurity positions could be filled by people without college degrees. While a degree is often preferable, it’s not always required, and many companies are willing to provide the right candidates with specialized training to bring them up to speed. What we do anticipate is that helping young people get into entry-level cybersecurity roles will take some mix of A+ and Security+ certifications from a recognized provider like CompTIA, and that’s what we’re trying to accomplish with the launch of the SC3 initiative this year.

Q. Would you say that some of the high profile security breaches that have been in the news in the past year or so—especially among retailers—are more symptomatic of a cyber security talent shortage or changes in the threat landscape?

There are many factors contributing to security breaches, but cybersecurity talent shortages certainly play a role. Cyber criminals are also finding increasingly creative ways to get into organizations and access sensitive data—and not always through direct attacks. In some cases they’ll get in the back door by targeting smaller companies that do business with the larger entity. Months can pass before a breach is recognized, and it might even be another business partner that ultimately uncovers it, such as a credit card company noticing a lot of fraudulent activity associated with a particular retailer.

Unfortunately, cyber crime continues to be an attractive and lucrative business, especially in some countries where people are less concerned about being detected. That being said, things are improving with more concerted partnership between law enforcement of different countries. Cyber crime can cause people to lose confidence in the marketplace, and that’s problematic for the global economy.

Q. How will the qualifications of tomorrow’s cyber security professional differ from today’s?

That is a great question. I imagine that a lot more of the basics will be taught in high schools as a path for those who are interested in the field, and A+ certifications could certainly be completed via online courses. More advanced training—anything requiring students to use and interact with IT equipment—would still need to take place in labs, and I don’t think America’s high schools are outfitted for that kind of work at this time. We have visited private schools that are already focused on advanced IT skill development, and we consider that to be a leading indicator of the cybersecurity field’s trajectory and formalization.

Un campaña de ciberespionaje contra una amplia variedad de blancos, principalmente el sector energético, le ha dado a los atacantes cibernéticos la posibilidad de montar operaciones de sabotaje contra sus víctimas. El grupo detrás de los ataques, denominados por Symantec como Dragonfly, lograron comprometer una considerable cantidad de organizaciones estratégicamente importantes con propósitos de espionaje y, al poder hacer uso de las capacidades de sabotaje con las que cuentan, podrían causar daños o disrupción a los suministros de energías de los países afectados.

Entre los blancos de Dragonfly se encontraron operadores de red de energía,  las principales firmas de generación de electricidad, operadores de ductos de petróleos, y proveedores de equipamientos industriales del sector energético. La mayor parte de estas víctimas se encuentran en los Estados Unidos, España, Francia, Italia, Turquía y Polonia.

El grupo Dragonfly cuenta con varios recursos, con un amplio rango de herramientas a su disposición y se encuentra capacitado para lanzar varios ataques a través de diferentes vectores. Su campaña de ataque más ambiciosa demostró como pudo comprometer a varios proveedores de equipos de sistemas de control industrial (ICS) infectando su software con un troyano de acceso remoto.  Como resultado, al descargar el software para actualizar aquellas máquinas con ICS,  el software malicioso se instaló en las compañías afectadas.  Estas infecciones no sólo le brindó a los atacantes con un acceso a la red de las organizaciones blanco, sino también con los medios para montar operaciones de sabotaje contras las computadoras afectadas de ICS.

Esta campaña sigue los pasos de Stuxnet, la cual fue la primera gran campaña en atacar a sistemas ICS. Si bien Stuxnet se concentró en el programa de nuclear iraní y en realizar sabotajes, Dragonfly parece tener un foco más amplio en espionaje.

Además de comprometer el software de ICS, Dragonfly ha usado campañas de correo electrónico infectados y ataques de tipo watering hole para infectar organizaciones blanco.  Este grupo ha usado los 2 principales tipos de herramientas de software malicioso: Backdoor.Oldrea y  Trojan.Karagany.

Antes de la publicación de esta investigación, Symantec notificó sobre esta campaña a los afectados y a las autoridades correspondientes.

Antecedentes

El grupo Dragonfly, también conocido por otros proveedores como Energetic Bear, aparenta estar en operación desde al menos el año 2011 y puede que haya estado activo desde mucho antes. Inicialmente, Dragonfly tenía como blanco las compañías de defensa y aviación de Estados Unidos y Canadá antes de cambiar de foco principal hacia firmas energéticas de Europa y Estados Unidos a principios de 2013.

El análisis de compilación de los períodos de tiempo en el que el software malicioso fue utilizado por los atacantes, indica que el grupo habría trabajado entre lunes y viernes, con actividad principalmente en el periodo de 9 horas correspondientes a 9 a.m. a 6 p.m. en el huso horario UTC+4.  Dada esta información, es muy probable que los atacantes se encuentren en Europa del este.

Imagen. Los principales 10 países con infecciones activas (donde los atacantes robaron información de las computadoras infectadas)

Herramientas utilizadas

Dragonfly utiliza dos piezas de software malicioso en sus ataques. Ambas, son herramientas de acceso remoto (RAT) que les permite acceder y tomar control de los equipos comprometidos.

La herramienta de preferencia de Dragonfly es Backdoor.Oldrea, también conocida como Havex o Energetic Bear RAT. Oldrea actúa como una puerta trasera para los atacantes en la computadora de la víctima, permitiendo extraer datos e instalar más software maliciosos adicionales.

Adicionalmente, Oldrea acumula información del sistema, junto con un listado de archivos, programas instalados y la raíz de las unidades disponibles.  También extrae datos de la libreta de contactos de Outlook y los archivos de configuración de VPN.  Estos datos se escriben en archivos temporarios con formato encriptado antes de ser enviado al servidor remoto de comando y control  (C&C) controlado por los atacantes.

La segunda herramienta utilizada por Dragonfly es Trojan.Karagany. La versión 1 del código fuente de Karagany se infiltró en 2010. Desde Symantec, creemos que Dragonfly puede haber tomado este código fuente y haberlo modificado para su uso. La versión detectada por Symantec fue Trojan.Karagany!gen1.

Karagany es capaz de subir datos robados, descargar nuevos archivos, y ejecutar archivos en las computadoras infectadas. También puede ejecutar plugins adicionales, como herramientas de recolección de contraseñas, tomar screenshots, y catalogación de documentos en las máquinas infectadas.

Symantec encontró que la mayoría de las computadoras fueron comprometidas con Oldrea. Karagany fue utilizada solo en alrededor del 5 por ciento de las infecciones.

Múltiples vectores de ataques

El grupo Dragonfly ha utilizado al menos 3 tácticas de infección contra los blancos en el sector energético. 

El grupo Dragonfly utilizó, al menos, tres estrategias de infección de objetivos del sector energético. El primer método fue una campaña de spam por correo electrónico, durante la cual determinados empleados de nivel ejecutivo de las empresas objetivo recibieron correos electrónicos con archivos PDF maliciosos adjuntos. Los correos electrónicos infectados mostraban uno de los siguientes dos asuntos: “La cuenta” o “Solución del problema de entrega” Todos los correos electrónicos provenían de una dirección única de Gmail.

La campaña de spam comenzó en febrero de 2013 y continuó hasta junio de 2013. Symantec identificó a siete organizaciones objetivo distintas en esta campaña. La cantidad de correos electrónicos enviados a cada organización fue de 1 a 84.

Posteriormente, los atacantes reorientaron su enfoque en forma de ataque de tipo “watering hole”. De esta manera, lograron infectar varios sitios web relacionados con el sector energético e inyectaron un iframe en cada uno de ellos, lo cual redireccionó a los visitantes a otro sitio web legítimo afectado que hospedaba el kit de explotación Lightsout. Lightsout utiliza Java o Internet Explorer para insertar Oldrea o Karagany en el equipo de la víctima. El hecho de que los atacantes infectaron varios sitios web legítimos en cada etapa de la operación es una prueba más de que el grupo cuenta con sólidas capacidades técnicas.

En septiembre de 2013, Dragonfly comenzó a usar una nueva versión de este kit de explotación, conocido como kit de explotación Hello. La página de destino de este kit contiene JavaScript, que toma huellas digitales del sistema a fin de identificar complementos del navegador instalado. A continuación, se redirecciona a la víctima a una URL que, a su vez, determina el mejor punto vulnerable que debe usarse de acuerdo con la información recopilada.

Software troyano

El vector de ataque más ambicioso utilizado por Dragonfly fue el compromiso de un número de paquetes de software legítimos. Tres diferentes proveedores de equipamiento ICS fueron el blanco y el software malicioso fue insertado a través de paquetes de software legítimos que se encontraban disponibles para descargar en sus sitios web. 

Entre los ataques identificados se encuentra el software troyano de un producto utilizado para brindar acceso de VPN a  dispositivos del tipo controlador lógico programable (PLC).  Si bien el proveedor reportó el ataque muy poco después de haber ocurrido, ya había habido 250 descargas únicas del software comprometido.

También se detectó el ataque una compañía Europea que desarrolla sistemas para manejar turbinas de viento y otras infraestructuras. Symantec cree que el software comprometido pudo haber estado disponible para descargar por aproximadamente diez días en abril de 2014.

El grupo Dragonfly se encuentra capacitado para pensar estratégicamente. Dado el tamaño de algunos blancos, el grupo encontró su “talón de Aquiles” al comprometer a sus proveedores, quienes son más pequeños, y compañías menos protegidas.

Protección

Symantec cuenta con las siguientes detecciones que protegerán a los clientes con las versiones más recientes de nuestros productos de los software maliciosos utilizados en estos ataques:

Detección de antivirus

• Backdoor.Oldrea
• Trojan.Karagany
• Trojan.Karagany!gen1

Sistema de prevención de intrusos

• Web Attack: Lightsout Exploit Kit
• Web Attack: Lightsout Toolkit Website 4

Para más detalles técnicos, acceda a nuestro whitepaper (en Inglés)

This blog describes end-to-end process for switching from Keystone V2.0 to V3.

Running a small experiment on single node OpenStack Havana instance on Ubuntu 12.04.4 LTS Precise Pangolin. I have used DevStack for deploying and configuring OpenStack which by default comes with Keystone V2.0. We had a requirement to test Domains functionality which was introduced in Keystone V3.

Making sure that we have a working version of OpenStack instance with Keystone V2.0.

Setup environment:

export OS_USERNAME=<UserName> 

export OS_TENANT_NAME=<ProjectName>

export OS_PASSWORD=<Password>

export OS_AUTH_URL=http://127.0.0.1:5000/v2.0

export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

export SERVICE_TOKEN=<KeystoneServiceToken>

Run few CLIs and verify that they all succeed. Using CLI for initial testing, you can use REST APIs as well.

List Users:

keystone user-list

List Servers:

nova server-list

List VM Images:

glance image-list

Workflow:

Step 1: Keystone Policy File

Apply appropriate version of policy.json. Keystone V3 (domain feature) is not supported in default policy.json located at /etc/keystone/policy.json. The appropriate version of policy file is packaged with Keystone source code under /opt/stack/keystone/etc/policy.v3cloudsample.json.

mv /etc/keystone/policy.json /etc/keystone/policy.json.bak

cp /opt/stack/keystone/etc/policy.v3cloudsample.json /etc/keystone/policy.json

Step 2: Update Keystone Endpoints

Update Keystone endpoint in MySQL database. Keystone endpoints has three types of interfaces, "internal", "public", and "admin". They all must be set to V2.0. Internal and Public interface are set to the same URL.

$ mysql

mysql> use keystone;

mysql> select interface, url from endpoint e, service s where s.id=e.service_id and s.type="identity";

+-----------+-----------------------------+

| interface | url                         |

+-----------+-----------------------------+

| internal  | http://127.0.0.1:5000/v2.0 |

| public    | http://127.0.0.1:5000/v2.0 |

| admin     | http://127.0.0.1:35357/v2.0 |

+-----------+-----------------------------+

3 rows in set (0.00 sec)

Now, update all three URLs, change V2.0 API to V3 with:

mysql> select id from service where type="identity";

+----------------------------------+

| id                               |

+----------------------------------+

| b0bbb0370ee4402eb3770129fdc0c328 |

+----------------------------------+

1 row in set (0.00 sec)

mysql> update endpoint set url="http://127.0.0.1:5000/v3" where url="http://127.0.0.1:5000/v2.0" and service_id="b0bbb0370ee4402eb3770129fdc0c328";

mysql> update endpoint set url="http://127.0.0.1:35357/v3" where url="http://127.0.0.1:35357/v2.0" and service_id="b0bbb0370ee4402eb3770129fdc0c328";

Confirm that you have all three endpoints updated to V3:

mysql> select interface, url from endpoint e, service s where s.id=e.service_id and s.type="identity";

+-----------+---------------------------+

| interface | url                       |

+-----------+---------------------------+

| internal  | http://127.0.0.1:5000/v3 |

| public    | http://127.0.0.1:5000/v3 |

| admin     | http://127.0.0.1:35357/v3 |

+-----------+---------------------------+

3 rows in set (0.00 sec)

Step 3: Restart OpenStack Services

Restart Keystone, Nova, and Glance by re-joining DevStack screen session, locate screen for Keystone (named "key"). Hit "Ctrl + Z" followed by up arrow key + Enter.

$ cd devstack

$ ./rejoin-stack.sh

Step 4: Verification

Update Environment to update Keystone Endpoint:

export OS_AUTH_URL=http://127.0.0.1:5000/v3

export SERVICE_ENDPOINT=http://127.0.0.1:35357/v3

List Users:

You can either Keystone CLI or REST API.

keystone user-list 

curl -s GET http://127.0.0.1:35357/v3/users -H X-Auth-Token:$SERVICE_TOKEN  | jq .

List Servers:

Nova CLI is not supported with Keystone V3 so please use CLI reference to OpenStack APIs:

openstack --os-identity-api-version=3 image list

List Images:

Glance CLI is not supported with Keystone V3 so please use CLI reference to OpenStack APIs:

openstack --os-identity-api-version=3 server list

Check out June 2014's most viewed content in the Storage and Clustering community and get a link to the most recent Storage and Clustering newsletter.

Need complete visibility into your environment?  Do you find yourself reactive to breaches or always behind intrusions?  MetriX dashboards can provide complete visibility into your security environment and give you the power to be proactive!

Check out MetriXdashboards for more information and ways to utilize MetriX to increase your efficiency.

For more information or to schedule a demo please contact:

Ryan Schoenherr

810-877-1743

rjschoenherr@novacoast.com

On behalf of Symantec, we would like to invite your participation in a research survey on Information Governance. Your comments and inputs are very important to help us understand your needs, so please try to make your answers complete. In return, we would like to offer ALL the qualifying respondents who finish the survey 50 ofSymantec Connect Reward Points.

The survey should only take about 5-10 minutes to complete.

Please click below link to begin the survey. Thank you.

https://www.surveymonkey.com/s/messagetesting

On behalf of Symantec, we would like to invite your participation in a research survey on Information Governance. Your comments and inputs are very important to help us understand your needs, so please try to make your answers complete. In return, we would like to offer ALL the qualifying respondents who finish the survey 50 ofSymantec Connect Reward Points.

The survey should only take about 5-10 minutes to complete.

Please click below link to begin the survey. Thank you.

https://www.surveymonkey.com/s/messagetesting

On behalf of Symantec, we would like to invite your participation in a research survey on Information Governance. Your comments and inputs are very important to help us understand your needs, so please try to make your answers complete. In return, we would like to offer ALL the qualifying respondents who finish the survey 50 ofSymantec Connect Reward Points.

The survey should only take about 5-10 minutes to complete.

Please click below link to begin the survey. Thank you.

https://www.surveymonkey.com/s/messagetesting