The relentless march of ransomware, business email compromises, and other attacks against small private and public organizations over the past few years has demonstrated the hazard of operating below the information security poverty line—the point at which local governments, small and midsize businesses, and other institutions lack the expertise and budget required to implement basic computer and network security best practices needed to protect the organizations against cybercrime.
So on September 17, a Los Angeles-based cybersecurity nonprofit organization unveiled a new effort to help end that cycle, at least locally. Partnering with IBM Security and enterprise intelligence management provider TruStar, LA Cyber Lab has launched two initiatives to help organizations spot and stop malware and phishing attacks—a Web portal for sharing threat data and a mobile application targeted at helping small businesses detect and avoid email-based attacks like spear phishing.
LA Cyber Lab, a 501(c) nonprofit organization, received $3 million in funding from the US Department of Homeland Security in 2017. The organization is a "private-public partnership," LA Cyber Lab executive director Joshua Belk told Ars, "which works with the City of Los Angeles and the business committee of the Greater Los Angeles area." The lab's mission is helping Los Angeles area organizations "protect themselves and be more aware of cyberattacks and just different things that are happening in that realm," Belk explained.
The daily feed
Up until now, LA Cyber Lab's intelligence sharing has taken two forms: a daily threat report distributed by email and a regularly shared comma-separated value (CSV) file containing "indicators of compromise" (IOCs)—fingerprints for known attacks that businesses can use to detect attacks. But this week, LA Cyber Lab announced that the organization was moving to provide automated access to current threat data through its new Threat Intelligence Sharing Platform (TSIP) Web portal. Businesses that sign up as members will be able to connect their existing tools to the data as well through a Web application programming interface (API).
The threat data LA Cyber Lab distributes currently comes from over 25 data sources, including IBM X-Force IRIS's threat data, information collected from partner organizations, and open-source threat feeds (including those from the Department of Homeland Security's US-CERT). The IBM data comes from IBM X-Force Exchange, an 800 terabyte set of threat activity data that includes information on over 17 million spam and phishing attacks, real-time reports of live attacks, and reputation data on nearly one million malicious IP addresses.
"The partners are a group of companies around Los Angeles, both public and private sector, who are sharing whatever they want to in terms of IOCs," Belk said. They currently include the City of Los Angeles, City National Bank, AT&T, and IBM. Other companies in the region are in the process of being enrolled as well. "We're asking partners to share only vetted information so that we're not receiving false positives and a lot of noise," Belk explained.
"What we're doing on the back-end," said Wendi Whitmore, Global Lead for IBM X-Force Security Services, "is feeding in IBM X-Force IRIS threat intelligence—and in particular, premium threat intelligence which is more of our human analyzed, curated intelligence—into the submissions, and ensuring that we're leveraging that when the analysis is being conducted." TruStar was brought in to build the portal and provide "all the connectors between the different organizations," she added.
Belk said organizations that become members of the LA Cyber Lab information sharing network "have the opportunity to interact with some of the threat data…they can take it back to their environment, look through their network's logs and see if there's anything in the past, a breach that might've already happened that they weren't aware of, or they can look forward and they can block it the edge of their security network and blacklist or put rules in place to allow different activities to happen when they see some of those indicators come through."
Partner organizations submitting data will also get the benefit of extra eyes on their data—and alerts back from IBM X-Force. "If we're finding things that are of high risk—maybe they're new, perhaps not zero-day, but a new tactic or a new way to leverage a certain tactic—then we're going to provide that information back to the organizations that submitted as well as to the group," Whitmore explained.
Theres an app for that
This type of data isn't something that small businesses can typically act on, which leads to LA Cyber Lab's second new tool. The LA Cyber Lab mobile app, which is now available on both the Google Play and Apple iOS app stores, will allow anyone to push suspicious emails to LA Cyber Lab for automated evaluation based on threat data.Read More – Source
