Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
What Can be Expected in Trump’s Cybersecurity Executive Order?
http://www.securityweek.com/what-can-be-expected-trumps-cybersecurity-executive-order
The latest draft of President Trump’s much anticipated cybersecurity executive order was posted to the internet last week by security consultant Paul Rosenzweig. It is not the first and may not be the last draft that gets public scrutiny before the final version is formally published. Although it is currently a draft, it provides detailed insight into what can be expected.
Draft Cyber EO May 2017 Leak
https://www.scribd.com/document/347165499/Draft-Cyber-EO-May-2017-Leak
Tomi Engdahl says:
NSA: We saw how Russia hacked the French presidential election, so we resumed the aid
NSA’s director, Admiral Mike Rogers has told the US Senate that the US saw how venäläishakkerit penetrated through the French cyber infrastructire just before the election. Rogers says the NSA warned France before hacking became a public scandal.
AP News says that hackers leaked presidential candidate Emmanuel Macron messages and data with social media in abundance on the eve of the election. The French Government describes the break-up as very serious.
“We were aware of Russia’s activity. We talked to our French partners and warned them. ”
“We said: We are watching the Russians. We see how they penetrate your infrastructure. Here’s what we’ve seen. How can we help? “, Rogers described events for the Senate.
Source: http://www.tivi.fi/Kaikki_uutiset/nsa-naimme-kuinka-venaja-hakkeroi-ranskan-presidentinvaaleja-joten-riensimme-apuun-6647944
Tomi Engdahl says:
The NSA Confirms It: Russia Hacked French Election ‘Infrastructure’
https://www.wired.com/2017/05/nsa-director-confirms-russia-hacked-french-election-infrastructure/
Two days before France’s recent presidential election, hackers leaked nine gigabytes of emails from candidate Emmanuel Macron’s campaign onto the web. Since then, the Kremlin has once again emerged as the likeliest culprit. But while public evidence can’t definitively prove Russia’s involvement, NSA director Michael Rogers suggested to Congress today that America’s most powerful cybersecurity agency has pinned at least some electoral interference on Moscow.
In a hearing of the Senate’s Armed Forces Committee, Rogers indicated that the NSA had warned French cybersecurity officials ahead of the country’s presidential runoff that Russian hackers had compromised some elements of the election. For skeptics, that statement may help tip the balance towards credibly blaming Russia for the attacks.
“If you take a look at the French election … we had become aware of Russian activity,”
It’s not clear what “infrastructure” means in this context, but it seems likely to refer to the very public email dump. On Friday, Macron’s En Marche political party issued a statement saying that it had “been the victim of a massive, coordinated act of hacking,” but didn’t name Russia or any other culprit behind that attack.
Analysts already suspected Russia of at least attempting to breach Macron’s party: Security firm Trend Micro noted in a report late last month that the same Russian group that hacked the US Democratic National Committee and the Clinton campaign had also created a phishing domain intended to spoof a Microsoft storage website used by Macron.
‘Look, we’re watching the Russians, we’re seeing them penetrate some of your infrastructure.’ NSA Director Mike Rogers
Tomi Engdahl says:
Just so we’re all clear on this: Russia hacked the French elections, US Republicans and Dems
And only released Macron, Clinton campaign files – hmm
https://www.theregister.co.uk/2017/05/09/russia_hacked_everyone/
It’s been a busy week already on Capitol Hill. We’ve heard yet again revelations of Russian hackers breaking into US Republican and Democrat campaign computers – and interfering with France’s presidential election.
In a Senate judiciary committee meeting on Monday, former Director of National Security James Clapper was asked about Putin-backed miscreants meddling with last year’s race to the White House. He said that, after an extensive probe, he and all the heads of the intelligence agencies – including the CIA – had concluded that Kremlim-controlled hackers thoroughly ransacked both political parties: the Republicans and the Democrats.
The Democrats subsequently had their emails and documents leaked online in an obvious attempt to embarrass and derail Clinton and her campaign. Presumably, Vladimir is keeping the Republicans’ files for blackmail purposes.
“The Russians used cyber operations against both political parties, including hacking into servers used by the Democratic National Committee and releasing stolen data to WikiLeaks and other media outlets,” Clapper said on Monday afternoon.
“Russia also collected on certain Republican party-affiliated targets, but did not release any Republican-related data. The Intelligence Community Assessment concluded first that President Putin directed and influenced the campaign to erode the faith and confidence of the American people in our presidential election process.”
Clapper said Russia has been trying to influence American elections since the 1960s, and had scored a major win in 2016 with very little effort, thanks to its hacking crews. In light of this they would be emboldened, he said, and we should expect more attacks.
Tomi Engdahl says:
U.S. increasingly convinced that Russia hacked French election: sources
http://www.reuters.com/article/us-france-election-russia-idUSKBN1852KO
Hackers with connections to the Russian government played a role in an effort to damage centrist French politician Emmanuel Macron’s presidential campaign by hacking and leaking emails and documents ahead of the election, according to two U.S. intelligence officials.
Tomi Engdahl says:
It’s 2017 and Windows PCs are being owned by EPS files, webpages
Get patching ASAP as exploits are being used in the wild – and fix Adobe stuff, too
https://www.theregister.co.uk/2017/05/09/may_2017_ms_patch_tuesday/
Microsoft has today published patches for more than 50 security flaws in its products – including three serious holes being exploited right now in the wild. These updates should be applied as soon as possible.
The May edition of Patch Tuesday addresses blunders in Internet Explorer, Edge, Windows, Office, and the .NET Framework. In total, 55 bugs have been squashed, including 17 that have been rated as critical security risks.
Of the three bad bugs being actively exploited in the wild, two can be used to achieve remote code execution: CVE-2017-0222 in Internet Explorer 10 and 11, and CVE-2017-0261 in Microsoft Office 2010, 2013 and 2016. The third is an elevation of privilege bug, CVE-2017-0263, in all supported versions of Windows.
Basically, when a vulnerable installation of Office opens a booby-trapped EPS document, it can end up executing code within the file, and this code can use the privilege escalation hole to gain full control over the machine – essentially allowing emailed and downloaded documents to hijack computers and install spyware and other nasties, if victims are tricked into opening them.
Tomi Engdahl says:
FCC should produce logs to prove ‘multiple DDoS attacks’ stopped net neutrality comments
http://www.networkworld.com/article/3195466/security/fcc-should-produce-logs-to-prove-multiple-ddos-attacks-stopped-net-neutrality-comments.html
Fight for the Future says the FCC should produce its logs to prove its ‘multiple DDoS attacks’ claim that silenced net neutrality comments
After John Oliver urged viewers of HBO’s Last Week Tonight to fight for net neutrality (again) and post comments on the FCC’s site, people were not able to submit comments because the site turned to molasses.
The FCC blamed the problem on “multiple” DDoS attacks: “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”
A DDoS attack at the exact same time as Oliver’s viewers would have been leaving comments? Pfft. The last rally cry by Oliver resulted in such a flood of would-be commenters that it crashed the FCC comments site. So, it doesn’t seem outside the realm of possibilities that his newest plea for every internet group to come together and tell the FCC to preserve net neutrality and Title II could also crash the site.
n fact, Fight for the Future is highly skeptical of the FCC’s excuse and wants answers, saying the FCC should back up its DDoS attack claims with proof. It’s really quite simple, the FCC should release its logs.
Tomi Engdahl says:
Where’s the LoJack for Embedded Systems Security?
https://www.designnews.com/cyber-security/wheres-lojack-embedded-systems-security/54750155156765?cid=nl.x.dn14.edt.aud.dn.20170510.tst004t
Michael Barr, CTO of the Barr Group told an audience at ESC Boston 2017 embedded systems have become a battlefield of cyberattacks and someone needs to do for embedded systems security what LoJack did for automotive.
You might remember the commercials for LoJack – the aftermarket tracking system for catching car thieves. By tracking your vehicle and sending the information directly to the police LoJack not only enabled law enforcement to recover stolen vehicles, but to also discover the location of chop shops and other locations of illegal activity. It worked so well the company, started in the late 1980s, is still around today, in the age of GPS.
Now Michael Barr, CTO of the Barr Group, is calling for the same thing in embedded systems security.
The concept, which Barr semi-seriously referred to as “LoHack” to a keynote audience at the Embedded Systems Conference (ESC) 2017 in Boston, would externalize embedded security, moving it away from developers’ internal systems and onto a cloud-based service. “Remote hacks require [network] packet exchange,” he said. “If we could have cloud-based data traffic analysis and learning algorithms in place we could have device makers watching out and learning about attacks on their devices to a system that updates the security of all our networks.”
Barr Group estimates 60% of new products being developed will have Internet connectivity (meaning some sort of Internet of Things functionality). However, 22% of those surveyed said they have zero requirements related to security; 37% said they have no coding standards or do not enforce their coding standard; 36% use no type of static analysis tool; and 48% do not even bother to encrypt their communications over the Internet.
Barr pointed to the recent Mirai malware attacks as an example.
It all adds up to an IoT peppered with security holes – leading Barr to explain that we ought to be calling it the IoDT – the Internet of Dangerous Things. “We’re living in a scary word, a dangerous world, and an interesting time to be an embedded systems developer,” Barr said. From retail to healthcare applications and beyond developers are told adding intelligence to devices is a surefire way to add value both for the consumer and the company (not to mention increase profits). But in the process of adding connectivity designers have opened the door to all manner of cyberattacks – some that are even life threatening. One only need look as far as recent cases showing the
According to the Barr Group’s survey 25% of respondents reported their embedded systems project could injure or be life threatening. “What’s going wrong?” Barr asked. “We’re living in a world where attacks are increasing, but we should be living in a world where these systems are benefitting us.”
For Barr the IoT is already growing too unruly for cybersecurity to remain in silos. But the challenge remains finding solutions to secure all of the types of processors and connection protocols available to IoT devices – not to mention staying one step ahead of malicious hackers. “Security is an arms race, attackers are always getting stronger,” he said.
Barr said that developers – “designers of dangerous things” – must be ever mindful of their ethical duty to pay attention to cybersecurity. ‘The number one things we’re going to do is not ignore security anymore, especcially when we’re designing dangerous things,” he said while also asking developers to adopt bug-reducing software best practices and to use use cryptography where appropriate.
Barr also advocated that engineers adopt an approach of practicing “defense in depth.” The idea is that security should be layered so that if one system fails, another system picks up on a breach or error. “You have think like this at each layer. What kind I do at each layer to add additional layers of security so there is no one weak link.”
“ You have to think like that at every layer. You have to think who would attack, why would they attack, and what kind of motivations would they have.”
Tomi Engdahl says:
New York Times:
Interviews with Macron campaign staff reveal the obfuscation techniques used to slow hackers, who US intelligence believe were Russian — PARIS — Everyone saw the hackers coming. — The National Security Agency in Washington picked up the signs. So did Emmanuel Macron’s bare-bones technology team.
Hackers Came, but the French Were Prepared
https://www.nytimes.com/2017/05/09/world/europe/hackers-came-but-the-french-were-prepared.html?_r=0
Everyone saw the hackers coming.
The National Security Agency in Washington picked up the signs. So did Emmanuel Macron’s bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers.
The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader “information warfare” campaign.
The story told by American officials, cyberexperts and Mr. Macron’s own campaign aides of how a hacking attack intended to disrupt the most consequential election in France in decades ended up a dud was a useful reminder that as effective as cyberattacks can be in disabling Iranian nuclear plants, or Ukrainian power grids, they are no silver bullet. The kind of information warfare favored by Russia can be defeated by early warning and rapid exposure.
Tomi Engdahl says:
Q&A with Pete Chronis, Chief Information Security Officer
http://www.turner.com/blog/qa-pete-chronis-chief-information-security-officer
From an industrywide perspective, what trend is most intriguing to you right now?
The Internet of Things is a total game-changer. A few years ago, almost all connected devices were desktop and laptop computers running Microsoft Windows or Mac OS. Today, the majority are phones and tablets running iOS or Android. Tomorrow, practically everything around us will be connected. My Nest thermostat at home runs on Linux. Right now, many of these consumer devices are far less secure than they need to be, particularly for commercial and government adoption. And we’re already seeing an uptick in incidents of IoT devices being hacked and used to collectively participate in massive security attacks. So the potential of IoT devices to reshape and improve society is inspiring, but the sheer number of potential new security vulnerabilities is staggering. From a career perspective, it’s a great time get into infosec.
- See more at: http://www.turner.com/blog/qa-pete-chronis-chief-information-security-officer#sthash.KEN0Mox5.dpuf
Tomi Engdahl says:
Zack Whittaker / ZDNet:
FCC’s website has been flooded with 128K+ identical fake anti-net neutrality comments via its public comment system API
A bot is flooding the FCC’s website with fake anti-net neutrality comments
Several people we spoke to denied they had posted comments to the FCC’s feedback pages.
http://www.zdnet.com/article/a-bot-is-flooding-the-fccs-website-with-fake-anti-net-neutrality-comments/
A bot is thought to be behind the posting of thousands of messages to the FCC’s website, in an apparent attempt to influence the results of a public solicitation for feedback on net neutrality.
Late last month, FCC chairman Ajit Pai announced his agency’s plans to roll back an Obama-era framework for net neutrality, which rule that internet providers must treat all internet content equally.
Since then, the FCC’s public comments system has been flooded with a barrage of comments — well over half-a-million responses at the time of writing — in part thanks to comedian John Oliver raising the issue on his weekly show on Sunday, in which he asked Americans to leave comments in favor of keeping the rules.
But a sizable portion of those comments are fake, and are repeating the same manufactured response again and again.
So much so that more than 128,000 identical comments have been posted since the feedback doors were opened, now representing a significant slice of the comments on the FCC’s feedback docket.
The comments follow the same pattern: the bot appears to cycle through names in an alphabetical order, leaving the person’s name, and postal address and zip code.
A couple of people late Tuesday called back and confirmed that they had not left any messages on the FCC’s website.
The bot is likely automatically filing the comments through the FCC’s public comment system API, which allows anyone with a free-to-obtain API key to automatically submit comments.
But we don’t know where the bot got its names and addresses — though we suspect it may be from public voter registration records or an older data breach.
But a key question remains: who’s behind the bot?
Tomi Engdahl says:
Sebastian Anthony / Ars Technica:
Microsoft patches remote code-execution vulnerability discovered in its malware protection engine which is used in nearly every version of Windows
Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable
PCs can be compromised when Defender scans an e-mail or IM; patch has been issued.
https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/
Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it’s simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft’s malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned that exploits were “wormable,” meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.
Microsoft’s speed in issuing an automatic patch was impressive. Word of the critical flaw first surfaced in a Friday night series of tweets by Ormandy. He called it “the worst Windows remote code exec in recent memory” and warned that an attacks “work against a default install, don’t need to be on the same LAN, and it’s wormable.” Most security experts assumed Microsoft would require several weeks to patch it. To their surprise, Microsoft pushed out the patch Monday evening.
Microsoft says the risk of remote code execution is lower on Windows 10 and Windows 8.1 because of CFG, a security feature that protects against memory corruption. CFG is an optional compilation flag in Visual Studio 2015.
Tomi Engdahl says:
Cyber war is a new standard
Abloy today organized a Focus Forum event at the Finlandia Hall, focusing on the security of critical structures in society.
modern times, without exception, are global, regional and local. There is a need for extensive cooperation between security authorities or security organizations.
Security or threats are not primarily a technical issue, although it is often understood as such. – The biggest vulnerability is man. We make mistakes because we acted according to old models. And in general, we do not even understand or know we’re making mistakes.
Kybert Security is not a matter of other activities. According to Cederberg, digitization, for example, can not be without developing cybersecurity at the same time. – Considering Europe-wide energy infrastructure. If the power grids or gas pipes are not protected, they can become a weapon in some other hands.
- Criminals are now interested in the physical and virtual interface that opens with digitalisation. Specifically, it’s the gateway in the midst of luring it.
Source: http://www.etn.fi/index.php/13-news/6289-kybersota-on-uusi-normaali
Tomi Engdahl says:
How Bulk Interception Works
https://medium.com/privacy-international/how-bulk-interception-works-d645440ff6bd
The dispersion of packets across the internet means that our communications and data are more vulnerable to interception by foreign governments, who may capture them as they bounce around the world.
The capture of packets, particularly because of the metadata they contain, is intrusive.
Tomi Engdahl says:
A crashed advertisement reveals logs of a facial recognition system
https://twitter.com/GambleLee/status/862307447276544000
Discussion on finding
https://news.ycombinator.com/item?id=14309194
Tomi Engdahl says:
EPS Processing Zero-Days Exploited by Multiple Threat Actors
https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html
Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild.
FireEye believes that two actors – Turla and an unknown financially motivated actor – were using the first EPS zero-day (CVE-2017-0261), and APT28 was using the second EPS zero-day (CVE-2017-0262) along with a new Escalation of Privilege (EOP) zero-day (CVE-2017-0263). Turla and APT28 are Russian cyber espionage groups that have used these zero-days against European diplomatic and military entities. The unidentified financial group targeted regional and global banks with offices in the Middle East.
Tomi Engdahl says:
Mozilla wants EU to slow down its ePrivacy Directive process
‘We love privacy, just not this much privacy, not this fast’
https://www.theregister.co.uk/2017/05/11/mozilla_wants_eu_to_slow_down_its_eprivacy_directive_process/
Mozilla wants the EU to tap the brake on a privacy process slated to deliver a new ePrivacy Directive by May 2018, calling the timeline “overly aggressive”.
While saying it supports the main features of the proposal currently in front of the European Commission, in this post by legal advisor Sherrie Quinn, Mozilla hopes Europe takes time “to more thoroughly assess the Regulation”.
Back in January, America’s Internet Advertising Bureau warned that the power to fine digital services for privacy breaches meant a danger to “the future of the web as we know it”.
Mozilla might not have linked arms with the IAB, but it acknowledges a risk to ISP business models, along with other concerns
Mozilla further warns against “undue or unhelpful burdens”, and fears the proposed directive would prematurely regulate industries and practices.
Tomi Engdahl says:
Oh, great: There’s a new Same Origin Policy exploit for Edge
Browser helps attackers by autocompleting passwords
https://www.theregister.co.uk/2017/05/11/oh_great_theres_a_new_same_origin_policy_exploit_for_edge/
Tomi Engdahl says:
Another IoT botnet has been found feasting on vulnerable IP cameras
Children, please welcome Persirai to the class
https://www.theregister.co.uk/2017/05/10/persirai_iot_botnet/
Researchers have discovered yet another IoT botnet.
Persirai targets more than a thousand different internet protocol camera models. Researchers at Trend Micro warn that 120,000 web-connected cameras are vulnerable to the malware.
Consumers would, in most cases, be unaware that their devices are even exposed to the internet much less at risk of compromise. Hackers are using a known but seldom patched vulnerability to hack the cameras.
The development of Persirai comes just weeks after the arrival of Hajime – the “vigilante” IoT worm that blocks rival botnets – and months after the infamous Mirai IoT botnet. Mirai was used to attack a key internet domain resolution hub last October, leaving scores of high-profile websites unreachable to millions.
Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras
Posted on:May 9, 2017 at 5:03 am
Posted in:Internet of Things
Author: Trend Micro
By Tim Yeh, Dove Chiu and Kenney Lu
http://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/
Tomi Engdahl says:
US To Ban Laptops in All Cabins of Flights From Europe
https://news.slashdot.org/story/17/05/10/1957206/us-to-ban-laptops-in-all-cabins-of-flights-from-europe
The Department of Homeland Security will ban laptops in the cabins of all flights from Europe to the United States, European security officials told The Daily Beast. An official announcement is expected Thursday. Initially a ban on laptops and tablets was applied only to U.S.-bound flights from 10 airports in North Africa and the Middle East. The ban was based on U.S. fears that terrorists have found a way to convert laptops into bombs capable of bringing down an airplane. It is unclear if the European ban will also apply to tablets.
U.S. to Ban Laptops in All Cabins of Flights From Europe, Officials Say
http://www.thedailybeast.com/articles/2017/05/10/u-s-to-ban-laptops-in-all-cabins-of-flights-from-europe
Acting on fears that terrorists can build bombs into laptops, Homeland Security has decided to expand the ban it imposed on Middle Eastern flights. Computers will now be checked as baggage.
Tomi Engdahl says:
Europe Emerges as Major Source of Cyber Attacks: Reports
http://www.securityweek.com/europe-emerges-major-source-cyber-attacks-reports
Europe And Especially UK Are Now Major Originators of Cyber Attacks, Reports Show
With 73% of all malware being delivered by phishing, it remains the attackers’ primary attack methodology. Thirty percent of all detected attacks targeted end-user applications; the most common of which are Flash, Internet Explorer and Silverlight. The Netherlands is second only to the US as the top source of global of phishing attacks, and the UK is second only to the US as the source of all global cyber attacks.
These details come from the NTT Security 2017 Global Threat Intelligence Report (GTIR: PDF). NTT has visibility into 40% of the world’s internet traffic, and the report analyzes data from over 3.5 trillion logs and 6.2 billion attacks.
It shows that more than half (53%) of the world’s phishing attacks originate from EMEA countries. The Netherlands alone accounts for 38% of global phishing attacks, second only to the US at 41%.
http://www.nttcomsecurity.com/uploads/documentdatabase/2017_GTIR_NTT_Security_04252017.pdf
Tomi Engdahl says:
Siemens Patches DoS Flaws in Industrial Products
http://www.securityweek.com/siemens-patches-dos-flaws-industrial-products
Siemens has released software updates for some of its industrial products, including SIMATIC and SCALANCE, to patch several medium severity denial-of-service (DoS) vulnerabilities.
Siemens and ICS-CERT have each published three advisories covering a total of four security holes. Two of the advisories describe vulnerabilities affecting products that use the PROFINET Discovery and Configuration Protocol (DCP).
Tomi Engdahl says:
Cisco Patches CIA Zero-Day Affecting Hundreds of Switches
http://www.securityweek.com/cisco-patches-cia-zero-day-affecting-hundreds-switches
Cisco has finally released an update for its IOS and IOS XE software to address a critical vulnerability believed to have been used by the U.S. Central Intelligence Agency (CIA) to target the company’s switches.
Cisco learned of the flaw in mid-March after conducting an analysis of the Vault 7 files made available by WikiLeaks. These files describe exploits allegedly used by the CIA to hack mobile devices, desktop systems, networking equipment and IoT devices.
The vulnerability, tracked as CVE-2017-3881, affects the cluster management protocol (CMP) processing code used by Cisco’s IOS and IOS XE software. An unauthenticated attacker can exploit the flaw remotely to cause devices to reload or for arbitrary code execution with elevated privileges.
Tomi Engdahl says:
Zack Whittaker / ZDNet:
FCC’s website has been flooded with 128K+ identical fake anti-net neutrality comments via its public comment system API — Several people we spoke to denied they had posted comments to the Federal Communication Commission’s (FCC) feedback pages. — A bot is thought to be behind the posting …
Anti-net neutrality spammers are flooding FCC’s pages with fake comments
http://www.zdnet.com/article/a-bot-is-flooding-the-fccs-website-with-fake-anti-net-neutrality-comments/
Several people we spoke to denied they had posted comments to the Federal Communication Commission’s (FCC) feedback pages.
Tomi Engdahl says:
Trump fires FBI director James Comey amid ongoing Russia probe
Comey was investigating Trump’s team and possible links to Russia.
http://www.zdnet.com/article/trump-shows-fbi-chief-james-comey-the-door/
US President Trump has suddenly fired FBI Director James Comey amid the agency’s investigation into the new president’s team and potential links to Russia.
The dismissal took place as Comey led an inquiry as to whether the Russian Kremlin’s state-sponsored hacking team had managed to swing the US election in President Trump’s favor — and how deeply potential corruption has taken root.
Last month, the former director confirmed the existence of the investigation, and while Comey would not confirm or deny whether the new president himself is also part of the probe, he did say in testimony before the House Intelligence Committee that Trump’s team and associates are being investigated, and that it was “impossible to say” how long the inquiry would take.
Tomi Engdahl says:
120,000 IoT cameras vulnerable to new Persirai botnet say researchers
Internet connected cameras across the globe are easy to find and hijack to carry out DDoS attacks.
http://www.zdnet.com/article/120000-iot-cameras-vulnerable-to-new-persirai-botnet-say-researchers/
Tomi Engdahl says:
This Android flaw is ‘used by most ransomware’. But Google won’t fix it until Android O
http://www.zdnet.com/article/this-android-flaw-is-used-by-most-ransomware-but-google-wont-fix-it-until-android-o/
Malicious Android apps are targeting Google’s exception to a security rule for apps installed from Google Play. Just pray Google can stop malicious apps from appearing on its store.
The two newest versions of Android are vulnerable to a permissions feature being exploited by ransomware and banking malware.
Security firm Check Point has examined Android’s permission model and discovered it contains an odd bug that has become a favorite tool for ransomware, adware, and banking trojans to hijack victims’ screens with phishing pages and extortion demands.
This problem stems from an extremely sensitive permission in Android 6.0 Marshmallow, the most widely used version of Android, called SYSTEM_ALERT_WINDOW. The permission allows an app to create windows that overlay all other apps.
“According to our findings, 74 percent of ransomware, 57 percent of adware, and 14 percent of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild,” Check Point’s mobile research team notes.
Given its potential for abuse, Google initially required the user to approve this permission manually through the Settings screen, which was a harder process than permissions for apps to access “normal” resources, such as Wi-Fi state, and “dangerous” resources, such as the camera, microphone, or contacts.
However, in Android 6.0.1, Google made an exception to the process for granting permission to SYSTEM_ALERT_WINDOW, so long as the app was installed from the Play Store.
It did this because the manual process was causing troubles for legitimate apps, like Facebook Messenger, which relied on the feature to support its floating chat heads, according to Check Point.
Android Permission Security Flaw
http://blog.checkpoint.com/2017/05/09/android-permission-security-flaw/
Tomi Engdahl says:
Trump signs long-delayed executive order on cybersecurity
https://techcrunch.com/2017/05/11/trump-signs-long-delayed-executive-order-on-cybersecurity/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
President Trump signed a executive order today commanding a review of the United States’ cybersecurity capabilities.
A report on cybersecurity concerns regarding critical infrastructure is due within six months.
The executive order places greater responsibility for federal cybersecurity with the military, a move rejected by the Obama administration. “
The order calls for a review of the threat posed by botnets, which target websites with automatically-generated spam traffic
While Trump’s executive order calls for workforce development that will fill government with competent cybersecurity workers, the president’s hiring freeze has hindered other federal programs that encourage cybersecurity students to take government jobs after graduating college
Tomi Engdahl says:
3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies
https://www.bleepingcomputer.com/news/security/3-of-4-zero-days-microsoft-patched-yesterday-were-used-by-russian-cyberspies/
Microsoft’s May 2017 Patch Tuesday, released yesterday, included fixes for three zero-days, which according to ESET and FireEye, were used by cyber-espionage groups operating out of Russia.
The three zero-days are CVE-2017-0261, CVE-2017-0262, and CVE-2017-0263.
Tomi Engdahl says:
EN] Keylogger in Hewlett-Packard Audio Driver
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive.
This type of debugging turns the audio driver effectively into a keylogging spyware.
Tomi Engdahl says:
HP Laptop Audio Driver Acts as Keylogger
http://www.securityweek.com/hp-laptop-audio-driver-acts-keylogger
A researcher discovered that a Conexant audio driver shipped with many HP laptops and tablet PCs logs keystrokes, making it easier for malicious actors to steal potentially sensitive information without being detected.
Thorsten Schroeder of Swiss security firm Modzero noticed that the MicTray64.exe application, which is installed on many HP devices with the Conexant audio driver package and registered as a scheduled task in Windows, monitors all keystrokes to determine if the user has pressed any audio-related keys (e.g. mute/unmute).
The problem is not that the keys pressed by the user are monitored. The problem, according to the expert, is that keystrokes are logged to a file in the Users/Public folder. Furthermore, keystrokes are passed on to the OutputDebugString debugging API, allowing a process to access the data via the MapViewOfFile function.
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Tomi Engdahl says:
Ina Fried / Axios:
HP says Conexant keylogging code should not have been included on PCs, issues fix for 2016 models, says fix for 2015 models coming Friday — HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering.
HP says it has a fix for flaw that caused some PCs to log every keystroke
https://www.axios.com/hp-says-it-has-a-fix-for-flaw-that-caused-some-pcs-to-log-every-keystr-2403751321.html
HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering. The issue, caused by problematic code in an audio driver, affected PC models from 2015 and 2016.
A fix for 2016 models was released today via Windows Update, while a fix for 2015 models will be released tomorrow on both Windows Update and HP’s Web site, HP Vice President Mike Nash told Axios.
Why it matters: Although HP never accessed the data and the logs weren’t sent anywhere, just having them created a security threat. The fix not only deletes the key-logging code but also the files that stored keystrokes. (However, in theory customers using PC backup software might have copies elsewhere.)
Nash said that the code was debugging code that was inadvertently left in by Conexant, the company that made the audio driver, and should never have been included on shipping PCs. There was never an intent to have such software or collect any user data, he said.
“It was something that was there in development process and should have bene removed,” Nash said.
Dan Goodin / Ars Technica:
Researchers say Conexant audio driver, found on 24+ HP laptops, logs all keystrokes and stores them in an unencrypted file
HP laptops covertly log user keystrokes, researchers warn
https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/
Audio driver supplied by Conexant may put PCs from other makers at risk, too.
HP is selling more than two dozen models of laptops and tablets that covertly monitor every keystroke a user makes, security researchers warned Thursday. The devices then store the key presses in an unencrypted file on the hard drive.
The keylogger is included in a device driver developed by Conexant, a manufacturer of audio chips that are included in the vulnerable HP devices. That’s according to an advisory published by modzero, a Switzerland-based security consulting firm.
“This type of debugging turns the audio driver effectively into keylogging spyware,” modzero researchers wrote. “On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.”
The log file—located at C:\Users\Public\MicTray.log—is overwritten after each computer reboot, but there are several ways that the contents could survive for weeks, or even indefinitely. Forensic tools make restoring deleted or overwritten files easy.
Tomi Engdahl says:
Encryption system developed to hide private information from database queries
http://www.controleng.com/single-article/encryption-system-developed-to-hide-private-information-from-database-queries/accf584fe743044af1f6c5520ebde8be.html
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and Stanford University have developed an encryption system designed to disguises users’ database queries so they reveal no private information.
Most website visits these days entail a database query—to look up airline flights, for example, or to find the fastest driving route between two addresses.
But online database queries can reveal a surprising amount of information about the people making them. And some travel sites have been known to jack up the prices on flights whose routes are drawing an unusually high volume of queries.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and Stanford University have developed an encryption system that disguises users’ database queries so that they reveal no private information.
The system is called Splinter because it splits a query up and distributes it across copies of the same database on multiple servers. The servers return results that make sense only when recombined according to a procedure that the user alone knows. As long as at least one of the servers can be trusted, it’s impossible for anyone other than the user to determine what query the servers executed.
Division of labor
Splinter uses a technique called function secret sharing, which was first described in a 2015 paper by a trio of Israeli computer scientists. One of them, Elette Boyle, earned her PhD at MIT studying with RSA Professor of Computer Science and Engineering Shafi Goldwasser, a 2013 recipient of the Turing Award, the highest award in computer science. Goldwasser, in turn, is one of Wang’s co-authors on the new paper, along with Vinod Vaikuntanathan, an MIT associate professor of electrical engineering and computer science (EECS); Catherine Yun, an EECS graduate student; and Matei Zaharia, an assistant professor of computer science at Stanford.
Systems for disguising database queries have been proposed in the past, but function secret sharing could make them as much as 10 times faster. In experiments, the MIT and Stanford researchers found that Splinter could return a result from a database with millions of entries—including a duplicate of the Yelp database for selected cities—in about a second.
Tomi Engdahl says:
‘Risk’: Inside the Inner Sanctum of Wikileaks’ Assange
http://www.securityweek.com/risk-inside-inner-sanctum-wikileaks-assange
The enigmatic champion of a global movement for transparency and democracy. A Russian stooge. A West-hating attention-seeker. A cold fish with questionable attitudes and alleged diabolical sexual mores.
Julian Assange has been labeled all of these — and many things besides — since starting out as a media-savvy Robin Hood figure, wrestling facts from the powerful and serving them up unexpurgated for the masses.
Now, a fugitive from justice dogged by accusations of sexual assault and living a hermetic existence in London’s Ecuadoran embassy for the last five years, he cuts a more embattled, slippery figure.
“Risk,” a new documentary by Oscar-winning filmmaker Laura Poitras, starts out as an unsettlingly ambivalent portrait of the award-winning iconoclast but ends up revealing a darker side to Assange.
Tomi Engdahl says:
Google Researcher Details Linux Kernel Exploit
http://www.securityweek.com/google-researcher-details-linux-kernel-exploit
Google researcher Andrey Konovalov has revealed details of a Linux kernel vulnerability that can be exploited via packet sockets to escalate privileges.
The issue, he explains, is a signedness issue that leads to an exploitable heap-out-of-bounds write. To trigger the bug, one would need to provide “specific parameters to the PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled.”
Tracked as CVE-2017-7308, the vulnerability is created by the fact that the packet_set_ring function in net/packet/af_packet.c in the Linux kernel up to 4.10.6 does not properly validate certain block-size data. Because of that, a local user can cause a denial of service or gain privileges via crafted system calls.
“The bug affects a kernel if it has AF_PACKET sockets enabled (CONFIG_PACKET=y), which is the case for many Linux kernel distributions. Exploitation requires the CAP_NET_RAW privilege to be able to create such sockets. However it’s possible to do that from a user namespace if they are enabled (CONFIG_USER_NS=y) and accessible to unprivileged users,” the researcher explains.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
Tomi Engdahl says:
Malware Sends Stolen Cookies to Fake WordPressAPI Site
http://www.securityweek.com/malware-sends-stolen-cookies-fake-wordpressapi-site
A website pretending to be a core WordPress domain was recently used to steal user cookies and hijack sessions, Sucuri security researchers warn.
The offending website is code.wordprssapi[.]com, impersonating code.wordpressapi[.]com in an attempt to trick webmasters into considering that traffic to it is legitimate. The typo in domain name makes WordPrssAPI seem like a legitimate WordPress site, and website admins might consider it an official domain, although even the legitimate site has nothing to do with WordPress.
Tomi Engdahl says:
Ukraine soldiers bombarded by ‘pinpoint propaganda’ texts
KIEV, Ukraine (AP)
https://goo.gl/qUIS77
Television journalist Julia Kirienko was sheltering with Ukrainian soldiers and medics two miles (three kilometers) from the front when their cellphones began buzzing over the noise of the shelling. Everyone got the same text message at the same time.
“Ukrainian soldiers,” it warned, “they’ll find your bodies when the snow melts.”
Text messages like the one Kirienko received have been sent periodically to Ukrainian forces fighting pro-Russian separatists in the eastern part of the country. The threats and disinformation represent a new form of information warfare, the 21st-century equivalent of dropping leaflets on the battlefield.
“This is pinpoint propaganda,” said Nancy Snow, a professor of public diplomacy at the Kyoto University of Foreign Studies.
The Associated Press has found that the messages are almost certainly being sent through cell site simulators, surveillance tools long used by U.S. law enforcement to track suspects’ cellphones.
Tomi Engdahl says:
Man To Pay $300,000 In Damages For Hacking Employer
https://yro.slashdot.org/story/17/05/11/1843221/man-to-pay-300000-in-damages-for-hacking-employer
A former private security officer in California must pay nearly $319,000 in damages for attacking his employer’s computer systems. Yovan Garcia accessed payroll records at Security Specialists, which provides private security patrols, to inflate the number of hours he had worked. He later hacked the firm’s servers to steal data and defaced its website.
Man to pay $300,000 in damages for hacking employer
http://www.bbc.com/news/technology-39883229
An “unflattering picture” of a senior member of staff was also published on the site, Judge Fitzgerald said.
He ordered Mr Garcia to pay $318,661.70 to cover costs to Security Specialists such as lost income and lost data.
Mr Garcia could also be liable to pay the firm’s legal costs at a later date, he said.
Tomi Engdahl says:
US spymasters trash Kaspersky: AV tools can’t be trusted, we’ve stuck a probe in them
Eugene shouts back: Gimme the mic and let me testify
https://www.theregister.co.uk/2017/05/11/us_security_chiefs_dont_trust_kaspersky/
Five US spy bosses, and the acting FBI chief, today told the Senate intelligence committee they do not trust software from Russian antivirus maker Kaspersky.
And as a result, they are reviewing Uncle Sam’s use of the software. It is feared the toolkit could be commandeered by the Kremlin to attack and sabotage computers used by the American government.
Daniel Coats, the Director of National Intelligence; Michael Pompeo, Director of the CIA; Michael Rogers, Director of the NSA; Andrew McCabe, Acting Director of the FBI; Vincent Stewart, Director of the Defense Intelligence Agency; and Robert Cardillo, Director of the National Geospatial-Intelligence Agency didn’t agree on much, but they did agree on two things – they believe Putin meddled with the US elections, and they don’t recommend using Kaspersky’s software.
“Only Russia’s senior-most officials could have authorized the 2016 US election-focused data thefts and disclosures, based on the scope and sensitivity of the targets,” said [PDF] Coats.
“Russia has also leveraged cyberspace to seek to influence public opinion across Europe and Eurasia. We assess that Russian cyber operations will continue to target the United States and its allies.”
Tomi Engdahl says:
Machine vs. machine battle has begun to de-fraud the internet of lies
Standards help, too, as we fight to ensure the cost of sharing doesn’t outweigh the benefits
https://www.theregister.co.uk/2017/04/10/machine_vs_machine_battle_has_begun_to_defraud_the_internet_of_lies/
A long-ago cartoon in The New Yorker put it plainly: “On the Internet, nobody knows you’re a dog.” If that cartoon had been written today, the caption might have read, “On the Internet, nobody knows you’re a fraud.”
Scam artists, snake oil salesmen, sock puppets, bot armies and bullies – every time we look up, it seems as though we discover another form of dishonesty, grifting grown to global scale via the magnificent yet terrifying combination of Internet and smartphone.
None of that should surprise us. People are wonderful and horrible. The network we’ve built for ourselves serves both the honest and the liar. But we have no infrastructure to manage a planet of thieves.
Navigating this stuff goes well beyond ‘caveat emptor’, into the darkest secrets of spearphishing and social engineering playing on our higher selves for the basest reasons. I
Security has been stretched to the breaking point. If things continue as they have, the costs of connectivity could begin to outweigh the benefits, and at that point, the post-Web civilisation of sharing and knowledge, already fraying, would unwind comprehensively, as people and businesses withdraw behind defensible perimeters and call it a day.
Insofar as papers presented by the Web’s core research community are a reliable indicator of the future direction for the Web, that future centers on learning how to detect lies.
Detecting false advertisements, bullies, and bots – all of these can be done with machine learning. It can even be applied to a politician’s tweets – to find out if they’ve been fibbing about where they’ve been, and when.
This flurry of research hearkens back to one of the oldest problems in Computer Science – the Turing Test. Can you detect whether someone at the other end of a text-based connection is a person or a computer? What questions do you ask? How do you analyse their responses? Take those same ideas and apply them to a vendor on Alibaba or an account on Twitter – ask the questions, analyse and probe – then decide: truth or lies.
Machines can help us in this battle – but machines will be used on both sides, deceiving and revealing deceit. Yet there is hope: there’s too much money on the table to allow the forces of darkness to gain ascendancy. Chaos is bad for business.
Tomi Engdahl says:
HP Laptops Turn Up Keylogger Where You Wouldn’t Expect It
http://hackaday.com/2017/05/12/hp-laptops-turn-up-keylogger-where-you-wouldnt-expect-it/
One would generally expect to find a keylogger in a dodgy movie torrent or perhaps a keygen for pirated software, but this week a keylogger was found in an audio driver for an HP laptop.
The logger was found by Swiss security researchers modzero. The Conexant HD Audio Driver Package version 1.0.0.46 and earlier apparently logs keystrokes in order to monitor things like the laptop’s volume up and down keys. The real killer here is that it feels the need to log all keystrokes detected to a readily accessible file
Keylogger Found in Audio Driver of HP Laptops
https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/
The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
The problem is that this file writes all keystrokes to a local file at:
C:\users\public\MicTray.log
If the file doesn’t exist or a registry key containing this file’s path does not exist or was corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API.
Keylogger feature confirmed in HP laptops
Tomi Engdahl says:
Damien Gayle / The Guardian:
Multiple hospitals across UK hit by ransomware attack, locking staff out of their computers and forcing hospitals to divert emergency patients — Many hospitals having to divert emergency patients, with doctors reporting messages demanding money … Hospitals across England have been hit …
NHS cyber-attack: hospital computer systems held to ransom across England
https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack?CMP=Share_iOSApp_Other
Many hospitals having to divert emergency patients, with doctors reporting messages demanding money
Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients.
The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England has declared a major incident. NHS Digital said it was aware of the problem and would release more details soon.
Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible.
“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed.”
“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.
Tomi Engdahl says:
Chris Baraniuk / BBC:
Ransomware infections reported around the world Friday, with companies and institutions hit in UK, US, Spain, Italy, China, Russia, Vietnam, Taiwan, more
Ransomware infections reported worldwide
http://www.bbc.com/news/technology-39901382?ocid=socialflow_twitter
A massive ransomware campaign appears to have infected a number of organisations around the world.
Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.
There have been reports of infections in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan and others.
Security researchers are linking the incidents together.
One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.
One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.
“This is huge,” he said.
The UK’s National Health Service (NHS) was also hit by a ransomware outbreak and screenshots of the WannaCry program were shared by NHS staff.
In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.
Bitcoin wallets seemingly associated with the ransomware were reported to have already started filling up with cash.
“This is a major cyber attack, impacting organisations across Europe at a scale I’ve never seen before,” said security architect Kevin Beaumont.
Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.
A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.
Tomi Engdahl says:
Ransomware based on leaked NSA tools spreads to dozens of countries
https://techcrunch.com/2017/05/12/ransomware-based-on-leaked-nsa-tools-spreads-to-dozens-of-countries/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
A ransomware attack seemingly based on leaked NSA hacking tools is spreading like wildfire among unpatched Windows systems worldwide. Early reports suggested it was targeted at the UK’s National Health Service, but it’s clear now that the attack is a global one, with thousands of computers apparently affected in Russia alone.
A Kaspersky lab analysis puts the number of infected computers at more than 45,000 as of early Friday afternoon, the vast majority of which are Russian (Ukraine, India, and Taiwan follow).
Tomi Engdahl says:
Lily Hay Newman / Wired:
Hackers are using EternalBlue vulnerability discovered by NSA and an exploit released by Shadow Brokers to infect unpatched Windows computers with WannaCry
The Ransomware Meltdown Experts Warned About Is Here
https://www.wired.com/2017/05/ransomware-meltdown-experts-warned/
A new strain of ransomware has spread quickly all over the world, causing crises in National Health Service hospitals and facilities around England, and gaining particular traction in Spain, where it has hobbled the large telecom company Telefonica, the natural gas company Gas Natural, and the electrical company Iberdrola. You know how people always talk about “the big one”? As far as ransomware attacks go, this looks a whole lot like it.
The ransomware strain WannaCry (also known as WanaCrypt0r and WCry) that caused Friday’s barrage appears to be a new variant of a type that first appeared in late March. This new version has only gained steam since its initial barrage, with tens of thousands of infections in 74 countries so far today as of publication time. Its reach extends beyond the UK and Spain, into Russia, Taiwan, France, Japan, and dozens more countries.
One reason WannaCry has proven so vicious? It seems to leverage a Windows vulnerability known as EternalBlue that allegedly originated with the NSA. The exploit was dumped into the wild last month in a trove of alleged NSA tools by the Shadow Brokers hacking group. Microsoft released a patch for the exploit, known as MS17-010, in March, but clearly many organizations haven’t caught up.
“In healthcare and other sectors we tend to be very slow to address these vulnerabilities,”
“But whoever is behind this is clearly extremely serious.”
Tomi Engdahl says:
New IOT Attack Linked To Iran – Persirai Malware Strikes at IP Cameras in Latest IOT Attack
http://securityaffairs.co/wordpress/59024/malware/persirai-attack.html
Trend Micro has discovered a new attack on internet-based IP cameras and recorders powered by a new Internet of Things (IOT) bot dubbed PERSIRAI.
Tomi Engdahl says:
https://threatpost.com/googles-oss-fuzz-finds-1000-open-source-bugs/125545/
Tomi Engdahl says:
CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS
https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/
In order to infect the victims, the attackers distributed spear-phishing emails containing malicious excel file which when opened dropped a malware capable of downloading additional components and spying on infected systems.
Tomi Engdahl says:
http://www.epanorama.net/newepa/2017/05/12/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/comment-page-1/#comment-1546847
Tomi Engdahl says:
Las Vegas taps AI for cybersecurity help
https://techcrunch.com/2017/05/12/las-vegas-taps-ai-for-cybersecurity-help/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
Hundreds of thousands of people live in the city of Las Vegas. But the city’s information security team is made up of just three employees and one intern, so the chief information officer of Las Vegas relies on artificial intelligence to keep the city’s data and tech secure.
“The things that keep me up most are ransomware and phishing,” Vegas CIO Michael Sherwood tells TechCrunch. “They’re some of the simplest attacks but the hardest to defend against.” In order to rest easy at night, Sherwood relies on AI security solutions from Darktrace to support his small team.