Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
Yahoo Ditching ImageMagick Highlights Issues in Bug Responsibility Ecosystem
http://www.securityweek.com/yahoo-ditching-imagemagick-highlights-issues-bug-responsibility-ecosystem
ImageMagick, an open source command line graphics file editor, has been retired by one of its major consumers: Yahoo. The product has been beset by flaws and bugs for several years, but this appears to have been one too many for Yahoo. Following discovery of a bleed vulnerability, Yahoo fixed it by retiring the product.
The flaw itself, discovered by researcher Chris Evans, was fixed by ImageMagick two months ago. Last week, however, he blogged about his discovery of its persistence at Yahoo. For Evans, it is symptomatic of a wider issue: vendor (ImageMagick) and consumer (in this case Yahoo) responsibility for upstream fixes.
ImageMagick (using his own fix) fixed the problem. Could or should it have done more to ensure that its consumers also applied that fix? Yahoo is (or was) a consumer. Could it or should it have done more to apply upstream fixes?
A solution, suggests Evans, is, “Probably less trivial than it sounds; both Box and Yahoo! appear to have been running old versions of ImageMagick with known vulnerabilities.”
The vulnerability, exploited by Evans on Yahoo, provided “a way to slurp other users’ private Yahoo! Mail image attachments from Yahoo servers.” It was present in the RLE (Utah Raster Toolkit Run Length Encoded) image format. An attacker, writes Evans, “could simply create an RLE image that has header flags that do not request canvas initialization, followed by an empty list of RLE protocol commands. This will result in an uninitialized canvas being used as the result of the image decode.”
In his own POC he attached an 18-byte exploit file as a Yahoo! Mail attachment, sent it to himself and clicked on the image in the received mail to launch the image preview pane. “The resulting JPEG image served to my browser,” he writes, “is based on uninitialized, or previously freed, memory content.”
He reported the problem to Yahoo, and was pleased with Yahoo’s response. It was fixed well within Yahoo’s self-imposed 90-day deadline, and, he says, the communication was excellent. Compare this to his comments on communication with Box: “communications were painful, as if they were filtered through a gaggle of PR representatives and an encumbrance of lawyers.”
The fix itself was simple and complete: Yahoo retired ImageMagick.
Tomi Engdahl says:
Bankrupt school ITT pleads ‘don’t let Microsoft wipe our cloud data!’
Define irony: For-profit school wants unpaid bill forgiven
https://www.theregister.co.uk/2017/05/22/bankrupt_school_itt_cloud_data_wiped/
The estate of bankrupt US trade school ITT Technical Institutes is today asking a court to stop Microsoft from erasing its cloud data.
In a filing [PDF] to the US District Bankruptcy Court of Southern Indiana, the caretakers of the defunct for-profit university seek an order to bar the Redmond giant from wiping the contents of ITT’s Office 365 and webmail accounts for students, faculty, and administrators.
ITT has been under bankruptcy proceedings since September of last year, when it shut down operations and filed for bankruptcy protections after the government barred the school from taking financial aid money.
The school says it had asked Microsoft to preserve its data, but was told such a service would cost around $2.5m, a sum of money that a company in the midst of liquidation wouldn’t be able to afford.
The trustees are now seeking an injunction to bar Microsoft from deleting the data in its Office 365 accounts, giving the estate a stay on its account and forcing Microsoft to keep the data on hand until it can decide how to proceed with handling it under both the bankruptcy laws and the Family Educational Rights and Privacy Act, a law that covers the handling of private student and faculty data by educational institutes.
Tomi Engdahl says:
If you are afraid of abusing your information, your worries are not undesirable – more than 10% of Finns
According to a survey conducted by Tieto, three out of four Finns are concerned about the security and handling of their personal data in their online services. Concern is certainly not unjustified, as more than 10% have been subjected to abuse of information on the basis of the same query.
The results of the survey were presented at an event organized by the Software Entrepreneurs Association, which discussed the EU’s new Data Protection Regulation coming into force next year. It provides, inter alia, for the right of citizens to abolish self-collected information and also to the obligation on undertakings to inform themselves of the risk of data being compromised.
According to the regulation, the company will warn authorities within 72 hours and report as soon as possible to the customers affected by the data leak if the company is exposed to cyber attack and sensitive information leaks.
“Cyberbands are growing, and consumers are increasingly aware of how companies collect and process personal data. Nevertheless, only a few people know that the EU General Data Protection Regulation will strengthen data protection, “Data security unit director Markus Melin says the bulletin.
Software entrepreneurs emphasize that every company has, after one year, had to have automated readiness to remove the requested personal data in their systems, ie existing systems must be adapted to the change required by the Privacy Policy.
Source: http://www.tivi.fi/Kaikki_uutiset/jos-pelkaat-tietojesi-vaarinkayttoa-huolesi-ei-ole-aiheeton-harmeja-jo-yli-10-suomalaisista-6651429
Tomi Engdahl says:
Yahoo Ditching ImageMagick Highlights Issues in Bug Responsibility Ecosystem
http://www.securityweek.com/yahoo-ditching-imagemagick-highlights-issues-bug-responsibility-ecosystem
ImageMagick, an open source command line graphics file editor, has been retired by one of its major consumers: Yahoo. The product has been beset by flaws and bugs for several years, but this appears to have been one too many for Yahoo. Following discovery of a bleed vulnerability, Yahoo fixed it by retiring the product.
Tomi Engdahl says:
Expert: Terrorism will accelerate even more – in Europe
David Kilcullen, serving in a long time in Iraq, is highly likely that after the collapse of the terrorist organization Isis, the violence spreads elsewhere and the threat of terrorism rises in Europe.
In Europe, terrorist attacks are likely to increase after Isis is found in Iraq and Syria.
Future threats in Europe are returning to their home countries, military training fighters and so-called ad hoc terrorism.
Kilcullen talked on a seminar organized by the Foreign Policy Institute on Tuesday, with the theme of radical Islamism and terrorism.
- We will see serious violence across Iraq after the collapse of Isis. This has already been seen in Baghdad and Kirkuk. Battles are most likely to spread to other cities, Kilcullen says.
He estimates that, for example, in southern Iraq and Baghdad, problems will arise from the returning Shiite militia from the Mosul region.
Terror threats rise
Kilcullen sees a terrorist threat rising in Europe as the Isis caliphate collapses.
- There are unstable times coming. After the collapse of the caliphate, it is completely opposite to the peace, he estimates.
Problems will be caused by, among other things, the returning Isis fighters in their home countries, the other radical conglomerates seeking power in the Middle East, and the outer confusion of the confused situation in the region, such as Russia and Iran.
Source: http://www.iltalehti.fi/ulkomaat/201705232200147032_ul.shtml
Tomi Engdahl says:
WANNACRY HIGHLIGHTS THAT UN-PATCHED SYSTEMS PRESENT A SECURITY THREAT
https://www.nordcloud.com/en-blog/wannacry-highlights-how-unpatched-systems-present-a-security-threat
The latest breach of the ransomware “Wannacry” showed the vulnerability of unpatched legacy infrastructure. “Wannacry” ransomware was engineered to take advantage of the most common security challenges facing large organizations today. This all could have been avoided with a patch which was released more than 2 months ago.
“The governments of the world should treat this attack as a wake-up call.”
- Brad Smith, President of Microsoft
Tomi Engdahl says:
Jonathan Stempel / Reuters:
US appeals court rules that Wikipedia can pursue its NSA surveillance lawsuit, after a judge dismissed it in 2015
Wikipedia can pursue NSA surveillance lawsuit: U.S. appeals court
http://www.reuters.com/article/us-wikipedia-nsa-idUSKBN18J206
A federal appeals court on Tuesday revived a Wikipedia lawsuit that challenges a U.S. National Security Agency (NSA) program of mass online surveillance, and claims that the government unconstitutionally invades people’s privacy rights.
The decision could make it easier for people to learn whether authorities have spied on them through Upstream
“Our government shouldn’t be searching the private communications of innocent people in bulk.”
Tomi Engdahl says:
Washington Post:
Google to begin using credit and debit card transaction data to show online ads prompt consumers to buy in physical stores, details tech to preserve privacy — SAN FRANCISCO — Google will begin using data from billions of credit and debit card transactions — including card numbers …
Google now knows when its users go to the store and buy stuff
https://www.washingtonpost.com/news/the-switch/wp/2017/05/23/google-now-knows-when-you-are-at-a-cash-register-and-how-much-you-are-spending/?utm_term=.2e4f893859f3
oogle will begin using data from billions of credit and debit card transactions — including card numbers, purchase amounts and time stamps — to solve the advertising juggernaut’s long-standing quest to prove that online ads prompt consumers to make purchases in brick-and-mortar stores, the company said on Tuesday.
The advance, which enables Google to tell retailers how many sales they created through their digital ad campaigns, is a step toward what industry insiders have long described as the “holy grail” of digital advertising.
“Google — and also Facebook — believe that in order to get digital dollars from advertisers who are still primarily spending on TV, they need to prove that digital works,” said Amit Jain, chief executive of Bridg, a digital advertising startup that matches online to offline behavior.
Tomi Engdahl says:
Thomas Page / CNN:
Dubai to introduce fleet of robots with face scanning-tech to its police force May 24; citizens can ask them questions, report crimes, and pay fines
The inevitable rise of the robocops
http://edition.cnn.com/2017/05/22/tech/robot-police-officer-future-dubai/
Tomi Engdahl says:
Eduard Kovacs / SecurityWeek:
Chaos Computer Club hackers say they have defeated Samsung Galaxy S8′s iris recognition system using a fake iris — Hackers of the Chaos Computer Club (CCC) in Germany have managed to defeat the iris recognition system on Samsung’s flagship Galaxy S8 smartphones.
Hackers Defeat Samsung Galaxy S8 Iris Scanner
http://www.securityweek.com/hackers-defeat-samsung-galaxy-s8-iris-scanner
Hackers of the Chaos Computer Club (CCC) in Germany have managed to defeat the iris recognition system on Samsung’s flagship Galaxy S8 smartphones.
The Samsung Galaxy S8 has several biometrics-based authentication systems, including face recognition, a fingerprint scanner, and an iris scanner. The iris authentication, which allows users to unlock their device and authorize payments, is advertised by Samsung as “one of the safest ways to keep your phone locked.”
While an individual’s iris is unique, researchers from CCC showed that Samsung’s iris scanner can be defeated by showing it a picture of the victim’s eye. It’s worth noting that members of the CCC were the first to bypass Apple’s fingerprint-based Touch ID system after its introduction in 2013.
Researchers demonstrated that a camera with a 200mm lens can capture a usable picture of the iris from up to five meters (16 feet).
“In the infrared light spectrum – usually filtered in cameras – the fine, normally hard to distinguish details of the iris of dark eyes are well recognizable,” the CCC said. “Depending on the picture quality, brightness and contrast might need to be adjusted.”
Once the picture of the iris has been obtained, it can be printed out using a laser printer
The last step is to place a contact lens on top of the print to mimic the curvature of a real eye.
Tomi Engdahl says:
Spotify Hacked: Thousands Of Accounts’ Login Credentials Released By The Leak Boat
http://www.ibtimes.com/spotify-hacked-thousands-accounts-login-credentials-released-leak-boat-2542401
Original story:
Late Monday night, a hacking group revealed the login credentials of thousands of Spotify accounts. In its announcement on Twitter, the Leak Boat said it was 9,000 accounts, but the page that listed all the account details had information of fewer than 6,500 Spotify subscribers.
The group, which has previously released hacked accounts from various websites, as well as private videos and photographs of several celebrities, posted the information on a publicly available website.
UPDATE: 9 p.m. EDT — In a statement to International Business Times regarding the hacking of some user accounts, Spotify said Tuesday evening: “We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
https://ghostbin.com/paste/nmdgz
Tomi Engdahl says:
Qatar’s State News Agency Hacked by ‘Unknown Entity’: Official
http://www.securityweek.com/qatars-state-news-agency-hacked-unknown-entity-official
Qatar said Wednesday its official state news agency was hacked and subsequently carried a “false statement” on sensitive regional topics attributed to the country’s Emir, Sheikh Tamim bin Hamad Al-Thani.
Amid an apparent wide-scale security breach it was also reported that the agency’s official Twitter account had also been attacked.
Among the issues allegedly addressed by the Qatari ruler in the statement were the Palestinian-Israeli conflict, strategic relations with Iran, and comments about Hamas.
Tomi Engdahl says:
Windows Defender Ported to Linux in Fuzzing Tool Demo
http://www.securityweek.com/windows-defender-ported-linux-fuzzing-tool-demo
Google Project Zero researcher Tavis Ormandy has released a tool designed for porting Windows dynamic link library (DLL) files to Linux in an effort to improve fuzzing. The expert demonstrated the tool’s capabilities by porting a Windows Defender component to Linux.
Ormandy has found vulnerabilities in several security products, including password managers and anti-malware software. Some of these flaws have been identified using a process called fuzzing, an automated testing technique that involves injecting malformed or random data into the targeted application.
Google has been promoting the use of fuzzing in the past years and the tech giant recently launched an open source fuzzing service named OSS-Fuzz.
While fuzzing can be very useful for finding vulnerabilities, Ormandy believes that distributed and scalable fuzzing on Windows can be inefficient and problematic, especially in the case of endpoint security products whose components span across the kernel and user space.
Google Launches OSS-Fuzz Open Source Fuzzing Service
http://www.securityweek.com/google-launches-oss-fuzz-open-source-fuzzing-service
Just two months after Microsoft announced its Project Springfield code fuzzing service, Google has launched the beta of its own OSS-Fuzz. The purpose in both cases is to help developers locate the bugs that eventually lead to breaches. But the services, like the two organizations, are very different: one is paid for while the other is free; one is proprietary while the other is open source.
Tomi Engdahl says:
Twitter Bug Allowed Publishing Tweets From Any Account
http://www.securityweek.com/twitter-bug-allowed-publishing-tweets-any-account
A bug in the Twitter social network allowed an attacker to post tweets as a different user, without having access to the victim’s account.
Discovered by a security researcher going by the name of kedrisec, the issue was reported to Twitter on February 26 and was resolved two days later. The vulnerability was assessed High severity and the reporter received a $7,560 bounty for it.
Tomi Engdahl says:
New Product Allows Easy Addition of Multi-Factor Authentication to Any Application
http://www.securityweek.com/new-product-allows-easy-addition-multi-factor-authentication-any-application
New Multi-factor Authentication Offering Seeks Balance Between Strong Security and Ease of Use
The correct balance between strong security and excessive control is difficult. Without strong security, such as multi-factor authentication (MFA), organizations will be breached. With excessive control (such as MFA always and everywhere), business will be impeded, employees will be disgruntled, and controls will be bypassed. A new behavioral authentication product announced today by security firm Preempt allows optional MFA, based on user behavior, on any application.
https://www.preempt.com/
Tomi Engdahl says:
Media Players Expose Millions of Systems to Subtitle Attacks
http://www.securityweek.com/media-players-expose-millions-systems-subtitle-attacks
Malicious actors could hijack millions of systems using specially crafted subtitle files that exploit vulnerabilities in some of the most popular media players, security firm Check Point warned on Tuesday.
Check Point’s analysis has focused on four popular media players, but researchers believe other applications are likely affected as well. The players confirmed to be vulnerable are VLC, the open-source home theater software Kodi (formerly known as XBMC), the video streaming app Stremio, and Popcorn Time, which streams movies and TV shows directly from torrents.
Experts pointed out that the potential number of victims for these subtitle attacks is very high considering that the latest version of VLC has been downloaded 170 million times, and Kodi reportedly has nearly 40 million unique users each month.
The developers of these media players have released patches, but some issues are still under investigation and Check Point has decided not to make public any technical details.
Hacked in Translation – from Subtitles to Complete Takeover
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
Tomi Engdahl says:
Flashpoint Enhances Risk Intelligence Platform
http://www.securityweek.com/flashpoint-enhances-risk-intelligence-platform
Just as global intelligence firm Stratfor extracts and presents geopolitical intelligence from the noise of available information, so now does Flashpoint extract cyber business risk intelligence (BRI) from the noise of deep and dark web conversations.
That process has now come to fruition with today’s launch of the Flashpoint Intelligence Platform 3.0. It aims to convert and present the raw intelligence gleaned from the deep and dark web as actionable business risk intelligence that will help customers take a more strategic role in security planning.
https://www.flashpoint-intel.com/#multi-applications-cont
Tomi Engdahl says:
Don’t Be In Denial About DDoS
http://www.securityweek.com/dont-be-denial-about-ddos
We know they’re a huge problem — any organization can be targeted by the wrath of a massive DDoS attack, from government websites to individual’s blogs. But as attacks have become bigger, more frequent and more widespread, it seems that they’re increasingly being regarded as an unstoppable force majeure, like a hurricane or earthquake, which simply has to be survived.
It’s not difficult to understand why we’ve found ourselves in this situation. Neustar’s annual Worldwide DDoS Attacks & Cyber Insights Research Report (PDF) states that the average size of a DDoS attack has doubled to 50Gbps, and the number of DDoS attacks worldwide has increased by 15 percent over the past 12 months, across all sectors. Additionally, 84 percent of the more than 1,000 organizations polled in the report said that they had been targeted by an attack in the past 12 months, with 45 percent experiencing more than five attacks in that time.
Further, the report found that DDoS is increasingly being used as a smokescreen — 42 percent of respondents said that the DDoS attacks they experienced were accompanied by malware and 27 percent were accompanied by either ransomware or extortion by threatening further DDoS attacks. It’s no surprise that the average loss of revenue experienced by organizations hit with a DDoS attack was $2.5 million.
These are sobering statistics. Organizations need to step up their game, face reality and take ownership of their networks – NOW. We can’t just grin and bear it.
https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ddos/neustar-2017-worldwide-ddos-attacks-cyber-insights-research-report.pdf
Tomi Engdahl says:
CEOs and Coffee Shops Are Mobile Computing’s Biggest Risks: Report
http://www.securityweek.com/ceos-and-coffee-shops-are-mobile-computings-biggest-risks-report
The balance between encouraging mobility for business purposes and controlling it for security remains as tricky today as ever. Ninety-three percent of organizations are now somewhat or very concerned that the mobile workforce is presenting an increasing number of security challenges. Of these, 47% are ‘very concerned’; a figure that has grown from 36% a year ago.
These figures come from the iPass 2017 Mobile Security Report (PDF), published today. iPass is a global provider of always-on, secure Wi-Fi; with more than 60 million hotspots in more than 120 countries.
Vanson Bourne surveyed 500 CIOs and senior IT decision makers from the US (200), UK (100), Germany (100) and France (100). While the results are broadly consistent across all regions, there are nevertheless some surprising differences. For example, while there is acknowledgement that security is needed, there is apparent recognition that control is difficult — and the extent of the problem and ways to solve it differ by geographic region.
Less than a third of companies ban the use of public Wi-Fi at all times, while a further 37% ban their use ‘sometimes’. More surprising, however, is the regional difference: 44% of UK organizations do not, and do not plan to introduce a ban; but only 10% of US companies are similar. Eight percent of UK companies have no concern over mobile security, while only 1% of US companies have no concerns.
Tomi Engdahl says:
US spies still won’t tell Congress the number of Americans caught in dragnet
https://arstechnica.com/tech-policy/2017/03/nsa-spy-law-up-for-renewal-but-feds-wont-say-how-many-americans-targeted/
Electronic surveillance programs Prism, Upstream hang in the congressional balance
In 2013, a National Security Agency contractor named Edward Snowden revealed US surveillance programs that involved the massive and warrantless gathering of Americans’ electronic communications. Two of the programs, called Upstream and Prism, are allowed under Section 702 of the Foreign Intelligence Surveillance Act. That section expires at year’s end, and President Donald Trump’s administration, like his predecessor’s administration, wants the law renewed so those snooping programs can continue.
That said, even as the administration seeks renewal of the programs, Congress and the public have been left in the dark regarding questions surrounding how many Americans’ electronic communications have been ensnared under the programs. Congress won’t be told in a classified setting either, despite repeated requests.
Tomi Engdahl says:
Google says its partnerships capture roughly 70% of all credit and debit card transactions in the U.S.
Google Following Your Offline Credit Card Spending To Tell Advertisers If Their Ads Work
https://consumerist.com/2017/05/23/google-following-your-offline-credit-card-spending-to-tell-advertisers-if-their-ads-work/
Google’s holding its annual conference for marketers today in San Francisco, and to kick it off they’re announcing some new tools advertisers can use. One of them promises to tie your offline credit card data together with all your online viewing to tell advertisers exactly what’s working as they try to target you and your wallet.
Attribution is important to businesses, because marketing costs money. Businesses are willing to spend some money on advertising and outreach — but only if they see it translate into a return.
Tomi Engdahl says:
Michael del Castillo / CoinDesk:
Blockstack releases developer edition of blockchain-powered browser, plans to introduce tokens later this year
Blockstack Releases Blockchain-Powered, Tokenized Internet Browser
http://www.coindesk.com/blockstack-blockchain-decentralized-browser/
Blockchain startup Blockstack has released a decentralized browser aimed at making apps more easily accessible.
In a way, the release is a kind of Netscape for the decentralized internet, running apps on a plethora of blockchains.
The startup is revealing plans for what might be considered a kind of initial coin offering, or ICO, using its own technology that sits on top of several other blockchains.
Blockchain browser
In many ways, the browser is the core of Blockstack’s suite of decentralized internet tools.
Built over the course of more than two years, the browser was built from the ground up with developers in mind.
As part of an industry wide effort to make blockchain applications that are actually serving real problems Blockstack aimed to reduce the complexity of building with blockchain. To get there, the startup hid the more complicated aspects of the technology behind a sleek user interface.
Part dashboard, part app store, the browser is designed to give users a seamless browsing experience by granting access to websites via a single identity login that — unlike profiles created on the traditional internet — they actually own.
“It allows you to run decentralized applications directly on your device,” said Shea. “And it allows you to plug into identity and data storage that you can control.”
A new kind of crypto-token
Similar to how domains are today registered for a fee on the internet, the new token will be used to file the registration fees paid directly to the network.
Though technical details about the distribution model and other aspects of the token have yet to be settled, Ali and Shea emphasized this is not an ethereum-based ICO, but rather the sale of tokens created by their own technology.
“Currently, we’re launching a single token for Blockstack,” said Ali. “And we’ll have more details on app-specific tokens later.”
The Blockstack token itself only grants access to the digital property associated with it and, for the time being, the plan is that the tokens will be destroyed when they are converted into a digital property, such as a domain name.
The founders say the tokens will not function like ethereum’s gas, which gives the user access to the network’s computing resources.
According to Shea, the token needed to be separate from the systems they support in the event of any major changes, like the recent ethereum hard fork.
Tomi Engdahl says:
Jacob Kastrenakes / The Verge:
1Password adds Travel Mode feature that lets users easily wipe passwords from the app before departing and then restore them upon arrival
1Password adds a ‘travel mode’ to keep your passwords safe at the border
https://www.theverge.com/2017/5/23/15681990/1password-travel-mode-feature-added-security
1Password received a handy new feature last week that allows the app to temporarily remove all passwords, credit cards, and other stored data from a user’s devices. The feature is called Travel Mode, and it was created to protect users worried about running into trouble with security agents while traveling.
Increasingly, people are being asked to turn over and unlock their phones at the border, and doing that can expose a huge amount of data. Add in an app like 1Password — a central repository for a ton of private data — and it’s easy to see why someone would be worried about having to hand over their phone.
Travel Mode requires a bit of work, but it goes a good way to resolve that problem. 1Password subscribers now have the ability to mark certain “vaults” (essentially, profiles containing a bunch of different passwords and secure information) as “safe for travel.”
Then, when Travel Mode is activated from the web, all vaults that aren’t marked “safe” will be completely pulled from any devices they were syncing to. That means there should be no data left for anyone to search through, even if a third party somehow gained access. Once Travel Mode is deactivated, the missing vaults will sync across all devices again.
The downside to using Travel Mode is that subscribers will necessarily lose access to some of their data. That means anyone using this feature will likely need to set up a separate travel-friendly vault that stores the basic passwords they may need to get through a trip. But for anyone worried about their information falling into someone else’s hands, that doesn’t sound like a huge hassle.
This feature could be useful for companies, too.
Tomi Engdahl says:
And now SMB problems on Linux side as well:
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely
http://thehackernews.com/2017/05/samba-rce-exploit.html?m=1
A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.
Tomi Engdahl says:
Report: Microsoft to buy security firm Hexadite for $100M as Cloudyn still in progress
https://techcrunch.com/2017/05/24/microsoft-hexadite-100m-cloudyn/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
Calacalist reported earlier today that Microsoft is paying $100 million to acquire Hexadite, a cybersecurity company that uses AI to sort through and address smaller network attacks — which can run up to 10,000 a month for a larger organization — while identifying larger problems for security specialists to tackle.
For what it’s worth, a single source tells us that both the Hexadite and Cloudyn acquisitions are in progress, and the Hexadite acquisition will likely be announced in a couple of weeks
Tomi Engdahl says:
Beth Rigby / Sky News:
G7 leaders back Theresa May’s call for internet firms including Google, Twitter, and Facebook to step up efforts against extremist content
G7 leaders back Theresa May’s call for a crackdown on extremist content online
http://news.sky.com/story/g7-leaders-back-theresa-mays-call-for-a-crackdown-on-extremist-content-online-10894506
The premier defends her record on tackling terrorism in the face of police cuts and the failure to stop returning jihadi fighters.
Theresa May secured support from fellow G7 leaders on tackle extremists online and stop foreign fighters returning to the UK and Europe, as the Prime Minister put counter-terrorism centre stage of the annual summit of leading industrial states.
Mrs May warned the threat from Islamic state was moving “from the battlefield to the internet” as she led sessions on counter-terrorism in Taormina in Italy.
In the wake of the Manchester bombing the PM and her counterparts agreed a series of measures to step up the fight against terror and backed her call for more pressure to be put on internet companies such as Google, Facebook and Twitter to target extremist content.
Mrs May described the G7 joint statement as “a significant step forward”, and said she wanted to see terrorist material taken down “more urgently and more rapidly than it is at the moment”.
“We need to work together to fight against the evil of terrorism. And nobody can be in any doubt, after what we saw in Manchester, of just how evil those terrorists are.”
Tomi Engdahl says:
John Leyden / The Register:
Trend Micro: ransomware grew 752% in 2016 and generated $1B in revenue
Feeling Locky, punk? Ransomware grew eight-fold last year
Days of future past
http://www.theregister.co.uk/2017/05/24/ransomware_trends/
Ransomware saw a more than eight-fold (752 per cent) increase as a mode of attack in 2016, according to Trend Micro.
The infosec firm estimates file-scrambling malware families such as Locky and Goldeneye raked in $1 billion in 2016.
2016 was the year when ransomware ruled, and this danger has been maintained by recent WannaCrypt attacks and the latest threat Eternal Rocks, which has no kill switch and continues to grow.
Trend Micro’s report, Ransomware: Past, Present and Future (pdf), provides a useful overview of the history and evolution of ransomware, from its beginnings in Russia in 2005/6 to the growth of the ransomware-as-a-service (RaaS) business model.
https://documents.trendmicro.com/assets/wp/wp-ransomware-past-present-and-future.pdf
Tomi Engdahl says:
Rita Katz / Motherboard:
How ISIS and other terrorist groups evade YouTube’s censors: unlisting explicit videos from search, linking to explicit content in video descriptions, more
How Terrorists Slip Beheading Videos Past YouTube’s Censors
RK
Rita Katz
https://motherboard.vice.com/en_us/article/how-terrorists-slip-beheading-videos-past-youtubes-censors
Other jihadi propaganda on the video-sharing platform may be visually more low-key, but are just as insidious in their own ways.
Google services—namely YouTube—are the most plentiful and important links used by terrorist organizations to disseminate their propaganda. And despite all of YouTube’s efforts to keep them out thus far, such groups still manage to sneak their media onto its servers.
The amount of YouTube and other Google links created to push terrorist content is hard to overstate.
The importance of YouTube to The Upload Knights and other terrorist media groups is clear as day. During a two-day span following the release of “And You Will be Superior,” The Upload Knights distributed the video and its promotional banner with 136 unique links from Google services alone: 69 for YouTube, 54 for Google Drive, and 13 for Google Photos.
Keep in mind, that was just one video, and just one media group.
YouTube is equally important for al Qaeda (AQ) and its affiliates.
As a teenage female IS recruit from Colorado once answered in an online Q&A platform, when asked what she does when she can’t sleep at night: “Watch lectures on youtube and stay on twitter.”
And it’s not just jihadist content plaguing YouTube’s servers. Violently racist and bigoted videos
Simply put, advertisers’ concerns are not unfounded.
It would be unfair to say YouTube hasn’t done anything to stop terrorist media from reaching its servers.
To this point, YouTube has made it easy for users to flag policy-violating content and worked toward implementing automated solutions for detecting terrorist content. However, as I’ve stated before, terrorist propaganda comprises a lot more than the gory execution videos which detection technologies may seek to find. And, just as troublingly, terrorist groups have repeatedly found ways to bypass unwanted attention from non-supporting users and administrators.
often label YouTube videos as “unlisted,” meaning that the videos cannot be searched—only accessed if you are given the link. This feature works well to keep a video somewhat contained to supporters and prospects.
Terrorist groups also upload videos that are not the actual videos they are advertised to be.
Toward Better Solutions
Terrorist groups are brand-focused by their very nature. Thus, releases by these organizations consistently bare recurring elements, including hashtags, phrases, and watermarks.
YouTube already uses precisely the type of technology that could recognize much of these elements on its servers as such. So, if the company can recognize copyright-infringing material and other policy-violating content, then why can’t it do so for propaganda from a group like IS or AQ?
A lot of terrorist media groups also use uploading scripts like Rapidleech, which enable them to simultaneously upload content to multiple services, including YouTube, and easily repeat the process for each new piece of content.
Extremist groups’ ongoing embrace of YouTube, and their investment in new ways to stay on it, signals a clear and troubling message: terrorists still feel like they have a grasp on the platform.
YouTube’s issue with terrorist content is not just one of advertising revenue; it is one of safety. That said, we should all wish the video-sharing company and all other stake-holding information and communication technology platforms the best in countering extremist content on their servers, and hope to see these companies embrace new, adaptive solutions and partnerships in doing so.
Tomi Engdahl says:
British Airways cancels all flights from Gatwick and Heathrow due to IT failure
https://www.theguardian.com/world/2017/may/27/british-airways-system-problem-delays-heathrow
Hundreds of flights at the two airports have been affected, with more around the world suffering major delays
British Airways cancelled all flights from Heathrow and Gatwick on Saturday due to a major IT failure causing severe disruption to its global operations that is expected to run into Sunday.
The computer crash affected BA’s booking system, baggage handling, mobile phone apps and check-in desks, leaving passengers facing long queues and confusion in airports or delays while planes were held on runways.
More than 1,000 flights were affected.
Given that the WannaCry ransomware attack happened just two weeks ago, there was immediate speculation that BA’s IT systems had been hacked. But BA said: “We’ve found no evidence that it’s a cyber-attack.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Citizen Lab report details how emails phished from journalist critical of Russia were falsified, then leaked for disinformation campaign; 200+ others targeted
E-mails phished from Russian critic were “tainted” before being leaked
Campaign targeting more than 200 people also spread disinformation, report says.
https://arstechnica.com/security/2017/05/e-mails-phished-from-russian-critic-were-tainted-before-being-leaked/
E-mails stolen in a phishing attack on a prominent critic of Russian President Vladimir Putin were manipulated before being published on the Internet. That’s according to a report published Thursday, which also asserts that the e-mails were manipulated in order to discredit a steady stream of unfavorable articles.
The phishing attack on journalist David Satter’s Gmail account was strikingly similar to the one that hit Hillary Clinton presidential campaign chairman John Podesta last year.
Thursday’s report from the University of Toronto’s Citizen Lab stopped short of saying Russia’s government was behind the phishing attack and subsequent manipulation of Satter’s e-mail. US intelligence officials, however, have determined that Russia was behind the attacks on Podesta and other Democratic officials. Thursday’s report also said the same attack on Satter targeted 218 other individuals, including a former Russian prime minister, members of cabinets from Europe and Eurasia, ambassadors, high-ranking military officers, and CEOs of energy companies.
Some of the documents obtained in the phishing attack on Satter were published by CyberBerkut, a self-described pro-Russian group. One e-mail was heavily edited to make Satter appear to be paying Russian reporters and activists to write stories critical of the Russian government. The edited e-mail gave the impression the articles were part of a large and non-existent project to pay for articles by a range of authors, which would subsequently be published by a range of media outlets.
While Guccifer 2.0 has long claimed to be a Romanian activist, US intelligence officials have said they believe the figure works on behalf of the Russian military.
Tomi Engdahl says:
Russia’s Disinformation Efforts Hit 39 Countries: Researchers
http://www.securityweek.com/russias-disinformation-efforts-hit-39-countries-researchers
Russia’s campaign of cyberespionage and disinformation has targeted hundreds of individuals and organizations from at least 39 countries along with the United Nations and NATO, researchers said Thursday.
A report by the Citizen Lab at the University of Toronto revealed the existence of “a major disinformation and cyber espionage campaign with hundreds of targets in government, industry, military and civil society,” lead researcher Ronald Deibert said.
The findings suggest that the cyber attacks on the 2016 presidential campaign of Hillary Clinton — which US intelligence officials have attributed to Russia — were just the tip of the iceberg.
Citizen Lab researchers said the espionage has targeted not only government, military and industry targets, but also journalists, academics, opposition figures, and activists,
Notable targets, according to the report, have included a former Russian prime minister, former high-ranking US officials, members of cabinets from Europe and Eurasia, ambassadors, high ranking military officers and chief executives of energy companies.
Tomi Engdahl says:
Can We Ever be Prepared for the Next WannaCry?
http://www.securityweek.com/can-we-ever-be-prepared-next-wannacry
The recent WannaCry ransomware outbreak is yet another wake-up call. Humans alone can no longer be expected to manually respond to brazen, fast-spreading cyber-attacks that strike without warning and routinely bypass porous network borders. The early indicators of the attack were evident, but it spread too quickly for human security teams to react before it spread across the world like wildfire.
Cyber-criminals now have easy access to inexpensive, sophisticated, and fast-moving malware. The Shadow Brokers hacking group recently announced a monthly subscription platform to gain access to their arsenal of cyber-weapons, including the EternalBlue vulnerability that WannaCry exploited. Similarly, underground marketplaces are selling ready-made malware that even amateur hackers can use, some of which even come with live chat support and customer service.
Thanks to the rise of the ransomware-as-a-service (RaaS) business model, cyber-criminals were able to launch 638 million ransomware attacks in 2016 alone, netting them over $1 billion in revenue. Attacks like WannaCry infect networks in a matter of minutes, and unlike previous forms of ransomware, they do not rely on phishing emails to spread. These threats are often built with custom code from the dark web, making it extremely difficult for legacy security tools to detect them.
Tomi Engdahl says:
The Impact of WannaCry on the Ransomware Conversation
http://www.securityweek.com/impact-wannacry-ransomware-conversation
All indicators point to the initial infection occurring via a traditional phishing attempt, in which unsuspecting employees downloaded malicious files from their email. What made WannaCry so impactful was its ability to break away from its originating computer and rapidly traverse the network, infecting connected computers in its wake.
While phishing, ransomware and a fast-moving worm are not in themselves new, the combination of these strategies was epidemic-like. As WannaCry requires no ongoing interaction on the part of the attacker, it was the perfect method to quickly spread throughout a vulnerable enterprise.
While this approach isn’t entirely surprising, it is alarming and appears to be the first time that a ransomware payload has been targeted in this way at such a large scale.
Ransomware is not a new issue. It has been around for decades, and it’s been talked about in earnest in the security industry for several years now. Nonetheless, it continues to be one of the top causes for concern for CISOs, and ransomware attacks grew 36 percent in 2016. So why is it continuing to have such a major impact on cybersecurity? Because solving this problem is really, really hard.
Ransomware is so successful because it relies on a human element, and as much as we hate to admit it, humans are fundamentally flawed. It’s for this reason that WannaCry continued to impact computers well into the week following the initial attack, despite many organizations spending all weekend notifying their employees and the public and fixing the issues that hit during the business day on Friday. No matter how much employee training or awareness goes into instructing your employees or the general public to refrain from opening attachments, deleting unknown emails and paying attention to the crucial signs of ransomware, the mere reliance on humans is an inherent failing that cannot be overcome.
So what can you do to protect your organization from an inevitable targeting? While ransomware attacks and targets may have evolved, the ways to protect yourself haven’t.
The best way to react after becoming the victim of a ransomware attack is to completely erase all data from your systems, removing the hackers’ ability to control your information. Take a “no negotiation with terrorists” stance. Of course, that also removes all of your own data, which means it’s crucial to have extensive back-ups, thereby removing the hold that criminals have over you altogether. Understanding your organization’s use and warehouse of data, and backing up all of that data, is an essential first step toward preventing any ramifications of a future ransomware attack.
It’s also important to develop a plan of action in the event that your organization is compromised. Consider the potential implications to your reputation, such as company valuation or public brand perception, if you do or do not pay a ransom.
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Tomi Engdahl says:
Radio Controlled Pacemakers Are Easily Hacked
http://hackaday.com/2017/05/27/radio-controlled-pacemakers-are-easily-hacked/
Doctors use RF signals to adjust pacemakers so that instead of slicing a patient open, they can change the pacemakers parameters which in turn avoids unnecessary surgery. A study on security weaknesses of pacemakers (highlights) or full Report (PDF) has found that pacemakers from the main manufacturers contain security vulnerabilities that make it possible for the devices to be adjusted by anyone with a programmer and proximity. Of course, it shouldn’t be possible for anyone other than medical professionals to acquire a pacemaker programmer. The authors bought their examples on eBay.
They discovered over 8,000 known vulnerabilities in third-party libraries across four different pacemaker programmers from four manufacturers. This highlights an industry-wide problem when it comes to security. None of the pacemaker programmers required passwords, and none of the pacemakers authenticated with the programmers. Some home pacemaker monitoring systems even included USB connections in which opens up the possibilities of introducing malware through an infected pendrive.
Understanding Pacemaker Systems Cybersecurity
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
Tomi Engdahl says:
Fooling Samsung Galaxy S8 Iris Recognition
http://hackaday.com/2017/05/24/fooling-samsung-galaxy-s8-iris-recognition/
We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.
Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video
shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!
Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8
http://www.ccc.de/en/updates/2017/iriden
Tomi Engdahl says:
Hacked by Subtitles
http://hackaday.com/2017/05/25/hacked-by-subtitles/
CheckPoint researchers published in the company blog a warning about a vulnerability affecting several video players. They found that VLC, Kodi (XBMC), Popcorn-Time and strem.io are all vulnerable to attack via malicious subtitle files. By carefully crafting a subtitles file they claim to have managed to take complete control over any type of device using the affected players when they try to load a video and the respective subtitles.
Hacked in Translation – from Subtitles to Complete Takeover
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Tomi Engdahl says:
Cyber Interference – the Changing the Face of Elections
http://www.securityweek.com/cyber-interference-changing-face-elections
Influential Organizations and Individuals or Those With Ties to Government or Political Institutions May be Targets for Cyber Attacks
Last fall I wrote about cyber as the latest front on the election battlefield. This was based on two trends that emerged during the 2016 U.S. Presidential election cycle – a series of network breaches that resulted in leaked information, and an uptick in concerns over threats to voting systems. This proved to be a sign of things to come. Since then, similar activities have been reported surrounding elections in The Netherlands and France. With elections coming up in the UK in June and Germany in September what type of cyber interference might we expect? And, more importantly, what steps can we take to mitigate risk?
In the case of the UK elections, two factors are working against cyber attackers – because it is a snap election threat actors haven’t had as much time to prepare, and voting is still paper based. However the UK’s National Cyber Security Centre warns that the political parties themselves remain targets as do parliament, constituency offices, think tanks and individuals’ email accounts.
Network Intrusions: Network intrusions are typically conducted for intelligence-gathering purposes, potentially with a view to making sensitive information public as part of an influence operation designed to discredit a political candidate.
Public Data Leakage: An ideologically motivated actor may attempt to release sensitive or confidential information citing freedom of information and the fulfilment of a public service.
Hacktivism: Hacktivist actors are most often motivated by public attention, either for themselves or the issues they claim to represent. DoS attempts, website defacements and public data leaks achieved through techniques such as SQL injection are the most common types of attacks. Hactivists may also use social media to raise awareness, for example using “tweet storms,”
False media reports: We’ve heard a lot about “fake news” as of late, but threat actors may indeed disseminate false information to influence public opinion or discredit a particular candidate. They may use a wide variety of media including established online publications, spoof news sites, or through fake social media profiles on LinkedIn, Facebook and Twitter.
Tomi Engdahl says:
Understanding the Systemic Security Risks in ICS Networks
http://www.securityweek.com/understanding-systemic-security-risks-ics-networks
In my previous article, I outlined details of the changing threat landscape in Industrial Control Systems (ICS). Of note, I pointed – as we have been with a good deal of frequency – to the growing risk of cyber-crime activity/ransomware activity on the shop floor.
The security risk to ICS networks is systemic and not determined by vulnerabilities alone. Yes, vulnerabilities are a major problem and, of course, they represent pathways which can be exploited by our adversaries. But we need to understand that reaching the ICS network is relatively easy once a foothold is established on the IT side of the house – and we have seen just how easy that access is over the course of the past 10 years of daily breach headlines. Once inside the ICS/OT network, causing havoc is as simple as talking to PLCs with legitimate commands.
Accessing the ICS/OT Network
The concept of a completely air-gapped ICS/OT environment is dead. For a variety of reasons, these networks are increasingly interconnected with IT and accessible to the outside world. As a result, there are two main pathways open for adversaries. Neither of which require some insanely clever or novel vulnerability exploit:
• Getting to ICS/OT through IT interconnections with the “normal tools of the trade” – spear phishing and watering hole attacks, etc.
• Getting in directly through ICS/OT connections to the outside world – publicly facing IPs of PLCs, compromised VPNs, unaudited, uncontrolled, unmonitored remote access
Side note: Keep in mind that the median number of days before attackers are detected on IT networks in North America is 99 days (source: Mandiant) with dozens of security tools watching. In the ICS/OT space network monitoring is scarce and once an attacker transitions from IT to ICS/OT, there is virtually nothing to detect them. Case in point: It is believed the Sandworm Team was active for MONTHS on the Ukraine networks impacted in 2015 and 2016.
Tomi Engdahl says:
Thousands of Third-Party Library Flaws Put Pacemakers at Risk
http://www.securityweek.com/thousands-third-party-library-flaws-put-pacemakers-risk
Researchers have conducted a detailed analysis of pacemaker systems from four major vendors and discovered many potentially serious vulnerabilities.
The fact that implantable cardiac devices such as pacemakers and defibrillators are vulnerable to hacker attacks has been known for years, and while steps have been taken to address issues, security experts still report finding flaws in these products.
WhiteScope, a company founded by Billy Rios, one of the first security researchers to analyze medical devices, recently conducted an analysis of the implantable cardiac device ecosystem architecture and implementation interdependencies, with a focus on pacemakers.
Tomi Engdahl says:
Survey Shows Disparity in GDPR Preparedness and Concerns
http://www.securityweek.com/survey-shows-disparity-gdpr-preparedness-and-concerns
The European General Data Protection Regulation will take effect in exactly one year from today. It will affect any company that does business with the EU, whether that company is based in Europe or elsewhere (such as the US). While there have been many surveys indicating that affected firms are far from prepared, there are few that highlight the geographic disparity in readiness.
One Year Out: Views on GDP (PDF), conducted by Vanson Bourne for Varonis, is particularly detailed. It surveyed 500 IT decision makers in organizations with more than 1,000 employees in the US (200), the UK (100), Germany (100) and France (100). Unlike many such surveys, it includes the raw data, allowing readers to dig deep into areas of interest or concern.
Unsurprisingly, given other surveys, the headline result is that 75% of respondents “face serious challenges in being compliant with the EU GDPR by 25th May 2018.” This result is consistent across all four nations; but those who strongly agree range from 15% in the UK (the lowest) to 25% (the highest) in the US.
https://info.varonis.com/hubfs/docs/2017-GDPR-survey-results.pdf
Tomi Engdahl says:
NIST Helps You With Cryptography
http://hackaday.com/2017/05/25/nist-helps-you-with-cryptography/
Getting cryptography right isn’t easy, and it’s a lot worse on constrained devices like microcontrollers. RAM is usually the bottleneck — you will smash your stack computing a SHA-2 hash on an AVR — but other resources like computing power and flash code storage space are also at a premium. Trimming down a standard algorithm to work within these constraints opens up the Pandora’s box of implementation-specific flaws.
NIST stepped up to the plate, starting a lightweight cryptography project in 2013 which has now come out with a first report, and here it is as a PDF. T
Still, there are some concrete recommendations. Here are some spoilers. For encryption, they recommend a trimmed-down version of AES-128, which is a well-tested block cipher on the big machines. For message authentication, they’re happy with Galois/Counter Mode and AES-128.
Report on Lightweight Cryptography
http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8114.pdf
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Citizen Lab report details how emails phished from journalist critical of Russia were falsified, then leaked for disinformation campaign; 200+ others targeted
E-mails phished from Russian critic were “tainted” before being leaked
Campaign targeting more than 200 people also spread disinformation, report says.
https://arstechnica.com/security/2017/05/e-mails-phished-from-russian-critic-were-tainted-before-being-leaked/
Tomi Engdahl says:
Issie Lapowsky / Wired:
Inside DoD’s Digital Defense Service, which revamps tools and procedures lagging behind the private sector, and draws Silicon Valley talent for two-year tours — A disembodied voice sounded over a loudspeaker. “Incoming. Take cover,” it warned to anyone within earshot. Then, the sirens began to wail.
Meet the Nerds Coding Their Way Through the Afghanistan War
https://www.wired.com/2017/05/meet-nerds-coding-way-afghanistan-war/
She’d come on a more mundane mission: to make the tech tools that NATO uses in Afghanistan suck a little less.
Delaney is part of a 27-person unit that comprises the Defense Digital Service, a sort of tech SWAT team within the Department of Defense. Engineers and data experts from across the country leave their jobs at companies like Netflix, IDEO, Palantir, and, yes, Dropbox and join DDS for tours of duty that typically last about two years. They spend that time revamping and often completely reinventing the “tools and practices that lag far behind private sector standards,” as the Pentagon itself puts it.
“The Defense Department must move at the speed of relevancy,” Defense Secretary James Mattis told WIRED in a statement. “The Defense Digital Service team plays a critical role in meeting that commitment.”
It turns out that dispatching just a few private-sector experts to the battlefield can make life a little easier for personnel on the ground.
Tomi Engdahl says:
Paul Hutcheon / Herald Scotland:
At least 5 Scottish police officers face misconduct investigation after probe into misuse of Regulation of Investigatory Powers Act to find journalists’ sources — AT least five police officers are facing a misconduct investigation after an independent probe into the journalist spying scandal came to a close.
Independent report backs misconduct probes for police officers in journalist spy scandal
http://www.heraldscotland.com/news/15314035.Independent_report_backs_misconduct_probes_for_police_officers_in_journalist_spy_scandal/
AT least five police officers are facing a misconduct investigation after an independent probe into the journalist spying scandal came to a close.
Durham Constabulary handed over two reports earlier this month and Police Scotland now has to make a decision on how to proceed.
In 2015 the Sunday Herald revealed that Police Scotland’s Counter Corruption Unit (CCU) had unlawfully used the Regulation of Investigatory Powers Act (RIPA) in a bid to flush out a newspaper’s sources.
The paper had embarrassed the force by exposing the failed investigation
Tomi Engdahl says:
Daniel Oberhaus / Motherboard:
Study: after switching exclusively to HTTPS, Wikipedia saw fewer instances of government censorship
Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship
https://motherboard.vice.com/en_us/article/wikipedias-switch-to-https-has-successfully-fought-government-censorship
Harvard researchers found fewer instances of Wikipedia censorship after the site started encrypting all of its traffic.
“Knowledge is power,” as the old saying goes, so it’s no surprise that Wikipedia—one of the largest repositories of general knowledge ever created—is a frequent target of government censorship around the world. In Turkey, Wikipedia articles about female genitals have been banned; Russia has censored articles about weed; in the UK, articles about German metal bands have been blocked; in China, the entire site has been banned on multiple occasions.
In 2011, Wikipedia added support for Hyper Text Transfer Protocol Secure (HTTPS), which is the encrypted version of its predecessor HTTP.
“The decision to shift to HTTPS has been a good one in terms of ensuring accessibility to knowledge.”
In short, HTTPS prevents governments and others from seeing the specific page users are visiting. For example, a government could tell that a user is browsing Wikipedia, but couldn’t tell that the user is specifically reading the page about Tiananmen Square.
Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia, the full version would still be available using HTTPS. But in June 2015, Wikipedia decided to axe HTTP access and only offer access to its site with HTTPS.
“this initial data suggests the decision to shift to HTTPS has been a good one in terms of ensuring accessibility to knowledge.”
Tomi Engdahl says:
G7 Demands Internet Giants Crack Down on Extremist Content
http://www.securityweek.com/g7-demands-internet-giants-crack-down-extremist-content
Taormina, Italy – The G7 nations on Friday demanded action from internet providers and social media firms against extremist content online, vowing to step up their fight against terrorism after the Manchester attack.
“The G7 calls for Communication Service Providers and social media companies to substantially increase their efforts to address terrorist content,” Britain, the United States and their G7 partners said in a statement.
“We encourage industry to act urgently in developing and sharing new technology and tools to improve the automatic detection of content promoting incitement to violence, and we commit to supporting industry efforts in this vein including the proposed industry-led forum for combating online extremism,” they said.
Elders at the Manchester mosque where the bomber sometimes worshipped have insisted that they preached a message of peace.
It has been suggested that he may well have been radicalized online by accessing content that is freely available from the likes of the Islamic State group.
“Make no mistake: the fight is moving from the battlefield to the internet,” Prime Minister Theresa May told her G7 colleagues.
According to a senior British government source, May urged the G7 countries to share police expertise and border security methods with countries where foreign fighters travel through or fight in.
Tomi Engdahl says:
Large Malvertising Campaign Delivers Array of Payloads
http://www.securityweek.com/large-malvertising-campaign-delivers-array-payloads
A malvertising campaign that has been active for more than a year is using fingerprinting to target users with a variety of payloads, Malwarebytes security researchers warn.
Dubbed RoughTed, this large malvertising operation peaked in March 2017, with its domains accumulating over half a billion visits in the past 3 months alone. Unique to it is the fact that it has a broad scope, ranging from scams to exploit kits, and that it delivers payloads based on user’s operating system, browser, and geolocation.
The campaign also uses effective techniques to triage visitors and bypass ad-blockers, which explains the large success it has seen so far. RoughTed’s operators have been using the Amazon cloud infrastructure, particularly the Content Delivery Network (CDN) and multiple ad redirections from several ad exchanges, the security firm says.
With traffic coming from thousands of publishers, some of which are ranked in Alexa’s top 500 websites, the campaign blended in and made it more difficult to identify the source of malvertising, Malwarebytes’ Jérôme Segura reveals.
Upon initial detection, the campaign was redirecting to the Magnitude exploit kit, but started redirecting to the RIG exploit kit just days later.
RoughTed: The anti ad-blocker malvertiser
https://blog.malwarebytes.com/cybercrime/2017/05/roughted-the-anti-ad-blocker-malvertiser/
Highlights
Traffic comes from thousands of publishers, some ranked in Alexa’s top 500 websites.
RoughTed domains accumulated over half a billion visits in the past 3 months alone.
Threat actors are leveraging fingerprinting and ad-blocker bypassing techniques upstream.
RoughTed can deliver a variety of payloads for each platform: scams, exploit kits, and malware.
Tomi Engdahl says:
India’s Ethical Hackers Rewarded Abroad, Ignored at Home
http://www.securityweek.com/indias-ethical-hackers-rewarded-abroad-ignored-home
Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news — he had hacked their website and could book flights anywhere in the world for free.
It was a familiar tale for India’s army of “ethical hackers”, who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted.
India produces more ethical hackers — those who break into computer networks to expose, rather than exploit, weaknesses — than anywhere else in the world.
The latest data from BugCrowd, a global hacking network, showed Indians raked in the most “bug bounties” — rewards for red-flagging security loopholes.
Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers.
Tomi Engdahl says:
Organizations Concerned About Medical Device Attacks: Study
http://www.securityweek.com/organizations-concerned-about-medical-device-attacks-study
Many manufacturers and healthcare delivery organizations (HDO) are concerned about medical device attacks, but only few have taken significant steps to address the threat, according to a study commissioned by electronic design automation solutions provider Synopsys.
The study, based on a survey of 550 individuals conducted by the Ponemon Institute, shows that 67 percent of medical device makers and 56 percent of HDOs believe an attack on the medical devices they build or use is likely to occur in the next 12 months.
In fact, roughly one-third of respondents said they were aware of cyber incidents that had a negative impact on patients, including inappropriate therapy or treatment delivery, ransomware attacks, denial-of-service (DoS) attacks, and hijacking of medical devices.
On the other hand, only 17 percent of device manufacturers and 15 percent of HDOs have taken significant steps to prevent attacks. Roughly 40 percent on both sides admitted that they haven’t done anything to prevent attacks.
Tomi Engdahl says:
Why ‘DIY Deep & Dark Web Intelligence’ is a Bad Idea
http://www.securityweek.com/why-diy-deep-dark-web-intelligence-bad-idea
Trying to Gather Threat Intelligence From the Deep & Dark Web Creates a Substantial Risk for Organizations
The Deep & Dark Web (DDW) remains the key source for invaluable data and intelligence pertaining to a wide range of cyber and physical threats, fraudulent activities, and malicious actors. Indeed, it’s a promising sign that more organizations are recognizing the critical need to incorporate intelligence derived from these online regions into their security and risk strategies.