tag:blogger.com,1999:blog-89874653146766339842024-03-13T07:29:52.682+00:00Tactical Intelligence Security The Security Blog From Tactical Intelligence SecurityUnknownnoreply@blogger.comBlogger33125tag:blogger.com,1999:blog-8987465314676633984.post-5049920133898146882023-04-03T00:24:00.001+00:002023-04-03T16:28:53.959+00:00The Weaponization of Cyberspace: How National Interests are Fragmenting Global Networks in 2023<p> In 2023, the weaponization of cyberspace and the clash of national interests will lead to the breakdown of global networks into regional or even national architectures. As digitalization continues at a rapid pace, with estimates indicating that over 60% of the world's GDP will be digitalized by 2023, the ecosystem supporting it, cyberspace, is undergoing significant transformation. While technology investments increase across the board, the principles and assets governing cyberspace are eroding.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiw1RzmYx-XJBiexDh46BPIUy95rNMHxxrTHJntSnE0Bbpi_MPwQTMm4fl4_EtlD4mtbcsoxNtZVC9ZfW_5xv_v1g84i8HnizOp0W3-ulM_mqE3CYpZ1ZUVWABpZJbGYGiOvFn_hCfReLqoi8siG48EhgozmxwEUIdy82PtRdmi-Fa-T05reexUdclxHw/s1784/22575-cyber-infographic-eng-800px-05.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Top Risks 2023: Cyber infographic" border="0" data-original-height="1784" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiw1RzmYx-XJBiexDh46BPIUy95rNMHxxrTHJntSnE0Bbpi_MPwQTMm4fl4_EtlD4mtbcsoxNtZVC9ZfW_5xv_v1g84i8HnizOp0W3-ulM_mqE3CYpZ1ZUVWABpZJbGYGiOvFn_hCfReLqoi8siG48EhgozmxwEUIdy82PtRdmi-Fa-T05reexUdclxHw/s16000/22575-cyber-infographic-eng-800px-05.jpg" title="Top Risks 2023: Cyber infographic" /></a></div><br /><p><br /></p><p><br /></p><p>The cyber arms race will accelerate in 2023, enabled by an expanded attack surface and a significant increase in automation across the spectrum of cyber threats. All threat actors are prioritizing the development of their capabilities, and the potential for real physical damage is at an all-time high as IT and OT (operational technology) networks converge. Governments and industry advisories focused on industrial control systems (ICS) have increased in recent years, and their successful exploitation by states and criminal groups is growing at an alarming rate.</p><p><br /></p><p>In parallel to this weaponization, states are looking to exert more control over what some have already defined as their national cyberspace. In 2023, more than 75% of the world's population will be covered by at least one data privacy regulation. Combined with sanctions on specific technologies or vendors, the illusion of a truly global cyberspace is fading. The next iteration of states' intervention in 2023 and beyond will primarily focus on restricting which technologies can be used in their cyberspace.</p><p><br /></p><p>The consequences of these two phenomena on organizations are existential. Network and system resilience will be tested like never before in 2023. The proliferation of vulnerabilities, connectivity, and threat actors targeting current and emerging technologies will challenge even the most advanced cyber security teams. Cloud services, operational technologies, and IT service providers will continue to face the most critical threats from states, criminals, and activists in 2023. The prospect of data and system integrity risks is also a concern. While organizations look to automation and AI as business enablers and security controls, threat actors have already begun weaponizing these tools and will increase their focus on them.</p><p><br /></p><p>The ambition of operating a single global network for multinational organizations will be significantly challenged. While in recent years many attempted to centralize their operations and simplify their digital supply chains, the reality of nationalism in cyberspace will reverse many of these efforts. Compliance and political considerations will force organizations to build at best regional, at worst national networks within their own business. Ultimately, the digital organization of tomorrow will be a fragmented one. The key to avoiding the death of global networks will increasingly be decentralization - reversing the prevailing trend towards centralization to gain efficiencies and control. Beyond 2023, decentralized digital environments will provide greater agility, security, and resilience to those that adopt them.</p><p><br /></p><p>Tactical Intelligence Security can help organizations navigate these challenges and protect their networks and critical assets. Our AI-powered VAPT services provide fast and accurate vulnerability identification, allowing organizations to proactively improve their security and avoid the consequences of a cyber attack. Contact us today to learn more and schedule a demo.</p><p><br /></p><p><br /></p><p><br /></p>Unknownnoreply@blogger.com0Accra, Ghana5.6037168 -0.1869644-22.706517036178845 -35.3432144 33.913950636178846 34.9692856tag:blogger.com,1999:blog-8987465314676633984.post-86595881682949770412022-06-17T08:24:00.000+00:002022-06-17T08:24:33.514+00:00Cyber Security Best Practices<p> </p><h4 class="show_hide" style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Introduction</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">Securing your computer is a complex issue. Possible measures are endless, and many of them impose some restrictions on the legitimate user, which means there is a tradeoff between security and usability. Couple that with the fact that some measures require expert knowledge or complicated configuration, and it becomes obvious that it is hard for me to present a list like the one below. Not only do I have to concentrate on a single aspect of security, but such a list cannot possibly be complete. What I can do however, is to try and establish a baseline that I believe provides an acceptable basis, is general and easy enough so that I can recommend it to most end-users, and leaves most of your freedom/comfort intact so that you aren't scared away by the downsides. I strongly recommend everybody to adhere to as many of these practices as they can, because the list below is not nearly all that you can do to protect yourself, but merely a good start.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #1 – Keep your software updated</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">After your OS and your software are installed, they should stay regularly updated. Turning automatic updaters on in your applications (or simply not turning them off) is a seamless and frustration-free method of making sure you are always up to date. While this advice pertains to all software, some software stand out with their importance: The operating system, the internet browser, and your e-mail client (if you use an offline one). It is especially important to keep these updated with the latest security fixes as they provide the largest and most common attack surfaces. However frustrating this may be, this also means updating or even reinstalling your operating system when it has reached end-of-support in its lifecycle. In particular, as of january 2020, you should not be running a Windows version older than Windows 8.1.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #2 – Get a router, it is kind of a hardware firewall</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">For your home, get a router if you don't already have one. Better routers have very good firewalls with sophisticated features, but even cheap ones provide good inbound protection due to the way they do their so-called NAT. They will protect you against many attacks even when all your PC's defenses are down. Besides, a router is a requirement anyway if you need multiple devices at home connected to the internet. Depending on what kind of internet connection you have, your provider might even be making you have one (in which case they throw one at you for free). Routers sometimes impose some extra configuration upon you for a small number of applications, but since these devices are so common, guides are plenty on the internet to help you out in those cases.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #3 – You also need a software firewall</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">Most firewalls in routers can only filter inbound connections, but even those that can filter outbound are absolutely incompetent to differentiate between two applications if they use the same port. Which means in that case they will be unable to tell your browser from malware! Software firewalls can do this differentiation. If you think it is already too late when infected, think twice. Even after you get infected, an outbound firewall can limit the activation or spread of the virus inside your computer (by disallowing control connections or the download of additional malware modules), or prevent it from spreading onto your network. Also, don't just think of malware. Privacy is closely related to security, and pretty often limiting even legitimate software is part of protecting your privacy.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #4 – Disable AutoRun/AutoPlay</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">This tip is actually kind of outdated because this is already the default configuration in newer Windows versions. But I'm still including it in this list because there are enough people in the world using old Windows versions. Disable Windows' autorun function. See <a href="http://www.redmondpie.com/how-to-disable-autorun-autoplay-in-windows-7-and-windows-8/" style="border: 0px; color: #ce3966; font-family: inherit; font-style: inherit; font-weight: bold; margin: 0px; outline: none; padding: 0px; text-decoration-line: none; vertical-align: baseline;">this article</a> about the necessary steps. It protects you from your friend's or colleauge's infected USB drive who didn't even realize yet he has malware on it. This tip is even more important for those among you with laptops, as you probably use it in public or crowded places sometimes.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #5 – Antivirus are relics, but still useful</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">No matter what a company tells you about how advanced their antivirus technology is, antivirus software are just plainly stupid. I mean, not their principle or goal, but the way they try to detect malware. Cannot be helped, that's how current state of the art is. While one can be significantly better than others, all of them are primitive and anything else you hear is just marketing. Chances are you have already heard others say, malware and antivirus are a cat-and-mouse game. This is nothing new and has always been the case, but with the internet getting as ubiquitous as never before, innovations in antivirus technology basically non-existent, and the number, sophistication, and even funding of malware exploding rapidly, the cat is more and more behind the mouse. Get an antivirus if your computer's performance can afford it, it doesn't hurt (*cough* usually). An antivirus is a useful layer in your computer's security, but don't overestimate its value. If you rely solely on an antivirus as your only line of defense, your computer's security is pretty bad.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; font-weight: normal; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #6 – Choose your passwords well</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">Current research indicates, any password should be at least 8 characters long. Try to have lower- and upper-case characters in it, as well as numbers. Never make personal information (like your or your love's name, birth date, address etc.) part of your password, because as unlikely as it may seem, an attacker probably already knows these, and variations of these are gonna be among the first things they try. Oh, and do not use the same password everywhere. Everybody knows that good passwords are hard to remember and annoying to type in, but they are important. To ease your burden, use a password manager like <a href="http://keepass.info/" style="border: 0px; color: #ce3966; font-family: inherit; font-style: inherit; font-weight: bold; margin: 0px; outline: none; padding: 0px; text-decoration-line: none; vertical-align: baseline;">KeePass</a>. It will generate good passwords, remember and organize them, and will even type them in for you when asked. That way you only have to remember a single password (but be sure to keep it very safe), and the rest won't be a hassle anymore.</p><h4 style="border: 0px; color: #61182e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 1.2em; line-height: 1.25; margin: 0px 0px 1.25em; outline: none; padding: 0px; vertical-align: baseline;">Tip #7 – Use your common sense</h4><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;">Possibly the most important advice I can give you. That's right, if you decide to implement only one thing from this list and none more, make it this one! The rule is simple: read, think, decide. Most security breaches are due to user error or oversight at their core. Take anything you see in internet ads with a grain of salt (or better, just ignore them completely). Deals that are too good to be true are not true. Remember that the "From" address in e-mails is easily spoofed, so don't trust it. Don't open any document or executable from your e-mails unless you've been expecting it. Also don't download or start an executable if you've been expecting a document instead. Carve it deep into your mind that a legitimate institution, company, or website never-never-ever asks you in mail for a password. Does a mail look different than it normally does? Did you just win an online lottery but you need to enter your credit card details first? What's the chance of an oil billionaire wanting to give you some of his shares? Read, think, and don't be naive.</p><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;"><br /></p><p style="border: 0px; color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;"><br /></p><p style="border: 0px; margin: 0px 0px 1.5em; outline: none; padding: 0px; vertical-align: baseline;"><i style="color: #63777e; font-family: "Helvetica Neue", Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold;">Srouce: </i><span style="color: #63777e; font-family: Helvetica Neue, Arial, Helvetica, sans-serif;"><span style="font-size: 12px;"><b><i>https://tinywall.pados.hu/sectips.php</i></b></span></span></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-51387437123681582112021-02-19T13:34:00.005+00:002021-02-19T13:34:41.849+00:00Kia Motors Ransomware Attack: Details Emerge<p> <a href="https://www.kia.com/us/en" style="box-sizing: border-box; color: #990000; font-family: "Open Sans", sans-serif; font-size: 16px;">Kia Motors America</a><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">has suffered a ransomware attack by the DoppelPaymer gang,</span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><a href="https://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/" style="box-sizing: border-box; color: #990000; font-family: "Open Sans", sans-serif; font-size: 16px;">Bleeping Computers reports</a><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">.</span></p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">The report mentions:</p><ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;"><li style="box-sizing: border-box; margin-bottom: 5px;">Hackers are demanding $20 million for a decryptor and not to leak stolen data.</li><li style="box-sizing: border-box; margin-bottom: 5px;">Kia is suffering a nationwide IT outage that affects the company’ mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.</li></ul><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">A Kia Motors America statement to Bleeping Computers said:</p><blockquote style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1.5em;">“KMA is aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible.” – Kia Motors America.</p></blockquote><div class="desktop-ad ad2" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"><broadstreet-zone style="box-sizing: border-box;" zone-id="58281"></broadstreet-zone></div><div class="squeezein" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px -15px;"><div class="mobile-ad" style="box-sizing: border-box;"><broadstreet-zone style="box-sizing: border-box;" zone-id="58287"></broadstreet-zone></div></div><h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: sofia-pro, sans-serif; line-height: 1.1em;">DoppelPaymer Ransomware: Earlier Warnings</h2><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><a href="http://www.webroot.com/" style="background-color: transparent; box-sizing: border-box; color: #990000;">Webroot</a>, an <a href="http://www.opentext.com/" style="background-color: transparent; box-sizing: border-box; color: #990000;">OpenText</a> company, listed <a href="https://www.msspalert.com/cybersecurity-guests/the-nastiest-malware-of-2020/" style="background-color: transparent; box-sizing: border-box; color: #990000;">DoppelPaymer among the nastiest malware of 2020</a>.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">The <a href="https://beta.documentcloud.org/documents/20428892-doppelpaymer-fbi-pin-on-dec-10-2020" style="background-color: transparent; box-sizing: border-box; color: #990000;">FBI issued a DoppelPaymer warning</a> in 2020, after the ransomware surfaced in 2o19. <a href="https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/california-city-hackers-steal-data/" style="background-color: transparent; box-sizing: border-box; color: #990000;">DoppelPaymer ransomware attack victims include the City of Torrance, California</a>; hackers allegedly stole more than 200 GB of files from the city in early 2020.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">Trend Micro offers this overview of <a href="https://www.trendmicro.com/en_us/research/21/a/an-overview-of-the-doppelpaymer-ransomware.html" style="background-color: transparent; box-sizing: border-box; color: #990000;">how DoppelPaymer ransomware attacks typically work</a>.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-33051520544315978042020-12-11T12:03:00.001+00:002020-12-11T12:03:05.916+00:00Russian Hackers Target VMware Vulnerability, NSA Warns<p> <span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">Russian cyber actors are exploiting a vulnerability in</span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><a href="https://www.vmware.com/" rel="noopener noreferrer" style="box-sizing: border-box; color: #990000; font-family: "Open Sans", sans-serif; font-size: 16px;" target="_blank">VMware</a><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">Access and Identity Manager products to access protected data on affected systems, according to a</span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><a href="https://www.nsa.gov/" rel="noopener noreferrer" style="box-sizing: border-box; color: #990000; font-family: "Open Sans", sans-serif; font-size: 16px;" target="_blank">National Security Agency</a><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">(NSA) security advisory released this week.</span></p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">The VMware vulnerability affects the following products:</p><ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;"><li style="box-sizing: border-box; margin-bottom: 5px;">Workspace One Access</li><li style="box-sizing: border-box; margin-bottom: 5px;">Access Connector</li><li style="box-sizing: border-box; margin-bottom: 5px;">Identity Manager</li><li style="box-sizing: border-box; margin-bottom: 5px;">Identity Manager Connector</li></ul><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">To exploit the VMware vulnerability, cyber actors must have access to a device’s management interface, NSA indicated. They can then forge security assertion markup language (SAML) credentials to request access to protected data.</p><div class="desktop-ad ad3" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"><broadstreet-zone style="box-sizing: border-box;" zone-id="58282"></broadstreet-zone></div><div class="squeezein" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px -15px;"><div class="mobile-ad" style="box-sizing: border-box;"><broadstreet-zone style="box-sizing: border-box;" zone-id="58288"></broadstreet-zone></div></div><h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: sofia-pro, sans-serif; line-height: 1.1em;">How to Guard Against the VMware Vulnerability</h2><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">NSA is urging National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware products as soon as possible. It offers the following recommendations to guard against the VMware vulnerability:</p><ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;"><li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">Understand the Vulnerability: </span>The VMware vulnerability requires password-based access to a web interface and allows cybercriminals to execute Linux commands. As such, system administrators should leverage multi-factor authentication (MFA) and other appropriate security measures to minimize the threat’s impact.</li><li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">Understand the Relevance: </span>The VMware vulnerability enables cybercriminals to target customer and partner networks. Therefore, system administrators should identify any networks that could be affected by the vulnerability.</li><li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">Prioritize the Response: </span>System administrators must identify which data can be accessed via vulnerable VMware products, assess the risk associated with data that cybercriminals could access and patch vulnerable products accordingly.</li></ul><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">In addition, system administrators should review server logs and check and update service configurations to mitigate the VMware vulnerability, NSA stated. They also can leverage MFA for security credential services as needed.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-81615866645776117472020-12-08T11:43:00.001+00:002020-12-11T11:47:07.374+00:00State-Sponsored Hackers Steal FireEye Red Team Security Testing, Assessment Tools<p> <span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">State-sponsored hackers have attacked</span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><a href="http://www.fireeye.com/" style="box-sizing: border-box; color: #990000; font-family: "Open Sans", sans-serif; font-size: 16px;">FireEye</a><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">and stolen the cybersecurity company’s Red Team penetration testing and assessment tools, FireEye</span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><a href="https://www.sec.gov/ix?doc=/Archives/edgar/data/1370880/000137088020000037/feye-20201208.htm" style="box-sizing: border-box; color: #990000; font-family: "Open Sans", sans-serif; font-size: 16px;">disclosed in an SEC filing</a><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;"> </span><span style="background-color: white; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">on December 8, 2020. FireEye is concerned the hackers will potentially use the stolen Red Team penetration testing tools to attack additional companies. As a precaution, the company is sharing countermeasures to help potential targets mitigate attacks.</span></p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">The Cybersecurity and Infrastructure Security Agency (<a href="https://us-cert.cisa.gov/" style="background-color: transparent; box-sizing: border-box; color: #990000;">CISA</a>), part of the U.S. Department of Homeland Security, <a href="https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools" style="background-color: transparent; box-sizing: border-box; color: #990000;">issued this warning about the stolen FireEye tools</a>.</p><div class="wp-caption alignright" id="attachment_31431" style="background-color: white; box-sizing: border-box; color: #444444; float: right; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 5px 0px 10px 10px; width: 210px;"><img alt="" aria-describedby="caption-attachment-31431" class="size-full wp-image-31431" height="200" src="https://www.msspalert.com/wp-content/uploads/2018/08/Kevin-Mandia-FireEye-2018.jpg" style="border: 0px; box-sizing: border-box; display: block; height: auto; max-width: 100%;" width="200" /><p class="wp-caption-text" id="caption-attachment-31431" style="background-color: #dddddd; box-sizing: border-box; font-size: 12px; line-height: 1.5em; margin: 0px 10px 1.5em 0px; padding: 2px 5px; text-align: center;">FireEye CEO Kevin Mandia</p></div><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;">Among the key FireEye disclosures in the SEC filing:</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">1. State Sponsored Actor?:</span> The attacker was a “highly sophisticated cyber threat actor” whose “discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.” CEO Kevin Mandia believes the atack involves a “nation with top-tier offensive capabilities.”</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">2. FireEye Tools Were the Specific Target:</span> This attack specifically targeted FireEye, and used methods that “counter security tools and forensic examination.” Hackers attacked “used a novel combination of techniques not witnessed by us or our partners in the past.” The attacker targeted and accessed certain Red Team assessment tools that FireEye uses to test our customers’ security.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">3. FBI, Microsoft Assist Investigation:</span> FireEye is investigating the attack in coordination with the Federal Bureau of Investigation and other key partners, including Microsoft.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">4. Defending Against the Red Team Tools: </span>FireEye is proactively “releasing methods and means to detect the use of our stolen Red Team tools.” The company doesn’t know if the attacker intends to use the Red Team tools or to publicly disclose them. FireEye has developed more than 300 countermeasures for customers and the community at large to use in order to minimize the potential impact of the theft of these tools.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">5. No Additional Attacks So Far:</span> FireEye has seen no evidence to date that any attacker has used the stolen Red Team tools, but continues to monitor for their use.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">6. Customer Information Targeted, But Not Stolen:</span> The attacker primarily sought information related to certain government customers. While the attacker was able to access some of FireEye’s internal systems, there’s no evidence (so far) that the attacker exfiltrated data from the company’s customer information, incident response or consulting engagements or the metadata collected by products in the dynamic threat intelligence systems. FireEye plans to contact customers directly if it discovers any information was detected.</p><p style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin: 0px 0px 1.5em;"><span style="box-sizing: border-box; font-weight: 700;">7. More Details:</span> If/when more details become available, <a href="http://www.fireeye.com/blog" style="background-color: transparent; box-sizing: border-box; color: #990000;">FireEye will disclose the information via its corporate blog</a>.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-42522736917840383142020-11-25T20:10:00.000+00:002020-11-28T20:22:06.884+00:00Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC cybercrime ring members<p><span style="font-family: inherit;">A global threat hunting and intelligence firm, Group-IB, sponsored an INTERPOL-led Falcon operation targeting Nigeria's business email compromise (BEC) cybercrime gang, dubbed TMT by Group-IB. The arrest of three people in Lagos culminated in a cross-border anti-cybercrime effort involving INTERPOL's Cybercrime Directorate, the Nigerian Police Force, and the APAC Cyber Investigations Team of Group IB. The prolific gang has infiltrated at least 500,000 government and private sector enterprises in more than 150 nations since at least 2017. As some of the gang members remain at large, the investigation continues.</span></p><p><span style="font-family: inherit;"><br /></span></p><p><span style="font-family: inherit;">A type of email phishing attack that relies on social engineering is Business Email Compromise (BEC). Phishing emails may be targeted at specific individuals with an entity as part of BEC or sent out en masse. They attempt to steal confidential data, frequently disguised as money transfer requests, HR messages or business proposals.</span></p><p><span style="font-family: inherit;"><br /></span></p><p><span style="font-family: inherit;">With the support of Group-IB Cyber Investigations and CERT-GIB teams, the three BEC gang members with the initials «OC» (32 y.o.), «IO» (34 y.o.), and «OI» (35 y.o.) were arrested in Lagos not long ago as part of the Falcon operation by the Nigerian cybercrime police unit. According to the Nigerian Police, the data found on the computers of the arrested TMT members verified their role in the criminal scheme and reported stolen data from at least 50,000 targeted victims.</span></p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZx7F2uqWSwvJ1v5JLhsXFnvoETytibmM7kBE7W5G9BT8GjYJPEVxQ-sbs05M7ini2sW414QKWkd3HZX8iESC6tn11um07GUlv5WcCJOJEUEGprzCpoc46Kphjlz4oH_K3LzNx19Xvpugc/s894/pic0.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="596" data-original-width="894" height="427" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZx7F2uqWSwvJ1v5JLhsXFnvoETytibmM7kBE7W5G9BT8GjYJPEVxQ-sbs05M7ini2sW414QKWkd3HZX8iESC6tn11um07GUlv5WcCJOJEUEGprzCpoc46Kphjlz4oH_K3LzNx19Xvpugc/w640-h427/pic0.jpg" width="640" /></a></div><p style="background-color: white; color: #404040; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 14px; letter-spacing: -0.256px; margin: -22px 0px 25px; text-align: center;">Pic. 1 Photograph courtesy of INTEPROL</p><p style="background-color: white; color: #404040; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 14px; letter-spacing: -0.256px; margin: -22px 0px 25px; text-align: center;"><br /></p><p style="background-color: white; margin: -22px 0px 25px; text-align: left;"><span style="color: #404040; font-family: inherit;"><span style="letter-spacing: -0.256px;">Since 2019, Group-IB has been monitoring the gang and identified that TMT gang members may have compromised about 500,000 government and private sector businesses. Group-IB was also able to determine that the gang is split into subgroups with a number of individuals still at large based on the infrastructure that the attackers use and their techniques. The results of other alleged gang members that Group-IB was able to track were shared with the Cybercrime Directorate of INTERPOL. The inquiry continues.</span></span></p><p style="background-color: white; margin: -22px 0px 25px; text-align: left;"><span style="color: #404040; font-family: inherit;"><span style="letter-spacing: -0.256px;"><br /></span></span></p><p style="background-color: white; margin: -22px 0px 25px; text-align: left;"><span style="color: #404040; font-family: inherit;"><span style="letter-spacing: -0.256px;">The study of their activities showed that the gang focuses on mass email phishing campaigns spreading common strains of malware under the pretext of buying orders, product inquiries, and even COVID-19 help impersonating legitimate businesses:</span></span></p><p style="background-color: white; margin: -22px 0px 25px; text-align: left;"><span style="color: #404040; font-family: inherit;"><span style="letter-spacing: -0.256px;"><br /></span></span></p><p style="background-color: white; margin: -22px 0px 25px; text-align: left;"><span style="color: #404040;"></span></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img border="0" data-original-height="710" data-original-width="894" height="508" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0OlAqhbOHtJRIiiE_zx9eDKAg-L1H6joIS22Ht4TOFCgMPKcbZyZc4aU0ZTMtcUEAJj-jlsc7fFyO_D1cvdv3FU38sE_d957_OuvJ1mW4rfVDgYByZVTB6sIWHpkHB9yhcWqId5Qc_P5h/w640-h508/pic1.jpg" style="margin-left: auto; margin-right: auto;" width="640" /></td></tr><tr><td class="tr-caption" style="text-align: center;"><br /><span style="font-size: x-small;">Fig. 1 Sample of the TMT’s phishing email</span></td></tr></tbody></table><div class="separator" style="clear: both; font-family: inherit; text-align: center;"><span style="color: #404040;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0OlAqhbOHtJRIiiE_zx9eDKAg-L1H6joIS22Ht4TOFCgMPKcbZyZc4aU0ZTMtcUEAJj-jlsc7fFyO_D1cvdv3FU38sE_d957_OuvJ1mW4rfVDgYByZVTB6sIWHpkHB9yhcWqId5Qc_P5h/s894/pic1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></span></div><span style="color: #404040;"><br /><span style="letter-spacing: -0.256px;">The attackers send out phishing emails using Gammadyne Mailer and Turbo-Mailer. MailChimp is used to monitor whether the message has been opened by a receiving victim.</span></span><p></p><div><span style="color: #404040;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixvpSxQ_cz2kkGZ1H7WajY175SnVPeUCWCCaJQos-mduv86LBMrfEWh1JRP_a4eKk2l-sLrs3LIQ83Uqpg8E2_guYNRp2PymBUwxh-_i7uzuFS5jSoCEjgG1ZxJydtcxV0V8jJOuxGeVVn/s750/pic2.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="496" data-original-width="750" height="423" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixvpSxQ_cz2kkGZ1H7WajY175SnVPeUCWCCaJQos-mduv86LBMrfEWh1JRP_a4eKk2l-sLrs3LIQ83Uqpg8E2_guYNRp2PymBUwxh-_i7uzuFS5jSoCEjgG1ZxJydtcxV0V8jJOuxGeVVn/w640-h423/pic2.jpg" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="background-color: white; color: #404040; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 14px; letter-spacing: -0.256px;">Fig. 2 Gammadyne Mailer used by cybercriminals</span></td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="background-color: white; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 14px; letter-spacing: -0.256px;"><br /></span></div><div class="separator" style="clear: both; text-align: left;"><span style="background-color: white; letter-spacing: -0.256px;"><span style="font-family: inherit;">The gang was also seen using earlier compromised email account to push a new round of phishing attempts. The discovered email samples, detected and analyzed by Group-IB Threat Hunting Framework, were crafted in English, Russian, Spanish, and other languages, depending on the scammers target list.</span></span></div><br /></span></div><div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWieqw_9WR-jtuEejByB6W1QxML16zH-QT_JMaq1zACTFr2gSbxYwTGjD0wS6zm8z8MMIZF5XTcGRRnixN0K0SmQJu8-PpF1vqE3CaMSPCtMSp4N_PDmsFNok8VqqtRqDsQFcn8ashRLvn/s750/pic3.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="750" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWieqw_9WR-jtuEejByB6W1QxML16zH-QT_JMaq1zACTFr2gSbxYwTGjD0wS6zm8z8MMIZF5XTcGRRnixN0K0SmQJu8-PpF1vqE3CaMSPCtMSp4N_PDmsFNok8VqqtRqDsQFcn8ashRLvn/s16000/pic3.jpg" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><p style="background-color: white; color: #404040; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 14px; letter-spacing: -0.256px; margin: -22px 0px 25px;"><br /></p><p style="background-color: white; color: #404040; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 14px; letter-spacing: -0.256px; margin: -22px 0px 25px;">Fig. 3 The example of the compromised data from the cybercriminals’ logs</p></td></tr></tbody></table><br /><span style="color: #404040;"><div>Researchers from Group-IB note that the cybercriminals behind these BEC activities rely solely on a range of publicly accessible spyware and remote access (RAT) trojans, such as AgentTesla, Loky, AzoRult, Pony, NetWire, etc. The gang uses public crypters to prevent detection and monitoring by conventional security techniques. TMT-operated malware most frequently interacts with the C&C server of the attackers using SMTP, FTP and HTTP protocols.</div><div><br /></div><div>The objective of their attacks is to steal browser, email, and FTP clients' authentication data. According to Group-IB info, the gang has managed to infect organizations around the world, including in the US the UK, Singapore, Japan, and even back home in Nigeria over the course of their operations. Although this gang's monetization tactics are still being investigated, selling account access as well as confidential data collected from emails to the highest bidder in the underground markets is not unusual for cybercriminals.</div><div><br /></div><div><span style="background-color: white; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 18px; letter-spacing: -0.256px;">Craig Jones, INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between all those involved in the investigation and underlined the importance of public-private relationships in disrupting virtual crimes.</span></div><div><span style="background-color: white; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 18px; letter-spacing: -0.256px;"><br /></span></div><div><span style="background-color: white; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 18px; letter-spacing: -0.256px;">reference: </span><span style="font-family: HNLight, Roboto, Tahoma, sans-serif;"><span style="font-size: 18px; letter-spacing: -0.256px;">https://www.interpol.int/en/News-and-Events/News/2020/Three-arrested-as-INTERPOL-Group-IB-and-the-Nigeria-Police-Force-disrupt-prolific-cybercrime-group</span></span></div><div><span style="background-color: white; font-family: HNLight, Roboto, Tahoma, sans-serif; font-size: 18px; letter-spacing: -0.256px;"><br /></span></div><div style="text-align: left;"><span style="font-family: HNLight, Roboto, Tahoma, sans-serif;"><span style="background-color: white; letter-spacing: -0.256px;"><i><span style="font-size: x-large;">"</span><span style="font-size: 18px;">Group-IB is one of Tactical Intelligence Security's strategic partners.</span></i></span></span></div><div><span style="font-family: HNLight, Roboto, Tahoma, sans-serif;"><span style="background-color: white; font-size: 18px; letter-spacing: -0.256px;"><i>If you want to know more about how Group-IB's solution can help your Business</i></span></span></div><div><span style="font-family: HNLight, Roboto, Tahoma, sans-serif;"><span style="background-color: white; letter-spacing: -0.256px;"><i><span style="font-size: 18px;">contact us +233-574-55-09-79 info@taise.tech</span><span style="font-size: x-large;">"</span></i></span></span></div></span></div>Unknownnoreply@blogger.com0Accra, Ghana5.6037168 -0.1869644-22.706517036178845 -35.3432144 33.913950636178846 34.9692856tag:blogger.com,1999:blog-8987465314676633984.post-88618643298946826352020-09-15T14:11:00.000+00:002020-09-15T14:11:56.093+00:00Visa Warns of Fresh Skimmer Targeting E-Commerce Sites<p> </p><figure style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 20px;"><img alt="Visa Warns of Fresh Skimmer Targeting E-Commerce Sites" class="img-responsive " src="https://130e178e8f8ba617604b-8aedd782b7d22cfe0d1146da69a52436.ssl.cf1.rackcdn.com/visa-warns-fresh-skimmer-targeting-e-commerce-sites-showcase_image-5-a-14969.jpg" style="border: 0px; box-sizing: border-box; display: block; height: auto; max-width: 100%; vertical-align: middle; width: 750px;" /></figure><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Visa's payment fraud disruption team is warning of a recently uncovered digital skimmer called "Baka" that is stealing payment card data from e-commerce sites while hiding from security tools.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Researchers discovered the malicious code while examining a command-and-control infrastructure that previously hosted the ImageID skimmer.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Although Baka functions similarly to other JavaScript skimmers, the Visa fraud team found that this malicious code is able to load dynamically into e-commerce sites and then hide from security tools using obfuscation techniques, according to the Visa alert.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">The Baka skimmer has been found in "several merchant websites across multiple global regions," the alert notes, but it does not provide further details.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">"The most compelling components of this kit are the unique loader and obfuscation method," the Visa alert notes. "The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code. ... This skimmer variant avoids detection and analysis by removing itself from memory when it detects the possibility of dynamic analysis with developer tools or when data has been successfully exfiltrated."</p><h3 style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.1; margin-bottom: 11px; margin-top: 22px;">How Baka Works</h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">The Visa alert does not indicate how Baka is initially delivered to a network. But the report notes that the malicious code is hosted on several suspicious domains, including: jquery-cycle[.]com, b-metric[.]com, apienclave[.]com, quicdn[.]com, apisquere[.]com, ordercheck[.]online and pridecdn[.]com.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Once the initial infection takes hold, the skimmer is uploaded through the command-and-control server, but the code loads in memory. This means the malware is never present on the targeted e-commerce firm's server or saved to another device, helping it to avoid detection, according to the alert.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">"The skimming payload decrypts to JavaScript written to resemble code that would be used to render pages dynamically," according to Visa.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Once embedded in an e-commerce site's checkout page, the skimmer begins to collect payment and other customer data from various fields and sends the information to the fraudsters' command-and-control server, Visa notes.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Once data exfiltration is complete, Baka performs a "clean-up" function that removes the skimming code from the checkout page, according to the alert. This also helps ensure that JavaScript is not spotted by anti-malware tools.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Visa's analysts found that the operators behind Baka use an XOR cipher as a way to obscure the malicious code and further hide it from detection, according to the alert.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">"While the use of an XOR cipher is not new, this is the first time Visa has observed its use in JavaScript skimming malware," according to the alert.</p><h3 style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.1; margin-bottom: 11px; margin-top: 22px;">Mitigating risks</h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">The Visa alert advises e-commerce merchants to take several steps to mitigate skimming risks, including:</p><ul style="background-color: white; box-sizing: border-box; color: #333333; display: inline-block; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin-bottom: 11px; margin-top: 0px;"><li style="box-sizing: border-box;">Run regular checks to determine if any code is attempting to communicate with a known command-and-control server;</li><li style="box-sizing: border-box;">Check code added through a service provider;</li><li style="box-sizing: border-box;">Vet content delivery networks and other third parties that have access to the checkout function;</li><li style="box-sizing: border-box;">Update and patch any software or services used on checkout sites and consider adding a firewall;</li><li style="box-sizing: border-box;">Limit access to online administrative portals and ensure that those with access use strong passwords.</li></ul><span style="background-color: white; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px;"></span><h3 style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.1; margin-bottom: 11px; margin-top: 22px;">Other Skimming Attacks</h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">In November 2019, Visa researchers uncovered another type of skimmer called Pipka that had the ability to remove itself from the HTML of a compromised payment website after it executed, enabling it to avoid security detection (see: <a href="https://www.bankinfosecurity.com/new-javascript-skimmer-found-on-e-commerce-sites-a-13411?" style="background-color: transparent; box-sizing: border-box; color: #4693d9; text-decoration-line: none; transition: all 0.3s ease 0s;"><i style="box-sizing: border-box;">New JavaScript Skimmer Found on E-Commerce Sites</i></a>).</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Other security researchers have more recently warned about ongoing attacks against e-commerce websites using malicious JavaScript to steal payment card data.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">For example, in August, security firm Group-IB warned of a cybercriminal gang called "UltraRank" that is using malicious code to skim payment card data and then selling that information to others on its own underground site (see: <a href="https://www.bankinfosecurity.com/ultrarank-gang-sells-card-data-steals-a-14928?" style="background-color: transparent; box-sizing: border-box; color: #4693d9; text-decoration-line: none; transition: all 0.3s ease 0s;"><i style="box-sizing: border-box;">'UltraRank' Gang Sells Card Data It Steals</i></a>).</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;">Earlier this month, security firm Malwarebytes warned that some fraudsters have started using encrypted messages on Telegram to steal data faster (see: <a href="https://www.bankinfosecurity.com/fraudsters-use-telegram-app-to-steal-payment-card-data-a-14937?" style="background-color: transparent; box-sizing: border-box; color: #4693d9; text-decoration-line: none; transition: all 0.3s ease 0s;"><i style="box-sizing: border-box;">Fraudsters Use Telegram App to Steal Payment Card Data</i></a>).</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px; margin: 0px 0px 18px;"><br /></p><p style="background-color: white; box-sizing: border-box; margin: 0px 0px 18px;"><i style="color: #333333; font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 18px;">Source: </i><span style="background-color: transparent; font-size: 18px;"><span style="color: #333333; font-family: Open Sans, Helvetica Neue, Helvetica, Arial, sans-serif;"><i>https://www.databreachtoday.com/</i></span></span></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-45333930190022528402020-08-01T15:55:00.000+00:002020-08-01T15:55:43.111+00:00BREAKING: Alleged Twitter Hacker Arrested<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="byline" style="background-color: white; box-sizing: border-box; color: #999999; font-family: "Open Sans", sans-serif; font-size: 14px; line-height: 1.5em; margin-bottom: 1.5em;">
by Joe Panettieri (MSSP Alert) • Jul 31, 2020</div>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
The alleged <a href="http://www.twitter.com/" style="background-color: transparent; box-sizing: border-box; color: #990000;">Twitter</a> hacker has been arrested, <a href="https://www.wsj.com/articles/federal-authorities-arrest-suspect-in-twitter-hack-11596223550" style="background-color: transparent; box-sizing: border-box; color: #990000;">The Wall Street Journal reports</a>. Graham Ivan Clark, of Tampa, was arrested and charged as an adult on July 31, 2020. Clark faces 30 felony charges related to the hack, the report says.</div>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
The Twitter hack affected multiple celebrity and public official accounts, and tricked users into sending bitcoin to hackers. The Twitter attack raises serious economic, financial, political and national security concerns ahead of the 2020 U.S. Presidential Election.</div>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
How was Twitter security breached, who got hacked and what steps will the social media company take to further strengthen its platform? Here’s a regularly updated blog tracking the incident, Twitter’s investigation and corrective measures, and the high-stakes effort to keep social media secure.</div>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
<em style="box-sizing: border-box;"><span style="box-sizing: border-box; font-weight: 700;">Note</span>: Blog originally published on July 16, 2020. Updated regularly thereafter with the latest investigation news.</em></div>
<div class="desktop-ad ad2" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58281"></broadstreet-zone></div>
<div class="squeezein" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px -15px;">
<div class="mobile-ad" style="box-sizing: border-box;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58287"></broadstreet-zone></div>
</div>
<h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: sofia-pro, sans-serif; line-height: 1.1em;">
Twitter Statements About Security Incident</h2>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
In a July 18, 2020 statement about the security incident, <a href="https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html" style="background-color: transparent; box-sizing: border-box; color: #990000;">Twitter indicated</a>:</div>
<ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;">
<li style="box-sizing: border-box; margin-bottom: 5px;">attackers targeted certain Twitter employees through a social engineering scheme.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through two-factor protections.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">130 Twitter accounts were targeted.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “<a href="https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data" style="background-color: transparent; box-sizing: border-box; color: #990000;">Your Twitter Data</a>” tool.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">Twitter’s incident response team secured and revoked access to internal systems to prevent the attackers from further accessing the systems and the individual accounts.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">For the 130 accounts that were targeted, attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack. Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools. In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.</li>
</ul>
<div class="desktop-ad ad3" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58282"></broadstreet-zone></div>
<div class="squeezein" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px -15px;">
<div class="mobile-ad" style="box-sizing: border-box;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58288"></broadstreet-zone></div>
</div>
<h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: sofia-pro, sans-serif; line-height: 1.1em;">
More Twitter Breach Investigation Updates:</h2>
<ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;">
<li style="box-sizing: border-box; margin-bottom: 5px;">Twitter said hackers who breached its systems likely read the direct messages of 36 accounts, including one belonging to an elected official in the Netherlands. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://www.reuters.com/article/us-twitter-cyber-messages/twitter-says-hackers-saw-messages-from-36-accounts-including-netherlands-official-idUSKCN24O02H" style="background-color: transparent; box-sizing: border-box; color: #990000;">Reuters</a>, July 22, 2020.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">More than a thousand Twitter employees and contractors as of early 2020 had access to internal tools that could change user account settings and hand control to others, making it hard to defend against the hacking that occurred in mid-July. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://www.reuters.com/article/us-twitter-cyber-access-exclusive/exclusive-more-than-1000-people-at-twitter-had-ability-to-aid-hack-of-accounts-idUSKCN24O34E" style="background-color: transparent; box-sizing: border-box; color: #990000;">Reuters</a>, July 23, 2020.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;">The breach involved hackers using phone-based spear phishing. Essentially, hackers gained entry to Twitter’s network by reaching out to Twitter employees on their phones. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html" style="background-color: transparent; box-sizing: border-box; color: #990000;">Twitter</a>, July 30, 2020.</li>
</ul>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
Twitter emphasized that the investigation is ongoing, and the details above could change.</div>
<div class="desktop-ad ad2" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58281"></broadstreet-zone></div>
<div class="squeezein" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px -15px;">
<div class="mobile-ad" style="box-sizing: border-box;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58287"></broadstreet-zone></div>
</div>
<h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: sofia-pro, sans-serif; line-height: 1.1em;">
Twitter Hacked: Information About the Breach</h2>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
<em style="box-sizing: border-box;"><span style="box-sizing: border-box; font-weight: 700;">Note</span>: Information below published on MSSP Alert on July 16, 2020 through July 17, 2020.</em></div>
<ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;">
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">How Did Twitter Get Hacked/Breached?: </span>A hacker allegedly gained access to a Twitter “admin” tool on the social media network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://techcrunch.com/2020/07/15/twitter-hacker-admin-scam/" style="background-color: transparent; box-sizing: border-box; color: #990000;">TechCrunch</a>, July 16, 2020.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">Which Twitter Accounts Got Hijacked?: </span>The accounts of U.S. presidential candidate Joe Biden, reality TV star Kim Kardashian, former U.S. President Barack Obama, Tesla and Space-X founder Elon Musk, and Microsoft co-founder Bill Gates were allegedly victimized. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://www.reuters.com/article/us-twitter-cyber/twitter-silences-some-top-accounts-after-internal-systems-hacked-idUSKCN24G32Q" style="background-color: transparent; box-sizing: border-box; color: #990000;">Reuters</a>, July 15, 2020.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">How Many Twitter Accounts Were Victimized?:</span> Hackers targeted about 130 accounts during the cyber attack this week. Twitter continues to assess whether the attackers were able to access private data of the targeted accounts. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://www.reuters.com/article/us-twitter-cyber/twitter-says-about-130-accounts-were-targeted-in-cyber-attack-this-week-idUSKCN24I0EV" style="background-color: transparent; box-sizing: border-box; color: #990000;">Reuters</a>, July 16, 2020.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">What did Twitter Initially Say About the Security Incident?:</span> Twitter’s security account posted around 5:45 p.m. EDT on July 15, 2020 that the company was investigating the incident and taking steps to rectify it. Within roughly a half hour, the company took the extraordinary step of limiting posts from verified accounts with blue check marks, which Twitter generally designates for more prominent users. Twitter, late July 15, said it believed the hackers perpetrated the attack by targeting employees who had access to the company’s internal systems and tools. The hackers may have accessed information or engaged in other malicious activity, Twitter said, adding it was still investigating the incident. The company didn’t say how long the hackers had been able to access its internal systems. Twitter said it had limited access to internal systems in response to the hack and locked compromised accounts. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://www.wsj.com/articles/twitter-accounts-of-bill-gates-jeff-bezos-elon-musk-appear-to-have-been-hacked-11594849077?mod=tech_lead_pos1" style="background-color: transparent; box-sizing: border-box; color: #990000;">The Wall Street Journal</a>, July 15, 2020.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">How is the U.S. Government Investigating the Twitter Hack?:</span> The FBI’s San Francisco office has launched an investigation into the incident. <span style="box-sizing: border-box; font-weight: 700;">Source</span>: <a href="https://www.reuters.com/article/us-usa-justice-twitter-hack/fbi-says-it-is-investigating-hack-of-high-profile-twitter-accounts-idUSKCN24H32P" style="background-color: transparent; box-sizing: border-box; color: #990000;">Reuters</a>, July 16, 2020.</li>
</ul>
<div class="desktop-ad ad3" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58282"></broadstreet-zone></div>
<div class="squeezein" style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px -15px;">
<div class="mobile-ad" style="box-sizing: border-box;">
<broadstreet-zone style="box-sizing: border-box;" zone-id="58288"></broadstreet-zone></div>
</div>
<h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: sofia-pro, sans-serif; line-height: 1.1em;">
Twitter Hacked: The Bigger Concerns</h2>
<ul style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; margin: 0px 0px 1.5em;">
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">Why Should MSSPs Care?:</span> At first, there was concern that Twitter hackers may have bypassed two-factor authentication (2FA) security settings. But now, the concern has shifted to how hackers allegedly gained control of Twitter’s administration tool(s). Similarly, MSSP administration tools — including remote control and remote access software — have been popular hacker targets for infiltrating end-customer systems.</li>
<li style="box-sizing: border-box; margin-bottom: 5px;"><span style="box-sizing: border-box; font-weight: 700;">Why Are Regulators Concerned?:</span> The Twitter breach raises serious questions and concerns — especially ahead of the 2020 U.S. Presidential Election. Hackers who gain control of social media administration tools can, in theory, spread misinformation that potentially manipulates financial markets, elections, international relations, protests, and overall confidence in political systems.</li>
</ul>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: "Open Sans", sans-serif; font-size: 16px; line-height: 1.5em; margin-bottom: 1.5em;">
<em style="box-sizing: border-box;">This remains a developing story. Check back for ongoing updates about the breach.</em></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-78940381103371376652020-05-06T18:14:00.000+00:002020-05-06T18:14:10.743+00:00Google Android RCE Bug Allows Attacker Full Device Access<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglvsav6D_lL5SAAo7C8FawmsjCLZrQDhVFlbj2CzH0QhEf1YPEIntzjTgjrHWmGErFlbPfabRgVPH4FsW_0lX-TUhTb6E5YT4La07ikZLL1Vimi1dr24b_p11RGrvS3w76mzAAitFgSWlf/s1600/android-device-identifiers-featured-e1588688144310.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="526" data-original-width="800" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglvsav6D_lL5SAAo7C8FawmsjCLZrQDhVFlbj2CzH0QhEf1YPEIntzjTgjrHWmGErFlbPfabRgVPH4FsW_0lX-TUhTb6E5YT4La07ikZLL1Vimi1dr24b_p11RGrvS3w76mzAAitFgSWlf/s320/android-device-identifiers-featured-e1588688144310.jpg" width="320" /></a></div>
<div class="c-article__intro" name="overview" style="box-sizing: inherit; color: #333333; font-family: MuseoSans, sans-serif; font-size: 1.25rem;">
<div style="box-sizing: inherit; color: #777777; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.</div>
</div>
<div class="c-article__content js-reading-content" style="box-sizing: inherit; color: #333333; font-family: MuseoSans, sans-serif; font-size: 16px;">
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
Google has patched a vulnerability in its Android OS that could allow attackers to completely take over someone’s device to install programs, steal or change data, or create new accounts with full privileges.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
The flaw (CVE-2020-0103) was one of 39 vulnerabilities affecting Android OS builds that use older security profiles and are spread throughout various components of Android that the company fixed in its <a href="https://support.google.com/pixelphone/answer/4457705" rel="noopener noreferrer" style="box-sizing: inherit; color: #e2211c; text-decoration-line: none; transition: all 0.25s linear 0s;" target="_blank">latest security patch</a>, according to <a href="https://source.android.com/security/bulletin/2020-05-01" rel="noopener noreferrer" style="box-sizing: inherit; color: #e2211c; text-decoration-line: none; transition: all 0.25s linear 0s;" target="_blank">a security bulletin</a> published Monday.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
The vulnerabilities pose a high risk for consumers as well as business and government institution users, the company said. However, the most critical of these—found in the System component of Android–could allow for remote code execution (RCE), depending on the existing privileges on the device, according to Google.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process,” the company wrote in the bulletin.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
However, the potential for exploitation depends on the privilege status of an application, according to the Center for Internet Security’s (CIS’s) <a href="https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2020-059/" rel="noopener noreferrer" style="box-sizing: inherit; color: #e2211c; text-decoration-line: none; transition: all 0.25s linear 0s;" target="_blank">advisory</a> on the flaw.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
“If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights,” according to the post.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
These vulnerabilities could be exploited through multiple methods such as email, web browsing and multimedia services (MMS) when processing media files, CIS explained in its post.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
“Depending on the privileges associated with the application, an attacker could then install programs; view, change or delete data; or create new accounts with full user rights,” according to the post. However, so far none of the vulnerabilities patched in the update have been exploited in the wild, according to CIS.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
The critical flaw was one of eight that Google patched for the System component of Android. The rest of the flaws were rated high-severity, except for one, which was rated moderate.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
Google also patched a critical flaw in Android’s Framework component, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0096" rel="noopener noreferrer" style="box-sizing: inherit; color: #e2211c; text-decoration-line: none; transition: all 0.25s linear 0s;" target="_blank">CVE-2020-0096</a>, that could enable a local attacker to execute arbitrary code within the context of a privileged process, the company said. The vulnerability was one of three patched in this component, the other two of which had a severity rating of high.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
The only other critical vulnerability patched was a critical security vulnerability, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3641" rel="noopener noreferrer" style="box-sizing: inherit; color: #e2211c; text-decoration-line: none; transition: all 0.25s linear 0s;" target="_blank">CVE-2020-3641</a>, found in the Qualcomm closed-source components. The flaw was one of 10 patched in these components, the rest of which were rated as high severity.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
The security update also fixes four high-severity vulnerabilities in Android’s Media framework; eight high-severity vulnerabilities in Qualcomm components; four high-severity flaws in MediaTek components; and two high-severity vulnerabilities in Android Kernel components.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
While the Android security platform and service protections such as Google Play Protect “reduce the likelihood that security vulnerabilities could be successfully exploited on Android,” Google recommended that Android users install the latest security patch just to be on the safe side.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
Indeed, Google has historically struggled with the spread of malware via Android apps being downloaded from the Google Play store and has made a concerted effort in the last year and a half to try to stay on top of it.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
Still, malware on the platform persists. Just last week researchers discovered a new Android mobile malware called EventBot that steals payment data from users of popular financial apps like PayPal, Barclays, CapitalOne and more.</div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
<br /></div>
<div style="box-sizing: inherit; margin-bottom: 1.25rem; overflow-wrap: break-word; padding: 0px; word-break: break-word;">
<i>Source: ThreatPost</i></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-73218135105549067352020-05-02T18:56:00.000+00:002020-05-02T18:57:59.745+00:00WhatsApp MP4 Videos Flaw allows Hackers to execute Code Remotely <div dir="ltr" style="text-align: left;" trbidi="on">
<h6 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: rgb(69, 69, 69) !important; font-family: "Roboto Condensed", sans-serif; font-size: 1.1em; letter-spacing: 0.021em; line-height: 1.4; margin-bottom: 0.75rem; margin-top: 20px;">
NEW BUG ON WHATSAPP BASED ON MP4 VIDEOS FLAWS</h6>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWFQcXpMDg72VcnhOCmtZtJknEF07WY1INWQh-qLPJQHoweV4vW3Lk-5m1FyLg5TaMVHsbQ37oJ_WjOnLzHMYJLBfeTUdW9a5Iq1UJLtipWKAonv-x98zniREDYE3DbYAU9nwsmeJaiiLr/s1600/whatsapp_ios.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWFQcXpMDg72VcnhOCmtZtJknEF07WY1INWQh-qLPJQHoweV4vW3Lk-5m1FyLg5TaMVHsbQ37oJ_WjOnLzHMYJLBfeTUdW9a5Iq1UJLtipWKAonv-x98zniREDYE3DbYAU9nwsmeJaiiLr/s400/whatsapp_ios.jpg" width="400" /></a></div>
<h6 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: rgb(69, 69, 69) !important; font-family: "Roboto Condensed", sans-serif; font-size: 1.1em; letter-spacing: 0.021em; line-height: 1.4; margin-bottom: 0.75rem; margin-top: 20px;">
</h6>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
A new bug on Whatsapp, based on MP4 videos flaws, has been revealed by Facebook. This vulnerability could lead to denial of service attacks or remote code execution. Facebook has revealed the existence of a serious vulnerability resulting a potential remote code execution attacks in Whatsapp messaging software. Last week, the tech giant said in a <a href="https://www.facebook.com/security/advisories/cve-2019-11931" rel="noreferrer nofollow noopener" style="-webkit-font-smoothing: antialiased; background-color: transparent; box-sizing: border-box; color: #ac32e4; text-decoration-line: none;" target="_blank">security advisory</a> that the Whatsapp bug, known as <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11931" rel="noreferrer nofollow noopener" style="-webkit-font-smoothing: antialiased; background-color: transparent; box-sizing: border-box; color: #ac32e4; text-decoration-line: none;" target="_blank">CVE-2019-11931</a>, is a stack-based buffer overflow issue that can be triggered by attackers sending <span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">.MP4</span> video files to the victims.</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
<span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">Description</span></div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
Although there are not many technical details available, Facebook has presented this problem as being caused by the way the application parses MP4 elementary stream metadata. If exploited, the vulnerability can lead to denial of service (DoS) or remote code execution (RCE) attacks.</div>
<hr style="-webkit-font-smoothing: antialiased; background-color: white; border-bottom: 0px; border-image: initial; border-left: 0px; border-right: 0px; border-top-color: rgb(231, 231, 231); border-top-style: solid; box-sizing: content-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; height: 0px; margin: 20px 0px; overflow: visible;" />
<h6 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: rgb(69, 69, 69) !important; font-family: "Roboto Condensed", sans-serif; font-size: 1.1em; letter-spacing: 0.021em; line-height: 1.4; margin-bottom: 0.75rem; margin-top: 20px;">
PROOF OF CONCEPT</h6>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
In October, a <a href="https://awakened1712.github.io/about/" rel="noreferrer nofollow noopener" style="-webkit-font-smoothing: antialiased; background-color: transparent; box-sizing: border-box; color: #ac32e4; text-decoration-line: none;" target="_blank">Awakened</a> a cybersecurity researcher discovered a free dual vulnerability, <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11932" rel="noreferrer nofollow noopener" style="-webkit-font-smoothing: antialiased; background-color: transparent; box-sizing: border-box; color: #ac32e4; text-decoration-line: none;" target="_blank">CVE-2019-11932</a>, that could be used in attacks to compromise chat sessions, files, and messages. This double free vulnerability in the <span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">DDGifSlurp</span> function in <span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">decoding.c</span> in <span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">libpl_droidsonroids_gif</span> before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
When a WhatsApp user opens Gallery view in WhatsApp to send a media file, WhatsApp parses it with a native library called <span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">libpl_droidsonroids_gif.so</span> to generate the preview of the GIF file. <span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: bolder;">libpl_droidsonroids_gif.so</span> is an open-source library with source codes available at <a href="https://github.com/koral%E2%80%93/android-gif-drawable/tree/dev/android-gif-drawable/src/main/c" rel="noreferrer nofollow noopener" style="-webkit-font-smoothing: antialiased; background-color: transparent; box-sizing: border-box; color: #ac32e4; text-decoration-line: none;" target="_blank">Github</a>.</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
A GIF file contains multiple encoded frames. To store the decoded frames, a buffer with name rasterBits is used. If all frames have the same size, rasterBits is re-used to store the decoded frames without re-allocation. However, rasterBits would be re-allocated if one of three conditions below is met:</div>
<ul style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; list-style: none; margin-bottom: 1rem; margin-top: 0px; padding-left: 1.125rem;">
<li style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 0.384615rem; text-align: justify;">Width <em style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">height > originalWidth </em>originalHeight</li>
<li style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 0.384615rem; text-align: justify;">Width - originalWidth > 0</li>
<li style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 0px; text-align: justify;">Height - originalHeight > 0</li>
</ul>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
Re-allocation is a combination of free and malloc. If the size of the re-allocation is 0, it is simply a free. Let say we have a GIF file that contains 3 frames that have sizes of 100, 0 and 0.</div>
<ul style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; list-style: none; margin-bottom: 1rem; margin-top: 0px; padding-left: 1.125rem;">
<li style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 0.384615rem; text-align: justify;">After the first re-allocation, we have info->rasterBits buffer of size 100.</li>
<li style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 0.384615rem; text-align: justify;">In the second re-allocation of 0, info->rasterBits buffer is freed.</li>
<li style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 0px; text-align: justify;">In the third re-allocation of 0, info->rasterBits is freed again.</li>
</ul>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
This results in a double-free vulnerability. The triggering location can be found in decoding.c:</div>
<div class="code-toolbar" style="-webkit-font-smoothing: antialiased; background-color: white; border-left: 4px solid rgb(226, 0, 133) !important; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-top: 20px; position: relative;">
<pre class=" language-none" style="-webkit-font-smoothing: antialiased; background-attachment: initial; background-clip: initial; background-color: rgb(240, 240, 240) !important; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px; border-bottom: 1px solid rgb(204, 204, 204); border-image: initial; border-left: none; border-right: 1px solid rgb(204, 204, 204); border-top-left-radius: 0px !important; border-top-right-radius: 0px; border-top: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #cccccc; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; font-size: 1em !important; hyphens: none; line-height: 1.5; margin-bottom: 20px !important; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em; tab-size: 4; word-break: normal; word-spacing: normal;"><code class=" language-none" style="-webkit-font-smoothing: antialiased; background: none; box-sizing: border-box; color: rgb(69, 69, 69) !important; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; font-size: 1em; hyphens: none; line-height: 1.5; overflow-wrap: normal; tab-size: 4; word-break: normal; word-spacing: normal;">int_fast32_t widthOverflow = gifFilePtr->Image.Width - info->originalWidth;
int_fast32_t heightOverflow = gifFilePtr->Image.Height - info->originalHeight;
const uint_fast32_t newRasterSize =
gifFilePtr->Image.Width * gifFilePtr->Image.Height;
if (newRasterSize > info->rasterSize || widthOverflow > 0 ||
heightOverflow > 0) {
void *tmpRasterBits = reallocarray(info->rasterBits, newRasterSize,
sizeof(GifPixelType));
if (tmpRasterBits == NULL) {
gifFilePtr->Error = D_GIF_ERR_NOT_ENOUGH_MEM;
break;
}
info->rasterBits = tmpRasterBits;
info->rasterSize = newRasterSize;
}</code></pre>
<div class="toolbar" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; opacity: 0; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s;">
<div class="toolbar-item" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; display: inline-block;">
<button style="-webkit-font-smoothing: antialiased; background: rgba(224, 224, 224, 0.2); border-color: initial; border-radius: 0.5em; border-style: initial; border-width: 0px; box-shadow: rgba(0, 0, 0, 0.2) 0px 2px 0px 0px; color: #bbbbbb; cursor: pointer; font-family: inherit; font-size: 0.8em; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; margin: 0px; overflow: visible; padding: 0px 0.5em; user-select: none;">Copy</button></div>
</div>
</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
Another set of interesting vulnerabilities in the email application was revealed by Check Point a month ago. The set of bugs "could allow the actors of the threat to intercept and manipulate messages sent in private and group conversations," said the researchers, and could be used as a weapon to exploit the functions of the "quote" group, answers and private messages. More information about this vulnerability can be found in the article (POC) wrote by <a href="https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/" rel="noreferrer nofollow noopener" style="-webkit-font-smoothing: antialiased; background-color: transparent; box-sizing: border-box; color: #ac32e4; text-decoration-line: none;" target="_blank">Awakened</a>.</div>
<hr style="-webkit-font-smoothing: antialiased; background-color: white; border-bottom: 0px; border-image: initial; border-left: 0px; border-right: 0px; border-top-color: rgb(231, 231, 231); border-top-style: solid; box-sizing: content-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; height: 0px; margin: 20px 0px; overflow: visible;" />
<h6 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: rgb(69, 69, 69) !important; font-family: "Roboto Condensed", sans-serif; font-size: 1.1em; letter-spacing: 0.021em; line-height: 1.4; margin-bottom: 0.75rem; margin-top: 20px;">
A NECESSARY UPDATE</h6>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
Users are advised to update their software versions to mitigate the risk of exploitation. However, there do not appear to be any reports of vulnerability exploited actively in the wild. Whatsapp is constantly working to improve the security of our service, said a Facebook spokesman. "We publish public reports on potential issues that we have resolved, in line with industry best practices, in which case there is no reason to believe that users have been affected," said the American giant.</div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #404040; font-family: "Open Sans", sans-serif; font-size: 14px; margin-bottom: 1rem; text-align: justify;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; margin-bottom: 1rem; text-align: justify;">
<span style="font-size: xx-small;"><i style="color: #404040; font-family: "Open Sans", sans-serif;">Source: </i><span style="color: #404040; font-family: "open sans" , sans-serif;"><i>@neoslab</i></span></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-60444569022543901772020-03-07T09:19:00.000+00:002020-03-07T09:19:12.986+00:00Experts: Don't reboot your computer after you've been infected with ransomware<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1xyvTFLxb5LwnLhlywcEsTIivS38cGBMrcGQ9Fgbj0QoyV4vN4INoiAonrP4bw7kwZppw6ZcFvXU63mdBAzCcOw0OQc2vaZv0eWULYXnnXOhQSCpO4YgdJUi8MbhxBrZPQgKWgjryDOJ8/s1600/reboot-restart-button.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="486" data-original-width="1000" height="155" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1xyvTFLxb5LwnLhlywcEsTIivS38cGBMrcGQ9Fgbj0QoyV4vN4INoiAonrP4bw7kwZppw6ZcFvXU63mdBAzCcOw0OQc2vaZv0eWULYXnnXOhQSCpO4YgdJUi8MbhxBrZPQgKWgjryDOJ8/s320/reboot-restart-button.jpg" width="320" /></a></div>
<br />
<br />
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Security experts don't recommend that users reboot their computers after suffering a ransomware infection, as this could help the malware in certain circumstances.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Instead, experts recommend that victims hibernate the computer, disconnect it from their network, and reach out to a professional IT support firm. Powering down the computer is also an alternative, but hibernating it is better because it saves a copy of the memory, where some shoddy ransomware strains may sometimes leaves copies of their encryption keys [<a data-component="externalLink" href="https://twitter.com/VessOnSecurity/status/1191769109358358528" rel="noopener noreferrer" style="color: #1174c7; cursor: pointer; text-decoration-line: none;" target="_blank">1</a>, <a data-component="externalLink" href="https://twitter.com/LawrenceAbrams/status/1191774133052461057" rel="noopener noreferrer" style="color: #1174c7; cursor: pointer; text-decoration-line: none;" target="_blank">2</a>].</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Experts are recommending against PC reboots because <a data-component="externalLink" href="http://web.stanford.edu/~csimoiu/doc/ransomware.pdf" rel="noopener noreferrer nofollow" style="color: #1174c7; cursor: pointer; text-decoration-line: none;" target="_blank">a recent survey</a> of 1,180 US adults who fell victim to ransomware in the past years has shown that almost 30% of victims chose to reboot their computers as a way to deal with the infection.</div>
<br />
<figure class="image image-full-width
pull-none
" style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; margin: 0px -10px;"><span class="imageContainer"><span class="img "><amp-img alt="ransomware-reboot.png" class="i-amphtml-element i-amphtml-layout-responsive i-amphtml-layout-size-defined i-amphtml-layout" height="121.09090909091" i-amphtml-auto-lightbox-visited="" i-amphtml-layout="responsive" layout="responsive" lightbox="i-amphtml-auto-lightbox-0" src="https://zdnet3.cbsistatic.com/hub/i/2019/11/05/f28acc0c-e9c4-4ba0-88cc-246d2ddc32b7/ransomware-reboot.png" style="display: block; overflow: hidden !important; position: relative;" width="370"><i-amphtml-sizer style="display: block !important; padding-top: 257.879px;"></i-amphtml-sizer><img alt="ransomware-reboot.png" class="i-amphtml-fill-content i-amphtml-replaced-content" decoding="async" src="https://zdnet3.cbsistatic.com/hub/i/2019/11/05/f28acc0c-e9c4-4ba0-88cc-246d2ddc32b7/ransomware-reboot.png" style="border: none !important; bottom: 0px; display: block; height: 0px; left: 0px; margin: auto; max-height: 100%; max-width: 100%; min-height: 100%; min-width: 100%; padding: 0px !important; position: absolute; right: 0px; top: 0px; width: 0px;" /></amp-img></span></span><figcaption style="font-size: 12px; font-style: italic; line-height: 1.5; margin: 15px 0px 30px; text-align: center;"><span class="caption"><div style="font-size: inherit; line-height: inherit; margin-bottom: 10px;">
</div>
</span><span class="credit">Image: Simoiu et al.</span></figcaption></figure><div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
But while rebooting in safe mode is a good way of removing older screenlocker types of ransomware, it is not recommended when dealing with modern ransomware versions that encrypt files.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
"Generally, the [ransomware] executable that actually encrypts your data is designed to crawl through attached, mapped and mounted drives to a given machine. Sometimes it trips, or is blocked by a permission issue and will stop encrypting," Bill Siegel, CEO & Co-Founder of Coveware, a company that provides ransomware data recovery services told ZDNet in an email this week.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
"If you reboot the machine, it will start back up and try to finish the job," Siegel said.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
"A partially encrypted machine is only partially encrypted due to some fortunate error or issue, so victims should take advantage and NOT let the malware finish its job...don't reboot!"</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Siegel told ZDNet the advice applies to both enterprise and home users alike.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Further, ransomware victims should also take note that there are two stages of a ransomware recovery process they have to go through</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
The first is finding the ransomware's artifacts -- such as processes and boot persistence mechanisms -- and removing them from an infected host.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Second is restoring the data if a backup mechanism is available.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
Siegel warns that when companies miss or skip on the first step, rebooting the computer often restarts the ransomware's process and ends up encrypting the recently-restored files, meaning victims will have to restart the data recovery process from scratch.</div>
<div style="color: #080e14; font-family: "Proxima Nova", sans-serif; font-size: 16px; line-height: 28px; margin-bottom: 30px;">
In the case of enterprises, this increases downtime and costs the company operating profits.</div>
<div class="shortcode gallery" style="border-bottom: 1px solid rgb(217, 217, 217); border-top: 1px solid rgb(217, 217, 217); color: #080e14; font-family: "proxima nova", sans-serif; margin: 0px 0px 10px; padding: 10px 0px; position: relative;">
<h3 style="margin: 0px 0px 10px;">
<span style="font-weight: normal;"><i><span style="font-size: small;">Source: ZDNet</span></i></span></h3>
<div class="shortcode-gallery-image" style="font-size: 16px; margin: 0px -10px;">
<div aria-live="polite" class="i-amphtml-slides-container i-amphtml-slidescroll-no-snap" style="box-sizing: content-box !important; display: flex !important; flex-wrap: nowrap; height: 591.83px; left: 0px; overflow: auto hidden !important; padding-bottom: 20px !important; position: absolute !important; scroll-snap-type: none !important; top: 0px; width: 787.991px;" tabindex="-1">
<div class="i-amphtml-slide-item i-amphtml-slide-item-show" style="align-items: center !important; display: flex !important; flex-basis: 100%; flex-grow: 0 !important; flex-shrink: 0 !important; height: 591.83px; justify-content: center !important; position: relative !important; scroll-snap-align: none !important; width: 787.991px;">
<a aria-hidden="false" class="gallery-link amp-carousel-slide" href="https://www.zdnet.com/pictures/windows-10-the-ultimate-clean-install-checklist/#ftag=CAD-00-10aag7e" style="color: #1174c7; cursor: pointer; height: 591.83px; overflow: hidden !important; text-decoration-line: none; width: 787.991px;"><span class="img "><amp-img alt="" class="i-amphtml-element i-amphtml-layout-responsive i-amphtml-layout-size-defined i-amphtml-layout" height="900" i-amphtml-auto-lightbox-visited="" i-amphtml-layout="responsive" layout="responsive" src="https://zdnet2.cbsistatic.com/hub/i/r/2019/07/26/d2ee2812-b1a0-4394-9b41-73c4926ee4ff/resize/1200x900/25f8d90d2d353416d11bbdb9acfae580/00-before-you-start.jpg" style="display: block; overflow: hidden !important; position: relative;" width="1200"><img alt="" class="i-amphtml-fill-content i-amphtml-replaced-content" decoding="async" src="https://zdnet2.cbsistatic.com/hub/i/r/2019/07/26/d2ee2812-b1a0-4394-9b41-73c4926ee4ff/resize/1200x900/25f8d90d2d353416d11bbdb9acfae580/00-before-you-start.jpg" style="border: none !important; bottom: 0px; display: block; height: 0px; left: 0px; margin: auto; max-height: 100%; max-width: 100%; min-height: 100%; min-width: 100%; padding: 0px !important; position: absolute; right: 0px; top: 0px; width: 0px;" /></amp-img></span></a></div>
<div class="i-amphtml-slide-item i-amphtml-slide-item-show" style="align-items: center !important; display: flex !important; flex-basis: 100%; flex-grow: 0 !important; flex-shrink: 0 !important; height: 591.83px; justify-content: center !important; position: relative !important; scroll-snap-align: none !important; width: 787.991px;">
<a aria-hidden="true" class="gallery-link amp-carousel-slide" href="https://www.zdnet.com/pictures/windows-10-the-ultimate-clean-install-checklist/2/#ftag=CAD-00-10aag7e" style="color: #1174c7; cursor: pointer; height: 591.83px; overflow: hidden !important; text-decoration-line: none; width: 787.991px;"><span class="img "><amp-img alt="" class="i-amphtml-element i-amphtml-layout-responsive i-amphtml-layout-size-defined i-amphtml-layout" height="900" i-amphtml-auto-lightbox-visited="" i-amphtml-layout="responsive" layout="responsive" src="https://zdnet3.cbsistatic.com/hub/i/r/2019/07/26/6e380da5-1ef1-4639-a147-955371f0cd9c/resize/1200x900/e99ee5251cf710caa3816d4e722dfc36/01-clean-install-with-upgrade.jpg" style="display: block; overflow: hidden !important; position: relative;" width="1200"><i-amphtml-sizer style="display: block !important; padding-top: 590.993px;"></i-amphtml-sizer><img alt="" class="i-amphtml-fill-content i-amphtml-replaced-content" decoding="async" src="https://zdnet3.cbsistatic.com/hub/i/r/2019/07/26/6e380da5-1ef1-4639-a147-955371f0cd9c/resize/1200x900/e99ee5251cf710caa3816d4e722dfc36/01-clean-install-with-upgrade.jpg" style="border: none !important; bottom: 0px; display: block; height: 0px; left: 0px; margin: auto; max-height: 100%; max-width: 100%; min-height: 100%; min-width: 100%; padding: 0px !important; position: absolute; right: 0px; top: 0px; width: 0px;" /></amp-img></span></a></div>
</div>
<div aria-disabled="true" class="amp-carousel-button amp-carousel-button-prev amp-disabled" role="button" style="animation: 0s ease 0s 1 normal none running none; background-color: rgba(0, 0, 0, 0.5); background-image: url("data:image/svg+xml; background-position: 50% 50%; background-repeat: no-repeat; background-size: 18px 18px; border-radius: 2px; box-sizing: border-box; height: 34px; http: //www.w3.org/2000/svg' width='18' height='18' fill='%23fff'%3E%3Cpath d='M15 8.25H5.87l4.19-4.19L9 3 3 9l6 6 1.06-1.06-4.19-4.19H15v-1.5z'/%3E%3C/svg%3E"); left: 16px; opacity: 0; pointer-events: all; position: absolute; top: 295.915px; transform: translateY(-50%); visibility: hidden; width: 34px; z-index: 10;" tabindex="0" title="Previous item in carousel (1 of 17)">
</div>
<div aria-disabled="false" class="amp-carousel-button amp-carousel-button-next" role="button" style="background-color: rgba(0, 0, 0, 0.5); background-image: url("data:image/svg+xml; background-position: 50% 50%; background-repeat: no-repeat; background-size: 18px 18px; border-radius: 2px; box-sizing: border-box; height: 34px; http: //www.w3.org/2000/svg' width='18' height='18' fill='%23fff'%3E%3Cpath d='M9 3L7.94 4.06l4.19 4.19H3v1.5h9.13l-4.19 4.19L9 15l6-6z'/%3E%3C/svg%3E"); opacity: 1; pointer-events: all; position: absolute; right: 16px; top: 295.915px; transform: translateY(-50%); visibility: visible; width: 34px; z-index: 10;" tabindex="0" title="Next item in carousel (2 of 17)">
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-26164855742882483302020-02-29T19:51:00.000+00:002020-02-29T19:51:02.196+00:00Sleeping with the Friend-Enemy: Mobile Apps and their SDKs<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em;">
<a class="mention" data-id="exspqpELGii3pWPCD" data-tooltip="#Third party (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/third-party" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#third party (search)">Third party</a> SDKs can undermine the security of your <a class="mention" data-id="7veGrm5WptHFwFtzX" data-tooltip="#mobile (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/mobile" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#mobile (search)">mobile</a> <a class="mention" data-id="iGMkEb9z9zNxiBDYF" data-tooltip="#app (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/app" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#app (search)">app</a>, all unbeknownst to you. <a class="mention" data-id="9vZa9g75stxWhFode" data-tooltip="#Mobile applications (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/mobile-applications" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#mobile applications (search)">Mobile applications</a>, including iOS, <a class="mention" data-id="4mjtiHP5WCvobiGzW" data-tooltip="#Android (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/android" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#android (search)">Android</a>, and WinMo <a class="mention" data-id="vgFo9aPHhNoZWvy66" data-tooltip="#apps (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/apps" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#apps (search)">apps</a>, are built using native code usually written by developer teams; however, a chunk of the code is always sourced from 3rd party SDKs (commercial or open source). Leveraging <a class="mention" data-id="enPsxXGbPeMrF8W47" data-tooltip="#external (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/external" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#external (search)">external</a> components is very normal for <a class="mention" data-id="CwFpAFEGwmKKNPRR5" data-tooltip="#mobile apps (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/mobile-apps" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#mobile apps (search)">mobile apps</a>, as 99% of all apps have some sort of 3rd-party commercial or <a class="mention" data-id="Cw52u6ELJdLe5Ncdr" data-tooltip="#open source (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/open-source" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#open source (search)">open source</a> <a class="mention" data-id="QdQarnHpoc3fnFkE6" data-tooltip="#SDK (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/sdk" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#SDK (search)">SDK</a> embedded in the binary. So what is the problem here? The big issue is that 3rd-party SDKs have FULL access to the app 's private data, permissions, <a class="mention" data-id="gziBDHaaCK7b28y4X" data-tooltip="#network (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/network" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#network (search)">network</a> connections, <a class="mention" data-id="Zdqn9BmLXaJ4NxidC" data-tooltip="#TLS (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/tls" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#TLS (search)">TLS</a> <a class="mention" data-id="erRMBHZEKS7aHH6T5" data-tooltip="#sessions (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/sessions" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#sessions (search)">sessions</a>, etc. There is no separation nor <a class="mention" data-id="zuqhvAWz4e6jE59TK" data-tooltip="#sandbox (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/sandbox" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#sandbox (search)">sandbox</a> between the app’s <a class="mention" data-id="xTNWsYsyNLSfPRzTv" data-tooltip="#internal (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/internal" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#internal (search)">internal</a> code and the 3rd-party SDK. Once the SDK is included, the SDK *is* the app too, which includes all commercial for-profit SDKs and as well as the two-person developer projects on GitHub.</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><em style="box-sizing: inherit; line-height: inherit;">Okay, so yeah, what is the problem here?</em></li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
The problem is that 3rd-party SDKs, an unvetted, uncontrolled, and unknown source, have:</div>
<ol style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Access to the entire app *and* all its data<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">SDKs can read, write, or delete any data located in private <a class="mention" data-id="fDH8LY6GdnTAbMCrF" data-tooltip="#storage (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/storage" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#storage (search)">storage</a></li>
</ol>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Access to the app’s TLS layer<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">SDKs can disable TLS for the entire app (to all endpoints, not just the SDK’s)</li>
</ol>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Access to the parent’s app’s existing permission<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">SDKs can pull data from the device, including end-user<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Contact Lists</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a class="mention" data-id="oiEA4GgbhmFa7ocMs" data-tooltip="#Geo-Location (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/geo-location" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#geo-location (search)">Geo-Location</a></li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a class="mention" data-id="sKKpQKYricedAf3Eh" data-tooltip="#SMS (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/sms" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#SMS (search)">SMS</a> <a class="mention" data-id="jztaKy3gpbw6ScgtX" data-tooltip="#Logs (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/logs" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#logs (search)">Logs</a></li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Photos</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Camera</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Microphone</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">[any device permission the parent app has been granted]</li>
</ol>
</li>
</ol>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Basically, the SDK has access to anything the app has access to</li>
</ol>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<span style="box-sizing: inherit; font-weight: 700; line-height: inherit;">An Illustration of the Issue</span></div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
Let’s take a quick look at MDLive, a popular <a class="mention" data-id="2WyjNgp2Y7SwrfACd" data-tooltip="#medical (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/medical" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#medical (search)">medical</a> app that connects doctors with end-users in need of medical assistance. MDLive has 10+ third party SDKs in its iOS mobile app, which is very normal. One of its SDKs is called TestFairy, a popular <a class="mention" data-id="ZLQjbs3KZtNw6um2J" data-tooltip="#tool (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/tool" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#tool (search)">tool</a> to help <a class="mention" data-id="6R3qxkmiJRp6LkMHg" data-tooltip="#developers (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/developers" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#developers (search)">developers</a> distribute apps to internal teams, collect logs, solicit <a class="mention" data-id="b87XQHdkESKJfHB26" data-tooltip="#user (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/user" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#user (search)">user</a> feedback, obtain crash <a class="mention" data-id="CHaHabxsnnMBQvoMF" data-tooltip="#reports (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/reports" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#reports (search)">reports</a>, and record videos of end-user activity. These features help developers improve their mobile apps from one release to the next.</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Can you name the <a class="mention" data-id="gy4jRpH6KqnkZZdde" data-tooltip="#security flaw (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/security-flaw" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#security flaw (search)">security flaw</a> and <a class="mention" data-id="gdennB2gcaovFcJqH" data-tooltip="#privacy (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/privacy" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#privacy (search)">privacy</a> gap from the feature list above?</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
Well, it turns out the 3rd Party SDK (TestFairy) has an awesome "Video Recording" feature that has significant security and privacy implications. According to federal courts in the state Florida, the MDLive app was taking screenshots of real end-user activity, which includes all presented data, and sending it to a 3rd party (TestFairy). Well, what actually happened is that the TestFairy SDK was configured to collect screenshots of live user activity (it just looked like MDLive since there is no distinction from the App and its SDKs). Since the MDLive app leverages medical data, this equates to a 3rd party SDK receiving ePHI data of several thousand MDLive <a class="mention" data-id="vjxxWHED9mGWH5sjw" data-tooltip="#users (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/users" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#users (search)">users</a> (on another apps, the data could very well be <a class="mention" data-id="w8ByEuKgTARDfjgNR" data-tooltip="#credit card numbers (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/credit-card-numbers" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#credit card numbers (search)">credit card numbers</a>, social security numbers, <a class="mention" data-id="myid9G3Nwt2nL2FWT" data-tooltip="#account (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/account" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#account (search)">account</a> balances, etc.).</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">So what went wrong here?</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
MDLive's mobile developers chose a SDK to improve their work flow, which is the right thing to do. Unfortunately, they enabled a feature from the SDK that collects end-user data from live app sessions. Did the <a class="mention" data-id="xLfdBhouoqcFdKxRd" data-tooltip="#security team (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/security-team" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#security team (search)">security team</a> know that TestFairy was being used? Did the security team know that TestFairy is collecting screenshots with live end-user data and sending it to TestFairy's headquarters, which happened to be in Israel? As a reminder, developer choose a variety of SDKs to enhance their app on an everyday basis, which is nothing new. The problem is that 1 of the 10+ SDKs had a significant security issue associated with it, which no one knew about until the <a href="http://www.healthcareinfosecurity.com/telehealth-app-lawsuit-spotlights-privacy-questions-a-9860" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">federal courts got involved</a>.</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
Okay, how does this issue compare to other <a class="mention" data-id="GuQqzXtRAvdY6hHd8" data-tooltip="#attack (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/attack" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#attack (search)">attack</a> classes, within <a class="mention" data-id="6fMYkHXmpcxkazkhP" data-tooltip="#mobile app security (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/mobile-app-security" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#mobile app security (search)">mobile app security</a> or other platforms? In our opinion, this <a class="mention" data-id="oCqspxtYL5mPwQLF3" data-tooltip="#attack surface (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/attack-surface" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#attack surface (search)">attack surface</a> is considerable, considering the amount of data that can be compromised. Let’s compare the major attack classes from client/server apps, <a class="mention" data-id="NYQkd5a7NMJfLGFLK" data-tooltip="#web (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/web" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#web (search)">web</a> apps, and mobile apps altogether, which is shown below in Table 1.0. We will compare buffer overflows, <a class="mention" data-id="NPdMgyzxKyc5vMHag" data-tooltip="#SQL Injection (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/sql-injection" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#sql injection (search)">SQL Injection</a>, <a class="mention" data-id="XJLAmpW3x5XCG8oSs" data-tooltip="#Cross-Site Scripting (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/cross-site-scripting-1" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#cross-site scripting (search)">Cross-Site Scripting</a>, and Mobile SDKs.</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
Table 1.0</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<img alt="4.png" class="fr-draggable lazy medium-zoom-image loaded" data-cl-public_id="post-attachments/4.png_nkhaht" data-cl-resource_type="image" data-cl-type="upload" data-cl-version="1543249198" data-src="https://res.cloudinary.com/peerlyst/image/upload/c_limit,dpr_auto,f_auto,fl_lossy,h_286,q_auto,w_711/v1543249198/post-attachments/4.png_nkhaht" data-was-processed="true" data-zoom-target="https://res.cloudinary.com/peerlyst/image/upload/c_limit,dpr_auto,f_auto,fl_lossy,q_auto,w_1714/v1543249198/post-attachments/4.png_nkhaht" height="286" src="https://res.cloudinary.com/peerlyst/image/upload/c_limit,dpr_auto,f_auto,fl_lossy,h_286,q_auto,w_711/v1543249198/post-attachments/4.png_nkhaht" style="border: 0px; box-sizing: inherit; cursor: zoom-in; height: auto !important; line-height: inherit; max-width: 100%; opacity: 1; position: relative; transition: transform 0.3s ease 0s;" width="711" /></div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
As shown above, buffer overflows still rule the Win32 world; however, <a class="mention" data-id="49ykXQCQLEfJRrzLR" data-tooltip="#attacks (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/attacks" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#attacks (search)">attacks</a> on <a class="mention" data-id="PyiByti9QPTdyWoZC" data-tooltip="#windows (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/windows" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#windows (search)">windows</a> native apps are less common (and not as sexy anymore). <a class="mention" data-id="r9XEDr2acwchBazbi" data-tooltip="#SQL (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/sql" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#SQL (search)">SQL</a> <a class="mention" data-id="Foy3p9YBGRqWcMmaT" data-tooltip="#Injection (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/injection" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#injection (search)">Injection</a> still reigns strong for web apps, but notice SDKs actually have stronger impact on data than Cross-Site Scripting. While <a class="mention" data-id="kyrivaFQvJjphmad4" data-tooltip="#XSS (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/xss" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#XSS (search)">XSS</a> and SDKs mirror each other in terms of the full control of data, developer sourced, and customer data, SDKs can gather large volumes of data with just one attack, where <a class="mention" data-id="NmQ69iJkWnMTMH9XA" data-tooltip="#reflected XSS (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/reflected-xss" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#reflected xss (search)">reflected XSS</a> cannot (only persistent could). Furthermore, misbehaving SDKs are a bit harder to detect as several SDKs are legitimate, not evil at all. An enemy that looks like a friend is much harder to defend against than something known to be evil.</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Okay, so what have we learned today?</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
SDKs are a major blind-spot for enterprise security teams, as the emerging attack surface can destroy a mobile app’s <a class="mention" data-id="yDXqDPheuoGEbRZhr" data-tooltip="#security model (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/security-model" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#security model (search)">security model</a> with behavior that developers perform everyday. While traditional app <a class="mention" data-id="jTiCM6MtAjAXQXiSv" data-tooltip="#security teams (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/security-teams" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#security teams (search)">security teams</a> focus on <a class="mention" data-id="62LJoPTGXY7Da5PMR" data-tooltip="#security flaws (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/security-flaws" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#security flaws (search)">security flaws</a> within the app, rightfully so, many of them are not aware of this attack surface at all. <a class="mention" data-id="QtbCEGinFQyMaxNmX" data-tooltip="#App security (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/app-security" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#app security (search)">App security</a> teams usually have 1) no idea which commercial/open source SDKs are bundled in the app 2) nor do they know which SDKs introduce security issues to the app.</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<span style="box-sizing: inherit; font-weight: 700; line-height: inherit;">More Real-world Examples</span></div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Okay, so where else is this happening?</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
Well, all over the place. To date, Data Theorem, <a class="mention" data-id="TF4DZy4Wodbu7YmSx" data-tooltip="#Google (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/google-2" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#google (search)">Google</a>, the <a class="mention" data-id="iJhetmHPpqTTiJeuW" data-tooltip="#FTC (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/ftc" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#FTC (search)">FTC</a>, and Fireeye have published most of the articles on this topic. A few examples are below:</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a href="https://datatheorem.github.io/android/2016/08/04/kochava-sdk/" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">Kochava SDK</a><span style="box-sizing: inherit; line-height: inherit;"> </span>(Android)<ul style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Issue: Disables TLS <a class="mention" data-id="zhgXziywWD99PHz6a" data-tooltip="#Certificate Validation (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/certificate-validation" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#certificate validation (search)">Certificate Validation</a> on the entire app and its connections</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Source: Data Theorem, Inc.</li>
</ul>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a href="https://www.ftc.gov/news-events/press-releases/2016/03/ftc-issues-warning-letters-app-developers-using-silverpush-code" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">Silverpush</a><ul style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Issue: Tracks user habits without the user knowledge or permission</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Source: Federal Trade Commission</li>
</ul>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a href="https://support.google.com/faqs/answer/7012047" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">VPon</a><ul style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Issue: Records audio, captures videos, collects geo-location & contacts</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Source: Google, Inc.</li>
</ul>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a class="" href="https://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">iBackdoor</a><span style="box-sizing: inherit; line-height: inherit;"> </span>(Not a legitimate SDK, but rather a purposely built library to <a class="mention" data-id="RQ2pLhYJBLQcX8ZSd" data-tooltip="#steal (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/steal" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#steal (search)">steal</a> data)<ul style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Issue: Collects audio, screenshots, geo-location, and accessed data in private storage/iOS keychain</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Source: Fireeye, Inc.</li>
</ul>
</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
Please note, these four SDKs are not exhaustive, just a small sample.</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">"What did the president know, and when did he know it"</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
A famous quote by Howard Baker in the middle of the Watergate scandal. Now that you know of this new class of issues, how do your apps rank? Data Theorem scans the App Store/Google Play on a daily basis, so if you have any concerns about your apps or their SDKs, please feel free to contact us and we’ll let you know either way free-of-charge. A full list of apps that have security or privacy issues sourced from a third party SDKs are listed below:</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a href="https://itunes.apple.com/us/genre/ios/id36?mt=8" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">https://itunes.apple.com/us/genre/ios/id36?mt=8</a></li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a href="https://play.google.com/store/apps" rel="noopener" style="background: transparent; box-sizing: inherit; color: #0000ee; line-height: inherit; text-decoration-line: none;" target="_blank">https://play.google.com/store/apps</a></li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><em style="box-sizing: inherit; line-height: inherit;">Okay, so the sky is falling, right?</em></li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
NO, the sky is not falling. Data Theorem has dynamically scanned over 10,000 SDKs and like everything else, 80% of them are just fine. 80/20 rule applies here too, where 20% of the SDKs cause 80% of the problems. Many of these SDKs introduce security issues by mistake, while others were purposely built to attack mobile apps and their data.</div>
<ul style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">What’s next, what should I be doing?</li>
</ul>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
There are a few next steps here:</div>
<ol style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-bottom: 1.125em; margin-top: 1.125em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Visibility is critical<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;"><a class="mention" data-id="dBqgCx6PnFfDGZATE" data-tooltip="#Enumerate (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/enumerate" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#enumerate (search)">Enumerate</a> the commercial SDKs and open source libraries in your app. This will remove the blind spot(s):<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Developers usually have a list of the SDKs somewhere, but not necessarily in a consolidated format</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Data Theorem provides <a class="mention" data-id="b9uzg2EXNLzMonNAt" data-tooltip="#real-time visibility (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/real-time-visibility" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#real-time visibility (search)">real-time visibility</a> for your mobile apps and it's 3rd-Party SDKs for free</li>
</ol>
</li>
</ol>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Continuous <a class="mention" data-id="ic9jzuAepYH8z93jP" data-tooltip="#testing (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/testing" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#testing (search)">testing</a><ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Each commercial SDK and/or <a class="mention" data-id="m83aWtRCk8JjKJXZS" data-tooltip="#open source library (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/open-source-library" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#open source library (search)">open source library</a>, and each version of it, needs to be evaluated for the following items:<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">What data, if any, does the SDK pull from the app?</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">What security issues, if any, does the SDK introduce to the app?</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">If the SDK is commercial…<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">What are the privacy terms of the SDK?</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">What <a class="mention" data-id="kAE7tJByqoucH9J76" data-tooltip="#security audits (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/security-audits" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#security audits (search)">security audits</a> have been performed?</li>
</ol>
</li>
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">If the library is open source…<ol style="box-sizing: inherit; line-height: inherit; margin-bottom: 0.625em; margin-top: 0.625em;">
<li style="box-sizing: inherit; color: inherit; line-height: inherit;">Who has reviewed the code for security flaws?</li>
</ol>
</li>
</ol>
</li>
</ol>
</li>
</ol>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-top: 1.125em;">
As you can see from the above, this is no easy task. Item number 2 is easy on paper, but hard to implement at-scale since it needs to be continuous and completed for every app’s release. Despite the challenge, it is something that must be done, as an absence of any <a class="mention" data-id="AdSfxXDjX6e9iyiis" data-tooltip="#action (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/action" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#action (search)">action</a> could very well <a class="mention" data-id="eYtcNhjhY3FiiadBq" data-tooltip="#lead (Tag)" data-type="Tag" href="https://www.peerlyst.com/tags/lead" style="background: transparent; border-bottom: 1px dotted rgb(119, 119, 119); box-sizing: inherit; color: #555555; line-height: inherit; position: relative; text-decoration-line: none; white-space: nowrap;" title="#lead (search)">lead</a> to the compromise of large volumes of data (both consume or enterprise data).</div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-top: 1.125em;">
<br /></div>
<div style="background-color: white; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: Arial, sans-serif; font-size: 16px; line-height: inherit; margin-top: 1.125em;">
<i>By: Data Theorem courtesy of Peerlyst</i></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-80622074348721811292019-12-28T11:30:00.000+00:002019-12-28T11:30:39.040+00:00Windows systems at Maastricht University were infected with a ransomware<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="background-color: white; border: 0px; font-family: Oswald !important; font-size: 28px; font-weight: inherit; margin: 10px 0px; padding: 0px; vertical-align: baseline;">
A new ransomware attack made the headlines, Maastricht University (UM) confirmed that the malware encrypted all its Windows systems on December 23.</h2>
<div>
<br /></div>
<div>
<br /></div>
<div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
<a href="https://www.maastrichtuniversity.nl/about-um" style="border: 0px; color: #1d2fa1; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration-line: none; transition: color 0.2s linear 0s, background 0.1s linear 0s, border-color 0.1s linear 0s; vertical-align: baseline;">Maastricht University</a> (UM) announced ransomware infected almost all of its Windows systems on Monday, December 23.</div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
Maastricht University is an excellent university attempted by over 18,000 students, roughly 4,400 employees, and 70,000 alumni.</div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
<em style="border: 0px; font-family: inherit; font-weight: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">“Maastricht University (UM) has been hit by a serious cyber attack. Almost all Windows systems have been affected and it is particularly difficult to use e-mail services.” reads the <a href="https://www.maastrichtuniversity.nl/news/cyber-attack-against-um" style="border: 0px; color: #1d2fa1; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration-line: none; transition: color 0.2s linear 0s, background 0.1s linear 0s, border-color 0.1s linear 0s; vertical-align: baseline;">notice </a>published by the UM. “UM is currently working on a solution. Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data.”</em></div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
The UM is investigating the incident and is working to restore operations, <gwmw class="ginger-module-highlighter-mistake-type-1" id="gwmw-15774792069318646198408">it</gwmw> also reported the incident to law enforcement.</div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
The university did not reveal details of the attack, it is not clear the family of ransomware that infected <gwmw class="ginger-module-highlighter-mistake-type-3" id="gwmw-15774749775688395915733">it</gwmw>s systems.</div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
It is unclear if the attackers have exfiltrated data from the systems before encrypting them.</div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
In response to the attack, the UM has taken down its systems as a precautionary measure. '</div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
<br /></div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
<em style="border: 0px; font-family: inherit; font-weight: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">“In order to work as safely as possible, UM has temporarily taken all of its systems offline.” reads an <a href="https://www.maastrichtuniversity.nl/news/update-cyber-attack-um" style="border: 0px; color: #1d2fa1; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration-line: none; transition: color 0.2s linear 0s, background 0.1s linear 0s, border-color 0.1s linear 0s; vertical-align: baseline;">update </a>published by the university. “Given the size and extent of the attack, it is not yet possible to indicate when that can be done exactly. For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not. This requires additional investigation.”</em></div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
<em style="border: 0px; font-family: inherit; font-weight: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></em></div>
<div style="background-color: white; color: #555555; font-family: Lato, "Helvetica Neue", Arial, Verdana, sans-serif; font-size: 14px; padding-bottom: 0.1em; padding-top: 0.1em;">
Students and employees can contact the ICT Servicedesk via mail (<a href="mailto:info@m-u.nl" style="border: 0px; color: #1d2fa1; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration-line: none; transition: color 0.2s linear 0s, background 0.1s linear 0s, border-color 0.1s linear 0s; vertical-align: baseline;">info@m-u.nl</a>) for any questions about the attack, alternatively, they can call 043 38 85 101 during office hours.</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-45563637252905931782019-12-17T12:52:00.000+00:002019-12-17T12:52:19.820+00:00The KnowBe4 African Cybersecurity Awareness Report<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfZgNNBpbGPkl9DVVmoaZa47njnoOep-EOAwmTzr-mA4Fx_WW79KLvXLCd1nTBX-yyUShJvlPnz97IAE8DeNrhWtSyhagcuJjWBO_hVziJrx8p94k-mWpf9GBtQKnXcRdGf4GSExD0Dz3h/s1600/Cyber-web-pic-600x344.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="344" data-original-width="600" height="183" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfZgNNBpbGPkl9DVVmoaZa47njnoOep-EOAwmTzr-mA4Fx_WW79KLvXLCd1nTBX-yyUShJvlPnz97IAE8DeNrhWtSyhagcuJjWBO_hVziJrx8p94k-mWpf9GBtQKnXcRdGf4GSExD0Dz3h/s320/Cyber-web-pic-600x344.jpg" width="320" /></a></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
<br /></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
<br /></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
Anna Collard, the Managing Director of KnowBe4 Africa, a specialist in cybersecurity awareness training, was in Mauritius to present <em style="box-sizing: border-box;">The 2019 KnowBe4 African Cybersecurity Awareness Report</em> with over 800 respondents across eight countries in Africa: South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
The survey revealed the pressing need to educate Africans to the different cyberattacks. The key finding of the report are as follows:</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
· <strong style="box-sizing: border-box;">53% of Africans surveyed think that trusting emails from people they know is good enough</strong></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
· <strong style="box-sizing: border-box;">64% didn’t know what ransomware is, yet they believe they can easily identify a security threat</strong></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
· <strong style="box-sizing: border-box;">28% have fallen for a phishing email and 50% have had a malware infection</strong></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
· <strong style="box-sizing: border-box;">52% don’t know what multi-factor authentication is</strong></div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
“The results proved that respondents’ confidence was based on the little they knew about cyber-attacks and it is where the problem lies,” said Collard.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
“Africans are not prepared for these threats, making them increasingly easy preys to cybercriminals.”</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
According to Business Insider SA, 525 million Africans were connected to the Internet in June 2019 – representing 40% of Africa’s total population. This number is expected to grow to a billion people by 2022. As connectivity improves, users are faced with increasing cyberattacks. In fact, Africa has been among the fastest growing regions in terms of cybercrime activities.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
When it comes more specifically to Mauritius, Anna Collard said: “It is one of the best prepared countries compared to other African countries with a Government prioritising the ICT sector and a vision to transform Mauritius into a Smart island by 2030.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
“Mauritius is one of only a handful of countries on the continent with a legal framework in place to combat cybercrime.”</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
The Global Security Index (GCI) shows that Mauritius is ranked among the top ten most committed countries globally and first in Africa.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
In addition, the survey showed a slightly higher awareness from Mauritian respondents when compared to other countries. In fact, more than half of respondents in Botswana, Egypt, Kenya, Ghana, Morocco and Mauritius have enough security smarts to avoid clicking on links or opening attachments they don’t expect.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
However, the top five cybercrimes, financial fraud, impersonation scams, business email compromise, extortion attacks and DDOS attacks on critical infrastructure are expected to rise in the coming years.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
“What makes Africa different to the rest of the world is that cybercriminals are shifting their attention towards the continent and other emerging economies,” said Collard.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
Many criminals consider Africa a safe haven for their illegal operations, as many African governments need to attend to other pressing issues such as fighting poverty, unstable politics, violent crime and large youth unemployment and still regard cybersecurity as a luxury, not a necessity.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
In many organisations, cybersecurity budgets are reported to be less than 1% or are non-existent. Africa also faces the problem of a serious skill shortage of security professionals as well as a lack of awareness and skills among the general user population to protect them online. Many African Internet users are connecting to the Internet for the first time and with the sharp increase in the next few years you are looking at millions of people connecting without understanding the risks.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
Another reason for why Africa is so attractive to cybercriminals is the lack of legislation and law enforcement. According to a report by the African Union, only about 20% of African states have basic legal frameworks to deal with cybercrime.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
Kenya, South Africa and Mauritius are probably the most advanced in this regard and Nigeria is coming up fast.</div>
<div style="background-color: white; box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin-bottom: 10px;">
“We have analysed the phish prone % (meaning user’s susceptibility to phishing) across our 25,000 plus customers and nine million end users around the world at KnowBe4 and results proved that what starts off with a 30% baseline hit rate is lowered by half to 15% in three months and down to only 2% 12 months later, showing a serious and measurable improvement and risk reduction,” added Collard.</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-1691920755632913582019-12-12T06:30:00.000+00:002019-12-12T06:30:12.945+00:00Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg9xJVkpsAo3ZlWyD8DWEtE03zm3PHqz1M2o5G_sKPYDueTozOUXBwFygRiINW4Se50M8YUQ81acsGu2LnV0v_c9DFa7BtMrjLuarbOnmAV8O2twLPoynKjEeqTjEfjynENQXh1ytrdvyu/s1600/ransom_note.webp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="728" data-original-width="1092" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg9xJVkpsAo3ZlWyD8DWEtE03zm3PHqz1M2o5G_sKPYDueTozOUXBwFygRiINW4Se50M8YUQ81acsGu2LnV0v_c9DFa7BtMrjLuarbOnmAV8O2twLPoynKjEeqTjEfjynENQXh1ytrdvyu/s320/ransom_note.webp" width="320" /></a></div>
<span class="strong black" style="background-color: white; border: 0px; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; font-weight: bold; line-height: 1.38462em; margin: 0px;"><br /></span>
<span class="strong black" style="background-color: white; border: 0px; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; font-weight: bold; line-height: 1.38462em; margin: 0px;"><br /></span>
<span class="strong black" style="background-color: white; border: 0px; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; font-weight: bold; line-height: 1.38462em; margin: 0px;">You can't prevent all ransomware attacks. However, it's possible to ensure that if a breach happens, it doesn't spread, affect business, and become a newsworthy event.</span><br />
<div class="divsplitter" style="background-color: white; clear: both; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 13px; height: 1.5em; margin: 0px;">
</div>
<div class="" style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em;">
<em style="margin: 0px;">Wayman Cummings and Salva Sinno also contributed to this column.</em></div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Nearly <a href="https://www.darkreading.com/threat-intelligence/14-million-new-phishing-sites-launched-each-month/d/d-id/1329955" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">1.5 million new phishing sites</a> are created each month. And <a href="https://www.sc.edu/study/colleges_schools/law/about/news/2019/cybersecurity_legal_institute_set_for_april_4.php" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">more than 850 million ransomware infections</a> were detected in 2018 alone. These statistics illustrate the threat that ransomware poses for every IT professional and every kind of organization.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Ransomware is a specific type of malware designed to encrypt a computer's content until the user pays to get the encryption or recovery key. This halts productivity, affecting business revenue. However, security pros can take decisive action to minimize the impact of ransomware.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
The first line of defense is always a good offense. To prevent an attacker from establishing a foothold in an organization's network, organizations should put the following in place:</div>
<ul style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin: 0px; padding-left: 3em;">
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Best practices</strong> such as strong patching policies, regular system backups, multifactor authentication, application whitelisting, and restrictions of local administrator rights and privileges</li>
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Awareness programs</strong> to educate users about phishing and other forms of social engineering</li>
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Security tools</strong> that provide spam filtering, link filtering, domain name system blocking/filtering, virus detection, and intrusion detection and prevention</li>
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">A zero-trust framework</strong> to identify, authenticate, and monitor every connection, login, and use of resources</li>
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Least privilege policies</strong> to restrict users' permissions to install and run software applications</li>
</ul>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Minimizing ransomware's impact is about more than just defending systems against attack. It also involves taking action to minimize the impact of breaches as they happen. This is critical, since all systems can be breached by attackers who have sufficient time and resources.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
That means putting in place solid incident response (IR) programs. Planning ahead builds confidence in that IR capability. To that end, enterprises should review their IR policies and engage in tabletop exercises. And they should use operational benchmarking to improve their ability to respond before an incident occurs.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Hackers continue to evolve and become more sophisticated with their attacks. So, it is likely that a ransomware attack will breach every enterprise's environment at some point. When that occurs, these four steps will minimize the impact and recover enterprise data:</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Step 1: Isolation</strong>Before doing anything else, ensure that the infected devices are removed from the network. If they have a physical network connection, unplug them from that connection. If they are on a wireless network, turn off the wireless hub/router. Also unplug any directly attached storage to try to save the data on those devices. The goal is to prevent the infection from spreading.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Step 2: Identify</strong>This step is often overlooked. By spending just a few minutes figuring out what has happened, enterprises can learn important information such as what variant of ransomware infected them, what files that strain of ransomware normally encrypts, and the options for decryption. Enterprises also may learn how to defeat the ransomware without paying or restoring system(s) from scratch.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Step 3: Report</strong>This is another step that many security professionals ignore, whether due to embarrassment or time constraints. However, by reporting the ransomware attack, enterprises may help other organizations avoid similar situations. Furthermore, they provide law enforcement agencies with a better understanding of the attacker. There are many ways to report a ransomware attack. One is by contacting a local FBI office in the US or registering a complaint with <a href="https://www.ic3.gov/default.aspx" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">the FBI's Internet Crime Complaint Center website</a>. The Federal Trade Commission's <a href="https://www.consumer.ftc.gov/features/feature-0038-onguardonline" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">OnGuardOnline website</a> and <a href="https://www.scamwatch.gov.au/" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">Scamwatch</a>, an Australian Competition & Consumer Commission effort, also collect such data.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Step 4: Recover</strong>In general, there are three options to recover from a ransomware attack: </div>
<ul style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin: 0px; padding-left: 3em;">
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Pay the ransom:</strong> This is not recommended because there are no guarantees the organization will get its data back after paying. Instead, the attacker might request even more money before unencrypting the data.</li>
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Remove the ransomware:</strong> Depending on the type of ransomware involved, an enterprise might be able to remove it without requiring a full rebuild. This process, however, can be very time consuming and is therefore not a preferred option.</li>
<li style="list-style-position: outside; margin: 0px;"><strong style="margin: 0px;">Wipe and rebuild:</strong> The easiest and safest method of recovery is to wipe the infected systems and rebuild them from a known good backup. Once rebuilt, organizations need to ensure that no traces remain of the ransomware that led to the encryption. Once an organization rebuilds its environment, the real work begins. That organization must then do a full environmental review to determine exactly how the infection began and what steps it must take to reduce the potential of another breach.</li>
</ul>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
It's simply not possible to keep all ransomware attacks at bay. However, it is possible to ensure that if a breach occurs, it does not spread, affect business, and become a newsworthy event.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
By fending off the majority of attacks and dealing swiftly with the bad actors that get in the door — with the help of dynamic isolation, microsegmentation, and other modern cybersecurity technologies — organizations will keep their businesses on track and on target.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<i>By: </i><span style="color: #043464; font-size: 12px;"><i>Mathew Newfield</i></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-21742734771396749182019-12-11T12:38:00.001+00:002019-12-11T12:38:57.842+00:00Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.<div dir="ltr" style="text-align: left;" trbidi="on">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6kzfoyje8KJ99lshpJy4_Z5brei5XMpVK2WsZRM0tVMrP_aGz7v-Z4V8mYJuIQUEgFbpuYodBjCiz85EGGZcb9BR6auWR86yIpR_jS-tAMfuZo58_bxr-S9DUiCazPcJz1twnhRJ6IiyH/s1600/960x0.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="640" data-original-width="960" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6kzfoyje8KJ99lshpJy4_Z5brei5XMpVK2WsZRM0tVMrP_aGz7v-Z4V8mYJuIQUEgFbpuYodBjCiz85EGGZcb9BR6auWR86yIpR_jS-tAMfuZo58_bxr-S9DUiCazPcJz1twnhRJ6IiyH/s320/960x0.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><fbs-accordion class="expandable" current="0" style="background-color: #fcfcfc; box-sizing: border-box; color: #737373; display: inline; font-family: "Work Sans", sans-serif; font-size: 12px; font-variant-ligatures: common-ligatures; text-align: start;"><div aria-expanded="true" class="color-body light-text" style="box-sizing: border-box; display: inline; height: 100%; line-height: 18px; margin-right: 8px; overflow: hidden;">
Ondrej Vlcek, chief executive officer of Avast, has defended his company's sales of aggregated user <span class="expanded-caption" style="box-sizing: border-box;">data, though one critic has accused it of creating “spyware.” </span></div>
</fbs-accordion><small style="background-color: #fcfcfc; box-sizing: border-box; color: #737373; font-family: "Work Sans", sans-serif; font-size: 9px; font-variant-ligatures: common-ligatures; line-height: 2; text-align: start; text-transform: uppercase;">SIMON DAWSON © 2019 BLOOMBERG FINANCE LP</small></td></tr>
</tbody></table>
<br />
<div class="speakable-paragraph" style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
Avast, the <a class="color-link" data-ga-track="InternalLink:https://www.forbes.com/sites/thomasbrewster/2019/07/12/the-czech-cyber-billionaire-who-built-a-fortune-on-free-software/" href="https://www.forbes.com/sites/thomasbrewster/2019/07/12/the-czech-cyber-billionaire-who-built-a-fortune-on-free-software/" style="-webkit-tap-highlight-color: rgba(0, 0, 0, 0); background-color: transparent; box-sizing: border-box; color: #003891; cursor: pointer; text-decoration-line: none;" target="_blank">multibillion-dollar Czech security company</a>, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it's working with Mozilla to get its products back online.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
But recently appointed chief executive Ondrej Vlcek tells <em style="box-sizing: border-box;">Forbes</em> there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
Here’s how it works, according to Vlcek: Avast users have their Web activity harvested by the company’s browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual’s identity, such as a name in the URL, as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that’s 65%-owned by Avast, before being sold on as “insights” to customers. Those customers might be investors or brand managers.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
What do those customers get? Vlcek says Jumpshot, which was initially acquired in 2013, provides “insights on how cohorts of users on the internet use the web.” For instance, it could show a percentage of visitors who went from one website to another. That could be useful to anyone monitoring an advertising campaign. </div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
“Typical customers would be, for example, investors, who would be interested in how online companies are doing in terms of their new campaigns,” the new Avast chief explains. Say Amazon launches a new product—Jumpshot could determine how much interest it’s getting online.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
Jumpshot's own <a class="color-link" data-ga-track="ExternalLink:https://www.jumpshot.com/product/clickstream-data" href="https://www.jumpshot.com/product/clickstream-data" style="-webkit-tap-highlight-color: rgba(0, 0, 0, 0); background-color: transparent; box-sizing: border-box; color: #003891; cursor: pointer; text-decoration-line: none;" target="_blank">website</a> is a little more detailed, promising “incredibly detailed clickstream data from 100 million global online shoppers and 20 million global app users.” It’s possible to “track what users searched for, how they interacted with a particular brand or product, and what they bought. Look into any category, country, or domain.”</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
That might be unnerving to privacy-predisposed folk, but Vlcek compares this kind of data trading to the kind seen in healthcare. In that market, anonymized data is used to create case studies, where by looking at data trends it could be determined who is more likely to get a disease.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
As a final assurance, Vlcek told <em style="box-sizing: border-box;">Forbes</em> he recognizes customers use Avast to protect their information and so it can’t do anything that might “circumvent the security of privacy of the data including targeting by advertisers.”</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
“So we absolutely do not allow any advertisers or any third party ... to get any access through Avast or any data that would allow the third party to target that specific individual,” he adds. As for how much money this actually makes for Avast, it’s around 5% of overall revenue, says Vlcek. Given the first half of 2019 revenue stood at just under $430 million, that’s still more than $20 million.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
Avast’s user data sales have attracted concern as recently as last week, though. Adblock Plus founder Wladimir Palant has been tracking Avast’s Web browsing over 2019, and he reported the data slurping to Mozilla and Opera before they removed the add-ons from their stores just last week.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
Palant now wants Google to do the same for Chrome. “Google Chrome is where the overwhelming majority of these users are,” he warned in a <a class="color-link" data-ga-track="ExternalLink:https://palant.de/2019/12/03/mozilla-removes-avast-extensions-from-their-add-on-store-what-will-google-do/" href="https://palant.de/2019/12/03/mozilla-removes-avast-extensions-from-their-add-on-store-what-will-google-do/" style="-webkit-tap-highlight-color: rgba(0, 0, 0, 0); background-color: transparent; box-sizing: border-box; color: #003891; cursor: pointer; text-decoration-line: none;" target="_blank">blog post</a> earlier this month.</div>
<div style="background-color: #fcfcfc; box-sizing: border-box; color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-size: 18px; font-variant-ligatures: common-ligatures; margin-bottom: 1.2rem; margin-top: 1.2rem;">
<br /></div>
<div style="background-color: #fcfcfc; box-sizing: border-box; margin-bottom: 1.2rem; margin-top: 1.2rem;">
<span style="font-size: x-small;"><i style="color: #333333; font-family: Georgia, Cambria, "Times New Roman", Times, serif; font-variant-ligatures: common-ligatures;">Source:</i><span style="background-color: transparent; font-variant-ligatures: common-ligatures;"><span style="color: #333333; font-family: Georgia, Cambria, Times New Roman, Times, serif;"><i> https://www.forbes.com/sites/thomasbrewster/2019/12/09/are-you-one-of-avasts-400-million-users-this-is-why-it-collects-and-sells-your-web-habits/?utm_medium=partnerurl&utm_source=Tactical%20Intelligence%Security%Ltd</i></span></span></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-59477298494086023972019-12-11T06:30:00.000+00:002019-12-11T06:30:09.536+00:00Please don’t buy this: smart doorbells<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz_EbFlbOVkvy2z43rz8Yj0mH1erVhLaMdcg7QNLPv-8zfThve3nWyp4SDoK5V7FbTq9BHps1qRH7nTORMs71evZByllfabknNlfEwio9_fPADWd6DpPVzUTClv7ZP0HzwENH4NfBuAYV5/s1600/smart-doorbell-with-hand-approaching-900x506.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="506" data-original-width="900" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz_EbFlbOVkvy2z43rz8Yj0mH1erVhLaMdcg7QNLPv-8zfThve3nWyp4SDoK5V7FbTq9BHps1qRH7nTORMs71evZByllfabknNlfEwio9_fPADWd6DpPVzUTClv7ZP0HzwENH4NfBuAYV5/s320/smart-doorbell-with-hand-approaching-900x506.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px;">
Though Black Friday and Cyber Monday are over, the two shopping holidays were just precursors to the larger Christmas season—a time of year when online packages pile high on doorsteps and front porches around the world.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
<a aria-label=" (opens in a new tab)" href="https://blog.ring.com/2019/11/29/10-safety-tips-to-protect-your-packages-this-holiday-season/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">According to some companies</a>, it’s only logical to want to protect these packages from theft, and wouldn’t it just so happen that these same companies have the perfect device to do that—smart doorbells.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Equipped with cameras and constantly connected to the Internet, smart doorbells provide users with 24-hour video feeds of the view from their front doors, capturing everything that happens when a user is away at work or sleeping in bed.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Some devices, like the Eufy Video Doorbell, can allegedly differentiate between a person dropping off a package and, say, a very bold, very unchill goat marching up to the front door (<a aria-label=" (opens in a new tab)" data-rel="lightbox-video-0" href="https://youtu.be/3M8iCIjnpqk?t=67" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">it really happened</a>). Others, like Google’s Nest Hello, proclaim to be able to “recognize packages and familiar faces.” Many more, including Arlo’s Video Doorbell and Netatmo’s Smart Video Doorbell, can deliver notifications to users whenever motion or sound are detected nearby.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The selling point for smart doorbells is simple: total vigilance in the palms of your hands. But if you look closer, it turns out a privatized neighborhood surveillance network is a bad idea.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
To start, some of the more popular smart doorbell products have suffered severe cybersecurity vulnerabilities, while others lacked basic functionality upon launch. Worse, the data privacy practices at one major smart doorbell maker resulted in wanton employee access to users’ neighborhood videos. Finally, partnerships between hundreds of police departments and one smart doorbell maker have created a world in which police can make broad, multi-home requests for user videos without needing to show evidence of a crime.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The path to allegedly improved physical security shouldn’t involve faulty cybersecurity or invasions of privacy.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Here are some of the concerns that cybersecurity researchers, lawmakers, and online privacy advocates have found with smart doorbells.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
<strong style="box-sizing: border-box;">Congress fires off several questions on privacy</strong></h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
On November 20, relying on public reports from earlier in the year, five US Senators sent a letter to Amazon CEO Jeff Bezos, <a aria-label=" (opens in a new tab)" href="https://theintercept.com/2019/11/20/amazon-ring-security-senate/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">demanding answers about a smart doorbell company</a> that Bezos’ own online retail giant swallowed up for $839 million—Ring.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
According to an <a aria-label=" (opens in a new tab)" href="https://theintercept.com/2019/01/10/amazon-ring-security-camera/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">investigation by The Intercept</a> cited by the senators, beginning in 2016, Ring “provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world.”</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The Intercept’s source also said that “at the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s ‘sense that encryption would make the company less valuable,’ owing to the expense of implementing encryption and lost revenue opportunities due to restricted access.”</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Not only that, but, according to the Intercept, Ring also “unnecessarily” provided company executives and engineers with access to “round-the-clock live feeds” of some customers’ cameras. For Ring employees who had this type of access, all they needed to actually view videos, The Intercept reported, was a customer’s email address.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The senators, in their letter, were incensed.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
“Americans who make the choice to install Ring products in and outside their homes do so under the assumption that they are—as your website proclaims—‘making the neighborhood safer,’” <a aria-label=" (opens in a new tab)" href="https://www.wyden.senate.gov/imo/media/doc/112019%20Wyden%20Markey%20Can%20Hollen%20Coons%20Peters%20Ring%20Letter%20to%20Amazon.pdf" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">the senators wrote</a>. “As such, the American people have a right to know who else is looking at the data they provide to Ring, and if that data is secure from hackers.”</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The lawmakers’ questions came hot on the heels of <a href="https://www.washingtonpost.com/technology/2019/09/05/sen-markey-seeks-answers-ring-doorbell-camera-police-network/" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;">Senator Ed Markey’s own efforts in September into untangling Ring’s data privacy practices for children</a>. How, for instance, does the company ensure that children’s likenesses won’t be recorded and stored indefinitely by Ring devices, the senator asked.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
According to The Washington Post, when Amazon responded to Sen. Markey’s questions, the answers potentially came up short:</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
“When asked by Markey how the company ensured that its cameras would not record children, [Amazon Vice President of Public Policy Brian Huseman] wrote that no such oversight system existed: Its customers ‘own and control their video recordings,’ and ‘similar to any security camera, Ring has no way to know or verify that a child has come within range of a device.’”</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
But Sen. Markey’s original request did not just focus on data privacy protections for children. The Senator also wanted clear answers on an internal effort that Amazon had provided scant information on until this year—its partnerships with hundreds of police departments across the country.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
<strong style="box-sizing: border-box;">Police partnerships</strong></h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
In August, The Washington Post reported that <a aria-label="Ring had forged video-sharing relationships with more than 400 police forces in the US (opens in a new tab)" href="https://www.washingtonpost.com/technology/2019/08/28/doorbell-camera-firm-ring-has-partnered-with-police-forces-extending-surveillance-reach/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">Ring had forged video-sharing relationships with more than 400 police forces in the US</a>. Today, that number has grown to at least 677—an increase of roughly 50 percent in just four months.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The video-sharing partnerships are simple.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
By partnering with Ring, local police forces gain the privilege of requesting up to 12 hours of video spanning a 45-day period from all Ring devices that are included within half a square mile of a suspected crime scene. Police officers request video directly from Ring owners, and do not need to show evidence of a crime or obtain a warrant before asking for this data.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Once the video is in their hands, police can, <a aria-label=" (opens in a new tab)" href="https://www.washingtonpost.com/technology/2019/11/19/police-can-keep-ring-camera-video-forever-share-with-whomever-theyd-like-company-tells-senator/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">according to Ring, keep it for however long they wish and share it with whomever they choose</a>. The requested videos can sometimes include video that takes place inside a customer’s home, not just outside their front door.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
At first blush, this might appear like a one-sided relationship, with police officers gaining access to countless hours of local surveillance for little in return. But Ring has another incentive, far away from its much-trumpeted mission “to reduce crime in neighborhoods.” Ring’s motivations are financial.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
According to Gizmodo, for police departments that partner up with Ring to gain access to customer video, Ring gains <a aria-label=" (opens in a new tab)" href="https://gizmodo.com/everything-cops-say-about-amazons-ring-is-scripted-or-a-1836812538" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">near-unprecedented control in how those police officers talk about the company’s products</a>. The company, Gizmodo reported, “pre-writes almost all of the messages shared by police across social media, and attempts to legally obligate police to give the company final say on all statements about its products, even those shared with the press.”</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Less than one week after Gizmodo’s report, Motherboard obtained documents that included standardized responses for police officers to use on social media when answering questions about Ring. <a aria-label=" (opens in a new tab)" href="https://www.vice.com/en_us/article/wjwea4/revealed-the-secret-scripts-amazon-give-to-cops-to-promote-ring-surveillance-cameras" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">The responses, written by Ring, at times directly promote the company’s products</a>.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Further, in the California city of El Monte, police officers offered <a aria-label=" (opens in a new tab)" href="https://blog.malwarebytes.com/please-dont-buy-this/2019/12/please-dont-buy-this-smart-doorbells/%E2%80%9CLaw%20enforcement%20is%20supposed%20to%20answer%20to%20elected%20officials%20and%20the%20public,%20not%20to%20public%20relations%20operatives%20from%20a%20profit-obsessed%20multinational%20corporation%20that%20has%20no%20ties%20to%20the%20community%20they%20claim%20they're%20protecting.%22" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">Ring smart doorbells as an incentive</a> for individuals to share information about any crimes they may have witnessed.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The partnerships have inflamed multiple privacy rights advocates.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
“Law enforcement is supposed to answer to elected officials and the public, not to public relations operatives from a profit-obsessed multinational corporation that has no ties to the community they claim they’re protecting,” said Evan Greer, deputy director of Fight for the Future, when talking to Vice.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Matthew Guariglia, policy analyst with Electronic Frontier Foundation, <a href="https://www.eff.org/deeplinks/2019/08/five-concerns-about-amazon-rings-deals-police" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;">echoed Greer’s points</a>:</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
“This arrangement makes salespeople out of what should be impartial and trusted protectors of our civic society.”</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
Cybersecurity concerns</h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
When smart doorbells aren’t potentially invading privacy, they might also be lacking the necessary cybersecurity defenses to work as promised.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Last month, a group of cybersecurity researchers from Bitdefender announced that they’d discovered a vulnerability in Ring devices that could have <a href="https://www.cnet.com/news/ring-doorbells-had-vulnerability-leaking-wi-fi-login-info-researchers-found/" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;">let threat actors swipe a Ring user’s WiFi username and password</a>.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The vulnerability, which Ring fixed when it was notified privately about it in the summer, relied on the setup process between a Ring doorbell and a Ring owner’s Wi-Fi network. To properly set up the device, the Ring doorbell needs to send a user’s Wi-Fi network login information to the doorbell. But in that communication, Bitdefender researchers said Ring had been sending the information over an unencrypted network.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Unfortunately, this vulnerability was not the first of its kind. In 2016, a company that tests for security vulnerabilities <a href="https://www.cnet.com/news/rings-smart-doorbell-can-leave-your-house-vulnerable-to-hacks/" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;">found a flaw in Ring devices</a> that could have allowed threat actors to steal WiFi passwords.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Further, this year, another smart doorbell maker suffered so many basic functionality issues that it <a href="https://www.theverge.com/2019/4/26/18518177/august-view-doorbell-issue-shipment-stop-testing-refund" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;">stopped selling its own device just 17 days after its public launch</a>. The smart doorbell, the August View, went <a href="https://www.theverge.com/2019/11/5/20950333/august-view-video-doorbell-on-sale-again-connectivity-issues-fixed" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;">back on sale six months</a> later.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
Please don’t buy</h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
We understand the appeal of these devices. For many users, a smart doorbell is the key piece of technology that, they believe, can help prevent theft in their community, or equip their children with a safe way to check on suspicious home visitors. These devices are, for many, a way to calmer peace of mind.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
But the cybersecurity flaws, invasions of privacy, and attempts to make public servants into sales representatives go too far. The very devices purchased for security and safety belie their purpose.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Therefore, this holiday season, we kindly suggest that you please stay away from smart doorbells. Deadbolts will never leak your private info.</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-30159260738047572262019-12-11T02:30:00.000+00:002019-12-11T02:30:01.652+00:00Malwarebytes teams up with security vendors and advocacy groups to launch Coalition Against Stalkerware<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaPT7pHxODqaCiELtUWfeigjQW9TNfc4otAaXxGki2MRAigU1f-zcJ6-pSkhPu-Ozg39ccFrVtgTWidWSUFDwDfYU5QSbEGhtsXHZznpLL8QxeRdNCS-dQHcfof3K2OI7OMBJs5cMpk4eI/s1600/Coalition-Against-Stalkerware-Border-Space.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="268" data-original-width="694" height="123" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaPT7pHxODqaCiELtUWfeigjQW9TNfc4otAaXxGki2MRAigU1f-zcJ6-pSkhPu-Ozg39ccFrVtgTWidWSUFDwDfYU5QSbEGhtsXHZznpLL8QxeRdNCS-dQHcfof3K2OI7OMBJs5cMpk4eI/s320/Coalition-Against-Stalkerware-Border-Space.png" width="320" /></a></div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px;">
<br /></div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px;">
On November 19 2019, Malwarebytes announced its participation in a joint effort to stop invasive digital surveillance: the Coalition Against Stalkerware.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
For years, Malwarebytes has detected and warned users about the potentially dangerous capabilities of stalkerware, an invasive threat that can rob individuals of their expectation of, and right to, privacy. Just like the domestic abuse it can enable, stalkerware also proliferates away from public view, leaving its victims and survivors in isolation, unheard and unhelped.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The Coalition Against Stalkerware is the next necessary step in stopping this digital threat—a collaborative approach steered by the promise of enabling the safe use of technology for everyone, everywhere. The coalition includes representatives from cybersecurity vendors, domestic violence organizations, and the digital rights space.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Our coalition’s founding members are Malwarebytes, Avira, Kaspersky, G Data, Norton Lifelock, National Network to End Domestic Violence, Electronic Frontier Foundation, Operation Safe Escape, WEISSER Ring, and the European Network for the Work with Perpetrators of Domestic Violence. Martijn Grooten, editor of Virus Bulletin, is serving as a special advisor.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Already, the coalition has produced results.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
In the past month, both Malwarebytes and Kaspersky shared research and intelligence on stalkerware with one another. This exchange has improved the detection rate for both our products, but more than that, it has improved the safety of users everywhere.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Further, coalition members have taken on the task of defining stalkerware and creating its detection criteria, crucial steps in empowering the cybersecurity industry to better understand this threat and how to fight it.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Finally, the coalition’s website, <a aria-label="StopStalkerware.org (opens in a new tab)" href="https://stopstalkerware.org/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">StopStalkerware.org</a>, includes information for domestic abuse survivors and advocates, including links to external resources, information about state laws, recent news articles, and survivors’ stories.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
With this group, we are making a call to the broader cybersecurity industry: If you have ever made a promise to protect people, now is the time to uphold that promise. Stalkerware is a known, documented threat, and you can help stop it.<br style="box-sizing: border-box;" /><br style="box-sizing: border-box;" />Join our fight. You’ll be in good company.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
<strong style="box-sizing: border-box;">Our journey against invasive monitoring apps</strong></h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
In 2019, Malwarebytes <a aria-label=" (opens in a new tab)" href="https://blog.malwarebytes.com/android/2019/06/mobile-stalkerware-a-long-history-of-detection/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">began a recommitment to detecting and stopping apps that could invasively monitor users without their knowledge</a>. These types of programs, which we classify as “monitor” or “spyware” in our product, can provide domestic abusers with a new avenue of control over their survivors’ lives, granting wrongful, unfettered access to text messages, phone calls, emails, GPS location data, and online browsing behavior.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
In this effort, we’ve analyzed more than 2,500 samples of programs that had been flagged in research algorithms as potential monitoring/tracking apps or spyware. We grew our database of known monitoring/spying apps to include more than 100 applications that no other vendor detects and more than 10 that were, as of October 1, still on the Google Play Store.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Further, we’ve written multiple blogs for domestic abuse survivors and advocates on <a href="https://blog.malwarebytes.com/stalkerware/2019/07/helping-survivors-of-domestic-abuse-what-to-do-when-you-find-stalkerware/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">what to do if they have these types of apps</a> on their phones, <a href="https://blog.malwarebytes.com/stalkerware/2019/10/how-to-protect-against-stalkerware-a-murky-but-dangerous-mobile-threat/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">how to protect against them</a>, and <a href="https://blog.malwarebytes.com/privacy-2/2019/08/data-and-device-security-domestic-abuse-survivors/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">how organizations supporting victims of stalking can secure their data</a>. In the summer, we also offered cybersecurity advice to domestic abuse advocates and survivors for the <a aria-label="National Network to End Domestic Violence’s Technology Summit (opens in a new tab)" href="https://victimresearch.org/event/nnedv-technology-summit-2019/" rel="noreferrer noopener" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">National Network to End Domestic Violence’s Technology Summit</a> in San Francisco.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
We are proud of our work, but we cannot ignore an important fact—it was not conducted in isolation.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Our blogs relied on the expertise of several domestic abuse advocates, along with the published work of researchers in intimate partner violence and digital rights. Our invitations to local community justice centers were as much about presenting as they were about learning. Our meetings with local law enforcement taught us about difficulties in collecting evidence of these invasive apps, and how domestic abusers can slip through the cracks of legal enforcement.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Every time we reached out, we learned more and we improved. With the Coalition Against Stalkerware, we hope to deepen these efforts.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
<br /></div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
<i>By: </i><span style="font-size: 12px;"> </span><span class="vcard author p-author h-card" style="box-sizing: border-box; font-size: 12px;"><a href="https://blog.malwarebytes.com/author/davidruiz/" rel="author" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" title="Posts by David Ruiz"><i>David Ruiz</i></a></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-84715457071460984242019-12-11T00:17:00.001+00:002019-12-11T00:17:19.007+00:00Rising to the challenge of delivering more secure elections<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="blog-author" style="-webkit-text-stroke-width: 0px; background-color: white; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; margin: 20px 0px; orphans: 2; overflow: hidden; text-align: start; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
<a class="blog-avatar" href="https://cybersecurity.att.com/blogs/author/shannon-brewster" style="background-color: transparent; border-radius: 50%; box-sizing: border-box; color: #0568ae; float: left; font-weight: normal; margin-right: 20px; text-decoration: none;"></a></div>
<br />
<div class="blog-content-area" style="background-color: white; box-sizing: border-box; orphans: 2; text-align: start; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; widows: 2;">
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
As efforts to modernize and digitize outdated and aging elections infrastructure take hold across the U.S., the demand for a revolutionized approach to cybersecurity has become an increasing imperative. Democratic nations rely on public trust in the integrity of their institutions and in a republic with the guiding principles of government “of the people, by the people and for the people.” There is perhaps a no more important system that that of free, fair, and<span> </span><strong style="box-sizing: border-box; font-weight: 700;">secure</strong><span> </span>elections. </div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
As we move deep into the digital era, societies have come to expect innovation in every aspect of their lives. And while governments have often been slower to respond to this reality, innovations to elections systems are beginning to appear, such as mobile vote centers, digital pollbooks, QR code-based ballots, and even remote voting through mobile applications. </div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Adoption of these new technologies has the potential to bring many benefits, including an improved voter experience and increase individual participation in the democratic process through enhanced access to cast a ballot. However, digital-enabled network and cloud-supported architectures introduce new and unique challenges, particularly in the area of cybersecurity. </div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Consider the realities of elections operations that create potential vulnerabilities and opportunities for exploitation:</div>
<ul style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; margin: 0px 0px 30px; padding-left: 25px; text-transform: none; white-space: normal; word-spacing: 0px;">
<li style="box-sizing: border-box; font-size: 18px; font-weight: 300; line-height: 28px; margin-bottom: 0px;">Infrastructure is often stood uprapidly, on-demand and used only for very short intervals of time.</li>
<li style="box-sizing: border-box; font-size: 18px; font-weight: 300; line-height: 28px; margin-bottom: 0px;">Supporting physical and network infrastructure is frequently leased or borrowed from various disparate entities (schools, libraries, government offices) and traffic may be routed across various untrusted networks.</li>
<li style="box-sizing: border-box; font-size: 18px; font-weight: 300; line-height: 28px; margin-bottom: 0px;">Many poll workers and support staff are temporary contractors or volunteers (whose qualifications vary greatly by state) and may be trained insufficiently.</li>
<li style="box-sizing: border-box; font-size: 18px; font-weight: 300; line-height: 28px; margin-bottom: 0px;">Voting machines and supporting infrastructure (routers, switches, firewalls, etc.) can spend significant amounts of time in storage and then are quickly deployed; sometimes passing through multiple hands, creating possible chain-of-custody challenges.</li>
<li style="box-sizing: border-box; font-size: 18px; font-weight: 300; line-height: 28px; margin-bottom: 0px;">Physical safeguards of polling stations are difficult to scale and cost prohibitive.</li>
</ul>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Addressing these and other challenge begins with sound risk management strategies that align government focus, limited budgets, and time constraints to the areas of greatest positive impact. </div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Let’s start with some good framing questions.</div>
<h2 style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 30px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 34px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
What are the risks? Vulnerabilities? Threats?</h2>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Understanding the risks to election operations is key. Unfortunately, all too often public focus in unduly placed or heavily weighted on hackers, external threat actors, and hostile nation states. In reality, one of the biggest threats to an election is a lack of public confidence in the veracity of the results; in other words, perception. Basic security violations can do just as much, if not more, harm than a foreign threat actor and are are more likely to occur. To combat these threats, stay focused on building a system that reinforces security fundamentals like integrity, audibility, accountability, non-repudiation and verifiable chain-of-custody.</div>
<h2 style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 30px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 34px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
What are the regulatory mandates, and can we go further with security best practices?</h2>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
The Department of Homeland Security (DHS) designates elections systems as critical infrastructure; which mandates a host of regulatory standards and guidelines that must be adhered to or at least evaluated for applicability. It’s important to understand how the<span> </span><a href="https://www.nist.gov/news-events/news/2015/06/nist-publishes-final-guidelines-protecting-sensitive-government-information" style="background-color: transparent; box-sizing: border-box; color: #0568ae; font-weight: normal; overflow-wrap: break-word; text-decoration: none;" target="_blank">NIST guidelines</a><span> </span>and<span> </span><a href="https://www.cisecurity.org/blog/cis-controls-version-7-whats-old-whats-new/" style="background-color: transparent; box-sizing: border-box; color: #0568ae; font-weight: normal; overflow-wrap: break-word; text-decoration: none;" target="_blank">CIS v7</a>, for example, address the development of your controls and the entire security program, but look for opportunities to go further with industry best practices. Not only is this good fiduciary duty, it recognizes the fact that security “compliance” should not be the end goal. </div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
The threat landscape is continually evolving; in some cases, faster than industry standards can be updated and implemented. Solving these challenges requires building cross-functional teams, compromised of both regulatory (governance, risk, compliance) experts, security architects, and network engineers, and then empowering them to work collaboratively with elections operations teams in identifying evolving risk mitigation strategies that align with standards and push for higher security levels where appropriate.</div>
<h2 style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 30px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 34px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Is the architecture defensible? </h2>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Elections infrastructure should be limited in scope to systems used strictly to support elections and not interconnected with other government systems or business networks. Physical and logical separation (<a href="https://www.alienvault.com/blogs/security-essentials/secure-by-design-the-network" style="background-color: transparent; box-sizing: border-box; color: #0568ae; font-weight: normal; overflow-wrap: break-word; text-decoration: none;">segmentation</a>) are challenging to achieve but the upfront effort will make defending the system easier in the end. Tightening and limiting the IT footprint not only makes regulatory and security compliance more achievable; it eases control complexity, simplifies traffic and data flows, and reduces noise in the system that could complicate monitoring for abnormalities, policy violations, and malicious activity during the election event. </div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Understanding expected traffic patterns, implementing controls that enforce your policies, and adding in detection and prevention capabilities ought to be fundamental. To be defensible, all of this must be manageable from a platform that offers full visibility, in near real-time, to all network and application activity and has advanced correlation with internal network activity and advanced external threat intelligence.</div>
<h2 style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 30px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 34px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Are 3<sup style="box-sizing: border-box; font-size: 22.5px; line-height: 0; position: relative; top: -0.5em; vertical-align: baseline;">rd</sup><span> </span>party suppliers and vendors and clouds introducing unforeseen risk?</h2>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Choose partners and suppliers wisely and approach vendor risk methodically with rigor. A chain is only as good as its weakest link, and so it is with interconnected systems. Vendors should demonstrate cybersecurity maturity levels across their operations consistent with the elections system itself, otherwise they will have lowered the security of the entire system. As an example, poor human resources security (like lack of continuous background checks) might enable a hostile insider access to the election system that could be used to compromise the integrity of the entire operation.</div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Additionally, it’s not safe to assume that any elections systems vendor is practicing sound security principles in their operations just because the election product itself is “certified” or because it has been marketed aggressively to the industry. Look beyond the product itself and incorporate a broader assessment of the organization. For a vendor to be a trusted, demand full transparency of their environment and be on guard for any push back or claims of “proprietary information” that create barriers to understanding how their technology operates under the hood.</div>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
At a minimum, practice sound vendor management by providing that a vendor’s master service agreement requires appropriate security maturity levels and include written legal authorization to verify any and all controls. Negotiating these terms up front can help mitigate a wide range of security challenges and prevent misalignment of expectations as the vendor’s technology is integrated into the ecosystem. </div>
<h2 style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 30px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 34px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
Conclusion</h2>
<div style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 26px; margin: 0px 0px 20px; text-transform: none; white-space: normal; word-spacing: 0px;">
The cybersecurity community must rise to the challenge of offering solutions that meet the demands of the coming revolution and risks of disruption of traditional voting models. The constant drum beat of data breaches serves as a warning that the task is not easy. Local governments and communities will need to invest heavily in order to build teams that are empowered to develop a mature election cybersecurity ecosystem. These start with some of the basics mentioned here but ultimately will require creating an organizational culture attuned to security awareness and risk mindfulness at all levels.</div>
<div style="box-sizing: border-box; line-height: 26px; margin: 0px 0px 20px;">
<i style="-webkit-text-stroke-width: 0px; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px;">By </i><span style="font-family: ATT Aleck Sans, Arial, Helvetica, sans-serif;"><span style="font-size: 18px;"><i>Shannon Brewster</i></span></span></div>
<div class="blog-related" style="-webkit-text-stroke-width: 0px; box-sizing: border-box; color: black; font-family: "ATT Aleck Sans", Arial, Helvetica, sans-serif; font-size: 18px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px;">
<div class="be-ix-link-block" style="box-sizing: border-box;">
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-49407433754419122502019-12-10T21:59:00.002+00:002019-12-10T21:59:23.237+00:00Maersk CISO Says NotPeyta Devastated Several Unnamed US firms<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeH7SwwWkSKXfg2JOixdZVzU-Ji6z9pWQCJPFuuwwwRWPfTpjmZ4yDdyw3p_9F7m1fIQ0vTiekVKuHXxV5jo_lkn86HPmkGuYjagQzzmnhGztdzBz8LEp4-t15FcbajrIxzKPWVAH1htCU/s1600/notpeyta.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="584" data-original-width="877" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeH7SwwWkSKXfg2JOixdZVzU-Ji6z9pWQCJPFuuwwwRWPfTpjmZ4yDdyw3p_9F7m1fIQ0vTiekVKuHXxV5jo_lkn86HPmkGuYjagQzzmnhGztdzBz8LEp4-t15FcbajrIxzKPWVAH1htCU/s320/notpeyta.jpeg" width="320" /></a></div>
<span class="strong black" style="background-color: white; border: 0px; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; font-weight: bold; line-height: 1.38462em; margin: 0px;"><br /></span>
<span class="strong black" style="background-color: white; border: 0px; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; font-weight: bold; line-height: 1.38462em; margin: 0px;">At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.</span><br />
<div class="divsplitter" style="background-color: white; clear: both; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 13px; height: 1.5em; margin: 0px;">
</div>
<div class="" style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em;">
The unprecedented 2017 NotPetya malware attack on global shipping giant Maersk has been well documented, but according to the organization's top cybersecurity executive, several other companies suffered equally if not even more devastating damage but have yet to publicly reveal the incidents.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Speaking at Black Hat Europe 2019, A.P. Moller Maersk A/S Chief Information Security Officer Andrew Powell said he believes globally approximately 600 companies were damaged by NotPetya around the time of the Maersk attack. Powell said that's because the source of the attackswas traced back to an application called M.E.Doc, a financial application that the Ukrainian government essentially requires any company to use if it is doing business in the country.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
According to published reports, NotPetya was the key element in a nation-state-sponsored cyberattack campaign targeting the government of Ukraine. Instead, the malware proved to be far more virulent.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
"Any company doing business in Ukraine and filing a tax return [in 2017] was hit," Powell said. "Very big companies in the U.S. got hit hard, two of them harder than us." Powell declined to name the companies and did not elaborate on how he came to know about these other organizations' NotPetya incidents. All told, estimates indicate the attack and recovery effort have cost Maersk nearly $300 million to date.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Published reports indicate NotPetya wreaked havoc all over the globe in nearly all industries. In the U.S., pharmaceutical giant Merck and shipping giant FedEx both lost more than $300 million from NotPetya as a result of cleanup and lost business.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Powell, a longtime information security executive, previously worked as a vice president for Capgemini, and spent nearly 30 years with the United Kingdom Royal Air Force, including serving as its CIO.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
"We weren't alone," Powell said. "Maersk is one of the few companies that has been transparent about what happened. We haven't tried to disguise it or shy away from it."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
An argument could be made, however, that Maersk had little choice. The Copenhagen-based shipping company, which transports approximately 20% of all global shipments, found itself virtually paralyzed by NotPetya in a matter of minutes.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Maersk NotPetya attack: What happened</strong><br style="margin: 0px;" />In retrospect, Powell said, Maersk wasn't well prepared to cope with an attack as sophisticated and crippling as NotPetya. In early 2017, he said, its cybersecurity maturity, like many manufacturing and logistics companies, was relatively low. Even though digital processes had become critical to Maersk's day-to-day operations, computer networks and server infrastructure weren't considered mission critical; what really mattered, according to the company, was its high-profile physical assets such as ports, ships, and shipping containers. Hence digital assets were minimally protected.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
So once a Maersk user in its Odessa office was infected, it spread through the Maersk global network faster than anyone imagined possible.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
"Within seven minutes," Powell said, "most of the damage was done."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
And that damage was staggering. According to Powell, NotPetya destroyed 49,000 laptops, more than 1,000 applications, all printing and file-sharing systems were knocked offline, its enterprise service bus and VMware vCenter cloud-management servers were ruined, and its DHCP and Active Directory servers were rendered useless.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
What proved to be especially devastating, Powell added, was that both its primary and backup Active Directory systems were taken out, a scenario Maersk never thought possible. "[NotPetya] was designed to destroy online backups specifically, preventing recovery using online backup methods," Powell said. "We had no copies of our Active Directory. We thought we had nothing to restart the network with."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">How Maersk recovered</strong><br style="margin: 0px;" />Fortunately, a stroke of good luck came when IT leaders learned that the company's Lagos office had suffered a power outage during the NotPetya attack. Its IT systems – including its copy of the company's Active Directory – were undamaged. The Lagos AD node was physically removed, flown to Copenhagen, and used to rebuild the rest of the network. However, the AD recovery process alone took more than a week. Clearly, Powell said, it was a scenario Maersk should have planned for. "Nine days for an Active Directory recovery isn't good enough," Powell said. "You should aspire to 24 hours; if you can't, then you can't repair anything else."</div>
<div class="" style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em;">
Meanwhile, during that time, Maersk had no way of knowing what was in its millions of shipping containers worldwide, or how to deliver them to their destinations. The result was a massive cascade of supply chain disruptions that rippled around the world. One well-known European retailer, Powell noted as an example, depends on Maersk for nearly all its shipments. In the wake of NotPetya, the retailer risked running out of clothes to sell in its stores.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
The company's physical command-and-control recovery processes were far more capable, and Powell said the company initiated those processes to quickly retain control of its kinetic assets, prioritizing management of its temperature-controlled shipments.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
From an IT perspective, Powell was surprised the solution that proved to be most helpful during the recovery was WhatsApp. Employees quickly connected with each other on their personal mobile devices, and used WhatsApp groups to share information, discuss problems, develop solutions, and share with others to put them into action.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
"The employees created groups around the way they operated," Powell said, adding that it proved to be a silver lining following the incident. "We used WhatsApp to help rebuild our business processes, and ultimately the attack helped us redesign our business."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Lessons learned</strong><br style="margin: 0px;" />Powell, who joined Maersk in June 2018 following the attack, said perhaps the most important lesson learned was that organizations must direct more IT resources into system recovery, especially offline backup capabilities. "Trust me, it is the best thing to invest in," Powell said, "because high-level nation-state cyberweapons will take out everything you have online."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Maintaining and ensuring data integrity must also be a focus of cybersecurity programs. Powell also said that attackers increasingly value data over infrastructure, and while any given attack campaign may appear focused on destroying data, the reality is that adversaries increasingly realize there is more value in simultaneously stealing the data and selling it later to the highest bidder.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Powell said specific technologies that Maersk has found to benefit from employing post-attack include endpoint detection and response, privileged access management, and a threat intelligence platform. Beyond any particular product, however, Maersk seeks to make cybersecurity a core tenant of its global day-to-day operations. As part of that effort, every employee in the company is now trained on cybersecurity, including what to do during a cybersecurity crisis.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
"In Danish, safety and security is the same word," Powell said. "So it makes sense to put cybersecurity into our safety mindset. And that's really paying off for us."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
Powell noted that while Maersk has dramatically improved its cybersecurity posture since the NotPetya attack, it is critical to understand that Maersk or any other organization could be hit with a similarly debilitating cyberattack at any time. Not only are nation-state-level cyberweapons falling into the hands of proxy adversaries, but these adversaries are probably already inside of most organizations, he said. "We have recognized at least three [nation-states] that have used a proxy to get into our network in the past six months, and they're doing that all around the globe."</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<span style="color: black; font-size: 12px;"><i>By Eric Parizo, Senior Analyst, Ovum (DarkReading.com)</i></span></div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<span style="color: black; font-size: 12px;"><i></i></span></div>
<a name='more'></a><span style="color: #333333; font-family: Graphik, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">The right approach to securing the endpoint requires Malwarebytes Multi-Vector Protection. Multi-Vector Protection employs multiple layers of technology to address advanced threats that leverage different attack vectors and techniques. Defend your endpoints against all types of threats with a layered approach that leverages static and dynamic detection technologies to address every stage of an attack for both Windows and Mac. <a href="http://bit.ly/MalwareBytesEndpointSecurity" target="_blank">Get Malwarebytes</a> Now and secure your endpoints.</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-85080134602016265252019-12-08T23:42:00.000+00:002019-12-08T23:42:00.909+00:00The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem<div dir="ltr" style="text-align: left;" trbidi="on">
<span class="strong black" style="background-color: white; border: 0px; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; font-weight: bold; line-height: 1.38462em; margin: 0px;">The industry can only go so far in treating security as a challenge that can be resolved only by engineering.</span><br />
<div class="divsplitter" style="background-color: white; clear: both; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 13px; height: 1.5em; margin: 0px;">
</div>
<div class="" style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em;">
In the early days of computing and connected devices, there was a lot we didn't yet know about designing secure products and environments. Today, there are established, well-known frameworks and lots of advice to help people protect data and devices in their care for everyone from home users to CISOs of Fortune 500 companies.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
So, why is it that good security practices are rarely adopted at every level of interaction with technology? It's because we still view the issue as a technology not a people problem. Consider these four human factors that prevent the security industry from moving towards a better future.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Human Factor 1: Usability and Accessibility</strong><strong style="margin: 0px;"><br style="margin: 0px;" /></strong>There's a kind of inertia that's created by the usability patterns that are baked into popular software (including operating systems), which keeps people from choosing the most secure option because they are designed to make us flow from one app to another naturally and almost without thought. These user-friendly designs do not encourage people to be cautious or wary.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
What's worse is the fact that the steps we can and should take to protect ourselves are, more often than not, designed to interrupt this flow. While this is not necessarily a bad thing, our industry still needs to understand <em style="margin: 0px;">why</em> people are practicing poor online hygiene. It is already a <a href="https://en.wikipedia.org/wiki/Sisyphus" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">Sisyphean</a> task to make things <em style="margin: 0px;">more</em> secure; making things less secure is like rolling that same boulder downhill. This effect is magnified for those with different accessibility requirements, such as people with <a href="http://vision.soic.indiana.edu/papers/impairments2015chi.pdf" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">vision impairment</a>.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Human Factor 2: Cybersecurity Skills</strong><strong style="margin: 0px;"><br style="margin: 0px;" /></strong>There are <em style="margin: 0px;">many</em> reasons that companies are having a difficult time hiring and retaining people in cybersecurity roles, starting with the widespread assumption that this is a career path suitable only for people who've been immersed in coding and mathematics since the time they could reach a keyboard.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
There's also a collective perception that security people can be incredibly hostile and antisocial, especially toward newcomers. Those who decide to seek a career in infosec often find that an entry-level job requires that they already have work experience. Too often, people who actually make it into the industry (especially those from underrepresented groups) leave midcareer due to burnout, an unsupportive culture, or an ill-defined career path.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Human Factor 3: Solutions in Search of a Problem</strong><strong style="margin: 0px;"><br style="margin: 0px;" /></strong>Technological advances are typically approached as if they're all unquestionably good. We often fail to even ask whether there are downsides to these innovations, much less whether we can mitigate the damage after the fact. At the very least, we should all assume that any given product or service will eventually be misused, no matter how beneficial its original intent.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Human Factor 4: One Size Does Not Fit All</strong><strong style="margin: 0px;"><br style="margin: 0px;" /></strong>If you've ever gone to battle with your IT department over a policy that treats all employees as if their job functions were identical, you'll understand how frustrating such a cookie-cutter approach can be. Asking people to mold their life or job circumstances to fit a security policy is <a href="https://www.darkreading.com/endpoint/a-realistic-threat-model-for-the-masses/a/d-id/1335997" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">simply unrealistic</a>. Doing so is a recipe for reduced productivity, and may strongly contribute to employee <a href="https://hbr.org/2019/11/making-work-less-stressful-and-more-engaging-for-your-employees" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">burnout</a>.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<strong style="margin: 0px;">Human Factor 5: Broadening Our Experience and Knowledge Base</strong><br style="margin: 0px;" />The good news is that human problems are neither new nor unique to tech. There are entire industries that focus on studying human behavior, and there are people who specialize in the concerns of marginalized or vulnerable populations. Ideally, we should all be hiring people from these populations. But hiring challenges sometimes mean that there is work to be done on improving company culture, which experts can help with. For example, our industry has a long history of partnering with law enforcement. We should also be working with people specializing in <a href="https://www.apa.org/ed/graduate/specialize/industrial" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">industrial/organizational</a> and <a href="https://www.apa.org/action/science/teaching-learning/" style="color: #043464; margin: 0px; text-decoration-line: none;" target="_blank">educational</a> psychology, as well as social workers and ethicists.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
The security industry can only go so far in treating security as a problem that can be solved by engineering alone. Until we couple technology with a better understanding of the humans who are using technology insecurely, there's a limit on how much progress we can ultimately make.</div>
<div style="background-color: white; border: 0px; color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<br /></div>
<div style="background-color: white; border: 0px; line-height: 1.38462em; margin-block-end: 1em; margin-block-start: 1em; margin-bottom: 1em; margin-top: 1em;">
<i style="color: #413f41; font-family: Helvetica, Arial, sans-serif; font-size: 1.08333em;">By </i><span style="background-color: transparent; font-size: 17.3333px;"><span style="color: #413f41; font-family: Helvetica, Arial, sans-serif;"><i>Lysa Myers</i></span></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-86342311128219286502019-12-07T13:35:00.000+00:002019-12-07T13:35:56.339+00:00Africa needs to beef up cyber security urgently: experts<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzKTc75FEHIlEhbsZaAe1pFcV2S9t_sNXSl8Isup2fRoCkliKBCEEDvixG9ufKkyIaOETWQSQkv31_-8o7c42zJe98TH34U1rKtzkmYfQl5n3Ss7JD4fu_OaOZZHOiYpdt7SrGJrK1Gblw/s1600/Screenshot+2019-12-07+at+13.27.27.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1091" data-original-width="1023" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzKTc75FEHIlEhbsZaAe1pFcV2S9t_sNXSl8Isup2fRoCkliKBCEEDvixG9ufKkyIaOETWQSQkv31_-8o7c42zJe98TH34U1rKtzkmYfQl5n3Ss7JD4fu_OaOZZHOiYpdt7SrGJrK1Gblw/s320/Screenshot+2019-12-07+at+13.27.27.png" width="300" /></a></div>
<br />
<br />
<br />
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
Africa is being increasingly targeted by hackers and must invest in cyber security, industry leaders said at the third Africa Cyber Security Conference closing Friday in Ivory Coast. Although Africa is not a prime target, "cyber threats have no more borders" and data pirates "attack anything that moves", said Michel Bobillier, a leader of IBM's elite security unit, the Tiger Team.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"The creativity of these people is very great, they have organisations, real structured ecosystems, with a great deal of money and technology" to launch complex attacks, he said in Abidjan, Ivory Coast's main city.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
Auguste Diop, managing director of Talentys, an Ivorian company operating in West Africa, said cybercriminals worldwide amassed a staggering 3,000 billion euros ($2,600 billion) in 2015, a sum he expected to double by 2021.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
Specific figures are unavailable for the African continent, but its banks and telecoms firms are the main target for pirates.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
They operate by bank fraud and exploiting the new tools for electronic payment, notably money transfers and the payment of bills on mobile phones, which are expanding fast.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
To take advantage of the growing market for cyber security, Orange CyberDefense—a subsidary of multinational telecoms operator Orange—plans to open an hub in Morocco in 2019, with satellites in Tunisia, Ivory Coast and Senegal.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"The market for cyber security in Africa will expand from 1.7 billion dollars (1.5 billion euros) in 2017 to more than 2.5 billion in 2020," forecast Michel Van den Berghe, managing director of Orange CyberDefense, speaking to AFP by phone.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"Cybercrime could destroy confidence in the development of digital technology," he warned, calling for measures to "reassure companies that wish to invest in Africa".</div>
<div class="subscribe-widget mv3 center black-grey" style="-webkit-box-pack: center; -webkit-font-smoothing: antialiased; background-color: #333333; box-sizing: border-box; color: white; font-family: Muli, sans-serif; font-size: 17.6px; justify-content: center; margin-bottom: 1.8rem !important; margin-top: 2rem; padding: 2rem 3rem; text-align: center;">
<div style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 1rem; word-break: break-word;">
<span class="h3 mb1" style="box-sizing: border-box; font-size: 1.25rem; line-height: 1.1375; margin-bottom: 1rem;">Follow us on Twitter to receive updates!</span></div>
<iframe allowtransparency="true" class="twitter-follow-button twitter-follow-button-rendered" data-screen-name="TacticalInSec" frameborder="0" id="twitter-widget-0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.e3a0e1b01ae601b6c9cf798a93ab7e69.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=TacticalInSec&show_count=true&show_screen_name=true&size=l&time=1575651335074" style="box-sizing: border-box; height: 28px; position: static; visibility: visible; width: 270px;" title="Twitter Follow Button"></iframe></div>
<h2 id="top-5-best-practices-for-data-center-security" style="background-color: white; box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 2rem; line-height: 1.1375; margin: 1.5em 0px 1rem; position: relative;">
'Change mindsets'</h2>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
Attacks using ransomware—in which hackers use a malware virus to infiltrate a computer and encrypt data, then proposing to provide a coded key to "unlock" the data on payment of a ransom—have "doubled in a year", Van den Berghe says. In Africa, attacks have gone up by "20 or 30 percent" over that period.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"Everyone is threatened" in Africa, notably by data theft from individuals, companies and governments, according to Diop.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"Africa is lagging behind, digital security is in its infancy," he said, though he noted that nations such as Kenya and South Africa are "more mature zones".</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"Cyber defence can weigh heavy on budgets, but cyber attacks cost a whole lot more dearly to companies," Bobillier said.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
For Visa's regional bureau in Abidjan, covering 18 countries in West and Central Africa, "each attack costs an average of 1.2 million dollars," mainly in lost income, said risk manager Lawal Aribidesi, who did not specify the number of attacks.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"The challenge is to change mindsets, to bring the culture of security to business," said Boukary Ouedraogo, managing director of Atos Afrique de l'Ouest, the regional subsidiary of one of the world's main digital services firms.</div>
<div style="background-color: white; box-sizing: border-box; color: #212438; font-family: Quicksand, sans-serif; font-size: 20px; margin-bottom: 1.75rem;">
"As a latecomer to digital technology, Africa can turn its handicap into an advantage by avoiding the errors made in cyber security by Europe and America," Diop suggested.</div>
<div>
<hr style="background: rgb(167, 167, 167); border-style: none; box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; height: 0.0625em; margin: 0px;" />
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; margin-top: 1rem; word-break: break-word;">
Keeping track of all of your assets and shadow infrastructure is crucial for knowing which levels of security you need to protect your valuable data. Using our <a href="https://taise.tech/" rel="" style="color: #888888; text-decoration-line: none;" target="_blank">SoC-as-a-Service</a> will provide you with real-time attack surface monitoring so you can detect and mitigate any potential threats. And at Tactical Intelligence Security Ltd, we’re here to help you. To find out more about our SoC-as-a-Service, <a href="https://fb.com/book/TacticalInSec/" style="box-sizing: border-box; color: #0ca1ba; text-decoration-line: none;" target="_blank">schedule a call</a> with our team today!</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-30079157666034797212019-12-07T03:31:00.000+00:002019-12-07T03:31:01.420+00:00What is Data Center Security? Top 5 Best Practices<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEift4IGtXtShLWER_t1kDQoW4MNKJ3y7PXj4BPO2DowC27cPXFjS7DR-dFchcEwZPZeNUH5N28ArvxMuojfYHXsRKVoYX9OlZenBHIPmcSvy05roEMyuD-pvuAIRcprFCPelTkPSSgt2fsi/s1600/c0e3c398b36f4910763dad38f27af33c0ea78057-data-center-security.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="728" data-original-width="1600" height="145" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEift4IGtXtShLWER_t1kDQoW4MNKJ3y7PXj4BPO2DowC27cPXFjS7DR-dFchcEwZPZeNUH5N28ArvxMuojfYHXsRKVoYX9OlZenBHIPmcSvy05roEMyuD-pvuAIRcprFCPelTkPSSgt2fsi/s320/c0e3c398b36f4910763dad38f27af33c0ea78057-data-center-security.jpeg" width="320" /></a></div>
<span style="color: #555555; font-family: "muli" , sans-serif; font-size: 22.4px;">Cloud computing and technology have truly revolutionized the way we collect, process and store data. Organizations are increasingly moving their entire infrastructure to the cloud, storing their information in safe, encrypted data centers.</span><br />
<span style="color: #555555; font-family: "muli" , sans-serif; font-size: 22.4px;"><br /></span>
<br />
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
That doesn’t mean data security is no longer a concern. Because data centers hold sensitive and valuable content, they need to be firmly secured, both physically and virtually.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
With security engraved into data their architecture, by default data centers should be safe—but even with all regulations and security policies met, they’re still highly complex environments. Many components need to be assessed before you decide on a facility.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
That’s why today’s article takes a good look at data center security. We’ll share exactly what it is and what are the security practices data centers should have to make your data safe.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
<br /></div>
<h2 id="what-is-data-center-security" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 2rem; font-weight: 300; line-height: 1.1375; margin: 1.5em 0px 1rem;">
What is data center security?</h2>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Before we answer that question, let’s find out what a “data center” is.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
A data center is a space or facility dedicated to storing an organization’s entire IT infrastructure. Such a facility offers various services such as organizing, processing and storing data, data recovery, backup and more. Essentially, data centers store the most critical systems and data vital for the operation of that organization, so keeping these facilities secure is a top priority.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Data center security alludes to the practices, policies, measures and technologies used for both physical and virtual protection of the facility. Security measures need to protect data centers from both external and internal threats. Data loss, data alteration and corruption, DDoS attacks, SQL injection, eavesdropping, tailgating, theft of intellectual property and other types of cyber crime pose a constant threat to data center infrastructure.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Here are some basic considerations for data center effectiveness:</div>
<ul style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin: 0px 0px 1rem; padding: 0px 0px 0px 2em;">
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><div style="box-sizing: border-box; word-break: break-word;">
Physical security of the building</div>
</li>
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><div style="box-sizing: border-box; word-break: break-word;">
Managing and restricting access</div>
</li>
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><div style="box-sizing: border-box; word-break: break-word;">
Set security procedures and protocols that are always tested</div>
</li>
</ul>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Each one of these components is complex in itself and made of different elements that define the components’ combined effectiveness and functioning relationship. After all, a building can strive for maximum security with a remote location, surveillance systems, multiple authentication methods and security guards, but without proper security policies, there’s no guarantee that the data center is protected from internal and external threats.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
What’s the use of security measures if, for example, security guards aren’t informed about guidelines and protocols? All levels of data center security need to work together, to mutually enhance each other’s effectiveness. Also, security practices need to be regularly tested and updated, to provide optimum security in the ever-changing threat landscape.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
One way to determine the security of a data center is by basing it on their “tier.” Tier 3 and higher usually hold more complex security protocols and measures; and one of the more important factors with higher-tier data centers is a redundant infrastructure that provides minimal downtime.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Keep in mind, merely looking at the tier won’t give us a true sense of a data center’s security. We also need to explore the practices that indicate levels of data center protection.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
<br /></div>
<div class="subscribe-widget mv3 center black-grey" style="-webkit-box-pack: center; -webkit-font-smoothing: antialiased; background-color: #333333; box-sizing: border-box; color: white; font-family: Muli, sans-serif; font-size: 17.6px; justify-content: center; margin-bottom: 1.8rem !important; margin-top: 2rem; padding: 2rem 3rem; text-align: center;">
<div style="-webkit-font-smoothing: antialiased; box-sizing: border-box; margin-bottom: 1rem; word-break: break-word;">
<span class="h3 mb1" style="box-sizing: border-box; font-size: 1.25rem; line-height: 1.1375; margin-bottom: 1rem;">Follow us on Twitter to receive updates!</span></div>
<iframe allowtransparency="true" class="twitter-follow-button twitter-follow-button-rendered" data-screen-name="TacticalInSec" frameborder="0" id="twitter-widget-0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.e3a0e1b01ae601b6c9cf798a93ab7e69.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=TacticalInSec&show_count=true&show_screen_name=true&size=l&time=1575651335074" style="box-sizing: border-box; height: 28px; position: static; visibility: visible; width: 270px;" title="Twitter Follow Button"></iframe></div>
<h2 id="top-5-best-practices-for-data-center-security" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 2rem; font-weight: 300; line-height: 1.1375; margin: 1.5em 0px 1rem;">
Top 5 best practices for data center security</h2>
<div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Now that we know the basics of data center security, let’s look at the 5 best practices for ensuring maximum physical and virtual security. It’s entirely impossible to list all the practices and measures there are, so we’ll focus on the most crucial and critical.</div>
<ol style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; margin: 0px 0px 1rem; padding: 0px 0px 0px 2em;">
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><h3 id="proper-data-center-physical-security" style="box-sizing: border-box; font-size: 1.25rem; font-weight: 400; line-height: 1.1375; margin: 0px;">
Proper data center physical security</h3>
</li>
</ol>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
When it comes to physical security, there are many factors to consider. A main concern is the building or facility design itself. A building can have one sole purpose and be dedicated to housing a data center, or have other functions and offices independent of the data center. Here, we can easily deduce that the former is better for keeping your data safe.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Also, a facility’s location is generally remote, with few windows, and bulletproof walls Guarding it from external threat, environmental or otherwise.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Other key points of physical security include 24/7 video surveillance, on-site security guards and metal detectors, as well as layered security measures, customized to reflect the sensitivity of the protected data, security checkpoints, limited or single entry and exit points, and more.</div>
<ol start="2" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; margin: 0px 0px 1rem; padding: 0px 0px 0px 2em;">
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><h3 id="monitoring-and-restricting-access" style="box-sizing: border-box; font-size: 1.25rem; font-weight: 400; line-height: 1.1375; margin: 0px;">
Monitoring and restricting access</h3>
</li>
</ol>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Human error remains the main threat to any kind of security, and that goes for data centers, too. Secured areas, especially those that hold servers and key assets, should never grant access to unauthorized personnel. To ensure this, a data centers need multiple access controls on all layers, both physical and digital.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Access cards and identification badges are the first measures that come to mind; even office buildings that don’t house data centers use them. Other safeguards include continuous background checks of authorized personnel, scales that weight visitors upon entering and exiting the premises, and biometric locks.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Biometric technology is an effective layer of security, based as it is on an individual’s unique characteristics, such as a fingerprint or retina scan. More and more organizations are using biometrically-controlled locks in addition to traditional access cards.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
And depending on the sensitivity of data and equipment involved, specialized security measures should be enforced for each room and area. Every individually-secured area should require more than one form of authentication and access control, as not all employees should have access to every part of a data center.</div>
<ol start="3" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; margin: 0px 0px 1rem; padding: 0px 0px 0px 2em;">
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><h3 id="efficient-network-security" style="box-sizing: border-box; font-size: 1.25rem; font-weight: 400; line-height: 1.1375; margin: 0px;">
Efficient network security</h3>
</li>
</ol>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Now that we’ve explored the physical security practices crucial for data center security, we arrive at the virtual ones. There are numerous technologies and tools to choose from, so we’re going to focus on the most important.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
For perimeter security, firewalls and intrusion detection systems (IDSs) are available to help monitor and inspect traffic before it reaches your internal network.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Frequently, data centers also use access control lists (ACLs) to harden their defenses. Most modern firewalls come already equipped with ACLs, which allow or deny traffic to specific areas by inspecting packet header information. A data center firewall is configured by creating ACLs that you apply to specific interfaces. You’ll want to implement ACLs in edge routers and server clusters.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Now let’s talk about the good ol’ firewall. Blocking unauthorized access is the main goal of any firewall and it acts as the first line of defense for the network, separating its secured and unsecured areas. Just make sure that the firewall you’re using doesn’t act as a mere security theater measure.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Also, control of access should consider monitoring IP addresses, and different threat protection services should be in place. And what about the numerous uncontextualized alerts those threat protection tools produce? There should always be a way to monitor traffic and differentiate between possible threats and background noise.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
For more information, check out what Andrew Morris, founder of GreyNoise Intelligence, says about silencing the noise and focusing only on alerts that matter.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Intrusion detection systems are another important part of network security in data centers. They can detect any unusual activity of users or indicators of phishing, DDoS attacks and other common or advanced network threats.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Two- and three-factor authentication is a significant network security measure as well. Annually, or even twice a year, a data center should have penetration testing done by a red team, and it’s best to find a verified third party to perform pen testing.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Zero trust model implementation is crucial for data center security and should be applied to individuals with access to the premises and all internal traffic, so even the slightest chance of threat can be easily detected, inspected and in the end mitigated.</div>
<ol start="4" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; margin: 0px 0px 1rem; padding: 0px 0px 0px 2em;">
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><h3 id="data-protection" style="box-sizing: border-box; font-size: 1.25rem; font-weight: 400; line-height: 1.1375; margin: 0px;">
Data protection</h3>
</li>
</ol>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Data center security and data security are inseparable. To protect and store data effectively, all data must be heavily encrypted during transfer and otherwise, monitored at all times and regularly backed up. Furthermore, all security procedures involving data must follow up-to-date trends, methods and technologies. Strong password policies and a healthy sense of cybersecurity culture in all personnel coming in contact with data need to be engaged.</div>
<ol start="5" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; margin: 0px 0px 1rem; padding: 0px 0px 0px 2em;">
<li style="box-sizing: border-box; margin: 0px; overflow-wrap: break-word;"><h3 id="redundant-infrastructure" style="box-sizing: border-box; font-size: 1.25rem; font-weight: 400; line-height: 1.1375; margin: 0px;">
Redundant infrastructure</h3>
</li>
</ol>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
While touching upon data center tiers, we mentioned the redundant infrastructure higher tiers employ. As data centers hold the critical infrastructure needed for an organization’s operations, downtime is a critical factor in data center security. Any incident needs to occur with minimal downtime.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Keeping equipment cool at all times is important, as the quantity of technology in data centers generates a lot of heat. High temperatures can harm equipment and every data center needs the proper controls to manage its climate.</div>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Outages can occur for various reasons, from actual weather to human error. They can also result from short power surges or power losses. Whatever the case, a UPS should be in place to keep servers and other equipment running in the event of any outage.</div>
<h2 id="conclusion" style="box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 2rem; font-weight: 300; line-height: 1.1375; margin: 1.5em 0px 1rem;">
Conclusion</h2>
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; word-break: break-word;">
Choosing the right data center can seem daunting with so many factors to consider, but the bottom line is that your data matters—and you should ensure that you’re putting it in the safest hands possible. Following these best practices will help you get the most relevant information about the way a data center operates, to best inform your decisions about securing your infrastructure.</div>
<hr style="background: rgb(167, 167, 167); border-style: none; box-sizing: border-box; color: #333333; font-family: Muli, sans-serif; font-size: 17.6px; height: 0.0625em; margin: 0px;" />
<div style="box-sizing: border-box; color: #555555; font-family: Muli, sans-serif; font-size: 17.6px; margin-bottom: 1rem; margin-top: 1rem; word-break: break-word;">
Keeping track of all of your assets and shadow infrastructure is crucial for knowing which levels of security you need to protect your valuable data. Using our <a href="https://taise.tech/" rel="" target="_blank">SoC-as-a-Service</a> will provide you with real-time attack surface monitoring so you can detect and mitigate any potential threats. And at Tactical Intelligence Security Ltd, we’re here to help you. To find out more about our SoC-as-a-Service, <a href="https://fb.com/book/TacticalInSec/" style="box-sizing: border-box; color: #0ca1ba; text-decoration-line: none;" target="_blank">schedule a call</a> with our team today!</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-17477166626494330612019-12-07T02:58:00.001+00:002019-12-07T02:58:57.081+00:00Fake Elder Scrolls Online developers go phishing on PlayStation<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY21SLRBcKApidV4jZ7almAEJY4pMTyiB4q3Vr61GeIplsFNs68yJj8BCPFU3vbVaqVcqqC_4WDylJHRwRdnXAm6Rt6WQwN4aD20sMftRaDYnLuZKxoNE4_iBFcmHzujDY8U8GcYLaCneo/s1600/shutterstock_705666280-900x506.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="506" data-original-width="900" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY21SLRBcKApidV4jZ7almAEJY4pMTyiB4q3Vr61GeIplsFNs68yJj8BCPFU3vbVaqVcqqC_4WDylJHRwRdnXAm6Rt6WQwN4aD20sMftRaDYnLuZKxoNE4_iBFcmHzujDY8U8GcYLaCneo/s320/shutterstock_705666280-900x506.jpg" width="320" /></a></div>
<br />
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px;">
A player of popular gaming title <a href="https://www.elderscrollsonline.com/en-gb/home" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">Elder Scrolls Online</a> recently took to Reddit to <a href="https://www.reddit.com/r/elderscrollsonline/comments/e1o08n/got_this_from_a_playstation_private_message/" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">warn users of a phish via Playstation messaging.</a> This particular phishing attempt is notable for ramping up the pressure on recipients—a classic <a href="https://blog.malwarebytes.com/cybercrime/2018/08/social-engineering-attacks-what-makes-you-susceptible/" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">social engineering technique</a> taken to the extreme.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
A terms of service violation?</h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
In <a href="https://en.wikipedia.org/wiki/Massively_multiplayer_online_role-playing_game" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">MMORPG</a> land, the scammers take a theoretically plausible deadline, crunch it into something incredibly short and ludicrous, and go fishing for the catch of the day. Behold the pressure-laden missive from one fake video game developer to a player:</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
<a data-rel="lightbox-0" href="https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext.png" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" title=""><img alt="scam text" class="aligncenter size-medium wp-image-41377" data-attachment-id="41377" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="scam text" data-large-file="https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext-511x600.png" data-medium-file="https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext-255x300.png" data-orig-file="https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext.png" data-orig-size="516,606" data-permalink="https://blog.malwarebytes.com/social-engineering/2019/12/fake-elder-scrolls-online-developers-go-phishing-on-playstation/attachment/scamtext/" height="300" sizes="(max-width: 255px) 100vw, 255px" src="https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext-255x300.png" srcset="https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext-255x300.png 255w, https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext-511x600.png 511w, https://blog.malwarebytes.com/wp-content/uploads/2019/11/scamtext.png 516w" style="border: 0px; box-sizing: border-box; display: block; height: auto; margin: 25px auto; max-width: 100%; vertical-align: middle; width: auto;" width="255" /></a></div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px; text-align: center;">
Click to enlarge</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
The text of the phishing message reads as follows:</div>
<blockquote style="background-color: white; border-left: 5px solid rgb(244, 247, 248); box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 20px; margin: 0px 0px 28px; padding: 14px 28px;">
<div style="box-sizing: border-box; margin-bottom: 14px;">
<em style="box-sizing: border-box;">We have noticed some unusual activity involving this account. To be sure you are the rightful owner, we require you to respond to this alert with the following account information so that you may be verified,</em></div>
<div style="box-sizing: border-box; margin-bottom: 14px; margin-top: 14px;">
<em style="box-sizing: border-box;">– Email address</em></div>
<div style="box-sizing: border-box; margin-bottom: 14px; margin-top: 14px;">
<em style="box-sizing: border-box;">– Password</em></div>
<div style="box-sizing: border-box; margin-bottom: 14px; margin-top: 14px;">
<em style="box-sizing: border-box;">_ Date of birth on the account</em></div>
<div style="box-sizing: border-box; margin-bottom: 14px; margin-top: 14px;">
<em style="box-sizing: border-box;">In response to a violation of these Terms of Service, ZeniMax may issue you a warning, suspend or restrict certain features of the account. We may also immediately terminate any and all accounts that you have established. Temporarily or permanently ban the account, device, and/or machine from accessing, receiving, playing or using all or certain services.</em></div>
<div style="box-sizing: border-box; margin-top: 14px;">
<em style="box-sizing: border-box;">Under the current circumstances, you have 15 minutes from opening this alert to respond with the required information. Failure to do so will result in an immediate account ban, permanently losing access to our servers on all platforms, along with all characters<span class="Apple-converted-space" style="box-sizing: border-box;"> </span>associated with the account in question. Please be sure to double check your information and spelling before sending.</em></div>
</blockquote>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Yes, you read that correctly—a grand total of 15 whole minutes to panic email scammers back with your login details. But what exactly happened to warrant such an immediate need for verification? The vagueness of the fake message may actually work in the scammer’s favour here because MMORPG titles are often rife with cheating/botting/scamming, so developers are typically light on information when genuine infractions occur.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
FOMO: oh no</h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
FOMO, <a href="https://www.verywellmind.com/how-to-cope-with-fomo-4174664" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">fear of missing out</a>, is the lingering fear that not only have they never had it so good, but the “they” in question almost certainly isn’t you.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Marketers and sales teams exploit this ruthlessly, with sudden sales and the promise of things you can’t do without. Breaking hotel deals on websites can’t help but tell you how many people have the same deal open RIGHT NOW.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Video games, especially online titles and MMORPGs, take a similar approach, offering in-game purchases but rotating items slowly, leading to a form of digital scarcity that encourages transactions because gamers don’t know if the item will be seen again.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Inventory space, character slots, and many more crucial elements are at a premium, and people invest serious money to make the most out of their experience. With this in mind, people tend to be particular about keeping their account secure.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
As a result, scammers are hugely effective at turning FOMO on its head, giving people a nasty dose of “fear of something about to happen or else.” Had a spot of bother with <a href="https://blog.malwarebytes.com/awareness/2019/10/europol-ransomware-remains-top-threat-in-iocta-report/" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">ransomware</a>? No sweat, pay us in Bitcoin and you’ll get your documents back—as long as you do it within three days. Fake <a href="https://blog.malwarebytes.com/scams/2019/08/the-lucrative-business-of-bitcoin-sextortion-scams/" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">sextortion email</a> claiming they’ve recorded you watching pornography? Yeah, that’ll be $1,000 in 48 hours or we’ll release the footage and tell all your friends and family.</div>
<h3 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 24px; font-weight: 500; line-height: 1.3em; margin-bottom: 24px; margin-top: 0px;">
“It wasn’t me, what did I do?”</h3>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
You’ll often see people banned<span class="Apple-converted-space" style="box-sizing: border-box;"> </span>from titles complaining on forums that all access has been revoked, with no explanation why besides a “You are banned, sorry” type message. Quite often they won’t even be able to follow up with support because the<span class="Apple-converted-space" style="box-sizing: border-box;"> </span>ban also locks them out of being able to raise a ticket.<span class="Apple-converted-space" style="box-sizing: border-box;"> </span></div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Scammers know they can skip some of the fake explanation shovel work as nobody <em style="box-sizing: border-box;">ever</em> receives a detailed explanation. This is to obscure the inner workings of fraud detection systems: If they spilled the beans, malicious individuals would adjust their behaviour accordingly. That’s a tricky situation for developers to tightrope walk across, but it is possible in the form of additional security measures. Does Elder Scrolls Online meet the challenge?</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Sadly, the game doesn’t allow players to lock down accounts with a third-party authenticator. There’s no mobile app, and there are zero authentication sticks. What they do have is <a href="https://help.elderscrollsonline.com/app/answers/detail/a_id/453/~/can-i-add-extra-security-like-an-authenticator-to-my-account%253F" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">a few password suggestions</a> and some information about their <a href="https://help.elderscrollsonline.com/app/answers/detail/a_id/8611" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">one-time password system</a>.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
It’s certainly good that the password system exists, and one would hope it would spring into life in this case, but players would probably appreciate a little more control over their security choices, as well as a few safety nets when things go wrong.</div>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
By comparison, the hugely popular Black Desert Online offers <a href="https://blackdesert.zendesk.com/hc/en-us/articles/360000535909-2-Step-Verification-FAQ" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">Google authenticator two-factor authentication (2FA)</a>. Blizzard has you covered with their <a href="https://us.battle.net/support/en/article/24520" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">own authenticator</a>. Guild Wars offers both <a href="https://www.guildwars2.com/en/news/a-new-way-to-protect-your-account/" rel="noopener noreferrer" style="background-color: transparent; box-sizing: border-box; color: #004ddc; text-decoration-line: none;" target="_blank">an authenticator app and SMS lockdowns</a>.</div>
<h2 style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 33px; font-weight: 500; line-height: 1; margin-bottom: 24px; margin-top: 0px;">
Some simple rules to follow</h2>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Regardless of which game you play, remember:</div>
<ul style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 0px; padding-left: 18px;">
<li style="box-sizing: border-box; margin-bottom: 12px; margin-top: 12px;">Don’t reuse passwords</li>
<li style="box-sizing: border-box; margin-bottom: 12px; margin-top: 12px;">Make the password as strong as the system allows</li>
<li style="box-sizing: border-box; margin-bottom: 12px; margin-top: 12px;">Tie your account to a locked-down email address, ideally also secured with 2FA</li>
<li style="box-sizing: border-box; margin-bottom: 12px; margin-top: 12px;">Never, ever send login details to an email or text message asking for them until you’ve authenticated the message by hovering over the email address and links to see if they are legitimate, Googling to see if there are known scams or phishes associated with the company in question, and reading over the instructions carefully.</li>
<li style="box-sizing: border-box; margin-bottom: 12px; margin-top: 12px;">If you’re still in doubt whether an email is legitimate or not, err on the side of caution and go directly to your account’s website/login page. If there is a need to verify or change credentials, you can change them there.</li>
</ul>
<div style="background-color: white; box-sizing: border-box; color: #141519; font-family: Locator, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: 14px; margin-top: 14px;">
Phishing is one of the oldest cyberattack methods on the book, yet it remains a favorite of scammers because, quite simply, it works. Don’t be fooled by FOMO, high-pressure deadlines, or too-good-to-be-true deals.</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8987465314676633984.post-25911710928176274962019-12-07T01:16:00.000+00:002019-12-07T01:16:18.298+00:00How Are Cyber Attacks Evolving?<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuZIK2cp9W7nEC9bu4pyBnvGbmmQrh4c-xKlrAouVHqkqNAbNnE8UXSw1oFAnCRGskb4W_LFAWacW-po7NB5tZbVgnQ_c7-9CqL2bheQgrp4x0fSj7cploO8l3Muf11j2ooTeqT-AVQMow/s1600/imgfile.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="471" data-original-width="742" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuZIK2cp9W7nEC9bu4pyBnvGbmmQrh4c-xKlrAouVHqkqNAbNnE8UXSw1oFAnCRGskb4W_LFAWacW-po7NB5tZbVgnQ_c7-9CqL2bheQgrp4x0fSj7cploO8l3Muf11j2ooTeqT-AVQMow/s320/imgfile.png" width="320" /></a></div>
<br />
<br />
In short, Gen V and Gen VI cyber attacks differ from previous cyber attack generations because these are multi-vector and polymorphic attacks. For example, the attack may start with your smart phone and end up shutting down your datacenter after going through your cloud. These attacks disguise themselves in a much better way. They will use different content each time or can disguise themselves with legitimate actions of apps (for example, an Ad content that can turn into malware).<br />
<br />
This makes Gen V and Gen VI attacks much more sophisticated, causing more damage and are much harder to defend against.<br />
<br />
That said, in order to better understand the idea cyber attack generations, we need to go back to the early days of the internet, and see how we define different generations of cyber threats. Since the 80’s, we’ve seen an evolution of cyber attacks which transformed the way we protect our information. This transformation is directly linked to the unique role the internet has taken in our lives. The first generation of attacks were focused on our personal computers. Computer viruses, which were mainly dealt with through anti-virus software, marked these versions of early attacks. The second generation of cyber threats were more sophisticated and struck during the 90s. Second generation cyber threats were focused on networks connected to the internet. These were handled by firewalls, which was also our very first product at Check Point, dating back 26 years ago.<br />
<br />
As we entered the 2000s, and as the digital world adopted the mass use of applications, we entered the third generation of cyber threats, which were focused on exploiting vulnerabilities in these applications. Check Point tackled these with new a product called IPS – Intrusion Prevention system.<br />
<br />
Starting in 2010, the world began to cope with zero-day threats, marking the advent of the fourth generation of cyber attacks. The fourth generation represented attacks that were based on highly evasive polymorphic content, bypassing traditional defenses, becoming attacks which were not known before, hence the name – zero-day. Check Point used behavioral analysis tools to tackle these specific types of threats.<br />
<br />
In the past 2-3 years, we quickly entered the phase of fifth generation attacks. These attacks were large-scale attacks based on government sponsored technologies, which were leaked to the internet. As I said, these attacks were also multi-vectored attacks, meaning hackers attack all fronts all at once – network, cloud and mobile devices. These specific attack types were seen in the 2017 WannaCry and NotPetya attacks. Fifth generation attacks exploited the connected and device-driven world we live in today, since our data is dispersed on the many different platforms we all use.<br />
<br />
Check Point provides solutions to cope with fifth generation attacks, also known as Gen V. While other companies mainly focus on detecting these attacks, we differ by providing threat prevention, which enables us to stop these new zero-day attacks before they actually afflict our customers. For perspective, our products are stopping 7000 such zero-day files per day! Although we’re witnessing Gen V attacks, 97% of the world is only protected from second and third generation attacks.<br />
<br />
Now, regarding sixth generations attacks that are coming in the near future, we are already working hard to prevent these. Our approach is based on the same methodology described above: understanding where the digital world is taking us and providing the necessary protections. As we move into an era of far more connectivity – autonomous cars, millions of connected IoT (Internet of things) devices on all fronts (medical , smart cities and homes etc.), we will need to provide security mechanisms based on AI, which will enable us to control the security of these millions of devices through a consolidated security mechanism.<br />
<br />
The bottom line is that the more connected we all become – the more vulnerable we all become. Our information, which is shared on all of these connected devices, will need higher levels of protection.<br />
<br />
<br /></div>
Unknownnoreply@blogger.com0