Security trends 2017

Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.

Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.

There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.

There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.

The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.

Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.

Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.

Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.

Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.

Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.

The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.

In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.

In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.

Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.

In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.

Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.

Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.

Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.

 

Other prediction articles worth to look:

What Lies Ahead for Cybersecurity in 2017?

Network Infrastructure, Visibility and Security in 2017

DDoS in 2017: Strap yourself in for a bumpy ride

Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online

IBM’s Cybersecurity Predictions for 2017 – eForensics

https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/

Top 5 Cybersecurity Threats to Watch Out for in 2017

Experts Hopeful as Confidence in Risk Assessment Falls

 

 

3,151 Comments

  1. Tomi Engdahl says:

    One in Two Organizations Have Had a SharePoint Data Breach, According to New Study
    http://www.prnewswire.com/news-releases/one-in-two-organizations-have-had-a-sharepoint-data-breach-according-to-new-study-300451690.html

    Ponemon/Metalogix Research Shows Organizations Have Insufficient Control of Sensitive Data within SharePoint and other Collaboration and File Sharing Tools

    The Ponemon Institute and Metalogix, today released results of a report focused on how organizations are keeping sensitive or confidential data safe in collaboration and file sharing environments such as SharePoint, Dropbox, and file sync and share applications.

    Several noteworthy findings are:

    49% had at least one confirmed data breach in the SharePoint environment in the past two years.
    79% don’t believe existing tools are “very effective” at protecting sensitive content from accidental exposure or a targeted breach.
    68% don’t have sufficient visibility into locations where sensitive data is located.
    59% say their organization doesn’t do a good job ensuring SharePoint users interact with confidential or sensitive data appropriately.

    “SharePoint houses a vast amount of sensitive data, but organizations are not taking sufficient steps to keep it safe,” said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute. “The pressure to be productive is causing employees to put sensitive data at risk. Security and SharePoint professionals must understand where this content resides and how it is accessed and shared.”

    Data Loss Prevention, Automation are Top Priorities

    To address the security challenges of collaboration and file sharing tools, 63% of respondents believe having appropriate data loss prevention technologies (DLP) in place would be the most effective solution to prevent data breaches. This is considered more essential to security than having a larger budget or hiring more skilled employees.

    Seventy-three percent say automated discovery of sensitive information and 70% say automated classification of sensitive information would improve their ability to secure data.

    Reply
  2. Tomi Engdahl says:

    Cloudflare helps serve up hate online, says ProPublica
    The internet company is reportedly one of the most popular web platforms for hate sites.
    https://www.cnet.com/news/cloudflare-helps-serve-up-hate-online-per-propublica/

    Reply
  3. Tomi Engdahl says:

    Microsoft says: Lock down your software supply chain before the malware scum get in
    Stealthy attack code spotted going after payment systems
    https://www.theregister.co.uk/2017/05/05/malware_attacking_payment_systems/

    Microsoft’s security team is urging developers to shore up their software update systems – after catching miscreants hijacking an editing application’s download channels to inject malware into victims’ PCs.

    In a security advisory, Redmond’s infosec gurus describe Operation WilySupply: their mission to find, isolate and destroy an unusual and highly targeted form of malicious code that was hiding in the software update mechanism of a widely used, and unnamed, editing tool.

    Microsoft thinks that the attackers found a flaw in the application’s upgrade system that allowed them to send unsigned updates to Windows machines to install.

    Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack
    https://blogs.technet.microsoft.com/mmpc/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/

    Reply
  4. Tomi Engdahl says:

    Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors
    Real-time full-blown snooping with breakable encryption
    https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/

    The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits’ live communications, and insert encryption backdoors by the backdoor.

    In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide real-time access to the full content of any named individual within one working day, as well as any “secondary data” relating to that person.

    https://regmedia.co.uk/2017/05/04/technical-notices-draft-ipa.pdf

    Reply
  5. Tomi Engdahl says:

    The typical online user has an average of 90 active and inactive online accounts. This exposure to threats, notes software and IT security specialist PasswordPing Ltd., helps to inform us why billions of credentials have been exposed in the past five years alone. To assist organizations and companies to screen their user accounts for known, compromised credentials, PasswordPing Ltd. announced the launch of its new password and credential breach notification service.

    Source: http://www.linuxjournal.com/content/passwordping-ltds-exposed-password-and-credentials-api-service?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29

    Reply
  6. Tomi Engdahl says:

    Imminent Arrival of Quantum Computers Spells Danger for Private Data
    https://www.securerf.com/quantum-computers-spells-danger-private-data/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=51576901&_hsenc=p2ANqtz-8Yppw1sUnNhUgn22EB1VLoTrY6XhZbEVTS91T6TPGlarCslQjQI3uq1rUTR2xtxFg0E1Z37PlfOaJcJnPYNKPvbTyubO-yfep_oe8H-eJr7JxGXBM&_hsmi=51576901

    In a blog post we published last November, we reported that quantum computers might be available in the next ten to fifteen years. However, with companies including Google and IBM significantly ramping up their efforts to make quantum computing a reality, it is likely that commercial availability for these “super computers” will arrive ahead of schedule.

    A recent article in Wired magazine noted that Google plans to produce a viable quantum computer within the next five years. It also reported that IBM, which currently offers quantum computing as a cloud service, plans to offer commercial quantum machines to businesses and research organizations this year. Furthermore, Microsoft has stated that it is ready to begin engineering its own topological quantum computer.

    Peter Shor, a professor of Applied Mathematics at MIT, wrote a quantum algorithm in the mid-nineties that leverages quantum computers to crack public-key encryption, which is the method currently used to secure online banking and email. In addition, the National Institute of Standards and Technology (NIST) reported last year that it would be possible to build a quantum computer capable of breaking a 2048-bit RSA cryptosystem in just hours.

    This situation spells nirvana for hackers and nation states, and disaster for the manufacturers and users of the seemingly infinite number of devices that depend on current cryptographic protocols to protect data. Theoretically, all it would take to gain access to financial transactions, medical records, and other private information is determination and some finely-honed hacking skills.

    With commercial availability of quantum computers “just around the corner,” it’s urgent that companies take steps now to protect systems and data.

    https://www.securerf.com/quantum-computings-threat-current-cryptosystems/

    Reply
  7. Tomi Engdahl says:

    A massive Google Docs hack is spreading like wildfire
    Don’t click.
    https://www.recode.net/2017/5/3/15535018/google-docs-hack-spreading-email-phishing

    Gmail users are under attack in a gigantic phishing operation that’s spreading like wildfire across the internet right now.

    People took to Twitter to report receiving an email that looks like an invitation to join a Google Doc from someone they know.

    But when you click on the link to open the file, you are directed to grant access to an app that looks like Google Docs but is actually a program that sends spam emails to everyone you’ve emailed, according to a detailed outline of the attack on Reddit.

    If you receive an email like this, do not open it. If you’re at work, alert a member of your technical support team. According to the Reddit post, if you’ve clicked “Allow” in the Google Docs prompt, you’ve been compromised.

    Reply
  8. Tomi Engdahl says:

    Ben Lovejoy / 9to5Google:
    G Data report: 350 new malware instances are discovered on Android every hour, 750K+ found in Q1; most of the malware is discovered in third-party app stores — Security company G Data says that a new piece of Android malware is discovered every 10 seconds.

    A new example of Android malware is discovered every 10 seconds, say security researchers
    https://9to5google.com/2017/05/04/new-example-android-malware-discovered-every-10-seconds/

    Security company G Data says that a new piece of Android malware is discovered every 10 seconds. At this rate, the company is predicting that there will be 3,500,000 new malicious Android files by the end of the year.

    The company said that the risk was heightened by the fact that only a small minority of users are on the latest version of Android …

    It should be noted that G Data sells anti-virus software for Android devices, so it has a vested interest in playing up the risks.

    Reply
  9. Tomi Engdahl says:

    Election relarated hack now in France:

    Emmanuel Macron’s campaign hacked on eve of French election
    https://www.theguardian.com/world/2017/may/06/emmanuel-macron-targeted-by-hackers-on-eve-of-french-election

    En Marche! movement says posting of massive email leak online ‘clearly amounts to democratic destabilisation as was seen in the US’

    The campaign of the French presidential frontrunner, Emmanuel Macron, has said it has been the target of a “massive and coordinated” hacking attack after tens of thousands of internal emails and other documents were released online.

    Less than 48 hours before polling day, around nine gigabytes of data was posted by a user called EMLEAKS to the document-sharing site Pastebin that allows anonymous posting. It was not immediately clear who was responsible.

    Emmanuel Macron’s presidential campaign hacked, officials say
    http://edition.cnn.com/2017/05/05/europe/france-election-macron-hack-allegation/

    Leading French presidential candidate Emmanuel Macron has been the victim of a “massive and coordinated hacking operation,” after files purporting to be from the campaign were posted online via social media, his campaign said Friday.
    Campaign officials said the perpetrators of the hack — revealed just two days before the election — had mixed fake documents with authentic ones “in order to create confusion and misinformation.”

    About 14.5 gigabytes of emails, personal and business documents were posted

    Links to the 70,000-plus files were posted on pastebin, a text-sharing site, just before 2 p.m. ET Friday.

    The statement said that by happening near the end of the campaign, the operation is clearly meant to undermine democracy, just like during the recent presidential campaign in the United States. US intelligence officials have said the Russians meddled in the November elections, and Congress is investigating the allegations. Russia has denied any interference.

    Hackers targeted Macron’s campaign using methods similar to the suspected Russian hacks in the US targeting the Democratic National Committee last year

    Reply
  10. Tomi Engdahl says:

    French candidate Macron claims massive hack as emails leaked
    http://www.reuters.com/article/us-france-election-macron-leaks-idUSKBN1812AZ

    Leading French presidential candidate Emmanuel Macron’s campaign said on Friday it had been the target of a “massive” computer hack that dumped its campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival, Marine Le Pen.

    Macron, who is seen as the frontrunner in an election

    In a statement, Macron’s political movement En Marche! (Onwards!) confirmed that it had been hacked.

    “The En Marche! Movement has been the victim of a massive and co-ordinated hack this evening which has given rise to the diffusion on social media of various internal information,” the statement said.

    Russia blamed as Macron campaign blasts ‘massive hacking attack’ ahead of French presidential election
    http://www.telegraph.co.uk/news/2017/05/05/macron-campaign-blasts-massive-hacking-attack-ahead-french-presidential/

    The campaign team of French presidential candidate Emmanuel Macron said on Friday night it had been the victim of a “massive hacking attack” after a trove of documents was released online.

    The apparent hack came on the final day of campaigning in the French presidential election, with Mr Macron, the centrist, facing Marine Le Pen, the far-Right candidate in tomorrow’s run-off.

    Immediate suspicion fell on Russia, which has been accused of meddling in the US election to help get Donald Trump elected in November.

    Campaign officials stated authentic documents had been mixed on social media with fake ones to sow “doubt and misinformation” and that it was a clear attempt to undermine Mr Macron.

    ‘Democracy at risk’

    “The seriousness of this event is certain and we shall not tolerate the vital interests of democracy being put at risk.”

    Some 9 gigabytes of data from the campaign was posted online late on Friday.

    WikiLeaks tweeted a link to the documents, saying it “contains many tens of thousands emails, photos, attachments up to April 24, 2017″ – while indicating it was not responsible for the leak itself.

    The latest hacking drew comparisons with alleged attempts to interfere with the US election.

    Former economy minister Macron’s team has already complained about attempts to hack it systems during a fraught campaign, blaming Russian interests in part for the cyber attacks.

    On April 26, the team said it had been the target of a series of attempts to steal email credentials since January, but that the perpetrators had so far failed to compromise any campaign data.

    Reply
  11. Tomi Engdahl says:

    Intel AMT Firmware Vulnerability CVE-2017-5689
    http://www.epanorama.net/newepa/2017/05/06/intel-amt-firmware-vulnerability-cve-2017-5689/comment-page-1/#comment-1545895

    The exploit is trival, max five lines of Python, could be doable in one-line shell command. IT GIVES FULL CONTROL OF AFFECTED MACHINES, INCLUDING ABILITY TO READ AND MODIFY EVERYTHING.
    DISABLE AMT TODAY! ASK QUESTIONS LATER.

    Reply
  12. Tomi Engdahl says:

    SAP HANA Security Evolution, From SPS08 to Now
    https://securityintelligence.com/sap-hana-security-evolution-from-sps08-to-now/?cm_mmc=PSocial_Facebook-_-Security_Optimize+the+Security+Program-_-WW_WW-_-21162940&cm_mmca1=000000NJ&cm_mmca2=10000252&cvosrc=social%20network%20paid.facebook.SAP%20HANA%20Blog%20Learn%20about%20the%20latest%20SAP%20NA%20Interests_SD%20Behav_DesktopMobileTablet_1x1&cvo_campaign=Security_Optimize%20the%20Security%20Program-WW_WW&cvo_pid=21162940

    SAP HANA Attacks on the Rise

    While organizations can realize great efficiencies with SAP HANA, these systems are becoming attractive targets for cybercriminals because they store business-sensitive information and processes. In today’s world, most Fortune 1,000 companies rely on SAP for ERP. This single ERP system has become a critical lifeline to companies across all industries.

    Reply
  13. Tomi Engdahl says:

    Andrea Shalal / Reuters:
    Germany’s domestic intelligence head says Russia took large amounts of data in 2015 parliament cyberattack; Berlin is exploring legal options for offensive ops

    Germany challenges Russia over alleged cyberattacks,
    http://www.reuters.com/article/us-germany-security-cyber-russia-idUSKBN1801CA

    The head of Germany’s domestic intelligence agency accused Russian rivals of gathering large amounts of political data in cyber attacks and said it was up to the Kremlin to decide whether it wanted to put it to use ahead of Germany’s September elections.

    Moscow denies it has in any way been involved in cyber attacks on the German political establishment.

    Reply
  14. Tomi Engdahl says:

    Zeynep Tufekci / BuzzFeed:
    Advice for France: use caution in reporting on uncurated dumps of hacked emails, which can fuel viral misinformation, violate privacy, and confuse the public

    Dear France: You Just Got Hacked. Don’t Make The Same Mistakes We Did.
    A brief guide to the information wars.
    https://www.buzzfeed.com/zeyneptufekci/dear-france-you-just-got-hacked-dont-make-the-same-mistakes?utm_term=.ifYAWMzRd3#.qbv1WKdXnV

    Ooh, la la. So, it happened to you too. The frontrunning presidential candidate got hacked, and all his emails are dumped online in one giant cache. WikiLeaks is tweeting about it. There is a hashtag. 4chan’s /pol/ is all over it. Screenshots purporting to show corruption and secret bank transfers are going viral. The meme wars are on.

    This is a plea: Do not get played the way the US press got played, gullibly falling into the trap set for it. And don’t ignore what happens online. These hacks are merely the stage for the misinformation machine.

    Reply
  15. Tomi Engdahl says:

    Reuters:
    French presidential candidate Macron’s campaign says it was targeted in a “massive” hack, after about 9GB of data was posted to Pastebin — French presidential candidate Emmanuel Macron’s campaign said on Friday it had been the target of a “massive” computer hack that dumped …

    French candidate Macron claims massive hack as emails leaked
    http://www.reuters.com/article/us-france-election-macron-leaks-idUSKBN1812AZ

    Leading French presidential candidate Emmanuel Macron’s campaign said on Friday it had been the target of a “massive” computer hack that dumped its campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival, Marine Le Pen.

    An interior ministry official declined to comment, citing French rules that forbid any commentary liable to influence an election, which took effect at midnight on Friday (2200 GMT).

    Reply
  16. Tomi Engdahl says:

    ‘Macronleaks’: Hackers Find Flaw in French Cyber-Fortress
    http://www.securityweek.com/macronleaks-hackers-find-flaw-french-cyber-fortress

    They knew months ago that top-of-the-range hackers had been targeting them. They believe their security measures, too, had been nothing short of top-rate. But, in the end, French presidential candidate Emmanuel Macron’s team got hacked.

    And on Friday night, just an hour before the end of official campaigning, thousands of documents including emails and accounts belonging to his En Marche! (On the Move!) movement were dumped online.

    “It’s just incredible what’s happening,” said Belgian researcher Nicolas Vanderbiest, a specialist on online rumours, whose map showing how the “Macron Leak” propagated on Twitter has Wikileaks at the centre.

    Macron Blasts Huge Hacking Attack Just Before French Vote
    http://www.securityweek.com/macron-blasts-huge-hacking-attack-just-french-vote

    Reply
  17. Tomi Engdahl says:

    French Authorities Warn Against Spreading Leaked Macron Data
    http://www.securityweek.com/french-authorities-warn-against-spreading-leaked-macron-data

    French electoral authorities took a hard line Saturday on a hacking attack targeting presidential frontrunner Emmanuel Macron’s campaign, saying anyone who circulates the leaked information could be committing a “criminal offence”.

    The electoral commission met following the announcement Friday by the pro-EU centrist’s team that his campaign had been the target of a “massive and coordinated hacking attack” after a flood of internal documents were released online a day before the election.

    “The dissemination of such data, which have been fraudulently obtained and in all likelihood may have been mingled with false information, is liable to be classified as a criminal offence,” a commission statement said.

    calling the leak “unprecedented in a French electoral campaign”.

    Reply
  18. Tomi Engdahl says:

    Growth in Cyber Fraud Attacks Outpacing Growth of Transactions: Report
    http://www.securityweek.com/growth-cyber-fraud-attacks-outpacing-growth-transactions-report

    The United States is the world’s primary target for cyber fraud attacks. Europe has emerged as the major source of attacks, now accounting for 50% more attacks than the US. The growth in attacks is outpacing the growth of transactions; and in a 90-day period, 130 million fraud attacks were detected.

    These details come from the ThreatMetrix Cybercrime Report Q1 2017 (PDF). The report shows that strong economies tend to attack other strong economies, with the USA primarily targeting the USA, Canada and the UK; Germany targeting the USA, the UK and Germany; and the UK targeting the USA, the UK and Ireland. The UK is now one of the world’s largest attack originators.

    https://www.threatmetrix.com/link/cybercrime/cybercrime-2017-q1.pdf

    Reply
  19. Tomi Engdahl says:

    Lucian Constantin / PCWorld:
    Report: cyberspies stitch together free tools to build a malware framework, dubbed Netrepser, infecting 500+ computers at government agencies worldwide

    Cyberspies tap free tools to make powerful malware framework
    http://www.pcworld.com/article/3194782/security/cyberspies-tap-free-tools-to-make-powerful-malware-framework.html

    Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

    The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don’t necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack’s efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.

    Inside Netrepser – a JavaScript-based Targeted Attack
    https://labs.bitdefender.com/2017/05/inside-netrepser-a-javascript-based-targeted-attack/

    In May 2016, the Bitdefender threat response team isolated a number of samples from the internal malware zoo while looking into a custom file-packing algorithm. A deeper look into the global telemetry revealed that this piece of malware was strictly affecting a limited pool of hosts belonging to a number of IP addresses marked as sensitive targets.

    Its unusual build could have easily make it pass like a regular threat that organizations block on a daily basis ; however, telemetry information provided by our event correlation service has pointed out that most of its victims are government agencies. Paired with advanced spear phishing techniques and the malware’s primary focus to collect intelligence and exfiltrate it systematically, we presume that this attack is part of a high-level cyber-espionage campaign.

    The piece of malware we look at in this report comes with quite an array of methods to steal information, ranging from keylogging to password and cookie theft. It is built around a legitimate, yet controversial recovery toolkit provided by Nirsoft. The controversy stems from the fact that the applications provided by Nirsoft are used to recover cached passwords or monitor network traffic via powerful command-line interfaces that can be instructed to run completely covertly. For a long time now, the antimalware industry has flagged the tools provided by Nirsoft as potential threats to security specifically because they are extremely easy to abuse, and oversimplify the creation of powerful malware.

    The Netrepser cyberespionage group managed to infect hundreds of computers belonging to government agencies and organizations

    Reply
  20. Tomi Engdahl says:

    BrickerBot Malware Destroys Internet of Things Devices: How to Protect Yourself
    http://www.nextadvisor.com/blog/2017/05/01/brickerbot-malware-destroys-internet-of-things-devices/

    Earlier this month, security researcher Pascal Geenens documented a new type of threat ravaging the Internet of things (IoT). Dubbed BrickerBot, this malware “bricks” or destroys the devices it infects and utilizes the same vulnerabilities used by Mirai in last year’s massive Internet DDoS attack. Although BrickerBot hasn’t reached the status of Mirai, it has gone through several transformations and is becoming more aggressive, attracting the attention of both security researchers and Homeland Security. Continue reading as we discuss BrickerBot and the broader issue of security within the Internet of things ecosystem.
    What exactly is BrickerBot?

    BrickerBot, like Mirai, is a botnet malware designed to infect a collection of devices.

    BrickerBot is strange in that its behavior doesn’t match that of most botnets, given that it destroys or “bricks” devices. Generally speaking, the purpose of most botnets is to keep infected devices around for as long as possible to harness their power.

    Why are IoT devices so insecure?

    BrickerBot and Mirai are far from the only IoT malware that exists. Others like Hajime (Japanese for “beginning”) seem to counter-infect vulnerable devices against threats like Mirai by blocking off the entry-points to the device. While this might come from good intentions, it could potentially introduce new weaknesses into devices because the foreign code could one day be transformed into something malicious. You should know that there are other instances of overtly malicious malware like Mirai that operate on a smaller scale.

    All of these IoT malware outbreaks highlight significant weaknesses in IoT systems. Many explanations have been offered as reasons for the inherent weakness of these devices, but perhaps two of the biggest are the fact that IoT devices use weak passwords and these devices are networked in a way where their system settings can be accessed remotely through a Wi-Fi network or Bluetooth connection.

    An IoT search engine called Shodan (Sentient Hyper-Optimised Data Access Network) illustrates both issues well.

    What should you do to protect yourself from BrickerBot?

    It’s not clear how many devices have been infected with BrickerBot, but Janit0r claims that BrickerBot has targeted over 1 million devices. If you have an IoT device, here’s what you should consider doing:

    1. If possible, change your password(s). If you have a smart device, you should consider changing the login information for the device.

    2. Limit your device’s Internet connectivity. While many smart devices might need to be “always on” in order for you to get the most out of them, not all do.

    3. Install updates often. This is advice we give all the time because it is a tried and true security precaution.

    What lessons can we take away from BrickerBot?

    Anything smart or online needs a password. Every device with Internet connectivity should, at the very least, have a password to prevent unauthorized access. Before buying a device, you should verify that it does not have a hard-coded password (one you can’t change).

    Don’t rely on manufacturers (or the occasional vigilante hacker) for default security. As BrickerBot and Mirai reveal, security doesn’t necessarily come from manufacturers; it’s something that you have to take into your own hands. If you’re going to opt into IoT technologies, make sure you have some knowledge of the security protocols of manufacturers you’re interested in purchasing from.

    Reply
  21. Tomi Engdahl says:

    The Internet of messy things
    How much damage can a ‘smart’ toaster do? Lots, and not just burning your bread.
    http://www.computerworld.com/article/3193941/internet-of-things/the-internet-of-messy-things.html

    Oh, sure, some internet of things (IoT) devices are enjoyable and useful. I have an Amazon Echo in my bedroom and a Google Home in my kitchen. I use them every day. But I’m aware of their privacy problems. You should be too.

    I’m not too worried about this. Unlike with Windows 10 Cortana, you can tell these devices to stop listening. Of course, they’ll be a lot less useful that way, but at least you have the option.

    No, what really concerns me about the IoT aren’t the new devices that are explicitly connected to cloud services, it’s the ordinary gadgets that are now listening in.

    Reply
  22. Tomi Engdahl says:

    The Internet of Things Needs a Code of Ethics
    https://www.theatlantic.com/technology/archive/2017/05/internet-of-things-ethics/524802/

    Technology is evolving faster than the legal and moral frameworks needed to manage it.

    In October, when malware called Mirai took over poorly secured webcams and DVRs, and used them to disrupt internet access across the United States, I wondered who was responsible. Not who actually coded the malware, or who unleashed it on an essential piece of the internet’s infrastructure—instead, I wanted to know if anybody could be held legally responsible. Could the unsecure devices’ manufacturers be liable for the damage their products?

    Right now, in this early stage of connected devices’ slow invasion into our daily lives, there’s no clear answer to that question. That’s because there’s no real legal framework that would hold manufacturers responsible for critical failures that harm others. As is often the case, the technology has developed far faster than policies and regulations.

    But it’s not just the legal system that’s out of touch with the new, connected reality. The Internet of Things, as it’s called, is also lacking a critical ethical framework, argues Francine Berman, a computer-science professor at Rensselaer Polytechnic Institute and a longtime expert on computer infrastructure. Together with Vint Cerf, an engineer considered one of the fathers of the internet, Berman wrote an article in the journal Communications of the Association for Computing Machinery about the need for an ethical system.

    Reply
  23. Tomi Engdahl says:

    High-Profile Targets Attacked via Software Update Mechanism
    http://www.securityweek.com/high-profile-targets-attacked-software-update-mechanism

    A recently discovered cyber-attack targeting high-profile technology and financial organizations is using a compromised software update mechanism for malware delivery, Microsoft security researchers reveal.

    This type of attack isn’t new, as it has been previously used in incidents involving Altair Technologies’ EvLog update process, South Korean software SimDisk’s auto-update mechanism, and the update server used by ESTsoft’s ALZip. The new campaign, however, also employed a series of commodity tools and simple malware, the researchers say.

    Reply
  24. Tomi Engdahl says:

    “Windows XP still insanely popular”

    Windows XP remains the third most popular desktop operating system in the world after Windows 7 and Windows 10, and by the looks of things, it doesn’t seem like it’s going to disappear anytime soon.

    Instead, Windows XP appears to be here to stay, with its market share shrinking at an insanely slow pace, despite the fact that it hasn’t received a single security update in the last 3 years.

    This means that systems still running it can become vulnerable to attacks should hackers develop exploits aimed at unpatched vulnerabilities, and with the recent leaks, finding such security flaws isn’t rocket science.

    Everyone on Windows XP is obviously recommended to upgrade as soon as possible, though in some cases the transition is a lot more expensive given that hardware upgrades are also necessary.

    Source: http://news.softpedia.com/news/police-dept-switches-to-windows-10-tired-of-buying-windows-xp-pc-parts-off-ebay-515464.shtml

    Reply
  25. Tomi Engdahl says:

    Did A Billionaire Harvest Big Data From Facebook To ‘Hijack’ Democracy?
    https://politics.slashdot.org/story/17/05/08/0758225/did-a-billionaire-harvest-big-data-from-facebook-to-hijack-democracy?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Long-time Slashdot readers walterbyrd and whoever57 both submitted the same article about the mysterious data analytics company Cambridge Analytica and its activities with SCL Group, a 25-year-old military psyops company in the U.K. later bought by “secretive hedge fund billionaire” Robert Mercer. One former employee calls it “this dark, dystopian data company that gave the world Trump.”

    The great British Brexit robbery: how our democracy was hijacked
    https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy

    A shadowy global operation involving big data, billionaire friends of Trump and the disparate forces of the Leave campaign influenced the result of the EU referendum. As Britain heads to the polls again, is our electoral process still fit for purpose?

    “The connectivity that is the heart of globalisation can be exploited by states with hostile intent to further their aims.[…] The risks at stake are profound and represent a fundamental threat to our sovereignty.”
    Alex Younger, head of MI6, December, 2016

    “It’s not MI6’s job to warn of internal threats. It was a very strange speech. Was it one branch of the intelligence services sending a shot across the bows of another? Or was it pointed at Theresa May’s government? Does she know something she’s not telling us?”
    Senior intelligence analyst, April 2017

    London in 2013 was still basking in the afterglow of the Olympics. Britain had not yet Brexited. The world had not yet turned.

    “That was before we became this dark, dystopian data company that gave the world Trump,” a former Cambridge Analytica employee who I’ll call Paul tells me. “It was back when we were still just a psychological warfare firm.”

    Was that really what you called it, I ask him. Psychological warfare? “Totally. That’s what it is. Psyops. Psychological operations – the same methods the military use to effect mass sentiment change. It’s what they mean by winning ‘hearts and minds’. We were just doing it to win elections in the kind of developing countries that don’t have many rules.”

    Why would anyone want to intern with a psychological warfare firm, I ask him. And he looks at me like I am mad. “It was like working for MI6. Only it’s MI6 for hire. It was very posh, very English, run by an old Etonian and you got to do some really cool things. Fly all over the world.”

    Reply
  26. Tomi Engdahl says:

    Glaring Vulnerabilities Make Many Commercial Drones ‘Insecure by Design’
    https://tech.slashdot.org/story/17/05/06/2021226/glaring-vulnerabilities-make-many-commercial-drones-insecure-by-design

    Drones, many readily available on ecommerce shops such as Amazon, are plagued by vulnerabilities that could give attackers full root access, read or delete files, or crash the device. The United States Computer Emergency Readiness Team (US-CERT) published a warning about one model, the DBPOWER U818A WiFi quadcopter, last month, but according to the researcher who reported the vulnerabilities, multiple drone models — manufactured by the same company but sold under different names — are also vulnerable.

    Many Commercial Drones ‘Insecure by Design’
    https://threatpost.com/many-commercial-drones-insecure-by-design/125420/

    Drones, many readily available on ecommerce shops such as Amazon, are plagued by vulnerabilities that could give attackers full root access to the device, read or delete files, or crash the device.

    The United States Computer Emergency Readiness Team (US-CERT) published a warning about one model, the DBPOWER U818A WiFi quadcopter, last month, but according to the researcher who reported the vulnerabilities, multiple drone models– manufactured by the same company but sold under different names – are also vulnerable.

    The issue with drones, Valente says, is two-pronged. They contain two appealing attack vectors: an open access point and a misconfigured FTP server. If an attacker was within WiFi range of the drone they could easily obtain read and write permissions to the drone’s filesystem and modify its root password, Valente told Threatpost last week.

    Valente discovered she could overwrite the drone’s remote password file after identifying inconsistencies with its permissions.

    In one instance she found that by overwriting the password, an attacker could remotely log in to the device through Telnet. A user would see a login prompt but would only have to type “root” for the user name and press enter to get in–no password required.

    Like any attack dependent on Wi-Fi, an attacker would need to be in close proximity to the drone to carry out an attack, Valente claims

    “One experiment I tested was to connect my laptop to the drone access point and share that connection to other devices. In this setup, multiple devices were able to have access to the drone and the drone’s open ports,” Valente said,

    “The scenarios are limited by an attacker’s creativity,” Valente told Threatpost.

    An attacker could also see or download any videos or photos on the drone and delete files on its SD card, Valente said.

    US-CERT reached out to DBPOWER, a British company that also makes portable LED projectors, IP cameras, and portable car jump starters, about the vulnerabilities. After failing to hear back after 45 days, the group published a Vulnerability Note, acknowledging Valente for her findings.

    Reply
  27. Tomi Engdahl says:

    Top Obama Officials to Testify on Russian Election Interference
    http://www.securityweek.com/top-obama-officials-testify-russian-election-interference

    The scandal over Russian meddling in last year’s US presidential election returns to the forefront of Washington politics after weeks of quiet on Monday, when two top officials from the Obama administration are set to testify in Congress.

    Sally Yates — acting attorney general in the Trump administration for 10 days before being fired — could bring new pressure on the White House over what it knew about former national security adviser Michael Flynn’s communications with Russian officials.

    Reply
  28. Tomi Engdahl says:

    CISO Perspective: How Cyber Threat Intelligence Fits into Security Strategy
    http://www.securityweek.com/ciso-perspective-how-cyber-threat-intelligence-fits-security-strategy

    In a nutshell, every product and service your organization creates is dependent on technology in some way, shape or form in order to be successful. Threats to that technology translate into a higher likelihood of risks to those products and services. Intelligence helps you identify what threats are actively exploiting risks within your organization (the reactive aspect) as well as what threats are materializing on the horizon (the proactive aspect) so that you can best apply the proper resources to the proper problem.

    There is certainly no shortage of threat intelligence articles and opinions out there – with their own definitions of how things should be – but as someone who has walked the walk both as a CISO who has built programs and as a vendor in the threat intel space, I thought that “CTI in the mind of Adam” was worth sharing. Depending on your organization and how your cyber program is set up, some of the specifics here may or may not be as relevant – each org is different and while it’s always good to follow “best practices”, you also have to do what makes sense for your business.

    On the right I’ve broken out the three different levels of CTI – tactical, operational and strategic.

    • Tactical is basically the low level “on the wire” type of intelligence, generally called an Indicator of Compromise (IOC) which is typically a feed of malicious IPs, Domain, URL Hash strings. Etc. This is the reactive How & What?

    • Operational intelligence generally focuses on the campaign and operations that are in use as it looks at capabilities, opportunities and intentions of threats – essentially the proactive When, Where and How?

    • Strategic intel is where threats are coupled with organizational impact, taking more of a risk-based view that helps you align your security program to your threat reality. I.e. the proactive, Who, Why and Where?

    On the left side I’ve broken out the people, process and Digital Risk Monitoring (DRM) aspects of intelligence. Here’s the deal – at the end of the day there are two main collection areas when it comes to intelligence: Internal and External.

    Reply
  29. Tomi Engdahl says:

    Malware Analysis Done Right
    http://www.securityweek.com/malware-analysis-done-right

    The reality facing the cybersecurity industry today is as soon as network defenders develop a new way to spot malware, cyberadversaries are quick to find a way to circumvent it. With the number of cyberattackers growing every day, the time elapsed between deploying a protection and a bad actor finding a way around it grows ever shorter.

    Thankfully, the cybersecurity industry has developed different methods for analyzing malware, each with its own set of strengths and weaknesses.

    Static Analysis

    Meant to be the first line of defense in a malware analysis environment, “static analysis” involves breaking down an unknown file into its component parts for examination without detonating the file. Through static analysis, the system can determine if the file has any potential markers or patterns that would indicate it is malware (for example, embedded executable scripts or calls to connect to an unknown or suspect server). Static analysis is an incredibly quick and accurate way to detect known malware and variants, which makes up the bulk of attacks typically seen launched against organizations.

    Machine Learning Analysis

    Some analysis systems have taken static analysis to the next level, adding support for machine learning. “Machine learning” may sound like a buzzword, but it involves creating and automating a system to classify malicious behavior into groups (or families). These groups can be used to identify future malicious content without humans needing to build the pattern matches manually.

    Dynamic Analysis

    If a suspect file cannot be handled through static analysis, it needs to be examined in greater detail by detonating it and observing the resulting host and network behavior. Generically referred to as “dynamic analysis,” it typically involves forwarding a suspicious sample to a VM-based environment and then activating it in a highly controlled environment (aka “sandboxing”), so its behavior can be observed and intelligence extracted. In cases of advanced VM-aware malware that can spot when it’s being deployed in a virtual environment, bare metal analysis may be required. Dynamic analysis is particularly good at finding zero-day exploits in malware.

    Reply
  30. Tomi Engdahl says:

    Matthew Prince / Cloudflare Blog:
    Following ProPublica report, Cloudflare will update its abuse reporting system by end of week to allow individuals to report threats and child abuse anonymously

    Anonymity and Abuse Reports
    https://blog.cloudflare.com/anonymity-and-abuse-reports/

    Reply
  31. Tomi Engdahl says:

    Cyber-Espionage Malware Is So Advanced It Has Its Own API
    https://www.bleepingcomputer.com/news/security/cyber-espionage-malware-is-so-advanced-it-has-its-own-api/?utm_content=buffer37f9d&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

    Russian cyberspies have developed a new breed of backdoor trojan that features several novel techniques, including an API that allows attackers to reverse the C&C communications flow when needed.

    Researchers say Kazuar is coded in the .NET Framework and appears to have versions for all three major operating systems.

    Both Fox-IT and Palo Alto have linked this backdoor to a cyber-espionage group called Turla

    Kazuar has the ability to reverse the flow of normal C&C server communications. Instead of infected hosts pinging the C&C server for new commands, an attacker can ping the victim whenever he wants and send new instructions.

    Reply
  32. Tomi Engdahl says:

    Analyzing a counter intelligence cyber operation: How Macron just changed cyber security forever
    https://hackernoon.com/analyzing-a-counter-intelligence-cyber-operation-how-macron-just-changed-cyber-security-forever-22553abb038b

    Up until today I could only look up to Russia (whether I agree with them or not) for conducting advanced information operations in cyber. Now, I can look up to Macron and the anonymous security professionals behind him and admire them. Finally, someone uses cyber deception to beat attackers at their own game.

    But remember, regardless of what actually happened, one of the major lessons of cyber security, as learned in Estonia a decade ago and endless times since, is that what people perceive matters as much if not more so than what the technical details of any attack may have actually been.

    Reply
  33. Tomi Engdahl says:

    The FCC’s comment system targeted by DDoS attacks during filing period for net neutrality
    https://techcrunch.com/2017/05/08/the-fccs-comment-system-targeted-by-ddos-attacks-during-filing-period-for-net-neutrality/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    The FCC suffered multiple distributed denial-of-service (DDoS) attacks Sunday night and Monday morning, the agency said in a statement today. The attacks appear to be aimed at shutting down the electronic comment filing system by which people can submit opinions on the proposed rollback of net neutrality rules

    Reply
  34. Tomi Engdahl says:

    Google Researchers Find “Worst” Windows RCE Flaw
    http://www.securityweek.com/google-researchers-find-worst-windows-rce-flaw

    Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich claim to have found a critical vulnerability in Windows. The details of the flaw will likely be disclosed in 90 days from now even if a patch is not available.

    Ormandy announced on Friday on Twitter that he and Silvanovich had discovered “the worst Windows remote code exec [vulnerability] in recent memory.”

    The expert has not shared any details, but he has clarified that their exploit works against default Windows installations, and the attacker does not need to be on the same local area network as the victim. He also said the attack is “wormable.”

    Despite not releasing any technical details on the vulnerability, some members of the industry have criticized the Google Project Zero researchers for making the existence of the flaw public.

    If a tweet is causing panic or confusion in your organization, the problem isn’t the tweet, the problem is your organization

    — Natalie Silvanovich (@natashenka) May 6, 2017

    Reply
  35. Tomi Engdahl says:

    Exploitable Details of Intel’s ‘Apocalyptic’ AMT Firmware Vulnerability Disclosed
    http://www.securityweek.com/exploitable-details-intels-apocalyptic-amt-firmware-vulnerability-disclosed

    Details of the Intel AMT firmware vulnerability announced on May 1, 2017 are now public knowledge; and the suggestion that ‘this is somewhere between nightmarish and apocalyptic’ has been proven correct.

    One day after Intel’s alert, Embedi (the firm that discovered the vulnerability back in February this year) published a brief note. One particular sentence stood out to researchers at Tenable: “With 100 percent certainty it is not an RCE but rather a logical vulnerability.”

    This persuaded Tenable to look at ‘authentication’ as the possible basis for a logical flaw that allows remote access. Within one day it discovered the flaw by trial and error — and experience.

    “Drawing on past experience,” explains Carlos Perez, Tenable’s director of reverse engineering in a blog post last Friday, “when we reported an authentication-related vulnerability in which the length of credential comparison is controlled by the attacker (memcmp(attacker_passwd, correct_passwd, attacker_pwd_len)), we tested out a case in which only a portion of the correct response hash is sent to the AMT web server. To our surprise, authentication succeeded!”

    Further tests showed that a NULL/empty response hash (response=”” in the HTTP Authorization header) still worked. “We had discovered a complete bypass of the authentication scheme.”

    More at http://www.epanorama.net/newepa/2017/05/06/intel-amt-firmware-vulnerability-cve-2017-5689/

    Reply
  36. Tomi Engdahl says:

    Debunking the Deep & Dark Web: Four Myths That Can Inhibit Threat Intelligence Strategy
    http://www.securityweek.com/debunking-deep-dark-web-four-myths-can-inhibit-threat-intelligence-strategy

    Beware of Myths and Misleading Claims in the Market for Threat Intelligence Offerings Pertaining to the Deep & Dark Web

    The market for threat intelligence offerings remains inundated with confusing claims that can overwhelm even the most seasoned security professional. As I’ve written previously, much of this confusion stems from the loose interpretation of terms like “open web intelligence,” “automated intelligence,” and “digital risk,” as well as the inconsistent extent to which these offerings can deliver on their claims. All claim to leverage intelligence from the Deep & Dark Web, but can they really?

    1. “Open web intelligence” is largely search engine and social media driven, with a myriad of other easily accessible sources.

    2. “Automated intelligence” is a misnomer; while automation is critical in building the right technology to empower humans to glean actionable intelligence, it cannot deliver true contextual intelligence from the Deep & Dark Web on its own.

    3. “Digital Risk” monitoring is important, but it’s more of a clean-up crew that is only useful after a strategic intelligence program is launched and executed. Unless you know what you’re looking for, digital risk monitoring really just monitors known information, leaving a large gap of what you don’t know.

    Myth 1: The Deep Web and the Dark Web are One and the Same

    ● The Deep Web refers to the broad swath of the Internet that traditional search engines cannot access. In addition to housing vast amounts of mundane — and often benign — data, the Deep Web is also home to password-protected forums, chat services like Internet Relay Chat (IRC), file sharing and P2P technologies such as BitTorrent, and the entirety of the Dark Web.

    ● The Dark Web is a subcomponent of the Deep Web that is only accessible to users who have installed specialized browsing software, such as Tor or I2P. Many forums, websites, and marketplaces on the Dark Web offer highly-anonymized environments for those seeking to conduct malicious activities and purchase illicit goods and services.

    Myth 2: The Dark Web is “More Malicious” than the Deep Web

    The problem is, although the Dark Web does facilitate many types of malicious activity — so do many sections of the Deep Web.

    Myth 3: The Dark Web is more difficult to access than the Deep Web

    virtually anyone with an Internet connection can download Tor or I2P to access the Dark Web.

    However, although no special software are required to enter the most elite Deep Web forums that exist outside the Dark Web — these can typically be reached via a normal web browser as long as the user knows the correct URL and login credentials — the process is rarely easy.

    Myth 4: Dark Web Intelligence is more valuable than Deep Web Intelligence

    In most cases, the value of true, relevant intelligence from the Deep & Dark Web is rarely overstated. Such intelligence has become essential for safeguarding critical assets, proactively addressing cyber and physical threats, and mitigating risk.

    Regardless of an organization’s threat intelligence strategy, capabilities, or consumption, all can agree that “blind spots” pertaining to malicious actors, threats, or vulnerabilities can be detrimental. Unfortunately, myths and misleading claims in the market for threat intelligence offerings pertaining to the Deep & Dark Web continue to make it increasingly difficult for organizations to decipher the true extent to which many of these offerings can help reveal these blind spots.

    Reply
  37. Tomi Engdahl says:

    China Expands Data Export Restrictions
    http://www.eetimes.com/author.asp?section_id=36&doc_id=1331699&

    New rules proposed in China will create significant hurdles for big data companies with international operations and their customers who use their data.

    China’s Network Security Law (NSL), adopted late last year, is set to take effect on June 1, 2017. One of the most important provisions of the NSL is Article 37, which requires operators of critical information infrastructure to store personal information and important data within China.

    Transferring such information overseas is only permitted after the information is assessed by the competent authority. Critical information infrastructure is broadly defined in the NSL as any information system important to national security, citizen welfare and public interest, such as public communications and information services, energy, transportation, water conservancy, finance, public services, e-government and other important industries and fields.

    Reply
  38. Tomi Engdahl says:

    Thousands of Devices Hacked by Rakos Botnet
    http://www.securityweek.com/thousands-devices-hacked-rakos-botnet

    Thousands of devices have been hacked by a Linux malware named Rakos, and while researchers have yet to see any actual malicious activity involving the botnet, they believe it could be used for powerful distributed denial-of-service (DDoS) attacks.

    Rakos, whose existence was brought to light in December 2016 by ESET, targets Linux systems by launching brute-force attacks via SSH. The security firm reported at the time that the compromised machines had not been leveraged for DDoS attacks or spam campaigns, as one might expect.

    Brazil-based Morphus Labs recently deployed some high interaction honeypots that were quickly targeted by Rakos. A closer analysis revealed that the botnet had ensnared roughly 8,300 devices per day across 178 countries.

    https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/

    Reply
  39. Tomi Engdahl says:

    Critical Flaw Patched in Jenkins Automation Server
    http://www.securityweek.com/critical-flaw-patched-jenkins-automation-server

    The developers of Jenkins recently patched several vulnerabilities, including a critical weakness that can be exploited by a remote attacker for arbitrary code execution.

    Jenkins is the most popular open source automation server, with over 133,000 installations and more than 1 million users worldwide. The product, maintained by CloudBees and the Jenkins community, is designed to help developers build, test and deploy their software.

    An independent security researcher recently informed Beyond Security’s SecuriTeam Secure Disclosure program that Jenkins is affected by a serious vulnerability related to Java deserialization.

    According to experts, the flaw allows an unauthenticated attacker to execute arbitrary code by sending two specially crafted requests to the vulnerable server. Technical details for the security hole, tracked as CVE-2017-1000353, were published by Beyond Security earlier this month.

    The flaw has been patched with the release of Jenkins 2.57 and 2.46.2 (LTS)

    Reply
  40. Tomi Engdahl says:

    Microsoft Kills Off Windows 10 RTM
    Original Windows 10 version reaches end of servicing today
    http://news.softpedia.com/news/microsoft-kills-off-windows-10-rtm-515536.shtml

    Windows 10 users still on 1507 can move to the Anniversary Update or the Creators Update, with the latter obviously the preferred choice since it was released last month and brings a long list of improvements. Furthermore, installing the Creators Update means that no other upgrade would be required when the Anniversary Update also reaches end of servicing.

    Systems running Windows 10 Home, Pro, Education, and Enterprise SKUs are all getting the last updates on version 1507 today, unless they are enrolled in the Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB branches.

    “If you continue to use version 1507, your computer will still work, but since you won’t continue to receive new security updates or other quality updates, it could become more vulnerable to security risks and viruses. Microsoft offers complimentary support to ensure your device has the latest updates installed and requires that your device be up to date before assisting with other technical support issues,” Microsoft explains.

    Reply
  41. Tomi Engdahl says:

    WASHINGTON
    President Trump fires FBI Director James Comey
    https://www.usatoday.com/story/news/politics/2017/05/09/trump-fires-fbi-director-james-comey/101485500/

    It was an abrupt ending to a tenure marked by political controversies ranging from the Trump campaign’s connections to Russia to Hillary Clinton’s handling of classified emails.

    Reply
  42. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Cisco patches 318 switch models for 0-day remote exploit from March’s WikiLeaks CIA dump

    https://arstechnica.com/security/2017/05/cisco-kills-leaked-cia-0day-that-let-attackers-commandeer-318-switch-models/

    Reply
  43. Tomi Engdahl says:

    Mike Levine / ABC News:
    Sources: Senate Intel Committee sent a secret notice to US AG and DNI warning of potential risks of Kaspersky software, given Russian firm’s huge market share

    Officials fear Russia could try to target US through popular software firm under FBI scrutiny
    http://abcnews.go.com/US/officials-fear-russia-target-us-popular-software-firm/story?id=47295729

    Russia’s growing aggression toward the United States has deepened concerns among U.S. officials that Russian spies might try to exploit one of the world’s most respected cybersecurity firms to snoop on Americans or sabotage key U.S. systems, according to an ABC News investigation.

    Products from the company, Kaspersky Lab, based in Moscow, are widely used in homes, businesses and government agencies throughout the United States, including the Bureau of Prisons. Kaspersky Lab’s products are stocked on the shelves of Target and Best Buy, which also sells laptops loaded by manufacturers with the firm’s anti-virus software.

    Reply
  44. Tomi Engdahl says:

    Adobe Patches Flaws in Flash Player, Experience Manager
    http://www.securityweek.com/adobe-patches-flaws-flash-player-experience-manager

    Updates released by Adobe on Tuesday for Flash Player and Experience Manager patch several vulnerabilities classified as critical and important.

    Flash Player 25.0.0.171 addresses a total of seven flaws which, according to the software giant, can be exploited to take control of vulnerable systems.

    The Flash Player vulnerabilities are tracked as CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073 and CVE-2017-3074. There is no evidence that they have been exploited in the wild.

    https://helpx.adobe.com/security/products/flash-player/apsb17-15.html

    Reply
  45. Tomi Engdahl says:

    Google Offers $20,000 to Join OSS-Fuzz Program
    http://www.securityweek.com/google-offers-20000-join-oss-fuzz-program

    Five months ago, Google launched its free OSS-Fuzz service with the purpose to help open source developers locate bugs in their code. “It is important,” said Google at the time, “that the open source foundation be stable, secure, and reliable, as cracks and weaknesses impact all who build on it.”

    Since then, the cloud service has attracted 47 open-source projects and has uncovered more than 1,000 bugs (264 of which are potential security vulnerabilities) while processing 10 trillion test inputs per day.

    Google now wishes to attract more OSS projects to the initiative, and is offering a reward to do so. “We believe that user and internet security as a whole can benefit greatly if more open source projects include fuzzing in their development process,” the company announced in a blog post yesterday. “To this end, we’d like to encourage more projects to participate and adopt the ideal integration guidelines that we’ve established.”

    Google is expanding its Patch Rewards program to include rewards for the integration of fuzz targets into OSS-Fuzz. It will pay projects $1,000 for the initial integration, and up to $20,000 (at its own discretion) for what it describes as an ‘ideal integration’.

    OSS-Fuzz: Five months later, and rewarding projects
    https://security.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html

    Reply
  46. Tomi Engdahl says:

    RedLock Emerges from Stealth With Cloud Security Platform
    http://www.securityweek.com/redlock-emerges-stealth-cloud-security-platform

    Cloud security startup RedLock emerged from stealth mode on Tuesday with a cloud infrastructure security offering and $12 million in funding from several high profile investors.

    According to the company, its RedLock Cloud 360 platform is designed to help organizations manage security and compliance risks in their public cloud infrastructure without having a negative impact on DevOps.

    The company says its product can help security teams identify risks in their cloud infrastructure by providing comprehensive visibility into workloads and the connections between user activity, network traffic, configurations, and threat intelligence data. The solution works across multiple public cloud services, such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform.

    http://redlock.io/

    Reply
  47. Tomi Engdahl says:

    FCC Says Website Downtime Caused by DDoS Attacks
    http://www.securityweek.com/fcc-says-website-downtime-caused-ddos-attacks

    The U.S. Federal Communications Commission (FCC) said its website was disrupted by distributed denial-of-service (DDoS) attacks on Sunday night, not due to a large number of attempts to submit comments on net neutrality.

    “Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” the FCC stated.

    http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0508/DOC-344764A1.pdf

    Reply
  48. Tomi Engdahl says:

    User Security is a Responsibility, Not an Excuse
    http://www.securityweek.com/user-security-responsibility-not-excuse

    Ask an IT person what the weakest link in their organization’s security is, and you’ll invariably get a witty take on the same derisive answer: “Meatware.” “Our walking, talking vulnerabilities.” “PEBKAC” (problem exists between keyboard and chair).

    In short, they point the finger at users. In part because, for the majority of successful breaches, the common entry point typically is a user. But another reason is that despite all the security tools and policies IT departments have in place, users will always be a wildcard — the one thing they can never fully control.

    It’s easy to understand the frustration. Over the past 20 years, the topic of cybersecurity has become a public discussion. Most users have become more exposed and sensitized to the risk, and have some amount of awareness training. Still, the Identity Theft Resource Center describes a 40% rise in breaches in 2016, and the Ponemon Institute and Experian have highlighted continuing organizational concerns around the exploitability of users.

    Is the appropriate response to blame the victim when increasingly sophisticated attacks and the rise in credential thefts are making any user’s goal of protecting themselves much more difficult? Or should the security community, instead, be providing them with better information and defenses, including a more complete view of the criminal tactics involved?

    Phishing Has Evolved: Helping Users Avoid Socially-Informed Attacks

    To protect themselves, users need to know that these new risks exist, and security professionals should add two talking points to their awareness arsenal:

    1. Never respond to connection requests that arrive in email – When someone attempts to connect, go to the actual site or application and look for the invitation before considering accepting.
    2. Be prudent in your connections – This is both a personal and a community responsibility.

    Reply
  49. Tomi Engdahl says:

    Microsoft Fixes Antimalware Engine Flaw Found by Google Experts
    http://www.securityweek.com/microsoft-fixes-antimalware-engine-flaw-found-google-experts

    It took Microsoft less than three days to patch a critical remote code execution vulnerability found by Google Project Zero researchers in the company’s Malware Protection Engine. Most users don’t need to take any action as the affected products should be updated automatically.

    The existence of the flaw was disclosed by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Friday. Ormandy described the weakness as “the worst Windows remote code exec [vulnerability] in recent memory.”

    The expert said the vulnerability was “wormable,” it affected default Windows installations, and exploitation did not require access to the victim’s network.

    Microsoft announced a patch for the vulnerability and published an advisory on Monday.

    Microsoft Security Advisory 4022344
    Security Update for Microsoft Malware Protection Engine
    https://technet.microsoft.com/en-us/library/security/4022344

    Reply
  50. Tomi Engdahl says:

    Google Tightens OAuth Rules to Combat Phishing
    http://www.securityweek.com/google-tightens-oauth-rules-combat-phishing

    Following last week’s phishing attack against Gmail users, Google is planning tightened OAuth rules to prevent similar incidents from occurring.

    Phishing emails, which impersonate a trusted source to trick the recipient into opening a malicious attachment or clicking a suspicious link, have long been a favorite tool for attackers. Google’s email service blocks millions of phishing emails each day, but last week’s incident proved that the system isn’t invincible.

    The phishing attack tricked users into granting access to their contact information to a third-party application cleverly named “Google Docs.” The incident resulted in the attacker gaining access to all of the affected users’ email content, as well as in the phishing attack immediately propagating to all of the victim’s contacts.

    “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again,” Google said after the incident.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*