The Cyberspace Solarium Commission will recommend that the Department of State establish a bureau focused on international cybersecurity efforts and emerging technologies as part of its forthcoming report, commissioners said March 3 at the Carnegie Endowment for International Peace.
The suggestion from the commission, made up of government and non-government cybersecurity experts developing cyber policy recommendations, comes as part of a broader belief in the group that the State Department needs to be more involved on cybersecurity issues.
Among the report’s 75 recommendations, set for release March 11, will be the proposal for a new State Department office called the “Bureau for Cyberspace Security and Emerging Technologies,” in addition to a new assistant secretary of state position to coordinate international outreach for cyber issues and emerging tech.
The new position would report to the deputy secretary of state or undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a member of the commission. The goal of the new office is to take cybersecurity issues at the department and “raising its level of importance and stature … to reinforce that this is an international approach that we need to and want to take,” Langevin said.
In its fiscal 2021 budget request, released in February, the State Department asked Congress for $6 million in new funding for establish an “Cyberspace Security and Emerging Technologies” office. According to the budget request, the office would “allow the Department of State to ensure the development of long-term, comprehensive expertise in order to fully support U.S. foreign policy and diplomatic initiatives needed to meet the national security challenges posed by cyberspace and emerging technologies.”
Right now, the top cybersecurity official at the State Department is Robert Strayer, who has headed 5G policy and international outreach for that issue. That effort has centered on convincing allies not to use hardware from the China-based Huawei company in their 5G networks — an effort that has had limited success.
For example, Great Britain announced last month that it would allow Chinese tech in non-critical portions of its 5G network. Germany is also reportedly expected to make a decision soon. Chris Inglis, former deputy director of the NSA and current Solarium commissioner, said that the United States may have had limited success on the issue because U.S. policymakers were “late to the game” and there wasn’t an agency charged with that role. That’s a gap the suggested bureau would fill.
The commission is needed “so that in the future hopefully 6G, 7G, 10G will be the responsibility of somebody at least in terms of the international portfolio,” Inglis said.
Sign up for our Daily Brief
Get the top Cyber headlines in your inbox every weekday morning.
By giving us your email, you are opting in to the Daily Brief.
Two weeks ago, the State Department was a key part of an international effort attributing a 2019 cyberattack on the country of Georgia to Russian military intelligence. Langevin wants to see more.
“They need more resources, more people, more expertise within the State Department to raise the profile and also to be able to be proactive in being involved with international …. groups that are involved in setting international cyber norms,” he said.
Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.
BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.
The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.
I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.
According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.
The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.
But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.
In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.
For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.
So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”
There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.
Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.
CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.
In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.
Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”
And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.
Source: National Cyber Security – Produced By Gregory Evans Milestone Boulevard is closed at Nine Mile Road for drainage work that is part of the Nine Mile widening project. Crews have demolished a section of the roadway. After digging a trench that is about 4-feet deep, 30-inch pipes will be put in place. The roadway […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Photo courtesy Wikimedia commons. In 2019, the Trump administration issued 44 executive orders, signed 94 bills into law and finalized more than three thousand new rules. One hundred judges were confirmed to the federal bench, the most of any year in Trump’s term. Simply put, it […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Identity sprawl – too many usernames and too many passwords – has never been as big a concern as it is today: More devices are being brought into the enterprise, more people are working remotely and using their own devices, and more users continue to access […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Bringing a consistent form of dark mode is not an easy task, as the existing implementations are very much fragmented. Even the apps from Google don’t have a standard way to toggle the color scheme – some rely on underlying system settings while others sport a […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans We are looking for a student to join our team for a 12-month internship at our Abingdon, UK, headquarters. If you’re currently studying marketing, business or another relevant field, and have strong written, project management and organisational skills, we want you! As part of the Content […]
View full post on AmIHackerProof.com
Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff.
Instagram has joined the dark side. Well, not really, sort of. The Facebook-owned social media platform has updated its app for iOS 13 with support for dark mode.
The setting is an extension of iOS‘ system-wide dark mode, and Instagram has basically revamped its UI to match the theme.
In case you haven’t already caught a glimpse, here’s what it looks like:
No surprises there, it’s the standard combo of black and grey, mixed with white text and icon layouts.
How to turn on dark mode
To get the dark look, you’ll need to enable iOS 13‘s own dark mode. That seems to be the only way for now, since Instagram has yet to include a native switch in its app.
Anyways, here are the steps you need to follow:
Pull the control center on your iPhone
Long-press on the brightness indicator
Select dark mode from the toggle options below to enable it
Boom! You’re done
Alternatively, you can ask Siri to enable dark mode by uttering the magic phrase “Hey Siri, turn on/off the dark mode.”
A third way to do it is by going to Settings > Display & Brightness, and then tapping on the “Dark” theme option. As easy as that.
Once you’ve used any of these three approaches, Instagram will automatically switch to dark mode too.
Unfortunately, Instagram‘s dark mode is currently exclusively available on iOS. Don’t fret, though: it seems that the Facebook subsidiary is testing the feature on Android, so chances are it’ll make its way to Google’s operating system soon.
With the global cost of cybercrime expected to surpass $2 trillion by the end of 2019, it’s no surprise that organizations have sought out unconventional cybersecurity strategies. For years, businesses have encouraged — and even hired on — hackers to unearth their digital vulnerabilities.
To be clear, these hackers aren’t bad guys turned good. Ethical, or white hat, hackers use their computer security expertise to hack into organizations’ digital infrastructure and identify cybersecurity weaknesses, rather than exploit them. The profession isn’t necessarily new, but the ethics surrounding it have begun to evolve.
While 75% of white hat hackers say that no amount of money could turn them into black hat hackers, that leaves 1 in 4 ethical hackers who would switch their hats for the right price — or more recently, the right cause.
While that isn’t to say that all ethical hackers are easily swayed, the promise of a hefty payout or even “hacktivist” glory can be attractive. With this knowledge in mind and sensitive data on the line, businesses must reassess their ethical hacking practices. Before communicating with outside ethical hackers or bringing an ethical hacker onto your team, consider how you can best ensure this practice isn’t endangering your organizations’ data.
Before you continue reading, how about a follow on LinkedIn?
How to hire an ethical hacker
Companies have offered bug bounties to outside hackers for years, but it’s different to invite a white hat into the office — and behind your security perimeter. When hiring an ethical hacker, organizations should reinforce all of the precautions usually taken during the onboarding process to ensure their data and their customers’ is protected.
Remember, ethical hacking is an increasingly accepted and legitimate profession. Therefore, be careful not to treat an ethical hacker like a former (or current) criminal. While the nature of their duties is historically “bad,” that doesn’t warrant a set of guidelines separate from their coworkers. Doing so makes an already traditionally solitary role even more isolating and could make them feel like they are doing something wrong when they are actually helping your business.
Just as you would for any employee that handles or has access to sensitive company data, be sure to make it clear in the ethical hacker’s contract that legal action or other serious consequences are possible should they misuse company data and information. Be sure to thoroughly check their references and obtain a comprehensive history of their career to cover your bases.
Companies should indicate in ethical #hacker’s contract that legal action or other serious consequences are possible should they misuse company data. #respectdata Click to Tweet
It’s also critical that you make an effort to ensure that other employees do not perceive their new coworker as dangerous or untrustworthy because of the nature of their work. Encourage trust and familiarity with team-building exercises throughout the company and education initiatives that help everyone understand the projects the ethical hacker is working on. When there is visibility into what the ethical hacker actually does, the employee feels supported and accepted — and leadership has extra reassurance that the hacking remains ethical.
Approach outside ethical hackers with a set protocol
While you’re rethinking your organization’s policies toward hiring ethical hackers, it’s worth considering how you deal with outside white hats too. Some organizations offer “bug bounties” to those who can find previously unnoticed vulnerabilities in their digital infrastructure. It could be dangerous to overlook these independently operating hackers — over 70% of cyber attacks are financially motivated, so having some sort of compensation is a best practice.
Organizations must be open to all security opportunities
In an environment where cyberattacks are only set to increase, being open to the latest cybersecurity strategies is essential to protecting the digital infrastructure of your organization. While there are some risks that come with ethical hacking, having someone who thinks like and is equipped with the same skills as the bad guys might be the best way to keep your information safe from them.
One reason people switch to Linux is to have better security. Once you switch to Linux, the thinking goes, you no longer have to worry about viruses and other types of malware. But while this is largely true in practice, desktop Linux isn’t actually all that secure.
If a virus wants to wreck shop on your free and open source desktop, there’s a good chance that it can.
Why Malware Is Less Common on Linux Desktops
Malware is unwanted code that somehow made its way onto your computer in order to perform functions designed with malicious intent. Sometimes these programs slow down a machine or cause it to crash entirely. The creators may then demand a ransom in order to fix the machine.
Sometimes malware uploads information to remote servers, giving someone access to your saved data or vital credentials that you type, such as passwords and credit card numbers.
People tend to create malware for Windows because that’s the operating system found on the most PCs. This increases the odds that a virus will spread from one computer to another.
Virus makers tend to target less technical users that are easier to fool with bogus web banners and phishing scams. Viruses also spread among people who know how to pirate music and TV shows but don’t understand how these files may be infected.
There are antivirus programs for Linux
The 6 Best Free Linux Antivirus Programs
The 6 Best Free Linux Antivirus Programs Think Linux doesn’t need antivirus? Think again. These free antivirus tools can ensure your Linux box remains virus-free.
, but even their purpose is often to help protect Windows users.
Linux Desktop Malware Exists, But It’s Rare
One piece of malware has recently made news for targeting the Linux desktop. EvilGNOME runs on the GNOME desktop environment by pretending to be an extension.
GNOME is the most common Linux desktop environment
GNOME Explained: A Look at One of Linux’s Most Popular Desktops
GNOME Explained: A Look at One of Linux’s Most Popular Desktops You’re interested in Linux, and you’ve come across “GNOME”, an acronym for GNU Network Object Model Environment. GNOME is one of the most popular open source interfaces, but what does that mean?
, found as the default interface on two of the most popular Linux distros, Ubuntu and Fedora, and on computers that ship directly from Linux manufacturers such as System76 and Purism. Legitimate extensions allow you to alter many aspects of the GNOME desktop.
The malware known as EvilGNOME is able to take screenshots and record audio from your PC’s microphone. It can also upload your personal files. A more detailed breakdown is available in a report by Intezer Labs, who gave EvilGNOME its name.
This malware didn’t attract attention for being particularly likely to impact large numbers of people. It was considered newsworthy because it existed at all.
Most Linux Malware Targets Servers
Linux is relatively rare on desktops, but it’s the most prominent operating system found on servers powering the web and managing much of the world’s digital infrastructure.
Many attacks target websites rather than PCs. Hackers often look for vulnerabilities in network daemons that they can use to gain access to Linux-powered servers. Some will install a malicious script on a server that then targets visitors rather than the system itself.
Hacking Linux-powered machines, whether they are servers or IoT devices, is one way to go about infecting the web or creating botnets.
Linux’s Design Is Not Inherently Secure
Desktop Linux in its current form is hardly a fortress. Compared to Windows XP, where malicious software could gain administrator access without prompting for a password, Linux offered much better security. These days, Microsoft has made changes to close that gap. Since Vista, Windows has issued a prompt.
Yet fretting about the security of system files almost misses the point. Most of the data we care about isn’t saved in our root system folders. It’s the personal data in our home directory that’s irreplaceable and most revealing. Software on Linux, malicious or otherwise, doesn’t need your password to access this data and share it with others.
User accounts can also run scripts that activate your microphone, turn on your webcam, log key presses, and record what happens onscreen.
In other words, it almost doesn’t matter how secure the Linux kernel is, or the safeguards surrounding various system components, if it’s the vulnerabilities in apps and the desktop environment that can put the data you care most about at risk.
EvilGNOME doesn’t install itself among your system files. It lurks in a hidden folder in your home directory. On the positive side, that makes it easier to remove. But you have to first know it’s there.
4 Reasons Why Linux Relatively Safe to Use
While Linux isn’t immune to exploits, in day-to-day use, it still provides a much safer environment than Windows. Here are a few reasons why.
1. Multiple Distros, Environments, and System Components
App developers have a hard time developing for Linux because there are so many versions to support. The same challenge faces malware creators. What’s the best way to infiltrate someone’s computer? Do you sneak code in the DEB or RPM format?
You may try to exploit a vulnerability in the Xorg display server or in a particular window compositor, only to find that users have something else installed.
2. App Stores and Package Managers Shield Linux Users
Traditional Linux package management systems put app maintainers and reviewers between users and their software source. As long as you get all of your software from these trusted sources, you’re very unlikely to run into anything malicious.
Avoid copying and pasting command line instructions to install software, especially when you don’t know exactly what the command is doing and you’re unsure of the source.
3. Newer Technologies Actively Consider Security
New app formats like Flatpak and Snap introduce permissions and sandboxing, limiting what apps can access. The new Wayland display server can prevents apps from taking screenshots or recording happens onscreen, making it harder to exploit.
4. The Source Code Is Open for Anyone to Read
The primary advantage of Linux comes from being able to view the code. Since Linux is open source rather than proprietary, you don’t have to worry about the desktop itself working against you, acting as spyware itself or suffering from exploits that haven’t been disclosed for commercial reasons.
Even if you can’t make sense of the code, you can read the blog posts or reports by someone that does.
Should You Be Afraid of Linux Malware?
It’s a myth that Linux users don’t have to worry about viruses, but if you stick to your distro’s app stores or other trusted sources such as Flathub, you’re unlikely to stumble across anything dangerous.
No matter which operating system you use, it’s important that you adopt safe digital habits. Don’t make the mistake of believing that switching to Linux means you can download from sketchy sites without concern.
Yet for most of us, the biggest risk probably isn’t malware. If you’ve created a large number of online accounts or depend on cloud services, phishing scams are a much larger threat
How to Spot a Phishing Email
How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud.