The average single person in New York would travel 2.1 hours to go on a date amid the COVID-19 pandemic, according to a survey conducted by EverydayCarry.com, and half of […]
View full post on National Cyber Security
Since Wonder Woman 1984 isn’t coming to theaters in October anymore, you’re gonna want to find some new stuff to watch at home. Thankfully, Disney+ and Hulu have a wave […]
View full post on National Cyber Security
The Cyberspace Solarium Commission will recommend that the Department of State establish a bureau focused on international cybersecurity efforts and emerging technologies as part of its forthcoming report, commissioners said March 3 at the Carnegie Endowment for International Peace.
The suggestion from the commission, made up of government and non-government cybersecurity experts developing cyber policy recommendations, comes as part of a broader belief in the group that the State Department needs to be more involved on cybersecurity issues.
Among the report’s 75 recommendations, set for release March 11, will be the proposal for a new State Department office called the “Bureau for Cyberspace Security and Emerging Technologies,” in addition to a new assistant secretary of state position to coordinate international outreach for cyber issues and emerging tech.
The new position would report to the deputy secretary of state or undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a member of the commission. The goal of the new office is to take cybersecurity issues at the department and “raising its level of importance and stature … to reinforce that this is an international approach that we need to and want to take,” Langevin said.
In its fiscal 2021 budget request, released in February, the State Department asked Congress for $6 million in new funding for establish an “Cyberspace Security and Emerging Technologies” office. According to the budget request, the office would “allow the Department of State to ensure the development of long-term, comprehensive expertise in order to fully support U.S. foreign policy and diplomatic initiatives needed to meet the national security challenges posed by cyberspace and emerging technologies.”
Right now, the top cybersecurity official at the State Department is Robert Strayer, who has headed 5G policy and international outreach for that issue. That effort has centered on convincing allies not to use hardware from the China-based Huawei company in their 5G networks — an effort that has had limited success.
For example, Great Britain announced last month that it would allow Chinese tech in non-critical portions of its 5G network. Germany is also reportedly expected to make a decision soon. Chris Inglis, former deputy director of the NSA and current Solarium commissioner, said that the United States may have had limited success on the issue because U.S. policymakers were “late to the game” and there wasn’t an agency charged with that role. That’s a gap the suggested bureau would fill.
The commission is needed “so that in the future hopefully 6G, 7G, 10G will be the responsibility of somebody at least in terms of the international portfolio,” Inglis said.
Sign up for our Daily Brief
Get the top Cyber headlines in your inbox every weekday morning.
By giving us your email, you are opting in to the Daily Brief.
Two weeks ago, the State Department was a key part of an international effort attributing a 2019 cyberattack on the country of Georgia to Russian military intelligence. Langevin wants to see more.
“They need more resources, more people, more expertise within the State Department to raise the profile and also to be able to be proactive in being involved with international …. groups that are involved in setting international cyber norms,” he said.
Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.
BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.
The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.
I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.
According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.
The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.
But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.
In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.
For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.
So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”
There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.
Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.
CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.
In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.
Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”
And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.
Source: National Cyber Security – Produced By Gregory Evans Milestone Boulevard is closed at Nine Mile Road for drainage work that is part of the Nine Mile widening project. Crews have demolished a section of the roadway. After digging a trench that is about 4-feet deep, 30-inch pipes will be put in place. The roadway […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Photo courtesy Wikimedia commons. In 2019, the Trump administration issued 44 executive orders, signed 94 bills into law and finalized more than three thousand new rules. One hundred judges were confirmed to the federal bench, the most of any year in Trump’s term. Simply put, it […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Identity sprawl – too many usernames and too many passwords – has never been as big a concern as it is today: More devices are being brought into the enterprise, more people are working remotely and using their own devices, and more users continue to access […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Bringing a consistent form of dark mode is not an easy task, as the existing implementations are very much fragmented. Even the apps from Google don’t have a standard way to toggle the color scheme – some rely on underlying system settings while others sport a […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans We are looking for a student to join our team for a 12-month internship at our Abingdon, UK, headquarters. If you’re currently studying marketing, business or another relevant field, and have strong written, project management and organisational skills, we want you! As part of the Content […]
View full post on AmIHackerProof.com
Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff.
Instagram has joined the dark side. Well, not really, sort of. The Facebook-owned social media platform has updated its app for iOS 13 with support for dark mode.
The setting is an extension of iOS‘ system-wide dark mode, and Instagram has basically revamped its UI to match the theme.
In case you haven’t already caught a glimpse, here’s what it looks like:
No surprises there, it’s the standard combo of black and grey, mixed with white text and icon layouts.
How to turn on dark mode
To get the dark look, you’ll need to enable iOS 13‘s own dark mode. That seems to be the only way for now, since Instagram has yet to include a native switch in its app.
Anyways, here are the steps you need to follow:
Pull the control center on your iPhone
Long-press on the brightness indicator
Select dark mode from the toggle options below to enable it
Boom! You’re done
Alternatively, you can ask Siri to enable dark mode by uttering the magic phrase “Hey Siri, turn on/off the dark mode.”
A third way to do it is by going to Settings > Display & Brightness, and then tapping on the “Dark” theme option. As easy as that.
Once you’ve used any of these three approaches, Instagram will automatically switch to dark mode too.
Unfortunately, Instagram‘s dark mode is currently exclusively available on iOS. Don’t fret, though: it seems that the Facebook subsidiary is testing the feature on Android, so chances are it’ll make its way to Google’s operating system soon.