into
now browsing by tag
Russia’s sovereign internet law comes into force – Naked Security
Source: National Cyber Security – Produced By Gregory Evans
The Russian government calls it the “sovereign internet” law and from 1 November it compels the country’s ISPs to forward all data arriving and departing from their networks through special gateway servers.
Promoted since 2018, from the government’s point of view the sovereign internet is a way of protecting the country from the bad stuff the internet – or other countries – might throw at it.
To its critics, Runet, as it’s also known, is a straight power grab by a government obsessed with the idea of control, surveillance and censorship of its population.
If this sounds a bit like China’s infamous Great Firewall, senior Russian politicians downplay the comparison. Said Prime Minister Dmitri Medvedev earlier this year:
Certainly, we won’t have Chinese-style regulations. No firewall will emerge here.
On the contrary, he said, Runet was more about pushing back against the historic regulation of the internet by one country, the US, which had the power to threaten the integrity of Russia’s internet infrastructure.
DPI paranoia
At face value, it seems the government’s solution in Runet is to build a sort of parallel national internet, which is connected to global networks but can be disconnected from it if the government decides that’s necessary.
It sounds like an intranet of the sort Iran once proposed – a separate network with connections to the outside world – but its design is closer to that of a giant proxy through which traffic can be made to pass some of the time.
The simplest element of this will be deep packet inspection (DPI), a technology already universally used by ISPs across the world to prioritise traffic, block unwanted protocols, and prioritise specific applications.
But unlike conventional quality of service DPI, this won’t be controlled by ISPs, which will pass traffic to servers in the same racks controlled by communications regulator Roskomnadzor to do Runet’s heavy lifting.
Arguably, this is similar to the Great Firewall because its design sets up government-controlled servers as gateways capable of blocking traffic to applications, websites, and keywords the authorities want to stop citizens from accessing.
DNS 2
DPI has its limits, which is why Runet is trialling a much more radical concept that has some experts scratching their heads – a parallel DNS infrastructure.
DNS is a complex, distributed global address book, listing which IP addresses are associated with which domain names.
Setting up a parallel DNS implies that Russia will somehow mirror or proxy this system, or set up rival root domain servers, allowing it to to filter which domains will be resolved or what they resolve to.
No country has ever tried before and it’s hard to see how it can be done without creating a lot of potential bottlenecks or points of failure.
It looks as if this part of Runet is some way off being operational, which suggests that the technical challenges have yet to be overcome.
There is some justification for Russia’s worry about other countries launching cyber-operations against it – a scattering of reports suggest the US is probing Russian infrastructure (including its infamous ‘troll factory’ in St Petersburg) in a way that should give its leaders cause for concern.
And yet to sceptics, the idea of Runet offering the country glorious isolation is a far-fetched fantasy which ignores the realities of how ISPs and the internet works.
Internet traffic isn’t like a pipe that can be turned on and off or diverted at will. It functions as a cooperative system in which Russian ISPs must peer traffic that is heading to other destinations in ways that belie simple concepts of internal and external, good and bad.
The Russian government’s real battle is with a very narrow range of applications such as messaging app Telegram, VPN network providers (many of which were banned in 2017) and overlay privacy systems such as Tor.
If they are the real target, Runet is just another tool in the box. It won’t stop these from working but it might make accessing them less reliable and dissuade some Russians from using them.
The post Russia’s sovereign internet law comes into force – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Derbycon2019, Jim Shaver’s ‘API Keys, Now What? Taking The Pen Test Into The Amazon Cloud’
Source: National Cyber Security – Produced By Gregory Evans
Many Thanks to Adrian Crenshaw (Irongeek), and his Videographer Colleagues for Sharing His and Their Outstanding Videos Of This Last And Important DerbyCon 2019.
Visit Irongeek for additional production credits and additional information. Subscribe to Irongeek’s content, and provide Patreon support as well.
Permalink
The post Derbycon2019, Jim Shaver’s ‘API Keys, Now What? Taking The Pen Test Into The Amazon Cloud’ appeared first on Security Boulevard.
The post #cybersecurity | #hackerspace |<p> Derbycon2019, Jim Shaver’s ‘API Keys, Now What? Taking The Pen Test Into The Amazon Cloud’ <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Email Threats Poised to Haunt Security Pros into …
Source: National Cyber Security – Produced By Gregory Evans Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what’s needed to combat phishing As organizations begin to plan their cybersecurity strategy for 2020 and beyond, email security will certainly be high on leadership’s agenda. That’s because phishing attacks continue […] View full post on AmIHackerProof.com
Online #game designed to #bring more #young women into #cybersecurity #field
Source: National Cyber Security – Produced By Gregory Evans
High school girls will soon have a chance to play as “cyber protection agents” in an online game designed to attract more women into the cybersecurity field.
Delaware is one of seven states to partner with the SANS Institute, a for-profit cybersecurity training company, on the pilot of CyberStart. The online game is designed to teach cybersecurity skills to young people through sets of interactive challenges. The first round of the program engaged 358 students in Delaware and 3,300 across all seven states — but just five percent were women.
The latest version, Girls Go CyberStart, is designed to draw more young women to the game and ultimately the fast-growing cybersecurity field.
“The importance of cybersecurity cannot be understated and I encourage young women in Delaware high schools to take advantage of this opportunity to explore career options in this vital field,” Gov. John Carney said. “Delaware needs a pipeline of talent and a strong workforce to remain competitive in the innovation economy.”
Girl Scouts of the Chesapeake Bay CEO Anne T. Hogan said the organization will encourage its members to play the game. “This program will allow girls to learn by doing, develop important problem solving and leadership skills, and take the lead on their futures,” she said.
The players must complete 10 levels of challenges based around protecting an “operational base” under threat of cyber attack. The game will provide an agent field manual to help overcome the basic technical challenges of cybersecurity.
Registration will open January 29 and run until February 16. The first 10,000 applicants can play the game from February 20-25. More information is available at GirlsGoCyberStart.com.
The post Online #game designed to #bring more #young women into #cybersecurity #field appeared first on National Cyber Security .
View full post on National Cyber Security
Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners
The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla ASW servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.
The new campaign uses the legitimate, open-source XMRig cryptominer in conjunction with exploiting the old vulnerability CVE-2013-2618, which is found in Cacti’s Network Weathermap plug-in, according to a Trend Micro Cyber Safety Solutions Team report. The vulnerability is a cross-site scripting vulnerability in editor.php in Network Weathermap before 0.97b and allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.
This active campaign is hitting targets primarily in active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India.
“As to why they’re exploiting an old security flaw: Network Weathermap only has two publicly reported vulnerabilities so far, both from June 2014. It’s possible these attackers are taking advantage not only of a security flaw for which an exploit is readily available but also of patch lag that occurs in organizations that use the open-source tool” the team wrote.
Trend Micro was able to trace the activity back to two usernames associated with two Monero wallets where $74,677 has been deposited as of March 21.
The post Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Singapore #passes new #Cybersecurity Bill: Here’s what you #need to #know before it comes into #force
Source: National Cyber Security News
The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon. The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity. It also creates a licensing regime that will require certain data security service providers in Singapore to be registered.
We set out below four key points that you should know about this new Bill.
1. Creation of a cybersecurity regulator
The Bill provides for the appointment of a Cybersecurity Commissioner (the “Commissioner”) as a regulator for the sector.
The Bill confers on the Commissioner significant powers to respond to, and prevent, cybersecurity incidents affecting Singapore. These powers include the powers of investigation such as the power to examine persons, require the production of evidence and to seize evidence. In addition, where satisfied that a cybersecurity threat meets a certain specified severity threshold, the Commissioner may require a person to carry out remedial measures or to cease certain activities. These powers apply to all computer or computer systems in Singapore and are not limited to only Critical Information Infrastructure (CII) which is described in further detail below.
View full post on National Cyber Security Ventures
Hacker #tricks official #Vatican News site into #declaring #God an #onion
Source: National Cyber Security News
A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.
The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.
De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.
Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.
Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.
In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.
View full post on National Cyber Security Ventures
Connected #IO breaks into #cyber security #market
Source: National Cyber Security News
A SX-listed Internet of things company Connected IO has entered into a letter of intent with a US cyber security company to collaborate on a line of customised wireless routers, with the two companies currently finalising the proposed deal, worth $6.9 million over three years.
In a market update this week, Connected IO said it had signed the letter of intent with the US based cyber security company, whose name remains confidential, that would see it supply customised Category 1 wireless routers for the next three years.
According to Connected IO management, the two companies are now moving to execute a binding contract that would see the cyber security company purchase a minimum $625,000 worth of the cutting-edge routers per year with the more likely outcome being nearly $7m worth of purchases over the 3 year term of the deal.
With the letter of intent secured, the cyber security company now has a week to evaluate the customised units supplied by Connected IO. If they perform well, the two companies will then strike a binding deal, company management said.
Connected IO Chief Executive Yakov Temov said: “The Letter of Intent is a great step forward for CIO particularly as it is with a long standing customer and one we have dealt with since 2016.
View full post on National Cyber Security Ventures
Cyber security #lessons we can we #take into #2018
Source: National Cyber Security – Produced By Gregory Evans
If 2017 is remembered for anything in the cyber sphere, it is remembered as the year of malware.
There have been quite a few high-profile breaches and ransomware campaigns such as WannaCry and NotPetya. The question is, what can we learn from last year to improve things for this year?
One thing is clear: ransomware is evolving and is being deployed with more regularity. While targets, attack groups and tactics may change, there is growing concern that ransomware could easily be combined with nation-state developed exploits to spread through networks at an alarming rate. An example of this would be the Bad Rabbit attacks which were specifically designed to infect a large number of networks, using watering hole attacks.
“What we are learning from these attacks is that it is vital to patch any known vulnerabilities the moment a fix is available. At the same time, it’s important that we understand how security can be undermined and to research the exploits that are available for popular software,” advises Anvee Alderton, channel manager at Trend Micro Southern Africa.
Business Email Compromise (BEC) is also one of the major threats that many organisations may encounter. The FBI reported that between October 2013 and December 2016, $5,3-billion was lost due to BEC. Predictions are that this number may increase to $9-billion this year.
“BEC is actually one of the easiest attacks to prevent. BEC relies on social engineering and with better staff education and something as simple as ensuring two finance managers need to sign off on the transfer of large sums can mitigate the damage that such attacks could incur,” Alderton continues.
Last year saw big name firms such as Yahoo, Uber and Equifax come under attack. What this has highlighted is that it’s important to get the basics of cybersecurity right — no matter what size your organisation. The cost financially, as well as to a company’s reputation, can be irreparable.
Another great concern is the advent of the implementation of GDPR across Europe. Worryingly, a lack of interest from senior executives means that more than half shun responsibility for it. This is of particular concern since organisations have to comprehend what data they hold and be able to produce a breach notification plan. This is in addition to implementing top shelf technology to prevent cyber-attack.
“It really doesn’t matter when it comes to the size of the firm or whether the breach occurs through IoT or the cloud, or through social engineering. Vulnerabilities are the biggest threat all companies face. If there’s a hole in your security, someone will find a way through it. Use those patches as soon as they become available and educate staff. There is no better cure for attack than prevention and being prepared,” says Alderton.
New vulnerabilities and attack methods emerge daily — some of which could be devastating for the security of a company’s networks and systems. This is the year for CISOs to become hypervigilant and ensure that they have the right patch available at the right time, as well as the ability to respond to threats swiftly and efficiently.
The post Cyber security #lessons we can we #take into #2018 appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
How #Antivirus #Software Can Be #Turned #Into a #Tool for #Spying
Source: National Cyber Security – Produced By Gregory Evans
It has been a secret, long known to intelligence agencies but rarely to consumers, that security software can be a powerful spy tool.
Security software runs closest to the bare metal of a computer, with privileged access to nearly every program, application, web browser, email and file. There’s good reason for this: Security products are intended to evaluate everything that touches your machine in search of anything malicious, or even vaguely suspicious.
By downloading security software, consumers also run the risk that an untrustworthy antivirus maker — or hacker or spy with a foothold in its systems — could abuse that deep access to track customers’ every digital movement.
“In the battle against malicious code, antivirus products are a staple,” said Patrick Wardle, chief research officer at Digita Security, a security company. “Ironically, though, these products share many characteristics with the advanced cyberespionage collection implants they seek to detect.”
Mr. Wardle would know. A former hacker at the National Security Agency, Mr. Wardle recently succeeded in subverting antivirus software sold by Kaspersky Lab, turning it into a powerful search tool for classified documents.
Mr. Wardle’s curiosity was piqued by recent news that Russian spies had used Kaspersky antivirus products to siphon classified documents off the home computer of an N.S.A. developer, and may have played a critical role in broader Russian intelligence gathering.
“I wanted to know if this was a feasible attack mechanism,” Mr. Wardle said. “I didn’t want to get into the complex accusations. But from a technical point of view, if an antivirus maker wanted to, was coerced to, or was hacked or somehow subverted, could it create a signature to flag classified documents?”
That question has taken on renewed importance over the last three months in the wake of United States officials’ accusations that Kaspersky’s antivirus software was used for Russian intelligence gathering, an accusation that Kaspersky has rigorously denied.
Last month, Kaspersky Lab sued the Trump administration after a Department of Homeland Security directive banning its software from federal computer networks. Kaspersky claimed in an open letter that “D.H.S. has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company.”
For years, intelligence agencies suspected that Kaspersky Lab’s security products provided a back door for Russian intelligence. A draft of a top-secret report leaked by Edward J. Snowden, the former National Security Agency contractor, described a top-secret, N.S.A. effort in 2008 that concluded that Kaspersky’s software collected sensitive information off customers’ machines.
The documents showed Kaspersky was not the N.S.A.’s only target. Future targets included nearly two dozen other foreign antivirus makers, including Checkpoint in Israel and Avast in the Czech Republic.
At the N.S.A., analysts were barred from using Kaspersky antivirus software because of the risk it would give the Kremlin broad access to their machines and data. But excluding N.S.A. headquarters at Fort Meade, Kaspersky still managed to secure contracts with nearly two dozen American government agencies over the last few years.
Last September, the Department of Homeland Security ordered all federal agencies to cease using Kaspersky products because of the threat that Kaspersky’s products could “provide access to files.”
A month later, The New York Times reported that the Homeland Security directive was based, in large part, on intelligence shared by Israeli intelligence officials who successfully hacked Kaspersky Lab in 2014. They looked on for months as Russian government hackers scanned computers belonging to Kaspersky customers around the world for top secret American government classified programs.
In at least one case, United States officials claimed Russian intelligence officials were successful in using Kaspersky’s software to pull classified documents off a home computer belonging to Nghia H. Pho, an N.S.A. developer who had installed Kaspersky’s antivirus software on his home computer. Mr. Pho pleaded guilty last year to bringing home classified documents and writings, and has said he brought the files home only in an attempt to expand his résumé.
Kaspersky Lab initially denied any knowledge or involvement with the document theft. But the company has since acknowledged finding N.S.A. hacking software on Mr. Pho’s computer and removing it, though the company said it had immediately destroyed the documents once it realized they were classified.
The company also said in November that in the course of investigating a surveillance operation known as TeamSpy in 2015, it had tweaked its antivirus program to scan files containing the word “secret.” The company said it had done this because the TeamSpy attackers were known to automatically scan for files that included the words “secret,” “pass” and “saidumlo,” the Georgian translation for the word secret.
Kaspersky continues to deny that it knew about the scanning for classified United States programs or allowed its antivirus products to be used by Russian intelligence. Eugene Kaspersky, the company’s chief executive, has said he would allow the United States government to inspect his company’s source code to allay distrust of its antivirus and cybersecurity products.
But Mr. Wardle discovered, in reverse-engineering Kaspersky antivirus software, that a simple review of its source code would do nothing to prove its products had not been used as a Russian intelligence-gathering tool. (Watch how he reverse-engineered the software.)
Mr. Wardle found that Kaspersky’s antivirus software is incredibly complex. Unlike traditional antivirus software, which uses digital “signatures” to look for malicious code and patterns of activity, Kaspersky’s signatures are easily updated, can be automatically pushed out to certain clients, and contain code that can be tweaked to do things like automatically scanning for and siphoning off classified documents.
In short, Mr. Wardle found, “antivirus could be the ultimate cyberespionage spying tool.”
Mr. Wardle said it was relatively easy to use a vulnerability in Microsoft’s Windows software to manipulate the Kaspersky software. Because officials routinely classify top secret documents with the marking “TS/SCI,” which stands for “Top Secret/Sensitive Compartmented Information,” Mr. Wardle added a rule to Kaspersky’s antivirus program to flag any documents that contained the “TS/SCI” marker.
He then edited a document on his computer containing text from the Winnie the Pooh children’s book series to include the marking “TS/SCI” and waited to see whether Kaspersky’s tweaked antivirus product would catch it.
Sure enough, as soon as the Winnie the Pooh text was saved to his machine, Kaspersky’s antivirus software flagged and quarantined the document. When he added the same TS/SCI marker to another document containing the text “The quick brown fox jumps over the lazy dog,” it, too, was flagged and quarantined by Kaspersky’s tweaked antivirus program.
“Not a whole lot of surprise that this worked,” Mr. Wardle said, “but still neat to confirm that an antivirus product can be trivially, yet surreptitiously, used to detect classified documents.”
The next question was: What happens to these files once they are flagged? Mr. Wardle stopped short of hacking into Kaspersky’s cloud servers, where suspicious files are routinely uploaded.
However, he noted that antivirus customers, including Kaspersky’s, agreed by default to allow security vendors to send anything from their machine back to vendors’ servers for further investigation.
There are legitimate reasons for this: By uploading these items to Kaspersky’s cloud, security analysts can evaluate whether they pose a threat, and update their signatures as a result.
Kaspersky Lab said Mr. Wardle’s research did not reflect how the company’s software works.
“It is impossible for Kaspersky Lab to deliver a specific signature or update to only one user in a secret, targeted way because all signatures are always openly available to all our users; and updates are digitally signed, further making it impossible to fake an update,” the company said in a statement.
The company added that it applied the same security standards and maintained the same levels of access as other security vendors, and reiterated that it was willing to make its source code, threat detection rules and software updates available for audit by independent experts.
But, as Mr. Wardle’s research demonstrated, an untrustworthy vendor, or hacker or spy with access to that vendor’s systems, can abuse its deep access to turn antivirus software into a dynamic search tool, not unlike Google, to scan customers’ computers for documents that contain certain keywords.
“And no one would ever know,” he added. “It’s the perfect cybercrime.”
The post How #Antivirus #Software Can Be #Turned #Into a #Tool for #Spying appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
D5 Creation