Most
now browsing by tag
#cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means
Source: National Cyber Security – Produced By Gregory Evans
Getty
Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.
BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.
The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.
I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.
According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.
The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.
But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.
In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.
For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.
So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”
There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.
Windows Threats
- Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
- Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
- Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
- Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
- Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
- Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
- Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
- Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
- Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
- Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.
Mac Threats
- CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
- KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
- LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
- NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
- XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.
In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.
Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”
And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.
The post #cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means appeared first on National Cyber Security.
View full post on National Cyber Security
How to Get the Most Out of Your Security Metrics
Source: National Cyber Security – Produced By Gregory Evans There’s an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives. Much is at stake when reporting security metrics. This data is critical for management to evaluate security programs and justify further investment […] View full post on AmIHackerProof.com
Most Organizations Have Incomplete Vulnerability …
Source: National Cyber Security – Produced By Gregory Evans Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says. A new report shows companies that rely solely on the Common Vulnerabilities and Exposures (CVE) system for their vulnerability information are leaving themselves exposed to a substantial number of security […] View full post on AmIHackerProof.com
#cyberfraud | #cybercriminals | Internet’s most dangerous celebrity searches include Alexis Bledel, James Corden, says computer security company McAfee
Source: National Cyber Security – Produced By Gregory Evans
The computer security company McAfee said searches for Bledel lead to the most malicious and unreliable websites and links.
Late night talk-show host James Corden came in second.
Jimmy Fallon, Jackie Chan and Nicki Minaj also made the top ten.
McAfee has put the list out for 13 years now and cautions against clicking on suspicious websites, reported CNN.
Previous ‘most dangerous’ celebs included Emma Watson, Ruby Rose, Avril Lavigne and Amy Schumer.
Copyright © 2019 KABC-TV. All Rights Reserved.
The post #cyberfraud | #cybercriminals | Internet’s most dangerous celebrity searches include Alexis Bledel, James Corden, says computer security company McAfee appeared first on National Cyber Security.
View full post on National Cyber Security
The most #notorious #hacks in #history, and what they mean for the #future of #cybersecurity
Source: National Cyber Security News

Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.
For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.
As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.
Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.
View full post on National Cyber Security Ventures
PayThink #Users are #compromising #most #security #tech
Source: National Cyber Security – Produced By Gregory Evans
It took Bonnie and Clyde three years to rob about a dozen banks, but the scourge of bankers today is a quiet Russian hacking group called, appropriately enough, MoneyTaker, and they don’t need nearly as much drama to abscond with cash.
Using often tailor-made hack attacks that regularly rely on near-undetectable fileless malware, the MoneyTaker gang has, in barely a year and a half, robbed millions from 20 banks so far and counting. What’s worse is that the gang has stolen data that could let it hijack Swift transactions, leading Swift for the first time to issue a report on cyber-vulnerabilities with the banks it works with.
While hackers usually don’t discriminate, they’ve got no problem attacking servers at hospitals, schools and corporations with trade secrets and valuable intellectual property, banks hold a special place in their heart as that is where the money is, as yet another famous Depression-era bank robber once said.
Once a bank’s security is compromised, hackers can pay themselves from the funds on hand, transferring sums large and small to their accounts. However, with information about the global payment systems like Swift that’s also available only at the bank, hackers can do a lot more damage.
Hackers are getting better at “data mining” all the time. According to Kaspersky, Russian hackers operating just a couple of Darknet marketplaces in 2017 were offering this year an astounding 85,000 servers for sale (meaning, the authentication information that will let a hacker take control of the server), some for as little as $6! In 2016 there were “only” 70,000 such servers for sale, meaning that whatever we are doing to keep hackers at bay, it isn’t enough.
Included in those compromised servers are apparently some containing key Swift information, and it’s just a matter of time before the MoneyTaker gang will also use that information for fun and profit.
How are gangs like MoneyTaker getting away with this, especially with servers belonging to banks which are presumably protected by the latest cybersecurity systems? According to a study by the SANS Institute, it’s the “human factor” that is at work: As many as 95% of all attacks on enterprise networks begin with a spear phishing attack in which hackers dispatch their malware hidden inside email attachments. That attack could consist of trojans that pave the way for malware that allows hackers to take over servers, or the newer fileless malware attacks (where an agent installs itself in memory, hijacking servers for the use of hackers).
Cybersecurity systems, as sophisticated as they are, are clearly not doing the job — and maybe they never will, given that in the end the effectiveness of those systems can be overridden by workers inside the organization. The best systems then are the ones that take away from users and employees any opportunity to override security by responding to the phishing messages that get them, and their organizations, into trouble.
Systems like that need to be able to analyze messages and incoming files for malware or threats, and remove them before passing the file or message on to workers.
In addition, the system has to be robust and innovative enough to arrest malware that is passed on in innovative ways with traditional cybersecurity systems, like sandboxes that are perhaps not up to date on phenomena like fileless malware. With thousands of security systems out there, organizations are understandably confused about what systems are the most effective. But in our opinion, the systems that will perform best are the ones that limit opportunities for spearphishers to have their way with employees.
The post PayThink #Users are #compromising #most #security #tech appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Cisco: Most #IoT projects are #failing due to lack of #experience and #security
Source: National Cyber Security – Produced By Gregory Evans
Three quarters of all Internet of Things (IoT) projects are “failing”, according to Cisco’s Australian CTO Kevin Bloch, primarily because they have been designed to solve individual problems, and have become siloed and unsupported as a result.
“The inaugural phase of IoT is characterised by numerous point solutions from a multitude of new — often startup — vendors. Typically, these solutions have been designed to solve a particular societal problem such as lighting or parking. In each case, a complete IT stack needs to be built in support of the solution,” Bloch explained.
“Eventually, customers find themselves with multiple siloes from multiple vendors that don’t interoperate, are not cybersecure, use different protocols, and generate more complexity at greater cost.”
According to Bloch, this is why Cisco is constructing an “IoT Phase 2” foundation, which consists of a platform that is able to cope with multiple different sensors, vendors, applications, and data interchanges.
The CTO added that IoT projects are also failing due to a lack of cybersecurity, qualified skills by those running them, project definition, governance, and support.
Released alongside nine other axioms on the IoT landscape, Bloch said Cisco hopes to aid other companies in launching successful connected solutions by discussing both pitfalls and successes.
The lack of cybersecurity made up a second of his axioms, with Bloch saying that if something is not secured, it should not be connected.
“Cybersecurity crime is already at an all-time high and negatively impacting global economies by upwards of 1 percent of GDP,” he said.
“We are becoming more mobile, we are using more cloud services, and we are expanding IoT deployment to tens of billions of connected things, thereby expanding exploitation and attack opportunities. Our situation will inevitably get worse if we don’t take the right precautions.
“If you don’t secure it, don’t connect it.”
Again, Bloch said that most of the new IoT solutions being brought to market are being developed by companies or startups without any experience — including experience in security.
As a result, he said Cisco is continuing to invest billions of dollars into cybersecurity solutions for IoT, mobility, and cloud. One such product was Cisco’s IoT Threat Defense solutionlaunched in June in an effort to mitigate and solve common security issues threatening the deployment and operation of connected devices, with the networking giant at the time saying many vendors and companies strip security mechanisms out of devices in order to keep them at low cost.
Cisco IoT CTO Shaun Cooley in June explained that as many devices also don’t have the power to protect themselves, network-side security must be emphasised, along with improving processors, enforcing the better labelling of devices, and requiring a notification and approval process prior to allowing connectivity.
The IoT Threat Defense suite is also enabled by Cisco’s network intuitive, which combines the technologies Cisco has been working towards for the past few years: Software-defined networking, software-defined access, network function virtualisation, APIs, and intelligent WAN capabilities.
A third axiom saw Bloch argue that IoT is about collecting data and about the data itself — not about connecting things, with Cisco predicting that connections will cost nothing within a decade.
Under this axiom, Bloch said there are two main components needed to be able to “measure” the physical world and enable automation: Sensing via a camera, sensor, or processor; and connectivity, or the transferring of data measurements to a computer.
“Sensing and connectivity provide data that enable a product to externalise its capabilities and provide a range of new opportunities and services,” he explained.
Another of Bloch’s IoT axioms argued that the key is having the right data, knowing what to ask of the data, and knowing how to find the answers — with the CTO correlating this to another assumption: That by 2025, 40 percent of all data will never make it to the cloud.
“While amassing data may seem important, the critical question to ask is ‘what do you need the data for?’” he said.
“Most organisations already have more data than they can manage, yet most often don’t have the right data. If they did, would they know what to ask of the data? If they are able to formulate the problem, how would they go about finding the answers needed within the data?”
The key for organisations is finding the answers to those three questions by utilising a combination of compute, artificial intelligence, and machine learning, he argued.
Cisco has been focused on providing IoT solutions globally, in June announcing its Kinetic IoT operations platform with a focus on managing connections, “fog” computing, and the delivery of data, which “streamlines the capability of companies bringing their IoT initiatives to market”.
“It’s really a platform for getting data off of your devices,” Cisco SVP and GM of IoT and Applications Rowan Trollope said at the time, adding that it will complement Cisco’s Jasper IoT platform.
“We’re extending from the edge all the way onto the device to provide an amazing platform to get way more data.”
According to Trollope, trillions of terabytes of data is “locked up” on unconnected devices across the world, which Cisco Kinetic could help extract. It will also speed up the time between proof of concept and implementation for customers.
The post Cisco: Most #IoT projects are #failing due to lack of #experience and #security appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Third-party #cyber security failures cost #businesses the #most
Source: National Cyber Security – Produced By Gregory Evans
Third-party cyber security failures are costing businesses the most – up to £1.5m – as security budgets shrink, a study by Kaspersky Lab and B2B International reveals
Companies suffer the greatest damage as a result of cyber security incidents relating to their partners, according to research.
This is the finding of a study examining whether cyber security is a cost centre or a strategic investment by Kaspersky Lab and B2B International.
Incidents affecting infrastructure hosted by a third party cost small businesses £106,000 on average, while large enterprises lost nearly £1.5m as a result of breaches affecting suppliers they share data with, and £1.2m because of insufficient levels of protection at providers of infrastructure as a service (IaaS).
These findings indicate that companies should not only invest in their own protection, but also pay attention to that of their business partners.
As soon as a business gives another organisation access to its data or infrastructure, the report said weaknesses in one may affect them both.
There is a growing list of examples of data breaches that can be traced to third-party suppliers, from the Target breach in 2013, to more recent cases such as insider trading by hacking newswire services and fraudulent tax claims by compromising a feature on the US Internal Revenue Service website that was hosted by a third party.
This issue is becoming increasingly important as governments worldwide introduce legislation requiring organisations to provide information about how they share and protect personal data.
“While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.
“This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR [General Data Protection Regulation] become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill,” he said.
According to the study, 63% of companies are investing in cyber security regardless of return on investment (ROI).
However, the study also shows that businesses around the world are starting to view cyber security as a strategic investment, and the share of IT budgets that is being spent on IT security is growing, reaching almost a quarter (23%) of IT budgets in large corporations.
This pattern is consistent across businesses of all sizes, including very small businesses where resources are usually in short supply. However, while security appears to be receiving a larger proportion of the IT budget, the overall budget is getting smaller. For example, the average IT security budget for enterprises in absolute terms dropped from £19.2m in 2016 to £10.3m in 2017.
As security budgets shrink, the cost of security breaches is going up. In 2017, small to medium-sized enterprises (SMEs) are paying an average of £66,800 per security incident, compared with £65,900 in 2016, while enterprises are facing costs of £756,000 in 2017, up from £655,000 in 2016.
To help businesses with their IT security strategies, based on the industry threat landscape and specific recommendations, Kaspersky Lab has introduced an IT Security Calculator.
The tool is aimed at providing a guide to the cost of IT security based on the average budgets being spent, security measures, the major threat vectors, money losses and tips on how to avoid a compromise.
The post Third-party #cyber security failures cost #businesses the #most appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures