now browsing by tag
#cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means
Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.
BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.
The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.
I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.
According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.
The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.
But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.
In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.
For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.
So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”
There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.
- Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
- Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
- Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
- Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
- Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
- Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
- Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
- Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
- Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
- Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.
- CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
- KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
- LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
- NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
- XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.
In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.
Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”
And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | MAS reminds of vigilance against cyber threats taking advantage of coronavirus situation
Source: National Cyber Security – Produced By Gregory Evans SINGAPORE: The Monetary Authority of Singapore (MAS) reminded financial institutions to remain vigilant on the cybersecurity front amid cases of “cyber threat actors” taking advantage of the coronavirus situation to conduct email scams, phishing and ransomware attacks. In a media release on Sunday (Feb 9), MAS said […] View full post on AmIHackerProof.com
The Rise of Third-Party Scripts
Partial Request Map View of www.Akamai.com
We, like almost all other internet-based businesses, use third-party scripts because they enhance the web experience, are easy to add and modify, promote a consistent web experience and are pre-integrated and maintained by the third parties. In fact, web sites today average 56% third-party scripts (Akamai has 68% third-party).
Source: Security and Frontend Performance, Challenge of Today: Rise of Third Parties, Akamai Technologies and O’Reilly Media, 2017
The Security Challenge
Magecart – a class of credit card hacker groups using new & more sophisticated attack methods has become the “poster child” of third-party scripts attacks.
Because third-party scripts come from a myriad of trusted and untrusted sources in a business’s supply chain, the attack surface for web-facing applications has become significantly larger and harder to protect. Sites that use credit card processing are at constant risk – in fact out of the tens of thousands of sites hit with Magecart in the last few years, 1 in 5 victims are re-infected, often within months of the last attack.
Source: Sangine Security, 2018. https://sansec.io/labs/2018/11/12/merchants-struggle-with-magecart-reinfections/
Unfortunately, most application protection solutions today have tried to retrofit existing techniques to prevent third-party script threats using firewall and policy controls. When rigorously applied, this approach can restrict open business practices and the advantage of third-party scripts. And, when applied to loosely, can miss a lot of attacks.
The primary way, security teams keep their scripts clean, is via constant script review and testing… which is really hard.
Source: Symantec 2019 Internet Security Threat Report
Akamai Page Integrity Manager
- Behavioral detection technology constantly analyses the behavior of script execution, in real-user sessions, to identify suspicious, or outright malicious behavior and notify security teams with timely and actionable insights.
- Outgoing network monitoring and script Intelligence: monitor network requests and know what real users are downloading and executing when they interact with your brand to detect potential malicious threats.
- Edge Injection for rapid enablement: Page Integrity Manager is injected at the CDN level, easy to deploy, no code needed.
Akamai will be launching Page Integrity Manager in 2020.
We are inviting customers to participate in a valuable beta project with a working product to help you be protected from malicious scripts.
To learn more, download our Beta Product Brief.
Join our beta program today by contacting your Akamai sales team.
*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Mike Kane. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/-QH1Nxqx7Mc/protecting-websites-from-magecart-and-other-in-browser-threats.html
View full post on National Cyber Security
#nationalcybersecuritymonth | Covered Security wants you to be smarter about online threats — for your employer’s sake
I took a five-minute online quiz created by a Boston startup, Covered Security. It’s designed to give you the cybersecurity equivalent of your credit score — basically, how do your online security habits compare with the average person’s, and how do they compare with the habits of security experts? Let’s just say I have some improvements to make before I reach the “average” mark on Covered’s grading scale.
What Covered is trying to do is motivate people like me to change. Not because we’re a danger to ourselves, but because we’re a danger to our employers.
“Normal people are compromised at a rate that is 124.7 percent higher than security professionals,” says Covered’s founder and CEO, Chris Zannetos.
Unfortunately, it can be tough to get people to change bad habits, such as using the same password for multiple accounts or using easy answers to the security prompt questions for password recovery (like mother’s maiden name.)
As for getting them to pay for new security software or services that might make them less vulnerable? Forget about it, Zannetos says. People are complacent about security until a hacker breaks into their Facebook account and starts messaging all of their friends or cracks a bank account and wreaks havoc.
So Covered is focusing on employers, who have a lot more at stake — billions of dollars, trade secrets, brand reputations, and stock prices. Corporate information security executives, Zannetos says, “always say that people were the soft underbelly of their security program. They are a gateway for hackers to break into the organization,” such as when employees hastily respond to an e-mail that looks like it’s from the boss requesting password information, or asking them to review an attached file. (Oops — malware, which can give the bad guys access to everything on your machine.) So Covered is planning to sell to companies, rather than to individuals, and it already has a handful that are using its software, including Aflac, the Georgia insurance company.
Covered Security was founded in 2016, and it’s still small — fewer than 10 employees, Zannetos says. The objective, he explains, was to create “a FitBit for online security. Could we make it simple, fast, and personally rewarding for people to improve their own security habits?”
Covered’s product is fundamentally about education: What are the ideal things to be doing to protect your passwords and accounts, and where have data breaches occurred recently that may affect you and your account information? The Web-based system gives you pats on the head (“kudos”) when you make small improvements, and your employer can offer prizes to people who have accumulated a certain number of kudos. (Yes, you are on the honor system: You can say that you’re using two-factor authentication — “text me a code so I can log in to my account” — without actually doing it.)
Your employer can’t peer into an individual employee’s Covered profile, Zannetos says. But they can see high-level analytic data about “where the company is weak and where they’re strong, and what behavior they need to incentivize.”
This month, to build buzz, Covered has been giving away gift cards to people who register with the site and start earning kudos.
Danahy, the security entrepreneur, says that while “most people treat the end user as a problem that is not solvable — they will always make mistakes — what Covered is doing has an optimism, and a realism, I think, that you can change that.”
The notion, he says, is that you and I should be more aware of practical behaviors, like using a password repository to create and manage our passwords, as well as read articles about the latest hacker techniques, so that we don’t become victims. Offering kudos and financial incentives to spend time doing that, Danahy says, “gamifies” the process of changing our behaviors. Danahy serves as an adviser to Covered but is not an investor in the company.
Oren Falkowitz, CEO of the California startup Area 1 Security and a former staffer at the National Security Agency and US Cyber Command, says via e-mail that the Covered concept sounds simple. “But the reality is, we humans can’t be taught to be less human. Our innate curiosity, our willingness to trust complete strangers, and our child-like interest in a good story, all work against us in cyberspace.” That’s what makes it impossible, Falkowitz says, to stop phishing attacks without relying on “specific and advanced computer software.”
“The concept of training employees so that they can better avoid being phished or falling prey to other social hacks is not new, and almost every company is doing some level of employee education in this regard these days,” says Maria Cirino, a former cybersecurity CEO and venture capitalist at the Boston firm .406 Ventures. But Covered’s approach and use of technology to change people’s bad habits could prove more effective and measurable, Cirino says. Her firm hasn’t invested. Covered has so far raised a bit more than $1 million from individual investors, and Zannetos hopes to add more to the company’s bank account in the spring.
Covered is in the midst of juggling the four balls that every startup needs to keep in the air: finding investors, closing sales, hiring skilled employees, and continually improving the product.
But the mission — making all of us a little less dumb, when it comes to online security practices — is an important one.
Scott Kirsner can be reached at firstname.lastname@example.org. Follow him on Twitter @ScottKirsner.
View full post on National Cyber Security
Cyber threats are concerns for many small and medium-sized business executives entering 2020, AppRiver’s “Q4 Cyberthreat Index for Business Survey” revealed.
Cyber threats represent top concerns for many small and medium-sized business (SMB) executives entering 2020, according to the “Q4 Cyberthreat Index for Business Survey” from cybersecurity solutions provider AppRiver.
Key findings from AppRiver’s survey included:
- 79 percent of SMB executives and IT decision-makers named potential cyber threats as “a top-of-mind concern.”
- 72 percent noted a successful cyberattack likely would be harmful to their business.
- 66 percent said they believe cyberattacks “are prevalent on a business such as their own.”
- 45 percent said they believe their business is vulnerable to imminent cyberattacks.
Furthermore, AppRiver’s survey indicated that 62 percent of SMBs plan to increase their cybersecurity budgets in 2020. The survey also showed that most SMBs have cybersecurity strategies and areas in which they plan to invest next year.
Technology Improvement, Training Are Top Cybersecurity Priorities for SMBs in 2020
Technology improvement (58 percent) ranked first among the top areas in which SMBs plan to invest for cybersecurity improvement in 2020, AppRiver’s survey revealed. Meanwhile, training (57 percent) ranked second, followed by conducting regular reviews of security defenses (50 percent), adding in-house security talent (35 percent) and outsourcing security tasks or partnering with an MSP (30 percent).
Ultimately, SMBs — regardless of industry — are susceptible to cyberattacks. But with support from MSSPs, these businesses could bolster their security posture and combat cyberattacks both now and in the future.
Approximately 32 percent of SMB IT security operations are supported by MSSPs, according to the “2019 Global State of Cybersecurity in Small and Medium-Sized Businesses” study of roughly 2,200 SMBs conducted by password management software provider Keeper. This study also showed that 70 percent of SMBs leverage MSSPs for firewall monitoring or management or intrusion prevention systems.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Cloud, 5G and ‘wetware’ attacks — the 5 biggest cybersecurity threats of 2020
Source: National Cyber Security – Produced By Gregory Evans (Source: Giphy) Businesses are getting cosier with the cloud. As more data pours in, it makes sense to use a public cloud server rather than set up servers in-house. But just because they’re moving to a ‘cloud smart’ agenda doesn’t mean that they aren’t being ‘cloud […] View full post on AmIHackerProof.com
#nationalcybersecuritymonth | IIT Kanpur and TalentSprint Announce Partnership for Development of Cyber Security Experts to Combat Cyber Threats
- Equip and Enable 1000 Cyber Security Professionals in coming years
- Hybrid Executive Format with Bootcamps at IIT Kanpur and Live Online Sessions
- Advanced Certification Program in Cyber Security and Cyber Defense
The Indian Institute of Technology, Kanpur (IIT Kanpur) has announced an Advanced Certification Program in Cyber Security and Cyber Defense in partnership with TalentSprint. The program is designed for current and aspiring professionals who are keen to explore and exploit the latest trends in cyber security technologies. A combination of deep academic rigor and intense practical approach will allow participants to master in-demand skills and build world class expertise. The first cohort will start in early 2020.
IIT Kanpur, established in 1959, is widely recognized as a global trailblazer in computer science research and education. Most recently, IIT Kanpur has taken the lead in cyber security by setting up the Interdisciplinary Centre for Cyber Security and Cyber Defence of Critical Infrastructures (C3i). The mission of C3i is research, education, and training, and also spawn startups to create technological safeguards to protect critical national infrastructure. The centre collaborates with other global centres of excellence and is positioned to become a world leader in cyber security.
Speaking on the occasion, Dr. Manindra Agrawal, Program Director and Professor of Computer Science at IIT Kanpur, said: “It is estimated that there will be roughly 200 billion connected devices by 2020. Rapid convergence of Mobility, Internet of Things and Cloud Computing is leading to an explosive increase in security threats and the need for Cyber Defense experts to combat these threats is becoming all the more important. Our program will leverage the deep research capabilities of C3i to arm technology professionals with the right expertise to counter a wide range of emerging threats and vulnerabilities.”
Dr. Santanu Paul, Co-Founder and CEO of TalentSprint, said: “We are delighted to partner with IIT Kanpur on a mission to create Cyber Security experts. The demand for such professionals is outstripping supply. Companies need sophisticated responders to defend against the growing threat of cyberattacks. There is a huge talent crunch and 59% of the companies have vacant positions suggesting a cumulative global shortfall of 1.5 million such professionals.”
According to NASSCOM, India’s cyber security market is projected to grow to $35 billion by 2025. This 6-month Advanced Certification Program in Cyber Security and Cyber Defense will be delivered in an executive-friendly format with immersion bootcamps at the IIT Kanpur campus, complemented by live online interactive sessions via the TalentSprint digital platform. Program participants will also get direct exposure to C3i and its research expertise during their visits to IIT Kanpur. In addition, TalentSprint will curate state-of-the-art capstone projects for program participants, and actively leverage its digital platform for the purpose of accelerated experiential learning.
Technology professionals interested in this program should apply for selection at: https://iitk.talentsprint.com/Cyber Security/
Indian Institute of Technology, Kanpur, is one of the premier institutions set up by the Government of India. Registered in 1959, the institute was assisted by nine leading institutions of U.S.A in the setting up of its academic programs and laboratories during the period 1962-72. With its record of path-breaking innovations and cutting-edge research, the institute is known the world over as a learning centre of repute in engineering, science and several inter-disciplinary areas. In addition to formal undergraduate and postgraduate courses, the institute has been active in research and development in areas of value to both industry and government. For more information, visit www.iitk.ac.in
TalentSprint brings high-end and deep tech education to aspiring and experienced professionals. It partners with world class academic institutions and global corporations to develop and offer disruptive programs. TalentSprint’s hybrid platform delivers unique onsite and online experiences that help build cutting-edge expertise, for today and tomorrow. For more information please visit www.talentsprint.com
Click here for Media Contact Details
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food and good company. Once they’ve put away the leftovers, many Americans don their coats and head to the malls for Black […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | 5G & IoT: Real-World Rollouts Launch New Opportunities and Security Threats
This e-book examines what service providers need to know as commercial rollouts of 5G technology begins in 2020.
The post 5G & IoT: Real-World Rollouts Launch New Opportunities and Security Threats appeared first on Radware Blog.
The post 5G & IoT: Real-World Rollouts Launch New Opportunities and Security Threats appeared first on Security Boulevard.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Isolation protects you from threats that haven’t even been discovered
Source: National Cyber Security – Produced By Gregory Evans Another day, another validation that Internet isolation really is the best cybersecurity protection out there. Last week, Google released an urgent Chrome update to patch an actively exploited zero-day known as CVE-2019-13720, a memory corruption bug that uses a use-after-free vulnerability in audio that allows a […] View full post on AmIHackerProof.com