Intelligent Connections. Powerful Impact.
Call Us: 415-510-2973

Archive for the News Category

Russian Ransomware Brokers Scam Victims

Russian Ransomware Brokers Scam Victims

Security researchers have discovered cybersecurity scammers in Russia are generating hundreds of thousands of dollars in profits by falsely claiming to be able to unlock encrypted files.

Check Point explained that one ‘IT consultancy’ named Dr Shifro is promising customers it can help them recover from ransomware like Dharma/Crisis, for which there is no known decryption key.

In reality, the firm pays the ransomware author a fee and then passes the cost on to the customer at a 75%+ margin, acting more as a broker than an IT consultancy.

Dr Shifro has been around for over two-and-a-half years and has managed 300 ransomware ‘decryptions’ for its clients.

Typically it adds an extra $1000 fee on top of whatever the cyber-criminal is charging for a decryption key, meaning the firm has been able to drive profits of at least $300,000 over the past couple of years.

Researchers believe that, from the correspondence between Dr Shifro and the ransomware creators that they were able to obtain, the former also tries to negotiate a discount from the ransomware author to further increase its margins, a spokesperson told Infosecurity.

“The first point with services like Dr. Shifro’s is ‘if it sounds too good to be true, it probably is.’ While there are legitimate IT consultancies that can help recover systems and files from a ransomware attack, they will usually not make promises they cannot keep,” the security vendor warned.

“In fact, they will usually only offer to help where decryption keys are already publicly available online, and perform decryption services for those who may be unable to do so themselves. Anyone claiming otherwise should be approached with caution.”

Check Point warned that similar scams could emerge over the coming year as a new way of making money off the back of attacks.

Although there have been reports that cryptomining malware is growing in popularity at the expense of ransomware, a recent Europol report warned that the latter was still the top malware threats facing organizations, and would remain a major risk for years to come.

More targeted variants have started to emerge of late, which are harder for firms to defend against. Two Iranians were recently indicted by the US for masterminding the SamSam attacks over the past three years, causing losses estimated at $30m in North America and the UK.

Source: Information Security Magazine

New Head of Security Business Announced at BT

New Head of Security Business Announced at BT

Today, global telecommunications giant BT announced the appointment of Kevin Brown as managing director of BT Security.

Brown will succeed Mark Hughes, who is leaving BT at the end of the year. Brown will oversee the company’s physical and cybersecurity activity around the world.

Brown first joined BT in 2012, following a 20-year career in law enforcement. He has specialized in security throughout his time at BT, and in previous roles has led its global investigation and intelligence teams and driven the modernization of BT’s protection systems. In his previous role, Kevin led BT Security’s engagement with international governments, and managed its relationships with international law

BT has 3000 cybersecurity experts around the world protecting its operations across 180 countries as well as its customers’ networks. According to the firm, its global network of security operations centers protects BT against 125,000 cyber-attacks every month and provides cybersecurity solutions and services to consumers, governments and businesses.

“I’m thrilled to be leading BT’s security operations at a time when the need to protect households, business, governments and entire nation states from damaging cyber-attacks has never been greater,” Brown said.

“Our global network gives us a ringside view of the latest threats so we can anticipate and mitigate emerging attacks before they impact our business or our customers. Our expertise in securing BT’s global network is why organizations around the world trust us to protect their most critical assets. I’m really looking forward to continuing the rapid growth that BT Security has seen in recent years.”

BT also said that it plans to increase its cybersecurity headcount by 25% over the next five years “in order to develop the next generation of cybersecurity professionals and meets its growth ambition.”

Source: Information Security Magazine

Researchers Find First Major Kubernetes Flaw

Researchers Find First Major Kubernetes Flaw

Security researchers have patched a critical security flaw in popular container orchestration tool Kubernetes which could allow third parties to remotely control targeted systems.

Organizations running previous versions were urgently requested to upgrade to Kubernetes v1.10.11v1.11.5, and v1.12.3. The issue will also be addressed in the upcoming v1.13.0 release, according to Google staff software engineer, Jordan Liggitt.

“This vulnerability allows specially crafted requests to establish a connection through the Kubernetes API server to backend servers (such as aggregated API servers and kubelets), then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection,” he explained.

CVE-2018-1002105 is a privilege escalation flaw allowing an attacker to gain full admin privileges on any computer node run in a Kubernetes cluster. As such, it’s been give a CVSS score of 9.8.

“This is a big deal,” warned Red Hat cloud platforms lead, Ashesh Badani. “Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

All the firm’s Kubernetes-based products are affected: Red Hat OpenShift Container Platform, Red Hat OpenShift Online and Red Hat OpenShift Dedicated.

However, Badani used the opportunity to promote enterprise-grade open source products, which he claimed offer greater contextualized support for organizations in these situations.

This is the first major bug discovered in the popular container orchestration platform, and is likely to be exploited in the wild given the growing popularity of microservices among DevOps teams.

According to one firm, 44% of companies plan to replace some of their virtual machines (VMs) with containers, while the vast majority (71%) said they’ve already deployed containers on a VM.

Source: Information Security Magazine

Quora Breach Hits 100 Million Users

Quora Breach Hits 100 Million Users

Quora has become the latest big-name tech firm to suffer a major data breach, after revealing that personal information on 100 million users may have been compromised.

The question-and-answer website said it discovered unauthorized access by a malicious third party on Friday, and is currently investigating the exact cause of the incident in concert with a digital forensics firm and law enforcement.

The potentially compromised information includes account info such as names, email addresses and encrypted passwords, as well as data imported by users from linked networks.

Other data that may have been breached includes public content and actions — like questions, answers, comments and upvotes — and non-public content like answer requests, downvotes and direct messages.

“Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content,” the firm clarified.

“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.”

All affected users have been logged out, with a forced password reset for those who chose this as their authentication method.

SecureAuth chief security architect, Stephen Cox, suggested that stolen credentials may have been behind the breach.

“More focus needs to be put on advanced authentication techniques to improve organizations’ security posture in this threat landscape,” he added. “Far too many organizations are relying on approaches that have simply been proven ineffective against modern attackers, and they must be careful to not develop a false sense of security even when they’ve adopted basic techniques such as two-factor authentication.”

Although the personal data compromised in this incident appears to be fairly limited, and Quora had at least hashed passwords with a salt that varies for each user, the incident could still lead to a deluge of phishing attempts on users.

Source: Information Security Magazine

#NICEK12: Hands-On Resources from the Field

#NICEK12: Hands-On Resources from the Field

In addition to the five conference tracks at the 2018 NICE K12 Cybersecurity Education Conference going on in San Antonio, Texas, attendees were also able to engage in hands-on learning at drop-in sessions during which exhibitors were able to share resources they have used with some success to help advance cybersecurity in the K-12 sector. 

In one session, two teachers from North Carolina showcased the progress they have made in educating kids about cybersecurity.

In their presentation, “Bytes for Breakfast – A Small Rural High School’s Answer to Getting Students Excited About Coding and Cybersecurity,” teachers Renee Himmelspach and Amanda Campbell from South Stokes High School in North Carolina said that the name of their club came from the fact that the group meets before school.

The Bytes for Breakfast club, which is in its first year, meets twice a month before the school day begins for students to explore coding using the two Raspberry Pi’s and iPad Pros that were donated to the group. The group also meets once a month after school for an extended period of time.

Credit: South Stokes High School
Credit: South Stokes High School

With as much enthusiasm as Himmelspach and Campbell displayed, Robert Black, CEO and founder of Start Engineering, showcased the Cybersecurity Career Guide, a book designed for classrooms, camps and other outreach programs to introduce students to the myriad career paths available in the field of cybersecurity. 

Credit: Start Engineering
Credit: Start Engineering

In partnering with Palo Alto Networks, Start Engineering was able to produce the 52-page, magazine-style book that includes a description of different job types, as well as the required education and the likely salary candidates would earn for each position.

Designed for middle and high school students, the publication was released in April and will be updated every two years as job descriptions and technology evolves.

Source: Information Security Magazine

#NICEK12: Increasing Cyber Career Awareness

#NICEK12: Increasing Cyber Career Awareness

With a packed schedule of over 100 sessions across five tracks, the 2018 NICE K12 Cybersecurity Education Conference endeavored to deliver a wide array of strategies and tactics to enable educators and public schools to enhance their understanding of how to engage students in cybersecurity. 

The five tracks included increasing cybersecurity career awareness, infusing cybersecurity across the educational portfolio, integrating innovative cybersecurity educational approaches, designing cybersecurity academic and career pathways and promoting cyber awareness. 

In talking about innovative ways to introduce students to career paths they may not even know exist, Benjamin Galynker, director of content, Hats & Ladders, spoke about how to go “From Overwhelmed or Slacking to Ethical Hacking.” 

It’s no mystery why the skills gap continues to grow despite industry demand. “The problem we face is understanding how to raise young people’s awareness of career options that their parents might not know about,” Galynker said. 

When it comes to cybersecurity, most people think it’s not for them or more likely that it couldn’t be for them, which is why awareness matters. Society works best when young people pursue careers that they are confident will allow them to succeed in their futures, Galynker said.

There are some missing links, though, between awareness and "what should I do next," which is where educators and schools play a key role. Hats & Ladders is one way to make educators aware of the industry’s efforts to create platforms that will help engage students. 

The organization is intended to connect educators and mentors, industry partners, colleges and community programs to help students begin to understand the career opportunities available to them through online learning, as well as helping educators incorporate into their curriculum more hands-on DIY activities, field trips and observations, internships, apprenticeships and scholarships.

Part of the effort is to help educators understand the root sources. To that end, Hats & Ladders developed a free platform to fill in those missing links, taking students from curiosity to interest, engagement and motivation. 

Often, youth will rely on their own knowledge without realizing what they don’t know. They think they know what they want to do, but they don’t have a second or third choice, nor do they understand the career assets they might have and how they can use those assets to pivot into potential cybersecurity careers. 

“Youth don’t have a lot of career development counseling,” Galynker. “[For] every 437 high school students, there is only one high school counselor, making parents the single largest influence on young people’s careers.”

Source: Information Security Magazine

#NICEK12: Young Women Are Making Cyber Waves

#NICEK12: Young Women Are Making Cyber Waves

In a pre-conference workshop, 2018 NICE K12 Cybersecuirty Education Conference sponsor IBM offered #CyberDay4Girls, in which girls in 6th–9th grade met at Sam Houston High School to learn about protecting their online identity and the internet of things and to meet female role models studying and working in cybersecurity. 

Part of the goal is shifting the perspective and teaching girls to be brave, not perfect, said Kyla Guru, a high school junior from Illinois and founder of Bits N’ Bytes Cybesecurity Education (BNBCE) in her keynote address.

Guru first thanked the audience for involving her in the dialogue about what she called our "state of cyber-insecurity." “What is the current state?” Guru asked. “An expected 1.8 million cybersecurity jobs that will be unfilled by 2022. In 2017, the education sector alone accounted for 13% of breaches, which amounts to the compromise of around 32 million records. In addition, we are expected to lose $8 million by 2022.”

Her goal is to make sure that we all understand the monetary loss that will happen because of cyber-attacks so that rather than lose that money, we can try to save that money for future generations to invest in saving the future.

“We are making waves,” Guru said, “and that calls for some sort of applause. We need some recognition for the progress we have made so that we can get excited about the work that still needs to be done.”

In explaining her vision, Guru explained why she came to create BNBCE. The idea came to her when thinking about the requirement that she and her fellow students had to sign the student science lab safety contract every year. After seven years, she had the contract memorized.  

“I know that after you get chemicals in your eyes, you have to wash your eyes out for 20 minutes at the wash station. Those have been made second nature because of the emphasis that teachers have put on it. So I started to think, ‘What if we could make something like this for cybersecurity?’ because that is the power of education.”

Recognizing that the digital internet is the new playground for young people, Guru said she realized that her peers didn’t have security as a second nature to them. “I set out to create a five-minute animated video for my former elementary school, but after I made the video, I realized that the problem couldn’t be solved by one video sent to one school down the street from my house. This mission was so much bigger than this one school.”

From there, Guru created the national nonprofit that started with youth. Why? “It is incredible impressive and slightly concerning how much we use technology. Also, young people are going to build technology. Shouldn’t they know how to deal with and manage the situations that will come along with that technology?” she said.

In the past 24 months, the nonprofit has grown to include 26 partners. BNBCE has written 40 articles on its blog and hosted more than 35 workshops, amounting to an outreach that has connected with 15,722 students.

Source: Information Security Magazine

#NICEK12: San Antonio Aims to Become Cyber City, USA

#NICEK12: San Antonio Aims to Become Cyber City, USA

The 2018 NICE K12 Cybersecurity Education Conference kicked off this morning in San Antonio, Texas, with opening remarks from Ron Niremberg, mayor of San Antonio. 

The National Initiative for Cybersecurity Education (NICE) is part of the National Institute of Standards and Technology (NIST) and aims to deliver quality professional development focused on strategies that will inspire awareness about cybersecurity preparedness for young people while also inspiring them to explore the myriad careers within the industry. 

“I can’t think of a more important educational initiative,” said Niremberg. “The city’s cyber roots go almost as far back as our military history. Today San Antonio is second only to Washington, D.C., in terms of cybersecurity assets.”

Over the past few years, the US Cyber Command has brought more than 1,000 new jobs to San Antonio, resulting in hundreds of millions of dollars of economic impact. In addition to the robust cybersecurity industry, the city boasts over a dozen colleges and universities with cybersecurity programs.

Advancements continue to be made. According to the mayor, in the last two months, San Antonio has had two very exciting announcements related to work in cyber. First, the University of Texas–San Antonio (UTSA) announced a significant investment in its AI and data science national security collaboration center. With a $33 million investment, UTSA will be expanding its downtown campus by developing a National Security Collaboration Center (NSCC) and a School of Data Science.

Second, Texas A&M was invited to join Facebook’s cybersecurity university program. Together, Facebook and Texas A&M–San Antonio have opened a $63 million science and technology building. 

The collective investments are an indication that “San Antonio leadership gets it. Cybersecurity is an extraordinary priority for us,” Niremberg said. 

“We know our community needs to continue to fund innovation and continue to invest in our future workforce, as we continue to build what we call Cyber City, USA. The work you are doing is critical for all.” 

Source: Information Security Magazine

Reported Cybercrime Jumps 14% in England

Reported Cybercrime Jumps 14% in England

There has been an increase in the volume of cybercrime incidents reported to English police of 14% over the past two financial years, according to a new report.

Think tank Parliament Street filed Freedom of Information (FOI) requests with the country’s police forces, asking for a breakdown of Computer Misuse Act crimes which involve hacking, smart devices and/or connected devices.

Although it received back a full set of answers from just 14 out of a possible 39 forces, the findings could be viewed as illustrative of broader trends.

The total number of cybercrimes over the two-year period was 2547, rising from 1193 in 2016/17 to 1354 in 2017/18.

Of those appraised, Cleveland Police reported the most cases in 2017/18 with 356, followed by West Midlands (329) and Nottinghamshire Police (246).

The latter two also reported the biggest increases from the previous year, of 19% and 21% respectively.

However, interestingly, London’s Metropolitan Police reported a drop in cybercrime cases, from just 77 in 2016/17 to 49 in 2017/18.

Anecdotally, unauthorized access of email and social media accounts to obtain and distribute personal photos figured strongly in cases. On the corporate side, the report also highlights ransomware as a common factor in cases.

“It’s clear that the tidal wave of cybercrime is draining the resources of police forces as well as businesses. Tackling this problem requires a concerted effort to recruit staff equipped with the latest cyber skills as well as extending education and training opportunities to existing employees,” argued Sheila Flavell, chair of the Institute of Coding.

“As part of this effort, it’s vital that industry works more closely with academic institutions, to develop specialist flexible courses, so that skills within workforces increase dramatically.”  

The report itself calls for mandatory cyber training for all new police recruits in line with nationally recognized standards; more help from tech and social media companies to train officers; and an increase in STEM-qualified officers.

“As well as working closely with universities and training colleges, industry organizations should also offer placement years and consultancy to ensure that police forces are fully equipped to deal with this threat,” it advised.

The tech sector is stepping up to a certain extent: last week Cisco announced it would be providing free access to its Cisco Networking Academy to help train 120,000 officers.

Source: Information Security Magazine

Kaspersky Lab's US Ban Appeal Thrown Out

Kaspersky Lab's US Ban Appeal Thrown Out

Eugene Kaspersky has vowed that his firm will continue its mission to protect global organizations after a US court threw out its appeal to have a ban on federal use of its products overturned.

On Friday, a US Court of Appeals for the District of Colombia Circuit upheld a district court ruling that the September 2017 Binding Operative Directive (BOD 17-01) and the Congressional National Defense Authorization Act (NDAA) do not violate the constitution.

Kaspersky Lab had argued in court that they violate the Fifth Amendment by interfering with due process.

Russian intelligence is said to have used Kaspersky Lab products to spy on top secret US government programs, but the firm has always denied any collusion.

Kaspersky himself was sanguine about the outcome.

“The DC Circuit Court’s decision is disappointing, but the events of the past year that culminated in this decision were almost expected, and not just by our company, but by the cybersecurity industry in general,” he wrote in a blog post.

“We’re sure that the issues involved in our litigation go far beyond technical aspects of US constitutional law; they include real-world problems concerning everyone: a progression of protectionism and balkanization in a world of understated cyber-rivalry and highly sophisticated international cyber threats.”

The Moscow-headquartered firm had launched a Global Transparency Initiative in an attempt to restore trust with customers. This includes three new Transparency Centers in the US, APAC and Europe, where trusted partners can access reviews of the company’s code, software updates, threat detection rules and more.

The first such center was recently opened in Switzerland.

“We’re addressing customers’ concerns by ensuring that our own operations are transparent and trustworthy with a respected firm auditing our engineering practices and secure development processes,” explained Kaspersky.

“We constantly aim to be a part of the solution as the cyber threat landscape evolves. Regardless of whether we decide to pursue further legal action in response to today’s decision from the DC Circuit Court, we’ll remain committed to providing the best cybersecurity solutions for our customers globally and saving the world from cyber threats.”

Source: Information Security Magazine