[From the desk of Paul Davis – his opinions and no-one else’s]
Fresh from Blackhat, it was an interesting conference and I will provide a commentary from my perspective on what the general trends and observations were.
Have a great weekend.
Apart from the reporter’s opinions đ
So onto the news:
Cloud syncing services give hackers a covert way to control hijacked computers
Researchers from security firm Imperva found that attackers could easily hijack user accounts for services from Dropbox, Google Drive, Microsoft OneDrive and Box if they gain limited access to computers where such programs runâwithout actually stealing user names and passwords.
The researchers developed a simple tool they dubbed Switcher, whose role is to perform what they call a âdouble switchâ attack.
Switcher can be deployed on the system through a malicious email attachment or a drive-by download exploit that takes advantage of a vulnerability in a browser plug-in. If an exploit is used, the program doesnât even have to be written to disk. It can be loaded directly into the computerâs memory and doesnât need high-level privileges to execute its routine.
The Switcher first makes a copy of the userâs access token for the targeted file synchronization app and replaces it with one that corresponds to an account controlled by the attacker. It then restarts the application so that it synchronizes with the attackerâs account.
At the BSides security conference this week, also in Las Vegas, software developers Gabriel Butterick, Dakota Nelson and Byron Wasti released a framework that can create an encrypted covert communication channel for malware by using images, audio clips and text messages posted on social media sites like Twitter, SoundCloud and Tumblr.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dfef265695&e=20056c7556
Phishing was up 74% in Q2 of 2015
In response to the news that a new report has revealed that phishing was up 74% in Q2 of 2015 and as a result malicious DNS-related cyber-activity also skyrocketed, Kevin Epstein, VP of Advanced Security and Governance at Proofpoint commented on the Phishing up 74% in Q2 2015.
âMalicious attacks have absolutely increased in comparison with 2014. On any given day, more than 30% of âspamâ actually contains weaponized attachments or URLs â with a bias towards corporate-focused targets, as outlined in the Human Factor report, emphasizing the need for modern targeted attack protection and threat response systems â
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=89ca389d56&e=20056c7556
Three top tips to keep connected cars safe from hackers
This week at Def Con, CTO of Lookout Kevin Mahaffey and Cloudflare’s Principal Security Researcher Marc Rogers plan to reveal the results of research into Tesla vehicle security.
In order to combat the emerging threat of digital threats against vehicles, automakers need to immediately make radical changes. According to Mahaffey and Rogers, there are three top priorities automakers need to consider, as listed below:
1. Set up an over-the-air update system
2. Have strong separation between drive and non-drive systems
3. Secure every individual component in your system to limit the damage from any successful penetration
This week, news surfaced that Fiat Chrysler did not inform US regulators of a severe software flaw in Uconnect-equipped vehicles which could allow attackers to remotely control cars. Fiat Chrysler has recalled 1.4 million vehicles which may be vulnerable to the vulnerability — on a voluntary basis — and has issued software updates to combat the problem.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5fbaf2e6a1&e=20056c7556
ISACAâs Cybersecurity Nexus Launches CSX Practitioner Certification
Beginning today, cybersecurity professionals can pursue the CSX Practitioner (CSXP) certification, the first-ever vendor-neutral, performance-based certification for cybersecurity professionals.
To earn CSXP, candidates must pass an exam in an adaptive, performance-based cyber laboratory environment. The exam measures skills and abilities in a virtual setting using real-world cyber security scenarios.
âEarning the CSXP demonstrates practically tested abilities in prevention, detection and response to a cybersecurity incident,â said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at Intralot. âThis credential is a clear indicator to employers that an individual has the skills to help protect and defend their organization.â
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4fd3d4b2e2&e=20056c7556
Data security: where are the main threats coming from now?
The number of laws governing the handling of personally identifiable data (PID) and the severity of penalties for breaking them have both increased in recent years, and the new EU General Data Protection Regulation, which is due to come into force in the next few months, is likely to tighten things still further.
Human beings are almost always the weakest link, and most successful attacks happen as a result of human error.
In terms of those attacks, malware in general was of most concern to the survey respondents (see below). This is not surprising: the AV-Test Institute registers some 390,000 new malicious programs every day, a number that has more than doubled in two years. Phishing was next. Attackers are getting cleverer at personalising their attacks, getting people to compromise their systems by visiting booby-trapped web pages that harbour malware, for example.
Generating almost as much concern as phishing is a new threat, crypto-malware. Crypto-malware really only came to public attention two years ago when CryptoLocker began infecting Windows machines. Its rise coincides with that of crypto-currencies like Bitcoin, which being virtually untraceable is the currency of choice of cyber criminals.
The three actors that caused the most concern were spammers, organised criminals and script kiddies and crackers (see below). The first one is surprising as rates of spam emails are actually declining now, but it could be that respondents were equating the word with the delivery of malware via email, which is still a primary means of attack. Organised crime is certainly interested in attacking commercial businesses because of the rich pickings to be had, either in terms of IP stolen, password files hacked or personal data to be sold on, while teenage hackers view such targets as status-enhancing challenges.
Fourth came hacktivists and pressure groups. These are more of an issue for some sectors than others. Organisations in the finance sector are an obvious target for political activity due to anger with the banks at a time of austerity, while government agencies are another favourite punchbag. Just below these groups, disgruntled employees were also a source of concern to businesses in terms of their ability to access and transmit confidential data to whomever they please.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9e591f30df&e=20056c7556
HIPAA Enforcement On The Rise
The number of claims filed under the Health Insurance Portability and Accountability Act (HIPAA) have skyrocketed in recent years. The latest figures from the U.S. Department of Health and Human Services (DHS) highlight a dramatically increased enforcement effort by the government in administering the federal privacy law.
According to the U.S. Office of Civil Rights (OCR), it has received over 115,929 HIPAA complaints and initiated over 1,216 compliance reviews since the promulgation of the final HIPAA Privacy Rule in 2013. Of those, 23,580 have required businesses to make changes to their privacy practices or otherwise face corrective actions.
Cornellâs recent settlement highlights a trend in HIPAA enforcement that began last year when two hospital systems paid $4.8 million to settle data breach claims. In that case, data from 6,800 individuals was compromised, including patient information, medications, vital statistic information, and lab results. The breach occurred when a physician attempted to deactivate a personal server, which resulted in data being released to the Internet in a searchable format.
Another recent enforcement action in the healthcare industry also resulted in a large settlement; a health system in Indiana had to pay an $800,000 settlement after one of its employees left 71 cardboard boxes of medical records unattended on the driveway of a physicianâs home.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=45645c973a&e=20056c7556
Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the âMother of all Android vulnerabilitiesâ capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices â over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
Google claims that Android 4.0 and higher arenât as susceptible due to built-in protection against a buffer overflow attack.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=68954f2bbe&e=20056c7556 (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=59ff99caf1&e=20056c7556)
Infoblox DNS Threat Index Hits Record High In Second Quarter Due to Surge in Phishing Attacks Join our daily free Newsletter
(MENAFN Press) Infoblox Inc., the network control company, today released the second quarter 2015 report for the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence. The index hit a record high of 133-up 58 percent from the second quarter of 2014-due to a surge in phishing attacks.
The single biggest factor driving the second-quarter increase, according to analysis of the data by IID and Infoblox, is the creation of malicious domains for phishing attacks. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites-mimicking a bank’s home page, for example, or a company’s employee portal-to collect confidential information such as account names and passwords or credit-card numbers.
Another significant contributor to the index’s record high is the growing demand for exploit kits. These packages of malicious software are typically hidden on web sites that appear to be innocuous, but download malware whenever a user visits-even if the user takes no action.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ba86ce6754&e=20056c7556
Inside the $100M âBusiness Clubâ Crime Gang
Aside from their role in siphoning funds from Australian and Asian banks, Business Club members based in the far eastern regions of Russia also helped the gang cash out some of their most lucrative cyberheists, Fox-ITâs research suggests.
New research into a notorious Eastern European organized cybercrime gang accused of stealing more than $100 million from banks and businesses worldwide provides an unprecedented, behind-the-scenes look at an exclusive âbusiness clubâ that dabbled in cyber espionage and worked closely with phantom Chinese firms on Russiaâs far eastern border.
In the summer of 2014, the U.S. Justice Department joined multiple international law enforcement agencies and security firms in taking down the Gameover ZeuS botnet, an ultra-sophisticated, global crime machine that infected upwards of a half-million PCs.
Last yearâs takedown of the Gameover ZeuS botnet came just months after the FBI placed a $3 million bounty on the botnet malwareâs alleged author â a Russian programmer named Evgeniy Mikhailovich Bogachev who used the hacker nickname âSlavik.â But despite those high-profile law enforcement actions, little has been shared about the day-to-day operations of this remarkably resourceful cybercrime gang.
That changed today with the release of a detailed report from Fox-IT, a security firm based in the Netherlands that secretly gained access to a server used by one of the groupâs members. That server, which was rented for use in launching cyberattacks, included chat logs between and among the crime gangâs core leaders, and helped to shed light on the inner workings of this elite group.
The chat logs show that the crime gang referred to itself as the âBusiness Club,â and counted among its members a core group of a half-dozen people supported by a network of more than 50 individuals. In true Oceans 11 fashion, each Business Club member brought a cybercrime specialty to the table, including 24/7 tech support technicians, third-party suppliers of ancillary malicious software, as well as those engaged in recruiting âmoney mulesâ â unwitting or willing accomplices who could be trained or counted on to help launder stolen funds.
Geographic diversity allowed the group â which mainly worked regular 9-5 hour days Monday through Friday â to conduct their cyberheists against banks by following the rising sun across the globe â emptying accounts at Australia and Asian banks in the morning there, European banks in the afternoon, before handing the operations over to a part of the late afternoon team based in Eastern Europe that would attempt to siphon funds from banks that were just starting their business day in the United States.
Aside from their role in siphoning funds from Australian and Asian banks, Business Club members based in the far eastern regions of Russia also helped the gang cash out some of their most lucrative cyberheists, Fox-ITâs research suggests.
Fox-ITâs report concludes itâs evident that Slavik was involved in more than just the crime ring around peer-to-peer ZeuS. Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9653300b1a&e=20056c7556
Why Banks Are Turning to Tokenization to Protect Cloud Data
California-based vendor CipherCloud released its âQ2 2015 Global Cloud Data Security Report,â which indicated that tokenization is used by 68 percent of the 50 banks surveyed, particularly for personally identifiable information (PII). Itâs a technology that safeguards data by taking something like a bank card number and substituting a randomly generated figure of the same length for it. That way, even if cybercriminals compromise data in the cloud, it will be nearly impossible for them to use it.
Tokenization is not only being embraced by financial services firms. Computerworld reported last year that retailers were turning to the technology as a way to make sure they didnât join high-profile data breach targets such as Target and Home Depot in losing thousands of customer credit and debit card numbers. Tokens can be reused or applied just once, and payment card data doesnât have to be stored on their enterprise networks.
There are still differences in exactly what data is stored in the cloud and how, Silicon Angle pointed out. Highly sensitive PII was cited by only 33 percent of those surveyed, though more than half admitted to putting data from commercial clients in hosted environments. Still, if tokenization works as the industry hopes, those numbers could look very different the next time a report like this is put together.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=227222c0bb&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=7897d9cb40)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)