Following this week’s upcoming lecture on cryptography and the ongoing discussion on ransomware’s weaponization of encryption. This article from Bleeping Computer reports on emerging ransomware (HIVE) strains targeting Linux and Freebsd servers. Although the execution is “buggy” and sometimes fails to encrypt the victim’s system without root privileges, it alarms the growing trend of Linux-based ransomware. Scary to think how many poorly patched Linux datacenters could be impacted if the threat is not taken seriously.
It’s never too early to start preparing. Given the advances in quantum computing, DHS and NIST teamed up to release a roadmap (https://www.dhs.gov/quantum) to help organizations transition to post quantum cryptography. The roadmap will help organizations by “identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.” Organizations are encouraged to pursue this plan in anticipation of forthcoming NIST post-quantum cryptography standards. The roadmap recommends increasing the awareness of post-quantum cryptography risks, in addition to starting inventory and prioritization efforts for vulnerable systems.
https://www.theverge.com/2021/10/21/22738747/tesla-driving-data-hack-dutch-investigators-autopilot
“Tesla’s driving data storage system hacked by Dutch investigators”
According to this article NFI found that Tesla’s vehicles store much more detailed data than previously known, including speed, accelerator pedal position, steering angle and braking use. Some of this data can be kept for up to a year, the institute said. Speed, accelerator pedal position, steering angle and brake use the team was investigating a crash that involved a Tesla with Autopilot in use and another vehicle hit from behind after it braked unexpectedly.
The Dutch forensic team decrypted Tesla’s heavily guarded data storage to obtain unshared information about the car’s autopilot system.
I came across this article that details how an individual illegally streamed professional league (NFL, NBA, MLB, NHL) games for his own personal profit.
As the article details:
“St. Louis Park resident Joshua Streit, who is also known as Josh Brody, allegedly intruded into the computer systems of the National Basketball Association (NBA), the National Football League (NFL), the National Hockey League (NHL), and Major League Baseball (MLB) using login credentials misappropriated from legitimate users.”
It sounds like Joshua Streit was able to gain login credentials from legitimate users into the computer systems of the NBA, NFL, NHL, and MLB. I was curious if he was able to gain the login credentials by phishing or some other form of social engineering, but unfortunately this article doesn’t go into too much detail.
I found it fascinating that organizations that have ludicrous amounts of money (such as professional sports leagues) can still fall victim to attacks like these, and just goes to show how important information security is and continue to be as we move forward.
Digital signatures and their part in securing our digital world:
In preparation for this week’s session, I came across this article that clearly articulates what digital signatures are, how digital signatures/certificates are used, and the next steps in the evolution of digital signatures in the security universe.
Based on findings outside this article, I observed that a digital signature is a mechanism used to verify that a particular digital document, message, or transaction is authentic. It provides a receiver the guarantee that the message was generated by the sender and was not modified by a third party.
Secondly, digital certificates function similarly to identification cards such as passports and drivers’ licenses. Recognized (government) authorities issue digital certificates. When someone requests a certificate, the authority verifies the requester’s identity, certifies that the requester meets all requirements to receive the certificate, and then issues it. When a digital certificate is presented to others, they can verify the identity of its owner because the certification provides the following security benefits:
Thank you for sharing the article that made me aware of digital certificates and their role in protecting our digital world. Through the article you shared, I learned that I can find the site’s SSL certificate near the URL on most browsers and it will provide the date, issuer and type of “public key” used to ensure that the certificate is authentic. In the digital age, both digital certificates and driver’s licenses provide varying degrees of proof of identity and guarantee the rights of individuals.
The article describes a global IT security skills shortage that now exceeds 4 million. The certification organization compiled the latest cybersecurity workforce study by interviewing more than 3,200 security professionals worldwide. The report estimates the current global workforce at 2.93 million, with 289,000 in the UK and 805,000 in the US. Nearly two-thirds of responding organizations reported cybersecurity workforce shortages and a lack of skilled or experienced security personnel as their top workplace concerns. Their organizations are at moderate or extreme risk due to staffing shortages.
“Microsoft warns of rise in password sprays targeting cloud accounts”
The Microsoft Detection and Response Team (DART) said it had detected an increase in password spraying attacks against privileged cloud accounts and high-profile identities, such as C-level executives.
Password spraying is a brute force attack in which an attacker attempts to access an extensive list of accounts using a small number of commonly used passwords.
When switching from one account to another, these attacks typically use the same password to find easily compromised accounts and avoid triggering defenses such as password lockout and malicious IP blocking (when using botnets).
This strategy reduces the likelihood of triggering account lockouts, as happens when they are the target of classic brute-force attacks that quickly try to log into a small number of accounts by browsing through an extensive list of passwords (one version at a time).
“Over the past year, the Microsoft Detection and Response Team (DART) and Microsoft’s Threat Intelligence team have observed an increase in the use of password sprays as an attack vector,” DART said.
“Recently, DART has seen an increase in cloud administrator accounts being targeted by password spray attacks, so knowing the target is a good place to start.”
DART recommends enabling and enforcing multi-factor authentication (MFA) in all accounts whenever possible and employing passwordless technology to significantly reduce the risk of account theft in the event of such an attack.
In this article, 12 arrests were made from individuals linked to more than 1,800 ransomware attacks in 71 countries. Malicious software variants such as LockerGoga, MegaCortex, and Dharma helped orchestrate these attacks. Some hackers were involved in network penetration, brute force attacks, and others performed SQL injections or handled credential phishing operations. They encrypted compromised systems and demanded victims to pay huge amounts of money as ransom in Bitcoin in exchange for decryption keys. The arrests took place in the Ukraine and Switzerland resulting in police seizing five luxury vehicles, electronic devices, and $52,000 in cash. This operation became a success with the help of several European police departments, Europol specialists, and members of the FBI and the US Secret Service in taking down these hackers.
‘Apple dropped plan for encrypting backups after FBI complained’
It’s always interesting to see the war between tech companies and government agencies’ fight over user information on the devices. This article explains the Apple’s intention on end-to-end encryption of iCloud which would let the company to not being able to decrypt the user data even with court order. In the past days, when FBI requested the company to unlock couple iPhones of criminals, the company rejected for privacy purposes and came up with end-to-end encryption adjustment to its new software.
Even though, Apple ended up shifting its focus primarily on sensitive user data (which includes passwords and health data), there are other organizations out in marketplace who is considering end-to-end encryption. Google announced a similar concept as Apple dropped, which lets user to have their own cloud and Google wouldn’t have any control over it.
Git lab had a critical remote code execution vulnerability in their web interface. There were improper validations of user-provided images which resulted in random code execution. The vulnerability affects several versions, but there is a patch available. However, even with the patch, only 21% were said to have fully been patched.
“Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws”
Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel.
To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.
India’s Supreme Court starts probe into use of Pegasus spyware
India is investigating the use of the NSO group’s spyware known as “Pegasus”. This spyware is a very powerful tool that has been used by governments to thwart terrorists and child exploiters. However, it is suspected that the Indian government may have been using this tool for spying on individuals such as journalists and opposing politicians. The court is planning on examining whether this spyware constitutes an abuse to the rights of privacy and free speech. This independent committee is tasked with finding out if the India government used the spyware, if they used it lawfully, and who they used it on. They also will be tasked with making any policy change recommendations after the investigation has concluded. It remains to be seen if the Indian government will adhere to these findings.
It states that even the advanced processing power of quantum computers doesn’t render current public cryptography tools useless. It does acknowledge that a quantum powered cryptographic breaking tool (CRQC – Cryptographically Relevant Quantum Computer) is possible and we should plan for it. However, when the human element is brought into the equation, defending against the CRQC is not really the highest priority….
My favorite quote: “In a world where users will divulge their passwords in return for chocolate or in response to an enticing phishing email, the risk of quantum computers might not be our biggest threat,” Martin Lee, a technical lead at Cisco’s Talos security division told The Register.
On Thursday Microsoft stated they will work with community colleges around the country to fill 250,000 cyber security jobs. The initiative will be over the next four years and include free curriculum material, scholarship assistance and training for new and existing teachers. Microsoft in part is doing this to help combat the large number of attacks against the United Stated. The need for cyber experts is high and the average pay is more than 105K and for every 2 jobs filled, one remains open.
The recent data breach at the Colorado University had a potentially exposed around 30,000 current and former students information. The University has stated that this cyber-attack was happened through one of the applications they use provided by third-party. The application is Atlassian. They have used this application within the IT to share the resources. The attackers were able to get access to names, student ID numbers, addresses, dates of birth, phone numbers, and genders. They have also stated they were in process of implementing a newer version of the software. The University will be notifying the affected students through the email and will be providing an free credit monitoring service.
With blockchain picking up traction since bitcoin has arise there have been a wide amount of various crypto currencies emerging. While they all might seem the same there are specific uses for these crypto coins. In this article it explains the unique NFT(Non-Fungible token) which to summarize it in general it is practically a digital certification verifying the proper rights and or ownership of anything digital. It can be a drawing, gif, music, etc. and is set to revolutionize the art industry through the means of blockchain technology by creating scarcity in the market. Applicable usage has become very popular with celebrities like Logan Paul, Linkin Park, Wayne Gretzky, Marvel, etc. and I believe this can be a game changer for collectors, buyers, traders, and gamers.
The article primarily explains The Covid-19 pandemic has given a new lease of life to many employees by giving them an opportunity to work-from-home initiative, taking the corporate world into an untapped phase. Without any level of paradox , most of the users reading this have had to digitally sign some official documents over the past couple of years because of the lack of face-to-face interaction and standard distance constraints. To maintain the authenticity and integrity of such documents holding critical information, the DSA Algorithm was proposed and passed as a global standard for verifying digital signatures
This article by Portswigger details recent progress made by Europol (a European law enforcement body) against a cybercriminal group that executed a ransomware attack against causing over $70 million in damages against Norwegian ” industrial giant Norsk Hydro in 2019.” Europol seized $52,000, five luxury vehicles, and many devices in Switzerland and Ukraine in late October after targeting twelve individuals with charges in multiple jurisdictions across Europe. The seized devices are currently being forensically examined in anticipation of finding further evidence of the many attacks committed by this cybercriminal group.
Common attack vectors used by these cybercriminals include exploiting vulnerabilities with SQL injection, phishing emails, credential stealing, and brute forcing. According to Europol, the group had extended dwell time in breached corporate networks which they used continually to try to gain new information to pivot further or gain more knowledge to be used maliciously in support of a future persistent attack.
According to the article 40% of organizations have fallen victim to a cloud-based breach in the last year. The purpose of the article is to urge organizations to adopt strong cloud security practices, specifically around encryption, due to an increase in employees working remotely caused by Covid-19. The article notes, “Most—a whopping 83%—have failed to encrypt even half the sensitive data they have tucked away in the cloud. And if that’s not enough to give pause—just about one-third, or 34%, retain total control over encryption keys”.
It’s clear the remote workspace has forced organizations to adopt more and more cloud solutions. But as we’ve seen before, organizations claim that securing their customer data is a “priority”, yet in most cases the priority is optimize the usability of the cloud solution for the organization. Even the organizations who believe they have considered cloud security and put measures in place, such as multi-factor authentication on an organizations network, in place to mitigate the risk of an attack just aren’t doing enough. The article notes, “In today’s cloud and SaaS platforms, the corporate network is no longer the only way to access data. Data is now frequently accessed through third-party apps, IoT devices in the home, and portals created for external users like customers, partners, contractors and MSPs….Often access through these channels completely bypasses the corporate network.” As a result, it’s absolutely necessary to ensure additional layers of mitigating controls, such as encryption, are considered when adopting a cloud based solution.
Squid Game Crypto Scammers Rips Off Investors for Millions
Last week, SQUID tokens (a new form of crypto), was released into the world with a starting price of $.01. When investors bought into the crypto, the value increased drastically. The value of the token eventually reached $2,861.80, and many investors tried selling; however, when trying to sell the coin they faced a “anti-dumping mechanism”. By adding an extra line of code, the SQUID coin scammers were able to prevent investors from selling the coin, and the scammers cashed out on the investments which totaled up to $3.38 million.
‘Ibec Global’s major international summit Cybersecurity – the transatlantic reboot’ will take place on November 18th 2021. Apparently, this event will gather world’s the top thinkers on cyber security to give insight on how businesses and governments can implement better security practices. The article stresses how cybercrime is more prevalent than it has been in the past 2 years; with ransomware alone rising to a staggering 148%. These information security incidents are detrimental to the organizations they infiltrate, as well as the economy! “Recent incidents have seen attacks on hospital networks, on energy grids, and on other critical infrastructure, including defence capabilities.” (Jackie King)
Furthermore, this article explains that the COVID-19 pandemic has facilitated cybercriminals in carrying out their cybercrimes. Businesses were not prepared to make the necessary adjustments that were readily being implemented in the beginning of this global crisis. Hence; ransomeware attacks exploited “corporate unpreparedness”. The goal of this summit is to have organizations come together such as; “banks, financial institutions, utilities, tech companies and corporations” to share approaches and work together in the cause of making the internet safer. Moreover, they would like for economies / governments such as; EU, UK, US and Canada alike to join together as partners and combat the common daily threats of cybercrime they all continue to face.
This article is about cyber-attacks exploiting machine identities has soared by more than 700% over the past five years, according to new data from Venafi. The security vendor made the claims in its latest report, Machine Identities Drive Rapid Expansion of Enterprise Attack Surface.
It also revealed that this type of attack has surged by 433% from 2018 to 2019 alone, whilst the use of commodity malware that abuses machine identities doubled.
Machine identity refers to the use of digital certificates and cryptographic keys (ie SSL/TLS, SSH) to authenticate and secure computers and devices that connect with each other.
Just today, the FBI is notifying companies that ransomware gangs are to hit companies with a spam of ransom payments in order to get financial exposure. The article mentions, “the Bureau said that activity over the course of the past year shows a trend toward targeting companies when they’re coming up to significant, time-sensitive financial events. Such as quarterly earning reports and mandated SEC filing.”
As it states in the article, April of 2021, the DarkSide (ransomware gang) posted a plan to use the victim’s share price as extortion leverage, in the Colonial Pipeline.
I found this article while I was waiting for my flight in the airport. It highlights much of the problems that we’ll be tackling in the future. Stating that cloud computing will likely be an easy platform for cybersecurity; and for the industry to adopt these standards. The article also highlights that AI use will become more prevalent in both attacking and defending (where AI is developed to fight against other AIs).
However, the article highlights the use of passwords will still be a thing in 2031. I do agree, but I think there will be much less passwords in 10 years from now, at least within major organizations, as so many breaches happen because of leaked credentials. For example; the Target breach that we went over in the case study. Or the recent pipeline attack that happened a few months ago and caused supply chain shortages.
Another subject that is highlighted is that supply chain attacks are becoming more prevalent. As technology rapidly expands criminals are becoming much more sophisticated and self-aware of the real world harm they can cash out on. Before these systems were non-hackable through traditional means. Now entire food/gas/electric/etc are all inter-connected making them susceptible to massive multi-million dollar attacks. And with techniques to obfuscate the trail – it is very enticing to disrupt these chains as so often the reward is much greater than the risk.
Quantum computers will be able to break current encryption standards by listening in on internet chatter, picking up decryption keys as they’re being shared. In order for encryption to work, you need to have a shared decryption key. Otherwise, if you don’t have the correct encryption key, the message will look like nonsense. Verizon poses 2 methods to quantum proof our encryption.
Option 1 is quantum key distribution. This involves sending photons via fiber optic cables. These photons would arrive to the intended party representing a series of 1s and 0s, which would be the decryption code. This method is unhackable, since photons cannot be cloned, and the interception of the key would cause it to be discarded.
Option 2 is to upgrade our encryption algorithms. Current RCA and ECDH methods are vulnerable to quantum computers. But NIST is working to develop new quantum-proof algorithms. This includes Saber, a promising alternative. However, due to its newness, it is still unproved and cryptographers are skeptical. It needs more testing.
Hackers are stealing data today so quantum computers can crack it in a decade
Given the everchanging approach of modern technology, it is not surprising that quantum computers are gaining international spotlight. Quantum computers replace traditional binary code with quantum bits that represent multiple values at the same time, giving them the ability to compute astronomically faster than regular computers. However, accompanied by this new technology are new threats. Given the high computational abilities of quantum computers, security professionals are reporting that encryption algorithms deemed highly secure on modern computers will be easily broken. Hackers are reportedly stealing encrypted data containing information such as potential trade secrets, possible PII, etc. with hopes to later decrypt once quantum computer technology is improved and more available. Dustin Moody, a mathematician at the National Institute of Standards and Technology (NIST) states that: “The threat of a nation-state adversary getting a large quantum computer and being able to access your information is real. The threat is that they copy down your encrypted data and hold on to it until they have a quantum computer”. In response to this threat, security professionals are actively working to develop a new encryption algorithms to prepare for the complexity of quatum computers. With this notion, there might be issues; will traditional computer systems be able to effectively perform with these new complex algorithms? How will already-stolen encrypted data be protected, now that it is lost? The Dept. of Homeland Security has already released a road map to prepare for the quantum computer transition, alongside China in almost an arms race of quantum technology. In the meantime, it is important to plan ahead and prepare for this imminent threat.
The article I read this week is based on a PWC Survey describing how most firms in India (about 80%) plan to increase their Cybersecurity budget in 2022 due to the continuous evolution of the risk landscape. The reason for this is because increased complexity in businesses causes risky events to have a domino effect with high consequences, thus, robust cybersecurity practices/controls must be implemented. The 2022 Global Digital Trust Insights is a survey of 3,602 business, technology, and security executives based in various regions, and the India edition of the global survey report focused on 109 Indian businesses, which showed that organizations have invested a bunch in cybersecurity tools and technologies, however they have not been used to full potential. With that being said, many of the organizations will focus on investment in cybersecurity in areas such as customer identity and access management, zero trust architecture, managed security services, cloud security and endpoint security. There have been struggles, and the reason for that is increased complexity that comes with increased digitization.
Following this week’s upcoming lecture on cryptography and the ongoing discussion on ransomware’s weaponization of encryption. This article from Bleeping Computer reports on emerging ransomware (HIVE) strains targeting Linux and Freebsd servers. Although the execution is “buggy” and sometimes fails to encrypt the victim’s system without root privileges, it alarms the growing trend of Linux-based ransomware. Scary to think how many poorly patched Linux datacenters could be impacted if the threat is not taken seriously.
https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/
It’s never too early to start preparing. Given the advances in quantum computing, DHS and NIST teamed up to release a roadmap (https://www.dhs.gov/quantum) to help organizations transition to post quantum cryptography. The roadmap will help organizations by “identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.” Organizations are encouraged to pursue this plan in anticipation of forthcoming NIST post-quantum cryptography standards. The roadmap recommends increasing the awareness of post-quantum cryptography risks, in addition to starting inventory and prioritization efforts for vulnerable systems.
Article: America Urged to Prepare for Shift to Post-Quantum Cryptography
Author: Sarah Coble
Published: Oct 6, 2021
Link: https://www.infosecurity-magazine.com/news/america-prepare-postquantum/
https://www.theverge.com/2021/10/21/22738747/tesla-driving-data-hack-dutch-investigators-autopilot
“Tesla’s driving data storage system hacked by Dutch investigators”
According to this article NFI found that Tesla’s vehicles store much more detailed data than previously known, including speed, accelerator pedal position, steering angle and braking use. Some of this data can be kept for up to a year, the institute said. Speed, accelerator pedal position, steering angle and brake use the team was investigating a crash that involved a Tesla with Autopilot in use and another vehicle hit from behind after it braked unexpectedly.
The Dutch forensic team decrypted Tesla’s heavily guarded data storage to obtain unshared information about the car’s autopilot system.
I came across this article that details how an individual illegally streamed professional league (NFL, NBA, MLB, NHL) games for his own personal profit.
As the article details:
“St. Louis Park resident Joshua Streit, who is also known as Josh Brody, allegedly intruded into the computer systems of the National Basketball Association (NBA), the National Football League (NFL), the National Hockey League (NHL), and Major League Baseball (MLB) using login credentials misappropriated from legitimate users.”
It sounds like Joshua Streit was able to gain login credentials from legitimate users into the computer systems of the NBA, NFL, NHL, and MLB. I was curious if he was able to gain the login credentials by phishing or some other form of social engineering, but unfortunately this article doesn’t go into too much detail.
I found it fascinating that organizations that have ludicrous amounts of money (such as professional sports leagues) can still fall victim to attacks like these, and just goes to show how important information security is and continue to be as we move forward.
https://www.infosecurity-magazine.com/news/man-charged-hacking-pro-sports/
Digital signatures and their part in securing our digital world:
In preparation for this week’s session, I came across this article that clearly articulates what digital signatures are, how digital signatures/certificates are used, and the next steps in the evolution of digital signatures in the security universe.
Based on findings outside this article, I observed that a digital signature is a mechanism used to verify that a particular digital document, message, or transaction is authentic. It provides a receiver the guarantee that the message was generated by the sender and was not modified by a third party.
Secondly, digital certificates function similarly to identification cards such as passports and drivers’ licenses. Recognized (government) authorities issue digital certificates. When someone requests a certificate, the authority verifies the requester’s identity, certifies that the requester meets all requirements to receive the certificate, and then issues it. When a digital certificate is presented to others, they can verify the identity of its owner because the certification provides the following security benefits:
References:
https://www.itproportal.com/features/digital-signatures-and-their-part-in-securing-our-digital-world/
Hi Olayinka,
Thank you for sharing the article that made me aware of digital certificates and their role in protecting our digital world. Through the article you shared, I learned that I can find the site’s SSL certificate near the URL on most browsers and it will provide the date, issuer and type of “public key” used to ensure that the certificate is authentic. In the digital age, both digital certificates and driver’s licenses provide varying degrees of proof of identity and guarantee the rights of individuals.
“Cybersecurity Skills Shortage Tops Four Million”
The article describes a global IT security skills shortage that now exceeds 4 million. The certification organization compiled the latest cybersecurity workforce study by interviewing more than 3,200 security professionals worldwide. The report estimates the current global workforce at 2.93 million, with 289,000 in the UK and 805,000 in the US. Nearly two-thirds of responding organizations reported cybersecurity workforce shortages and a lack of skilled or experienced security personnel as their top workplace concerns. Their organizations are at moderate or extreme risk due to staffing shortages.
Reference: https://www.infosecurity-magazine.com/news/cybersecurity-skills-shortage-tops/
“Microsoft warns of rise in password sprays targeting cloud accounts”
The Microsoft Detection and Response Team (DART) said it had detected an increase in password spraying attacks against privileged cloud accounts and high-profile identities, such as C-level executives.
Password spraying is a brute force attack in which an attacker attempts to access an extensive list of accounts using a small number of commonly used passwords.
When switching from one account to another, these attacks typically use the same password to find easily compromised accounts and avoid triggering defenses such as password lockout and malicious IP blocking (when using botnets).
This strategy reduces the likelihood of triggering account lockouts, as happens when they are the target of classic brute-force attacks that quickly try to log into a small number of accounts by browsing through an extensive list of passwords (one version at a time).
“Over the past year, the Microsoft Detection and Response Team (DART) and Microsoft’s Threat Intelligence team have observed an increase in the use of password sprays as an attack vector,” DART said.
“Recently, DART has seen an increase in cloud administrator accounts being targeted by password spray attacks, so knowing the target is a good place to start.”
DART recommends enabling and enforcing multi-factor authentication (MFA) in all accounts whenever possible and employing passwordless technology to significantly reduce the risk of account theft in the event of such an attack.
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/?&web_view=true
“Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide”
In this article, 12 arrests were made from individuals linked to more than 1,800 ransomware attacks in 71 countries. Malicious software variants such as LockerGoga, MegaCortex, and Dharma helped orchestrate these attacks. Some hackers were involved in network penetration, brute force attacks, and others performed SQL injections or handled credential phishing operations. They encrypted compromised systems and demanded victims to pay huge amounts of money as ransom in Bitcoin in exchange for decryption keys. The arrests took place in the Ukraine and Switzerland resulting in police seizing five luxury vehicles, electronic devices, and $52,000 in cash. This operation became a success with the help of several European police departments, Europol specialists, and members of the FBI and the US Secret Service in taking down these hackers.
https://thehackernews.com/2021/10/police-arrest-suspected-ransomware.html
‘Apple dropped plan for encrypting backups after FBI complained’
It’s always interesting to see the war between tech companies and government agencies’ fight over user information on the devices. This article explains the Apple’s intention on end-to-end encryption of iCloud which would let the company to not being able to decrypt the user data even with court order. In the past days, when FBI requested the company to unlock couple iPhones of criminals, the company rejected for privacy purposes and came up with end-to-end encryption adjustment to its new software.
Even though, Apple ended up shifting its focus primarily on sensitive user data (which includes passwords and health data), there are other organizations out in marketplace who is considering end-to-end encryption. Google announced a similar concept as Apple dropped, which lets user to have their own cloud and Google wouldn’t have any control over it.
https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT
Git lab had a critical remote code execution vulnerability in their web interface. There were improper validations of user-provided images which resulted in random code execution. The vulnerability affects several versions, but there is a patch available. However, even with the patch, only 21% were said to have fully been patched.
https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html
“Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws”
Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel.
To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.
https://thehackernews.com/2021/11/google-to-pay-hackers-31337-for.html
India’s Supreme Court starts probe into use of Pegasus spyware
India is investigating the use of the NSO group’s spyware known as “Pegasus”. This spyware is a very powerful tool that has been used by governments to thwart terrorists and child exploiters. However, it is suspected that the Indian government may have been using this tool for spying on individuals such as journalists and opposing politicians. The court is planning on examining whether this spyware constitutes an abuse to the rights of privacy and free speech. This independent committee is tasked with finding out if the India government used the spyware, if they used it lawfully, and who they used it on. They also will be tasked with making any policy change recommendations after the investigation has concluded. It remains to be seen if the Indian government will adhere to these findings.
https://www.theregister.com/2021/10/29/india_nso_pegasus_probe/
I looked for something specifically about the lecture topic this week and found this article from Sept 2021:
https://www.techradar.com/news/nsa-doesnt-think-quantum-computers-can-break-public-key-encryption
It states that even the advanced processing power of quantum computers doesn’t render current public cryptography tools useless. It does acknowledge that a quantum powered cryptographic breaking tool (CRQC – Cryptographically Relevant Quantum Computer) is possible and we should plan for it. However, when the human element is brought into the equation, defending against the CRQC is not really the highest priority….
My favorite quote: “In a world where users will divulge their passwords in return for chocolate or in response to an enticing phishing email, the risk of quantum computers might not be our biggest threat,” Martin Lee, a technical lead at Cisco’s Talos security division told The Register.
On Thursday Microsoft stated they will work with community colleges around the country to fill 250,000 cyber security jobs. The initiative will be over the next four years and include free curriculum material, scholarship assistance and training for new and existing teachers. Microsoft in part is doing this to help combat the large number of attacks against the United Stated. The need for cyber experts is high and the average pay is more than 105K and for every 2 jobs filled, one remains open.
https://www.reuters.com/technology/microsoft-work-with-community-colleges-fill-250000-cyber-jobs-2021-10-28/
The recent data breach at the Colorado University had a potentially exposed around 30,000 current and former students information. The University has stated that this cyber-attack was happened through one of the applications they use provided by third-party. The application is Atlassian. They have used this application within the IT to share the resources. The attackers were able to get access to names, student ID numbers, addresses, dates of birth, phone numbers, and genders. They have also stated they were in process of implementing a newer version of the software. The University will be notifying the affected students through the email and will be providing an free credit monitoring service.
Reference:
https://portswigger.net/daily-swig/data-breach-at-colorado-university-impacts-30-000-students
With blockchain picking up traction since bitcoin has arise there have been a wide amount of various crypto currencies emerging. While they all might seem the same there are specific uses for these crypto coins. In this article it explains the unique NFT(Non-Fungible token) which to summarize it in general it is practically a digital certification verifying the proper rights and or ownership of anything digital. It can be a drawing, gif, music, etc. and is set to revolutionize the art industry through the means of blockchain technology by creating scarcity in the market. Applicable usage has become very popular with celebrities like Logan Paul, Linkin Park, Wayne Gretzky, Marvel, etc. and I believe this can be a game changer for collectors, buyers, traders, and gamers.
https://www.theverge.com/22310188/nft-explainer-what-is-blockchain-crypto-art-faq
The article primarily explains The Covid-19 pandemic has given a new lease of life to many employees by giving them an opportunity to work-from-home initiative, taking the corporate world into an untapped phase. Without any level of paradox , most of the users reading this have had to digitally sign some official documents over the past couple of years because of the lack of face-to-face interaction and standard distance constraints. To maintain the authenticity and integrity of such documents holding critical information, the DSA Algorithm was proposed and passed as a global standard for verifying digital signatures
https://www.simplilearn.com/tutorials/cryptography-tutorial/digital-signature-algorithm
This article by Portswigger details recent progress made by Europol (a European law enforcement body) against a cybercriminal group that executed a ransomware attack against causing over $70 million in damages against Norwegian ” industrial giant Norsk Hydro in 2019.” Europol seized $52,000, five luxury vehicles, and many devices in Switzerland and Ukraine in late October after targeting twelve individuals with charges in multiple jurisdictions across Europe. The seized devices are currently being forensically examined in anticipation of finding further evidence of the many attacks committed by this cybercriminal group.
Common attack vectors used by these cybercriminals include exploiting vulnerabilities with SQL injection, phishing emails, credential stealing, and brute forcing. According to Europol, the group had extended dwell time in breached corporate networks which they used continually to try to gain new information to pivot further or gain more knowledge to be used maliciously in support of a future persistent attack.
https://portswigger.net/daily-swig/ransomware-cybercriminals-linked-to-norsk-hydro-attack-fall-prey-to-europol-swoop
https://securityboulevard.com/2021/11/companies-fail-to-encrypt-protect-data-in-the-cloud/
According to the article 40% of organizations have fallen victim to a cloud-based breach in the last year. The purpose of the article is to urge organizations to adopt strong cloud security practices, specifically around encryption, due to an increase in employees working remotely caused by Covid-19. The article notes, “Most—a whopping 83%—have failed to encrypt even half the sensitive data they have tucked away in the cloud. And if that’s not enough to give pause—just about one-third, or 34%, retain total control over encryption keys”.
It’s clear the remote workspace has forced organizations to adopt more and more cloud solutions. But as we’ve seen before, organizations claim that securing their customer data is a “priority”, yet in most cases the priority is optimize the usability of the cloud solution for the organization. Even the organizations who believe they have considered cloud security and put measures in place, such as multi-factor authentication on an organizations network, in place to mitigate the risk of an attack just aren’t doing enough. The article notes, “In today’s cloud and SaaS platforms, the corporate network is no longer the only way to access data. Data is now frequently accessed through third-party apps, IoT devices in the home, and portals created for external users like customers, partners, contractors and MSPs….Often access through these channels completely bypasses the corporate network.” As a result, it’s absolutely necessary to ensure additional layers of mitigating controls, such as encryption, are considered when adopting a cloud based solution.
Squid Game Crypto Scammers Rips Off Investors for Millions
Last week, SQUID tokens (a new form of crypto), was released into the world with a starting price of $.01. When investors bought into the crypto, the value increased drastically. The value of the token eventually reached $2,861.80, and many investors tried selling; however, when trying to sell the coin they faced a “anti-dumping mechanism”. By adding an extra line of code, the SQUID coin scammers were able to prevent investors from selling the coin, and the scammers cashed out on the investments which totaled up to $3.38 million.
https://threatpost.com/squid-game-crypto-scammers-investors/175951/
‘Ibec Global’s major international summit Cybersecurity – the transatlantic reboot’ will take place on November 18th 2021. Apparently, this event will gather world’s the top thinkers on cyber security to give insight on how businesses and governments can implement better security practices. The article stresses how cybercrime is more prevalent than it has been in the past 2 years; with ransomware alone rising to a staggering 148%. These information security incidents are detrimental to the organizations they infiltrate, as well as the economy! “Recent incidents have seen attacks on hospital networks, on energy grids, and on other critical infrastructure, including defence capabilities.” (Jackie King)
Furthermore, this article explains that the COVID-19 pandemic has facilitated cybercriminals in carrying out their cybercrimes. Businesses were not prepared to make the necessary adjustments that were readily being implemented in the beginning of this global crisis. Hence; ransomeware attacks exploited “corporate unpreparedness”. The goal of this summit is to have organizations come together such as; “banks, financial institutions, utilities, tech companies and corporations” to share approaches and work together in the cause of making the internet safer. Moreover, they would like for economies / governments such as; EU, UK, US and Canada alike to join together as partners and combat the common daily threats of cybercrime they all continue to face.
https://www.euractiv.com/section/digital/opinion/cybersecurity-covid-has-thrown-into-sharp-relief-the-need-for-greater-transatlatic-cooperation/
This article is about cyber-attacks exploiting machine identities has soared by more than 700% over the past five years, according to new data from Venafi. The security vendor made the claims in its latest report, Machine Identities Drive Rapid Expansion of Enterprise Attack Surface.
It also revealed that this type of attack has surged by 433% from 2018 to 2019 alone, whilst the use of commodity malware that abuses machine identities doubled.
Machine identity refers to the use of digital certificates and cryptographic keys (ie SSL/TLS, SSH) to authenticate and secure computers and devices that connect with each other.
https://www.infosecurity-magazine.com/news/attacks-exploiting-digital-certs/
“Ransomware Gangs Target Corporate Financial Activities’
Just today, the FBI is notifying companies that ransomware gangs are to hit companies with a spam of ransom payments in order to get financial exposure. The article mentions, “the Bureau said that activity over the course of the past year shows a trend toward targeting companies when they’re coming up to significant, time-sensitive financial events. Such as quarterly earning reports and mandated SEC filing.”
As it states in the article, April of 2021, the DarkSide (ransomware gang) posted a plan to use the victim’s share price as extortion leverage, in the Colonial Pipeline.
Reference:
https://threatpost.com/ransomware-corporate-financial/175940/
I found this article while I was waiting for my flight in the airport. It highlights much of the problems that we’ll be tackling in the future. Stating that cloud computing will likely be an easy platform for cybersecurity; and for the industry to adopt these standards. The article also highlights that AI use will become more prevalent in both attacking and defending (where AI is developed to fight against other AIs).
However, the article highlights the use of passwords will still be a thing in 2031. I do agree, but I think there will be much less passwords in 10 years from now, at least within major organizations, as so many breaches happen because of leaked credentials. For example; the Target breach that we went over in the case study. Or the recent pipeline attack that happened a few months ago and caused supply chain shortages.
Another subject that is highlighted is that supply chain attacks are becoming more prevalent. As technology rapidly expands criminals are becoming much more sophisticated and self-aware of the real world harm they can cash out on. Before these systems were non-hackable through traditional means. Now entire food/gas/electric/etc are all inter-connected making them susceptible to massive multi-million dollar attacks. And with techniques to obfuscate the trail – it is very enticing to disrupt these chains as so often the reward is much greater than the risk.
https://securityintelligence.com/articles/future-of-cybersecurity-2031/
https://www.verizon.com/about/news/quantum-computing-encryption-standards
Quantum computers will be able to break current encryption standards by listening in on internet chatter, picking up decryption keys as they’re being shared. In order for encryption to work, you need to have a shared decryption key. Otherwise, if you don’t have the correct encryption key, the message will look like nonsense. Verizon poses 2 methods to quantum proof our encryption.
Option 1 is quantum key distribution. This involves sending photons via fiber optic cables. These photons would arrive to the intended party representing a series of 1s and 0s, which would be the decryption code. This method is unhackable, since photons cannot be cloned, and the interception of the key would cause it to be discarded.
Option 2 is to upgrade our encryption algorithms. Current RCA and ECDH methods are vulnerable to quantum computers. But NIST is working to develop new quantum-proof algorithms. This includes Saber, a promising alternative. However, due to its newness, it is still unproved and cryptographers are skeptical. It needs more testing.
Hackers are stealing data today so quantum computers can crack it in a decade
Given the everchanging approach of modern technology, it is not surprising that quantum computers are gaining international spotlight. Quantum computers replace traditional binary code with quantum bits that represent multiple values at the same time, giving them the ability to compute astronomically faster than regular computers. However, accompanied by this new technology are new threats. Given the high computational abilities of quantum computers, security professionals are reporting that encryption algorithms deemed highly secure on modern computers will be easily broken. Hackers are reportedly stealing encrypted data containing information such as potential trade secrets, possible PII, etc. with hopes to later decrypt once quantum computer technology is improved and more available. Dustin Moody, a mathematician at the National Institute of Standards and Technology (NIST) states that: “The threat of a nation-state adversary getting a large quantum computer and being able to access your information is real. The threat is that they copy down your encrypted data and hold on to it until they have a quantum computer”. In response to this threat, security professionals are actively working to develop a new encryption algorithms to prepare for the complexity of quatum computers. With this notion, there might be issues; will traditional computer systems be able to effectively perform with these new complex algorithms? How will already-stolen encrypted data be protected, now that it is lost? The Dept. of Homeland Security has already released a road map to prepare for the quantum computer transition, alongside China in almost an arms race of quantum technology. In the meantime, it is important to plan ahead and prepare for this imminent threat.
https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/
The article I read this week is based on a PWC Survey describing how most firms in India (about 80%) plan to increase their Cybersecurity budget in 2022 due to the continuous evolution of the risk landscape. The reason for this is because increased complexity in businesses causes risky events to have a domino effect with high consequences, thus, robust cybersecurity practices/controls must be implemented. The 2022 Global Digital Trust Insights is a survey of 3,602 business, technology, and security executives based in various regions, and the India edition of the global survey report focused on 109 Indian businesses, which showed that organizations have invested a bunch in cybersecurity tools and technologies, however they have not been used to full potential. With that being said, many of the organizations will focus on investment in cybersecurity in areas such as customer identity and access management, zero trust architecture, managed security services, cloud security and endpoint security. There have been struggles, and the reason for that is increased complexity that comes with increased digitization.
https://www.deccanherald.com/business/business-news/most-indian-firms-to-increase-cybersecurity-budget-in-2022-pwc-survey-1045998.html
Read more at: https://www.deccanherald.com/business/business-news/most-indian-firms-to-increase-cybersecurity-budget-in-2022-pwc-survey-1045998.html