Vanessa Marin

Title: Who’s In Your Wallet? Exploring Mobile Wallet Security

Author: Kelly Sheridan
Publish Date: October 25, 2021
Website: www.DARKReading.com

COVID-19 has affected us in so many ways over the last two years – our health, our values, our economy all with safety in mind, for the most part. Social distancing has been a key factor in our changes in behavior. Also increasing our awareness of surfaces we touch, how close we come to people and other things. Remember the days of writing checks? Non-existent. I don’t even own a checkbook.  Paying in cash – rare for me, but still relevant. Credit/debit cards – only when forced to. What is my new way of paying? Venmo, Apple Pay — my virtual wallet on my phone or my watch. I’ve uploaded all my credit cards, debit cards, rewards cards, into my “wallet” and now I no longer TOUCH a card or a payment console.

Now this makes my life easier but is it secure. For the most part yes but inconsistencies in what is required to bring up your payment method may make you more vulnerable than you think. This article explores the theft of phones and then using them for services that by pass your authentication. Particularly in public transportation in London, where payments can be made via virtual wallet that do not require a password or a fingerprint to process.

If you want to read the on more details as to how this was tested in the field, check this link out. Timur Yunusov will be giving a talk on 11/11 and 11/12 at the Blackhat Europe 2021 Conference.

-Vanessa

Title: There’s been a big rise in monitoring workers at home. We should all be worried.

Author: Owen Hughes
Publish Date: November 8, 2021
Website: www.ZDNet.com

Interesting article that impacts all of us in the new work from home environment. This article expresses the very real concerns of remote monitoring tool becoming breaches of employee privacy. From being watched via webcam, tracking of online activity, and using surveillance software. This is not for “security” but instead to gauge that you are actually working and what you are working on. The biggest concern being that employees are largely unaware that they are being monitored. This articles is focused on the UK but the dangers of abuse are applicable across any country.

It seems like a reshaping of the industry is in order. Key elements of discussion:

• Reviewing employer guidance on new workplace technologies
• Full transparency on how these technologies are used and what data is being gathered
• Modifying or creating new laws that protect employees and employers when using webcams to monitor people working from home or checking up on employees outside of meetings and calls.
• Discrimination by age group or race, GDPR breaches for data being tracked on employees, unregulated use of snooping technology.

This is a very interesting topic given that a large percentage of the population is now working remote. I have to admit that this didn’t cross my mind.. not until I read this article.

-Vanessa

Title: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
Author: Brian Krebs
Published Date: October 14, 2021

So I HAD to find this article. I couldn’t believe my ears when Prof Mackey brought it up. It is the most interesting read. Instead of owning the vulnerability Missouri GOV chooses to blame the reporter for “exploiting” it for publicity. When in reality the reporter found the vulnerability, reported it to the appropriate entity and then held off on publishing the story until the government had the opportunity to remediate the issue. Rather than being thankful, the Governor takes a vindictive stance against the reporter. Key points in this article are the intimidation tactics that the Governor is using. These threats really do hinder future whistleblowers. They prevent good Samaritans from coming forward for fear of being prosecuted.

Article: A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death
Author: Kevin Poulsen, Robert McMillan and Melanie Evans
Published: September 30, 2021
Source: The Wall Street Journal

This article was incredibly upsetting. Up until now ransomware making victims of hospitals has always been speculated as a danger to human life. Now, we have an actual victim that has died. An unborn child’s condition was not tracked appropriately which resulted in permanent brain damage and the eventual death of the baby. Parents are suing the hospital and the physician and are still in litigation. As it happens the hospital was undergoing an aggressive ransomware attack at the time on the incident and did not inform the patients or the staff of what was occurring in the moment. The hospital was actively trying to mitigate the incident. Not an unusual occurrence as the response is immediate to these kinds of attacks. The hospital did not pay the ransom, which is to be noted. Eventually the institution was able to gain access to their patient files and recover. However, the damage had been done and the patient was irrevocably impacted. If this case is won, this will be the FIRST proven case of ransomware causing a death.

Article: Our Eye Is on the SPARROW
Author: Reza Soosahabi
Published: September 24, 2021
Site: DARKReading.com

This weeks news: there’s a new way to enable long range communication leveraging other people’s networks by taking advantage of a vulnerability found in MAC layer protocols in 5G and LTE.
Using the cell coverage network, anonymous messages can be sent via short distances that link to enable longer trail of the communication. The vulnerability allows the establishment of these link prior to authenticating the user therefor allowing for anonymity. Specifically the MAC layer (L2) of “wireless access infrastructure” is impacted rather than the physical disruption of the L1 layer of using the other layers of the infrastructure stack (L3-L7).

It’s important to note that “Since commercial wireless signals are available virtually everywhere, exploiting them for data exfiltration can circumvent all existing preventive measures.” Rendering this a rather critical vulnerability.

3 reasons for major concern:
– Max Anonymity
– More distance coverage
– Low power and low complexity

Exploits
– data exfiltration – can serve as a vehicle to known data exfiltration techniques
– command and control – remote control of IoT to trigger events
– clandestine ops – attackers can communicate without detection

Article: Rapid digitisation of banks invites cyber risks as well. What are the risks, and what should banks do?
Author: Ishwari Chavan
Published: September 20, 2021, 09:24 IST
Site: CIO.com The Economic Times
Link: Article

Going digital without care is not the way to go for financial institutions. This article reports an increase in cyberattacks focused on banking institutions to a whopping 238% between Feb 2020 and April 2020 (VMWare Carbon Black). Anywhere from phishing, network scanning and probing (Recon work), viruses and website hacking has been methods used in the attempt to penetrate organizations. PII containing applications are particularly vulnerable due to the simple fact that they have “minimal to no security”. With everything moving to some kind of cloud, the boundaries have been deleted and hackers have new ways of “getting in”. Increasing the vulnerable points of an application has increased the risk. Even if the banks are secure, think about the third party applications that interface – Venmo, Facebook, Zelle, and Paypal to name a small few. The article encourages a collaborative effort for financial institutions to counter against these attacks and vulnerabilities. “Banks are required to reimagine some of their own technology and adapt to a three-year or four-year journey.”

Article: CISA Launches JCDC, the Joint Cyber Defense Collaborative
Author: Kelly Jackson Higgins
Published: August 5, 2021, 8:55 PM
Site: DARKReading.com

What is the best defense against all the cyber attacks our country has experience in the last few years? What is the best response? What is the best approach and strategy?

Jen Easterly may have an answer – COLLABORATION! Easterly is the newly appointed Cybersecurity and Infrastructure Security Agency director and has launched an initiative to band the public and private sectors of the security industry to work together and “proactively address and defend” against the cyberattacks in the US. The initiative is called Joint Cyber Defense Collective (JCDC) goals are to increase awareness on the threat landscape that we face today and map that landscape to actual operational “blueprints”.

The first items on the agenda are ransomware and cloud security. Goals are to plan a “framework to respond to cyber incidents affecting CSPs”.

The collaborating pool of entities is impressive!

1. Government: CISA, Dept of Defense, US Cyber Command, NSA, FBI and Office of the Director of National Intelligence.
2. Future: Dept of Energy, Transportation, EPA, & FDA will be soon to follow.
3. Private: AWS, AT&T, CrowdStrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon.

This is an exciting turn of events and about time. The US needs to leverage the knowledge and strengths from ALL sectors to combat the ever growing mal-actors that are waiting in the sidelines to disrupt our world. I look forward to following this initiative closely and even looking into how to get involved! Cyber security is our future and the sooner we become part of the solution the better.

Vanessa

Reference:

https://www.darkreading.com/threat-intelligence/cisa-launches-jcdc-the-joint-cyber-defense-collaborative/d/d-id/1341592

 

Article: BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says

Author: Jill McKeon

Published: Sept 09, 2021

Probably the most interesting article I’ve read all week! BlackMatter is a ransomware group that provides RaaS – Ransomware as a Service that has one motivation – $$.

BlackMatter has roots in Eastern Europe and have targeted victims North/South America and Asia with a focus on real estate, IT, F&B, architecture, education and finance sectors. Though it claims to “not target hospitals, critical infrastructure facilities, nonprofit companies, government, the defense industry, or the oil and gas industry” it is imperative to know that it’s connection to DarkSide and REvil/Sodinokibi is making that claim doubtful. (Darkside was the threat actor in the the Colonial Pipeline hack.)

The BlackMatter group makes it a business to sell credentials, VPN logins  and webshells to ransomware groups.

Highly recommend you read the article. It is insightful into how bold these cybercriminals are. No longer even a secret. Now it’s a service.

Source: https://healthitsecurity.com/news/blackmatter-ransomware-attacks-threaten-healthcare-hc3-says

This was an interesting read this week. Three vulnerabilities have been identified in Microsoft exchanged that if used in combination allow the user to ” perform unauthenticated remote code execution” easily accomplished via the public facing web platform of Microsoft Exchange.

Some attackers have already started using the Proxyshell attacks by modifying configurations in applicationHost.config files in which a new “virtual directory” is set up that tricks the server into hosting files from other locations on the file system. Some attacks leave the Wed shell open for future use, others have been hit with cryptocurrency miners and another with Lockfile ransomware. Yet this is not yet a “centralized, organized and large-scale attack”. The article explains that the pieces/framework is there for an attacker to exploit. It “could” turn into a more critical attack chain if unchecked.

Patching is still being analyzed and decided upon as this is not to be confused with the vulnerabilities and patches that were applied to the ProxyLogon situation in March. Huntress is advising that business apply patches to the Exchange servers thru the July 2021 release.

Article:

Dark Reading Article – CISA Warns of Ongoing Attacks Targeting ProxyShell Vulnerabilities – Author: Kelly Sheridan; Published: August 24, 2021