Week 03

http://www.theverge.com/2017/2/7/14527360/vizio-smart-tv-tracking-settlement-disable-settings

Vizio has been fined by the FTC and had to pay 2.2 million to settle charges because they have been monitoring the viewing habits on more that 11 million TVs without permission for over two years. The tracking feature has been enabled by default, instead of giving the user the option to use that feature.

I posted this article in another class, but I thought I should share it here as well.  We should all be familiar with ransomware and how it works. If not, the basics is simple; a hacker infiltrates a computers, either through phishing, embedded links, or Trojans, and encrypts the files on the computer.  For the victim to have the files decrypted, a payment in bitcoins is usually demanded.

Ransomware has been in existence since 1989, but really made its mark in the recent years.  Why? it’s simple really, more and more people are using digital storage technologies to store information.  Consumers are storing anything from financial data, credit information, medical history, and even sentimental things such as pictures and videos.  Organizations are storing a lot more information that are sensitive, proprietary, or files that are critical to their day-to-day business.  Knowing this hackers exploits it by using ransomware and bitcoin payment method, making it virtually impossible to trace.

While most law enforcement agencies have encouraged victims to payout the demand, there are organizations out there teaming up to combat this.  Europol, Kaspersky Labs, Intel Security, among others have started the “No Ransom Project” back in July 2016.  The purpose of the project is to provide the victims of ransomware free tools to decyrpt the files.  Thus far, they were able to decrypt about 24 variants of ransomware.  Although this is a small number compared to the average growth of 10 new ransomware family per month (TrendMicro, 2016), it is a good start.  As more and more organizations begin to share or join with the “No Ransom Project,” the number of decryption tools will begin to grow.  However, this doesn’t mean that we should not take preventative measures to protect ourselves.

Listing of Available Decryption Tools: https://www.nomoreransom.org/decryption-tools.html
Dark Reading Article: http://www.darkreading.com/threat-intelligence/6-free-ransomware-decryption-tools/d/d-id/1327999
TrendMicro Article: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-recap-new-families-updated-variants-in-june

At least 76 popular iOS apps found to have risks for data interception. At the time of the findings, more than 18,000,000 apps downloaded from Apple’s App Store. Popular apps such as Snapchap and various banking apps are among the known vulnerable apps. The vulnerable apps failed to make use of the Transport Layer Security Protocol. Without this security, applications are susceptible to data interception by hackers. The developers of the application must make fix.  Apple is unable to address at OS level because changes there can open up additional holes in security. The current work around is not to use applications effected by this flaw on public Wi-Fi but rather use data service provided by cellular company.

https://www.macrumors.com/2017/02/07/popular-ios-apps-vulnerable-interception/

Eight days prior to President Trump’s inauguration, the Washington DC Police Department had to take their cameras offline from January 12 to 15. This is the result from a ransomware attack that plagued 123 of the 187 network video recorders that are used all across the DC area. After the system was rebooted the ransomware had been eliminated. This goes to show that ransomware attacks are increasing, not necessarily to gain access to the DC police’s network, but to extort money from them.

Article – https://www.bitdefender.com/box/blog/iot-news/70-washington-dcs-cctv-cameras-infected-ransomware

Article

The article I chose for this week discusses the increased demand for cyber security in the UK over recent years. In the past five years, the UK’s cyber security workforce has increased by 163%. Since last year, the average salary of cyber security professionals has increased by 7%. Additionally the article listed statistics on job openings in the field, stating that by 2020 there will be a shortage of 1.5 million security professionals. The majority of available positions are security analysts, consultants, engineers, managers, and architects.

Aritcle Link

Anonymous, a group affiliated with hacking, managed to bring down one-fifth of Tor based websites.  Anonymous is well-known as being a hacktivist group, many times hacking departments/companies that are in the news, and essentially create a list of demands for the company.  In this instance, Anonymous hacked and brought down almost 10,000 sites that were sharing child pornography on the Dark Web.

The Dark Web is part of the World Wide Web that exists on overlay networks and darknets. “Dark Webs uses public Internet but access to it can only be gained through some specific software, authorization codes or a particular configuration.”   The host that was hacked was known as Freedom Hosting II, which hosts about 20% of all Dark Web websites.

Microsoft has asked President Donald Trump’s administration for an exception to the executive order (EO) on immigration that bans travel from seven majority-Muslim Countries.

The computing behemoth is seeking a program that would allow people from those countries to enter and leave the United States on business or family emergency travel if they hold valid work or student visas and have not committed any crimes.

It’s not just Microsoft that is concerned with the immigration stance of the new president: Google, Apple and Amazon.com, all big employers of foreign-born tech talent, have expressed opposition to the administration’s policies.

I think people who already have green-card and valid work-visa in America should not be sent back to their own countries. It is unfair for people who work hard to stay in America. In addition, America is an immigration country, if president Trump wants to only keep citizens here, there won’t be enough populations to support the country.

link: https://www.infosecurity-magazine.com/news/microsoft-asks-for-exception-1/

This article is about the initiatives in Israel to educate youth on cyber technologies and cyber security. According to the article, the country announced a national center for cyber education. Children of all ages, even those in kindergarten, are being taught some form of cyber techniques including coding. A member if the philanthropic group running the center says, “we are building the next level of knowledge-how to code”.

http://triblive.com/usworld/world/11895689-74/israel-cyber-cybersecurity

Security firms RedOwl and IntSights have noticed a trend of online black market dealers attempting to recruit “company employees for insider trading and cashing out stolen credit card numbers.” These dealers run forums on the dark web, which is accessible using the Tor browser. The dealers identify employees that could use for insider trading purposes, and after colluding with the employee to retrieve the insider information, they help forum members make “educated stock market bets..” Some of the members make more than $5000 a month using this tactic.

In some cases, the hackers provide the employees with cyber tools to steal data from the company they work for. Security firms have suggested that companies take insider threats more seriously, and that they should implement IT security systems that monitor employees for “unwanted behaviors without violating their privacy.”

http://www.csoonline.com/article/3164543/security/hackers-are-seeking-out-company-insiders-on-the-black-market.html