Ransomware can be viewed as the weaponization of cryptography. Bleeping Computer reports, new ransomware group, DeadBolt, is targeting QNAP network-attached storage devices via a zero-day vulnerability. The group provides anonymized communication stating they will provide a decryption key for 50 BTC. NAS is an ideal target for Ransomware groups as these are devices are dedicated to storage and prime for encryption. Other ransomware groups have also attacked QNAP devices, including Qlocker and eChoraix.
I came across this article that details IT and DevOps staff are more likely to click on phishing links. I found it pretty interesting because I would think that the technical staff would be more alert to potential phishing attacks compared to the average person. The article provides some possibilities as to why this might be the case, citing over confidence. I think this is a valid reason as to why they would be more likely to click on phishing links, and almost reinforces the idea that the weakest link in the security chain is human error.
Cyber security has been a big topic to educate in today’s business and mostly starts with “how to create your password correctly.” Organizations use different materials or create content to inform the importance of correctly assembling and using passwords in workplaces; they commonly encourage employees to use a password manager such as 1Password. And this article came across which 1Password has recently “valued at $6.8 billion in new funding round”. As “protecting passwords became increasingly important for individuals,” investors have seen the potential in the password management app, and 1Passwod has become one of Canada’s most valuable tech firms.
Even I did not take my passwords seriously until I became a student at Temple, the system will set a reminder and automatically reset our password on TUpotal. This has helped me create a good habit of changing and making unique passwords for all my social accounts.
This article I read discusses the latest tactics being used by North Korean nation-state APT known as APT38/Whois Hacking Team/ Zinc/Hidden Cobra/ and most commonly, The Lazarus Group. This threat actor is abusing a strategy known as living-off-the-land, lotl, which basically exploits native non-malicious binaries by manipulating them to execute a malicious purpose (outside of pentesting). The malicious payload being sent is exploiting functionality of the Windows Update service. The process executes in the following sequence: a decoy phishing Microsoft Word file targeting security reseachers impersonating Lockheed Martin baiting them into research jobs executes a macro embedded with a base64-encoded shellcode that injects malware into “explorer.exe” the malware is embedded in DLL that is part of the Windows Update Client to help it avoid detection, and it communicates with a command and control server that is a github repo hosting malicious modules disguised as PNG images.
The data breach at EyeMed has resulted in compromising of 1.2 million peoples personal identified information. The incident happened in June 2020. When an unauthorized person accessed companies email account. The attacker was able to view the emails entering and leaving the companies’ network. Which some of those emails included the information of customers name, address, date of birth, full or partial Social Security Number, healthcare account information, and drivers’ license numbers. EyeMed has recently paid $600,000 settlement fees to the New York state. In addition, EyeMed has acknowledged to strength their security practices by encrypting the sensitive data and conducting penetration testing.
“Aussie Tech Entrepreneur Extradited Over SMS Fraud”
A Russian-born tech entrepreneur has been extradited from Australia to the United States for conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to commit money laundering. Eugeni Tsvetnenko covertly subscribed hundreds of thousands of cell phone users to a $9.99 per month recurring text message fee that the user did not want to subscribe to victims of the scheme received text messages about horoscopes, celebrity gossip and trivia facts. The scheme’s operators defrauded victims of approximately $41,389,725 and earned approximately $20 million in profits. At the same time, he faces charges related to a multi-million-dollar SMS consumer fraud scheme.
This article detailed on the type of computer able to crack Bitcoin’s encryption. Being that Bitcoin is known as a secure, anonymous and confidential finance platform (after all, the name is cryptocurrency), confidentiality is a top security objective for the organization. A quantum computer would need about 30-300 million qubits; and for reference, basic quantum computers today use about 50-100 qubits for basic functions. Although it seems like there is a dramatic difference between these two ranges, it is speculated that quantum computers will continue to advance and be able to break the Bitcoin encryption sooner. A similar phenomenon occurred when it was predicted that a quantum computer of about 100 square meters in size would be required to crack RSA encryption; but 4 years later, a quantum computer of about 2.5 square meters in size was able to have the same processing power as the 100 square meter model.
Overall, the biggest takeaway here is that encryption is evolving. In order for platforms like Bitcoin to be secure, it is critical that the most cutting edge encryption algorithms are deployed for data both in-transit and at-rest. DES was viewed as top of the line cryptography at one point, only for hackers to easily crack it years later. Security professionals must constantly research and improve encryption strategy, faster than competing threat actors.
Meta has announced plans to release end-to-end encryption as the default for Facebook Messenger and Instagram in 2023. Although this may be good news to its users, some governments have expressed concern that too much encryption inhibits law enforcement from fighting certain threats, such as child exploitation and terrorism. This update brings light to the constant struggle between users wanting privacy, and governments wanting to provide security for all, which may lead to an invasion of one’s personal information. Although Meta has been in the spotlight before for infractions on individual’s privacy, they likely will not back down on this end-to-end encryption as they have previously rejected the notion of offering backdoors to law enforcement.
This article talks about how the mobile application created for use by attendees and athletes of the Winter Olympics contains flaws that would allow for a man-in-the-middle attack. The vulnerabilities are around the encryption used to protect users. The app holder sensitive information such as medical, customs forms, travel information, and more. The first vulnerability is that it fails to validate SSL certificates, so it fails to validate who the data is being sent to, and the second vulnerability is that some data is being sent without encryption or any security.
This article talks about how small data breaches can have positive effects on a brand’s reputation. Large data breaches will negatively impact brand power by about -9%, but small incidents generally lead to 26-29% increase in brand power.
A small data breach often increases public awareness of the brand. Negative press can sometimes be beneficial to a company. Think of Colonial Pipeline, for example. Following last year’s ransomware incident, brand awareness increased significantly for the pipeline. How many people actually knew Colonial Pipeline existed prior to this incident? I know I didn’t.
“Apple Makes it Easier to Share “Unlisted” Apps with Employees, Partners, and Others.”
Apple develops “unlisted apps” with employees, partners, educators, and researchers.
Unlisted apps solve problems for developers- developers are able to publish apps that are intended for a selected audience rather than the public. Apple users are able to download the apps via a direct link, but will not be able to find them by browsing through the App Store. For developers who want to create an unlisted app, has to request a form and submit it to Apple. Once it has been approved, Apple will provide the link.
The article talks about organizational information and data should be protected from active and passive attacks and secured from illegal access, unwanted interruption, unauthorized alteration or annihilation. Many businesses fall victim to such attacks primarily due to weak information security policies (ISPs). Also, disrupting these IS policies by IT users makes businesses under information security threats. This article basically explored the implementation of ISPs within a large organization to establish policy adequacy and to evaluate user awareness and compliance with such policies. Using a case study approach, the article determined that the information security should zero in on areas included in this organization ISPs are password management; use of email, the Internet and social networking sites; mobile computing; and information handling. On the contrary, the maturity levels of these elements varied among focus areas due to a lack of ISP awareness and compliance among users. https://link.springer.com/article/10.1023/A:1022464607153
The ability to encrypt information is an essential part of military command and control, just as breaking military codes has been a decisive factor in modern warfare. With that in mind, the United States should take steps now to prepare for a day when adversaries could have quantum computing-enabled decryption capabilities.
Examples of successful codebreaking abound, from the deciphering of the Zimmermann Telegram that brought the United States into World War I to the cracking of Japanese codes that led to victory at the Battle of Midway. Most famously, cracking the Enigma code helped change the course of World War II. Though still an essential element of military command and control, cryptography also underpins security across all segments of our economy, including phone calls, credit card payments, banking transactions and most web searches.
BitLocker encryption: Clear text key storage prompts security debate online
What is BitLocker – BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it. In addition, windows will need a BitLocker recovery key to detect a possible unauthorized attempt to access the data.
A recent debate (published on January 21, 2002) was held on why, when an installation of Microsoft Windows 11 with a local account takes place, the hard drive will still be encrypted with BitLocker while the encryption key will exist in the drive; in clear text until the user signs in with a Microsoft account”.
Consultants and software developers opined why keys are stored in this way and the exposure that this could lead to. Recent opinions on Twitter and other platforms have, however, showed that while there is a “small amount of exposure” in the process, user access would still be required to take advantage of this step in the process – so, in theory, you could simply wipe the data stored on a target machine to compromise the key.
BitLocker encryption: Clear text key storage prompts security debate online
What is BitLocker – BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it. In addition, windows will need a BitLocker recovery key to detect a possible unauthorized attempt to access the data.
A recent debate (published on January 21, 2022) was held on why, when an installation of Microsoft Windows 11 with a local account takes place, the hard drive will still be encrypted with BitLocker while the encryption key will exist in the drive; in clear text until the user signs in with a Microsoft account”.
Consultants and software developers opined why keys are stored in this way and the exposure that this could lead to. Recent opinions on Twitter and other platforms have, however, showed that while there is a “small amount of exposure” in the process, user access would still be required to take advantage of this step in the process – so, in theory, you could simply wipe the data stored on a target machine to compromise the key.
Kelly Sharadin says
Ransomware can be viewed as the weaponization of cryptography. Bleeping Computer reports, new ransomware group, DeadBolt, is targeting QNAP network-attached storage devices via a zero-day vulnerability. The group provides anonymized communication stating they will provide a decryption key for 50 BTC. NAS is an ideal target for Ransomware groups as these are devices are dedicated to storage and prime for encryption. Other ransomware groups have also attacked QNAP devices, including Qlocker and eChoraix.
https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/
Andrew Nguyen says
I came across this article that details IT and DevOps staff are more likely to click on phishing links. I found it pretty interesting because I would think that the technical staff would be more alert to potential phishing attacks compared to the average person. The article provides some possibilities as to why this might be the case, citing over confidence. I think this is a valid reason as to why they would be more likely to click on phishing links, and almost reinforces the idea that the weakest link in the security chain is human error.
https://www.infosecurity-magazine.com/news/it-devops-staff-likely-click/
zijian ou says
Cyber security has been a big topic to educate in today’s business and mostly starts with “how to create your password correctly.” Organizations use different materials or create content to inform the importance of correctly assembling and using passwords in workplaces; they commonly encourage employees to use a password manager such as 1Password. And this article came across which 1Password has recently “valued at $6.8 billion in new funding round”. As “protecting passwords became increasingly important for individuals,” investors have seen the potential in the password management app, and 1Passwod has become one of Canada’s most valuable tech firms.
Even I did not take my passwords seriously until I became a student at Temple, the system will set a reminder and automatically reset our password on TUpotal. This has helped me create a good habit of changing and making unique passwords for all my social accounts.
https://www.cnbc.com/2022/01/19/1password-valued-at-6point8-billion-by-investors.html
Antonio Cozza says
This article I read discusses the latest tactics being used by North Korean nation-state APT known as APT38/Whois Hacking Team/ Zinc/Hidden Cobra/ and most commonly, The Lazarus Group. This threat actor is abusing a strategy known as living-off-the-land, lotl, which basically exploits native non-malicious binaries by manipulating them to execute a malicious purpose (outside of pentesting). The malicious payload being sent is exploiting functionality of the Windows Update service. The process executes in the following sequence: a decoy phishing Microsoft Word file targeting security reseachers impersonating Lockheed Martin baiting them into research jobs executes a macro embedded with a base64-encoded shellcode that injects malware into “explorer.exe” the malware is embedded in DLL that is part of the Windows Update Client to help it avoid detection, and it communicates with a command and control server that is a github repo hosting malicious modules disguised as PNG images.
https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html
Vraj Patel says
The data breach at EyeMed has resulted in compromising of 1.2 million peoples personal identified information. The incident happened in June 2020. When an unauthorized person accessed companies email account. The attacker was able to view the emails entering and leaving the companies’ network. Which some of those emails included the information of customers name, address, date of birth, full or partial Social Security Number, healthcare account information, and drivers’ license numbers. EyeMed has recently paid $600,000 settlement fees to the New York state. In addition, EyeMed has acknowledged to strength their security practices by encrypting the sensitive data and conducting penetration testing.
Vraj Patel says
https://portswigger.net/daily-swig/us-healthcare-company-eyemed-reaches-settlement-following-2020-data-breach
Dan Xu says
“Aussie Tech Entrepreneur Extradited Over SMS Fraud”
A Russian-born tech entrepreneur has been extradited from Australia to the United States for conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to commit money laundering. Eugeni Tsvetnenko covertly subscribed hundreds of thousands of cell phone users to a $9.99 per month recurring text message fee that the user did not want to subscribe to victims of the scheme received text messages about horoscopes, celebrity gossip and trivia facts. The scheme’s operators defrauded victims of approximately $41,389,725 and earned approximately $20 million in profits. At the same time, he faces charges related to a multi-million-dollar SMS consumer fraud scheme.
https://www.infosecurity-magazine.com/news/tsvetnenko-extradited-sms-fraud/
Lauren Deinhardt says
https://d1softballnews.com/heres-what-quantum-computer-is-needed-to-crack-bitcoins-cryptography/
This article detailed on the type of computer able to crack Bitcoin’s encryption. Being that Bitcoin is known as a secure, anonymous and confidential finance platform (after all, the name is cryptocurrency), confidentiality is a top security objective for the organization. A quantum computer would need about 30-300 million qubits; and for reference, basic quantum computers today use about 50-100 qubits for basic functions. Although it seems like there is a dramatic difference between these two ranges, it is speculated that quantum computers will continue to advance and be able to break the Bitcoin encryption sooner. A similar phenomenon occurred when it was predicted that a quantum computer of about 100 square meters in size would be required to crack RSA encryption; but 4 years later, a quantum computer of about 2.5 square meters in size was able to have the same processing power as the 100 square meter model.
Overall, the biggest takeaway here is that encryption is evolving. In order for platforms like Bitcoin to be secure, it is critical that the most cutting edge encryption algorithms are deployed for data both in-transit and at-rest. DES was viewed as top of the line cryptography at one point, only for hackers to easily crack it years later. Security professionals must constantly research and improve encryption strategy, faster than competing threat actors.
Patrick Jurgelewicz says
Meta has announced plans to release end-to-end encryption as the default for Facebook Messenger and Instagram in 2023. Although this may be good news to its users, some governments have expressed concern that too much encryption inhibits law enforcement from fighting certain threats, such as child exploitation and terrorism. This update brings light to the constant struggle between users wanting privacy, and governments wanting to provide security for all, which may lead to an invasion of one’s personal information. Although Meta has been in the spotlight before for infractions on individual’s privacy, they likely will not back down on this end-to-end encryption as they have previously rejected the notion of offering backdoors to law enforcement.
https://www.engadget.com/facebook-messenger-encrypted-chat-feature-update-170051506.html
Dhaval Patel says
This article talks about how the mobile application created for use by attendees and athletes of the Winter Olympics contains flaws that would allow for a man-in-the-middle attack. The vulnerabilities are around the encryption used to protect users. The app holder sensitive information such as medical, customs forms, travel information, and more. The first vulnerability is that it fails to validate SSL certificates, so it fails to validate who the data is being sent to, and the second vulnerability is that some data is being sent without encryption or any security.
https://threatpost.com/beijing-olympics-app-flaws-allow-man-in-the-middle-attacks/177748/
Madalyn Stiverson says
This article talks about how small data breaches can have positive effects on a brand’s reputation. Large data breaches will negatively impact brand power by about -9%, but small incidents generally lead to 26-29% increase in brand power.
A small data breach often increases public awareness of the brand. Negative press can sometimes be beneficial to a company. Think of Colonial Pipeline, for example. Following last year’s ransomware incident, brand awareness increased significantly for the pipeline. How many people actually knew Colonial Pipeline existed prior to this incident? I know I didn’t.
https://www.forbes.com/sites/zengernews/2022/01/30/can-data-breaches-be-good-for-some-corporate-brands/?sh=19b073d11912
Victoria Zak says
“Apple Makes it Easier to Share “Unlisted” Apps with Employees, Partners, and Others.”
Apple develops “unlisted apps” with employees, partners, educators, and researchers.
Unlisted apps solve problems for developers- developers are able to publish apps that are intended for a selected audience rather than the public. Apple users are able to download the apps via a direct link, but will not be able to find them by browsing through the App Store. For developers who want to create an unlisted app, has to request a form and submit it to Apple. Once it has been approved, Apple will provide the link.
Resource:
https://www.computerworld.com/article/3648418/apple-makes-it-easier-to-share-unlisted-apps-with-employees-partners-and-others.html
kofi bonsu says
The article talks about organizational information and data should be protected from active and passive attacks and secured from illegal access, unwanted interruption, unauthorized alteration or annihilation. Many businesses fall victim to such attacks primarily due to weak information security policies (ISPs). Also, disrupting these IS policies by IT users makes businesses under information security threats. This article basically explored the implementation of ISPs within a large organization to establish policy adequacy and to evaluate user awareness and compliance with such policies. Using a case study approach, the article determined that the information security should zero in on areas included in this organization ISPs are password management; use of email, the Internet and social networking sites; mobile computing; and information handling. On the contrary, the maturity levels of these elements varied among focus areas due to a lack of ISP awareness and compliance among users.
https://link.springer.com/article/10.1023/A:1022464607153
kofi bonsu says
The correct website address to the above article is stated below:
https://www.sciencedirect.com/science/article/pii/S1877050917329745
Bernard Antwi says
The ability to encrypt information is an essential part of military command and control, just as breaking military codes has been a decisive factor in modern warfare. With that in mind, the United States should take steps now to prepare for a day when adversaries could have quantum computing-enabled decryption capabilities.
Examples of successful codebreaking abound, from the deciphering of the Zimmermann Telegram that brought the United States into World War I to the cracking of Japanese codes that led to victory at the Battle of Midway. Most famously, cracking the Enigma code helped change the course of World War II. Though still an essential element of military command and control, cryptography also underpins security across all segments of our economy, including phone calls, credit card payments, banking transactions and most web searches.
https://www.nationaldefensemagazine.org/articles/2021/12/27/quantum-and-the-future-of-cryptography
Olayinka Lucas says
BitLocker encryption: Clear text key storage prompts security debate online
What is BitLocker – BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it. In addition, windows will need a BitLocker recovery key to detect a possible unauthorized attempt to access the data.
A recent debate (published on January 21, 2002) was held on why, when an installation of Microsoft Windows 11 with a local account takes place, the hard drive will still be encrypted with BitLocker while the encryption key will exist in the drive; in clear text until the user signs in with a Microsoft account”.
Consultants and software developers opined why keys are stored in this way and the exposure that this could lead to. Recent opinions on Twitter and other platforms have, however, showed that while there is a “small amount of exposure” in the process, user access would still be required to take advantage of this step in the process – so, in theory, you could simply wipe the data stored on a target machine to compromise the key.
Source:
https://portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online
Olayinka Lucas says
BitLocker encryption: Clear text key storage prompts security debate online
What is BitLocker – BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it. In addition, windows will need a BitLocker recovery key to detect a possible unauthorized attempt to access the data.
A recent debate (published on January 21, 2022) was held on why, when an installation of Microsoft Windows 11 with a local account takes place, the hard drive will still be encrypted with BitLocker while the encryption key will exist in the drive; in clear text until the user signs in with a Microsoft account”.
Consultants and software developers opined why keys are stored in this way and the exposure that this could lead to. Recent opinions on Twitter and other platforms have, however, showed that while there is a “small amount of exposure” in the process, user access would still be required to take advantage of this step in the process – so, in theory, you could simply wipe the data stored on a target machine to compromise the key.
Source:
https://portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online