The article discusses how hackers using zero-day attacks were able to by skirt by Ivanti mitigations that were already in place to secure VPN devices. CISA responded advising Ivanti customers to take measures to avoid potential damage, like monitoring account usage and authentication attempts. It was reported that more than 2,100 Ivanti Connect Secure VPN devices had been compromised. No one has taken responsibility for the attack nor has any ransom demands been made.
How quantum-safe cryptography will ensure a secure computing future.
For sensitive data protection, encryption and authentication is crucial. Future quantum computers could jeopardize current encryptions. Quantum computers are going to be a powerful technology and could break cryptography, causing chaos in our digital lives. Still, this is unlikely to happen but it’s good to start taking measures. To prevent this from happening, researchers have been working on a technology called quantum-safe cryptography. NIST has announced that it will standardize the winning cryptosystems by 2024. It means that the US government will start adopting these schemes and requiring that their suppliers use them too.
The pros and cons for AI in financial sector cybersecurity
Much has been written about the threats and perils artificial intelligence (AI) poses to financial services and how it can be used by cybercriminals to infiltrate customer accounts. In an industry already plagued by constant fraud concerns, where it’s predicted that the global cost of fraud will surpass $40 billion by 2027, the explosive popularity of AI, and the additional hazards it presents, have not necessarily been met with widespread enthusiasm across the sector.
Topic – LockBit shows no remorse for ransomware attack on children’s hospital
This article is about the recent activities of a ransomware group called LockBit. The group has claimed responsibility for an attack on a Chicago children’s hospital, deviating from its previous policy of not targeting nonprofits. The criminals have set an $800,000 ransom for the hospital and are reportedly unwilling to reverse the attack. The hospital, Saint Anthony, has not confirmed whether it will pay, but with such a large sum, it’s unlikely. Patient information was compromised, but no medical or financial records were accessed. LockBit had previously shown restraint in targeting hospitals and nonprofits but seems to be loosening its restrictions. The attack appears to be a senseless money grab, as LockBit either misunderstood Saint Anthony’s nonprofit status or didn’t care. The incident reflects the evolving tactics of ransomware gangs, emphasizing the importance of robust cybersecurity measures for all organizations.
AnyDesk, a remote access solution that allows for remote access to computers through a local network or the internet, has suffered a cyberattack that allowed hackers production system access that resulted in source code and private code signing keys being stolen. AnyDesk became aware of the incident on Friday and have assured that end-user devices were not affected by the attack, although they have reset all passwords to their web portal. As part of the attack, the software’s code signing has been stolen which may result in threat actors creating a malicious version of the application that looks legitimate utilizing the stolen signing.
Although AnyDesk is in use through many customers like 7-Eleven, Comcast, Samsung, NVIDIA, and the United Nations, it also has been used sometimes by threat actors for persistent access to breached devices and networks.
I found out that new TPM 2.0 flaws could let hackers steal cryptographic keys.
The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.
TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions. It can be used to store cryptographic keys, passwords, and other critical data, making any vulnerability in its implementation a cause for concern.
Keypoints:
-Quantum cryptography is a new type of encryption that uses the principles of quantum mechanics to create unbreakable codes.
-Traditional encryption methods can be broken by powerful computers, but quantum cryptography is theoretically impossible to break.
-This is because quantum cryptography uses qubits, which can be both a 0 and a 1 at the same time. This makes it impossible for eavesdroppers to copy or intercept the encrypted message without being detected.
-However, quantum cryptography is still in its early stages of development and is not yet widely used. This is because it is slow and expensive to implement.
Overall, quantum cryptography has the potential to revolutionize the way we communicate and store sensitive information. However, it will likely be some time before it becomes a mainstream technology.
Link: https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html
A hacking group in the Asia-Pacific known as ResumeLooters has been doing SQL injection attacks on employment agencies and retail companies for the majority of the last year. They’ve focused on job search platforms managing to compromise 65 websites and get over 2 million user records which includes sensitive personal data to be sold on the dark web. This is especially concerning as it feels like a good chunk of job postings globally are just people seeking to sell your information or use it against you somehow.
Article: Cybersecurity expert says the next generation of identity theft is here: ‘Identity hijacking’
This article cover the evolving forms of identity and security fraud emerging with the advent of AI> Specifically, it discusses the risks related to “identity jacking” or the use of one’s identity in a deepfake or otherwise AI related methods to utilize somebody’s identity without their permission and emulate their mannerisms etc. to authorize fraudulent activity on systems they may manage or own. This occurred recently in the case of $25 Million dollars being taken from a Hong Kong company using deepfake technology. In order to combat these human engineering attacks we will likely need to adjust how we create security training for clients and organizations as well as other possible forms of combating these evolving threats
“Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials”
Threat actors are using fake Facebook job ads to entice victims into downloading a new Windows-based malware called Ov3r_Stealer, which steals credentials and cryptocurrency wallets, sending the data to a monitored Telegram channel. The malware can gather a wide range of sensitive information, including IP addresses, passwords, credit card details, and more. The attack starts with a weaponized PDF file shared through fake accounts and ads, leading users to download and execute malicious files disguised as legitimate documents. Trustwave SpiderLabs suggests that Ov3r_Stealer may evolve into a loader for additional malware, potentially including ransomware. This tactic bears similarities to a recent attack using Phemedrone Stealer, indicating a possible connection between the two malware strains. These developments occur amidst a broader landscape of cyber threats, including the exploitation of cracked software and compromised credentials to facilitate data theft and malware distribution.
URL: https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html
AWS, Cisco, Google, Nvidia and IBM join with Linux Foundation in post-quantum cryptography initiative – SiliconANGLE
This article goes over how the Linux foundation announced the launch of Post-Quantum Cryptography Alliance, which is an open and collaborative effort that brings chipmakers, cloud providers, developers, researchers etc. to address the cryptographic security challenges posed by quantum computing. Some companies in this alliance are Cisco Systems, Google, IBM, Amazon Web services etc. It shows how quantum computing poses significant cryptographic security challenges given its potential to break the current cryptographic protocols that secure digital communication and data. This is something that kept coming to mind this week during my readings and even the case study. Is this whole industry going to change overnight due to cryptography? I feel that the efficiency of these quantum computers mixed in with AI is going to drastically change everything on earth, especially the ITACS industry. It then goes in and explains how this alliance will engage in various technical projects aimed to support and developing software for evaluating, prototyping and developing new post quantum algorithms.
What are your thoughts on the future of security and quantum computing?
According to a new report, hackers are now using fake job advertisements to trick users into installing a new Windows-based malware named Ov3r_stealer. The malware is configured to steal credentials and crypto wallets and send them to a telegram channel the attackers monitor. To avoid this attack, users are advised to be careful when clicking on links.
In this article, it talks about how the U.S. State Department will be implementing a policy that imposes restrictions on visa’s for people who use or are linked to the use of illegal spyware on people. This also applies to the companies that create and sell the spyware to others. If a person were to be caught using the spyware, they would have to apply for a visa to enter the US and wouldn’t be able to waive the visa. Spyware clearly is prominent in politics these days as Joe Biden signed an executive order which banned federal government agencies with using commercial spyware if it was deemed to post national security risks. Also, As confirmed by the UK government, from April 2023, at minimum 80 countries bought commercial cyber intrusion software within the past decade.
Erskine Payton
In the News Article- Unit 4
MIS 5214
Temple University
CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations
https://www.crn.com/news/security/2024/cisa-attackers-are-bypassing-ivanti-vpn-bug-mitigations
The article discusses how hackers using zero-day attacks were able to by skirt by Ivanti mitigations that were already in place to secure VPN devices. CISA responded advising Ivanti customers to take measures to avoid potential damage, like monitoring account usage and authentication attempts. It was reported that more than 2,100 Ivanti Connect Secure VPN devices had been compromised. No one has taken responsibility for the attack nor has any ransom demands been made.
How quantum-safe cryptography will ensure a secure computing future.
For sensitive data protection, encryption and authentication is crucial. Future quantum computers could jeopardize current encryptions. Quantum computers are going to be a powerful technology and could break cryptography, causing chaos in our digital lives. Still, this is unlikely to happen but it’s good to start taking measures. To prevent this from happening, researchers have been working on a technology called quantum-safe cryptography. NIST has announced that it will standardize the winning cryptosystems by 2024. It means that the US government will start adopting these schemes and requiring that their suppliers use them too.
You can read more in the below article.
https://www.weforum.org/agenda/2022/07/how-quantum-safe-cryptography-will-ensure-a-secure-computing-future/#:~:text=1%20Quantum%20computers%20of%20the%20future%20could%20break,chosen%20based%20on%20security%20and%20performance.%20More%20items
Hackers are back to using TeamViewer to breach computers and deploy ransomware, a new report from cybersecurity researchers Huntress is saying.
TeamViewer is one of the most popular remote access and remote desktop management tools out there. It’s a legitimate piece of software broadly used in the enterprise world to allow users quick and seamless access to remote endpoints.
https://www.msn.com/en-us/news/technology/hackers-target-teamviewer-to-try-and-get-access-to-your-company-s-network/ar-BB1gXRhE
The pros and cons for AI in financial sector cybersecurity
Much has been written about the threats and perils artificial intelligence (AI) poses to financial services and how it can be used by cybercriminals to infiltrate customer accounts. In an industry already plagued by constant fraud concerns, where it’s predicted that the global cost of fraud will surpass $40 billion by 2027, the explosive popularity of AI, and the additional hazards it presents, have not necessarily been met with widespread enthusiasm across the sector.
https://www.securitymagazine.com/articles/100328-the-pros-and-cons-for-ai-in-financial-sector-cybersecurity
Topic – LockBit shows no remorse for ransomware attack on children’s hospital
This article is about the recent activities of a ransomware group called LockBit. The group has claimed responsibility for an attack on a Chicago children’s hospital, deviating from its previous policy of not targeting nonprofits. The criminals have set an $800,000 ransom for the hospital and are reportedly unwilling to reverse the attack. The hospital, Saint Anthony, has not confirmed whether it will pay, but with such a large sum, it’s unlikely. Patient information was compromised, but no medical or financial records were accessed. LockBit had previously shown restraint in targeting hospitals and nonprofits but seems to be loosening its restrictions. The attack appears to be a senseless money grab, as LockBit either misunderstood Saint Anthony’s nonprofit status or didn’t care. The incident reflects the evolving tactics of ransomware gangs, emphasizing the importance of robust cybersecurity measures for all organizations.
Link – https://www-theregister-com.cdn.ampproject.org/c/s/www.theregister.com/AMP/2024/02/01/lockbit_ransomware_attack_hospital/
AnyDesk, a remote access solution that allows for remote access to computers through a local network or the internet, has suffered a cyberattack that allowed hackers production system access that resulted in source code and private code signing keys being stolen. AnyDesk became aware of the incident on Friday and have assured that end-user devices were not affected by the attack, although they have reset all passwords to their web portal. As part of the attack, the software’s code signing has been stolen which may result in threat actors creating a malicious version of the application that looks legitimate utilizing the stolen signing.
Although AnyDesk is in use through many customers like 7-Eleven, Comcast, Samsung, NVIDIA, and the United Nations, it also has been used sometimes by threat actors for persistent access to breached devices and networks.
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
I found out that new TPM 2.0 flaws could let hackers steal cryptographic keys.
The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.
TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions. It can be used to store cryptographic keys, passwords, and other critical data, making any vulnerability in its implementation a cause for concern.
https://www.bleepingcomputer.com/news/security/new-tpm-20-flaws-could-let-hackers-steal-cryptographic-keys/
https://scienceexchange.caltech.edu/topics/quantum-science-explained/quantum-cryptography
Keypoints:
-Quantum cryptography is a new type of encryption that uses the principles of quantum mechanics to create unbreakable codes.
-Traditional encryption methods can be broken by powerful computers, but quantum cryptography is theoretically impossible to break.
-This is because quantum cryptography uses qubits, which can be both a 0 and a 1 at the same time. This makes it impossible for eavesdroppers to copy or intercept the encrypted message without being detected.
-However, quantum cryptography is still in its early stages of development and is not yet widely used. This is because it is slow and expensive to implement.
Overall, quantum cryptography has the potential to revolutionize the way we communicate and store sensitive information. However, it will likely be some time before it becomes a mainstream technology.
Link: https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html
A hacking group in the Asia-Pacific known as ResumeLooters has been doing SQL injection attacks on employment agencies and retail companies for the majority of the last year. They’ve focused on job search platforms managing to compromise 65 websites and get over 2 million user records which includes sensitive personal data to be sold on the dark web. This is especially concerning as it feels like a good chunk of job postings globally are just people seeking to sell your information or use it against you somehow.
Article: Cybersecurity expert says the next generation of identity theft is here: ‘Identity hijacking’
This article cover the evolving forms of identity and security fraud emerging with the advent of AI> Specifically, it discusses the risks related to “identity jacking” or the use of one’s identity in a deepfake or otherwise AI related methods to utilize somebody’s identity without their permission and emulate their mannerisms etc. to authorize fraudulent activity on systems they may manage or own. This occurred recently in the case of $25 Million dollars being taken from a Hong Kong company using deepfake technology. In order to combat these human engineering attacks we will likely need to adjust how we create security training for clients and organizations as well as other possible forms of combating these evolving threats
Article Link: https://www.thestreet.com/technology/cybersecurity-expert-says-the-next-generation-of-identity-theft-is-here-identity-hijacking
“Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials”
Threat actors are using fake Facebook job ads to entice victims into downloading a new Windows-based malware called Ov3r_Stealer, which steals credentials and cryptocurrency wallets, sending the data to a monitored Telegram channel. The malware can gather a wide range of sensitive information, including IP addresses, passwords, credit card details, and more. The attack starts with a weaponized PDF file shared through fake accounts and ads, leading users to download and execute malicious files disguised as legitimate documents. Trustwave SpiderLabs suggests that Ov3r_Stealer may evolve into a loader for additional malware, potentially including ransomware. This tactic bears similarities to a recent attack using Phemedrone Stealer, indicating a possible connection between the two malware strains. These developments occur amidst a broader landscape of cyber threats, including the exploitation of cracked software and compromised credentials to facilitate data theft and malware distribution.
URL: https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html
https://siliconangle.com/2024/02/06/aws-cisco-nvidia-ibm-join-linux-foundation-post-quantum-cryptography-initiative/
AWS, Cisco, Google, Nvidia and IBM join with Linux Foundation in post-quantum cryptography initiative – SiliconANGLE
This article goes over how the Linux foundation announced the launch of Post-Quantum Cryptography Alliance, which is an open and collaborative effort that brings chipmakers, cloud providers, developers, researchers etc. to address the cryptographic security challenges posed by quantum computing. Some companies in this alliance are Cisco Systems, Google, IBM, Amazon Web services etc. It shows how quantum computing poses significant cryptographic security challenges given its potential to break the current cryptographic protocols that secure digital communication and data. This is something that kept coming to mind this week during my readings and even the case study. Is this whole industry going to change overnight due to cryptography? I feel that the efficiency of these quantum computers mixed in with AI is going to drastically change everything on earth, especially the ITACS industry. It then goes in and explains how this alliance will engage in various technical projects aimed to support and developing software for evaluating, prototyping and developing new post quantum algorithms.
What are your thoughts on the future of security and quantum computing?
Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials
https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html
According to a new report, hackers are now using fake job advertisements to trick users into installing a new Windows-based malware named Ov3r_stealer. The malware is configured to steal credentials and crypto wallets and send them to a telegram channel the attackers monitor. To avoid this attack, users are advised to be careful when clicking on links.
https://thehackernews.com/2024/02/us-imposes-visa-restrictions-on-those.html
In this article, it talks about how the U.S. State Department will be implementing a policy that imposes restrictions on visa’s for people who use or are linked to the use of illegal spyware on people. This also applies to the companies that create and sell the spyware to others. If a person were to be caught using the spyware, they would have to apply for a visa to enter the US and wouldn’t be able to waive the visa. Spyware clearly is prominent in politics these days as Joe Biden signed an executive order which banned federal government agencies with using commercial spyware if it was deemed to post national security risks. Also, As confirmed by the UK government, from April 2023, at minimum 80 countries bought commercial cyber intrusion software within the past decade.