Hacking, Security & Privacy - Page 38

Many cybersecurity specialists working for the NSA and GCHQ tend to get burned out, and then head to the private sector. It provides a unique opportunity to hear more about some of the efforts the US government have employed to conduct organized cyberespionage against foreign governments.

For regular Internet users, it doesn't matter whether it's the government or a foreign cybercriminal, cybersecurity must be appreciated and not overlooked. As former government programmers and security experts abandon their government jobs in favor of the private sector, companies want to rely on technology advice from intelligence officials - providing valuable insight into how governments are conducting increased surveillance.

"Whether they're cybercriminals or state sponsored actors, I think a lot of times they can get into a network using a less sophisticated approach or a variant of a known piece of malware... it's a lower risk operationally for them," said Jim Penrose, former NSA employee and part of the department's Tailored Access Operations (TAO) group. "They don't want to fire silver bullets unless it's absolutely necessary; like a zero day or something like that, or a previously unseen piece of malware. Those are really high quality and you want to save those for a time when it's absolutely critical."

The CoinValut ransomware victimizes businesses, encrypting critical work files - but there is an added twist with this particular piece of software. The criminals provide one free decrypt, providing access to a file, trying to provide additional faith in victims.

CoinVault uses 256-bit AES encryption, and the decryption keys are stored on remote servers - and Windows files cannot be recovered unless the bitcoin payment is submitted to cybercriminals. Victims are ordered to pay 0.5 bitcoins, around $200 at current market prices, with the price increasing every 24 hours.

Ransomware attacks typically rely on employees falling prey to social engineering techniques, designed to trick users into clicking suspicious links or downloading unknown files.

The future of passwords could be under pressure if Intel-owned McAfee can develop new biometric authentication technology that can be supported. The average user has around 18 passwords, so using some type of biometrics would be able to help reduce that chaos.

"Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again," said Kirk Skaugen, Intel SVP and GM of the PC Client Group.

Despite passwords being under threat to be eliminated - for several years now - it still remains the most common security procedure for email, online banking, and other user accounts. However, passwords paired with other security procedures prove to be significantly more secure, though consumers are still waiting to learn more before abandoning all of their passwords.

Sony Pictures Entertainment was forced to warn employees not to access corporate networks or check their email, because the company is under cyberattack and being blackmailed to prevent "secrets" from being released. It's unknown what information, if any, the hackers were able to steal from the Sony network.

An image that says SPE was "Hacked by #GOP" was published on the company's computers - and issued the following message: "Warning: We've already warned you, and this is just the beginning... We have obtained all your internal data including secrets and top secrets."

"Sony deserves praise for going offline while they figure out what is happening rather than allow further damage," said Hemanshu Nigam, Internet cybersecurity expert. "Hackers are always-on the hunt for holes in a network, which can happen when a system isn't updated properly or a feature change is made. It is critical for companies to conduct self-hacking exercises on a continuous basis to find and patch these vulnerabilities before the hackers find them."

The sophisticated Regin stealth malware, which has been in operation since at least 2008, was likely created by the US and UK governments to spy on other governments and businesses. Specifically, the NSA and GCHQ most likely spearheaded the project, with the malware's first target against the European Union (EU).

"Having analyzed this malware and look at the [previously published] Snowden documents," said Ronald Prins, security expert. "I'm convinced Regin is used by British and American intelligence services."

Russia was the most heavily infected nation, racking up 28 percent of Regin's wrath, while 24 percent was in Saudi Arabia, Ireland (9 percent), Belgium (5 percent), and Austria (5 percent) rounded out the list of most infected nations.

Numerous data breaches throughout 2014 forced American consumers to be more vigilant and proactive of their own personal accounts. As shoppers head online and into local stores to purchase Christmas gifts, more security experts are providing a friendly reminder to look after their own financial safety.

A recent survey found 55 percent of shoppers will head to a local store or mall to purchase items, while 36 percent will be searching for and purchasing gifts online. Specifically, 55 percent of consumers will use their credit cards, and 24 percent will use debit cards, checks, mobile payments, and other forms of payments to make purchases.

"Unfortunately, the threat of fraud is a reality, but it doesn't mean you're helpless," said Phil Hatfield, Capital One Vice President of Fraud. "Ensuring that you're monitoring your accounts and getting alerts to make you aware of unauthorized activity are simple steps and things you should do year-round and especially during the hectic holiday shopping season."

Sony doesn't believe its PlayStation Network was hacked, despite a recent report from a hacker group that they "released a log of customer logins" of usernames and passwords for PSN, Windows Live and Origin. It's possible the user logins were repurposed from previous security breaches, so it would appear gamer PSN accounts are still secure.

"We have investigated the claims that our network was breached and have found no evidence that there was any intrusion into our network," Sony said in a statement. "Unfortunately, Internet fraud including phishing and password matching are realities that consumers and online networks face on a regular basis. We take these reports very seriously and will continue to monitor our network closely."

Even though data breaches are something consumers are increasingly more aware of, there also has been an increase in the amount of fake reported attacks.

The rise in popularity of e-cigarettes in the United States and Western Europe has led to the potential of malware infection from e-cigarettes made in China, according to recent reports. Cybercriminals have become more creative in their attempts to compromise devices, and ensuring devices from Chinese production facilities are pre-loaded with malware has become increasingly popular.

"The Made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer's USP port the malware phoned home and infected the system," according to a report posted on Reddit.

Trend Micro security consultant Rik Ferguson seems to agree with the assessment: "Production line malware has been around a for a few years, infecting photo frames, MP3 players and more. For consumers it's a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat."

Companies are struggling to try to teach their employees appropriate use of work-owned PCs and laptops, as they struggle to keep their networks secure. During typical business hours, 36 percent of survey respondents say they browse social media, while 34 percent enjoy online shopping. Meanwhile, 42 percent play online games and 36 percent use their work laptops to search for a job - all while at home.

"People seem to understand that at work there's a little bit more protection," said Sergio Galindo, GFI Software general manager, while speaking to SCMagazine. "They don't do riskier stuff at the office. They're doing riskier stuff (at home) and then bring this equipment that was exposed at home back to the office."

Companies are more focused on trying to keep employees safe from social engineering-based phishing attacks, which lead systems and networks to be compromised by malware and other threats.

Amnesty International's Detekt is a free, open source tool that will help allow journalists and human rights activists if they are being targeted by surveillance spyware. This is the first time Amnesty International and several non-profit coalitions have released something publicly.

"Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists' private emails and remotely turn on their computer's camera or microphone to secretly record their activities," said Marek Marczynski, Amnesty International Head of Military, Security and Police, in a press statement. "They use the technology in a cowardly attempt to prevent abuses from being exposed."

The global market for surveillance technologies is estimated to be worth $5 billion per year, and is climbing even higher.

At least 38.6 percent of companies suffered a major IT disruption due to employees visiting non-work related websites and other questionable material on work-owned electronics, leading to malware and other IT issues, according to a survey conducted by GFI Software.

Almost half of employees, 48 percent, report using Dropbox, OneDrive, Box, or some other personal cloud-based solution to store company information - something that isn't necessarily shocking, but a concern for companies trying to keep data secure. If their employment ended, 35.8 percent admitted they would try to save company data, including customer lists and confidential data, despite knowing it is illegal to do so.

"Data protection is a big problem, and one that has been exacerbated by the casual use of cloud file sharing services that can't be centrally managed by IT," said Sergio Galindo, GFI Software general manager. "Content controls are critical in ensuring data does not leak outside the organization and doesn't expose the business to legal and regulatory compliance penalties. Furthermore, it is important that policies and training lay down clear rules on use and reinforce the ownership of data."

China is on the short list of countries that have the ability to launch a cyberattack that would be able to shut down the US power grid along with other critical infrastructure, US government officials believe. It would appear these countries already launch reconnaissance probes that have found gaping security holes they can exploit in cyber defenses.

"We see them attempting to steal information on how our systems are configured, the very schematics of most of our control systems, down to engineering level of detail so they can look at where are the vulnerabilities, how are they constructed, how could I get in and defeat them," said Admiral Michael Rogers, NSA head and US Cyber Command head. "We're seeing multiple nation-states invest in those kinds of capabilities."

Beyond China, Admiral Rogers didn't publicly disclose other nation states believed to be sponsoring cyberattacks, though Russia almost certainly is on the list.

The Interactive Advertising Bureau's Anti-Malware Working Group has teamed up with the FBI and US Department of Justice in their effort to fight malware and cybercrime. There has been an increase in organized cyberattacks targeting the IAB, and federal partnerships could help limit future widespread issues.

The FBI and other government agencies want to increase proactive behavior to clamp down on cybercrime, and this marks the first industrywide relationship they have created. The IAB Anti-Malware Group formed in September and has generated widespread interest, including from the US government, as cybercriminals make millions from compromising companies and users.

"We have become such a target of organized crime that we think this is the only way to truly be successful long-term," said Mike Zaneis, IAB executive vice president. "In the advertising space, what we're particually worried about is the type of malware that will basically make your computer a zombie, or a bot, and will begin to generate non-human traffic back to criminal websites or just selling traffic on networks or exchanges."

There were a number of major data breaches reported in 2014, but it would appear companies have higher hopes for data security in 2015, according to a study published by ThreatTrack Security. In its "2015 Predictions from the Front Lines," 81 percent of enterprise security staffers said they would be willing to "personally guarantee that their company's customer data will be safe in 2015."

Hearing that eight out of 10 security staff would be willing to guarantee customer data sounds absolutely ridiculous - but might be a necessary leap of faith to win over customers, increasingly concerned their personal information could be leaked.

Millions of US consumers faced debit and credit card fraud from the Home Depot and Target breaches alone, with a number of other companies also breached in between.

Kaspersky is imagining the future of the world, with the increase in use of technology, the increase of threats are there too. Infrastructure attacks, financial system attacks, governments being hit, and much more. The video below does an incredible job of showing us how Kaspersky view the future.

One of the scarier things Kaspersky says in its video, is "will a single click trigger a global economic crisis", but follows it by a "world where technology works for us", or "controls us". The video continues, sayign "could it be a truly connected universe, where we'll be able to express the full power and imagination. Or one where those connections make our critical infrastructure vulnerable to attack".

The ad makes you really think about the many, many possibilities we as a human race have to face - as the world is constantly changing around us. Not only are we dealing with things at a personal level, but societal level, and then infrastructure level. Are the governments of the world prepared for these attacks, or simply taking our freedoms away with far-reaching government agencies like the NSA and GCHQ spying on all citizens at once. What do you think?

The Department of Justice (DOJ) program that reportedly uses cell-tower mimicking equipment during airplane flights that allows the federal government to snoop on mobile phones has drawn an angry response from many Americans.

Senator Ed Markey (D-Mass) wants Attorney General Eric Holder to provide details about the DOJ operation, such as mission length, additional surveillance programs, and which cities were impacted.

"Americans are rightfully disturbed by just how pervasive collection of mobile phone information is, even of innocent individuals. While this data can be an important tool for law enforcement to identify and capture criminals and terrorists, we must ensure the privacy rights of Americans are protected," Sen. Markey said in a public statement. "We need to know what information is being collected, what authority is being used to collect it, and if and how this information is retained and stored."

The rise and fall of the Mt. Gox bitcoin exchange took just a few years, but left a serious black mark on the budding cryptocurrency market. More consumers and retailers are willing to experiment using bitcoins as currency and potential investments, despite continued security concerns.

The actual bitcoin protocol hasn't been breached by cybercriminals, and thieves have found ways to compromise bitcoin storage solutions, exchanges, and bitcoin owners directly. With no government regulation and very little insurance of recouping lost funds, some have shied away from jumping into the bitcoin market.

"It's important to remember that Bitcoin as a protocol and the blockchain, the record of transactions, has no known security vulnerabilities," said Trevor Murphy, Chief Technology Officer of bitcoin storage solution company BitStash. "It's impossible to counterfeit bitcoin and an impossibility with current computing power to modify a transaction that has been confirmed, say five or six times on the blockchain. This is very important. In fact, bitcoin marks the first time in human history that a currency has these attributes. People have been counterfeiting money, bouncing checks and chipping little bits off gold coins since time began."

A new advanced persistent threat (APT), known as DarkHotel, is now targeting C-level executives of major businesses. Instead of trying to compromise governments to steal state secrets, Dark Hotel is cleverly engineered to conduct corporate espionage, likely for a foreign state-sponsored group, utilizing poor wireless hotel security - a rather clever technique for when business leaders are staying in hotels.

Utilizing Flash zero-day exploits and using spear-phishing to compromise users, DarkHotel has been found to steal and re-use digital certificates that inject malicious code. The attacks have taken aim at business visitors in the United States, Japan, South Korea, India, mainland China, Russia, Germany, Hong Kong and Ireland.

"Just think about the playing field IT security professionals have to deal with, and why they need all the help they can get," said Joe Caruso, Global Digital Forensics (GDC) CEO and CTO. "There are mobile devices like smartphones and tablets being used more than ever before, all with seemingly endless choices of software and applications, and all providing a potential threat vector for cross-platform intrusions and attacks."

The recent launch of World of Warcraft: Warlords of Draenor, the fifth expansion for the popular MMORPG game series, received a large amount of attention. The game launched in Europe and the number of players trying to enter Draenor caused problems, and Blizzard added multiple entrance points to the game - and while this initially helped - North American users were met by a distributed denial of service (DDoS) attack.

"While that solution helped a ton for our North American launch, we ran into a few other issues, including a distributed denial of service attack, that resulted in increased latency," the company confirmed.

Blizzard was able to recover from the DDoS attack, which no group has claimed responsibility for, though there are still problems related to server load. The game company will continue to work on server time outs and other improvements to help ease server load - and make sure gamers are able to log in and play with minimal interruptions.

The US State Department is now the fourth US federal government agency to be attacked by organized hackers, with hackers targeting unclassified computer systems. The "activity of concern" did not impact any classified systems, and shows foreign state-sponsored cybercriminals are having success attacking the US federal government.

"This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system," according to a senior State Department official. The State Department tried to avoid saying it was compromised, and said routine "maintenance" would be carried out, but the Associated Press was able to verify it was a cyberattack.

In previous weeks, the National Weather Service, US Postal Service and White House have all been targeted - and likely originated from Russian-sponsored cyberattackers.