Author: rescue@crimefire.in

Cybersecurity experts have long said that attackers need only to get lucky only once, while organizations have to be lucky every time there’s an attack.
Evidence of that maxim was demonstrated in the explanation by Reddit of its recent data breach.
On Feb. 5, an unknown attacker launched what the discussion site called a  “sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
As a result of the incident, the statement said, Reddit is working to “fortify” employees’ security skills. “As we all know, the human is often the weakest part of the security chain,” the statement added.
To this employee’s credit, however, they reported their mistake, allowing Reddit’s security team to quickly remove the infiltrator’s access.
There is no evidence the site’s primary production systems — the parts of the stack that run Reddit and store the majority of its data — were accessed, the statement said.  Reddit user passwords and accounts are safe, it added.
However, the site admitted the attacker accessed “some internal documents, code, and some internal business systems.”
Exposed data included what the statement called “limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.”
The statement also urges Reddit users to enable multifactor authentication to protect their login credentials, and to use a password manager.
Johannes Ullrich, dean of research at the SANS Technology Institute, noted in an email that there is a lot of technology to detect website impersonation. “For example, companies like Google have invested a lot of effort to clean up the TLS [transport layer security, which encrypts data] infrastructure to produce reliable certificates identifying the identity of websites a browser connects to, and to prevent machine-in-the-middle attacks,” he wrote. “But at the same time, little progress has been made to find better ways to communicate to users which organization they interact with.
“Instead of relying on users to decide if a website is legit or not, we need to leverage phishing-resistant authentication schemes like FIDO2. These systems leverage existing technology like TLS to prevent the use of authentication secrets across different sites.”
Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.
©
IT World Canada. All Rights Reserved.

source

Get the best experience and stay connected to your community with our Spectrum News app. Learn More
Continue in Browser
Get hyperlocal forecasts, radar and weather alerts.
Please enter a valid zipcode.
Save
SAN ANTONIO — Isaiah Flores is finding his way through school as a first generation college student.
 “I was going to be an electrician, but then my dad was like, ‘Go to college, invest in yourself.’ So I took it to heart, and I did,” Flores said.
He’s a freshman at St. Phillips College majoring in cyber security, a fast-growing industry.
“Anywhere I go, I’ll have a job,” Flores said. “I won’t have to worry. Everybody needs a cyber-security worker. Ever since COVID, they really, really need us.”
Sophomore Kenneth Grissett loves computers, but says he didn’t realize there were so many career paths in the technology field.
“To fix issues that businesses have or even governments,” Grissett said. “You can go into different fields: medical, chemistry, network security.”
Caroline Mora spent years in the cyber workforce before becoming a professor.
“To educate students and let them know that there’s a pathway that’s not well sought out,” Mora said.
St. Phillips is a historically Black college and a Hispanic Serving Institution. They’ve partnered with the national cyber alliance to give minority students the skills they need to fill the gaps in the cyber workforce.
“Because there’s a big need to have students, especially from our population, who can make a difference,” Mora said. “Being an ethnicity myself, it’s very hard for students from different cultures to get into their field.”
Statistics show there isn’t much diversity in cyber security. Only 25% of cyber professionals are women, 9% are Black and just 4% are Hispanic.
“The field is taking off,” Grissett said. “They have so many job opportunities in it. Seats that need to be filled.”
There’s about 715,000 cyber security job openings nationwide. Although Isaiah is just getting started, he expects to secure one of those high-paying jobs after graduation.
“Even my dad is like, ‘Shoot for the stars,’” Flores said. “Why can’t I have that job or make that type of money? Or live that type of life that these people are living.”

source

Topics
Cybercrime | SIM cards on fake IDs | Haryana
BS Web Team  |  New Delhi 
Last Updated at February 20, 2023 12:47 IST
https://mybs.in/2cCQHri

Haryana Police's Cyber Crime Cell has blocked over 5 lakh Sim cards since January 2022, that were being used in the Mewat region to commit cyber fraud, a report by The Indian Express (IE) said. The police have also identified 402 criminals allegedly involved in cyber fraud. Mewat is located in the Nuh district of Haryana.
In 2022, the police has acted upon 66,784 complaints amounting to total frauds worth Rs 301.48 crore. A total of 2,165 cases have been registered so far and 1,065 people have been arrested. Moreover, transactions worth Rs 46.91 crore have been put on hold or the money has been recovered in such transactions.
"We used cell tower dump analysis in Mewat to identify 496,562 mobile numbers issued from other states but used exclusively in this region. We have identified 15,672 more numbers and blocked 1,959. Eleven suo moto cases have been registered. Suspicious links with other states were found in six of these cases. The details have been shared with the states concerned," an official told IE.
The report added that fraudulent calls and Sim cards have been identified using Artificial Intelligence and Facial Recognition Powered Solution for Telecom Sim Subscriber Verification (ASTR), a tool developed by the Department of Telecommunications (DoT).
The fraudsters were making a call using a Sim card, then switching off the phone, removing the Sim and putting a new Sim in the same phone to place the next call. The authorities added that six Sim cards can be issued on a single identity proof but here even a dozen were issued.
"One person arranges for SIM cards using fake documents, the second gets bank accounts and payment applications linked to these SIM cards, the third one uses another SIM card to call and dupe potential targets, while the fourth withdraws the money. The offenders mostly target people living far away to evade arrest," another official told IE.
The report added that the Ministry of Home Affairs (MHA) has also raised concerns over cybercrimes in Mewat.
Exclusive Stories, Curated Newsletters, 26 years of Archives, E-paper, and more!
Insightful news, sharp views, newsletters, e-paper, and more! Unlock incisive commentary only on Business Standard.
Download the Business Standard App for latest Business News and Market News .
First Published: Mon, February 20 2023. 12:47 IST

source

Welcome to Cyber Security Today. This is the Week in Review podcast for the week ending Friday, March 3rd, 2023. From Toronto, I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

In a few minutes University of Calgary professor Tom Keenan will be here to discuss the security implications of artificial intelligence and ChatGPT. But first a look at some of the headlines from the past seven days:
The White House issued a new National Cybersecurity Strategy that calls on IT companies and providers to take more responsibility for poorly-written applications and poorly secured services. If Congress agrees some critical infrastructure providers will face mandatory minimum cybersecurity obligations.
Password management provider LastPass has admitted that part of last August’s breach of security controls included hackers compromising the home computer of one of the company’s developers, leading to a second data theft.
Canada’s Indigo Books isn’t the only book retailer that’s been hit recently with a cyber attack. In a brief statement filed with the London Stock Exchange, Britain’s WH Smith said it suffered a cybersecurity incident that resulted in access to current and former employee data. Indigo was hit by ransomware, with employee data being stolen by the LockBit gang.
Police in Holland have now acknowledged arresting three men in January on allegations of computer theft, extortion and money laundering. Police believe thousands of companies in several countries were victims of the gang. It is alleged they stole a huge amount of personal information including dates of birth, citizen service numbers, passport numbers and bank account numbers. One of the alleged attackers worked at the Dutch Institute for Vulnerability Disclosure.
GitHub’s secrets scanning service can now be formally used by developers to screen many public code repositories. Until now it’s been a beta service. The secrets it searches for are things like account passwords and authentication tokens that developers add to their code repositories and forget to delete. GitHub secrets scanning works with more than 100 service providers in the GitHub partner program.
Poorly-protected deployments of Redis servers are being hit with a new cryptojacking campaign. Researchers at Cado Security say Redis can be forced to save a database file that is used for executing commands. One is to download a crypto miner. Make sure your Redis servers are locked down.
And the websites of nine hospitals in Denmark went offline last weekend following distributed denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan. According to the cybersecurity news site The Record, Anonymous Sudan claimed on the Telegram messaging service the attacks were “due to Quran burnings,” a reference to an incident in Stockholm in which the holy book was set alight in front of the Turkish embassy by a man. Hospital operations weren’t affected.
(The following transcript has been edited for clarity and length. To hear the full conversation play the podcast)
Howard: Tom taught what is believed to have been the first university course in computer security in 1974. That’s when only governments, banks, insurance companies and airlines had computers. He’s the author of a book on privacy and capitalism called Technocreep. An adjunct professor in computer science at the University Of Calgary he’s also affiliated with the university’s school of architecture where he keeps an eye on technology and smart communities and Professor Keenan is also a fellow of the Canadian Global Affairs Institute l
Last month he testified before the House of Commons defense committee looking into cyber security and cyber warfare where he spoke on artificial intelligence and ChatGPT, and that’s why he’s my guest here this week.
You worry about the dark side of artificial intelligence. Why?
Tom Keenan: I always worry when everybody loves something, and since last November everybody’s been into ChatGPT … That’s the problem: We haven’t really been very critical about it. Many years ago I was teaching high school students to write neural networks, and I gave them a project: Come up with something good. Of course, being teenagers they wanted to get hands-on with each other so they decided to measure each other’s bodies. They found out that the hip-to-waist ratio is a good predictor of whether you’re male or female. At the end of the program they had kind of a science fair and they showed this program off, measuring members of the public. This rather portly gentleman who was from one of the sponsoring companies came by and said, ‘What am I.” And they said, ‘Sir with 84 per cent certainty you’re female.’ I love that because that shows what AI is: Ai is a game of guessing and probability. I go to ChatGPT and it tells me things like it’s a fact.
I’m working with a lawyer as an expert witness. I told ChatGPT to give me a legal precedent.
And it gave me a Supreme Court of Canada judgment that doesn’t exist. It made it up to cover its tracks. We have a piece of technology that can lie that can be fed bad information and they can’t explain it and that pretends it’s right all the time. That’s a recipe for disaster.
Howard: You told parliamentarians there are three things about AI that bother you.
Tom: One of them is this illusion of certainty. They’ll fall in love with it, they’ll start using it for all kinds of things and not think about the consequences. ChatGPT. Is trained on a wide variety of sources. But the version that’s available to the public now only knows about things through to 2021 … Also, the training data can be biased, as we found with facial recognition. It can favour certain groups. And AI could even be actively poisoned. Somebody who wanted to mislead AI could feed it a lot of bad information and it would spit back bad results.
The second thing is the lack of ethics. Six years ago Microsoft infamously created a bot called Tay that conversed with the public. After a while it was spouting Nazi ideas, foul language. It referred to feminism as a cult. Microsoft lifted the cover to see how this all happened and realized it was just learning from the people who interacted with it. The people who had time to sit around talking to Tay had these kinds of ideas and it just picked up on them. So there’s no ethical oversight for AI.
And the third thing would be the whole idea of consciously doing malicious things to the AI. There’s a woman for years has been trying to rewrite the Wikipedia entry on the Nazis to paint them in a more favorable light. And you may remember in 2003 a whole bunch of Democratic supporters [went online and] linked the phrase ‘miserable failure’ to the [online] Presidential biography of George W Bush, so when you Googled ‘miserable failure’ his picture came up. Twenty years later who knows what they could do to mislead AI?
Howard: You think intelligence agencies right now are busy trying to poison the wells of open-source data.
Tom: Absolutely. First of all most of the really interesting stuff in [government] intelligence is not open source. So if you train the thing on stuff that’s in the New York Times, that you can get from Google, that’s on people’s web pages, you’re only seeing a little fraction of it. The really good stuff is within the [government] secret or a top-secret area. So the first thing that the national defense people would have to do [to protect government AI systems] is creating a kind of private version, almost like an intranet, that didn’t rely on the public data. And then of course agencies are trying to do disinformation regardless of AI, they’re always [publicly] putting out falsehoods. There’s no way to stop it. The [public] database [of all the information on the internet] is going to be poisoned by disinformation. So we better not rely on it.
Howard: ChatGPT differs from other browser search engines in that rather than returning a list of links to information and websites it can create a conversation. It can create a readable document. You’ve said that your big objection to ChatGPT is that it makes answers look very authoritative when it’s really making things up out of nowhere.
Tom: I’ll give you an example and I read it to the Standing Committee on National Defence. I asked ChatGPT to write me a poem about the committee …. ‘The standing committee on national defense/ within the House of Commons its power immense/ so they were all smiling. A place where decisions are made with care/ for the safety and security of all to share/ with members from every party they convene/ to review and assess and to make things clean.’ What does that even mean ‘to make things clean?’ I don’t know. ChatGPT is not going to tell us. Here we have something that’s patently nonsense coming out of ChatGPT.
Howard: What could threat actors do with ChatGPT? Or, what are they doing right now?
Tom: If we have an emergency of some sort that might be the first place people [threat actors] go. The power failed in my house. The bad guys might [send a message] like ‘Send one ten-thousandth of a bitcoin to this address and your power will come back on.’ It’s not that farfetched. I learned at the Defcon hacker conference how to hack the Nest thermostat a few years ago. You had to have hands-on access to update its firmware, but there are stories of people actually holding people’s houses for ransom by taking over their thermostats. So one of the big things to worry about is the internet-of-things. All these connected devices. Something might go horribly wrong and we might be relying on AI to fix it, when the AI is actually being led down the dark path to break it or make it even worse or to break all the safeguards.
Howard: What could a military do with ChatchGPT?
Tom: The military could certainly find out things that are public through open source information. I am able to track Vladimir Putin’s aircraft. It turns out he has quite a number of them. He’s a bit of an aircraft collector. He also has yachts. Because they have transponders I have been able to go on tracking sites. In fact, there’s a fellow who has a bot up on Twitter to track Putin’s movements and his oligarchs … And we have so much data. AI could be used to filter it [the public internet] to show the things that are really important [to them].
Howard: ChatGPT is new. I imagine that in the early years of computer spelling and grammar checkers and they made a lot of mistakes.
Tom: Definitely, and as the database gets better it will get better …
Howard: But I don’t think you’re arguing that we should make artificial intelligence applications unlawful.
Tom: No. But Ronald Reagan once said, ‘Trust but verify.’ So my slogan now is ‘Consult but verify.’ When my students write a long paper I say, ‘You want to use ChatGPT or Wikipedia or anything, that’s fine. What you’re not allowed to do is quote from it. First of all because Wikipedia can be misled. People can edit the entry. After a bit of time it gets corrected. But you might just be the one who picked it up while it was wrong. And with ChatGPT you don’t know where it’s getting its data from. At least Wikipedia gives you usually references that you can go check. So what I tell my students is you can use it and consult it, but don’t trust it. Don’t absolutely use it as your [only] source.
Howard: As part of new Canadian privacy legislation now before the House of Commons the government has proposed legislation to oversee the use of artificial intelligence applications that could cause harm or result in bias. It’s formally called the Artificial Intelligence and Data Act, or AIDA. Businesses that deploy what the law says are high-impact AI technologies would have to use them responsibly. There’d be clear criminal prohibitions and penalties regarding the use of data obtained unlawfully for AI development or where the reckless deployment of AI poses serious harm. What do you think about this legislation?
Tom: It’s terrible. They have my sympathy. I was involved in 1984 in writing Canada’s first computer crime law and we discussed things that were quite interesting, like what if somebody steals my data? Well, look up in the criminal code. What is ‘to steal?’ Well, it’s to deprive someone of their valuable property. If I take your data you may not even know I’ve got it. But you haven’t lost use of it. So we had to do some pretty fancy footwork [in drafting the law]. And that was 1984, to write something as simple as crimes like unauthorized use of computer, misuse of computer and so on. Now it’s so much more complicated.
I looked at C-27, and for starters, it talks about anonymized data. It makes a big thing about how you have to anonymize data if it’s in a high-impact system and say how you did it. But there are plenty of researchers who have shown it’s pretty easy to de-anonymize data if you have three, four, or five data points on somebody. You can go back to figure out who it is. Likewise, they talk about the person responsible. I make my students do an exercise where they do facial analysis. Most of the software programs that they use come from Moldova and places like that. I don’t want them to send their own photograph to be facially analyzed. So I let them send my face — and it comes back with interesting comments me.
The point is that this [proposed] law will only really help in Canada, but so much of the action is international it’s really going to be a drop in the bucket. It might keep you Tellus or Shaw or some company like that from doing something untoward. But it’s really going to be touching just the tip of the iceberg and maybe give us a false sense of security.
Howard: What should information security leaders be telling their CEOs about artificial intelligence and ChatGPT?
Tom: It’s going to be a great thing. It’s probably not going to take your job. It is true that ChatGPT can write code. I’ve experimented with it and you know it writes pretty decent code if you give it good enough specifications. If you’re a low-level coder it might take your job. But if you’re somebody who understands the business and the higher-level goals you’ll probably still have a job. So once we’ve reassured people that they’re not going to be replaced by a robot tomorrow then the question is can they use it? I have a friend who is the chief medical officer of a health clinic and I asked if radiologists be replaced by artificial intelligence. He said, no but radiologists who don’t use AiI will be replaced because it’s going to be a vital tool. There are tumors that are too small for the human eye to see. That’s something AI can pick up on. The future is actually rosey in terms of being able to use AI well. The problem is, like everything, there are going to be people who want to exploit it for bad purposes. We are already seeing malware being written phishing attacks, in romance scams trying to get money out of people. It’s going to do a lot of good. It’s going to do a lot of bad. It’s going to be our job to figure out which is which.
©
IT World Canada. All Rights Reserved.

source

Malware is a fast-growing, ever-evolving threat to cyber security. In the first six months of 2022, over 2.8 billion malware attacks were reported worldwide. Beyond risks to their network, malware like ransomware can have real, monetary costs for businesses. In 2021, damages of ransomware alone cost US$20bn. This was a 6054 percent increase on the global cost of ransomware in 2015, which was $325mn. This is only predicted to increase, with the damages of ransomware forecasted to reach US$250bn by 2031.
The term ‘malware’ is an abbreviation of ‘malicious software’ and, according to the UK National Cyber Security Center (NCSC), “includes viruses, trojans, worms or any code or content that can damage computer systems, networks or devices”.
As the definition of malware is very broad, this article dives into the various different types of malware exploring what these types of malware do, the effect they can have on a network and how they can be mitigated or prevented. 
Named for the mythical ‘trojan horse’ the Greeks used to enter the city of Troy, trojan malware is malware that masquerades as a safe or innocuous file. Once the file is downloaded, it will then start to execute malicious actions on the endpoint it is downloaded onto.
Trojan malware is used by hackers to steal victim’s bank information and eventually their money. This disruptive threat vector is on the rise, with Kapersky Software reporting that it blocked the launch of at least one type of banking malware on the devices of almost 100,000 (99,989) unique users. 
Banking trojans can be spread a number of ways, including via phishing links, posing as useful programs (e.g. a multi-use bank management app) or even as apps for the bank themselves.
Once these programs are downloaded by the victim, the hackers are able to run malicious programs on the victim’s device. In some cases, this will allow them to harvest the login information used for their bank account, giving them access to it. In others, it will allow them to steal bank card information via false data collection tables, asking the user to add their card details to a Google Pay account, for example. In more extreme cases, the malware penetrates the device’s network and turns on administrative access, giving hackers complete control over the device.
If hackers gain control of a device, they can read, reroute and delete text messages or calls, meaning that even if the victim has multi-factor authentication (MFA) set up, the hackers can access the one-time passcodes (OTPs) needed to bypass this security strategy. Hackers can then steal data and money from their victims without them being alerted until it is too late. 
As the actions performed by the hackers come from the victim’s device and will pass all security measure, they will seem legitimate. This means that banks may not flag some or all of the transactions made by the malicious actors as suspicious behavior. Even if the bank notices the unusual activity and attempts to alert the victim, the malware allows the malicious actor to reroute any calls or texts from the bank, and the victim will remain unaware until they next check their bank balance.
Emotet is a trojan banking malware so prevalent and dangerous that the US Cyber Security and Infrastructure Security Agency (CISA), the US Department of Homeland Security (DHS) National Cybersecurity and the US National Communications Integration Center (NCCIC) released a group technical alert regarding it on July 20, 2018.  
The alert warns that Emotet is one of the “most costly and destructive malware affecting [state, local, tribal, and territorial] SLTT governments” due to its ability to rapidly spread throughout networks. Emotet is launched “when a user opens or clicks the malicious download link, PDF or macro-enabled Microsoft Word document” and once in a network, it will download and spread multiple banking trojans. The alert notes that Emotet infections have cost SLTT governments up to US$1mn per infection to mitigate.
Cyber security expert and Cyber Security Hub contributor Alex Vakulov notes that the nature of trojan malware makes it difficult to remove once a device has been infected. In some cases, the only way to prevent it is to return a device to factory settings. For trojan malware, prevention is key.
“The proliferation of mobile devices has spawned a thriving underground industry for creating banking Trojans,” Vakulov explains. “This has led to a sharp increase in the number of banking Trojans and the likelihood of infection.”
Vakulov says that it is not uncommon for users to download malware from official sources such as Google Play, due to the app-checking technology not being completely foolproof. 
“While mobile security solutions can detect unauthorized app activity, it is the personal decision of each user to install a particular software on their phone,” he adds. 
To prevent trojan malware infections, users should remain vigilant by checking the validity of communications and their senders before clicking any links or downloading any attachments. The use of secure file transfer solutions can act as a preventive measure by ensuring that only files sent using trusted software are opened.
Worm malware is a type of malicious program that can self-replicate with the aim of spreading to more devices. Unlike other forms of malware, worms do not need any human or host program to run, meaning it can execute its programming itself once downloaded onto a device.
Worm malware, like many software-based threat vectors, primarily infects devices via the use of infected links and files. Social engineering is often employed to entice victims into clicking links or downloading files. This means the links may be hosted on malicious websites posing as legitimate ones, or may be sent as part of a phishing campaign, where the worm is disguised as a legitimate file type.
By itself, a worm can impact devices in a number of ways, including taking up disk space and even deleting files in order to make more copies of itself. If the worm is equipped with a payload, this can allow the malicious actors to inflict even more damage. 
Cyber security and technology journalist Dave Johnson explained to Business Insider that payloads can allow hackers to “open a backdoor to the PC for hackers or to implant additional malware to steal sensitive information like usernames and passwords, or to use the computer as part of a distributed denial-of-service (DDoS) attack”.
Ransomware worms combine the self-replicating nature of worms with the destructive potential of ransomware.
WannaCry was a worm-based ransomware attack that took place in May 2017. It specifically targeted computers with a Microsoft Windows operating system by utilizing a flaw that meant the system could be tricked into executing code. While a patch for this flaw was developed, many of the victims of the attack did not update their devices’ software as they were unaware of its importance, meaning they were still vulnerable to the attack.
Once on a device, WannaCry encrypted the device’s data and demanded a Bitcoin payment be made to unencrypt its data. It also attempted to spread both laterally across the device’s network and to random devices via the internet. 

 
An example of the ransom note left by WannaCry. Source: Wikimedia Commons
The European Union Agency for Law Enforcement Cooperation (Europol) estimated that the attack spread across 150 countries and affected more than 300,000 computers. Among those affected by the attack were National Health Service hospitals in England and Scotland, where WannaCry affected up 70,000 devices including computers, theatre equipment, MRI scanners and blood-storage refrigerators. Other victims included government agencies, police departments, medical facilities, telecommunications companies and universities across the world.
Multiple cyber security researchers and organizations launched investigations into WannaCry in an attempt to stop the attack and prevent any further harm. This led to the discovery of a kill switch within its code by British researcher Marcus Hutchins. By registering a web domain for a DNS sinkhole he found in its code, Hutchins was able to stop the attack’s spread. This was because the ransomware was only able to encrypt a device’s files if it could not connect to that domain.
Other solutions were also discovered, including researchers from Boston University and University College London who found that the ransomware could be stopped by recovering the keys used to encrypt the data by using a software system called PayBreak. 
The potential losses from the attack were estimated to reach up to $4bn by cyber risk modelling firm Cyence.
Raspberry Robin was originally discovered by cyber security company Red Canary in September 2021 after noticing and tracking a cluster of activity caused by the worm.
Raspberry Robin is installed on computers via a compromised USB, which then introduces the worm to the computer’s system. The worm then goes on to read and execute a malicious file stored on a USB drive, which, if successful, downloads, installs and executes a malicious dynamic-link library file (.dll). Finally, the worm repeatedly attempts to execute outbound connections, typically to The Onion Routing (TOR) nodes. TOR nodes can conceal a user’s location from the connection destination.
Red Canary reported that it had seen Raspberry Robin activity in organizations linked to the manufacturing and technology sectors, although the company noted that it was unclear as to whether there was any connection between the companies affected by the malware. 
Discussing the purpose of the Raspberry Robin worm when it was first discovered, Red Canary admitted that it was unsure “how or where Raspberry Robin infects external drives to perpetuate its activity”, although the company suggested that this “occurs offline or otherwise outside of our visibility”.
The organization also said that its “biggest question concerns the operators’ objectives”. This uncertainty is due to a lack of information on later-stage activity, meaning Red Canary are unable to “make inferences on the goal or goals of these campaigns”. The company did say, however, that it hoped the information uncovered on Raspberry Robin will help in wider efforts when detecting and tracking Raspberry Robin activity.
In August 2022, the Raspberry Robin worm was linked by Microsoft to attacks executed by Russian-based hacking group EvilCorp. Researchers tracking activity by EvilCorp discovered that “FakeUpdates malware [was] being delivered via existing Raspberry Robin infections”. 
FakeUpdates malware is a malvertising access broker, a social engineering-based threat vector that poses as a safe link that tricks victims into clicking on it. In the case of FakeUpdates, it poses as a software or browser update. When clicked on, a JavaScript file stored inside a Zip file is downloaded, executed and run on the victim’s computer. This allows bad actors to gain access to a victim’s profile networks.
As worm malware relies on spreading to devices across a network, if a worm is discovered, the infected device should be taken off the network.
As seen in the WannaCry attack, it is important to update your device’s software regularly to make sure it is patched against any vulnerabilities.  
Other general anti-malware security strategies should also be employed, including having antivirus and antimalware software downloaded. Likewise, any links or files received via email should be carefully considered before opening to avoid worm malware getting onto the device in the first place.
Research by threat intelligence company Check Point Research has found malicious actors are using OpenAI’s ChatGPT to build malware, dark web sites and other tools to enact cyber attacks. 
While the artificial intelligence (AI)-powered chatbot has put restrictions on its use, including using it to create malware, posts on a dark web hacking forum have revealed that it can still be used to do so. One user alludes to this by saying that “there’s still work around”, while another said “the key to getting it to create what you want is by specifying what the program should do and what steps should be taken, consider it like writing pseudo-code for your comp[uter] sci[ence] class”.  

Screenshot provided by Check Point Research
Using this method, the user said they had been able to create a “python file stealer that searches for common file types” that can self-delete after the files are uploaded or if any errors occur while the program is running, “therefore removing any evidence”.
While new technology can be used to develop more sophisticated threats, it can also be used in defense against them. Johnathan Jackson, director of sales engineering APJ at BlackBerry Cybersecurity, notes AI has the potential to be both a boon and a curse when it comes to malware. 
 
“One of the key advantages of using AI in cyber security is its ability to analyze vast amounts of data in real time,” Jackson remarks. “As cyber attacks become more severe and sophisticated, and threat actors evolve their tactics, techniques, and procedures (TTP), traditional security measures become obsolete. AI can learn from previous attacks and adapt its defenses, making it more resilient against future threats.”
Jackson notes that AI can also be used to mitigate advanced persistent threats (APTs), which can be highly targeted and often difficult to detect. This allows organizations to identify threats before they cause significant damage. 
Another benefit of AI in cyber security recognized by Jackson is its use to automate repetitive tasks like those in security management. This frees up cyber security professionals to focus more on strategic tasks such as threat hunting and incident response. 

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
22 March, 2023

05 April, 2023
Online
12 April, 2023
Online
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-20
10:00 AM – 11:00 AM EST
2023-04-12
10:00 AM – 11:00 AM EST
2023-04-05
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

Bootkit can compromise Windows 11, a hacked container found and more.
Welcome to Cyber Security Today. It’s Friday, March 3rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

A bootkit being sold to crooks can bypass and corrupt a fully-patched Windows 11 system, say researchers at ESET. Called BlackLotus, it can get around the firmware-based Secure Boot operating system security protection. It exploits a year-old vulnerability that was fixed by Microsoft in its January 2022 Windows update. The problem is exploitation is still possible because the validly signed binaries in the bootkit haven’t been added to what’s called the UEFI revocation list. Once launched this bootkit will disable Windows’ security mechanisms such as Defender and BitLocker. While this bootkit has been sold on underground forums for at least the last four months it seems few threat actors have started using it — so far. ESET urges the UEFI Forum to update its revocation list.
Separately ESET warned that a new custom backdoor is being deployed by what is believed to be a China-aligned group it calls Mustang Panda. It’s a bare-bones backdoor that allows the attacker to execute commands. It uses the MQTT protocol for communications.
Containerized virtual environments with everything an application needs to run are efficient. But they are still vulnerable to cyber-attacks. The latest example was discovered by researchers at Sysdig. They found a containerized workload that was hacked, then leveraged to perform a privilege escalation into an AWS account to steal the victim company’s proprietary software and credentials. It started with the attacker exploiting an internet-facing service in a self-managed Kubernetes cluster hosted inside an AWS cloud account. They got an employee’s temporary username and password through instance metadata. Then because that user had excessive access permissions the attacker could get the credentials of others and move on. One lesson: Give an employee more access than they need to resources and a successful attacker will take advantage. A second lesson: Strong detections and alerts are needed in containerized environments.
Attention Linux administrators: The SysUpdate malware that until now has only run on Windows machines can now run on Linux boxes, according to Trend Micro. It is believed to have been created by a threat actor researchers call Lucky Mouse or Iron Tiger. This malware can take screenshots, find, delete and rename files, upload and download files among other things. The new version also can communicate through DNS text requests.
Fast-food chain Chick-fil-A has begun notifying customers their personal data was exposed between December 18th and February 12th. The attacker used login credentials stolen from an unnamed third party. The stolen information may have included names, email addresses, the last four digits of credit/debit card numbers and mobile pay numbers. If customers saved personal information to their accounts such as the month and day of their birth that would have been stolen, too.
I’ve reported before about data breaches stemming from the compromise of the GoAnywhere managed file transfer service. Hatch Bank in the U.S. is now notifying almost 140,000 customers who borrowed or applied to borrow money that some of their data was accessed at the end of January. The Bleeping Computer news site says the Clop ransomware gang claims responsibility for compromising the file transfer service. That claim hasn’t been verified.
Most listeners know — I hope — to hover over links they get in emails and text messages as one way to confirm they go to a legitimate website. This is especially important if the link is shortened. However, hovering is not foolproof. Scammers have ways to disguise a fake full link. The most recent way is by making the full URL look like it goes to or involves LinkedIn. LinkedIn, of course, is a trusted brand. According to researchers at Malwarebytes, people are getting email messages that look like they came from Amazon about renewing their Prime service. But the goal is to steal Gmail, Microsoft and other passwords. The scam works like this: In the email messages there’s an Update Now button to update your supposed Prime account. Hovering over the button shows a shortened link that includes the word LinkedIn. Click on it and you get redirected to a website that looks like an Amazon login page. Victims who enter their email address and password as requested get sent to a so-called Security Checkup page where they are asked to fill in personal information — which goes to the crooks. This works because of a website redirect service that LinkedIn offers. Don’t be fooled by this scam.
That’s it for now. But later today the Week in Review podcast will be available. My guest will be University of Calgary cybersecurity professor Tom Keenan. He’ll talk about artificial intelligence and ChatGPT. That show will be available after 3 pm. Eastern time
Links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
©
IT World Canada. All Rights Reserved.

source

SPOTLIGHT –
Technology and training are keys to thwarting cyber attacks
In 2022, 25% of all ransomware attacks were aimed at the health care sector, and nearly 80% of health care breaches were attributed to hacking and IT incidents. Even worse, the health care industry has held the title for the costliest breach for 12 years in a row.
With larger health systems better equipped with more resources to help combat attacks, smaller outpatient facilities have a target on their back as an easier avenue for cyber criminals to access valuable patient data such as bank account and Social Security numbers, as well as intellectual property around medical research.
These often underfunded and understaffed facilities need to prioritize their cyber health now more than ever.
Leveraging technology to keep outpatient centers data secure
Artificial intelligence (AI) and Machine Learning (ML) are beneficial for improving health outcomes and processes—from drug discovery to analyzing patient data, they’re transforming the way that health care organizations operate.However, while AI can be a crucial component in protecting your organization, if not implemented properly, it could also be a hacker’s way into exploiting your system. Cybercriminals are no strangers to AI and how it is used in defenses for cybersecurity.
However, by combining ML and AI tools in the cloud, outpatient facilities can remove the “noise” from cyber attacks. These tools can also help with compliance by using vendor-centric ML/AI tools or building ML models to intelligently capture compliance issues.
Consider proactive technology defenses to work alongside ML/AI, such as MDR (managed detection and response). This technology can aid in quickly identifying threats, helping organizations respond without delay and thwarting major issues.
Increased training can bolster resilience to cyber attacks
While investments in technology play a large role in identifying attacks and helping protect against them, it is equally critical to invest in your teams by equipping them with the knowledge necessary to identify and prepare for attacks. A simple phishing email could be an entry for cyber criminals to gain access to the organization, and if employees do not know how to identify these subtle attacks, they could be putting the entire outpatient center and even a larger affiliated health care system at risk.
Additionally, connected health care has become so prevalent and electronic health records so widely used that if not managed properly, they can become easy targets for cyber criminals. In 2022 alone, health care organizations averaged nearly two breaches and over 500 patient records exposed each day. Educating workers on the proper ways to manage patient data through all technologies used helps to keep that data safe and secure.
While cybersecurity training is required for HIPAA compliance, this training typically takes place only with new hires. A one-time training session isn’t enough. The cybersecurity landscape is always changing, especially with the evolving regulatory compliance environment, so there need to be processes in place to continually update and educate employees to ensure they understand the employer’s cybersecurity policies.
Prioritize a cyber recovery plan
The most common consequence of cyberattacks in the health care industry is a delay in procedures and necessary patient tests. In a 2022 study, 57% of providers reported that cyberattacks had caused negative patient outcomes, and 50% noted increased complications to medical procedures.
Hackers are smart, and unfortunately, even with all the right precautions, remaining vigilant and prepared is a must.This unpredictability means cyber recovery planning must be a key part of your outpatient center’s incident response to minimize any impact on patients, procedures, or the organization’s ability to function.
While identification of a breach needs to occur quickly, recovery needs to be even faster. Ongoing testing of incident response plans is for preparedness, as finding those holes in your cyber defenses will prove its worth down the line.Having the demonstrated ability to quickly recover from a breach can also improve cyber insurance coverage and save money.
With multiple cyberattacks occurring daily in health care, outpatient centers need to have plans in place to make cybersecurity a top priority. The ability to better identify and respond to any form of security issue not only will help your staff feel more secure, but it will allow patients to feel that their data is safe.
Sanjeev Pant is field CTO of Presidio
Five tips for maximizing data security and ensuring HIPAA compliance
Feds warn about Russia-linked hacking group attacking health care
Number of data breaches continues to rise
Threat of denial-of-service cyberattacks growing in health care
Data breaches continue to plague health care industry
3 strategies to protect your practice from cyberattacks
2 Clarke Drive
Cranbury, NJ 08512
609-716-7777

source

How cybersecurity executives make the case for continued tech investments in a tough economy  CNBC
source

DATA breaches emanating from cyber attacks are costing companies more and their customers are being saddled with that cost in the form of higher prices for services, according to a report put out by Schneider Electrics, a Europe-based digital automation and energy management company which also has an arm in Jamaica.
Schneider Electrics, which presented the information as part of its sales pitch for its EcoStruxure system to be seen as the entity to help overcome the problem, said companies are becoming more and more vulnerable, especially as digitisation — including cloud storage of data — is accelerated by the COVID-19 pandemic. Alerts for data breaches, it pointed out, increased 600 per cent during the pandemic.
Quoting figures presented recently by technology company IBM, Schneider Electrics pointed out that data breaches in 2022 cost companies across the world an average of US$2.09 million, up 15 per cent from 2021. Companies operating in the finance and health sectors were cited as being among the most vulnerable to cyber attacks.
In Jamaica alone, the estimated losses due to cybercrime exceed $12 million annually, according to figures from The Major Organised Crime and Anti-Corruption Agency (MOCA).
“These cyber attackers take advantage of system vulnerabilities and, in many cases, not only affect data centres or databases but also any system or equipment connected to an Internet connection network or cloud,” said Miguel Duluc, central English Caribbean territory manager at Schneider Electric.
Duluc pointed out that cybercrime is constantly evolving and that attackers are attentive to the latest trends and technologies to hook the largest number of victims with attacks that often involve various actions, as they seek to make at least one of these actions successful. He added that perpetrators have gone from being basic and massive to more complex and selective, showing that cybercriminals are fine-tuning their tactics and procedures to be more efficient in achieving their goal.
“In the last two years companies across all industries have migrated a lot of their processes, equipment, machinery and maintenance controls to intelligent systems connected to the Internet of Things, to cloud networks, interconnecting and digitising. However, when making this migration, parameters and security systems must be taken into account to prevent an attacker from taking advantage of these multichannel platforms,” Duluc continued.
His urging comes as the Latin American Outlook report showed that 60 per cent of the companies affected by data breaches and the higher cost it has placed on their operation, hiked the cost of their services to their customers to help offset the losses.
Other data reveal that the Latin American and Caribbean region suffered 137 billion attempted cyber attacks from January to June 2022, an increase compared to the same period last year. In addition to the extremely high numbers, the data reveal an increase in the use of more sophisticated and targeted strategies, such as ransomware. During the first six months of 2022 approximately 384,000 ransomware distribution attempts were detected worldwide. Of these, 52,000 were destined for Latin America.
In 2022, for the first time, a group called Conti managed to paralyse Costa Rica’s financial sector, leading that country to declare a national emergency and with the crisis costing an estimated US$38 million per day. There were similar attacks on the health systems in France and Spain.
“It is important to bear in mind that the systems of, for example, a bank are not the same as those of a hospital in which the monitoring of equipment becomes lighter and therefore [presents] an opportunity for the attacker, who will not go after the equipment but rather after the software that controls it. By having access to a shared network it can enter through that software and reach databases or sensitive information, as well as control the operation of the equipment and even interrupt its operations,” explained Duluc.
Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at
HOUSE RULES

source

No company nor individual is immune from the growing number of cyber attacks. During the third quarter, which ended September 30, just one type of cyber attack—data breaches—exposed 15 million data records, a 37% increase compared with the previous quarter, according to Statista.
The growing number of data breaches and other cyber attacks is placing mounting pressure on companies to hire more professionals to both prevent and react to these attacks. With more than 700,000 open cybersecurity jobs, even the White House is making a greater push to fill cyber positions and develop a pipeline.
“It’s confirmation that cybersecurity needs to be front-and-center if you’re a large enterprise—especially if you’re a public business where you’ve got a bigger responsibility to protect shareholders,” Jim Dolce, CEO of cybersecurity firm Lookout, told Fortune in a recent interview.  “Cybersecurity has become a focal point for every large business. It has become a board-level discussion.”
Among the fastest-growing and most in-demand jobs in the U.S. is the role of information security analyst, according to the U.S. Bureau of Labor Statistics (BLS). Between 2021 and 2031, the number of information security analysts is projected to grow 35%, making it the eighth-fastest-growing occupation in the U.S. 
While it may be a more entry-level to mid-career position in cybersecurity, these workers plan and execute security measures at an enterprise level—and get paid for the gravity of their work. The median base pay for information security analysts in 2021 was $102,600, data from the BLS shows.
Other common titles for an information security analyst include cybersecurity analyst, compliance analyst, and compliance analyst. Essentially, these workers are focused on protecting a company’s hardware, software, and data from outside attacks by cyber criminals.
Cybersecurity workers in security analyst roles typically need a bachelor’s degree in computer science, cybersecurity, or a related field to get a job, but some people enter the industry with a high school diploma and industry-relevant certifications and/or trainings, according to the BLS. 
Certifications required to become an information security analyst depend on the speciality and sector that the job is in, Casey Marks, chief qualifications officer at (ISC)², tells Fortune. The Certified Information Systems Security Professional (CISSP) is one of the most popular certifications for these workers; CyberSeek reports that it’s the top-requested certification for cybersecurity or information security analysts. (ISC)² oversees and administers cybersecurity certifications.
“Not only can certifications enable higher salaries for cybersecurity professionals, but they can also help individuals land a job in the first place,” Marks says. “Employers widely recognize certifications like CISSP as it helps validate the candidate’s skill set.”
While many information security analysts either undertake a non-degree route or study the field in undergrad, there are other opportunities to boost cybersecurity salaries. As Marks mentioned, earning a certification can be one way to increase earnings potential. 
Cybersecurity workers who have earned at least one certification can see their annual salary increase by more than $33,000, (ISC)²’s 2021 Cybersecurity Workforce Study shows. Earning a certification does require an investment of both time and money, however—and some even require work experience to pursue. 
For example, the exam registration for the CISSP certification is $749, and an online, self-paced course to prepare for the exam starts at $941, Marks says. Preparation time will vary by test taker based on their experience levels and background in cybersecurity concepts. 
“However, the CISSP certification is an exam you cannot cram for, and many schedule the exam three to eight months in advance to allow for ample prep and study time,” Marks adds. “To even pursue the CISSP certification, individuals need five years of paid work experience in two or more of the eight domains of the CISSP CBK [Common Body of Knowledge].”
Earning a master’s degree in cybersecurity can also be an effective way to increase pay packages. The University of California—Berkeley, which Fortune ranks as having the No. 1 online master’s degree program in cybersecurity, sees grads land $200,000 pay packages. Students from other top cybersecurity master’s programs make between $126,000 and $150,000.
“In terms of salary impact, a master’s degree has been proven to help the earning potential of cybersecurity professionals,” Mike Morris, Western Governors University, College of IT associate dean and director of academic programs in cybersecurity, previously told Fortune. WGU is ranked No. 3 on Fortune’s list of best online cybersecurity master’s programs. 
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.

source