Threat Lab

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Mobile World Congress 2015 – The Big Launches

Mobile World Congress is the biggest tech show focusing on, wait for it, mobile technology in the world. With many of the big announcements having occurred at the beginning it’s time for us to look and see all the amazing technology that came out of vendors new and old.  While this is not the end all, be all of the highlights, and one more day left to the show, we can expect the biggest reveals have occurred.

Google Goes Mobile

It has been no secret that Google has been taking over not only what we access on the web, but how we access, and announced that they will be starting to experiment with the ‘Nexus’ of mobile providers for US cell service.  What does this mean?  Well, if we take Google Fiber as any sort of baseline in service, we will see amazing pricing and high speeds on reliable mobile networks if they decide to go full scale.  Utilizing existing infrastructure, Google is hoping to drive the wireless network towards the future with innovation and competition.  Full details have not been released, but the experiment is expected to start providing this year.

New Phones. Everywhere.

While Sony did not launch their new flagship phone, catching many by surprise, HTC, Silent Circle, and Samsung took the opportunities to announce their newest, top of the line phones.  The HTC M9 packs in more technology to their familiar M8 phone design, including a new 20MP camera and Dolby Audio surround sound.  The Blackphone 2 from Silent Circle is the newest security-focused smartphone with better speed, battery, and Enterprise level integration possible.  And then there is the Samsung Galaxy S6, which is featuring a full range of top-of-the-line technology, a sleek new metal design, but surprisingly lacking the removable battery and SD card slot that set the Galaxy line apart in the past.

Wearables Get Style

Smart watches are cool, and with the Apple Watch coming soon alongside the already available Samsung, LG, and Motorola devices, but style has not always been the selling point.  Huawei stepped up the standard though with a gorgeous smart watch, running on the Android Wear OS.  Less bulky than the Moto 360 and the Gear S, it looks like a watch for every day wear and use.  Other companies, such as LG, released their updates to the smart watches, bringing more functionality to the line and hopefully taking the usefulness to the next level.

Light As Air Tablets

While Sony did not release a new flagship phone, they did surprise everyone with the Xpreia Z4 Tablet, a slim, fast Android 5.0 powered entertainment device.  Clearly going after the iPad devices, it packs in awesome performance surrounding a waterproof device and great battery, and even includes a keyboard attachment for the business crowd.

So while the show hasn’t been security focused, with the release of the new smartphones such as the Blackphone 2, as well as other devices, we know that mobile connectivity is still growing.  And with that growth will come the unique security challenges that will keep users safe worldwide.

The Threat Landscape is Expanding. Are You Ready for it?

This blog is syndicated from the LabTech Software Blog: http://www.labtechsoftware.com/blog/antivirus-and-anti-malware-tips/

Think your clients are covered? Think again.

This year’s epic flu season isn’t relegated to humans alone. The burgeoning threat landscape is better equipped than ever before to take your clients down—or at the very least lighten their wallets.

Oftentimes, clients are satisfied to keep running on last year’s version of an antivirus solution. It saves money and is more or less the same thing, right? Wrong. The landscape is evolving, and last year’s solution won’t defend against this year’s threats.

Take phishing, for instance. It’s a lucrative activity. Millions of people collectively lose $1.5 billionper year by falling victim to phishing scams.

It’s the hope of getting a piece of that growing pie that keeps hordes of hackers working around the clock to develop the next big scam. As threats evolve, your solutions have to evolve with them.

Every antivirus solution has an expiration date. Like spoiled milk, last year’s solution isn’t going to deliver the results you’re looking for. You must routinely update and refresh your solutions if you want to keep clients safe.

Why Your Clients Are Saying ‘Yes’ To Malware

Malware is cleverly disguising itself as routine software updates, so more often than not, clients opt in to infections without even knowing it. These silent threats masquerade as Adobe Reader updates, virus scans, and seemingly harmless error messages.

As if that weren’t bad enough, these menaces are getting more complex. Advanced social engineering methods are spawning additive infection vectors. This means that multiple pieces of malware work in tandem to ensure the client’s end point is fully compromised and exploited.

What You Need to Know to Offer the Best Protection

We will walk through four of the latest and most notorious infectors used by malware authors to gain access to the endpoint. We’ll wrap up with key features of a winning antivirus/anti-malware solution so you’re prepared to defend against even the most cunning of tactics.

1) Advanced Keylogging Crushers. We’re all familiar with keyloggers. And while they might sound old school, they’re still evolving and sneaking through firewalls undetected.

  • Culprit: Zeus Malware. This keylogging troublemaker is a Trojan that runs on Microsoft operating systems. It sneaks past users in the form of a familiar Adobe Reader or Flash upgrade, and it captures everything the client types until it’s removed.
  • Must-Have: To keep keyloggers at bay, look for a dynamic antivirus/anti-malware solution that can penetrate and neutralize multi-layer attacks. Threats aren’t one-dimensional anymore, and your client’s virtual protection shouldn’t be either.

2) Rogue Anti-Malware Slayers. Also known as ‘rogues’ or ‘FakeAV,’ these threats target inexperienced users. As the names imply, these scams masquerade as antivirus solutions.

  • Culprits: Countless Fake Antivirus Popups. While the names vary, the effects are the same. These threats have evolved by developing more realistic graphical user interfaces (GUIs) and ‘action center windows’ that are completely interactive and look legit to the untrained eye. If clients click through, they’re asked to submit payment information, which is then sold to the highest bidder on sites like CVV2s.in and crackhackforum.com.
  • Must-Have: Since this is a long-standing scam, you’ll want an antivirus solution that updates its FakeAV index as frequently as possible. There will always be new ones popping up, so you’ll want to partner with a vendor who is committed to keeping their code current.

3) Powelik Pluggers. These threats hide in registries and silently pilfer client information. They can’t easily be caught by scanners because they don’t register as files.

  • Culprit: Any Number of Vicious Malwares. This type of attack is probably the worst because it keeps coming back. The malware embeds itself so deeply in the system and evolves and updates the way it exploits so quickly that anything but the latest anti-malware solution will leave your clients out in the cold.
  • Must-Have: The best defense here is a good offense. Once infected, it’s extremely challenging to completely remove the threat. By having a solid anti-malware solution in place that prevents the infection in the first place, your clients will be much better off in the long run.

Wondering where the fourth threat is? The Malware and the Modern Threat Landscape eBook holds the answer. Download it below!

3-3-2015 12-23-06 PM

Lenovo Support Page Hacked

In possible retaliation to the Superfish MITM software installed on Lenovo consumer machines, hackers looking to be representing Lizard Squad have hacked Lenovo’s support page through DNS hijack.  Currently, if you head to http://support.lenovo.com/us/en/product_security/superfish, a whole new site appears rotating through images hosted on IMGUR and playing a song hosted on YouTube.  Meta data in the code shows “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey”, who have been implicated as members of Lizard Squad in the past.  We have pulled the source code for reference. We will update as we find out more information.

[UPDATE] Lenovo has restored the page back to the proper website. No official word from their team on what happened or how many affected in this DNS hijack.

2-25-2015 2-39-28 PM

<html>

<head>

<title>@LizardCircle</title>

<link href=’//fonts.googleapis.com/css?family=Roboto’ rel=’stylesheet’ type=’text/css’>

<meta name=”description” content=”The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey”>

<style>body{background-color:black;color:white;font-family:’Roboto’,sans-serif;}a{color:cyan;}#slides{display:none;}.container{width:100%;height:100%;}.slidesjs-navigation{display:none;}iframe{display:none}</style>

</head>

<body>

<center>

<a href=”https://twitter.com/LizardCircle”>

<div class=”container”>

<div id=”slides”>

<img src=”http://i.imgur.com/UPVwGSb.png”/>

<img src=”http://i.imgur.com/pRvR6jj.png”/>

<img src=”http://i.imgur.com/zTydDfv.png”/>

<img src=”http://i.imgur.com/InvkIDg.png”/>

<img src=”http://i.imgur.com/yr19vvc.png”/>

<img src=”http://i.imgur.com/7wKXhr8.png”/>

<img src=”http://i.imgur.com/SMy9P4g.png”/>

<img src=”http://i.imgur.com/tBSSz1M.png”/>

<img src=”http://i.imgur.com/IWpV3nR.png”/>

<img src=”http://i.imgur.com/QzhXFor.png”/>

<img src=”http://i.imgur.com/ny9IAhQ.png”/>

<img src=”http://i.imgur.com/lsUMIiw.png”/>

<img src=”http://i.imgur.com/dnQGUS1.png”/>

<img src=”http://i.imgur.com/IQbF2nB.png”/>

<img src=”http://i.imgur.com/dGrve6S.png”/>

<img src=”http://i.imgur.com/PhEKut7.png”/>

</div>

</div>

</a>

</center>

<iframe width=”0″ height=”0″ src=”https://www.youtube.com/embed/ZLa__49Ltv4?autoplay=1&loop=1″ frameborder=”0″></iframe>

<iframe src=”https://neko.li/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<iframe src=”http://dev.neko.li/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<iframe src=”http://cf0.pw/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<script src=”http://code.jquery.com/jquery-1.9.1.min.js”></script>

<script src=”http://www.slidesjs.com/js/jquery.slides.min.js”></script>

<script>

$(function() {

$(‘#slides’).slidesjs({

width: 940,

height: 528,

navigation: false,

pagination: false,

effect: {

slide: {

speed: 200

},

fade: {

speed: 300,

crossfade: true

}

},

play: {

active: true,

auto: true,

interval: 2000,

swap: false,

pauseOnHover: false,

restartDelay: 2000

}

});

});

</script>

</body>

</html>

Google is taking steps to eliminate deceptive download ads.

Reading that Google was adding More Protection from Unwanted Software to their search results was a pleasant surprise. These deceptive ads for third-party downloads that include additional Potentially Unwanted Applications (PUAs) along with the software that you were intending to download have been a plague for some time now. Not only do these ads lead to PUAs being installed, we are also constantly asked why we blocked what people thought were legitimate downloads.

Naturally I wanted to check this out for myself. Imagine my disappointment when I did a search for “download flash player” and the first result was an ad for a third-party download:

1

I did some more searches and found that depending on what you search for, you may or may not get ads for third-party downloads. A search for “download vlc player” yielded no ads:

2

While certainly not perfect, this is a major step forward in helping prevent PUAs, and based on the changes that Google has made to their AdWords policy, I only expect this to get better over time.  As you can see by the screen shots posted here, the official downloads are now clearly marked, and even with the third-party ad for Adobe Flash Player, the link to the official download certainly stands out in a way that should help prevent users from clicking on the third-party ads.

It will be interesting to see if other search engines follow suit. Until they do, it is up to all of us to spread the word about the changes Google is making and let others know how easy it now is to identify the official download links for software (as long as you’re using Google as your search engine).

Five Questions The Financial Industry Should Be Asking About Security

As the mobile market continues to skyrocket and gain new users, financial industries are finding it increasingly more difficult to protect their customers against online fraud. Add in the seemingly never-ending wave of company breaches and data loss, coupled with an increasing number of users relying on mobile for their banking needs, and you have a recipe for potential disaster. As a result, customers are pressuring banks to add features and functionality, but at the moment, the US is behind the rest of the world in rolling out such features. Fortunately, there are ways for banks to mitigate these risks and fight back against these threats to their customers. Here are five questions the financial industry needs to be asking about security.

  • Q: What would the cost be for a single fraud breach within my banking channel?

Why you should be asking it:  From breaches at JP Morgan and Sony, to the recent Anthem data loss, we know data is under attack, and this is not a new target. When a financial institution suffers a single fraud breach, the costs expand beyond the data and on to customer trust, future business, and insurance.

  • Q: What is the most vulnerable point in our banking network?

Why you should be asking it: Breaches big and small can occur from one small dent in the armor, and when an exploitable weakness is discovered by cybercriminals, it would not be long until the full security layer is compromised. In the complete path from endpoint to data storage, where and when will that most vulnerable point appear?

  • Q: How do mobile threats attack our customers directly?

Why you should be asking it: Mobile is the hot new target for cybercriminals, who are quickly learning new ways to mask threats and make them more difficult to detect. Malicious mobile apps are rapidly on the rise and established PC threats like ransomware are trickling down to mobile devices.

  • Q: How can banks fight these threats and protect their customers?

Why you should be asking it: Educating customers on the importance of security is crucial, but that’s only part of the battle. Mobile security is a must today, but not all solutions are created equal. Manually downloading mobile antivirus requires some customer intervention and many users don’t even consider this crucial security step on their personal devices. Fortunately, there’s a ‘bet-of-both-worlds’ solution.

  • Q: How many people will be using their mobile devices for banking in 2017?

Why you should be asking it: The mobile market continues to skyrocket and shows no signs of slowing down. With an ever-increasing number of users connecting and downloading apps, the risk of being exposed to mobile malware also increases.

David Duncan will be speaking at the ISMG Los Angeles Fraud Summit on February 24, 2015 at the Hilton Los Angeles/Universal City.  For more information, please click here: http://www.ismgcorp.com/fraud-summit/los-angeles-11

Significant Gaps Between Compromise and Discovery

Over the past five years, the number of records compromised in US business breaches has exploded, growing from less than 20 million in 2010 to over 92 million in 2013. With major breaches at Target and the Home Depot, and many smaller breaches in the last year, the increase in records lost does not appear to be on the decline.

Some form of security technology was in place at most of these breaches so it is becoming clear that the issue is not one of having technology, but is in the reliance on outdated modes of security practices. Active, persistent attempts at breaching organizations is inevitable in this day and age, but breaking down the attacks and being able to intelligently detect the signs of a breach in real-time will help to minimize the destruction or exfiltration of data.  There are steps to help defend against the unknown, and with the right security approach, decrease the significant gaps between compromise and discovery.

Improve Your Vision To Defend Against Unknowns

Maintain visibility into the GLOBAL threat landscape.

Through the use of a global network of analytical servers, endpoints, security partners and other data collection tools and by collating varying types of threat data such as IP data, URL and Web data, Mobile App Data and Malicious File Data it becomes possible to understand the current, active threat landscape. Without a global network of collectors and without multiple data points it is not possible to have a complete understanding of the current threat landscape.

Ensure a real-time view of Internet objects to keep up with the new threats and the changing nature of known threats. 

Through the use of machine learning and automated analysis of data captured by endpoints, honeypots, security partners and other data collection vectors it is possible in real-time to identify zero-day and zero-hour threats. With the proper deployment mechanisms these threats can be detected and blocked within minutes or seconds ensuring organizations are protect from even the most aggressive threats.

Use intelligence to look for signs of successful attacks (no security is perfect).

Using contextual analytics to build relationships between threat data types an organization can now begin to dig deeper into known attacks to understand both the origin and the intent of a malicious player. A single data point such as an IP Address is no longer a standalone threat element rather it is now possible to analyze relationships that IP address has not only with other IP addresses but with Mobile Applications, Malware and URLs. This analysis allows not only the ability to more quickly and reliably identify a threat but paints a better picture of the nature and intent of an attack.

With the number of successful breaches increasing, it’s time for companies to improve their security vision to protect against the unknowns. As no security system on its own is perfect, it’s time to push for a layered approach with contextual analysis, automation and predictive machine learning as the new standard. This tactic, along with better breach awareness, will only help to decrease that gap, increase reaction time, and stop a breach from having a lasting impact on data and corporate reputation.

 

Competition at an All-Time High in Lucrative Hacking & Cybercrime-as-a-service Markets

While black market websites have long since offered a wide array of services aimed at the aspiring cybercriminal, recent attention has been given to a new breed of websites that offer hacking services to a much broader market, anyone really – for hire of course. Sites such as hackerslist.com, hackerforhire.org, neighborhoodhacker.com and even the review site, hackerforhirereview.com, serve as anonymous meeting grounds for people seeking hacking services and for hackers to provide those services. While the legality of these sites is still in question, many listings populate these sites and many hacking services have been rendered.

So what services are available on these sites? How much does it cost? And can you get in trouble?
Let’s find out!

First, the services offered on these more mainstream sites are only a small subset of the service offerings available on the larger underground market. You won’t find access to 100’s or 1000’s of infected PC’s, or malicious botnet hosting services either. Nor will you find malware writers or liquidation services for stolen passwords and credit card info. These offerings remain only available on sites looking to attract new cybercriminals which is quite a bit different from the focus of the hacking for hire websites.

The offerings you will find on hacking for hire sites are largely tied to spying and breaking into accounts as well as removing defamatory content and investigating cyber-bullying. Some sites have stronger policies about which services can be rendered and the term ‘Ethical Hacker’ is used broadly to give assurance to visitors seeking services that doing so is justified, and even ethical. But quite the opposite can be true. Who is to say that once a password is cracked, that the hacker stops there? Or that once an account is broken into that the hacker won’t collect additional information? What if the hacking service is a scam or what if the hacker is actually law enforcement? There are clearly many very considerable risks in using such services.

But back to what services are actually available and their prices? Pulled directly from neighborhoodhacker.com, here is a list of their service offerings:

• Password Cracking & Recovery
• Online account hacking
• Social Media & Cyber Stalking Investigations
• Social Media Hacking
• Online Fraud Investigation
• Mobile Security
• Identity Theft Consulting
• Encryption
• Cyber Bully or Stalker Investigations

The prices for these services range considerably based on a few factors but generally cost between $100 and $3000 depending on the complexity of the hacking job, a price well within reach for most.

Ultimately, what these sites represent is a growing demand for hacking services. Their emergence continues a trend that has been, and continues, strong in the black market for services. That is, year over year, the barrier to entry into participating in cybercrime becomes easier.
No matter what you’re looking to do, there is someone there ready to help, and not for a very unreasonable fee.

Stay tuned for my next blog which will take a much closer look at what services are offered on the black market for cybercrime.

Did Blackhat just break the hacker movie stereotype?

Blackhat(Yes, he’s Thor in other movies, but that doesn’t mean he can’t hack in Blackhat)

Blackhat is out today in theaters, and we were lucky enough to have an advanced screening of the film alongside our very own threat security team.

As seen in our previous post on Hollywood and hacking, the majority of the time it feels like producers in Tinsel Town don’t have a full grasp on how hacking works or how to accurately present it to the viewers, and instead come up with ridiculous uses of the computer that make little to no sense to the tech-savvy.

Blackhat felt like the opposite of that.  And that is the biggest surprise for us.  In all honesty, we headed into the movie, expecting it to have major misrepresentations and to tear it apart.  But as we sat around discussing the flick, we concluded that the team behind the movie really did their research.  Dare we say that Blackhat might be one of the best Hollywood representations of hacking and cybercrime, especially focusing on the darker side of criminal activities?

Yes, we do dare.

To say the movie is truly authentic would be a stretch, but the fact is that Michael Mann avoids the major stereotypes that have become all too commonplace in other films. He also does a good job traversing the social-political game of relations between US Government agencies as well as US-China relations. As a result, the story carries itself through very well to the end.

The movie actually presented many different methods that criminals will attempt to breach security, including social engineering, direct breach, cyber espionage, and computer hacking itself.  While hacking was a central topic throughout, ‘Blackhat’ was more than just about hacking, and focused more on cyber-terrorism, a broader yet more relevant topic that has been in the news quite a bit lately.  Each of these methods of breach are an everyday threat to organizations big and small.  If anything, the movie stands as a representation of the complexity of today’s security environment, showing how security alone will do little to keep a network safe.

While there was a bit too much Hollywood sexiness and bravado when it comes to just how talented the characters were, this inclusion surely added to the entertainment value.  We wish we could go from evaluating code to globetrotting, chasing down the bad guys, but sadly that is not how it works these days.

Overall, Blackhat was a well told story, and from a security team’s perspective, it maintains a solid grasp on reality in most of its hacking scenes.  The entertainment value was there, alongside fairly accurate representations of security infiltration, leading us to walk out pleasantly surprised.  And we think you might be as well.

http://youtu.be/Qn2g9qGbH_k

Hacking in Hollywood

It’s generally understood that Hollywood will always put their own spin on actions in order to help tell a story.  That’s part of the movie and TV magic, or artistic license, that directors take when they are producing these pieces of entertainment.  But sometimes, the artistic license itself is more entertaining for how far off they are representing said actions.

With “BlackHat” coming to theaters tomorrow, we decided to look back at some of the most ridiculous forms of ‘hacking’ displayed on the big (and small) screen.  Here are our 7 favorite misrepresentations of hacking from Hollywood.

Hackers:

http://youtu.be/8wXBe2jTdx4

This 1995 classic really took hacking to mainstream, introducing the idea of gangs of hackers to the world.  While it is true there are groups out there dedicated to hacking, that is where the similarities end.  As you can see in the clip, the hackers and the target are in a long, drawn out command-based attack against each other, all supported by 3D navigation of operating system code.

Jurassic Park:

http://youtu.be/dFUlAQZB9Ng
2nd Clip: https://www.youtube.com/watch?v=RfiQYRn7fBg

Jurassic Park has two ‘great’ examples of Hollywood hacking.  The first is the overly simplistic, “hacker crap”, stemming from simple commands.  The second being that just because the girl knows “Unix” she’s now able to control everything by clicking files?  We know that control is about commands, and hacking doesn’t occur via a GUI.

Goldeneye:

http://youtu.be/mIq9jFdEfZo

“BORIS IS INVINCIBLE”.  Need we say any more about this?  Boris, the self-described geek of Goldeneye, shows simplistic forms of hacking while breaking into the US Government computers as well as those around him.  In around 10 words, Boris is able to access everything he needs in any situation form any target.

Independence Day:

84255100

We don’t have an individual clip of this one, but chances are we have all seen this movie and the scene (pictured above) where Jeff Goldblum’s character uploads a virus using human technology (like a USB drive, etc) to an alien spaceship, and then proceeds to use a regular PC to complete the process.  Lots of scroll-y windows and a big, red “VIRUS UPLOADED” for the viewer’s pleasure.

Live Free or Die Hard:

http://youtu.be/F2zFmezNwaU

From the very start of this film, we are shown that hackers, and the viruses they produce, can control C4 and other items.  While technologically that is possible with command lines, specific transmitters, and such, the representation that hackers are deadly mercenaries is beyond crazy.  Beyond that, we again see the GUI supported hacker/virus delivery programs that have become common place in these style representations.


Swordfish:

swordfish_hacking

Probably the biggest offender of the GUI supported hacking alongside some amazing keyboard work.  While the clip won’t be linked here, the displays of hacking are amazing, with what seems to be a random pressing of keys in random orders, with no real commands, alongside encrypted files being decrypted, again, by command.  Super computers would struggle with the work, but our star can do it all in 60 seconds.

NCIS:

http://youtu.be/u8qgehH3kEQ

The crown goes to NCIS, hands down.  While the other examples are laughable at most, still linking back to a little (sometimes very little) reality, this clip shows one of the most ridiculous forms of “counter hacking” ever seen on the screen.  With 2 NCIS agents on one keyboard, almost a homage to “Hackers”, they attempt to defend off a hack of a mainframe by typing faster.  That’s all they do.  And it’s hysterical.

Why 2015 will be the year of cloud attacks

Several cyber take downs occurred this year when hackers infiltrated Home Depot, Michaels, iCloud, JP Morgan and the list just goes on. And while consumers and companies have been hit hard in 2014, our 2015 security predictions show that this will be the year of the cloud attack.

According to a recent IDC report, almost 90 percent of Internet spending (including mobile apps, big data and social media) will be on cloud-based technologies over the next six years.

While many companies are making the leap to the cloud, securing the cloud remains an ongoing challenge for IT departments. Smart cyber criminals know where the holes reside and view this space as a big target.

In 2015, a major cloud provider will be breached, compromising many of their customers’ data and in turn leaving hundreds of thousands of individuals vulnerable to follow-on threats. Following the breach, I predict the following will occur:

  1. U.S. Congress will step up efforts to legislate better security protection in public clouds.
  2. Consumer and shareholder outrage will lead to the sacking of several CEO’s and CISO’s and force the creation of internal cybersecurity task forces.
  3. Enterprises will recognize the benefits of cloud-based malware protection as well as cloud-based cyber attacks.
  4. Enterprises, government agencies and security vendors will begin to develop more effective collaboration and cooperation to combat the wave of cyber crime and cyber warfare.

With our 2015 security predictions in mind, what other theories do you have for this year’s security landscape?  Share your ideas in the comment box below.

Social Engineering improvements keep Rogues/FakeAV a viable scam

The threat landscape has been accustomed to rogues for a while now. They’ve been rampant for the past few years and there likely isn’t any end in sight to this scam. These aren’t complex pieces of malware by any means and typically don’t fool the average experienced user, but that’s because they’re aimed at the inexperienced user. We’re going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success. While the images shown may have different names of A-Secure, Zorton, and AVbytes, they are identical in execution, appearance and are likely from the same author(s). Webroot users are protected from all variants of these encountered.

 

This is what the GUI looks like and it’s pretty standard. Well polished and full functionality of all buttons. Those “scanned files” don’t actually exist, but those directories do so this simple indexing can add some form of legitimacy of unsuspecting users.

 

This is probably the biggest improvement to the veil of legitimacy. These brands of FakeAV now come with an action center window that is almost identical to the real one. Right where you would normally see your legitimate security software’s status via windows they have theirs listed in all the same fashion. This is just a fake action center and the malware will prevent you from opening the real action center and will just redirect you to this window. I can see this tactic fooling even the average user at times. These rogues wouldn’t be complete without a payment “website” and these probably have the best developed so far. Here is the payment page and the home page.

 

Not only do these pages contain fake awards from legitimate testing companies, but they also have phony reviews and even a simulated news feed with product updates, blogs and press releases. This really is the icing on the scam cake as depending on the limited interaction you’ve had with the rogue, it could be enough to convince you that this program will actually help you and may be worth the money. Now skeptics will notice that there are some flaws like “VMworld 2011 Europe” – how would a 2015 product make it to that expo? And the image used at the top of the home page shows Win XP security when the product is for Win 7. These are all minor mistakes and could have easily been fixed. I suspect that we’re only going to see more innovation in the future and eventually might find rogues that will blur the lines between legitimate and fraudulent so well that they’ll be almost indistinguishable.

Vaporizer chargers can contain malware

Vaporizers (AKA E-cigarettes) have been gaining some serious traction and widespread use over the past few years. The sudden surge of popularity isn’t too surprising considering the fact that the health implications of nicotine consumption are vastly more favorable with vaporizers when compared to traditional cigarettes.

Most Vaporizers charge through a propriety connection to USB that looks something like this:

Should be harmless, right?

In a recent reddit post, the poster reported that an executive at a large corporation had a data security breach on his system from malware, the source of which could not be determined initially. The machine was patched up to date, had updated anti-virus protection, and Weblogs were evaluated. “Finally after all traditional means of infection were covered; IT started looking into other possibilities…” The made in china USB charger had malware on it that, when plugged into a computer’s USB port, would phone home and infect the system.

Now for those of you scratching your head going – hang on a minute… Windows hasn’t auto-executed anything from USB in YEARS. USB drivers are loaded from the library on the PC and I would know when it was plugged in and I would have to click and run a file in that folder – this whole story sounds fishy… Let me introduce you to BadUSB. Essentially this USB control chip would be reprogrammed to act as a keyboard + mass storage device. Once plugged in, it sends key-commands to open command prompt and then executes files from the storage. It’s not as if this vector of attack is brand new either – at least conceptually. According to @th3j35t3r (the Jester), a well known cyberwarrior in an article titled ‘What would I do if I was Chinese PLA’, USB charger attacks such as this are “theoretical but entirely possible, if not probable”.

My personal suggestion to those concerned is to only charge USB devices through a wall adapter (they charge faster anyway). If you REALLY need to charge through USB then I suggest getting one of these, dubbed “USB Condoms”, which will make sure that only power is drawn and no data is exchanged.

 

What kind of defenses exist for this type of attack? Basically not much. Malware scanners cannot access the firmware running on USB devices and USB firewalls that block certain devices do not exist yet. Behavioral detection is unlikely since the device’s behavior is just going to appear as though a user has simply plugged in a new device. It’s very unsettling and the threat is there however unlikely we think it is. While I doubt this is widespread or even remotely common, I did make sure to take apart my charger and made sure that there were no data pins and that it was only drawing power through USB.