Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Imminent threats

 

MY TAKE: Here’s how ‘bulletproof proxies’ help criminals put compromised IoT devices to work

By Byron V. Acohido

Between Q1 2019 and Q2 2019, malicious communications emanating from residential IP addresses in the U.S. – namely smart refrigerators, garage doors, home routers and the like – nearly quadrupled for the retail and financial services sectors.

Related: How botnets gave Trump 6 million faked followers

To put it plainly, this represented a spike in cyber attacks bouncing through ordinary Internet-connected devices humming away in homes across America. These attacks were carried out by cyber criminals leveraging an insidious new attack tool: bulletproof proxies.

What were they up to? IoT devices are proving to be an integral element for cyber criminals to launch automated attack campaigns to manipulate social media likes, create fake accounts, take over existing accounts, execute credential stuffing, content scraping, click fraud and carry out other cyber villainy.

This stunning intel comes in a study from Cequence Security, a Sunnyvale, CA-based vendor focused on helping companies defend against such attacks. These findings have huge implications, not just highlighting what a huge drain botnets have become to our Internet-centric economy, but also underscoring how botnets have become a disruptive force in political discourse, globally.

I had a deep discussion about this with Cequence’s Will Glazier, head of research, and Matt Keil, director of product marketing, at Black Hat USA 2019. For a full drill down, give a listen to the accompanying podcast. My big takeaways:

Bulletproof weaponry

Back in 2007, a noted fellow journalist, Brian Krebs, exposed how the Russian Business Network had pioneered something called “bulletproof hosting.” RBN provided web hosting services to one-and-all, and then looked the other way as spammers, fraudsters and even child pornography distributors did their thing, operating their botnets with impunity.

Just the other day, Krebs broke another story about what he’s calling “bulletproof residential VPN services.” And Cequence has done deep analysis on “bulletproof proxies” — the latest, greatest iteration of bulletproof hosting. Instead of building out and hosting a server farm that can be isolated and potentially shut down by law enforcement, bulletproof proxy providers today assemble millions of globally distributed IP addresses and make those available to one-and-all.

Crucially, the availability of an endless supply of IP addresses reinforces the viability of botnets. (A bot is a computing nodule, and a botnet is a network of nodules under control of the botnet master.) The fact that botnet nodules today increasingly spin out of residential IP addresses is significant for two reasons: …more

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

By Byron V. Acohido

A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online.

Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers.

Related: Most companies ignorant about rising mobile attacks

While it might be tempting to dismiss the potential revenue lost by Apple, Samsung, HTC and other suppliers of authentic phones, this counterfeit wave is particularly worrisome. The faked phones flooding  the market today are slicker than ever. And, increasingly, they come riddled with some of the most  invasive types of malware.

This is putting consumers and companies in harm’s way through yet another attack vector – one which gives professional hacking collectives another means to compromise online accounts and break into company networks.

“These devices are not safe to do anything on, and they impact everything they touch,” says Ronan Cremin, chief technology officer at Afilias Technologies, a Dublin-based tech vendor that has a unique view of mobile device usage patterns.

I visited with Cremin at Black Hat USA 2019. For a full drill down of our discussion, give a listen to the accompanying podcast.  My takeaways:

Cutting corners

Knock-off smartphones are a much bigger problem than most folks realize. An estimated 180 million counterfeit mobile phones are sold globally each year, representing a potential loss of $50 billion to device manufacturers, according to a study by the EU’s Intellectual Property Office.

Such phones have been around for a few ears, and the latest iterations are getting nearly impossible to distinguish from the genuine article, Cremin told me. Packaging is spot on: all expected accessories, including headphones, chargers, cables and user guides are typically included. Outwardly, the look-and-fell is amazing: fit and finish and the user interface are indistinguishable from the genuine article. The big clue that it’s a fake is the asking price, which is typically a tenth or less of what you’d expect to pay.

Ah, but on the inside, that is where all the corners get cut. A favorite sleigh-of-hand is to display bogus specs for the make, model, RAM, storage and CPU core. Under the covers, the main components typically will be several generations old. …more

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

By Byron V. Acohido

“All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!”

This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city’s servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs.

Related:  ‘Cyber Pearl Harbor’ happens every day

Some 15 months earlier, in March 2018, Atlanta was hit by a similar assault, and likewise refused to pay a $51,000 ransom, eating $17 million in damage.

Stunning as these two high-profile attacks were, they do not begin to convey the full scope of what a pervasive and destructive phenomenon ransomware has become – to individuals, to companies of all sizes and, lately, to poorly defended local agencies.

Probing and plundering

Ransomware is highly resilient and flexible. Its core attraction for criminals is that it is about as direct a channel to illicitly-garnered cash as any conman could dream up – few middlemen required.

From a high level, ransomware is essentially an open platform that operates on market principles, around which a thriving ecosystem of suppliers and specialists has taken shape. This has opened the door for newbie purveyors, with modest technical skill, to enter the field, giving these novices easy and cheap access to powerful turnkey tools and services. Meanwhile, the advanced hacking collectives invest in innovation and press forward. The net result is a continuation of proven styles of ransomware attacks, as well as constant probing for vulnerable pockets and plundering along fresh pathways.

According to the FBI, the absolute number of daily ransomware attacks actually dipped slightly last year. However, that’s more a function of hackers targeting individuals less, and companies and governments more. And as highlighted by the assaults on Baltimore and Atlanta, municipalities are among the hottest targets of the moment. A survey of local media reports by Recorded Future tallied 38 ransomware attacks against cities in 2017, rising to 53 attacks in 2018. In the first four months of 2019 alone, some 22 attacks have been disclosed.

…more

GUEST ESSAY: 6 unexpected ways that a cyber attack can negatively impact your business

By Mike James

Cyber crime can be extremely financially damaging to businesses. However, if you believe that money is the only thing that a cyber-attack costs your organization, you would be wrong. In fact, a recent academic analysis identified 57 specific individual negative factors that result from a cyber-attack against a business. Here are six ways, worth considering, that a attack can affect your organization.

SEO rankings

James

There are a number of issues that will occur in the aftermath of a cyber-attack that can have enormously negative consequences for your search engine optimisation (SEO). Hacked sites, for example, will by flagged in the rankings with a warning sign which can put off visitors. It is also worth noting that when a site is hacked it can start receiving bad reviews on Google’s review section – these can both begin to see you dropping in the rankings and losing traffic.

A large number of sites also have their content altered when they suffer a breach, and given the importance of content to the way that your site ranks, this can clearly play a huge role.

Legal and compliance issues

It is not just cyber-criminals that you have to worry about when you are calculating the costs of a cyber-attack. In the modern world of data protection and industry regulators, there are now powers to heavily fine businesses that fail to take adequate steps to protect their customers.

Related: Poll shows SMBs struggle dealing with cyber risks

Under the General Data Protection Regulation (GDPR) for example, regulators now have the power to fine businesses up to €20 million or 4 per cent of annual global turnover (whichever is greater), if they suffer a data breach and have failed to be in compliance with the regulation. This shows you just have expensive the concept is. …more

MY TAKE: Let’s not lose sight of why Iran is pushing back with military, cyber strikes

By Byron V. Acohido

It is not often that I hear details about the cyber ops capabilities of the USA or UK discussed at the cybersecurity conferences I attend.

Related: We’re in the golden age of cyber spying

Despite the hush-hush nature of Western cyber ops, it is axiomatic in technology and intelligence circles that the USA and UK possess deep hacking and digital spying expertise – capabilities which we regularly deploy to optimize our respective positions in global affairs.

Last week, President Trump took an unheard of step: he flexed American cyber ops muscle out in the open. An offensive cyber strike by the U.S. reportedly knocked out computing systems controlling Iranian rocket and missile launchers, thus arresting global attention for several news cycles.

“The digital strike against Iran is a great example of using USCYBERCOM   as a special ops force, clearly projecting US power by going deep behind enemy lines to knock out the adversary’s intelligence and command-and-control apparatus,” observes Phil Neray, VP of Industrial Cybersecurity for CyberX, a Boston-based supplier of IoT and industrial control system security technologies.

Some context is in order. Trump’s cyber strike against Iran is the latest development in tensions that began in May 2018, when Trump scuttled the 2015 Iran nuclear deal – which was the result of 10 years of negotiation between Iran and the United Nations Security Council. The 2015 Iran accord, agreed to by President Obama, set limits on Iran’s nuclear programs in exchange for the lifting of nuclear-related sanctions.

For his own reasons, Trump declared the 2015 Iran accord the “worst deal ever,” and has spent the past year steadily escalating tensions with Iran, for instance, by unilaterally imposing multiple rounds of fresh sanctions.

Iran pushes back

This, of course, has pushed Iran into a corner, and forced Iran to push back. It’s important to keep in mind that Iran, as well as Europe and the U.S., were meeting the terms of the 2015 nuclear deal, prior to Trump scuttling the deal.  Let’s not forget that a  hard-won stability was in place, prior to Trump choosing to stir the pot.

Today, Iran is scrambling for support from whatever quarter it can get it. It’s moves, wise or unwise, are quite clearly are calculated to compel European nations to weigh in on its behalf. However, many of Iran’s chess moves have also translated into fodder for Trump to stir animosity against Iran. …more

BEST PRACTICES: Do you know the last time you were socially engineered?

By Byron V. Acohido

This spring marked the 20th anniversary of the Melissa email virus, which spread around the globe, setting the stage for social engineering to become what it is today.

The Melissa malware arrived embedded in a Word doc attached to an email message that enticingly asserted, “Here’s the document you requested . . . don’t show anyone else;-).” Clicking on the Word doc activated a macro that silently executed instructions to send a copy of the email, including another infected attachment, to the first 50 people listed as Outlook contacts.

What’s happened since Melissa? Unfortunately, despite steady advances in malware detection and intrusion prevention systems – and much effort put into training employees – social engineering, most often in the form of phishing or spear phishing, remains the highly effective go-to trigger for many types of hacks.

Related: Defusing weaponized documents

Irrefutable evidence comes from Microsoft. Over the past 20 years, Microsoft’s flagship products, the Windows operating system and Office productivity suite, have been the prime target of cybercriminals. To its credit, the software giant has poured vast resources into beefing up security. And it has been a model corporate citizen when it comes to gathering and sharing invaluable intelligence about what the bad guys are up to.

Threat actors fully grasp that humans will forever remain the weak link in any digital network. Social engineering gives them a foot in the door, whether it’s to your smart home or the business network of the company that employs you.

Attack themes

A broad, general attack will look much like Melissa. The attacker will blast out waves of email with plausible subject lines, and also craft messages that make them look very much like they’re coming from someone you might have done business with, such as a shipping company, online retailer or even your bank.

Some common ones in regular rotation include: a court notice to appear; an IRS refund notice; a job offer from CareerBuilder; tracking notices from FedEx and UPS; a DropBox link notice; an Apple Store security alert; or a Facebook messaging notice.

…more

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

By Byron V. Acohido

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner.

Related: The rise of ‘memory attacks’

I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant  Huawei. These are the carriers that provide Internet access to rural areas all across America.

Starks

Federal Communications Commission member Geoffrey Starks recently alluded to the possibility that China may have secretly coded the firmware in Huawei’s equipment to support cyber espionage and cyber infrastructure attacks.

This isn’t an outlier exposure, by any means. Firmware is the coding that’s embedded below the software layer on all computing devices, ranging from printers to hard drives and motherboards to routers and switches. Firmware carries out the low-level input/output tasks, without which the hardware would be inoperable.

However, the security of firmware has been largely overlooked over the past two decades. It has only been in the past four years or so that white hat researchers and black hat hackers have gravitated over to this unguarded terrain – and begun making hay.

I recently had the chance to discuss this with John Loucaides, vice-president of engineering at Eclypsium, a Beaverton, OR-based security startup that is introducing technology to scan for firmware vulnerabilities. Here are the big takeaways:

Bypassing protection

Firmware exposures are in the early phases of an all too familiar cycle. Remember when, over the course of the 2000s and 2010s, the cybersecurity industry innovated like crazy to address software flaws in operating systems and business applications? Vulnerability research took on a life of its own.

As threat actors wreaked havoc, companies strove to ingrain security into code writing, and make it incrementally harder to exploit flaws that inevitably surfaced in a vast threat landscape. Then, much the same cycle unfolded as virtual computing came along and became popular; and then the cycle repeated itself, yet again, as web browsers took center stage in digital commerce. …more