Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Uncategorized

 

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

By Byron V. Acohido

Nation-state backed hacking collectives have been around at least as long as the Internet.

However, evidence that the ‘golden age’ of cyber espionage is upon us continues to accumulate as the first half of 2018 comes to a close.

Related podcast: Obsolescence is creeping into legacy security systems

What’s changed is that cyber spies are no longer content with digital intelligence gathering. Military operatives and intelligence units today routinely hack to knock down critical infrastructure, interfere with elections, and even to exact revenge on Hollywood studios.

Recently, one of the most powerful and notorious cyber spies on the planet, North Korean General Kim Yong Chol, stepped from obscurity into global celebrity status.

Last month President Trump invited the heretofore obscure General Kim into the White House for an impromptu state visit. For about two hours, Trump exchanged pleasantries with the man who orchestrated North Korea’s devastating hack of Sony Pictures in 2014, the aforementioned revenge caper. The tête-à-tête unfolded as Trump prepared for his summit in Singapore with General Kim’s boss, North Korean despot Kim Jong-un.

Rise of North Korea

It’s notable that, since the Sony Pictures hack, General Kim has steadily gotten more powerful and adept at the cyber spy game. Today he commands a cyber army, some 7,000 hackers and support staff strong, that has emerged as a potent and disruptive force. The Wall Street Journal recently reported that North Korea is cultivating elite hackers much like other countries train Olympic athletes.

Meanwhile, Iran-sponsored cyber operatives are making hay, as well. Trump’s decision …more

MY TAKE: Why Google is labeling websites ‘unsafe’ — what publishers need to do about it

By Byron V. Acohido

One of the things Google’s security honchos have long championed – for the most part out of the public spotlight  — is to make HTTPS Transport Layer Security (TLS) the de facto standard for preserving the integrity of commercial websites.

TLS and its predecessor, Secure Sockets Layer, (SSL), rely on digital certificates to validate that a website is really what it claims to be. In an environment where spoofed and booby-trapped websites have come to clutter the Internet, this is a vital function.

Related article: How the PKI ecosystem can secure IoT

TLS also leverages public key infrastructure (PKI) encryption to protect the data submitted by users at legit sites. Companies, known as Certificate Authorities (CAs,) play a pivotal role issuing TLS certificates and assisting website owners with implementation of PKI.

For the most part, this arrangement has worked very well, although, like anything else in security, it can be improved. On March 15, Google will take a bold step to strengthen TLS – it will advance the process of ending trust in hundreds of thousands of TLS certificates issued by Symantec, the former kingpin CA. With the release of the beta and stable versions of Chrome 66, Google will begin issuing “distrust” alerts to those who visit web sites using any Symantec-rooted certificates issued prior to June 1, 2016.

Engendering trust

Starting Thursday, March 15, this could play out as a rude awakening for web site publishers who haven’t been paying attention. However, the good news is that, thanks to the sudden — and remarkably smooth — handoff of Symantec’s digital certificate …more

MY TAKE: Necurs vs. Mirai – what ‘classic’ and ‘IoT’ botnets reveal about evolving cyber threats

By Byron V. Acohido

I’ve written about how botnets arose as the engine of cybercrime, and then evolved into the Swiss Army Knife of cybercrime. It  dawned on me very recently that botnets have now become the bellwether of cybercrime.

This epiphany came after checking in with top experts at Proofpoint, Forcepoint, Cloudflare and Corero — leading vendors that devote significant talent and resources to monitoring and analyzing botnets. I also spoke with SlashNext, a startup that specializes in detecting stealthy botnet activity.

Related article: Russian botnets ignite social media blitz

There’s much we can discern from the distinctive ebb and flow of botnet-borne malicious activity. ‘Classic’ botnets are comprised of vast numbers of infected PCs, servers and virtual computing nodules. One of particular note is called Necurs, a massive botnet-for-hire and the king of delivering phishing email attacks, ransomware campaigns and Banking Trojans.

Then there are any number of smaller, single-purpose botnets owned and operated by nation-state-backed hacking rings. The obvious example: the Russian botnet operators who orchestrated the wave of social media spoofing and propagandizing designed to influence political discourse and meddle in elections in the U.S. and all across Europe. the most recent example: Russian botnets hyped the hyped the #Releasethememo campaign on Twitter to lend credence to Rep. Devin Nunes’, R-Calif.,  secret ‘memo’ purportedly discrediting and disqualifying the FBI from investigating Russia’s meddling in the last U.S. election. That came after Russian botnets fueled wildly conflicting polling results during the 2016 presidential race, and fabricated 6.1 million Twitter followers for then-candidate Trump.

Leonard

Meanwhile, a new generation of Internet of Things botnets has arrived on the scene. IoT botnets, like Mirai and Reaper, are comprised of infected home routers, surveillance cameras and other IoT devices. Monitoring the badness emanating from the likes of Necurs, Mirai and Reaper can tell us a lot about where cyber criminals’ attention is focused – and where it might turn next. “The cyber threat landscape is constantly changing; fashions come and go,” observes Carl Leonard, principal security analyst at Forcepoint. “Cyber criminals are always seeking to increase their return on investment and they’re only going to perform an activity if it’s worthwhile for them and if they can still continue to see success over time.”

Botnets for hire

Let’s start with a basic definition and take a look at the aforementioned Necurs, a preeminent botnet, in terms of delivering malicious payloads. A bot is a computing nodule infected with a small bit of coding that causes it to obey instructions from a command and control server. A botnet is a network of thousands upon thousands of bots under control of an attacker. …more

NEWS WRAP-UP: Walmart tracks customers’ facial expressions; teachers hacked; Asians seek cyber insurance

By Byron V. Acohido

Week ending Aug. 11. Walmart has filed a patent for video technology to track customers’ facial expressions as they shop, potentially allowing employees to address customer needs before they have to ask. The system would use video to scan for customers who are frustrated or unhappy if they can’t find a product or figure out pricing. The system also could see when a display or product pleases shoppers. According to the patent filing, Walmart says it’s easier to retain existing customers than acquire new ones. Walmart also will use the technology to analyze trends in shoppers’ purchase behavior over time, according to the patent filing. The system links customers’ facial expressions to their transaction data—meaning how much they’re spending and what …more

VIDEO: How phishers are coming after you — and what you should do about it

By Byron V. Acohido

The current cybersecurity climate makes it hard not to be cautious of phishing attacks. Forget reclaiming lost family fortunes or assisting Nigerian princes, today’s phishing scams are targeted, complex and incredibly prevalent.

It feels like a new, high-profile phishing attack is getting reported every other month. In May, Google Docs users were being targeted with malicious invitations to edit fictional documents. Before that, DocuSign users were sent bogus emails encouraging them to download a Microsoft Word document that installed malicious malware.

Related infographics: Phishers focus on smaller financial institutions

Despite increased awareness for these attacks and “I’d never fall for that” attitudes, Verizon’s 2017 Data Breach Investigations Report showed that 1 in 14 users fell for a phishing …more

GUEST ESSAY: 6 ways to use a ‘secure code review’ to engrain security during software development

By Amit Ashbel

An application or update is days, or possibly just hours away, from release and you’ve been working hard to ensure that security tools and processes are integrated throughout the development process. You believe you’ve followed all the steps and your app is ready to go, right?

Wrong. You have one more step in the security process before you can give the green light: a secure code review.

Related podcast: How application security testing can dovetail into ‘DevOps’

Ashbel

If you’re wondering what a secure code review is, it’s the process organizations go through to identify and fix potentially risky security vulnerabilities in the late and final stages of development. They …more

PODCAST: Dell SecureWorks discloses how faked personas fuel targeted attacks

By Byron V. Acohido

In the wake of phishing attacks involving Google Docs and DocuSign, corporate awareness of socially engineered cybersecurity threats is at an all-time high. Naturally, this has led to an increase in employee training and awareness.

This kind of action couldn’t be more necessary. According to Software Advice, 39 percent of employees admitted to opening emails they suspected might be fraudulent. And only 36 percent felt they were very confident in recognizing and resisting phishing attacks.

While increased awareness of corporate-based phishing attempts is vital, so, too, is awareness of phishing attempts that start in an employee’s personal environment before transitioning into the company. This is what happened in the curious case of Mia Ash.

I recently was joined by Allison …more