What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-11-02 13:00:00 | Things I Hearted this Week, 2nd Nov 2018 (lien direct) |
It’s November already, where has the year gone to? I can almost still remember typing out the words for the year’s first ‘Things I hearted’ blog back in January. Re-reading it now, it feels as if not much has changed, big messes, breaches, an in-fighting seemed like the usual for the year.
I was speaking with my colleague Chris Doman a couple of days ago, and he did point out that 2018 overall has largely been better because we haven’t seen any large scale attack like WannaCry. He did pause and then add “yet” - so I suppose you could say we’ve improved because this year has caused less havoc than last year? Let’s chalk risk reduction down to a win and get on with it.
IBM Acquired Red Hat
A few weeks ago, prior to the announcement of the acquisition, IBM came up in discussion with a few friends and one of them said that IBM is one of those companies that everyone has heard of, but hardly anyone knows what they exactly do outside of a few services they use.
As the cool kids say, this may have been a statement designed to “throw shade” (young and hip people, please correct me if I’ve used the term incorrectly - I already embarrass my children enough by misusing lingo), but the fact is that the statement is rather true, only because most people are still trying to work out why IBM would shell out 33.4 Instagrams for Red Hat.
IBM acquires Red Hat, but what does that mean? | 451 Research blog
Why IBM bought Red Hat: It's all open source cloud, all the time | ZDNet
6 Things to Know About IBM's $34B Acquisition of Red Hat | CMS Wire
IBMs old playbook | Stratechery
The Supply Chain
I won’t give any more air time to that ridiculous ‘grain of rice’ Bloomberg story. However, it did give everyone time to pause and think about the supply-chain and how fragile it is. It’s easy to overlook the reliance businesses have on partners and their security.
Dan Goodin took a peek behind the curtain of this shady practice and wrote on two supply-chain attacks.
Two new supply-chain attacks come to light in less than a week | Ars Technica
Would you Compromise Privacy for $850m?
Under pressure from Mark Zuckerberg and Sheryl Sandberg to monetize WhatsApp, Brian Acton pushed back as Facebook questioned the encryption he'd helped build and laid the groundwork to show targeted ads and facilitate commercial messaging. Acton also walked away from Facebook a year before his final tranche of stock grants vested. “I |
Wannacry | ||
 |
2018-11-01 16:45:00 | Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives (lien direct) | The malware strains have all been found in industrial settings due to removal media. | Malware | Wannacry | |
|
2018-10-30 13:00:00 | AlienVault Open Threat Exchange Hits Major Milestone with 100,000 Participants (lien direct) | Today, I’m excited to announce that AlienVault® Open Threat Exchange® (OTX™) has grown to 100,000 global participants, representing 36% percent year-over-year growth. AlienVault OTX, launched in 2012, is the world’s first free threat intelligence community that enables real-time collaboration between security researchers and IT security practitioners from around the world. Every day, participants from more than 140 countries contribute 19 million pieces of threat data to the community. OTX enables companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyber-attacks and threats as quickly as possible to avoid major breaches (or minimize the damage from an attack). As Russell Spitler, SVP of Product for AlienVault, an AT&T company, explains, “Attackers rely on isolation - they benefit when defenders don’t talk to each other. We can’t be everywhere at once, but they can learn from each others’ experience. With the growth in OTX membership, we all benefit from the diversity of threat intelligence from an even wider variety of participants.” To provide big-picture perspective on the billions of security artifacts contributed to OTX this year, AlienVault Security Advocate Javvad Malik and Threat Engineer Chris Doman have created the OTX Trends Report for 2018 Q1 and Q2. Like the 2017 report, this analysis reveals trends across exploits, malware, and threat actors, including top-ten rankings of the most seen exploits and adversaries recorded in vendor reports. The analysis reveals changes in the threat landscape, including a shift in the most reported exploits. For example, this year’s report reveals a rise in server exploits, as well as marking the first time an exploit targeting IoT devices (GPON Routers) has made the list of most-seen exploits. Encouragingly, the OTX Trends Report shows an uptick in information sharing across the InfoSec industry, including a plethora of independent research sharing on Twitter. According to the report, “As more companies and researchers look at ways to share threat data, we see more usable and useful information flow into OTX. This openness and collaboration has resulted not only in organisations being able to defend themselves better - but increasing circles of trust within the industry where actual threat intelligence is being shared more openly. A trend that we have seen grow over the years.” The sheer volume of security events included in the OTX Trends Report reflects the importance of keeping up with the latest threat intelligence. Without threat sharing, malicious actors can easily reuse effective exploits and pivot their attacks from target to target. A campaign affecting the UK legal industry can be repurposed for bankers in the United States, while security researchers operating in silos start from scratch each time. For example, the OTX Trends Report shows that the most commonly reported exploit, CVE-2017-11882, has been reused widely. By joining OTX, participants can strengthen their defenses and share real-time information about emerging threats, attack methods, and malicious actors. The diversity of OTX participants representing different countries, industries, and organization sizes provi | Threat | Wannacry | |
 |
2018-10-30 09:30:00 | UK Government Rightly Commits Defence Budget To Securing Software From Cyber Attacks (lien direct) | Earlier, at the Autumn Budget Statement, Chancellor Philip Hammond announced £1 billion on funding will go into securing UK organisations and interests. There was a big focus on spending in cyber and making sure software used by UK firms are being secured and about the cyber calamity of WannaCry in May 2017. Paul Farrington, Director EMEA and … The ISBuzz Post: This Post UK Government Rightly Commits Defence Budget To Securing Software From Cyber Attacks | Wannacry | ||
 |
2018-10-22 13:13:00 | Ransomware: A cheat sheet for professionals (lien direct) | This guide covers Locky, WannaCry, Petya, and other ransomware attacks, the systems hackers target, and how to avoid becoming a victim and paying cybercriminals a ransom in the event of an infection. | Ransomware | Wannacry | |
 |
2018-10-15 06:41:01 | Godzilla Loader and the Long Tail of Malware (lien direct) | Research by: Ben Herzog To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for a security analyst, it’s easy to fall into the kind of thin... | Malware | Wannacry | |
 |
2018-10-14 04:57:46 | How to irregular cyber warfare (lien direct) | Somebody (@thegrugq) pointed me to this article on "Lessons on Irregular Cyber Warfare", citing the masters like Sun Tzu, von Clausewitz, Mao, Che, and the usual characters. It tries to answer:...as an insurgent, which is in a weaker power position vis-a-vis a stronger nation state; how does cyber warfare plays an integral part in the irregular cyber conflicts in the twenty-first century between nation-states and violent non-state actors or insurgenciesI thought I'd write a rebuttal.None of these people provide any value. If you want to figure out cyber insurgency, then you want to focus on the technical "cyber" aspects, not "insurgency". I regularly read military articles about cyber written by those, like in the above article, which demonstrate little experience in cyber.The chief technical lesson for the cyber insurgent is the Birthday Paradox. Let's say, hypothetically, you go to a party with 23 people total. What's the chance that any two people at the party have the same birthday? The answer is 50.7%. With a party of 75 people, the chance rises to 99.9% that two will have the same birthday.The paradox is that your intuitive way of calculating the odds is wrong. You are thinking the odds are like those of somebody having the same birthday as yourself, which is in indeed roughly 23 out of 365. But we aren't talking about you vs. the remainder of the party, we are talking about any possible combination of two people. This dramatically changes how we do the math.In cryptography, this is known as the "Birthday Attack". One crypto task is to uniquely fingerprint documents. Historically, the most popular way of doing his was with an algorithm known as "MD5" which produces 128-bit fingerprints. Given a document, with an MD5 fingerprint, it's impossible to create a second document with the same fingerprint. However, with MD5, it's possible to create two documents with the same fingerprint. In other words, we can't modify only one document to get a match, but we can keep modifying two documents until their fingerprints match. Like a room, finding somebody with your birthday is hard, finding any two people with the same birthday is easier.The same principle works with insurgencies. Accomplishing one specific goal is hard, but accomplishing any goal is easy. Trying to do a narrowly defined task to disrupt the enemy is hard, but it's easy to support a group of motivated hackers and let them do any sort of disruption they can come up with.The above article suggests a means of using cyber to disrupt a carrier attack group. This is an example of something hard, a narrowly defined attack that is unlikely to actually work in the real world.Conversely, consider the attacks attributed to North Korea, like those against Sony or the Wannacry virus. These aren't the careful planning of a small state actor trying to accomplish specific goals. These are the actions of an actor that supports hacker groups, and lets them loose without a lot of oversight and direction. Wannacry in particular is an example of an undirected cyber attack. We know from our experience with network worms that its effects were impossible to predict. Somebody just stuck the newly discovered NSA EternalBlue payload into an existing virus framework and let it run to see what happens. As we worm experts know, nobody could have predicted the results of doing so, not even its creators.Another example is the DNC election hacks. The reason we can attribute them to Russia is because it wasn't their narrow goal. Instead, by looking at things like their URL shortener, we can see that they flailed around broadly all over cyberspace. The DNC was just one of thei | Hack Guideline | Wannacry | |
 |
2018-10-13 11:57:04 | NHS is still assessing the cost of WannaCry one year later (lien direct) | The UK’s Department of Health and Social Care provided an update on the efforts to secure the NHS IT infrastructure, with a focus on WannaCry overall costs. The UK’s Department of Health and Social Care provided an update on the spent to secure the IT infrastructure in a report titled “Securing cyber resilience in health […] | Wannacry | ||
|
2018-10-12 23:30:04 | Wannacry Cyberattack Cost NHS £92m – DHSC (lien direct) | Following the news around the Department of Health and Social Care (DHSC) estimating that the WannaCry ransomware attack cost the NHS £92m in disruption to services and IT upgrades, Matt Lock, Director of Sales Engineers at Varonis offers the following comments. Matt Lock, Director of Sales Engineers at Varonis: “When ransomware hits an organization, much is discussed about … The ISBuzz Post: This Post Wannacry Cyberattack Cost NHS £92m – DHSC | Ransomware | Wannacry | |
|
2018-10-10 19:55:04 | (Déjà vu) NHS Ignore IT Security Recommendations Despite WannaCry Attack (lien direct) | The NHS’s IT governing body is refusing to invest in cybersecurity protection as it does not represent value for money. According to the Health Service Journal, NHS Digital is set to ignore the recommendations laid out in a government-sanctioned report authored by its own CIO due to the costs being too high. Commenting on the news are the … The ISBuzz Post: This Post NHS Ignore IT Security Recommendations Despite WannaCry Attack | Wannacry | ||
 |
2018-10-09 11:09:04 | NHS to ignore post-WannaCry security recommendations (lien direct) | The NHS’s IT governing body is refusing to invest in cybersecurity protection as it does not represent value for money, reports have claimed. According to the Health Service Journal, NHS Digital is set to ignore the recommendations laid out in a government-sanctioned report authored by its own CIO due to the costs being too high. View ... | Wannacry | ||
 |
2018-09-25 03:00:00 | The Sony hacker indictment: 5 lessons for IT security (lien direct) | In August 2018, the US Department of Justice (DoJ) unsealed the indictment of a North Korean spy, Park Jin Hyok, whom they claim was behind the hack against Sony and the creation and distribution of the WannaCry ransomware. The 170-plus-page document was written by Nathan Shields of the FBI's LA office and shows the careful sequence of forensic analysis they used to figure out how various attacks were conducted. | Hack | Wannacry | |
 |
2018-09-21 22:55:01 | Emotet on the rise with heavy spam campaign (lien direct) |
Over the last few days, we've noticed a large increase in malicious spam spreading Emotet, as well as a higher number of detections from our customers. Looks like we're in the middle of an active Emotet campaign.
Categories:
Cybercrime
Malware
Tags: campaignemotetEternalBluemalicious documentsmalicious spamthreat statisticstrickbotWannaCry
(Read more...)
|
Spam | Wannacry | |
|
2018-09-18 10:35:03 | Cracked Windows installations are serially infected with EternalBlue exploit code (lien direct) | According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue, is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. The malicious code was leaked online by the Shadow Brokers hacking group that stole it from the arsenal of the NSA-linked Equation Group. ETERNALBLUE targets the Server […] | Wannacry | ||
|
2018-09-14 08:12:04 | North Korea claims hacker responsible for WannaCry outbreak does not exist (lien direct) | The country insists the indictment of the hacker is nothing more than a smear campaign. | Wannacry | ||
|
2018-09-11 13:00:00 | Explain Cryptojacking to Me (lien direct) | Last year, I wrote that ransomware was the summer anthem of 2017. At the time, it seemed impossible that the onslaught of global ransomware attacks like WannaCry and NotPetya would ever wane. But, I should have known better. Every summertime anthem eventually gets overplayed. This year, cryptojacking took over the airwaves, fueled by volatile global cryptocurrency markets. In the first half of 2018, detected cryptojacking attacks increased 141%, outpacing ransomware attacks. In this blog post, I’ll address cryptojacking: what it is, how it works, how to detect it, and why you should be tuning into this type of threat. What is Cryptojacking? Crytojacking definition: Cryptojacking is the act of using another’s computational resources without their knowledge or permission for cryptomining activities. By cryptojacking mobile devices, laptops, and servers, attackers effectively steal the CPU of your device to mine for cryptocurrencies like Bitcoin and Monero. Whereas traditional malware attacks target sensitive data that can be exploited for financial gain, like social security numbers and credit card information, cybercriminals that launch cryptojacking campaigns are more interested in your device’s computing power than your own personal data. To understand why, it’s helpful to consider the economics of cryptocurrency mining. Mining for cryptocurrencies like Bitcoin and Monero takes some serious computing resources to solve the complex algorithms used to discover new coins. These resources are not cheap, as anyone who pays their organization’s AWS bill or data center utility bill can attest to. So, in order for cryptocurrency mining to be profitable and worthwhile, the market value of the cryptocurrency must be higher than the cost of mining it – that is, unless you can eliminate the resource costs altogether by stealing others’ resources to do the mining for you. That’s exactly what cryptojacking attacks aim to do, to silently turn millions of devices into cryptomining bots, enabling cybercriminals to turn a profit without all the effort and uncertainty of collecting a ransom. Often, cryptojacking attacks are designed to evade detection by traditional antivirus tools so that they can quietly run in the background of the machine. Does this mean that all cryptomining activity is malicious? Well, it depends on who you ask. Cryptomining vs. Cryptojacking As the cryptocurrency markets have gained value and become more mainstream in recent years, we’ve seen a digital gold rush to cryptomine for new Bitcoin, and more recently, Monero. What began with early adopters and hobbyists building home rigs to mine for new coins has now given way to an entire economy of mining as a service, cryptoming server farms, and even cryptomining cafes. In this sense, cryptomining is, more or less, considered a legal and legitimate activity, one that could be further legitimized by a rumored $12 Billion Bitman IPO. Yet, the lines between cryptomining and cryptojacking are blurry. For example, the cryptomining “startup” Coinhive has positioned its technology as an alternative way to monetize a website, instead of by serving ads or charging a subscription. According to the website, the folks behind Coinhive, “dream about it as an alternative to micropayments, artificial wait time in online games, intrusive ads and dubious marketing tactics.” Yet at the same time, Coinhive has been one of the most common culprits found | Malware Threat | NotPetya Wannacry Tesla | |
|
2018-09-10 16:44:05 | A week in security (September 3 – 9) (lien direct) |
A roundup of the security news from September 3 – 9, including spyware going mainstream, Mac App Store apps stealing and abusing customer data, and Fortnite install concerns.
Categories:
Security world
Week in security
Tags: a week in securityAndroidBrighton PolicefakeFire Eyefive eyesfortniteMac App StoremastercardMega.nzprotonmailsecurity camerasspywareTalosTechCrunchteslaWannaCry
(Read more...)
|
Wannacry Tesla | ||
 |
2018-09-10 00:39:05 | Park Jin Hyok : Catch me if you can (lien direct) | Park Jin Hyok, un présumé pirate Nord Coréen, est accusé par les Etats-Unis d’être derrière l’attaque informatique Wannacry. Toujours pratique d’accuser un pirate que personne ne pourra jamais arrêter et interroger ! Ce n'est un secret pour personne, le gouvernement américain a tou... Cet article Park Jin Hyok : Catch me if you can est apparu en premier sur ZATAZ. | Wannacry | ||
 |
2018-09-07 18:26:02 | North Korean hacker charged for WannaCry and Sony cyberattacks (lien direct) | U.S. charges North Korean hacker for WannaCry, Sony cyber attacks The U.S. government on Thursday charged and sanctioned a North Korean hacker for the 2014 Sony hack and the 2017 WannaCry global ransomware cyberattack, U.S. officials said. The accused, Park Jin Hyok worked as part of a team of hackers, also known as the Lazarus […] | Ransomware Hack | Wannacry APT 38 | |
|
2018-09-07 09:22:01 | US charges North Korea agent over Sony Pictures hack and WannaCry (lien direct) | The U.S. Department of Justice charged a North Korea agent over WannaCry and 2014 Sony Pictures Entertainment Hack. The U.S. Department of Justice announces charges against a North Korean government spy that was involved in the massive WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. “the Justice Department charged on Thursday in a 174-page criminal complaint that detailed how […] | Ransomware Hack | Wannacry | |
|
2018-09-06 21:43:04 | How US authorities tracked down the North Korean hacker behind WannaCry (lien direct) | US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers. | Malware Medical | Wannacry APT 38 | |
 |
2018-09-06 19:12:01 | DoJ Charges North Korean Hacker for Sony, WannaCry, and More (lien direct) | The Department of Justice has taken its first legal action against North Korea's cybercrimes, in a massive complaint made public Thursday. | Wannacry | ★★★ | |
|
2018-09-06 15:35:00 | DOJ to charge North Korean officer for Sony hack and WannaCry ransomware (lien direct) | After charging Chinese, Iranian, and Russian cyberspies, US preparies indictment against North Korean officer. | Ransomware Hack | Wannacry | |
 |
2018-09-06 10:31:03 | U.S. to Charge North Korean Spy Over WannaCry and Sony Pictures Hack (lien direct) | The U.S. Department of Justice is preparing to announce criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack.
According to multiple government officials cited by the NY Times who are familiar with the indictment, the charges would be brought against Park Jin Hyok, who works for North
|
Ransomware Hack | Wannacry | |
 |
2018-09-03 13:56:02 | Sécurité informatique : Comment armer son entreprise en 3 étapes clefs (lien direct) | Ces deux dernières années, nous avons assisté à des cyberattaques faisant un grand nombre de victimes. D'Uber qui a été la proie d'un piratage affectant 57 millions de personnes dans le monde, au désormais célèbre malware à rançon WannaCry qui a touché plus de 300 000 ordinateurs dans plus de 150 pays, les exemples ne manquent pas et inquiètent les responsables en entreprise mais également les dirigeants politiques. Le recours à une sécurité de pointe est plus que nécessaire, et pourtant, bien des sociétés (...) - Points de Vue | Malware | Wannacry Uber | |
 |
2018-08-23 03:00:03 | Healthcare Industry: 5 Key Areas Security Professionals Should Consider (lien direct) | The Healthcare industry by its very nature is populated with some amazing people who are devoted to those in need of physical and mental care. Given this noble cause, it was perfectly understandable for them to ask “Why would someone attack us?” when WannaCry hit their sector. In my opinion, the WannaCry compromise was the […]… Read More | Wannacry | ★★★ | |
|
2018-08-16 09:45:01 | Quickly Gauge Your Security\'s Generation With This 5-Question Quiz (lien direct) | by Bob Matlow, Cyber Security Advocate The cyber-security world entered a new day and age when WannaCry and NotPetya wrecked havoc across hundreds of countries, causing billions of dollars of damage. Cyber criminals have adapted to this new reality by launching multi-vector, polymorphic, globally-scaled attacks – but IT professionals are lagging behind. Only 3 percent… | NotPetya Wannacry | ||
|
2018-08-11 13:00:00 | The FCC\'s Fake DDoS Attack, WannaCry Hits an Apple Supplier, and More Security News This Week (lien direct) | The PGA Tour gets hit with ransomware, Wikileaks says the US Senate wants a word, and more. | Wannacry | ||
 |
2018-08-08 13:28:00 | Chip maker TSMC will lose millions for not patching its computers (lien direct) | Taiwanese chip-making giant Taiwan Semiconductor Manufacturing Co. (TSMC), whose customers include Apple, Nvidia, AMD, Qualcomm, and Broadcom, was hit with a WannaCry infection last weekend that knocked out production for a few days and will cost the firm millions of dollars.Most chip companies are fabless, meaning they don't make their own chips. It's a massively expensive process, as Intel has learned. Most, like the aforementioned firms, simply design the chips and farm out the manufacturing process, and TSMC is by far the biggest player in that field.CEO C.C. Wei told Bloomberg that TSMC wasn't targeted by a hacker; it was an infected production tool provided by an unidentified vendor that was brought into the company. The company is overhauling its procedures after encountering a virus more complex than initially thought, he said. | Tool Patching | Wannacry | |
|
2018-08-07 13:54:04 | (Déjà vu) TSMC Chip Maker confirms its facilities were infected with WannaCry ransomware (lien direct) | TSMC shared further details on the attack and confirmed that its systems were infected with a variant of the infamous WannaCry ransomware. Early in August, a malware has infected systems at several Taiwan Semiconductor Manufacturing Co. (TSMC) factories, the plants where Apple produces its devices. TSMC is the world's biggest contract manufacturer of chips for tech giants, including Apple […] | Ransomware Malware | Wannacry | |
 |
2018-08-07 13:20:01 | Apple chip supplier blames WannaCryptor variant for plant shutdowns (lien direct) | The malware outbreak has even prompted concerns of delays in the shipments of the next wave of iPhones | Malware | Wannacry | |
|
2018-08-07 02:03:00 | TSMC Chip Maker Blames WannaCry Malware for Production Halt (lien direct) | Taiwan Semiconductor Manufacturing Company (TSMC)-the world's largest makers of semiconductors and processors-was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus.
Now, it turns out that the computer virus outbreak at Taiwan chipmaker was the result of a variant of WannaCry-a massive ransomware attack that wreaked havoc across
|
Ransomware Malware | Wannacry | |
 |
2018-08-06 11:29:05 | Flaw in Popular Framework Exposes ICS Devices to Attack (lien direct) |
Type:
Story
Image:
Link:
Chip Giant TSMC Says WannaCry Ransomware Behind Production Halt
Chip Giant TSMC Says WannaCry Ransomware Behind Production Halt
|
Ransomware | Wannacry | |
|
2018-08-06 11:08:00 | Chip Giant TSMC Says WannaCry Behind Production Halt (lien direct) | 
Image Source: Taiwan Semiconductor Manufacturing Co., Ltd.
|
Wannacry | ||
|
2018-07-25 12:36:05 | How Ransomware Is Still Hitting Businesses With Heavy Costs (lien direct) | One year on from the global outbreaks of WannaCry and NotPetya, which established ransomware as one of the most notorious cyber threats on any businesses' radar, organisations around the world are continuing to fall prey to new attacks. A fully-fledged ransomware infection can potentially cripple an organisation by locking away mission critical files and systems, … The ISBuzz Post: This Post How Ransomware Is Still Hitting Businesses With Heavy Costs | Ransomware | NotPetya Wannacry | |
|
2018-07-25 11:15:01 | Could complacency be setting in when it comes to ransomware? (lien direct) | By Chris Ross, SVP International, Barracuda Ransomware may be a headline favourite, but the attack itself is nothing new. In fact, it's been around in some form or another for decades. Since last year's high profile global campaigns such as WannaCry and NotPetya you'd be hard pressed to find anyone who isn't aware of the ... | Ransomware | NotPetya Wannacry | |
|
2018-07-25 03:00:05 | Why Computer Criminals Are Targeting the NHS (lien direct) | We all know what happened on 12 May 2017. That's the day when an updated version of WannaCry ransomware announced itself to the world. In a matter of days, the malware encrypted data stored on 200,000 computers across 150 countries. One of the victims affected by WannaCry was the United Kingdom's National Health Service (NHS). […]… Read More | Ransomware Malware | Wannacry | |
|
2018-06-29 13:00:00 | Things I Hearted this Week – 29th June 2018 (lien direct) |
It's been an absolutely lovely warm week in London. The sun has been shining, allergies have been high, and kids have been missing out on all the wonders because they're too busy being indoors staring at a mobile device or tablet.
Things were very different back in my days... and just like that, I've turned into my Dad!
Have I Been Pwned - The Saga Continues
I like to think of myself as a bit of a hipster because I was following Troy Hunt before he was widely recognised as being cool. I remember reading his posts on OWASP top 10 for .NET developers and thinking to myself that this guy really knows his stuff.
Which is why I was optimistic when Troy launched Have I been Pwned - but I don't think I foresaw how big the project would become and now it is being integrated into Firefox and 1Password. Not bad going for the blogger from down under.
We're Baking Have I Been Pwned into Firefox and 1Password| Troy Hunt
Defining Hacker In 2018
If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness.
In reality, the word “hacker” applies to a much broader group of people, one that extends well beyond cybersecurity. Merriam-Webster defines a “hacker” as “an expert at programming and solving problems with a computer”.
Defining "Hacker" in 2018| BugCrowd
Lessons From nPetya One Year Later
This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons.
An example is this quote in a recent article:
"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains."
This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.
But this is wrong, at least in the case of NotPetya.
Lessons from nPetya one year later| Errata Security
German Researcher Defeat Printers' Doc-Tracking Dots
Beating the unique identifiers that printers can add to documents for security purposes is possible: you just need to add extra dots beyond those that security tools already add. The trick is knowing where to add them.
Many printers can add extra dots to help identify which device printed a document, as it's handy to know that when they fall into the wrong hands. The |
FedEx NotPetya Wannacry | ||
|
2018-06-27 15:49:15 | Lessons from nPetya one year later (lien direct) | This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons.An example is this quote in a recent article:"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.But this is wrong, at least in the case of NotPetya.NotPetya's spread was initiated through the Ukraining company MeDoc, which provided tax accounting software. It had an auto-update process for keeping its software up-to-date. This was subverted in order to deliver the initial NotPetya infection. Patching had nothing to do with this. Other common security controls like firewalls were also bypassed.Auto-updates and cloud-management of software and IoT devices is becoming the norm. This creates a danger for such "supply chain" attacks, where the supplier of the product gets compromised, spreading an infection to all their customers. The lesson organizations need to learn about this is how such infections can be contained. One way is to firewall such products away from the core network. Another solution is port-isolation/microsegmentation, that limits the spread after an initial infection.Once NotPetya got into an organization, it spread laterally. The chief way it did this was through Mimikatz/PsExec, reusing Windows credentials. It stole whatever login information it could get from the infected machine and used it to try to log on to other Windows machines. If it got lucky getting domain administrator credentials, it then spread to the entire Windows domain. This was the primary method of spreading, not the unpatched ETERNALBLUE vulnerability. This is why it was so devastating to companies like Maersk: it wasn't a matter of a few unpatched systems getting infected, it was a matter of losing entire domains, including the backup systems.Such spreading through Windows credentials continues to plague organizations. A good example is the recent ransomware infection of the City of Atlanta that spread much the same way. The limits of the worm were the limits of domain trust relationships. For example, it didn't infect the city airport because that Windows domain is separate from the city's domains.This is the most pressing lesson organizations need to learn, the one they are ignoring. They need to do more to prevent desktops from infecting each other, such as through port-isolation/microsegmentation. They need to control the spread of administrative credentials within the organization. A lot of organizations put the same local admin account on every workstation which makes the spread of NotPetya style worms trivial. They need to reevaluate trust relationships between domains, so that the admin of one can't infect the others.These solutions are difficult, which is why news articles don't mention them. You don't have to know anything about security to proclaim "the problem is lack of patches". It's moral authority, chastising the weak, rather than a proscription of what to do. Solving supply chain hacks and Windows credential sharing, though, is hard. I don't know any universal solution to this -- I'd have to thoroughly analyze your network and business in order to | Ransomware Malware Patching | FedEx NotPetya Wannacry | |
 |
2018-06-25 20:02:05 | WannaCry Extortion Fraud Reemerges (lien direct) | The emails claim that all of the victim's devices have been hacked and infected with the infamous ransomware -- and then ask for Bitcoin to "fix" it. | Ransomware | Wannacry | |
|
2018-06-25 16:29:02 | A week in security (June 18 – June 24) (lien direct) |
A roundup of security news from June 18 – 24 that includes the SamSam ransomware, DNS rebinding, a World Cup phishing campaign, and lots and lots of Android malware.
Categories:
Security world
Week in security
Tags: android malwareandroid ratAndroid spywareandy android emulatorcybersecurity skills gapDNS rebindingFake Fortniteinsecure web appsinsecure websitemalicious spammylobotnetflix phishratrecruitment portal flawssamsam ransomwareskills shortagewanna ransomwarewannacry scamworld cup phishing
(Read more...)
|
Wannacry | ||
|
2018-06-24 13:37:05 | WannaSpam – Beware messages from WannaCry-Hack-Team, it is the last hoax (lien direct) | WannaSpam – Many users have received a mysterious message that claims their PC was infected by WannaCry Ransomware. Crooks ask victims to pay a ransom, but it’s a scam. Many users have received a mysterious message from a group that called itself the “WannaCry-Hack-Team” that claims that WannaCry Ransomware has returned. The mail informs the recipients that their computer has […] | Wannacry | ||
 |
2018-06-22 22:19:05 | WannaCry ransomware scam tries to extort money without actually infecting your computer (lien direct) |  Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven't* infected your computer with ransomware.
|
Ransomware | Wannacry | |
|
2018-06-22 14:41:00 | Malicious Documents from Lazarus Group Targeting South Korea (lien direct) |
By Chris Doman, Fernando Martinez and Jaime Blasco
We took a brief look at some documents recently discussed and reviewed by researchers in South Korea over the past week. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the Bithumb crypto-currency exchange in South Korea.
This article stands very much on the shoulders of other work by researchers in South Korea. Credit for initially identifying these documents goes to @issuemakerslab, @_jsoo_ and others.
Malicious Documents
We looked at three similar malicious documents:
국제금융체제 실무그룹 회의결과.hwp ("Results of the international financial system working group meeting") - cf09201f02f2edb9c555942a2d6b01d4
금융안정 컨퍼런스 개최결과.hwp ("Financial Stability Conference held") - 69ad5bd4b881d6d1fdb7b19939903e0b
신재영 전산담당 경력.hwp (“[Name] Computer Experience”) - 06cfc6cda57fb5b67ee3eb0400dd5b97
The decoy document, mentioning the G20 International Financial Architecture Working Group Meeting
The decoy document of a resume
These are Hangul Word Processor (“HWP”) files - a South Korean document editor. The HWP files contain malicious postscript code to download either a 32 or 64 bit version of the next stage from:
https://tpddata[.]com/skins/skin-8.thm - eb6275a24d047e3be05c2b4e5f50703d - 32 bit
https://tpddata[.]com/skins/skin-6.thm - a6d1424e1c33ac7a95eb5b92b923c511 - 64 bit
The malware is Manuscrypt (previously described by McAfee and |
Wannacry Bithumb APT 38 | ||
 |
2018-06-22 10:58:05 | Blackmail Campaign Pretending to be WannaCry Is Really Just WannaSpam (lien direct) | A new spam campaign is underway that pretends to be from a group called the "WannaCry-Hack-Team" that states the infamous WannaCry Ransomware has returned, the recipients computer is infected, and they need to send some bitcoins or their files will be deleted. [...] | Spam | Wannacry | |
 |
2018-06-19 14:00:00 | How to Prepare for \'WannaCry 2.0\' (lien direct) | It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared. | Wannacry | ||
|
2018-06-18 10:56:03 | Back to basics: Ten Tips for Outsmarting Ransomware (lien direct) | By Steve Mulhearn, Director of Enhanced Technologies, Fortinet Just one year ago, the WannaCry ransomware attack made global headlines when it hit 230,000 computers, creating total chaos. A number of high-profile organisations have continued to be targeted by this ransomware, some quite recently. Just a few weeks ago, the Atlanta police department fell victim to a ... | Wannacry | ||
|
2018-06-17 01:45:55 | Notes on "The President is Missing" (lien direct) | Former president Bill Clinton has contributed to a cyberthriller "The President is Missing", the plot of which is that the president stops a cybervirus from destroying the country. This is scary, because people in Washington D.C. are going to read this book, believe the hacking portrayed has some basis in reality, and base policy on it. This "news analysis" piece in the New York Times is a good example, coming up with policy recommendations based on fictional cliches rather than a reality of what hackers do.The cybervirus in the book is some all powerful thing, able to infect everything everywhere without being detected. This is fantasy no more real than magic and faeries. Sure, magical faeries is a popular basis for fiction, but in this case, it's lazy fantasy, a cliche. In fiction, viruses are rarely portrayed as anything other than all powerful.But in the real world, viruses have important limitations. If you knew anything about computer viruses, rather than being impressed by what they can do, you'd be disappointed by what they can't.Go look at your home router. See the blinky lights. The light flashes every time a packet of data goes across the network. Packets can't be sent without a light blinking. Likewise, viruses cannot spread themselves over a network, or communicate with each other, without somebody noticing -- especially a virus that's supposedly infected a billion devices as in the book.The same is true of data on the disk. All the data is accounted for. It's rather easy for professionals to see when data (consisting of the virus) has been added. The difficulty of anti-virus software is not in detecting when something new has been added to a system, but automatically determining whether it's benign or malicious. When viruses are able to evade anti-virus detection, it's because they've been classified as non-hostile, not because they are invisible.Such evasion only works when hackers have a focused target. As soon as a virus spreads too far, anti-virus companies will get a sample, classify as malicious, and spread the "signatures" out to the world. That's what happened with Stuxnet, a focused attack on Iran's nuclear enrichment program that eventually spread too far and got detected. It's implausible that anything can spread to a billion systems without anti-virus companies getting a sample and correctly classifying it.In the book, the president creates a team of the 30 brightest cybersecurity minds the country has, from government, the private sector, and even convicted hackers on parole from jail -- each more brilliant than the last. This is yet another lazy cliche about genius hackers.The cliche comes from the fact that it's rather easy to impress muggles with magic tricks. As soon as somebody shows an ability to do something you don't know how to do, they become a cyber genius in your mind. The reality is that cybersecurity/hacking is no different than any other profession, no more dominated by "genius" than bridge engineering or heart surgery. It's a skill that takes both years of study as well as years of experience.So whenever the president, ignorant of computers, puts together a team of 30 cyber geniuses, they aren't going to be people of competence. They are going to be people good at promoting themselves, taking credit for other people's work, or political engineering. They won't be technical experts, they'll be people like Rudi Giuliani or Richard Clarke, who have been tapped by presidents as cyber experts despite knowing less than nothing about computers.A funny example of this is Marcus Hutchins. He's a virus researcher of typical skill and experience, but was catapulted to fame by finding the "kill switch" in the famous Wannacry virus. In truth, he just got lucky, being just the first to find the kill switch that would've soon been found by ano | Wannacry | ||
|
2018-06-15 19:26:00 | WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little (lien direct) | The Feds say Marcus Hutchins is behind both the UPAS Kit backdoor and the Kronos banking trojan. | Wannacry | ||
|
2018-06-12 19:53:01 | Deep Dive into UPAS Kit vs. Kronos (lien direct) | By Mark Lechtik Introduction In this post we will be analyzing the UPAS Kit and the Kronos banking Trojan, two malwares that have come under the spotlight recently due to the back story behind them. Background In May 2017, WannaCry wreaked havoc in ove... | Wannacry |
To see everything:
Our RSS (filtrered)
