adm – Page 764 – STE WILLIAMS

ThetaRay Raises $30M to Block Money Laundering

library
crime | hacking | security

With a total $60 million raised to date, the Israeli startup plans to expand operations in Europe, Asia, and the United States.

Israeli startup ThetaRay has finalized another round of $30 million in funding, bringing the company to a total of $60 million raised to date.

ThetaRay was founded in 2013 and helps financial institutions, critical infrastructure companies, and security teams identify early signs of money laundering with artificial intelligence technology. Since it went into operation, its business has doubled in size each year.

Investors include Jerusalem Venture Partners (JVP), Bank Hapoalim, GE, OurCrown, and SVB Investments. ThetaRay plans to use its latest round of funding to expand its presence in Europe, Asia, and the United States, as well as “significantly increase” its workforce.

Ransomware vs. Cryptojacking

library
crime | hacking | security

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here’s what enterprises need to know in order to protect their digital assets and bank accounts.

Cryptojacking is catching up to ransomware as the most popular attack vector, according to a number of recently published research reports. To be sure, ransomware is still prevalent and dangerous to businesses and households. But cryptojacking is definitely gaining ground.

What does that mean for security teams? Before I go any further, let me set the record straight about cryptomining and cryptojacking.

Cryptomining is the action of mining cryptocurrencies, such as bitcoin, ether (from Ethereum), Ripple, Litecoin, Monero, and one (or more) of over 1,600 other cryptocurrencies currently available from numerous sources.
Cryptojacking is illegally mining cryptocurrencies. It involves stealing by leveraging the computer and graphics processing power from unsuspecting users’ devices to mine crypto, without their permission or knowledge. It can also involve stealing already mined cryptocurrency from another’s crypto wallet. There are countless ways for attackers to cryptojack cryptocurrency, and all of them not on the up-and-up.

While ransomware has been the “go-to” play for attackers for some time, ransomware can be complicated. It typically involves a great deal of research, reconnaissance, social engineering, and technical acumen. It can take time to develop the malware to deliver the ransomware, not to mention the ransomware itself. And the payouts, while once lucrative, have now become smaller and smaller, with some companies, educational institutions, and municipalities refusing to pay the ransom, leaving the attacker without what they wanted in the first place: quick, untraceable cash.

Cryptojacking, on the other hand, is not as time consuming or difficult. The most common cryptojacking attack is one in which an attacker simply leverages a legitimate cryptomining program, likely in JavaScript; finds a website running a vulnerable server — which is much more common than you would like or hope to believe — and infects the website with the mining program. Then, every user that visits that website will have the cryptomining program installed in the background, and the attacker will leverage the computing and graphics power from that user’s device to mine cryptocurrencies. Done over and over again daily, the attacker can have many, many computers mining crypto for them, unbeknownst to any of their users.

A user might say, “so what?” After all, their device hasn’t been infected with malware, like ransomware. All the attacker is stealing is a little power; so, what’s the problem? But the user will experience the problem firsthand when his or her system slows to a crawl, and accessing anything on the device becomes exponentially more difficult. It’s even worse if the user’s device has been cryptojacked by a novice; the user could max out the performance of the CPU on the device to try and solve more of the complex, sophisticated mathematics problems it takes to mine crypto. That would put the computer at risk, possibly destroying it in the process.

Now, imagine the same situation, but instead in a corporate data center. Imagine if all of the servers had cryptomining software loaded on them and were simply churning through the math problems to mine crypto. Corporate services would slow down, causing lost productivity, at best. At worst, if that same situation were to happen at, say, a data center for an electrical utility, it could cause a brownout or a blackout, since the services would be running slower and slower, as the computations increase as crypto is being mined. If the target was a healthcare provider’s data center, and access to electronic health records (EHR) slowed to a crawl, it could mean the difference between life and death.

As more attackers move to cryptojacking, they are also looking for new and foolproof ways to gain access to processing and graphics power. It has now become so difficult to solve the math that leads to a bitcoin payout (which cannot be made on just a single bitcoin, but on a bitcoin block; the number of bitcoins per block — which make up a blockchain — varies, but it has been in the 12+ bitcoin range), most serious miners use hundreds of specific, expensive ASIC-based mining systems. But it’s far easier to mine ether or bitcoin, or any of the other cryptocurrencies available.

Plus, for the attackers, the payout is much higher, and has a better guarantee of payoff than ransomware, at this point. The return on cryptocurrencies may continue to be volatile, but at least the outcome is certain: There will be a “payday” for the attacker, in untraceable currency, which is not assured anymore when it comes to ransomware demands.

How can businesses protect themselves and their devices from cryptojacking? Here are five places to start:

Determine if the on-device processes are consuming mass quantities of device resources or coming from a browser-based miner. Check CPU and GPU usage on computing devices.
Block JavaScript on the browser. This will work, but could be very limiting, as JavaScript is used in many web-based applications and on websites.
Keep patches updated. This should go without saying, but, unfortunately, it needs to be stated and restated.
Use an anti-malware program or service that blocks cryptominers and/or download a cryptominer-blocking plug-in for your browser. But be aware: these programs and services can be usurped and fooled into complacency.
Employ web browser isolation, which should block any active content, such as JavaScript, from being downloaded directly to a user’s device but should also allow any active content to remain active, possibly by re-rendering it in safer code.

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info.

Jay Kelley is senior product and digital marketing manager for Menlo Security, Inc., responsible for the company’s social media presence, go-to-market strategy and execution, vertical market-focused materials, and marketing content development. Prior to Menlo, Jay was senior … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/ransomware-vs-cryptojacking-/a/d-id/1332187?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Budget hotel chain, UK political party, Monzo Bank caught by Typeform breach

library
crime | hacking | security

More entities affected by the data breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats.

The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a “partial backup” dated 3 May containing what it termed as “partial information”.

The third-party supplier has contacted its customers, which include the Electoral Commission for the State of Tasmania and Fortnum Mason among many others, to detail the specific impact on them.

An email sent to Travelodge customers – seen by The Register – stated it has been “working very closely with Typeform to establish the facts”, and claimed customers’ accounts, bookings, passwords and payment details were not affected by the breach.

“However, Typeform believe that your first name, date of birth, mobile number, email address have been acquired by an unauthorised third party,” the letter from Travelodge stated.

“While we have not been made aware of any fraudulent use to date, it is possible that you could receive unwanted contact and your details may be used to find out more about you,” it added. “You should therefore remain vigilant for any unusual activity.”

The hotel chain confirmed it has contacted the Information Commissioner’s Office, as have the Lib Dems, which also wrote to its supporters confirming its Member Experience Survey had been exposed.

“This survey contained your name and email address, so please watch out for potential phishing scams or spam emails. This survey also contained information about your political opinions, such as the campaigns and policy areas most important to you,” the note stated.

A spokeswoman at Travelodge sent us a statement: “We sincerely regret any inconvenience this incident may cause.”

No financial or other sorts of data were compromised, the hotel chain assured cusotmers. The Lib Dems said that Typeform had “responded immediately and fixed the source of the breach,” but added:

We are in communication with Typerform and will be re-evaluating our relationship with them in light of this incident. We take the security of our data seriously and if we are not satisfied that sufficient steps have been taken to secure your data, we will terminate our relationship with Typeform.

Startup bank Monzo, which was caught up in the Ticketmaster hack, has also warned its customers. Again, it has assured customers that all is well.

“Our initial investigations suggest that some personal data of about 20,000 people is likely to have been included in the breach,” the bank wrote. “For the vast majority of people, this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode.”

Monzo has also stated that “No one’s bank details have been affected, and your money and account are safe.”

We’ve also learned that subscription content platform Patreon used Typeform and has warned users their names and email addresses may have been compromised. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/07/03/hotel_chain_and_uk_political_party_caught_out_by_typeform_breach/

Hit game Fortnite is dangerous – ‘cos cheats are rife with malware

library
crime | hacking | security

Free first-person slaughter-fest Fortnite has attracted over 100 million players but many of them are falling foul to malware attacks as they try to beat other players.

Since last week game streaming shop Rainway has noticed an increasing number of incidents popping up on its security logs and was at first rather puzzled by this. The only common factor to all these was that they all came from people playing Fortnite and that they followed a similar pattern.

“These are attempts to call various ad platforms; the first thing we should note is Rainway does not have ads on it which was an immediate red flag,” wrote CEO Andrew Sampson.

“The first URL, in particular, is JavaScript which is attempting to act and running into an error, triggering our logging. For security and privacy reasons we’ve always whitelisted URLs and the scope of what they can do from within Rainway – it seems now it has the unintended side effect of shining a light on a much broader issue.”

By the time the number of user incidents had risen to over 381,000 so the staff decided to do some testing. They figured that people were trying to run cheat code for the game and that these apps were causing the issues.

Back in the day, cheating at computer games was easy – game writers created codes that could make a game radically easier after typing in a few characters. These days there are a whole host of sneaky apps that can improve your aim, fire the instant someone is in our sites, or slow rival players.

Want to know what all that Fortnite hype is about? Whoa, Android fans – mind how you go

The Rainway team downloaded all the Fortnite cheating codes they could find and ran some tests – and the results weren’t good – every one of them had a malicious component.

The firm found the package that was causing the issue and it was a piece of software that was billing itself as both an aiming assistant and a way to harvest V-bucks, Fortnite’ currency for in-game purchases. The cheatware also set up a man-in-the middle attack.

The app, now removed, had over 78,000 downloads and it may be hosted in multiple locations. Fornite’s publisher Epic needs to harden up its platform, Sampson suggested, and educate its users about cheatware. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/07/03/malware_writers_cash_in_on_fortnite_players_who_like_to_cheat/

Dr Symantec offers quick and painless checkup for VPNFilter menace on routers

library
crime | hacking | security

Clean-up efforts to respond to the VPNFilter malware have accelerated with the release of a free check-up tool.

Even though the utility from Symantec only looks to see if traffic has been manipulated, rather than confirming an infection, third-party experts have nonetheless welcomed its release.

VPNFilter, discovered by security researchers at Cisco Talos in May, is estimated to have hijacked half a million IoT devices such as routers and network-attached storage (NAS) devices.

The malware is capable of infecting enterprise and home routers, snooping on encrypted web traffic, and establishing a backdoor on compromised devices allowing them to be remotely controlled. How exactly the nasty gets onto devices depends on the firmware and model: it is believed to exploit known vulnerabilities in the gadgets’ firmware, and weak security settings, such as remote administration features left open to the internet. The full list of impacted routers is available via Symantec here.

VPNFilter installs a plugin that monitors and modifies web traffic sent through the infected router, allowing cybercriminals to inject malicious content, render routers inoperable, or steal passwords and other sensitive user information. The botnet also presents a clear and present danger to internet hygiene more generally since it may easily be turned into a powerful DDoS tool.

VPNFilter router malware is a lot worse than everyone thought

Mirai – another IoT botnet – was infamously abused to take out DNS service Dyn in an attack that left many high-profile websites unreachable back in October 2016.

Symantec has developed VPNFilter Check, a free online tool to help individuals and organisations quickly determine if their router might have been compromised by the VPNFilter malware.

More precisely, VPNFilter Check ascertains if traffic into either a home or corporate network is being altered by an infected router.

“This malware is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot,” said Stephen Trilling, senior vice president and general manager, security analytics and research, Symantec. “Symantec’s online VPNFilter Check tool provides individuals and organizations with an easy way to determine if their routers have been compromised by this threat, and suggests steps they can take if infected.”

Antivirus industry veteran Vesselin Bontchev told El Reg that the tool detects if VPNFilter is messing with a connection without providing confirmation whether or not an IoT device is infected.

“It won’t detect VPNFilter in the router in general, it will only detect if something is messing with the HTTPS connection,” Bontchev explained.

“One component of VPNFilter (which is not always present) can do that. If it is there and if it is active, the degrading of HTTPS to HTTP that it performs will be detected.” ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/07/02/vpnfilter/

iOS 12 2FA Feature May Carry Bank Fraud Risk

library
crime | hacking | security

Making two-factor authentication faster could also make it less secure.

A feature in the upcoming iOS 12 release intended to make two-factor authentication easier for users could end up opening some to banking fraud. The potential vulnerability illustrates the risks that come in removing friction from online transactions.

Andreas Gutmann, a researcher at OneSpan’s Cambridge Innovation Centre and a Marie Skłodowska-Curie Actions Fellow of the European Commission, notes that the Security Code Autofill Feature, which will automatically input the security code sent to an iPhone by a two-factor authentication (2FA) scheme, removes the human validation aspect of the transaction signing/authentication process. A human verifying critical information (such as a login attempt) is a critical piece of the 2FA security process; automating the process removes this and could open the user to man-in-the-middle, phishing, or other social engineering attacks.

Apple has stated that the purpose of security code autofill is to speed up the login process and reduce errors. Reducing friction could also increase adoption of 2FA among iPhone users. Gutmann questions whether the benefits are worth the risk and notes that many online banking 2FA schemes provide transaction authentication rather than just user authentication – something that automating the process could endanger.

For more, read here.

Article source: https://www.darkreading.com/endpoint/ios-12-2fa-feature-may-carry-bank-fraud-risk/d/d-id/1332196?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

6 Drivers of Mental and Emotional Stress in Infosec

library
crime | hacking | security

Pressure comes in many forms but often with the same end result: stress and burnout within the security community.

(Image: Christian Schulz via Shutterstock)

Every year, thousands of cybersecurity pros descend on Las Vegas for Black Hat USA, where they learn the latest in security research, hone new skills, and connect with the infosec industry. Most sessions at the conference cover what you’d expect: malware, network defense, platform security, cryptography, and reverse engineering, to name a few.

But not all proposals to present at Black Hat dig into bits and bytes. Rather, they “engender and embody the softer issues” affecting security pros and are often hard to talk about: mental health, addiction, burnout, sexual harassment, and legal obstacles, says Ping Look, member of the Black Hat Review Board.

“Every year we get submissions that don’t really belong,” says Look, who is also program manager on the Detection and Reaction Team (DART) within Microsoft’s Enterprise Cybersecurity Group.

In response, Black Hat is compiling these submissions into a new Community track designed to put the spotlight on these and other relevant topics related to how people live and work.

“This track deals with the human side of things,” Look says. Many of these problems are not being addressed in the workplace and are poorly understood by employers. The idea behind Community sessions is to bring common but undiscussed issues into conversation.

“If the conversation is occurring, it’s occurring in small collectives, small groups,” adds Russ Rodgers, senior cyber consultant at Microsoft. “I don’t think it’s industrywide yet.”

Many of the issues the Community track will bring to light next month aren’t new or specific to security, both experts agree. The rise of the Internet has made the world bigger and smaller, and it’s driving the prevalence of mental-health issues we’re just now starting to recognize and give a bigger spotlight.

“This emerging science in how digital, just being online too much, being isolated, and yet siloing yourself is now having a deep, profound impact on the community,” Look says. The instant gratification of the Internet has caused a divide between younger and older generations, and the disparity in their mindsets is one of several issues driving stress within the industry.

Here, we discuss a few more factors driving mental and emotional stress within the security community. Have you noticed these issues in your workplace and/or have any factors to add to this list? Feel free to share your thoughts and continue the conversation in the comments.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/careers-and-people/6-drivers-of-mental-and-emotional-stress-in-infosec/d/d-id/1332195?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

‘Clipboard Hijacker’ Malware Builds on Cryptocurrency Threat

library
crime | hacking | security

Clipboard Hijackers are not a new threat, but this one shows attackers are getting more advanced.

Cybercriminals have found a sneaky way to snatch more digital funds: Cryptocurrency Clipboard Hijackers, a recently discovered form of malware, scans 2.3 million cryptocurrency addresses to swap legitimate destinations with addresses the attackers control.

The process for transferring cryptocurrency requires users to copy a destination address from one application into memory and paste it into the program they’re using to send money. Addresses are complex and tough to remember, so most people simply copy and paste them – a habit cybercriminals have begun to notice and exploit.

Clipboard Hijacker malware scans the Windows clipboard for cryptocurrency addresses and switches legitimate destination addresses for addresses owned by attackers. As a result, the coins in transit end up with cybercriminals instead of the intended recipients. Clipboard Hijackers are not a new threat, but this one shows attackers are getting more advanced.

Most hijacker malware scans between 400,000 to 600,000 addresses to look for targets. A newly discovered sample, reported by BleepingComputer, monitors over 2.3 million addresses. Because this malware runs in the background, victims typically have no idea they’ve been hit. If you’re sending cryptocurrency, it’s recommended you double-check the destination address to ensure it hasn’t been replaced with a different one.

This malware marks some of the latest evidence highlighting cryptomining as security’s biggest modern threat. Coin miner malware spiked 629% in Q1 2018, according to a report from McAfee, as attackers realized they can derive maximum funds with minimal effort. After all, ransomware relies on targets to pay up. Coin mining lets threat actors generate funds without their knowledge.

A separate report from WatchGuard Technologies also indicates malicious coin miners are on the rise and predicts the trend will continue throughout Q2. Researchers found 98.8% of malicious Linux shell scripts were related to one specific file, a Linux-based crypto miner. Another coin miner, this one for Bitcoin, was #24 on the company’s top 25 malware list.

Read more details on Cryptocurrency Clipboard Hijackers here.

Article source: https://www.darkreading.com/endpoint/clipboard-hijacker-malware-builds-on-cryptocurrency-threat/d/d-id/1332198?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Azure IoT Edge Exits Preview with Security Updates

library
crime | hacking | security

Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.

Microsoft has made Azure IoT Edge publicly available around the world with several updates intended to bolster security and device management, as well as help businesses act on the data the cloud-based service collects.

Azure IoT Edge was developed to help businesses manage and leverage data by running Azure services, artificial intelligence (AI), and custom logic on cross-platform Internet of Things (IoT) devices. Microsoft first announced it about a year ago, and it was made available for preview in November. Now it’s exiting preview mode with improvements to make it enterprise-ready, Microsoft reports.

The announcement fits in with Microsoft’s growing focus on intelligence, cloud, and IoT security. Earlier this year the company demoed Azure Sphere, a new technology designed to improve IoT security with a three-part system: certified microcontrollers, an Azure Sphere OS with new security features and custom Linux kernel, and Azure Sphere security service.

“IoT continues to get a lot of attention from a variety of industries, which creates a lot of opportunity for software providers to incorporate IoT management and use in their solution,” says Michael Fauscette, chief research officer for G2 Crowd.

Azure IoT Edge security updates include deeper integration with Device Provisioning Service so admins can provision devices in the field without operator intervention. The Azure IoT Edge security manager acts as “the focal point for security hardening” on connected devices and gives OEMs a chance to harden devices based on their preferred Hardware Secure Modules (HSM).

Automatic device management (ADM), another security addition to Azure IoT Edge, enables scaled deployment of IoT Edge modules to a collection of devices based on each product’s metadata. When a machine with the appropriate metadata joins a group, ADM implements the correct modules so the device is properly configured.

“With these additions, a company using the Azure IoT Hub or third-party solution can develop, deploy, and manage an end-to-end IoT solution on the Azure IoT platform,” Fauscette adds.

This update is another example of where Microsoft sees the future of enterprise IoT headed. Azure IoT Edge is now open-source and available on GitHub, so developers have more control over modifying runtime and debugging problems. It supports the Moby container management system, which is the same platform Docker was built on, writes Sam George, Azure IoT partner director. Microsoft is also expanding its Azure Certified for IoT program to certify device management, security, and other capabilities of IoT devices.

“As we evolve toward a world of ubiquitous computing, the design of the IoT solution spanning hardware, edge, and cloud must be consistent and secure to drive real impact,” George says.

Azure IoT Edge requires three parts for deployment: Azure IoT Edge Runtime, Azure IoT Hub, and edge modules. Runtime is free and will be available as open source code, but companies will need an Azure IoT Hub for device management and deployment if they don’t have one.

Second former Equifax staffer charged with insider trading

library
crime | hacking | security

In another entry for the ‘what were they thinking’ file, a second former Equifax executive has been charged with insider trading in advance of the company’s massive data breach announcement last September.

According to an SEC release, Sudhakar Reddy Bonthu, a former software engineering manager at the credit information company, traded on confidential information that he received while creating a website for consumers affected by the Equifax breach.

The breach saw 146.6 million US consumers affected, with most records containing social security numbers. Some 99 million lost their address information while 17.6 million lost their drivers’ license numbers. In the UK, a file of 15.2 million records was hacked, and 693,665 consumers had sensitive personal details exposed.

Bonthu, 44, was told that he was building a site for an unnamed client, however, he soon worked out that it was for his employer, Equifax. He allegedly used this information to buy put options in the company’s shares.

A put option is a contract to sell stock for a specific price (the ‘strike price’) within a specified period. You can purchase put options whether you own a stock or not. If a stock trades at $140 per share and you know it will go down, then purchasing a put option to sell 100 shares with a $140 strike price lets you capitalize on the stock’s movement. If the stock drops to $95, then the put option contract becomes a valuable commodity that you can sell to someone else. It’s a classic tool for ‘shorting’ a stock by betting on its decline.

According to the SEC, Bonthu wasn’t betting at all. Instead, he knew that the Equifax stock would fall thanks to insider knowledge.

Equifax fired Bonthu in March after he refused to cooperate with its insider trading investigation. He has agreed to return his gains from the put option trades plus interest to settle the SEC’s civil charges, subject to court approval. However, he also faces criminal charges from the US Attorney’s Office from the Northern District of Georgia.

How involved Bonthu was in the Equifax website isn’t clear, but the company’s online guidance for affected consumers drew its own criticism last year. One publication reported that the fraud alerts website suffered from a cross-site scripting (XSS) flaw, which enabled phishers to fool victims into giving them personal information. There were also complaints that its data breach checker was giving out incorrect information.

Bonthu isn’t the first former Equifax staffer to be charged with insider trading prior to the breach announcement. Jun Ying, a former CIO at one of Equifax’s business units, was charged in March for allegedly exercising his vested Equifax stock options and selling the shares for nearly $1m. He avoided nearly $117,000 in losses through his use of insider information, the complaint said.

Confusion reigns over pre-disclosure trading

Companies risk scrutiny over share trades during the periods between discovering and disclosing security flaws, even if those trades have not been ruled illegal. Equifax previously cleared three executives of insider trading after they sold $1.8m in stock within days of the flaw’s discovery.

As data breaches and security flaws continue to affect companies’ market standing, the SEC is taking steps to guide executives in good practice around financial governance and disclosure.

In February the agency issued guidance on disclosing security breaches, warning executives that such breaches constituted ‘material information’, and noting that they must not trade while in possession of such information before it becomes public.

Follow @NakedSecurity
Follow @dannybradbury

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1afexGeiR8s/