STE WILLIAMS

Disinformation campaigns, otherwise known as cyber propaganda, cognitive hacking, information warfare, and the more common “fake news,” have roots in history but are increasingly relevant, and dangerous, as actors manipulate Web tools to sway public opinion.

Content promotion services have been in the “gray market” for a while, but fake news didn’t start to gain widespread attention until the 2016 US Presidential election, explains Vladimir Kropotov, senior researcher for Trend Micro’s Forward-Looking Threat Research (FTR).

In a few weeks, Kropotov will join fellow FTR senior researchers Fyodor Yarochkin and Lion Gu to present tools and techniques used among cyber propaganda perpetrators around the world in a Black Hat Europe presentation titled “Enraptured Minds: Strategic Gaming of Cognitive Mindhacks.”

“Information distributes too fast, and people can make wrong decisions based on information from unreliable sources,” Kropotov explains.

Researchers believe the success of fake news campaigns relies on three distinct components: social networks, motivation, and tools and services. The absence of one of these factors will make the spread of disinformation more difficult, if not impossible, they say.

The Dark Web is full of tools to spread fake news campaigns. Some of these can be used for legitimate purposes, such as content marketing, but their power can also be leveraged to disseminate propaganda and influence public opinion. A few are available on the gray and legitimate markets, but these don’t have the anonymity of the underground.

Today, most fake news campaigns are considered to be politically motivated. However, researchers say, other motives exist and the same tools can be used to achieve them.

“I think people in big companies and enterprises should be aware of the availability of services like this,” says Yarochkin. For example, he explains, these services can be used to promote content intended to make particular companies hot on the stock market. PR agencies can use the same tools as threat actors to spread information in the wake of a crisis.

“It’s not purely underground services,” says Kropotov of the tools used to spread fake news. “The same technologies have been used widely by media agencies and in advertising.”

The researchers learned that Chinese, Russian, Middle Eastern, and English-based underground marketplaces all offer services for anyone who wants to launch disinformation campaigns.

“One of our ideas was to watch how [fake news] looks to the United States, and Russia, and Arabic-speaking countries,” explains Yarochkin. Tools used to spread fake news vary from place to place, and each reflects the social and online culture of its respective region.

Example: The Chinese marketplace

As an example of geography-specific tools, consider the Chinese underground, which researchers also analyzed. Given the difficulty of accessing certain social media platforms outside China, most of these tools are unsurprisingly limited to the Chinese market.

One such service, called Xiezuobang, charges money to create and distribute content. Pricing varies depending on the platform where the article will be published. While it could be used for content marketing, the service could easily be abused to spread propaganda, researchers say.

Several Chinese websites advertise a “public opinion monitoring system” that can allegedly survey and influence opinions in popular social media networks and forums, depending on the customer’s specific area of interest. One of these, the Boryou Public Opinion Influencing System, says it can monitor 3,000 websites and forums, and add automatic posts and replies at a reported rate of 100 posts per minute.

“An administrator could gather feedback from websites and forums, if they want to know what people are saying and thinking,” says Gu.

On the Chinese underground, researchers also found services leveraging social media to sway public opinion. Brokers offer paid posts and reposts to distribute content on Chinese social media networks. Clients pay to have their content posted by influential users; the more popular the user, the more expensive it is to have that user repost your content.

“Buyers will bank on a celebrity’s visibility as a potent means to deliver their desired content to an expansive pool of audience,” researchers say. A famous Weibo user with 78.25 million followers, for example, costs $180,000 for their visibility.

Related Content:

• When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
• Hackers Poison Google Search Results to Deliver Zeus Panda
• 4 Ways the Next Generation of Security Is Changing
• Social Engineer Spills Tricks of the Trade

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Article source: https://www.darkreading.com/cloud/cognitive-mindhacks-how-attackers-spread-disinformation-campaigns/d/d-id/1330334?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The payoff from cybercrime can be enormous for aspiring criminals everywhere, but as with many lucrative endeavors, sometimes it takes a little investment up front to get you off the ground.

Take a banking botnet operation. A decent credential-stealing Trojan can easily set you back between $3,500 and $5,000 says Recorded Future, which recently compiled a price list for malware and associated services on the Dark Web.

The Web-injects you’ll need to intercept credentials for account holders of each of your target banks can cost between $100 and $1,000; bulletproof hosting another $150 to $200 per month; and payload obfuscation tools can cost up to $50.

Then there’s the 50%- to 60% commission you’ll need to pay from the money you steal from each victim’s account if you want it professionally laundered, and another 5% to 10% to have it delivered via Bitcoin, Western Union, or other direct methods.

Such costs can add up. Still, the paybacks are enormous, says Andrei Barysevich, director of advanced collection at Recorded Future and author of the report. “We estimate the average ROI of a botnet operation to be between 400% to 600%,” he says.

The returns are both direct and indirect. The main income comes from the money you steal from individual bank accounts. Then there’s also the opportunity for residual income from actions like selling the login credentials at $100 to $200 a pop, or doing per-demand malware installation on the devices you have infected, Recorded Future found.

Economics like this are driving enormous interest in malware goods and services on the Dark Web. Over the years, what used to be a space dominated by a motley collection of mostly Eastern European cybercrooks has evolved into a well-organized, slick marketplace with highly specialized products and services. While estimates of the size of the cybercrime market range widely from the low hundreds of billions of dollars to over a trillion dollars, one thing everyone agrees is that it is really big.

The cybercrime underground has pretty much everything that a criminal would need, for a price, Recorded Future’s report says. Like legitimate online marketplaces, goods and services can be sold or purchased pretty openly. The market is organized in a highly vertical manner with threat actors focusing on specific areas of expertise.

Script Kiddies

Often, to launch a campaign, a threat actor will need to interact with a network of service and tool providers rather than a single provider. Contrary to what one might expect, you don’t need to be a jack-of-all-trades to succeed in cybercrime. The underground market is capable of supporting newbies and script kiddies just as efficiently as it can support the needs of the most sophisticated criminal groups and nation state actors.

In fact, it is rare to find individuals operating in isolation launching major criminal campaigns. Success in cybercrime really requires the ability to harness expertise and tools across multiple disciplines and sourced from different places, Recorded Future says.

The cost for these campaigns ultimately depends on what you are after and how sophisticated you want the campaign to be. If all you are looking for is login info to an online account, you can get Paypal account information for as little as $1. 

But of you want malware for launching a distributed denial-of-service attack, that can set you back $700, and the infrastructure for a spam or phishing campaign can run into the thousands.

“Historically, banking malware was and remains the most complex and costly criminal product,” Barysevich says. “At the same time, various RAT and ransomware products are among the least expensive malicious software.”

Interestingly, inflation doesn’t appear to be much of thing in the underground market for cyber crimeware and services. Barysevich says Recorded Future doesn’t have reliable metrics to say for sure how prices on the Dark Web have moved in recent years. But “based on experience, we can say a majority of the services and data types have not seen significant price fluctuations,” he says.

But that could change, he says. With financial organizations and others getting generally better at protecting themselves against attacks, malware tools will need to evolve as well. This trend could make things a bit more expensive for the average cybercriminal over the next year.

One area where Barysevich expects prices to rise is malware distribution. The arrest of Russian national Pyotr Levashov earlier this year has removed one of the primary provides of spamming services across Europe and will push up malware distribution costs, he says.

Related Content:

• One of World’s Most Wanted and Prolific Alleged Spammers Arrested
• Big Business Ransomware: A Lucrative Market in the Underground Economy
• Dark Web Marketplaces’ New Home: Mobile Messaging Apps
• Cybercrime: A Black Market Price List From The Dark Web

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/it-takes-a-buck-to-make-a-million-on-the-dark-web/d/d-id/1330336?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The release of the Paradise Papers, a collection of 13.4 million documents, has revealed tax affairs of the ultra-wealthy, reports the BBC. Most of the papers came from offshore legal firm Appleby, which says the leak came from a hack on its network and no insiders were involved.

Similar to last year’s Panama Papers leak, the documents were first procured by German publication Süddeutsche Zeitung, which worked with the International Consortium of Investigative Journalists (ICIJ).

Leaked financial documents surfaced information on how rich and famous people channel funds through offshore tax havens to protect their cash from tax officials. For example, papers indicate about $13M (USD) of the Queen’s private funds were invested offshore. While not illegal, this might prompt questions about the Queen’s finances.

It also came to light that Russia funded Facebook and Twitter investments through a business associate of Jared Kushner, President Trump’s son-in-law and senior White House advisor. Papers indicate Commerce Secretary Wilbur Ross had a stake in a company which transports oil and gas for a Russian energy firm, whose shareholders include Vladimir Putin’s son-in-law and two men sanctioned by the US.

While Appleby says it did not do anything wrong, the disclosure of such sensitive data could have tremendous repercussions for individuals affected.

Read more details here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/external-attacker-leaked-paradise-papers-law-firm-reports/d/d-id/1330329?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

(Image: 4Max via Shutterstock)

The security space is growing with startups building game-changing technologies in identity management, training, privacy, and other niche areas to drive the future of security.

This year is a big one for new companies trying to make a name for themselves in the industry. From a security investment standpoint, the first two quarters of 2017 were the most active in the past five years. Numbers show 2017 will be a record-breaking year for security funding.

It’s easy to see why. Major global cyberattacks, combined with evolving security threats for businesses and consumers, have heightened the demand for new tools and services.

While the up-and-comers are getting their fair share of attention, let’s not forget older security-focused companies have continued to explore new technologies. Many of them have come out with interesting updates in the last few months, a sign we should still keep an eye on them.

Here, we catch up with some players who have been around the industry for a while and see what they’ve been up to. Any companies you’d like to add to the list? Feel free to share your contributions in the comments.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Article source: https://www.darkreading.com/endpoint/8-older-companies-doing-new-things-in-security/d/d-id/1330324?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cybersecurity tools that employ immersive technologies such as virtual reality and augmented reality could attract millennials and post-millennials to IT security careers, a new study shows.

Across the globe, the IT security industry is expected to face a talent shortfall of 1.8 million workers by 2022. But the Immersive Technologies The Future of Cybersecurity report – a survey of 524 US residents between 16-to 24-years old – shows that virtual reality tools could attract security talent: some 74% of the survey respondents say they are likely to pursue an IT security career if cybersecurity tools incorporate virtual reality and augmented reality technologies.

Additionally, 77% of survey respondents say they would enjoy using these tools if that were the case, according to the ESG study commissioned by ProtectWise.

The majority of survey respondents already have extensive exposure to virtual reality and augmented reality technologies through online and video games, the report notes. According to the survey:

• 40% have been gamers for at least 10 years
• 76% play online games on a weekly basis, averaging 9 hours of gaming each week
• 58% have used or regularly use virtual reality technologies in games

“These kids are highly exposed to gaming principles and are aware of spatial familiarity,” says Gene Stevens, co-founder and CTO of ProtectWise. “I was shocked by their positive response to pursuing a career in cybersecurity. I was expecting to see more resistance.”

ProtectWise, which is beta-testing its so-called Immersive Grid SOC service that includes a 3D visual layer for monitoring security alerts, commissioned the report to determine what if any correlation exists between virtual reality and augmented cybersecurity tools and recruiting future infosec professionals. Immersive Grid uses both virtual reality andaugmented reality.

“We did the survey to see if it makes sense to draw millennials and post-millennials to the platform, IT and cybersecurity as a job,” Stevens says.

Some 67% percent of survey respondents haven’t taken a cybersecurity class in school, with 65% of that group saying the reason is that their educational institution didn’t offer such courses. Nearly a quarter of survey respondents say they avoided cybersecurity courses due to a lack of interest, while 15% say they don’t have enough technical knowledge to take these classes.

Takeaway for Employers

Although Stevens estimates few companies are offering virtual reality and augmented reality in their cybersecurity tools, he hopes the numbers will grow because of the potential to attract new hires to the IT security workforce.

Meantime, some 33% of respondents are interested in a video-game development career, while 9% want to pursue a cybersecurity career.

Stevens notes by infusing immersive technologies as seen in video games into cybersecurity tools the IT security industry stands a better chance of winning over more prospective job candidates.

Related Content:

• Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
• Educating The Cyberwarriors Of The Future
• Surviving the IT Security Skills Shortage

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET’s … View Full Bio

Article source: https://www.darkreading.com/endpoint/virtual-reality-could-serve-as-a-cybersecurity-recruiting-tool-/d/d-id/1330326?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

If you walked into work tomorrow to find your company had been hit by ransomware, would you know what to do? Who would you call? How would you find their phone numbers if your computer was locked up? How would you notify customers?

There are many aspects to preparing for ransomware, including technical tips such as maintaining a current, offline backup of your data. This article isn’t about those technical steps. It’s about the practical, operational measures you can take now to prepare yourself and your company for the moments after an incident occurs. What’s your emergency plan? Who would you want on your team? How would you communicate?

Few of us are good at preparing for the unexpected, but planning ahead will make life a lot easier if disaster strikes. And when it comes to ransomware, there’s a good possibility it will. After the WannaCry attack in May, which infected some 300,000 computers in the first few days, the head of the FBI’s Cyber Division called ransomware “a prevalent, increasing threat,” and said attacks are likely to rise in future. Other reports also predict an increase.

With that in mind, here are seven steps you can take now to prepare yourself and your company for the moments after ransomware strikes. Some of these can be applied broadly to other critical incidents, while some are ransomware-specific.

1.  Plan your initial response. Your team members may not be used to dealing with stressful situations, so make sure they know what to do. This includes where they’ll gather to discuss the problem, where press inquiries should be directed, and what to tell customers and staff. Most of the time, this means planning the who, what, when, and how. Once you have this plan, share it with your team ahead of time, and…

2.  Store your response plan in multiple locations. If your plan for incident response is stored on your PC and you’re locked out, you can’t even get started on your recovery. Ransomware can affect your desktop, your servers, or both. Store copies of your plan in multiple locations, including at least three separate cloud services. And set a calendar alert to remind yourself to update them periodically.

3.  Pick your team now. Who needs to be in the room in the moments after an incident occurs? Your CEO and CIO are a given, but you may also want your heads of PR, legal, HR, and other department chiefs. Draw up a list now and make sure everyone knows they’re on it. Also, get their contact details for off-work hours, and share them with the rest of your team.

4.  Have a communications plan in place. You may find yourself locked out of your primary, preferred method of communication, so know which channels you’ll fall back on. Email might not be an option, so prepare to use other means. If your smartphones are still working, collaboration apps can be a good way to communicate as a group — just make sure everyone has the app installed. But ransomware can also strike mobile devices, so as with all aspects of preparedness, have a backup. Storing phone numbers and personal email addresses in multiple locations is a good place to start.

5.  Decide now who’ll take charge. There’s a lot to do in the moments after an attack, including directing employees and contacting law enforcement, customers, and partners. Someone will need to oversee and manage the recovery effort and be ready to answer questions as they arise. It could be your CIO, COO, head of security, or someone else — but it’s best to have a clear, single owner. Decide now who that will be, so the responsibility doesn’t suddenly get dropped in their lap that morning.

6.  Have a discussion now about how you’ll respond. Whether you decide to pay the ransom will likely depend on the severity and nature of the incident, but it’s better to begin this conversation now than in the heat of the moment. The FBI has said it doesn’t condone payment because it wants to discourage future attacks, but it also recognizes that every business will need to make its own decision. It can’t hurt to start talking about this now, so your team is at least familiar with the trade-offs when a decision has to be made.

7.  Know your appetite for risk. You can’t plan for everything, so figure out how much you risk you can tolerate — and how much potential harm you can deal with — and then make a trade-off. For example, some companies will do a disaster recovery exercise every month, to be sure they’re always prepared. But that’s a big time commitment, and others will opt for once a quarter. It all depends how much “insurance” you want built into the system. These are tough calls, but they need to be made deliberately and in advance.

If you’re lucky, you’ll never have to face a ransomware incident, but luck isn’t how you run a business. Your technical teams will have put in a lot of work guarding against attacks and mitigating damage. But responding operationally, informing customers, and keeping the company moving forward falls to management. It’s often hard to imagine a situation you’ve never been in, but try to picture that morning when your phone rings and you learn your company has been hit. Think about all the things you’ll wish you’d have done — and start doing them now.

Related Content:

• How to Make a Ransomware Payment — Fast
• 10 Scariest Ransomware Attacks of 2017
• Ransomware Sales on the Dark Web Spike 2,502% in 2017

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Patrick Hill is SRE Solutions Lead at Atlassian, a provider of team collaboration and productivity software that helps teams organize, discuss, and complete shared work. Teams at more than 89,000 organizations use Atlassian products including JIRA, Confluence, HipChat, … View Full Bio

Article source: https://www.darkreading.com/endpoint/when-ransomware-strikes-7-steps-you-can-take-now-to-prepare-/a/d-id/1330313?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A vulnerability discovered in the Debut embedded Web front-end in all Brother printer models could allow attackers to launch a DDoS attack against the printers, according to research released today by Trustwave.

The Debut bug can be exploited via a single malformed HTTP POST request, which then returns a 500 error code. That makes the Web server inaccessible and ceases all printing functions.

There is no apparent patch for the bug, despite Trustwave’s repeated attempts to contact the company, according to Trustwave’s blog post. System administrators are advised to restrict access control using a firewall or similar device to limit Web access only to administrators that need it to mitigate the threat.

The DDoS cybercriminals could potentially leverage the attack to present a faux technician, who would “fix” the problem while also gaining direct physical access to IT resources.

Read more about the Brother bug here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/ddos-flaw-found-in-brother-printers-/d/d-id/1330333?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple