STE WILLIAMS

A new survey indicates that enterprise executives want DevOps to move forward in their organizations, but poor communications among security, software development, and IT operations is standing in the way.

The survey, sponsored by Trend Micro and conducted by Vanson Bourne, asked more than 1,300 enterprise and SMB decision makers to share their thoughts on DevOps implementation. While 74% said DevOps initiatives are more important now than in previous years, 89% said software development and security teams need to be in closer communication.

More than a third of those responding told researchers that existing functional silos are making it harder to build a DevOps culture. They cited fostering greater integration between teams (61%), setting common goals (58%), and sharing learning experiences across teams (50%) as the best ways to drive the necessary cultural change.

When asked about top priorities, 46% said that enhancing IT security leads all other factors in DevOps.

Read more here.

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/operations/poor-communications-slowing-devops-shift/d/d-id/1335122?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Every few years, there is a significant and often unexpected shift in the tactics that online criminals use to exploit us for profit. In the early 2000s, criminals ran roughshod through people’s computers by exploiting simple buffer overflows and scripting flaws in email clients and using SQL injection attacks. That evolved into drive-by downloads through flaws in browsers and their clunky plug-ins. Late in the decade, criminals began employing social components, initially offering up fake antivirus products and then impersonating law enforcement agencies to trick us into paying imaginary fines and tickets. In 2013, someone got the bright idea to recycle an old trick at mass scale: ransomware.

If history has taught us anything, it’s that there are cycles to threats, and at some point in the future, ransomware as we know it today will begin to wane and morph into a new type of attack. Many factors can lead to the end of a good scam. In this case, we have finally removed Java and Adobe Flash Player from most of our home PCs, our browsers keep themselves up to date, and Windows, Mac, and even Linux largely update themselves with reasonable regularity.

This of course hasn’t eliminated “spray and pray” malware. It has just made it less profitable. The majority of ransomware infections these days seem to originate via email and are affecting lower volumes of victims than in the heyday of mass web exploitation.

While there has always been a divide between unskilled and skilled cybercriminals, with the declining utility and increasing risk of traditional tactics, at least some of the latter are beginning to recognize that they need to up their game.

Unskilled online criminals will continue to pay for spam runs or hire already infected PCs to indiscriminately distribute commodity malware. The others? They’ve got a new scam. And it isn’t something that is likely to catch on with the script kiddies. They’re going out and behaving as rogue penetration testers.

We first noticed this with the SamSam gang. They were able to operate discreetly enough that it took the community nearly two years to notice. Why? They operated at low volume. Few samples made it to services like VirusTotal, few victims were important enough to garner attention, and few security vendors noticed the blips in their statistical analysis of enormous malware volumes.

Penetration testing takes skill, but it also takes patience. To many people with hacking skills, getting paid to break into systems sounds like a dream come true until they face the reality. The goal isn’t just to break in; the real goal is to document how you broke in and write a report about it. Cybercriminals are simply bypassing this boring part and infecting the systems with malware instead.

These “criminal penetration tests” are seemingly very successful. While SamSam wrote the blueprint, we have seen the pattern copied by LockerGoga, MegaCortex, Ryuk, and others.

The attack pattern we’re seeing/we’ve seen goes like this:

1. Find some low-hanging fruit.

• Do a Shodan search for open RDP.
• Find a vulnerable service exposed in DMZ.
• Hire already infected machines from botnet operator.

2. Sort through results and pick interesting targets.
3. Identify computers that hold interesting or sensitive data.
4. Encrypt, ransom, or steal data for profit.

I think that this is a significant change in behavior and it brings us to an important change in tactic: the automated, active attack.

This blended approach, using both automated discovery and human intelligence to choose targets, combined with the deployment of low-volume custom malware, is enough to severely cripple most organizations. Most organizations’ defenses are only prepared to deal with automated malware distribution, not semitargeted attacks.

This approach is very lucrative for cybercriminals because it can yield anywhere from $50,000 to over $1 million per victim, and can be targeted at nearly any organization. Even the smallest of firms potentially have tens of thousands of dollars on hand when it’s time for payroll, and if they don’t have backups, paying the ransom could be their best option.

While security through obscurity is a terrible idea with regard to cryptography, it can’t hurt when applied to information security. By no means should it be your only strategy, but simply upping your game a few notches can help you avoid being discovered through the simple scans and spams that criminals are using to initiate these attacks.

As mentioned, patterns have begun to emerge out of investigations of these attacks. The SamSam group, and others as well, have frequently sought out improperly exposed remote desktop (RDP) connections. Requiring a VPN, multifactor authentication or strong, unique passwords would prevent many attacks. Disabling web server banners advertising precise versions of helper software like PHP, Perl, Ruby, or even your CMS type can help you avoid being identified by unsophisticated automated scans.

Better yet is building a culture of security within your organization and focusing on how you can increase the maturity of your security preparedness. Keeping up is hard and staying ahead can feel impossible, but understanding that you can’t be perfect can free you to make decisions about managing risk rather trying to do the impossible.

Related Content:

• 7 Recent Wins Against Cybercrime
• How to Avoid Becoming the Next Riviera Beach
• Pledges to Not Pay Ransomware Hit Reality
• Inside the FBI’s Fight Against Cybercrime

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Chester Wisniewski has been involved in the information security industry since the late 1980s. He is currently a principal research scientist in the Office of the CTO at Sophos. Chet divides his time between research, public speaking, writing and attempting to communicate … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/in-cybercrimes-evolution-active-automated-attacks-are-the-latest-fad/a/d-id/1335073?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As we move throughout our digital lives, we unknowingly leave traces — writing styles, cultural references, behavioral signatures — that can be compiled to form a profile of our online personas.

These identifiers are different from physical identifiers such as fingerprints, faces, handwriting, DNA, and voice, all of which allow law enforcement to trace crimes back to offenders and enable biometric authentication tools. But physical identifiers are often irrelevant when it comes to tracking criminals in the digital realm, where non-physical traits can prove useful.

Matt Wixey, head of technical research for PwC’s cybersecurity practice in the UK, calls these behavioral identifiers “human side-channels” and says they often result from human actions. Human side-channels, he explains, are rooted in personality psychology and result from each individual’s unique experiences, training, and feedback. We often don’t know we exhibit them.

“These are ways you can be identified or tracked via unintentional or inadvertent leakage of behaviors,” he says, adding that these traits are “predominantly unintentional.”

While there are many behavioral traces to explore, Wixey chose forensic linguistics to explain how human side-channels can be used in offensive and defensive security. Linguistics is by no means a new discipline, but as a former law enforcement official-turned-cybersecurity researcher, he has found the study practical for investigating both physical and virtual crimes.

“It’s kind of a spin-off of applied linguistics,” he explains. “The principle is that everyone has a unique style of writing,” not necessarily in terms of their handwriting but in how people construct sentences and paragraphs, as well as how they use punctuation and grammar. From a defensive perspective, this could be handy if a cybercriminal wrote any text in conjunction with the attack: a spearphishing email, for example, or a ransom note or text message.

Of course, the usefulness of a piece of text depends on how much is available to the investigator. “There are some things you can do just with the text itself,” says Wixey, and when you have a piece of text, it’s easier and more cost-effective to avoid a full forensic analysis. There are several ways security pros can leverage forensic linguistics, all of which vary depending on the resources they have and how prepared they are to invest in this technique.

As an example, let’s say an organization was hit with a spearphishing attack. In the malicious email, analysts can seek unusual construction of sentences or stand-out phrases, and paste those into a search engine to see if they appear anywhere else on the Internet. This tactic has been used in real-world offenses, Wixey says, and it’s a jumping-off point for further investigation.

If an unusual phrase appears in a recent forum post, it could prove useful to read through the forum for messages talking about the attack, or other clues that could provide more insight on what happened. The forum could also be passed to law enforcement as a possible lead.

Forensic linguistics can also be helpful in comparing social media accounts. If the same person operates multiple Twitter accounts, he adds, you may be able to tie both to one operator. This could prove useful in investigating disinformation campaigns or identifying extortion, fraud, or another psychological agenda.

With more time and resources, Wixey continues, a full-time attack investigator or threat intelligence analyst could compile a corpus, or collection, of text from different actors and sources. As they build a collection of ransom messages, tweets, and forum posts, they can compare future attacker texts to those in their repository and see if any matches exist.

“It’s still below the radar in terms of most security practitioners’ awareness,” he says, adding that “it’s just not most people’s standard investigative protocols.”

Writing in Disguise
Although these human side-channels are deeply ingrained into an individual’s personal writing style, Wixey says there are ways people attempt to disguise them. With respect to forensic linguistics, they may run a text through Google Translate a dozen times and continuously tweak the text so its meaning is consistent, but the voice and structure are concealed. It’s a “pretty primitive” strategy, he says, but it’s also easy to automate. Another tactic is to collaborate with someone else on writing a piece of text so the two styles are scrambled.

At Black Hat USA, Wixey will examine multiple human side-channels, how they can be used in attacks and defense, privacy implications, and how they can be countered in his briefing, “I’m Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy.”

Related Content:

• Toyota’s Car-Hacking Tool Now Available
• The Case for Encryption: Fact vs. Fiction
• 7 Ways to Mitigate Supply Chain Attacks
• How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/human-side-channels-behavioral-traces-we-leave-behind/d/d-id/1335129?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Information from satellites fuel a great deal of today’s technology, from the intelligence gathering conducted by nation-states, to the global positioning system used for vehicle navigation, to the targeting used by “smart” weapons. 

Little surprise, then, that cybersecurity and policy experts worry that the relative insecurity of satellite systems open them to attack. In a paper released by The Royal Institute of International Affairs at the non-profit think-tank Chatham House, Beyza Unal, a senior research fellow in international security, warned that the reliance of space-based systems and satellites on civilian infrastructure means greater vulnerability to attack in times of conflict and espionage in times of peace. 

“During wartime, the greatest risk is to lose operational foresight and be unable to rely on data that comes through space,” Unal says. “Receiving false or fake information may result in giving an advantage to the adversary.”

The warnings come as an increasing number of nations have ramped up their operations in space. What used to be a race between the United States and Russia has changed. China landed a rover on the moon in January and launched a quantum satellite into orbit in 2016. The European Space Agency has sent probes to Mars and put a gravitation wave detector into space. Japan launched a probe that successfully landed on a near-Earth asteroid and intends to bring back samples.

A dozen nations have developed some level of space capability and have used it to launch satellites into space. The U.S. military, for example, relies on satellites to direct munitions. In 2003, during its engagement in Iraq, 68 percent of munitions were in some way guided by satellites or using intelligence from satellites, the Chatham House paper said.

The importance of satellites make them a critical part of any nation’s infrastructure and attacking those satellites a strategy that most nations need to consider. While kinetic attacks are possible, cyber attacks have the benefit of being inexpensive.

“The most cost effective type of attack is the digital cyber vector,” says John Sheehy, vice president of strategic services at IOActive, a security firm. “And, if you can disrupt satellite operations using cyber, unfortunately that greatly widens the pool of potential threat actors who have the capability to disrupt satellite operations.”

The Chatham paper pointed out that both China and Russia have both focused on using cyber attacks as part of their military and strategic doctrine. NATO has encountered GPS jamming and other cybersecurity attacks against satellite systems during military exercises, the report said, citing NATO officials, who attributed the attacks to Russia.

Historically, satellite systems have only suffered occasional attacks over the past decade. In its 2011 Report to Congress, for example, the U.S.-China Economic and Security Review Commission noted that “in recent years, two U.S. government satellites have experience interference apparently consistent with the cyber exploitation of their control facility.” The two satellites—identified as Landsat-7 and Terra EOS AM-1—each experienced two incidents of interference between October 2007 and October 2008 lasting a combined 35 minutes, according to the report. The outages were consistent with attacks against the satellites’ land-based systems, but no positive evidence was found at the time.

However, since that report, satellites have been both successfully exploited and attacked. A Russian cyber espionage group known as Turla—as well as at least two other groups—have used unencrypted satellite links as command-and-control and exfiltration channels for their operations. At last year’s Black Hat conference, one security researcher used vulnerabilities in satellite equipment to hack into an airplane’s in-flight communications equipment from the ground.

Finally, Russia has frequently disrupted the global navigation satellite system (GNSS) for at least three years to prevent drone attacks and during times of military operations, such as its invasion of Crimea. The incidents have happened at least 9,883 times, according to research published earlier this year.

“There is constant experimentation about pushing the envelope,” says David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations. “Because it is a cyber operation, we don’t quite know where that line is yet. Countries are being cautious about it, but they are pushing in that line more and more.”

In the Chatham House paper, Unal points out that, while NATO owns some ground-based facilities and components, the group does not own its own satellites, but gets information from satellites from its member states. Typical attacks against such infrastructure includes the “five Ds”—attacks that disrupt, deny, degrade, deceive, and destroy.

In addition to actual cyberattacks, vulnerabilities in satellite can undermine the faith that member nations have in the intelligence provided by NATO, raising questions about the root justifications for action as well as potentially destabilizing the relationships between members, the report stated.

Defending against such attacks requires both technology efforts and policy measures, says Chatham House’s Unal. 

“The fundamental approach here is to focus on risk-reduction frameworks and applying them within the supply chain, command, control and communication systems,” she says. “It is important to note NATO uses layers of security to protect these systems. Hence, even if an attacker is able to breach a node in the system, this would not necessarily mean they could infiltrate the critical nodes.”

In addition, NATO and the governments on whose technology the group relies, needs to look to their supply chains,  Unal says. 

Nations are already attempting an end run around certain types of attacks. In 2016, China launched its Micius satellite, which is expected to allow communications protected by quantum cryptography. 

At the other end of the spectrum, while technology is being used to defend against attacks, others are looking to find ways to work when technology fails as preparation for the worst, IOActive’s Sheehy. Military academies, for example, continue to teach cadets to use sextants for navigation. 

“The concern will always be there to some extent,” says IOActive’s Sheehy. “So they are finding ways to make the operator to have the capability to work with a reduce information flow.”

Related Content:

• Russia Regularly Spoofs Regional GPS
• Russian-Speaking Hackers Hijack Satellite Links To Hide Cyberspying Operation
• Researcher Successfully Hacked In-Flight Airplanes – From the Ground
• Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
• China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/cybersecurity-experts-worry-about-satellite-and-space-systems/d/d-id/1335131?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A wave of malware targeting MacOS over the past month has raised the profile of the operating system once advertised as much safer than Windows. The newest attack code for the Mac includes three pieces of malware found in June — a zero-day exploit, a package that includes sophisticated anti-detection and obfuscation routines, and a family of malware that uses the Safari browser as an attack surface.

The zero-day exploit, dubbed OSX/Linker by researchers at Intego who discovered it, takes advantage of a vulnerability in MacOS Gatekeeper — the MacOS function that enforces code-signing and has the ability to limit program execution to properly sign code from trusted publishers.

The MacOS X GateKeeper Bypass vuln used in OSX/Linker was first discovered in February 2019 by independent researcher Filippo Cavallarin, who says that he notified Apple of the finding. After a 90-day disclosure deadline passed, Cavallarin publicly disclosed the vulnerability on May 24.

The vulnerability itself is in the way GateKeeper treats files on the local network, which don’t receive the same locked-down scrutiny as files from the Internet. A cleverly formatted program can pretend that a file on a server sitting anywhere is on the local network, and should therefore be trusted.

Joshua Long, chief security analyst at Intego, says that OSX/Linker is the first evidence he knows of malicious actors trying to take advantage of the vulnerability, which is still unpatched by Apple as of this posting. “The sample that we found actually appeared to be just a proof-of-concept at the time that it was uploaded to VirusTotal,” Long says. “It was able to write something to to a text file on the victim’s computer.”

The second piece of malware found by Intego researchers takes a long-used technique and adds “stealth” to the mix: the so-called OSX/CrescentCore is the name given to a new generation of fake Adobe Flash Player malware that adds significant obfuscation to its capabilities. “This is another bit of malware that is exploiting people’s fear of having outdated software that might allow their computer to become infected,” Long says.

The malware first checks to see whether it’s being run inside a VM. If so, it won’t complete installation. Similar checks are then done for common anti-malware software and reverse-engineering tools.

“This was actually found in the wild,” Long says. “Unlike OSX/Linker, which seemed to have been a proof-of-concept, based on the nature of it, it’s possible that this could have been used.”

Intego researchers also discovered another exploit, OSX/NewTab, which injects new tabs into the Safari browser — tabs that can contain additional loaders and malware packages.

The three malware packages found by Intego in June are just the latest examples of increasing activity in MacOS malware.  A zero-day exploit in Firefox, described in detail by researcher Patrick Wardle in a three–part series, now can spread a variety of MacOS malware types. So far, the malware families dropped via the exploit have been backdoor spyware programs that can log keystrokes and take screenshots of the victim’s computer.

Meanwhile, in June, a Mac-based cryptominer named LoudMiner or Bird Miner arrived on the scene. Described in detail by researchers Michel Malik of ESET and Thomas Reed of Malwarebytes Labs, LoudMiner is notable for creating a small Linux instance running in a virtual machine and then running the cryptomining software on the Linux platform. Attackers are using weaponized music applications as carriers for the new cryptominers.

Changing Malware Fortunes

The new MacOS malware variants indicate that the OS is becoming worth cybercriminals’ time to develop malware for the platform, Long says. And that additional attention has an unexpected consequence: “It’s clear to me that Windows, at this point, could easily be described as a safer platform than MacOS,” he says, overturning a Macintosh reputation for security that was once so well-established that Apple once ran ads touting safety.

That’s because, Long says, MacOS has become more of a target, and newer versions of Windows come with big security improvements. “Microsoft has had to do a lot of things to improve their image,” Long says. “They’ve built in to their operating system a much better, more robust anti-malware capability than we’ve seen on MacOS.”

Related Content:

• Microsoft Opens Defender ATP for Mac to Public Preview
• Researchers Explore Remote Code Injection in macOS
• War on Zero-Days: 4 Lessons from Recent Google Microsoft Vulns
• Microsoft Brings Defender Security Tools to Mac
• Mac Malware Cracks WatchGuard’s Top 10 List

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/new-macos-malware-discovered-/d/d-id/1335135?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Encryption engenders passionate opinions and reactions from a variety of government regulators, technologists, and privacy and security advocates. It’s become the de facto standard of online commerce and communication, embraced by technocrats and security pros everywhere.

Conversely, some governments routinely seek to destabilize encryption through legislation, regulation, or dictatorial fiat. A common approach is to require device manufacturers and technology providers to implement “backdoors” in an attempt to break end-to-end encryption in order to surveil conversations deemed high risk. Such efforts are generally met with strong objections from privacy rights advocates.

There is also an evolving focus on user privacy, perhaps most prominently triggered by the passage of the European Union’s General Data Protection Regulation, but now surging in many other parts of the world. Regulations and user concerns are forcing shifts in technology vendor practices, for example:

• Apple’s announcements at their recent Worldwide Developer Conference declaring data privacy as a fundamental human right that will be central to all Apple products;
• The pullback by Google to restrict third-party developers’ access to Google user data that previously had been accessible; and
• Facebook amending its corporate privacy stance given numerous recent scandals.

These threads are converging, putting encryption at the center of major business, government, and societal shifts. The fact is that encryption is a highly reliable method of safeguarding devices and information in the digital age. It is, in effect, the foundation of modern computing and collaboration. While it can’t serve as a comprehensive security solution for all issues an enterprise may face, it does offer a powerful backstop when intrusions and breaches occur.

For instance, you might think of encryption as relevant for protecting digital assets from being stolen. But cybercriminals are very savvy and continually up the cat-and-mouse security game; in reality, company assets are stolen every day. It’s better to acknowledge that every asset, whether it resides on a corporate website, a government database, or elsewhere, is at risk of compromise. When compromise occurs, encryption is the last layer of defense, preventing thieves from utilizing what’s been taken.

Just in recent weeks, we’ve seen several reports of high-profile breaches involving sensitive customer information:

• A massive American Medical Collections Agency data breach ensnared data from medial testing giants Quest Diagnostics (11.9 million patient records) and Lab Corp (7.7 million patient records).
• Real estate title insurance giant First American Financial leaked hundreds of millions of digitized customer documents.
• There was also research published by Digital Shadows reporting 2.3 billion files stolen.
• Additional research from the vpnMentor research team revealed 11 million photos were exposed due to a misconfigured cloud service.

While these breaches are filling headlines and causing ongoing customer worries, the situation would likely be quite different had these files been encrypted.

Encryption’s Mistaken Beliefs Unintended Consequences
If we consider government backdoor access demands, aside from the privacy concerns, imposing such actions actually could have unintended and contradictory consequences. For example, a government might compel a mobile phone manufacturer to install a backdoor that breaks encryption in high-risk situations such as terrorism incidents. But once such a mechanism exists, it is implausible in this active cyber threat environment that only that government entity would be able to access and utilize it. Realistically, it will be utilized by both good and bad actors, and is ultimately likely to cause more problems than obviating the problem it was originally intended to solve.

There are a few other common but erroneous beliefs about encryption that need to be dispelled. One is that because it’s so hard to use, only sophisticated users can take advantage of it. Practically speaking, encryption is no longer just about locking down hard drives. It’s now about protecting information at the point of creation and then being able to dynamically update policies around that data wherever it goes. Modern approaches can actually make this fairly simple to apply.

Another mistaken belief is that encryption is easily breakable. While sophisticated nation-states can harness the significant processing power needed to decrypt protected assets, that’s not a common situation. Frankly, it’s just easier for attackers to move on to other targets with unencrypted data stores.

Finally, there’s a common belief that encryption enables a lot of bad behavior — that it’s only used by thieves, international terrorists, and other villainous characters. This is simply not true. Encryption is actually central to our digital lives and enables trillions of dollars of secure commerce from banking transactions to the myriad online consumer and enterprise services we all utilize on a daily basis.

Encryption forms the essential underpinning of our virtual world. With the emotion that often gets packed into discussions and decisions about how encryption should be used, it’s important to pause, separate fact from fiction, and responsibly apply this powerful tool to advance the security of the systems and data that enable our modern lifestyles.

Related Content:

• GDPR’s First-Year Impact By the Numbers
• Apple Pledges Privacy, Beefs Up Security
• Attackers Are Messing with Encryption Traffic to Evade Detection

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

A proven leader in the security industry, Ramon leads Vera Security’s product strategy, management and market delivery. Prior to Vera, he was part of the founding team of ProtectWise, Inc. (acquired by Verizon). Earlier he was vice president, web protection at McAfee. With a … View Full Bio

Article source: https://www.darkreading.com/perimeter/the-case-for-encryption-fact-vs-fiction/a/d-id/1335062?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The director of information technology for Lake City, Fla., has been fired in the aftermath of a massive cyberattack that shut down its phones, servers, and email capabilities. Lake City recently agreed to pay 42 Bitcoin ($460,000) through its insurer, the Florida League of Cities.

About three weeks have passed since Lake City systems were hit with ransomware. Following the attack, city networks were taken offline and recovery efforts began with participation from a third-party security vendor, the Florida League of Cities, and Lake City’s IT staff. Attempts to bring systems back online yielded no results; last week, the city’s insurer received a ransom request for the decryption key.

The Florida League of Cities negotiated with attackers and paid the ransom, a decision approved by Lake City’s Emergency Council. The city is responsible for the $10,000 deductible to the insurer. Lake City officials report its IT director and security vendor advised a more cost-approach to retrieve the key.

Lake City mayor Stephen Witt says city manager Joe Helfenberg made the decision to terminate an employee. Helfenberg is revamping its entire IT department to overcome the incident and set up a system to ensure it doesn’t happen again. He also reports the decryption key has been working and the city has been consulting security experts to get back online within the coming days.

Read more details here.

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/perimeter/lake-city-employee-fired-following-ransom-payment/d/d-id/1335120?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Toyota officially has begun offering a commercial version of its new Portable Automotive Security Testbed (PASTA) open source testing platform for researchers and nascent car-hacking experts.

The carmaker rocked the cybersecurity industry with the introduction of PASTA last December at Black Hat Europe in London, where Takuya Yoshida, a member of Toyota’s InfoTechnology Center, along with his Toyota colleague Tsuyoshi Toyama, demonstrated the tool, which sits in an 8-kilogram portable stainless steel briefcase. Automakers traditionally had dismissed cybersecurity research that exposed security holes in automated and networked features in car models, so Toyota’s homegrown tool represented a major shift in the auto industry.

The PASTA hardware and software tool product sells for $28,300, including the steel briefcase, so the commercial version isn’t necessarily geared for the newbie hobbyist. Toyota earlier this year placed PASTA’s open source specifications on GitHub, including those of the platform itself, CAN (controller area network) ID maps, ECU (engine control unit) program codes, and ECU circuit diagrams for vehicle testing.

PASTA allows researchers to study how a car’s engine control units (ECUs) operate, as well as the CAN protocol used for communicating among elements of the vehicle, and to test vulnerabilities and exploits. It’s not, however, meant for live, moving-vehicle hacking and testing such as that pioneered by researchers Charlie Miller and Chris Valasek.

The tool includes four ECUs as well as LED panels that are controllable by the researcher to run tests of the car system operation, or simulate attacks such as injecting malicious CAN messages. It also contains ODBII and RS232C ports, as well as a port for debugging or binary hacking.

The Toyota developers also envision PASTA being employed for RD purposes on real vehicles: a carmaker could test-run the impact of a third-party feature on the vehicle’s security, for example.

Related Content:

• Miller Valasek: Security Stakes Higher for Autonomous Vehicles 
• This Time, Miller Valasek Hack The Jeep At Speed 
• State Trooper Vehicles Hacked
• 7 Ways to Mitigate Supply Chain Attacks

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/analytics/toyotas-car-hacking-tool-now-available/d/d-id/1335121?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple