STE WILLIAMS

Google has released the April edition of its monthly Android security updates, including fixes for three remote-code execution vulnerabilities in the mobile OS.

This month’s batch – now out for Google-branded devices, at least: other Android device manufacturers and carriers push out updates on on their own – includes one batch of fixes for 11 CVE-listed vulnerabilities that everyone should apply, and a second batch for 44 flaws, that should be applied depending on your device’s hardware and OS.

Generally speaking, all the updates should be installed as soon as possible, where necessary: some or all may be applied automatically via Google Play services, depending on your device, and some may be pushed to you in the form of an update from your gadget’s carrier or manufacturer, and some may not be needed. And some unlucky devices may never see the updates at all. As usual, Android includes some defenses to thwart exploits, so patch if you can before miscreants find ways to leverage the bugs.

Of those 11 in the first patch batch, two are listed as critical fixes for remote code execution vulnerabilities. Both CVE-2019-2027 and CVE-2019-2028 are found in the seemingly endlessly problematic Android media framework and, if exploited by tricking someone into opening a dodgy message or video or what have you, would allow an attacker to execute malicious code with privileged process clearance on the victim’s phone or gizmo.

The other nine flaws addressed by this base set of patches include one elevation-of-privilege flaw in the Android media framework that can be exploited by an rogue installed app, and eight flaws in the Android System – five elevation-of-privilege bugs, and three allowing unwanted information disclosure. All eight can be exploited by installed applications, such as dodgy apps or ones with malicious updates pushed to them. All nine of these vulnerabilities were classified as “high” security risks.

The second batch of updates from Google contains the third critical fix. That bug, CVE-2019-2029, is a remote-code execution flaw in the System component that can be exploited by getting a victim to open a specially crafted file. Also patched in System are two elevation-of-privilege flaws (CVE-2019-2032, CVE-2019-2041) and one information-leaking blunder (CVE-2019-2037).

Hey, what’s Mandarin for ‘WTF is going on?’ Nokia phones caught spewing device IDs to China

READ MORE

April’s second batch includes in a fat set of bug fixes for open and closed-source Qualcomm drivers. Of those open-source component patches, one concerns a remote-code-execution flaw in WLAN Host that’s a classic buffer-overflow screw-up. Of the other 29 open-source Qualcomm driver fixes, all but one are in WLAN Host, with the lone outlier being a high-level flaw in the Linux kernel. The closed-source fixes have no details associated with them.

The update comes eight days before Android, Adobe and SAP are due to deliver their own security fixes. It is hoped that among Microsoft’s patch load will be a fix for an information disclosure flaw in IE and Edge that has reportedly gone unpatched for roughly 10 months.

James Lee, the researcher who discovered the flaw said that for the better part of a year he has been working with browser vendors to get the bug fixed, but with Redmond dragging its feet on a patch, he has decided to drop the flaw as a zero-day.

Meanwhile, Google has stopped selling the Pixel 2 and 2XL on its store. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/02/april_android_security/

Buca di Beppo, Earl of Sandwich, and Planet Hollywood were among the chains hit in a nearly year-long breach of their point-of-sale systems.

Customers at a series of Italian, sandwich, and film-themed restaurants have found their credit card numbers stolen after a cyberattack hit point-of-sale terminals at dozens of restaurants. Buca di Beppo, Earl of Sandwich, and Planet Hollywood restaurants, all owned by Earl Enterprises, suffered the attacks between May 23, 2018 and March 18, 2019.

KrebsOnSecurity alerted company officials to the breach after finding customer credit card numbers on underground shop Joker’s Stash. After verifying the information, Earl Enterprises issued a statement saying that malware on the PoS devices captured payment card data, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder names.

Earl Enterprises has provided an online tool to tell customers which locations were breached.

For more, read here and here.

 

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/restaurant-chains-hit-in-pos-attack/d/d-id/1334310?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Governments need to adopt strategic approach for dealing with concerns over telecom vendor’s suspected ties to China’s intelligence apparatus, NATO-affiliated body says.

A new research report from the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) recommends that the US government and its allies take a nuanced approach to dealing with China’s Huawei as a potential supplier of next-generation 5G technology.

While outright banning of the company’s products may be viewed as necessary by some governments, there is room for other options, such as implementing a government oversight body to evaluate Huawei’s hardware and software, the report says.

The UK’s Huawei Cyber Security Evaluation Centre (HCSEC) is the best example of how effective such an oversight body can be in addressing security and intelligence concerns tied to the use of Huawei’s technologies, CCDCOE says.

HCSEC is controlled by the UK’s National Cyber Security Center and, since 2010, has played a fundamental role in assessing the trustworthiness of Huawei’s technologies in the country, the report says. Just last week, HCSEC issued a scathing report that criticized Huawei for not having secure software development practices.

Huawei has established similar security assessment centers in Germany and recently Brussels, though those centers do not have a dedicated oversight board like the UK’s HCSEC.

“Instead of a blanket ban, the model of inclusive, competent, and transparent oversight embodied in the UK Huawei supervisory board is a good example” of options that governments might want to consider, says CCDCOE, a body of cybersecurity experts from 21 nations. “Such ‘confidence building’ and risk mitigation measures may, however, be accessible only to countries with extensive resources and expertise.” 

The US government has prohibited the use of Huawei’s technologies — including 5G — citing national security concerns over the company’s alleged ties to China’s government and intelligence apparatus.  

5G wireless technology supports much higher speeds than 4G, much better device connectivity, and reduced latencies. The technology is expected to enable a =new set of next-generation applications and use cases in areas such as robotics, virtual reality, and smart cars.

Huawei has established itself as an early leader in the space and is the only company currently able to produce all of the elements of a 5G network, the CCDCOE report says. Its closest competitors — Nokia and Ericsson — don’t yet have a viable alternative. Huawei and a handful of other Chinese telecommunications companies have been leaders in setting global standards for 5G and obtaining patents around the technology.

US officials have said that using Huawei’s technologies — especially next-generation 5G network technology — could expose the country to espionage and spying by China’s government and military. The US is now trying to get other Western nations to take a similar stance in banning the use of Huawei technologies.

Long-Standing Concerns
Fueling those concerns is China’s long record of corporate espionage and intelligence-gathering activities against the US and other Western countries that it considers as economic and military rivals. Ninety percent of economic espionage incidents between 2011 and 2018 have involved China, CCDCOE says. Huawei itself has been directly accused of similar actions leading to the arrest of its CFO in Canada earlier this year.

Recent Chinese laws, including the National Intelligence Law of 2016 and the 2014 Counterintelligence Law, have exacerbated concerns by specifically requiring organizations like Huawei to cooperate with and support national intelligence activities, CCDCOE says. Such acts have raised considerable concerns about the ability of Chinese state actors to introduce backdoors in technology products from the country.

“Core communications networks constitute fundamental infrastructure and therefore are an essential national interest, bearing national security implications,” the report says.

The fact that Huawei’s 5G technology will be deployed for backbone communications networks means that it would become part of the core national communications infrastructure for any country. Governments should therefore approach any discussions involving the acquisition and use of 5G technologies from a national security perspective, rather than from a purely technological one, the NATO-affiliated body says.

Huawei itself has described the US government’s stance as being motivated by geopolitical and economic rivalry. The company has accused the US of attempting to unfairly restrict its business; earlier this month, it filed a lawsuit in a Texas federal court challenging the constitutionality of the ban against the use of its products.

The US, though, is not the only country with concerns over Huawei’s dominance in an area as critical as 5G networking. The CCDCOE report identifies other nations, such as the Czech Republic, Australia, Japan, and New Zealand, as imposing restrictions on the use of Huawei products.

Germany and other EU nations are considering similar restrictions. But they have not taken the step yet, citing the lack of conclusive evidence tying Huawei to the Chinese government or military. “There is growing appetite among EU member states and NATO allies on EU/NATO coordination in this matter,” the report says.

But shutting the door entirely on cooperation with Huawei may backfire as well, the report warns. Such an action would potentially deprive industries in Europe and other regions of an opportunity to develop 5G services and leave development to be led by Chinese companies.

Ezra Gottheil, an analyst with Technology Business Research, says the US itself is unlikely to be hurt. “I don’t think the US is in danger of falling behind in the use and development of 5G if it continues to ban Huawei,” he says. “I think alternative vendors like Ericsson can deliver on 5G.”

At the same time, US officials are preparing for the fact that many countries over the next few years will transition to 5G networks based on technologies from Huawei and other Chinese vendors. According to a Washington Post report Monday, US cybersecurity experts have begun discussing ways to use encryption, network segmentation, and stronger security standards to minimize risk to critical systems when connecting to networks based on 5G technology from Huawei and other Chinese vendors.

Related Content:

• UK Watchdog Criticizes Huawei for Lax Software Security, Development
• Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
• Chinese Intelligence Officer Under Arrest for Trade Secret Theft
• 8 Nation-State Hacking Groups to Watch in 2018

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/mobile/nuanced-approach-needed-to-deal-with-huawei-5g-security-concerns/d/d-id/1334311?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Trusted relationships can become critical risks when suppliers’ systems are breached.

When a platform is attacked, there are well-practiced tools and strategies for response. When servers that provide software and firmware updates attacked, as in the ShadowHammer attack that hit Asus and its customers, remediation can be much more of a challenge and take both technological and behavioral forms.

Dark Reading last week reported on the basics of the attack, and on March 28 Skylight Cyber added to the story by publishing a list of the roughly 600 MAC addresses targeted in the breach. This is a more transparent way of accomplishing a task Kaspersky had published a tool for, in which a specific MAC could be compared against a hidden table of addresses to see whether it was targeted.

The ShadowHammer attack is a case in which attackers used a trusted supplier — which itself was using trusted certificates for authentication — to target a relatively small number of end users. But the impact of the attack may be felt far beyond the targeted systems as customers around the world lose confidence in the software, firmware, updates, and patches provided by Asus.

“Kaspersky’s investigation identified 600 MAC addresses — a unique identifier assigned to each networked device — hard-coded into ASUS’ backdoored update utility. This indicates that the wide-reaching attack was launched for the purpose of targeting a relatively small number of very specific devices,” says Mark Orlando, CTO of Cyber Protection Solutions at Raytheon.

The small number of devices targeted in ShadowHammer is not a factor unique to the attack. “A common thread among many of these supply chain attacks is that, despite having access to a trove of compromised systems at their disposal, attackers have only targeted a smaller subset of those systems,” says Satnam Narang, senior research engineer at Tenable.

One of the aspects of the attack that seems most damaging at this point is the breach of trust in the vendor/customer relationship. And in a security environment that often brings the requirement for rapid software and firmware updates to deal with zero-day or rapidly evolving threats, that breach in trust may be the most damaging of ShadowHammer’s effects. “This can result in end-user skepticism about applying software updates, which often contain critical security updates that, if left unpatched, could be exploited,” Narang says.

“We plainly see the need for validation of trusted-vendor channels in addition to digital signatures — which, in this case, appears to have further concealed the malicious activity by providing a false sense of integrity — not just for software and platform updates, but any ‘trusted’ vendor network which has access into our environment,” says Colin Little, senior threat analyst at Centripetal Networks.. 

That doesn’t mean channels like update servers should be given network carte blanche. “Organizations should take a hard look at supply chain security, and specifically software update security, in light of this report,” Orlando says.

Because compromised updates can be digitally signed and will likely get past signature-based protection, “the best defenses are a shift towards proactive analysis, e.g. threat hunting, and tougher scrutiny of third-party software,” he says.

Related Content:

• ASUS ‘ShadowHammer’ Attack Underscores Trusted Third-Party Risks
• Cisco Router Vulnerability Gives Window into Researchers’ World
• Citrix Breach Underscores Password Perils
• Security Spills: 9 Problems Causing the Most Stress
• 7 Malware Families Ready to Ruin Your IoT’s Day

 

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/shadowhammer-dangers-include-update-avoidance/d/d-id/1334306?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Few details yet on the March 30 ransomware attack.

The computer systems of the City of Albany, New York, suffered a ransomware attack over the weekend that still disrupted the city clerk’s office today.

Albany Mayor Kathy Sheehan in a press briefing today said while some of the city’s computers were down during the attack, no personal information appears to have been stolen, nor were emergency services dispatch affected.

City officials have provided few details on the attack, which began on March 30. 

Read more here. 

 

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/city-of-albany-hit-in-ransomware-attack/d/d-id/1334308?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

In a clear case of “What does this button do?” several members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.

The Guardian reports that 13 MEPs voting on the European Copyright Directive later said that they’d voted the wrong way and asked for their votes to be changed.

The European Copyright Directive is a ground-shaking regulation that could change the way we use the internet in Europe. There are two especially controversial articles in the Directive – 11 and 13 – that have internet rights advocates up in arms. The articles change the way that people share links and upload content online.

Article 11 is known as the link tax. It enables news sites to charge a fee to other sites that reproduce their work, or simply block links from those sites altogether. It means in principle that newspapers can charge sites like Google, which aggregates content for Google News, for reproducing just a few words of their headline or copy.

This sounds like a good idea for those who believe that original content producers should be paid for their work, but there are critics, as Cory Doctorow points out in this article for the EFF.

For example, it could unbalance the content landscape by paving the way for license agreements between large publishers, he warns. They could freely allow each other to aggregate or link to each others’ content while blocking smaller players. It could also blow up non-profit sites like Wikipedia, they worry, or enable information publishers to censor those who criticize their work.

Article 13 forces websites hosting user-generated content to block people from uploading copyrighted material without permission. Politicians have introduced it to stop people pilfering material like films and songs online without paying the original producer.

This seems fair, on the surface, yes?

Not according to some. One concern about the upload restrictions, for example, is that actually enforcing it without using filters is impossible. The worry is that (notoriously inaccurate) content filtering mechanisms would punish legitimate uploaders by detecting them as false positives, and that the websites couldn’t properly handle requests to fix the problem.

Poorly designed filters could also let illegitimate uploads slip through the net, worry critics. The surfacing of bootleg movies on Facebook has been a case in point.

MEP were confused about what they were voting for

The MEPs weren’t voting on the entire Directive. They were voting on whether to allow a set of amendments. Had that vote passed, they could then have had a separate vote on whether to change these two articles.

The MEPs asked for their votes to be changed, which would have altered the vote’s outcome and led to the crucial vote on the articles – but the European Parliament refused their request. So the future of the European internet could come down to a bunch of politicians that couldn’t work their voting buttons properly.

In any case, this program doesn’t seal the deal for the Directive. It must now be approved by the European Council, which will vote this month. Then, member states have two years to implement the Directive in their own laws.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/6mqyINsd_s8/

Here’s a quickie guide to storing top-secret classified national defense documents in your car and/or in your house: Just don’t.

Former National Security Agency (NSA) contractor Harold Thomas Martin III is facing up to nine years in lockup after having pleaded guilty last week to breaking that pretty simple, pretty common-sense rule.

The 54-year-old, who was formerly in the US Navy, worked as a contractor for at least seven different private companies, including government agencies, between 1993 and 2016.

In 2017, a federal grand jury in Baltimore indicted Martin for allegedly stealing what it estimated was a “breathtaking” 50 terabytes of classified intelligence data.

According to the indictment, Martin – whom federal defender James Wyda described as a “compulsive hoarder” – stole thousands of documents of intelligence from government agencies including the NSA and the CIA, some of which were rated top-secret.

Martin’s most recent job was working for Booz Allen Hamilton Holding Corp., the same consultancy that Edward Snowden worked for when he leaked top secret files to the press in 2013.

Shadowy business

In August 2016, the same month that Martin was arrested, a hacking group calling itself The Shadow Brokers claimed to have penetrated the NSA and stolen its cyberweapons, implying that the tools – “better than Stuxnet” – were worth more than $500m.

The investigators who sifted through the stolen data and documents discovered on a computer in Martin’s home said that they found 75% of those stolen cyberweapons.

Some of those stolen tools turned up in WannaCry, a nasty ransomware that, as of May 2017, had hijacked 200,000 computers in 150 countries.

But the indictment didn’t charge Martin with sharing any of the information he stole, including any of those tools that investigators found on his computer. Nor did it mention The Shadow Brokers, which tried (unsuccessfully) to auction off the weapons and then slashed the going rate, offering 99.9% off the original asking price.

In spite of investigators allegedly having found most of those cyberweapons on Martin’s computer, the government apparently couldn’t find any evidence that he planned to share or sell them.

Martin had been charged with 20 counts of willful retention of national defense information. Each count carried a maximum sentence of 10 years in prison, though maximum penalties are rarely handed out.

Martin copped a plea. On Thursday, he pleaded guilty to only one count of willful retention, admitting that for more than 20 years, he stole and hung onto a vast quantity of highly classified information, stashing it in his home and in his car.

According to the indictment, he knew he was not authorized to remove the documents from their secure locations:

Martin was never authorized to retain these documents at his residence or in his vehicle. Martin knew that he was not authorized to remove National Defense Information and classified documents from secure locations, was not authorized to retain them at his residence, and was not authorized to retain them in his vehicle.

If the government accepts the plea agreement, Martin will be sentenced to nine years in jail. Sentencing is scheduled for 17 July.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ti0uzyJPkK8/

Microsoft said on Wednesday that, with a court order in hand, it’s swatted 99 domains associated with the Iranian hacking group known as Charming Kitten (or APT35, or Ajax Security Team, or that Microsoft calls Phosphorus).

Microsoft said that its Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking the group since 2013. The group typically goes after computer systems of businesses and government agencies in order to steal sensitive information from industries including defense and entertainment.

It’s also targeted political dissidents, activists, government employees, and journalists – especially those involved in advocacy and reporting on issues related to the Middle East.

A kitten with a long history

Charming Kitten/Phosphorous/APT35 has been blamed for the 2017 attack on HBO that led to the leaking of 1.5TB of data, including un-aired episodes of several popular shows, a Game of Thrones script, staff contacts, account credentials, and financial data.

The group has also been linked to a defector from the US Air Force who fled to Iran and who was indicted in February for revealing top-secret information to the hackers, and was also allegedly behind a recent, sneaky phishing campaign that beat multifactor authentication (MFA).

Modi operandi de venuste catulus

In its criminal complaint, filed in the US District Court for the District of Columbia, Microsoft described the MO of Phosphorous as demonstrating skill and patience.

The group typically targets people’s personal accounts (as opposed to their work accounts) through spear phishing – using publicly available information to chat up a victim by dropping names, companies and/or content with which they’re familiar.

The hackers also use fake social media accounts to back them up as they social-engineer their way to information, including names of additional targets, and to convince victims to open up malicious attachments.

The group also sends emails crafted to look like there’s an issue with a victim’s account. They’ll use domain names that look like they’re tied to legitimate brands, and here’s where it gets personal for Microsoft and for Yahoo, which helped out in the investigation. Some of the domains it shut down the week prior to its announcement included, for example, yahoo-verify.net, outlook-verify.net, microsoft-update.bid, and verify-linkedin.net (LinkedIn being a Microsoft-owned company).

The hacking group also rigs up typosquatting domains. The full list of domains that Microsoft seized control of are listed in Appendix A of the criminal complaint.

Microsoft says that Phosphorous will sometimes disguise their command and control domains by using the names and trademarks of well-known companies, including “Microsoft”, Windows “Live”, and “LinkedIn”.

If any of that works in convincing a victim to click on a link, they’re whisked to a fake web page designed to steal the credentials they type in. That gives the hackers access to the victim’s accounts and emails. It also gives them access to victims’ address books, where they can harvest the contact information for yet more targets. Then too, they can delete the phishing email they sent to a victim, thereby erasing their tracks.

Phosphorous hackers have also directed victims to sites where they download malware that the hackers call “Stealer.” That’s what it does: once installed, the malware records keystrokes, takes screenshots of a victim’s computer screen, and steals their credentials for instant-messaging, email and other accounts.

Stealer also digs around in the guts of Windows products, including creating registry key paths bearing a Windows trademark and lying about this adulterated product being a “Process for Windows.”

Into the sinkhole ye go, scurvy Stealer

When Microsoft seized control of the 99 websites, it redirected traffic from infected devices to its Digital Crime Unit’s sinkhole. It will add the intelligence it collects from the sinkhole to what its MSTIC already knows about Phosphorus, and it will be added to its security products and services to beef up detections and customer protection, it said.

Charming Kittens and Fancy Bears and court cases, oh my!

If the case against Charming Kitten/Phosphorous/APT35 rings a bell, it’s because it’s similar to cases that Microsoft has filed against the notorious (and probably Russian) hacking group Strontium, better known to the world as Fancy Bear, or APT28.

It might seem quixotic to presume that you can take out nation-state hacking groups with sheaves of legal documents, but as we’ve noted before, Microsoft has found that it’s actually quite effective.

By March 2017, the company had managed to seize 70 web domains used by Fancy Bear (including one used in the 2016 attacks on the Democratic National Committee).

Have the legally sanctioned domain takedowns slowed these nation-state hacking groups down? Microsoft seems to think so – it refers to the takedown of 99 Phosphorous domains as having a “significant impact” on the group’s infrastructure.

More power to you, Microsoft. Given your deep pockets and will to keep battling in the courts, we hope you can keep taking significant chomps out of this rotten kitten’s operations.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/x9IP0va7NMw/

Russia has been conducting a major campaign to experimentally hijack signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers have claimed in a detailed report.

Technically, GNSS spoofing (as opposed to simpler jamming) is an attempt to send false positional signals to a receiver using global satellite networks such as the US GPS, China’s Beidou, Russia’s GLONASS, and Europe’s Galileo.

In recent years, there have been a flurry of small-scale reports of spoofing plus one major incident in the Black Sea in 2013 when at least 20 ships reported positioning anomalies blamed on the phenomenon.

What the team at the Center for Advanced Defense (C4ADS) has uncovered is the first confirmed example of a nation using this technique on a large scale.

The evidence emerged after the team spent a year crunching satellite data gathered by the International Space Station (ISS), detecting 9,883 suspected spoofing incidents at 10 global locations connected to its military, including Crimea, Syria, and the Russian Federation.

Since February 2016, this resulted in 1,311 civilian ships being fed the wrong positional coordinates from a range of civilian satellite networks.

Even when the attacks are noticed and corrected the effect is that of a nuisance denial-of-service on targets which are forced to fall back on older, less convenient systems. Says the report:

In effect, Russian forces now have the capability to create large GNSS denial-of-service spoofing environments, all without directly targeting a single GNSS satellite.

Another apparently routine if slightly From Russia With Love application of is to block the tracking of politicians, with numerous reports of “a close correlation between movements of the Russian head of state and GNSS spoofing events.” This suggested the development of mobile jamming units.

The researchers also found previously unreported evidence of GNSS interference near Russian military activity that represented a danger to civilian airliners using the same airspace.

The wider threat

Because the technology to carry out spoofing attacks is now so cheap, GNSS spoofing is unlikely to be the preserve of Russia for long and is now within the grasp of small groups and perhaps even lone wolves, the researchers say.

Meanwhile, because GNSS technology is now widespread in sectors such as energy, financial telematics, policing, and transport, there is no shortage of economic significant targets to aim at.

State and non-state actors engaged in illicit activity continue to show the lengths to which they are willing to go in order to both conduct and conceal their operations.

Their conclusion is that the world is likely entering an era when GNSS interference will become an everyday hazard, which sounds a bit alarming.

The counter view is that they’re easy targets and that not enough effort has been made to come up with ways of defending GNSS systems. The good news is that it’s not that hard to detect spoofing with the right technology, nor work out who might be doing it. For instance:

The collaboration between C4ADS and UT Austin researchers shows how GNSS receivers based on low-Earth-orbit satellites can be used to detect and geolocate interference signals worldwide.

However, it’s still the case that not enough people are paying attention to the problem or doing this kind of research. Perhaps publicity over the alleged Russian programme will achieve what expert opinion has so far failed to.

 

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/lJw2slsA7AI/

Darktrace, the security startup backed in part by Mike Lynch, the exec currently involved in a big civil fraud case being heard at the UK’s High Court, has nearly doubled turnover and reported deeper losses.

The firm, started by Cambridge Uni maths boffins and folk with infosec experience gained at intelligence agencies, said in its latest results (PDF) that revenue was up 93 per cent to £59.48m in the year to 30 June 2018.

Darktrace flogs what it describes as “Enterprise Immune Systems”, which use machine learning to identify and respond to threats and incidents across cloud, IoT, virtualized networks and industrial control systems.

“The technology is self-learning and requires no set-up, identifying threats in real time, including zero-days, insider and stealthy, silent attackers,” the blurb stated in its PL accounts filed at Companies House.

Marketing and distribution costs, admin expenses, RD and tax left Darktrace nursing a net loss of £39.33m, compared to £24.87m in the prior year.

In fiscal ’18, Darktrace sucked up $50.4m (£38.5m) in a Series E led by European private equity house Vitruvian Partners, taking total funding to $230.5m (c £175m) since it was incorporated in 2013. The company has a valuation of circa $1.65bn.

The business was co-founded by Nicole Eagan and Poppy Gustafsson, both former long-serving employees at Autonomy, which was itself founded by Lynch, who sold it to HP for $11bn in 2011.

The following year, Autonomy was written down by $8bn and HP management accused Lynch and his former CFO Sushovan Hussain of cooking the books to inflate the value of the software firm. HPE – as HP is now called – is currently seeking $5bn in compensation from the pair.

Board member Lynch and director Hussain both resigned from Darktrace – Lynch in October ahead of the trial and Hussain in 2016. You can find The Register‘s comprehensive coverage of the London Autonomy trial here. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/01/darktrace/