21st May 2018 update

Updates to Anti-Social Media 

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

New Scientist: Huge new Facebook data leak exposed intimate details of 3m users  – “Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.” And some commentary from The Register: How could the Facebook data slurping scandal get worse? Glad you asked – “Three million “intimate” user profiles offered to researchers”

And commentary from Sophos: Facebook app left 3 million users’ data exposed for four years

Updates to Cryptocurrency/Crypto-mining News and Resources

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

ZDNet: Brutal cryptocurrency mining malware crashes your PC when discovered  – “…the cybersecurity firm said the cryptomining malware aims to infect PCs in order to steal processing power for the purpose of mining the Monero cryptocurrency.”

Help Net Security: 25% of companies affected by cloud cryptojacking

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page may indeed be necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Updates to Tech support scams resource page

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Bip Dharma Ransomware Variant Released

ArsTechnica: All of Mugshots.com’s alleged co-owners arrested on extortion charges

Updates to Mac Virus

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

Help Net Security: Google will force Android OEMs to push out security patches regularly

Kaspersky: WHO’S WHO IN THE ZOO. CYBERESPIONAGE OPERATION TARGETS ANDROID USERS IN THE MIDDLE EAST

Symantec: Malicious Apps Persistently Appearing on Google Play and Using Google Icons
– “Seven apps have been discovered reappearing on the Play store under a different name and publisher even after these have been reported.”

Sophos: The next Android version’s killer feature? Security patches “…the next version of Google’s mobile OS will require device makers to agree to implement regular security patches for the first time in the operating system’s history.’

Updates to Anti-Malware Testing

I worked with Symantec’s Mark Kennedy for some time when I was on the AMTSO Board of Directors. He knows much more than most about the organization and product testing in general, and this is an excellent and informative article: AMTSO Testing Standards: Why You Should Demand Them – “When it comes to security product testing, a good test in one context can turn out to be meaningless in another.”

Updates to Chain Mail Check

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

David Harley

Advertisements

Devices on the dark side of your network

Infoblox have a very interesting report on What is Lurking on Your Network – Exposing the threat of shadow devices.

In his foreword, Gary Cox says:

“For IT departments, the complexities and security issues around managing BYOD schemes and unsanctioned Shadow IT operations have long been a cause for concern.

“In an increasingly complex, connected world, this challenge has now been exacerbated by the explosion in the number of personal devices individuals own, as well as the plethora of new IoT devices being added to the network.”

More reasons to feel uncomfortable with the unfettered enthusiasm for BYOD.

Commentary/summary from Help Net Security: Exposing the threat of shadow devices: “Employees in the US and UK admitted to connecting to the enterprise network for a number of reasons, including to access social media (39 percent), as well as to download apps, games and films … These practices open organizations up to social engineering hacks, phishing and malware injection.”

David Harley

May 12th resources update

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre and other chip-related resources

Updates to Mac Virus

Updates to Chain Mail Check

Palo Alto’s Unit 42 announces its report ‘Silverterrier: the rise of Nigerian business email compromise’ in the blog article SilverTerrier Update: Increasingly Sophisticated Nigerian Cybercriminals Take Bigger Part of $3B BEC-Related Losses

Springer: Leaving on a jet plane: the trade in fraudulently obtained airline tickets

David Harley

Tech support scams article for ESET

Update to Tech support scams resource page

Article by me for ESET: Tech support scams and the call of the void

“Christopher Burgess for Security Boulevard on what happens When Scammers Fill the Tech Support Void … says: “I still haven’t figured out why those companies that provide tech support tend to hide the connectivity to these saviors of their brand in the weeds of the website, but they do, and we search—and sometimes we strike gold.”

However, I don’t think the reluctance of companies to draw attention to their support services is too much of a mystery…”

There may be persuasive reasons why providers are reluctant to engage directly with their customers, but the consequences may be grim for both provider and customer.

David Harley

Ransomware/Wiper-related updates

Updates to: Ransomware Resources

Help Net Security: Organisations across the UK are still struggling with ransomware

F-Secure: The Changing State of Ransomware

Updates to Specific Ransomware Families and Types

In response to this useful article by Kaspersky, this page now includes information on wipers, which often resemble or masquerade as ransomware but are essentially just destructive.

Kaspersky Threat Post: 

Secrets of the Wiper: Inside the World’s Most Destructive Malware. “Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies.”

ESET has previously published quite a lot of material on Black Energy which can be found here. Of course, other articles are available, but I get to see most of the ESET articles before they’re published, so I’m more aware of them.

Added to the WannaCry (WannaCrypt, WannaCryptor etc.) resources page: 

Bleeping Computer: One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever

ESET:

David Harley

IoT resource/news updates

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

(1) Brian Krebs talks about the asymmetry in cost and incentives when IoT devices are recruited for DDoS attacks like one conducted against his site: Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K.

He observes: “The attacker who wanted to clobber my site paid a few hundred dollars to rent a tiny portion of a much bigger Mirai crime machine. That attack would likely have cost millions of dollars to mitigate. The consumers in possession of the IoT devices that did the attacking probably realized a few dollars in losses each, if that. Perhaps forever unmeasured are the many Web sites and Internet users whose connection speeds are often collateral damage in DDoS attacks.”

Some of his conclusions are based on a paper from researchers at University of California, Berkeley School of Information: the very interesting report “rIoT: Quantifying Consumer Costs of Insecure Internet of Things Devices.

(2) Product test specialists AV-Test conducted research into the security of a number of fitness trackers (plus the multi-functional Apple watch: Fitness Trackers – 13 Wearables in a Security Test. On this occasion, the results are fairly encouraging.

(3) Bleeping Computer: 5,000 Routers With No Telnet Password. Nothing to See Here! Move Along! – “The researcher pointed us to one of the router’s manuals which suggests the devices come with a passwordless Telnet service by default, meaning users must configure one themselves.”

(4) Help Net Security: Hacking for fun and profit: How one researcher is making IoT device makers take security seriously  Based on research by Ken Munro and Pen Test Partners.

David Harley

May 5th resource updates

Updates to Anti-Social Media 

Lots of commentary this week on Twitter’s mishaps with our credentials:

The Register: Google will vet political ads to ward off Phantom Menace of fake news – “Mountain View’s Empire Strikes Back against election meddling”

And The Register again, on old favourites Facebook: Time to ditch the Facebook login: If customers’ data should be protected, why hand it over to Zuckerberg? – “How The Social Network and its partners use that info is a total black box”

Updates to Cryptocurrency/Crypto-mining News and Resources

Help Net Security: Organizations should not overestimate the short-term benefits of blockchain

Updates to Meltdown/Spectre and other chip-related resources

The Register: Fresh fright of data-spilling Spectre CPU design flaws haunt Intel – “Chipzilla checking fresh set of CVEs in chip side-channel flaw”

And ESET’s resource article has been updated again: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

Updates to Internet of (not necessarily necessary) Things

Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.

Sophos: Half a million pacemakers need a security patch – refers to the FDA-approved firmware patch for Abbot pacemakers. “In September 2016, the company sued Internet of Things (IoT) security firm MedSec for defamation after it published what St Jude said was bogus information about bugs in its equipment … security consultants at Bishop Fox confirmed the validity of MedSec’s findings. The company begrudgingly stopped fighting and litigating and issued security fixes.

David Harley

3rd May AVIEN resources updates

Updates to Anti-Social Media 

Kaspersky Threat Post: TENS OF THOUSANDS OF MALICIOUS APPS USING FACEBOOK APIS – “At least 25,936 malicious apps are currently using one of Facebook’s APIs, such as a login API or messaging API. These allow apps to access a range of information from Facebook profiles, like name, location and email address.”

The Register:

Talking of Zuckerberg, here’s his summary of the forthcoming ‘Clear History’ control.

Updates to Cryptocurrency/Crypto-mining News and Resources

Catalin Cimpanu for Bleeping Computer: New MassMiner Malware Targets Web Servers With an Assortment of Exploits

The Register: Whoa, Gartner drops a truth bomb: Blockchain is overhyped and top IT bods don’t want it – “Didn’t you know it’s panacea to all corporate woes, bro?!”

Gad Naveh for Help Net: Dig this: The future of crypto-mining botnets

Trend Micro: Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

Updates to Meltdown/Spectre and other chip-related resources

Hilbert Hagedoorn for The Guru of 3-D: Eight new Spectre Variant Vulnerabilities for Intel Discovered – four of them critical

The Register: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores – “Sneaky processors look to keep lid on sensitive IoT data”

ESET: further updates to Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

Updates to Internet of (not necessarily necessary) Things

The Register: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores – “Sneaky processors look to keep lid on sensitive IoT data”

Trend Micro: Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

Sophos:

Richi Jennings for Tech Beacon: VW bugs: “Unpatchable” remote code pwnage – “Two security researchers have excoriated Volkswagen Group for selling insecure cars. As in: hackable-over-the-internet insecure.”

Updates to Specific Ransomware Families and Types

Paul Ducklin for Sophos: “SamSam” ransomware – a mean old dog with a nasty new trick

David Harley

Resource updates May 1 2018

Updates to Anti-Social Media 

The Guardian: WhatsApp CEO Jan Koum quits over privacy disagreements with Facebook – “WhatsApp was built with a focus on privacy and a disdain for ads, but the Facebook-owned service is now under pressure to make money”

Selina Wang for Bloomberg: Twitter Sold Data Access to Cambridge Analytica–Linked Researcher. And commentary from Help Net.

ENISA: Strengthening network & information security & protecting against online disinformation (“fake news”) – “In this paper, ENISA presents some views on the problem of online disinformation in the EU from a Network and Information Security (NIS) perspective. A number of recommendations are presented which relate both to general NIS measures, as well as targeted measures to protect against online disinformation specifically.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Coin Telegraph: Scammers Hijack Verified Twitter Account To Steal Crypto By Posing As Telegram CEO

Updates to Chain Mail Check

ESET: This test will tell you how likely you are to fall for fraud

David Harley

27th April resources updates

Updates to Anti-Social Media 

Also from Sophos: Know what Instagram knows – here’s how you download your data

The Register: Facebook: Crisis? What crisis? Look at our revenue, it’s fantastic “But analysts say ditch your stock as opex set to blow up”

And again from Sophos: Yahoo fined $35m for staying quiet about mega breach

Updates to Cryptocurrency/Crypto-mining News and Resources

The Register: Power spike leads Chinese police to 600-machine mining rig – “Six Bitcoiners cuffed for electricity heist”

Updates to Meltdown/Spectre and other chip-related resources

Kaspersky Threat Post: MICROSOFT ISSUES MORE SPECTRE UPDATES FOR INTEL CPUS – “Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware (microcode) updates for Intel CPUs that include the Broadwell and Haswell chipsets.”

ZDnet: A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Commentary on Exploiting CVE-2018-1038 – Total Meltdown

Updates to Internet of (not necessarily necessary) Things

Graham Cluley: The NSA wants its algorithms to be a global IoT standard. But they’re simply not trusted – “Why were the algorithms – known as Simon and Speck, and – rejected? It seems because … [they] might contain encryption backdoors that would be abused by US authorities.” I’ve always tended to mistrust standards espoused by professional politicians, who are rarely as knowledgeable on security issues as they would have us believe. Film and TV makers are often deeply mistrustful of government agencies – conspiracy theories make good drama. And in recent years, that mistrust has been reinforced by real news. It’s no wonder if people fear that the Internet of Things will tip into 1984 telescreens. But perhaps they should be at least as distrustful of the private sector. 

The Register: Princeton research team hunting down IoT security blunders – “IoT Inspector is currently at the data-gathering stage, with the aim of launching an open source tool for users to get some idea of what their devices are doing.”

Bleeping Computer: Ski Lift in Austria Left Control Panel Open on the Internet – “Officials from the city of Innsbruck in Austria have shut down a local ski lift after two security researchers found its control panel open wide on the Internet, and allowing anyone to take control of the ski lift’s operational settings.”

Updates to Tech support scams resource page

Erik Wahlstrom for Microsoft talks about tech support scams, the volume of complaints Microsoft receives, and the partnerships it has built in an effort to reduce their impact. Worth reading. Teaming up in the war on tech support scams. Some commentary and basic advice from Graham Cluley: Reports of tech support scams rocket, earning handsome returns for fraudsters.

Updates to: Ransomware Resources

Bleeping Computer: Ransomware Hits HPE iLO Remote Management Interfaces “Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. ”

Updates to Specific Ransomware Families and Types

Bleeping Computer: Ransomware Hits HPE iLO Remote Management Interfaces “Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. ”

Bleeping Computer: New C# Ransomware Compiles itself at Runtime. Announced by the MalwareHunterTeam.

Updates to Chain Mail Check

Me… Microsoft on support scams – plus, assessing gullibility

David Harley