News Items

Fujitsu has announced a high-speed forensic technology that they have developed to identify the degree to which an organization's intranet has been damaged after a targeted cyberattack. Fujitsu's new technology shortens the average time required to identify damages inflicted by cyberattacks, from weeks to minutes. This new technology will be added to Fujitsu's Security Solution Global Managed Security Service, which also provides enhanced support for security resilience, mitigation of risks, and minimization of damage from cyberattacks. This article provides further details behind this new technology and Fujitsu's collaboration with US-based Dtex Systems to improve upon human behavior through machine learning.

GSN reports "Fujitsu high-speed technology identifies within minutes damage from cyberattacks"

Check Point researchers have conducted an investigation to decipher the operation behind banking malware. It has been discovered that the development and operation of banking malware requires little skill with the availability of simplified tools and open source code. Studies also show that the spread of banking malware has increased through Google Play and obfuscation techniques. This article further discusses how attackers are gaining access to such tools and open source code to create banking malware, how distribution of this malware has increased, and other findings of this study.

SC Media reports "Unraveling mobile banking malware, Check Point"

The massive spread of the WannaCry ransomware to more than 100 countries within a few hours have left cybersecurity researchers baffled as to how this attack was initiated, the rapid speed of which it spread as well as how the hackers behind this attack aren't making an abundance of money from it. This article further discusses the details of WannaCry, the difficulties of investigating the initial starting points of this attack, how this malware differs from other ransomware, and possible links to this attack.

Reuters reports "Oddities in WannaCry ransomware puzzle cybersecurity researchers"

Researchers at federally funded laboratories and academic research centers are prepared to introduce new cybersecurity technologies that they have developed to the commercial market. The eight new technologies will be showcased by DHS Science and Technology Directorate's Transition to Practice program on the 16th of May in Washington D.C. Each fiscal year, the TTP program showcases a selected set of promising federally funded cybersecurity technologies to merge into its well-established transition-to-market program. This article further discusses the details of this program and outlines the eight new TTP technologies that will be introduced this year.

Homeland Security News Wire reports "DHS S&T's Transition to Practice program unveils 2017 cohort"

A study conducted by Bronium, a cybersecurity company, at RSAC 2017 reveal the average percentages of security professionals that have admittedly given into ransomware demands as well as evaded or disabled security protocols put in place by their organization. Possible reasons for this increase in security workarounds include security fatigue and overconfidence in current security implementations. This article further discusses the results of this study, possible reasons for this increase in security sidestepping, and strategies for minimizing the acts of circumventing security standards and practices within an organization.

TechRepublic reports "Study finds cybersecurity pros are hiding breaches, bypassing protocols, and paying ransoms"

Researchers from Carnegie Mellon University and the University of Chicago have introduced a new advanced password meter to assist people in creating stronger passwords. Traditional password meters will simply indicate whether a password is weak or strong, but not how to improve upon it. The newly developed password meter provides real-time feedback and suggestions to a user as they are typing their password. The meter functions through the operation of an artificial neural network. This article discusses how researchers conducted their study of password creation, findings of this study, and where their study will be presented.

Phys.org reports "Researchers unveil new password meter that will change how users make passwords"

A new IoT Botnet, Persirai, has been discovered by researchers at Trend Micro. Persirai has targeted 1,000 different models of IP cameras, leaving 120,000 cameras vulnerable to attacks. This article further discusses the details of Persirai, how researchers uncovered this new IoT botnet, notable differences from the notorious Mirai botnet, and suggestions for improving the implementation of security for IP cameras in order to prevent the infiltration of such attacks.

Dark Reading reports "New IoT Botnet Discovered, 120K IP Cameras At Risk of Attack"

Researchers at Technische Universitat Braunschweig in Germany have recently shared their research into the discovery of ultrasonic beacons being used to monitor consumer purchasing and television viewing habits to generate targeted advertising. Researchers have discovered that 234 Android mobile applications covertly listen for ultrasonic beacons that are embedded in audio, which can be used to track users and form relevant advertising. This capability raises great concerns pertaining to privacy. This article further discusses the key discoveries made by researchers and outlines other highlights of research shared within "Privacy Threats Through Ultrasonic Side Channles on Mobile Devices."

Threatpost reports "Privacy Threats Through Ultrasonic Side Channles on Mobile Devices"

Researchers at University of Wisconsin- Madison have developed a detailed map that outlines the structure of the worldwide internet called the "Internet Atlas". This map considers physical elements not visible to the average user, but are crucial to the infrastructure of the internet. Elements include submarine cables buried underneath the ocean floor and distributed between continents to support communication as well as data centers containing many different types of data that are held within buildings around the world. This article further discusses the development of Internet Atlas along with how network performance and security is expected to improve with the help of this mapping.

Homeland Security News Wire reports "Internet Atlas maps the physical elements of the internet to enhance security"

Security researchers reveal that a brain-wave-sensing headset by the name of "Epoc+", can be used to steal private data such as passwords and pins via brain interfaces. Manufactured by Emotiv, the Epoc+ is a headset device with attached electrodes, which are used to perform electroencephalography (EEG), detecting voltage variations in the outer layer of the brain. The main intents of this technology are to detect emotions and allow users to control robots with their thoughts. This article further discusses the uses of this technology, how researchers demonstrated the security risks that could arise with the use EEG headset technology, the motive behind this research, and Emotiv's response to this study.

MIT Technology Review reports "Using Brainwaves to Guess Passwords"

According to new research conducted by Trend Micro and outlined in their report, "Rogue Robots: Testing the Limits of an Industrial Robot's Security", robotic manufacturing systems are extremely vulnerable to attacks as it has been revealed that 83,000 units are easily exposed via connection to the internet and poor authentication. This article briefly discusses what this research highlights, some points outlined within the report, as well as how attacks could be detected in robot devices.

Infosecurity Magazine reports "Robots Under Attack: Trend Micro Uncovers New Risks"

Rogue Robots: Testing the Limits of an Industrial Robot's Security

Considering the growing percentage of Americans owning smartphones and the significant amounts of personal and private data that is being stored on these devices, one layer of security is not substantial enough for protecting all that data. This thin layer of security is the password that unlocks the smartphone's screen. Researchers have developed another authentication method that is expected to replace passwords, called "user-generated free-form gestures", which would allow owners to draw their own pattern on the screen instead of entering a password. This article discusses the comparison between this new method of authentication and biometric authentication methods, the capabilities and measurements within this new method, along with the expansion of this type of authentication to other platforms.

The Conversation reports "Could a doodle replace your password?"

UK's most popular banks have been targeted in a scheme in which hackers use fake website domains to impersonate them, deceiving customers into revealing their personal details such as sensitive login credentials. Researchers at DomainTools, a cybersecurity firm, have found a significant number of fake websites posing as different financial firms and a selection of US-based retailers. Researchers have also revealed the method that hackers are using, known as "cybersquatting", which is the act of inexpensively purchasing website domains then designing each website to appear legitimate by displaying brand names and trademarked logos. This article further discusses the details of this hacking scheme, specific banking services that have been targeted, and suggestions for brands in handling domain name registrations.

IBTimesUK reports "Hackers using 'cybersquatting' tactics to spoof websites of UK's biggest banks"

IEEE Standards Association has announced the launch of a new program called Digital Inclusion through Trust and Agency, which will focus on creating standards for the protection of consumer and patient data, specifically in consideration of identity and blockchain technology. This press release outlines the goals of this new initiative, which programs will be complemented by this new program, as well as which multi-disciplinary fields and sectors program members will represent.

"IEEE Standards Association Announces Initiative Designed to Protect Digital Identity for the Global Community"

A new Mac malware dubbed "Dok" has been discovered by researchers from Check Point. Researchers reveal that this malware is mainly targeting German-speaking European users through a surge of spam emails. This malware utilizes Android-like nag screens to acquire admin privileges and funneling tactics to transmit traffic through a remote proxy. This article further discusses the details of Dok, capabilities and attributes of this malware, as well as how this malware performs as demonstrated by researchers.

BleepingComputer reports "New Dok Mac Malware Uses Nag Screens, Intercepts Encrypted Web Traffic"

Nomx is a startup company that claims to provide the most secure email service by offering a device, which could be used to set up a personal email server, avoiding connection with the naturally "vulnerable" mail exchange. Scott Helme, a security researcher, decided to challenge the claims of ensured security from Nomx by examining the device's true structure and process. Helme discovered numerous vulnerabilities within the software, which would allow anyone to hijack the device remotely if the user were to be tricked into visiting a malicious site. This malicious act is known as cross-site request forgery (CSRF). This article further discusses the vulnerabilities of Nomx's device, as well as the response of Will Donaldson, the CEO of Nomx, in regards to these flaws.

Motherboard reports "'World's Most Secure' Email Service Is Easily Hackable"

Researchers at University of Michigan have shared their findings of hundreds of applications in Google Play having the capability of allowing a phone to act as a server as the owner connects to that phone from their PC. This capability raises major security risks as a great number of these applications leave insecure ports open on smartphones, which could be exploited by hackers to steal sensitive data or install malware. This article further discusses how researchers went about determining and demonstrating the scope of this port problem along with the identification of vulnerable popular apps.

WIRED reports "An Obscure App Flaw Creates Backdoors In Millions of Smartphones"

Adam Mudd has been sentenced to two years in prison after he plead guilty to developing and selling a distributed denial-of-service attack tool by the name of "Titanium Stresser". Mudd was 16 years old when he developed this malicious tool that has been used to target multiple organizations such as Microsoft and Sony. Though Mudd has been arrested for the cybercrime he has committed, his work still remains impactful worldwide as this malicious tool has been used to launch more than 1.7 million DDoS attacks. This article further discusses the prosecution of Mudd, how his case was investigated, as well as the common origin of teen cybercrime offenders and how their skills could be guided toward legitimate activities.

Data Breach Today reports "Teen Hacker Sentenced Over 'Titanium Stresser' Attacks"

Blockchain technology offers alternative approaches for managing, distributing, and sharing data to avoid massive data loss or damage in single point of failure systems. Blockchain technology features are classified into three components, which include protection from identity theft, ensuring data integrity by preventing the tampering of data, and stopping DDoS attacks from infiltrating and damaging centralized infrastructure. This article discusses what Blockchain technology provides beyond traditional endpoint protection, and how new alternatives offered by this technology would help in advancing cybersecurity with the three highlighted features.

Nasdaq reports "Advancing Cybersecurity with Blockchain Technology"

The latest version of Google Chrome tackles phishing by restricting how domain names made up of non-Latin characters are displayed by the browser as attackers were using a certain technique involving these characters to create highly convincing phishing websites. Internationalized domain names are converted into ASCII-compatible form then displayed with their non-Latin characters to billions of internet users through browsers that support Unicode, allowing users to read domain names in their native language. Though this process facilitates global internet usability, it also raises issues of security as some characters could be substituted for another set of characters from a different alphabet, matching in appearance. This technique can be used to spoof URLs and launch phishing attacks. This article further discusses how browsers perform checks on these types of malicious activity, how this malicious act was discovered and demonstrated, as well as how Google Chrome and other internet browsers are reacting to this issue.

PCWorld reports "Phishing attacks using internationalized domains are hard to block"

Security researchers state that the Stuxnet worm flaw is still the most exploited despite Microsoft's release of a patch to fix this flaw seven years ago. According to Kaspersky Lab, the Windows Shell flaw responsible for the Stuxnet worm is still first in the ranks of exploits targeting users in 2015 and 2016, mainly because of the self-replicating feature possessed in this attack. This article further discusses why this exploit is so powerful as well as suggested mitigation of this exploitation.

SecurityIntelligence reports "Stuxnet: The Computer Worm That Keeps on Living"

Security vendor, Rapid7, has a released a quarterly threat intelligence report, outlining analyses of encountered security incidents by customers, which were then handled and managed by the company's services. This report reveals that advanced persistent threats were less common for companies not in conjunction with nation-state interests and that such threats have not been an issue for most organizations in the first quarter of 2017. Organizations in alignment with government, manufacturing, aerospace, and other industries formed by nation-state interests were the most impacted by APT activity. This article further discusses the handling of APT attacks, other findings and analysis made by Rapid7, along with the issues of security monitoring in organizations.

Dark Reading reports "APT Attack Activity Occurs at 'Low, Consistent Hum,' Rapid7 Finds"

Rapid7 Threat Report 2017 Q1

SoS Musings #2

Empirical Research