How will cyber criminals exploit the RCE vulnerability in EOS Blockchain using Smart Contracts?

Colleagues, Chinese researchers at Qihoo 360 have discovered an RCE (remote code execution) vulnerability in Blockchain EOS when using smart contracts. This bug potentially allows hackers to take complete control over node servers.  Commonly referred to as Blockchain 3.0, EOS is an open source platform smart contracts. The RCE flaw is considered by some to be a 51% attack. Bottom line question: How vulnerable are node servers on a Blockchain to the RCE bug? Specific mitigation methods are rather illusive. However, CSD recommends your review of “Bug Characteristics in Blockchain Systems: A Large Scale Empirical Study” published by the Singapore Management University.  Share your mitigation recommendations and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)

How Secure is AWS Authentication when using Google’s identity service for user identification?

Colleagues, Amazon Cognito can provide authentication, authorization, and user management for AWS users of mobile apps. This process involves a better understanding of federated authentication mechanism, a simplified credential management for teams who already have Google accounts, Customize authentication mechanisms at very low maintenance costs while serving as a good alternative to deploying and configuring our own IDP service Codecentric recommends a three step process: First, build a simple web service using AWS API Gateway and AWS Lambda. Second, use AWS IAM is the AWS service for access control. And third, employ using the AWS Secure Token Service together with Google Sign-In. Given the significant growth of both Amazon AWS customers who also use Google’s identity service the critical question is just how secure is this process? Without doubt both vendors systems are highly secure, however we are less certain about the security and viability of using the two disparate system in tandem. Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

VPNFilter Router Malware Attack – Is Russia Up to its Common Tactics?

Colleagues, the US FBI and DHS along with the UK’s National Cyber Security Center jointly warned that hackers working on behalf of the Russian government are compromising large numbers of routers, switches, and other network devices . Code-named VPNFilter, this malware has primarily targeted some 500,000 consumer and small business router worldwide … yet with a geographic focus on the Ukraine. Sound suspicious? It contains the RC4 encryption cipher BlackEnergy. BlackEnergy has been used in a variety of attacks tied to the Russian government. The type of devices targeted by this actor are difficult to defend. Most of the impacted routers are on the perimeter of the network with no IPS and commonly without do not have an AV package. Read the Cisco Talos security report by clicking here. So who is behind VPNFilter? CSD supports the Russian origin theory. What about you? Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

How Serious is the ZipperDown iOS App Programming Vulnerability?

Colleagues, China-based jailbreaker Pangu Labs has identified a vulnerability which they project impacts some 9.5% of the 168k Apple iOS apps may have. The root cause appears to be an app programming error that can lead to code execution and data overwritten in the affected apps." Some of the more noteworthy iOS apps impacted include but not limited to QQ Music, MOMO, Weibo, Kwai and NetEase Music. The ZipperDown web site provides a good FAQ yet is short on mitigation details. Bottom line: How far reaching are the consequences of ZipperDown?  And is there a comparable bug in Android apps? Details to follow. For now, share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

RSA Conference’s Cybersecurity Tech Accord – Substance or Delusion?

Colleagues, during last month’s RSA Conference 34 tech companies including Microsoft, Facebook, HPE, ABB, Arm, Cisco, Nokia, Oracle, and Trend Micro announced a Cybersecurity Tech Accord (aka Digital Geneva Convention) pledging to mount a united effort against state-sponsored cybercrime and warfare. Notable abstentions included Amazon, Alphabet and Apple. According to Juniper Research cybersecurity attacks on organizations and commercial entities is expected to reach an $8 trillion impact by 2022. The essence of the Accord is a four-fold commitment to: 1) Share threats and minimize the potential for malicious code to be introduced into cyberspace, 2) Protect all customers globally regardless of the motivation of the attack, 3) Will not help governments launch cyberattacks against innocent citizens, and 4) Empower users to make effective use of their products with new security practices and new features. Here at CSD applaud this move … particularly in light of increased cyber threats from Russia, Iran, North Korea and non-state bad actors. Bottom line: Will the four-fold commitment of the Accord be fulfilled in concrete deeds not just words on a signed piece of paper to appease the public and free-democratic governments? Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

“Roaming Mantis” – Assessing the Impact of Android Malware on Users

Colleagues, rapid evolution, cryptojacking, global scope, mobility and DNS hijacking. These are the traits of a Tier 1 malware threat to the 2 billion+ Android-based devices across the world and Roaming Mantis appears to have them all. This voracious malware was first identified in in Japan during March 2018 when infected routers began redirecting users to compromised websites. Roaming Mantis currently supports 27 different languages and has expanded to users on four continents. This new version contains a script for the popular cryptocurrency miner Coinhive and the capability to target iOS devices in addition to Android devices. What are the most effective mitigation techniques? Security Affairs focuses on mitigation beginning with securing routers, using up-to-date firmware, enforcing strong passwords for admin access and disabling remote access to the administration interfaces on the routers. This attack targets DNS services running on routers. A DNS service running on a server inside your network is not at risk to this attack. And only install software from trusted app stores such as Google Play and the Apple App Store. We also recommend the SecureList’s APT Mitigation in-depth checklist. Comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

Syrian Electric Army Delivers Cyber Attacks to Defend Bashar al-Assad

Colleagues, while the SEA does not have the statute of their counterparts in Russia, Iran or North Korea, it represents a formidable cyber warfare threat to opponents of Bashar al-Assad including the US, Israel and Western European nations. In fact three of its members have made their way onto the US FBI’s Cyber Most Wanted List. The group gained initial attention in 2011 and since then has conducted attacks with ideological motives. Their tactics include DDoS attacks, DNS hijacking, launching fraudulent fabricating Facebook and YouTube sites, spear-phishing and Web site defacement. The rampant civil war in Syrian combined with the presence of US and NATO forces has served to fuel the fire for SEA. They are behind the defacement of the US Army’s public web site, a hack of the LinkedIn portal and the RSA (Security) Conference site. Bottom line: Although SEA does not have the prowess of its tier 1 peers in North Korean, Iran and Russia, it must be taken seriously and we support all appropriate proactive counter-measures to undermine this cyber enemy. Comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

North Korean Proxy the Lazarus Group’s Malware Suspected to go beyond Central American casinos

Colleagues, financial gain appears to be the root cause motive behind the recent Lazarus Group’s (or Hidden Cobra) malware attacks on casinos in Central America, a bank in Bangladesh and potentially of the soft targets. This is the same entity suspected of the 2016 cyber-attacks again US-base Sony Pictures. KillDisk is a standard detection name that ESET uses for destructive malware with disk wiping capabilities and helped detect Win32/NukeSped and Win64/NukeSped attacks. The number of systems affected and financial loss to such malware has not been well quantified. How can KillDisk be mitigated? A comprehensive silver bullet solution is unknown the Cyber Security Defender recommends a careful review of the Australian Government’s Department of Defence publication entitled Strategies to Mitigate Cyber Security Incidents. What is the Lazarus Group’s next target? Share your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

The Cyber Threat Within: US FBI Identifies “Vault 7” Attack Suspect at the CIA tied to WikiLeaks

Colleagues, former US CIA cyber expert Joshua Adam Schulte is the FBI’s prime suspect in releasing top secret cyber methods and measures to WikiLeaks in 2016. Schulte is in custody in NYC. Schulte is charges with distribution of national defense information including computer code designed to take over iPhones and convert smart televisions into surveillance devices. It appears that Schulte follows in the footsteps of Americans Jonathan Pollard, Edward Snowden and WikiLeaks Australian founder Julian Assange. Aside from the fact that he was labeled as a “disgruntled employee” at the CIA its remains to be seen what motivated Schulte. Bottom line: Despite advanced human factors, cyber security software and profiling, governmental and private sector entities alike must remain increasingly vigilant against the potentially treasonous acts of employees and third party contractors. Further resources must be devoted to mitigating and preventing internal threats. Share your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

Can We Expect Iran to Launch Cyber Attacks in Retaliation for the US Revoking the Nuclear Arms Agreement?

Colleagues, anger, outrage and retribution lye at the heart of Iran’s response to the US’ withdraw from the JCPOA agreement on May 9, 2018. As such we predict Iran, possibly aided by Russia, will unleash a new round of cyber security attacks against US interests in North America and abroad. The Iranian government has been accused by western analysts of its own cyber-attacks against the United States, Israel and Persian Gulf Arab countries. Like its allies Russia and North Korea, it is widely believed that Iran has heavily invested to strengthen its offensive cyber capabilities such as the Iran Hackers Sabotage. Israel’s Institute for National Security Studies (INSS) purports that Iran is "one of the most active players in the international cyber arena". So what to expect? Our view is that Iran will seek out soft cyber targets in the US communications, financial and energy sectors. But for Iran the real prize would be an attack on a US federal government or military installation with the goal of sending a clear “political” message to the Trump administration. Share your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

Measuring the Vulnerability of the US Power Grid to Russian Cyber Security Attacks

Colleagues, the US financial, communications, transportation and especially energy infrastructures are all prime targets for Russian state-sponsored cyber threats. Without energy (power) the other mission-critical infrastructures are rendered useless. US DHD has stated “Russia has attempted to attack targets that include "energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors since March 2016”. Russian hackers made their way to machines with access to critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants. A chief suspect is Russia’s Internet Research Agency located in St. Petersburg. While past attempts have come up short we must fully assume that Russia is using quantum cryptography techniques to break into US and European energy systems. Bottom line: The US needs to aggressively move from a defensive an asymmetric and continuously to dispute, destroy and Russian infrastructure while forcing the enemy to divert their offensive resources to protecting their homeland. Post your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

How Serious is the Security Risk of the newly Discovered “Efail” Encryption Threat?

Colleagues, researchers at Germany’s KU Leuven, Ruhr University Bochum and Munster University published a new paper detailing the risk of Efail to OpenPGP and S-Mine encryption standards. OpenPGP, the commonly employed email encryption method was OpenPGP was originally derived from the PGP software. Whereas, S/MIME is based on asymmetric cryptography to protect your emails from unauthorized access. Efail enables an attacker to use the target’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker. Efail exploits plaintext-recovery attacks on email standards as opposed to network protocols TLS, IPsec and SSH. The email apps deemed to be most at risk include Mozilla Thunderbird, iOS Mail and Apple Mail. Two mitigation techniques have been identified. First, decrypt emails outside of their primary email client. And second, disable HTML rendering. Open issue: Just how serious and widespread of a threat does Efail represent to corporate and individual email users? Let us known your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)

Assessing the Impact of GDPR on the EU’s Consumer-First Policy

Colleagues, balancing the online protection of consumers vis-à-vis free trade and commerce flows is a challenge to any government. This challenge is at the very forefront of the EU’s new General Data Protection Regulation which goes into effect on May 25, 2018. The GDPR includes nine significant changes for EU citizens relative to its predecessor Data Protection Directive 95/46. They include Breach Notification, Right to Access, Right to be Forgotten, Data Portability, Privacy by Design, Data Protection Officers, Extra-Territorial Scope, Consent and Penalties. The UK’s 66m citizens will live under GDPR governance until Brexit goes into effect on March 29, 2019. Bottom line: What impact will GDPR have on consumers and businesses alike in the months and years ahead? For the moment let’s take a 30k foot handicap of the world’s three major economic trading zones: North America (standing firm), Europe (a vibrant history trying to maintain parity) and Asia (on a voracious growth trajectory). While EU-based businesses will feel little-to-no impact, how will multi-national corporations based in North America and Asia respond? In essence, what is their risk-reward posture for doing business on the European continent? Share your comments and join us today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

AI Being Weaponized to Launch Next Gen Cyber Security Warfare

Colleagues, while offensive cyber security warfare motives remain largely unchanged – economic, financial, technological and political – 2018 is seeing the relentless rise of AI weaponized cyber security attacks and state-sponsored warfare. On the surface there is nothing new when it comes to spear-phishing, malware, DDoS, automated bots, ransomware and KYC breaches. However, as these measures and methods are “AI-enabled” the threats they pose are a quantum leap ahead of their conventional predecessors. Warfare tools such as Sentry MBA, Death by Captcha and each phase of the infamous kill chain model. Bottom line: The increased cyber threat posed by AI required a comparably higher level of defensive cyber warfare methods which place even greater demands on limited OPEX by governments, businesses and non-profit entities across the globe. We will continue to address this dire topic in our posts and related resources. Share your thoughts today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

AI Gains Momentum in Empowering Proactive Cyber Security

Colleagues, 2018 is likely the year in which AI-powered cyber security prevention approaches parity with its arch-nemesis AI-powered cyber security attacks There are four key areas organizations can focus their offensive-proactive cyber security posture, most notably DDoS attacks: Threat Prediction, Detection, Protection and Mitigation. Where to begin? We recommend assessing the following solutions to determine which best meet your needs: E8 (now part of VMware), Darktrace, Cyland, Palo Alto Networks, Vectra and the new Symantec-Bay Dynamics partnership. Take a look and share your thoughts today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

What Impact will Malware Botnets have on Cryptocurrency Mining?

Colleagues, the rise of Cryptocurrency mining – whether via mining ASICs, pools or cloud-based solutions – has been accompanied by a significant increase in malware … specifically botnets. Bitmain, ViaBTC, Slush, F2pool, BTC, Bitclub Network, HashFlare, Genesis Mining and others all need to take increased measures to protect against the onslaught of new malware. Smominru and DDG are among the more ominous server-based botnets while ADB.A, Mirai and Loapi all pose serious threats to crypto mining. So which solutions are available to the crypto mining sector? WAFs from F5, Imperva and Akamai each provide some degree to protection, however, the Crypto mining botnet threatscape appear to be outpacing the development of effective solutions leaving – at least in the near-term - Crypto Mining with big holes in its defense arsenal. Send us your thoughts and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)

Will the Repeal of Presidential Policy Directive 20 Give POTUS Greater Cyber Warfare Offensive Prowess?

Colleagues, US NSA official are advocating the repeal of Presidential Policy Directive 20 (PPD 20) in an effort to provide the US Presidential with greater flexibility, freedom and proactive use of offensive cyber warfare strategies. The Cyber Security Defender strongly supports this move. PPD 20 was originally approved by President Obama to help combat cyber threats from state and non-state foreign actors including Russia, China, Iran, North Korea and others. Unlike the War Powers Resolution for conventional warfare which involves a request from POTUS and approve by the US Congress, declaration of cyber warfare is a much more grey area. We believe that the state actors mentioned above have invested in offensive cyber warfare capabilities at a far larger and faster rate than the US over the past decade. Nonetheless, POTUS needs to address issues of cyber jurisdiction and priority with a firm hand when it comes to the CIA and NSA. Nonetheless, new National Security Advisor John Bolton’s advocacy of ending PPD 20 has unquestionable merit and needs to be acted upon with due haste. Share your thoughts and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

NATO Wins the CCDCOE Locked Shields Cyber Warfare Competition

NATO Centres of Excellence (COEs) are nationally or multi-nationally funded institutions that train and educate leaders and specialists from NATO member and partner countries, assist in doctrine development, identify lessons learned, improve interoperability, and capabilities and test and validate concepts through experimentation. Locked Shields 2018, the largest and most complex international live-fire cyber defense exercise in the world, organized by NATO Cooperative Cyber Defense Centre of Excellence. In 2018 exercise includes new critical infrastructure components and integrates protection of critical infrastructure is essential for ensuring the efficient operation of both military and civilian organizations, it is the foundation of our modern digital lifestyle. The CCDCOE focuses on preventing and mitigating threats from state and para-governmental bodies including Russia, China, North Korea, Iran, ISIS and AQAP. Their CyCon 2018 Conference will be held May 30-June 1 in Estonia. Visit us and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)