How will cyber criminals exploit the RCE vulnerability in EOS Blockchain using Smart Contracts?

Colleagues, Chinese researchers at Qihoo 360 have discovered an RCE (remote code execution) vulnerability in Blockchain EOS when using smart contracts. This bug potentially allows hackers to take complete control over node servers.  Commonly referred to as Blockchain 3.0, EOS is an open source platform smart contracts. The RCE flaw is considered by some to be a 51% attack. Bottom line question: How vulnerable are node servers on a Blockchain to the RCE bug? Specific mitigation methods are rather illusive. However, CSD recommends your review of “Bug Characteristics in Blockchain Systems: A Large Scale Empirical Study” published by the Singapore Management University.  Share your mitigation recommendations and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)

How Secure is AWS Authentication when using Google’s identity service for user identification?

Colleagues, Amazon Cognito can provide authentication, authorization, and user management for AWS users of mobile apps. This process involves a better understanding of federated authentication mechanism, a simplified credential management for teams who already have Google accounts, Customize authentication mechanisms at very low maintenance costs while serving as a good alternative to deploying and configuring our own IDP service Codecentric recommends a three step process: First, build a simple web service using AWS API Gateway and AWS Lambda. Second, use AWS IAM is the AWS service for access control. And third, employ using the AWS Secure Token Service together with Google Sign-In. Given the significant growth of both Amazon AWS customers who also use Google’s identity service the critical question is just how secure is this process? Without doubt both vendors systems are highly secure, however we are less certain about the security and viability of using the two disparate system in tandem. Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

VPNFilter Router Malware Attack – Is Russia Up to its Common Tactics?

Colleagues, the US FBI and DHS along with the UK’s National Cyber Security Center jointly warned that hackers working on behalf of the Russian government are compromising large numbers of routers, switches, and other network devices . Code-named VPNFilter, this malware has primarily targeted some 500,000 consumer and small business router worldwide … yet with a geographic focus on the Ukraine. Sound suspicious? It contains the RC4 encryption cipher BlackEnergy. BlackEnergy has been used in a variety of attacks tied to the Russian government. The type of devices targeted by this actor are difficult to defend. Most of the impacted routers are on the perimeter of the network with no IPS and commonly without do not have an AV package. Read the Cisco Talos security report by clicking here. So who is behind VPNFilter? CSD supports the Russian origin theory. What about you? Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

How Serious is the ZipperDown iOS App Programming Vulnerability?

Colleagues, China-based jailbreaker Pangu Labs has identified a vulnerability which they project impacts some 9.5% of the 168k Apple iOS apps may have. The root cause appears to be an app programming error that can lead to code execution and data overwritten in the affected apps." Some of the more noteworthy iOS apps impacted include but not limited to QQ Music, MOMO, Weibo, Kwai and NetEase Music. The ZipperDown web site provides a good FAQ yet is short on mitigation details. Bottom line: How far reaching are the consequences of ZipperDown?  And is there a comparable bug in Android apps? Details to follow. For now, share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

RSA Conference’s Cybersecurity Tech Accord – Substance or Delusion?

Colleagues, during last month’s RSA Conference 34 tech companies including Microsoft, Facebook, HPE, ABB, Arm, Cisco, Nokia, Oracle, and Trend Micro announced a Cybersecurity Tech Accord (aka Digital Geneva Convention) pledging to mount a united effort against state-sponsored cybercrime and warfare. Notable abstentions included Amazon, Alphabet and Apple. According to Juniper Research cybersecurity attacks on organizations and commercial entities is expected to reach an $8 trillion impact by 2022. The essence of the Accord is a four-fold commitment to: 1) Share threats and minimize the potential for malicious code to be introduced into cyberspace, 2) Protect all customers globally regardless of the motivation of the attack, 3) Will not help governments launch cyberattacks against innocent citizens, and 4) Empower users to make effective use of their products with new security practices and new features. Here at CSD applaud this move … particularly in light of increased cyber threats from Russia, Iran, North Korea and non-state bad actors. Bottom line: Will the four-fold commitment of the Accord be fulfilled in concrete deeds not just words on a signed piece of paper to appease the public and free-democratic governments? Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

“Roaming Mantis” – Assessing the Impact of Android Malware on Users

Colleagues, rapid evolution, cryptojacking, global scope, mobility and DNS hijacking. These are the traits of a Tier 1 malware threat to the 2 billion+ Android-based devices across the world and Roaming Mantis appears to have them all. This voracious malware was first identified in in Japan during March 2018 when infected routers began redirecting users to compromised websites. Roaming Mantis currently supports 27 different languages and has expanded to users on four continents. This new version contains a script for the popular cryptocurrency miner Coinhive and the capability to target iOS devices in addition to Android devices. What are the most effective mitigation techniques? Security Affairs focuses on mitigation beginning with securing routers, using up-to-date firmware, enforcing strong passwords for admin access and disabling remote access to the administration interfaces on the routers. This attack targets DNS services running on routers. A DNS service running on a server inside your network is not at risk to this attack. And only install software from trusted app stores such as Google Play and the Apple App Store. We also recommend the SecureList’s APT Mitigation in-depth checklist. Comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

Syrian Electric Army Delivers Cyber Attacks to Defend Bashar al-Assad

Colleagues, while the SEA does not have the statute of their counterparts in Russia, Iran or North Korea, it represents a formidable cyber warfare threat to opponents of Bashar al-Assad including the US, Israel and Western European nations. In fact three of its members have made their way onto the US FBI’s Cyber Most Wanted List. The group gained initial attention in 2011 and since then has conducted attacks with ideological motives. Their tactics include DDoS attacks, DNS hijacking, launching fraudulent fabricating Facebook and YouTube sites, spear-phishing and Web site defacement. The rampant civil war in Syrian combined with the presence of US and NATO forces has served to fuel the fire for SEA. They are behind the defacement of the US Army’s public web site, a hack of the LinkedIn portal and the RSA (Security) Conference site. Bottom line: Although SEA does not have the prowess of its tier 1 peers in North Korean, Iran and Russia, it must be taken seriously and we support all appropriate proactive counter-measures to undermine this cyber enemy. Comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

North Korean Proxy the Lazarus Group’s Malware Suspected to go beyond Central American casinos

Colleagues, financial gain appears to be the root cause motive behind the recent Lazarus Group’s (or Hidden Cobra) malware attacks on casinos in Central America, a bank in Bangladesh and potentially of the soft targets. This is the same entity suspected of the 2016 cyber-attacks again US-base Sony Pictures. KillDisk is a standard detection name that ESET uses for destructive malware with disk wiping capabilities and helped detect Win32/NukeSped and Win64/NukeSped attacks. The number of systems affected and financial loss to such malware has not been well quantified. How can KillDisk be mitigated? A comprehensive silver bullet solution is unknown the Cyber Security Defender recommends a careful review of the Australian Government’s Department of Defence publication entitled Strategies to Mitigate Cyber Security Incidents. What is the Lazarus Group’s next target? Share your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

The Cyber Threat Within: US FBI Identifies “Vault 7” Attack Suspect at the CIA tied to WikiLeaks

Colleagues, former US CIA cyber expert Joshua Adam Schulte is the FBI’s prime suspect in releasing top secret cyber methods and measures to WikiLeaks in 2016. Schulte is in custody in NYC. Schulte is charges with distribution of national defense information including computer code designed to take over iPhones and convert smart televisions into surveillance devices. It appears that Schulte follows in the footsteps of Americans Jonathan Pollard, Edward Snowden and WikiLeaks Australian founder Julian Assange. Aside from the fact that he was labeled as a “disgruntled employee” at the CIA its remains to be seen what motivated Schulte. Bottom line: Despite advanced human factors, cyber security software and profiling, governmental and private sector entities alike must remain increasingly vigilant against the potentially treasonous acts of employees and third party contractors. Further resources must be devoted to mitigating and preventing internal threats. Share your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com) 

Can We Expect Iran to Launch Cyber Attacks in Retaliation for the US Revoking the Nuclear Arms Agreement?

Colleagues, anger, outrage and retribution lye at the heart of Iran’s response to the US’ withdraw from the JCPOA agreement on May 9, 2018. As such we predict Iran, possibly aided by Russia, will unleash a new round of cyber security attacks against US interests in North America and abroad. The Iranian government has been accused by western analysts of its own cyber-attacks against the United States, Israel and Persian Gulf Arab countries. Like its allies Russia and North Korea, it is widely believed that Iran has heavily invested to strengthen its offensive cyber capabilities such as the Iran Hackers Sabotage. Israel’s Institute for National Security Studies (INSS) purports that Iran is "one of the most active players in the international cyber arena". So what to expect? Our view is that Iran will seek out soft cyber targets in the US communications, financial and energy sectors. But for Iran the real prize would be an attack on a US federal government or military installation with the goal of sending a clear “political” message to the Trump administration. Share your comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)