Colleagues, rapid evolution, cryptojacking, global scope, mobility and
DNS hijacking. These are the traits of a Tier 1 malware threat to the 2
billion+ Android-based devices across the world and Roaming Mantis appears to have them all. This voracious malware was first identified in in Japan
during March 2018 when infected routers began redirecting users to compromised
websites. Roaming Mantis
currently supports 27 different languages and has expanded to users on four
continents. This new version contains a script for the popular cryptocurrency
miner Coinhive and the capability to target iOS devices in addition to
Android devices. What are
the most effective mitigation techniques? Security
Affairs focuses on mitigation beginning with securing routers, using up-to-date
firmware, enforcing strong passwords for admin access and disabling remote
access to the administration interfaces on the routers. This attack targets DNS
services running on routers. A DNS service running on a server inside your
network is not at risk to this attack. And only install software from trusted
app stores such as Google Play and the Apple App Store. We also recommend the SecureList’s
APT Mitigation in-depth checklist. Comment
and subscribe
today! Lawrence, Cyber
Security Defender (https://cybersecuritydefender.blogspot.com)
Our mission is to provide world-class cybersecurity Training and Certification programs to individuals and businesses globally.
Monday, May 21, 2018
Saturday, May 19, 2018
Syrian Electric Army Delivers Cyber Attacks to Defend Bashar al-Assad
Colleagues, while the SEA does not have the statute of their counterparts in
Russia, Iran or North Korea, it represents a formidable cyber warfare threat to
opponents of Bashar al-Assad including the US, Israel and Western
European nations. In fact three of its members have made their way onto the US FBI’s
Cyber Most Wanted List. The group gained initial attention in 2011 and since then
has conducted attacks with ideological motives. Their tactics include DDoS attacks, DNS hijacking, launching
fraudulent fabricating Facebook and YouTube sites, spear-phishing and Web site
defacement. The rampant civil war in Syrian combined with the presence of US
and NATO forces has served to fuel the fire for SEA. They are behind the
defacement of the US
Army’s public web site, a hack of the LinkedIn
portal and the RSA
(Security) Conference site. Bottom line: Although SEA does not have the prowess
of its tier 1 peers in North Korean, Iran and Russia, it must be taken
seriously and we support all appropriate proactive counter-measures to undermine
this cyber enemy. Comment and
subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Friday, May 18, 2018
North Korean Proxy the Lazarus Group’s Malware Suspected to go beyond Central American casinos
Colleagues, financial gain
appears to be the root cause motive behind the recent Lazarus Group’s (or Hidden
Cobra) malware attacks on casinos in Central America, a bank in Bangladesh and
potentially of the soft targets. This is the same entity suspected of the 2016 cyber-attacks
again US-base Sony Pictures. KillDisk is a
standard detection name that ESET uses
for destructive malware with disk wiping capabilities and helped detect Win32/NukeSped
and Win64/NukeSped
attacks. The number of systems affected and financial loss to such malware has
not been well quantified. How can KillDisk be mitigated? A comprehensive silver
bullet solution is unknown the Cyber Security Defender recommends a careful
review of the Australian Government’s Department of Defence publication
entitled Strategies
to Mitigate Cyber Security Incidents. What is the Lazarus Group’s next
target? Share your comments and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Thursday, May 17, 2018
The Cyber Threat Within: US FBI Identifies “Vault 7” Attack Suspect at the CIA tied to WikiLeaks
Colleagues, former US CIA
cyber expert Joshua Adam
Schulte is the FBI’s prime suspect in releasing top secret cyber
methods and measures to WikiLeaks in 2016.
Schulte is in custody in NYC. Schulte is charges with distribution of national defense information including computer code designed to take over iPhones and
convert smart televisions into surveillance devices. It appears that Schulte
follows in the footsteps of Americans Jonathan
Pollard, Edward Snowden and WikiLeaks Australian founder Julian
Assange. Aside from the fact that he was labeled as a
“disgruntled employee” at the CIA its remains to
be seen what motivated Schulte. Bottom line: Despite advanced human factors,
cyber security software and profiling, governmental and private sector entities
alike must remain increasingly vigilant against the potentially treasonous acts
of employees and third party contractors. Further resources must be devoted to
mitigating and preventing internal threats. Share your
comments and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)
Wednesday, May 16, 2018
Can We Expect Iran to Launch Cyber Attacks in Retaliation for the US Revoking the Nuclear Arms Agreement?
Colleagues, anger,
outrage and retribution lye at the heart of Iran’s response to the US’ withdraw
from the JCPOA
agreement on May 9, 2018. As such we predict Iran, possibly aided by Russia,
will unleash a new round of cyber security attacks against US interests in
North America and abroad. The Iranian government has been accused by western analysts of its own
cyber-attacks against the United
States, Israel and Persian
Gulf Arab countries. Like its allies Russia and North Korea, it
is widely believed that Iran has heavily invested to strengthen its offensive
cyber capabilities such as the Iran
Hackers Sabotage. Israel’s Institute
for National Security Studies (INSS) purports
that Iran is "one of the most active players in the international cyber
arena". So what to expect? Our view is that Iran will seek out soft cyber
targets in the US communications, financial and energy sectors. But for Iran
the real prize would be an attack on a US federal government or military
installation with the goal of sending a clear “political” message to the Trump
administration. Share your comments and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Tuesday, May 15, 2018
Measuring the Vulnerability of the US Power Grid to Russian Cyber Security Attacks
Colleagues, the US financial,
communications, transportation and especially energy infrastructures are all
prime targets for Russian state-sponsored cyber threats. Without energy (power)
the other mission-critical infrastructures are rendered useless. US
DHD has stated “Russia has attempted to attack
targets that include "energy, nuclear, commercial facilities, water,
aviation, and critical manufacturing sectors since March 2016”. Russian hackers made their way to machines with access to
critical control systems at power plants that were not identified. The hackers
never went so far as to sabotage or shut down the computer systems that guide
the operations of the plants. A chief suspect is Russia’s Internet
Research Agency located in St. Petersburg. While past attempts have come up
short we must fully assume that Russia is using quantum cryptography techniques
to break into US and European energy systems. Bottom line: The US needs to aggressively
move from a defensive an asymmetric and continuously to dispute, destroy and
Russian infrastructure while forcing the enemy to divert their offensive
resources to protecting their homeland. Post your comments and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Monday, May 14, 2018
How Serious is the Security Risk of the newly Discovered “Efail” Encryption Threat?
Colleagues, researchers at Germany’s
KU Leuven, Ruhr University Bochum and Munster University published a new
paper detailing the risk of Efail
to OpenPGP and S-Mine
encryption standards. OpenPGP,
the commonly employed email encryption method was OpenPGP was originally
derived from the PGP software. Whereas, S/MIME is based on asymmetric
cryptography to protect your emails from unauthorized access.
Efail enables an attacker to use the target’s own email client to decrypt
previously acquired messages and return the decrypted content to the attacker.
Efail exploits plaintext-recovery attacks on email standards as
opposed to network protocols TLS, IPsec and SSH. The email apps deemed to be
most at risk include Mozilla Thunderbird, iOS Mail and Apple Mail. Two
mitigation techniques have been identified. First, decrypt emails outside of
their primary email client. And second, disable HTML rendering.
Open issue: Just how serious and widespread of a threat does Efail represent to
corporate and individual email users? Let us
known your comments and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)
Saturday, May 12, 2018
Assessing the Impact of GDPR on the EU’s Consumer-First Policy
Colleagues, balancing the online protection of consumers vis-à-vis
free trade and commerce flows is a challenge to any government. This challenge
is at the very forefront of the EU’s new General Data Protection
Regulation which goes into effect on May 25, 2018. The GDPR includes nine significant changes for
EU citizens relative to its predecessor Data Protection Directive 95/46. They
include Breach Notification, Right to Access, Right to be Forgotten, Data
Portability, Privacy by Design, Data Protection Officers, Extra-Territorial
Scope, Consent and Penalties. The UK’s 66m citizens will live under GDPR
governance until Brexit goes into effect on March 29, 2019. Bottom line: What
impact will GDPR have on consumers and businesses alike in the months and years
ahead? For the moment let’s take a 30k foot handicap of the world’s three major
economic trading zones: North America (standing firm), Europe (a vibrant
history trying to maintain parity) and Asia (on a voracious growth trajectory).
While EU-based businesses will feel little-to-no impact, how will
multi-national corporations based in North America and Asia respond? In
essence, what is their risk-reward posture for doing business on the European
continent? Share your comments and join us today!
Lawrence, Cyber Security
Defender (https://cybersecuritydefender.blogspot.com)
Thursday, May 10, 2018
AI Being Weaponized to Launch Next Gen Cyber Security Warfare
Colleagues, while offensive cyber security warfare motives
remain largely unchanged – economic, financial, technological and political –
2018 is seeing the relentless rise of AI weaponized cyber security attacks and
state-sponsored warfare. On the surface there is nothing new when it comes to
spear-phishing, malware, DDoS, automated bots, ransomware and KYC breaches.
However, as these measures and methods are “AI-enabled” the threats they pose
are a quantum leap ahead of their conventional predecessors. Warfare tools such
as Sentry MBA, Death by Captcha and each phase of the infamous kill chain model. Bottom line: The increased cyber threat posed by AI
required a comparably higher level of defensive cyber warfare methods which
place even greater demands on limited OPEX by governments, businesses and
non-profit entities across the globe. We will continue to address this dire
topic in our posts and related resources. Share your thoughts today!
Lawrence, Cyber Security
Defender (https://cybersecuritydefender.blogspot.com)
AI Gains Momentum in Empowering Proactive Cyber Security
Colleagues, 2018 is likely the year in which AI-powered
cyber security prevention approaches parity with its arch-nemesis
AI-powered cyber security attacks There are four key areas organizations can
focus their offensive-proactive cyber security posture, most notably DDoS
attacks: Threat Prediction, Detection, Protection and Mitigation. Where to begin? We recommend
assessing the following solutions to determine which best meet your needs: E8 (now part of VMware), Darktrace, Cyland, Palo Alto Networks, Vectra and the new Symantec-Bay
Dynamics partnership. Take a look and share
your thoughts today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)
Subscribe to:
Posts (Atom)