Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer.
Powered by WPeMatico
December 18, 2018 cybersecurity, networksecurity, Security technology Read more >
A new variant of the Shamoon malware has destroyed significant amounts of data at a UAE “heavy engineering company” and the Italian oil and gas contractor Saipem.
Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant is also Iranian in origin, or if it is someone else entirely using the old Iranian code base.
Powered by WPeMatico
December 17, 2018 cybersecurity, datadestruction, infrastructure, malware, Security technology Read more >
Attackers are targeting two-factor authentication systems:
Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.
This isn’t new. I wrote about this exact attack in 2005 and 2009.
Powered by WPeMatico
December 14, 2018 authentication, email, maninthemiddleattacks, phishing, Security technology, twofactorauthentication Read more >
Piling on from last week’s post, the squid emoji’s siphon is in the wrong place.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Powered by WPeMatico
The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true.
Reuters:
Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company’s private probe into the attack.
That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.
While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.
Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood’s computer networks since 2014, said one of the sources.
I used to have opinions about whether these attributions are true or not. These days, I tend to wait and see.
Powered by WPeMatico
December 13, 2018 attribution, china, hacking, hotels, Security technology Read more >
Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad.
Note: Many people e-mailed me to ask why I haven’t blogged this yet. One, I was busy with other things. And two, there’s nothing I can say that I haven’t said many times before.
If there are more good links or commentary, please post them in the comments.
Powered by WPeMatico
December 12, 2018 australia, backdoors, cryptography, cryptowars, encryption, Security technology Read more >
The research group AI Now just published its annual report. It’s an excellent summary of today’s AI security challenges, as well as a policy agenda to address them.
This is related, and also worth reading.
Powered by WPeMatico
December 10, 2018 artificialintelligence, reports, Security technology, securityengineering Read more >
Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course.
What’s new is a nice user interface for the issues, noting highlights and levels of redaction.
Powered by WPeMatico
December 7, 2018 historyofcryptography, nsa, redaction, Security technology Read more >
Kaspersky is reporting on a series of bank hacks — called DarkVishnya — perpetrated through malicious hardware being surreptitiously installed into the target network:
In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network. In some cases, it was the central office, in others a regional office, sometimes located in another country. At least eight banks in Eastern Europe were the targets of the attacks (collectively nicknamed DarkVishnya), which caused damage estimated in the tens of millions of dollars.
Each attack can be divided into several identical stages. At the first stage, a cybercriminal entered the organization’s building under the guise of a courier, job seeker, etc., and connected a device to the local network, for example, in one of the meeting rooms. Where possible, the device was hidden or blended into the surroundings, so as not to arouse suspicion.
The devices used in the DarkVishnya attacks varied in accordance with the cybercriminals’ abilities and personal preferences. In the cases we researched, it was one of three tools:
- netbook or inexpensive laptop
- Raspberry Pi computer
- Bash Bunny, a special tool for carrying out USB attacks
Inside the local network, the device appeared as an unknown computer, an external flash drive, or even a keyboard. Combined with the fact that Bash Bunny is comparable in size to a USB flash drive, this seriously complicated the search for the entry point. Remote access to the planted device was via a built-in or USB-connected GPRS/3G/LTE modem.
Slashdot thread.
Powered by WPeMatico
December 7, 2018 banking, cybercrime, hacking, hardware, malware, Security technology, theft, usb Read more >