SSL and internet security news

cybercrime

Auto Added by WPeMatico

Hackers Threaten to Erase Apple Customer Data

Turkish hackers are threatening to erase millions of iCloud user accounts unless Apple pays a ransom.

This is a weird story, and I’m skeptical of some of the details. Presumably Apple has decided that it’s smarter to spend the money on secure backups and other security measures than to pay the ransom. But we’ll see how this unfolds.

Powered by WPeMatico

Duqu Malware Techniques Used by Cybercriminals

Duqu 2.0 is a really impressive piece of malware, related to Stuxnet and probably written by the NSA. One of its security features is that it stays resident in its host’s memory without ever writing persistent files to the system’s drives. Now, this same technique is being used by criminals:

Now, fileless malware is going mainstream, as financially motivated criminal hackers mimic their nation-sponsored counterparts. According to research Kaspersky Lab plans to publish Wednesday, networks belonging to at least 140 banks and other enterprises have been infected by malware that relies on the same in-memory design to remain nearly invisible. Because infections are so hard to spot, the actual number is likely much higher. Another trait that makes the infections hard to detect is the use of legitimate and widely used system administrative and security tools­ — including PowerShell, Metasploit, and Mimikatz­to inject the malware into computer memory.

[…]

The researchers first discovered the malware late last year, when a bank’s security team found a copy of Meterpreter­an in-memory component of Metasploit — ­residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft’s NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.

BoingBoing post.

Powered by WPeMatico

Malicious AI

It’s not hard to imagine the criminal possibilities of automation, autonomy, and artificial intelligence. But the imaginings are becoming mainstream — and the future isn’t too far off.

Along similar lines, computers are able to predict court verdicts. My guess is that the real use here isn’t to predict actual court verdicts, but for well-paid defense teams to test various defensive tactics.

Powered by WPeMatico

The Culture of Cybersecurity

Interesting survey of the cybersecurity culture in Norway.

96% of all Norwegian are online, more than 90% embrace new technology, and 6 of 10 feel capable of judging what is safe to do online. Still cyber-crime costs Norway approximately 19 billion NKR annually. At the same time 73.9% argue that the Internet will not be safer even if their personal computer is secure. We have also found that a majority of Norwegians accepts that their online activities may be monitored by the authorities. But less than half the population believe the Police is capable of helping them if they are subject to cybercrime, and 4 of 10 sees cyber activists (e.g. Anonymous) play a role in the fight against cybercrime and cyberwar. 44% of the participants in this study say that they have refrained from using an online service after they have learned about threats or security incidents. This should obviously influence digitalization policy.

Lots of details in the report.

Powered by WPeMatico

Cybercrime as a Tax on the Internet Economy

I was reading this 2014 McAfee report on the economic impact of cybercrime, and came across this interesting quote on how security is a tax on the Internet economy:

Another way to look at the opportunity cost of cybercrime is to see it as a share of the Internet economy. Studies estimate that the Internet economy annually generates between $2 trillion and $3 trillion,1 a share of the global economy that is expected to grow rapidly. If our estimates are right, cybercrime extracts between 15% and 20% of the value created by the Internet, a heavy tax on the potential for economic growth and job creation and a share of revenue that is significantly larger than any other transnational criminal activity.

Of course you can argue with the numbers, and there’s good reason to believe that the actual costs of cybercrime are much lower. And, of course, those costs are largely indirect costs. It’s not that cybercriminals are getting away with all that value; it’s largely spent on security products and services from companies like McAfee (and my own IBM Security).

In Liars and Outliers I talk about security as a tax on the honest.

Powered by WPeMatico

Attributing Cyberattacks

New paper: “Attributing Cyber Attacks,” by Thomas Rid and Ben Buchanan:

Abstract: Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? ­ This article argues that attribution is what states make of it. To show how, we introduce the Q Model: designed to explain, guide, and improve the making of attribution. Matching an offender to an offence is an exercise in minimising uncertainty on three levels: tactically, attribution is an art as well as a science; operationally, attribution is a nuanced process not a black-and-white problem; and strategically, attribution is a function of what is at stake politically. Successful attribution requires a range of skills on all levels, careful management, time, leadership, stress-testing, prudent communication, and recognising limitations and challenges.

Powered by WPeMatico