Monthly Archives: July 2018

This new dual-platform malware targets both Windows and Linux systems

The “security by minority” stance should come crashing down as cross-compiling makes multiplatform malware development easier.

One of the oft-repeated reasons for using alternative operating systems is the suggestion that alternatives to Windows are more secure because malware is not produced for these minority systems—in effect, an argument in favor of security by minority. For a variety of reasons, this is a misguided notion. The proliferation of web-based attacks—which are inherently cross-platform, as they depend on browsers more than the underlying OS the browser runs on—makes this argument rather toothless.

In the more narrow view of actual executables, Java-based malware such as McRAThas proliferated in the past, though as Java on the desktop is practically unheard of on consumer computers in 2018. Likewise, with enterprises moving away from installing Java SE on workstations, the viability of that approach has dwindled. However, Google’s Golang—which supports cross compiling to run on multiple operating systems—is now being utilized by attackers to target Windows and Linux workstations.

According a report by JPCERT, the WellMess malware can operate on Windows via Portable Excutables and on Linux via ELF (Executable and Linkable Format). The malware gives a remote attacker the ability to execute arbitrary commands as well as upload and download files, or run PowerShell scripts to automate tasks. The commands are transferred to the infected device via RC6 encrypted HTTP POST requests, with the results of executed commands transmitted to the C&C server via cookies.

JPCERT has created a tool (available here) to decrypt the content of those cookies, to identify what is being transmitted to the C&C server.

WellMess has been found in (unnamed by the report) Japanese companies, though it is unclear if the attacks are targeted exclusively in Japan, or if groups or individuals outside Japan have been affected. The C&C servers controlling infected systems are located in Lithuania, The Netherlands, Sweden, Hong Kong, and China. JPCERT advises that attacks using this malware are ongoing.

While WellMess is far from the first malware to run on Linux systems, the perceived security of Linux distributions as not being a significant enough target for malware developers should no longer be considered the prevailing wisdom, as cross-compilation on Golang will ease malware development to an extent for attackers looking to target Linux desktop users. As with Windows and macOS, users of Linux on the desktop should install some type of antivirus software in order to protect against malware such as WellMess.

In terms of free and open source software, ClamAV is likely the best option. ClamAV is a product of Cisco’s Talos Intelligence team, and is available in the default package repositories of most major Linux distributions. It is, however, a command line tool, making a front-end such as ClamTk or ClamAV-GUI necessary.

The big takeaways for tech leaders:

  • The WellMess malware can operate on WinPE and on Linux via ELF, giving a remote attacker the ability to execute arbitrary commands as well as upload and download files, or run PowerShell scripts to automate tasks.
  • The use of Google’s Golang allows attackers to cross-compile malware for use on multiple platforms, making potential attacks on Linux more trivial to engineer.

 

via:  techrepublic

Microsoft Teams gets a free version

Microsoft opened up the news floodgates in the kick off to its annual Inspire event in Vegas. One of the more compelling announcements of the bunch is the addition of a free version of Teams.

The Slack competitor has been kicking around in some form or other since late-2016, but the $60 a year fee has likely made it a bit of a nonstarter for smaller businesses. After all, it’s Slack’s free tier that helped the work chat app gain so much traction so quickly. A free version makes a lot of sense for Microsoft.

Signing users up for Teams is way to get more feet into the door of its application ecosystem, which was once ubiquitous in offices. Once they’ve download teams, workplaces will be hooked into the Microsoft 365 suite.

The free tier actually brings a fair bit of the app to up to 300 people per workplace. Here’s the full rundown of features per Microsoft,

  • Unlimited chat messages and search.
  • Built-in audio and video calling for individuals, groups, and full team meetups.
  • 10 GB of team file storage plus additional 2 GB per person for personal storage.
  • Integrated, real-time content creation with Office Online apps, including built-in Word, Excel, PowerPoint, and OneNote.
  • Unlimited app integrations with 140+ business apps to choose from—including Adobe, Evernote, and Trello.
  • Ability to communicate and collaborate with anyone inside or outside your organization, backed by Microsoft’s secure, global infrastructure.

The company’s done a good job hooking in enterprise customers, but as it notes, SMBs constitute 90+ percent of businesses globally, so that’s a whole lot more devices to tap into. The free tier is available in 40 languages starting today.

 

 

via:  techcrunch

YouTube TV subscribers get a free week after World Cup meltdown

When one of the main selling points for your service is the ability to stream live sports, the last thing you want is a full-on service meltdown during a huge game.

Alas, that’s exactly what happened on Wednesday to YouTube TV. Just as the World Cup semi-finals game between Croatia and England started heating up, the service went dark.

As something of a mea culpa, YouTube has sent out an email to subscribers promising a free week of YouTube TV service. With most users paying ~$40 a month for the service, that works out to about $10 off their next bill. Curiously, user reports suggest the refund is going out to most, if not all, YouTube TV users — not just those who were watching (or, you know, trying to watch) the game in question.

Meanwhile, some users have noted that reaching out directly to customer service lead to them getting a full month for free — so if you’re still feeling a bit burned by the whole thing, that might be something worth pursuing.

If you’re a subscriber but aren’t seeing the notice, check your spam box — some users in this Reddit thread are mentioning finding the notice hiding in there, or tucked away in the “social” tab in Gmail’s split view.

 

via:  techcrunch

Fortnites Summer Skirmish kicks off today, with $8 million prize pool

Fortnitebattle-royalefortnite-sniper-1920×1080-f072fcef414cbe680e369a16a8d059d8a01c7636

Fortnite Battle Royale has swept the gaming world. Alongside its 125 million users and record-breaking Twitch streams, the game has also drawn many competitive players away from their usual titles to try their hand at Battle Royale.

Today, that competitive play reaches at inflection point. At 4pm ET, Fortnite Battle Royale’s Summer Skirmish will kick off, with $8 million going to tournament winners over the course of the competition, with a whopping $250K going to the winners of today’s tournament.

This isn’t the first competitive Fortnite tournament we’ve seen. Celebrity Twitch streamer Ninja held a charity tournament in April, and Epic held a ProAm tournament combining competitive players and celebs who play Fortnite in June. Plus, sites like UMG and CMG have been holding smaller tournaments since Fortnite first rose to popularity. And then there are $20K Fortnite Friday tournaments for streamers held by UMG.

But today, the ante has most certainly been upped. This will be one of the highest paying Fortnite tournaments to date, and is yet just a small fraction of Epic Games’ promised $100 million prize pool for competitive play this year.

For some context, Dota 2 (previously the biggest competitive esports title out there) had a $25 million payout for the International Championship tournament in 2017, with the winners taking home $10.8 million. Call of Duty, one of the most popular titles over the last decade, is only paying out $1.5 million for its own Champs tournament this summer.

In other words, Fortnite is catching up quickly to the competitive gaming scene, not only in terms of talent but money. Epic Games’ Fortnite pulled in a record-breaking $318 million in June alone. In fact, Battle Royale is generating so much revenue for Epic that the company is now only taking a 12 percent share of earnings from its Unreal Marketplace.

But with that growth comes increased scrutiny. Though the company is passing along its fortunes to developers on the Unreal Engine and competitive players, some have noticed situations in which Epic might have been a bit stingy.

image

The stream for Fortnite Summer Skirmish begins at 4pm ET and is embedded below:

image

 

Watch live video from Fortnite on www.twitch.tv

 

 

via:  techcrunch

Blizzard DoS attack affected Overwatch, Heroes of the Storm, World of Warcraft

A weekend-long denial-of-service (DoS) attack which targeted Blizzard Entertainment causing severe lag for some players and preventing others from logging in at all, finally came to an end Monday morning.

The creators of Overwatch reported issues on its servers the day before and acknowledged that the attacks were affecting Overwatch as well as other games on its platforms. Heroes of the Storm and World of Warcraft were also plagued by the attacks.

“The DDOS attacks against network providers that we were monitoring have ended,” Blizzard tweeted while Overwatch developer Bill Warnecke also confirmed the server problems on Reddit stating his company is “aware of a major service issue now affecting all Blizzard titles,” and apologized for the hassle.

“Most services available on the Internet today are vulnerable to DDoS attacks and online gaming is no exception,” said Sean Newman, director of product management for Corero Network Security. “With the chance for gamers to often get an unfair advantage by blocking their adversaries from playing, the motivation for launching attacks against these platforms is high.” 

Newman added that the stakes can also be high for the providers that host the players of these games and, that the “only way to ensure resiliency, for what is often a soft target, is for the providers to deploy the latest generation of real-time, automatic DDoS protection.”

Although the attacks have ended for now the is no guarantee that another attack isn’t on the way as threat actors have targeted the platform with similar attacks in the past, although these attacks typically didn’t last as long.

 

via:  scmagazine

Machine Learning, Cloud, Compliance and Business Awareness Drive Cybersecurity

Senior businesses awareness of cybersecurity, legal and compliance issues and cloud-delivered products are some of the trends driving the industry, according to Gartner.

According to its Top Six Security and Risk Management Trends, Gartner said that “business leaders are becoming increasingly conscious of the impact cybersecurity can have on business outcomes” and encouraged security leaders to harness this increased support and take advantage of its six emerging trends “to improve their organization’s resilience while elevating their own standing.” The trends are as follows:

  • Trend No. 1: Senior business executives are finally becoming aware that cybersecurity has a significant impact on the ability to achieve business goals and protect corporate reputation
  • Trend No. 2: Legal and regulatory mandates on data protection practices are impacting digital business plans and demanding increased emphasis on data liabilities
  • Trend No. 3: Security products are rapidly exploiting cloud delivery to provide more-agile solutions
  • Trend No. 4: Machine learning is providing value in simple tasks and elevating suspicious events for human analysis
  • Trend No. 5: Security buying decisions are increasingly based on geopolitical factors along with traditional buying considerations
  • Trend No. 6: Dangerous concentrations of digital power are driving decentralization efforts at several levels in the ecosystem

In regard to cloud computing, which Gartner said is affected by trends 3 and 6, “new detections technologies, activities and authentication models require vast amounts of data that can quickly overwhelm current on-premises security solutions” and this is driving a rapid shift toward cloud-delivered security products which “are more capable of using the data in near real time to provide more-agile and adaptive solutions.”

Also with regards to emerging trends, Gartner predicted that “by 2025, machine learning will be a normal part of security solutions and will offset ever-increasing skills and staffing shortages” as well as offering solutions to multiple security issues, such as adaptive authentication, insider threats, malware and advanced attackers.

Peter Firstbrook, research vice-president at Gartner, said: “Look at how machine learning can address narrow and well-defined problem sets, such as classifying executable files, and be careful not to be suckered by hype.

“Unless a vendor can explain in clear terms how its machine learning implementation enables its product to outperform competitors or previous approaches, it’s very difficult to unpack marketing from good machine learning.”

 

via:  infosecurity-magazine

Corporate networks vulnerable to insider attacks, report finds

Researchers found that 100% of corporate networks tested in 2017 were vulnerable to insider attacks, with Wi-Fi networks and employees among the top areas of weakness.

During penetration testing performed as an internal attacker, Positive Technologies researchers were able to obtain full control of infrastructure on all corporate networks they attempted to compromise.

The difficulty of accessing critical resources could be considered “moderate” on only 7% of networks tested, according to the research report.

Penetrating the network perimeter has become easier over time, the report reveals, with the difficulty of accessing the internal network assessed as “trivial” in 56% of tests in 2017, compared with just 27% in 2016.

On average, Positive Technologies testers found two attack vectors (vulnerabilities) per client that would allow their internal network to be penetrated.

For one client, 10 different penetration vectors were detected, with the oldest vulnerability (CVE-1999-0532) dating back 20 years.

The report shows that corporate Wi-Fi networks are a convenient launch point for attackers, with 40% of companies tested using easy-to-guess dictionary passwords for access to their Wi-Fi networks. In addition, 75% of Wi-Fi networks were accessible from outside of company offices, and the same proportion failed to enforce per-user isolation. As a result, intruders can attack personal and corporate laptops connected to Wi-Fi without ever having to set foot in the target’s building.

Another weak point at most companies was found to be their employees, who are vulnerable to social engineering attacks. In testing, 26% of employees clicked a link for a phishing website and almost half of them proceeded to enter their credentials in a fake authentication form. One in six employees opened a simulated malicious file attached to an email and 12% were willing to communicate with intruders.

Leigh-Anne Galloway, analyst at Positive Technologies said that to gain full control over the corporate infrastructure, an attacker usually penetrates the network perimeter and takes advantage of vulnerabilities in out-of-date operating system (OS) versions.

“From this point, the sequence of events is predictable – the attacker runs a special utility to collect the passwords of all logged-in OS users on these computers. Some of these passwords might be valid on other computers, so the attacker repeats this process.

“Gradually, system by system, the attacker continues until obtaining the password of the domain administrator. At that point, it’s game over—the attacker can burrow into the infrastructure and control critical systems while staying unnoticed.”

Stopping insider attackers requires a comprehensive, in-depth defensive approach, the research report said, adding that basic security measures include keeping operating systems and applications up to date, as well as enforcing use of strong passwords on all systems by all users, especially administrators.

Positive Technologies recommends using two-factor authentication for administrators of key systems and refraining from giving administrator privileges to ordinary employees on their computers. Even if some systems have been compromised already, the report said rapid detection can still minimize the damage.

Organizations should also consider implementing security information and event management(Siem) and other systems to enable them to respond to security breaches effectively and in a timely manner.

 

via:  computerweekly

Hamas Uses Fake Dating Apps to Infiltrate Israeli Military

Hamas has been accused of running a sophisticated spyware operation designed to trick Israeli Defense Force (IDF) soldiers into downloading malicious apps.

Hundreds of IDF troops have been contacted by alleged fake profiles on social networking sites in what the military is dubbing Operation Broken Heart.

After building up a rapport with the soldier on WhatsApp, the ‘woman’ in question then typically sends them a link to download a convincing looking but malicious app.

These included dating apps with names like GlanceLove and ones featuring goals and live scores from the World Cup, such as Golden Cup.

One suspicious-looking profile which nevertheless had an Israeli number attached, belonged to a ‘Lina Kramer’ and was discovered in January. Those behind the campaign often try to cover up broken Hebrew by saying they’re immigrants, the IDF claimed.

“Not long after the first attacker approached us, we’d already begun receiving dozens of reports from soldiers about suspicious figures and apps on social networks,” said ‘Colonel A,’ head of the IDF Information Security Department.

“Upon investigating the reports, we uncovered hostile infrastructure that Hamas tried to use to keep in contact with IDF soldiers and tempt them to download apps that were harmful, and use the soldiers to extract classified information.”

The apps are said to be loaded with Trojan malware capable of switching on the mic and camera, accessing photos, phone numbers and email addresses of soldiers operating near the Palestinian border, and even gathering info on military bases.

The IT security department of the Israeli military has updated its guidance for soldiers in light of Broken Heart and is reportedly also sending fake messages to soldiers in a bid to raise awareness of the dangers of clicking on links from virtual strangers.

 

via:  infosecurity-magazine

Gmail Privacy Fears Emerge Over Third-Party Apps

Google is at the center of a new privacy storm after it was revealed that third-party app developers can read the content of Gmail users’ emails.

This “dirty secret,” as one source described it to the Wall Street Journal, affects users who choose to link their Gmail accounts to third-party applications for things like travel or shopping.

In so doing they’re asked to grant permissions for the app to “Read, send, delete and manage your email.”

However, many users may not be aware that human eyes are perusing their personal emails as well as computer algorithms. 

The report claimed that in the case of marketing app Return Path, employees of the company read around 8000 Gmail users’ emails to help develop the app. Email management app developer Edison Software also allowed its employees to read “thousands” of emails to hone the Smart Reply feature.

For its part, Google claimed to have strictly vetted those firms allowed access to users’ emails and said users are asked explicitly for their permission to do so, consistent with its policies.

However, when it comes to third-party apps, user privacy has become a major issue following the Cambridge Analytica scandal in which the details of 87m Facebook users were sold by an app developer for use in targeted political advertising.

The social network changed a policy in 2015 which allowed third party developers to access the data of app users’ friends.

Evgeny Chereshnev, CEO of privacy firm Biolink.Tech, claimed that the GDPR demands organizations improve awareness among users around how their data is being used.

“This type of access is going to going to continue, and people need to be aware that every time they connect to, or install, a third-party application on their mobile device, they are giving rights to those applications – often without even thinking about it,” he added.

“These applications gain access to users’ contacts, information about the user of the phone as well as things like GPS location, so this needs to be taken very seriously.”

 

via:  infosecurity-magazine

6 Steps for Establishing and Maintaining Digital Integrity

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or impairment.

Digital integrity is possible only through the merging of people, process and technology into a holistic framework. Such an effort can be difficult without proper guidance. Fortunately, several of the Center for Internet Security’s Critical Security Controls (also known as the CIS Controls) can help. Organizations should pay particular attention to these security measures:

  • CIS Controls 3, 5 and 11 together help organizations continuously manage their vulnerabilities, harden critical endpoints and monitor for unexpected changes.
  • CIS Control 17 aids organizations in creating a security awareness training program for their employees that helps maintain skills and competencies.
  • CIS Control 6 supports organizations in their development of an audit log policy and implementation of proactive change management.

With those controls, businesses can abide by the following six steps to establish and maintain a profile of digital integrity.

Step 1: Establish a Configuration Baseline for Your Infrastructure

Organizations need to understand how their assets are configured. Towards this end, they can use CIS Controls 5 and 11 to create a configuration baseline that allows them to manage configurations, catalog acceptable exceptions and issue alerts for unauthorized changes. Enterprises should design that standard in such a way that it applies to all authorized endpoints.

Step 2: Determine the Critical Files and Process You Need to Monitor Your Baseline

With a baseline in place, organizations need to monitor it using their critical files and processes. They can apply CIS Controls 7-17 to refine their monitoring processes to include endpoint master images, OS binaries and web server directories. They should also focus on key processes that either touch any of those files or involve logging and alert generation.

Step 3: Document Your Static and Dynamic Configuration Monitoring Procedures

Organizations can use CIS Controls 3.1 and 3.2 to configure their automated scanning tools for vulnerabilities. They should consider availing themselves of both static and dynamic monitoring. The former is useful for periodic checks and assessments against fixed network parameters while the latter is advantageous for providing real-time notifications of change.

Step 4: Implement Continuous Vulnerability Monitoring

Once they’ve configured their scanning tools, organizations need to figure out the scope of their continuous vulnerability monitoring program. As part of this program, they should follow the guidance of CIS Control 3 to ensure there are notifications for suspicious activities that change baseline configurations or expose the organization to increased risk. They should also work to see how IT and security personnel can work together to strengthen digital integrity.

Step 5: Establish Formal Change Management Processes

Change management works best if organizations establish formal processes to evaluate requests and track outcomes. For example, they can consider creating a change control board that’s empowered to act on high-priority issues and using risk-rating to prioritize the remediation of discovered vulnerabilities. All the while, organizations should be on the lookout for change management problems that undermine digital integrity.

Step 6: Establish Training for Your Staff

Lastly, organizations should follow CIS Control 18 to establish security awareness training for their employees. They should begin by performing a gap analysis to understand the skills and behaviors needed for their employees. Using their findings as a baseline, enterprises can then deliver training to address the skills gap for all workforce members.

AN ONGOING PROCESS

Establishing and maintaining digital integrity is an ongoing process that requires constant engagement from organizations. To make the best out of your organization’s efforts to create a digital integrity profile, download this whitepaper.

 

via:  tripwire