Archive for August 6, 2020

BREAKING: Trump Signs Executive Order Banning TikTok In 45 Days If It’s Not Sold

Posted in Commentary on August 6, 2020 by itnerd

Well it has been threatened for almost a week now. And it’s finally happened. US President Trump has signed an executive order that band TikTok in 45 days if their Chinese parent doesn’t sell TikTok first. And it’s not just TikTok. Messaging app WeChat which is as popular as WhatsApp is being banned too. And they are subject to the same conditions that TikTok is under. As in they have to be sold from their Chinese parent company as well.

Now the games begins. China is going to flip out and chances are that they will fire back. And tis spat between China and the US will escalate very quickly. And this could quickly go off the rails.

UPDATE: TikTok just posted this statement and it in part says this:

We are shocked by the recent Executive Order, which was issued without any due process. For nearly a year, we have sought to engage with the US government in good faith to provide a constructive solution to the concerns that have been expressed. What we encountered instead was that the Administration paid no attention to facts, dictated terms of an agreement without going through standard legal processes, and tried to insert itself into negotiations between private businesses.

Also of interest are the relevant executive orders which can be found here and here. In those executive orders, Trump wants to get paid if US companies buy these companies. I have no clue how that would work as that sounds more like mob like behavior as opposed to being something that a government could legitimately do.

Darktrace’s Cyber AI Is Helping Security Analysts Act Fast And Accurately

Posted in Commentary with tags on August 6, 2020 by itnerd

Darktrace, today reported that its Cyber AI Analyst product has performed millions of threat investigations, mimicking human thought processes to zoom in on and explore potential threats, and report on the severity of an attack. Mike Beck, Global CISO at Darktrace, will be discussing these capabilities and real-world examples during a presentation at Black Hat USA on Wednesday, August 5th at 10am PDT. 

Initially released last September following a 3-year research project at Darktrace’s AI labs in Cambridge, UK, Cyber AI Analyst trains by observing world-class security analysts performing investigations – not on examples of previous attacks. The technology questions raw security alerts, seeks out additional context, and asks questions of third-party sources to come to a conclusion. Using natural language processing, the AI Analyst reports relevant findings at the right moment to security operations personnel, in their local language.

With human security analysts spending an average of 3 hours per security investigation, scaling teams to meet the demand for fast and accurate triaging has become unviable. Today, thousands of organizations rely on Cyber AI Analyst to run investigations alongside their teams, delivering a 92% time saving.

Metro Compactor Service Joins MaRS Momentum

Posted in Commentary with tags on August 6, 2020 by itnerd

Metro Compactor Service today announced it has been selected as one of Canada’s future economic stars – and one of 53 companies joining the MaRS Momentum Program

The program is designed to support high growth science and technology companies in Canada on their path to becoming global powerhouses, with the potential to reach 100m yearly revenue in the next five years.

MaRS Momentum is funded by FedDev Ontario, and works closely with senior executives to provides strategic support in attracting top talent, expanding into global markets, and raising capital. The program’s ultimate goal is to help the executive teams turn companies with high potential into high growth powerhouses. 

The companies taking part in the program are expected to add nearly 9,000 high paying Canadian jobs over the next five years and grow their combined yearly revenue to over 7 billion.

Metro is North America’s leader in IoT systems for waste equipment service and the parent company of iSMART Technologies. iSMART empowers sustainability and waste-management teams across all industries, through insights and tools that enable them to reach and surpass their targets.

For more information visit www.metrocompactor.com.

Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities In Legacy Programming Languages

Posted in Commentary with tags on August 6, 2020 by itnerd

Trend Micro Incorporated today announced new research highlighting design flaws in legacy languages and released new secure coding guidelines to help Industry 4.0 developers greatly reduce the software attack surface. And with this decrease business disruption in operational technology (OT) environments.

Conducted jointly with Politecnico di Milano, the research details how design flaws in legacy programming languages could lead to vulnerable automation programs. These insecurities could enable attackers to hijack industrial robots and automation machines to disrupt production lines or steal intellectual property. According to the research, the industrial automation world may be unprepared to detect and prevent the exploitation of the issues found. Therefore, it is imperative that the industry start embracing and establishing network-security best practices and secure-coding practices, which have been updated with industry leaders as a result of this research.

Legacy proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript were designed without an active attacker model in mind. Developed decades ago, they are now essential to critical automation tasks on the factory floor, but can’t themselves be fixed easily.

Not only are vulnerabilities a concern in the automation programs written using these proprietary languages, but researchers demonstrate how a new kind of self-propagating malware could be created using one of the legacy programming languages as an example. 

Trend Micro Research has worked closely with The Robotic Operating System Industrial Consortium to establish recommendations to reduce the exploitability of the identified issues[1].

As these new guidelines demonstrate, the task programs that rely on these languages and govern the automatic movements of industrial robots can be written in a more secure manner to mitigate Industry 4.0 risk. The essential checklist for writing secure task programs includes the following:

  • Treat industrial machines as computers and task programs as powerful code
  • Authenticate every communication
  • Implement access control policies
  • Always perform input validation
  • Always perform output sanitization
  • Implement proper error handling without exposing details
  • Put proper configuration and deployment procedures in places

In addition, Trend Micro Research and Politecnico di Milano have also developed a patent-pending tool to detect vulnerable or malicious code in task programs, thus preventing damage at runtime.

As a result of this research, security-sensitive features were identified in the eight most popular industrial robotic programming platforms, and a total of 40 instances of vulnerable open source code have been found. One vendor has removed the automation program affected by a vulnerability from its application store for industrial software, and two more have been acknowledged by the maintainer, leading to fruitful discussion. Details of the vulnerability disclosures have also been shared by ICS-CERT in an alert to their community.

The results of this research will be presented at Black Hat USA on August 5, and at the ACM AsiaCCS conference in October in Taipei. 

To find out more, please find the complete research report here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming.

Canon Pwned By Ransomware… 10TB Data Stolen

Posted in Commentary with tags on August 6, 2020 by itnerd

Canon has apparently been hit by a ransomware cyberattack which has impacted the company’s email, Microsoft Teams, US website, and other internal applications:

The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service yesterday, August 4th.

However, the final status update was strange as it mentions that while data was lost, “there was no leak of image data.”  This led BleepingComputer to believe there was more to the story and that they suffered a cyberattack.

Today, a source contacted BleepingComputer and shared an image of a company-wide notification titled “Message from IT Service Center” that was sent at approximately 6 AM this morning from Canon’s IT department.

This notification states that Canon is experiencing “wide spread system issues affecting multiple applications, Teams, Email, and other systems may not be available at this time.”

According to BleepingComputer, the attack has also resulted in over 10TB of stolen data.

And:

Since then, BleepingComputer has obtained a partial screenshot of the alleged Canon ransom note, which we have been able to identify as from the Maze ransomware.

After contacting the ransomware operators, BleepingComputer was told by Maze that their attack was conducted this morning when they stole “10 terabytes of data, private databases etc” as part of the attack on Canon.

Maze has a history of going after high value companies such as Xerox, LG and others. Maze also has a history of releasing the data that they steal if they don’t get paid. Thus it’s clear that they play for keeps. And it will be interesting to find out if Canon plans to pay up, or if they have paid up.

Watch this space for updates.

UPDATE: Max Heinemeyer, Director of Threat Hunting, Darktrace had this to say on this ransomware attack:

Maze are a highly professionalised cyber-crime group who often vie for a reputation as much as monetary gain – identifying viable targets, infiltrating their systems, encrypting data where it hurts the most and threatening to publish the data if the ransom is not paid. In this case, theft of personal photos might well be what secures a faster payment for the attackers. Spear-phishing, credential abuse and exploiting vulnerable internet-facing servers are all ways that groups like Maze might gain entry into their victim’s enterprise. If an attack is viable, then hackers will go for it.

The dwell time of these attacks is shockingly low – often it takes only a few days from the initial intrusion to the deployment of ransomware that shuts down an organization at computer speed, offering the victim no way out. 

Ransomware is often novel malware and therefore goes undetected by traditional security tools. AI is the best bulwark against these attacks as it is not only capable of identifying the abnormal b

Guest Post: ESET Illustrates Why COVID Has Been A Blessing For Scammers

Posted in Commentary with tags on August 6, 2020 by itnerd

While most people have banded together and done what has needed to be done to get ahead of the COVID-19 virus, it hasn’t – unfortunately — been universal. 

As has been said, some people just want to watch the world burn. As people across the world have united to look after those around them in this time of emergency, the COVID-19 pandemic has shown us how ruthless scammers can be. Across the world — Canada included — scams are on the rise during the COVID period. 

This period of crisis has actually provided a series of advantages to malicious actors, who have ramped up their operations in order to capitalise on the crisis. But good people are not defenceless against these actions. ESET, an industry-leading IT security company, offers some insight into the most prevalent scams that have emerged during the pandemic and, most important, what people can do to protect themselves. 

  • Sense of Panic — It’s dangerous, but scammers don’t care — they aim to create a sense of panic. One of the most common attempts during the pandemic has been SMS scams that falsely inform people they have contracted COVID-19. They message tells people they have been near someone who tested positive and they should get tested, but it them directs people to a sire that aims to gain bank details and other personal information. 

Protect Yourself — It is often easy to spot a dodgy email or suspicious web page when thinking calmly, but we understand rational thought process can go by the wayside in a time of panic. This is what scammers are trying to exploit. Before providing any personal details, take a few deep breaths and approach it with a calm mind so that you can assess whether it is legit, or not. 

  • Changing Norms — COVID-19 has changed our daily routine and norms. Scammers take advantage of this with schemes that, in normal times, may seem absurd, but may be less obvious during a pandemic when everything has been turned on its head. People are even more vulnerable during a crisis when governments actually are sending out email and text messages to keep people informed. Scammers don’t hesitate to add their phishing messages to the mix. 

Protect Yourself — Admittedly, phishing emails can be difficult to spot on a mobile device. But there are security measures you can put in place for added protection. ESET Mobile Security comes with an anti-phishing feature, taking much of the guesswork out of suspicious texts or emails. Always check the sender’s information before clicking on any links, and try to authenticate the link before clicking on it. To be extra safe, go directly to the company or organization’s website via a fresh search on your browser. 

  • Working from Home — The shift to remote work provided a major advantage to cyber criminals. Having workers on their home networks has increased their vulnerability to attack, resulting in an increase in malware and phishing, and hacking of video conferencing platforms. The most infamous example was the “Zoombombing” phenomena, where hackers broke into Zoom meetings to display graphic content to unsuspecting participants.

Protect Yourself — Step 1 is to keep all of your software updated. If a vulnerability is noticed, the company will often provide an update the resolve the issue. But that update is useless if you don’t actually apply it. If possible, select the “auto-update” feature on your computer so that it just happens automatically. Step 2 is installing antivirus and cybersecurity software. These tools make the battle against phishing and malware vastly easier. To find out which software is best for you, check out the range of cybersecurity solutions on our website

US To Purge “Untrusted” Chinese Apps And Stop US Apps From Being Installed On Huawei Phones

Posted in Commentary with tags , , on August 6, 2020 by itnerd

This situation between the US and China is escalating further with news that the US is going to purge what it calls “untrusted” apps which all happen to be from China:

U.S. Secretary of State Mike Pompeo said expanded U.S. efforts on a program it calls “Clean Network” would focus on five areas and include steps to prevent various Chinese apps, as well as Chinese telecoms companies, from accessing sensitive information on American citizens and businesses. 

Pompeo’s announcement comes after U.S. President Donald Trump threatened to ban TikTok. The hugely popular video-sharing app has come under fire from U.S. lawmakers and the administration over national security concerns, amid intensified tensions between Washington and Beijing. 

“With parent companies based in China, apps like TikTok, WeChat and others are significant threats to personal data of American citizens, not to mention tools for CCP (Chinese Communist Party) content censorship,” Pompeo said.

To the shock of absolutely nobody, China is not at all happy:

In an interview with state news agency Xinhua on Wednesday, Chinese foreign minister Wang Yi said the United States “has no right” to set up the “Clean Network” and calls the actions by Washington as “a textbook case of bullying”.

“Anyone can see through clearly that the intention of the U.S. is to protect it’s monopoly position in technology and to rob other countries of their proper right to development,” said Wang.

But the US action doesn’t stop there. The US doesn’t want US apps on Huawei phones:

Pompeo said the United States was working to prevent Chinese telecoms firm Huawei Technologies Co Ltd from pre-installing or making available for download the most popular U.S. apps on its phones. 

“We don’t want companies to be complicit in Huawei’s human rights abuses, or the CCP’s surveillance apparatus,” Pompeo said, without mentioning any specific U.S. companies.

No matter how you look at it, this war between China and the US is going to be very bad and you can expect to see more shots traded between these two. Especially in the lead up to the US election in November.