Archive for February 9, 2021

Former Director General Of MI5 Warns Of Rising Nation-State Cyber-Threat To The Private Sector

Posted in Commentary with tags on February 9, 2021 by itnerd

Darktrace recently hosted its first ever Cyber AI Forum, a virtual event which brought together global experts to discuss the evolution of cyber-threats and the role of AI in tackling these risks.  

Among the expert speakers was Lord Evans, former Director General of MI5. Evans provided a breakdown of the recent attack on SolarWinds, commenting: “You can detect, from the decisions that the attackers have been making, what their real concerns are, because there are thousands of companies infected by it, but only a handful have actually been subject to a full extraction of data.”  

This attack, explained Evans, signifies a new frontier in cyber warfare in which thousands of businesses are now “caught in the crosshairs” of state campaigns, and vulnerable to exploitation. He continued: “You may be wide open to this attack, even if it hasn’t happened to you yet.”   

On a later panel, experts discussed the role of AI in combatting this new era of sophisticated cyber-threats and the UK’s national stance. Former Home Secretary Amber Rudd said: “Government is never going to be ahead of the private sector. [It must] create the right policy structure so that the private sector can thrive and create solutions [to be] used by the private sector and government.”  

Autonomous Cyber AI solutions were at the fore of the discussion about the right technologies to adopt for resilience against cyber-threats. Nick Jennings CB FREng, Professor of Artificial Intelligence at Imperial College London, highlighted the importance of unsupervised machine learning, commenting: “It’s dealing with a novel, unusual, unpredicted attack where you need unsupervised learning – and if you haven’t got this capability in your system, you’re very much at the mercy of inventive folk who will always find new ways of attacking you.”  

Leon Shepherd, CIO of Ted Baker, commented: “Deploying AI [has] given us the ability to augment [our] security team. Having an AI automated response to an attack in place buys time for our human team to investigate further and work out what happened.” He continued: “When we talk about great security – AI is absolutely part of it. A combination of humans and AI is what works today for security.”  

On the future of the cyber-threat landscape, Dave Palmer, Chief Product Officer at Darktrace, said: “We’ll see amplification and improvement in terms of [the attackers’] tech capabilities – it will be a perpetual arms race with defenders as [our] tech gets better.”  

Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,500 organizations worldwide, protecting the cloud, email, IoT, traditional networks, endpoints and industrial systems.  

A self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities.  The company has 1,500 employees and 44 office locations, with headquarters in Cambridge, UK and San Francisco. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage. 

Someone Just Tried To Phish Me To Get My Email Credentials….. So I Went Down The Rabbit Hole To See What Their Scheme Was

Posted in Tips with tags on February 9, 2021 by itnerd

I was having a busy morning that had just calmed down when I got an email that looked like this:

Now I redacted some info as it seems that James Hayes appears to be a real person and I don’t want to embarrass him as it appears that his email has either been pwned by hackers or has been taken over by hackers. Likely the latter as I will illustrate in a second. But the fact is that this to me looks like a classic phishing email. I verified that by using the “Quick Look” function:

Again, I’ve redacted some info to protect the real James Hayes.

The quality of the English (or more accurately the lack of quality) reinforces my opinion that this is a phishing email. I assumed that if I emailed James Hayes to inform him that his email was hacked, he would take action. However, I got an almost instant response from him…. Or more accurately someone pretending to be him:

This further reinforces the fact that this is a phishing email as the English isn’t any better and it wants my “valid EMAIL” to view whatever “document” he sent me. But in the interest of science, I went down the rabbit hole. Opening the link in Chrome brought me to the page that I saw in Quick Look. Clicking on “REVIEW DOCUMENT” took me to this page:

Now this isn’t a web page that belongs to Microsoft as evidenced by the URL above. It is a page that is clearly intended to fool you into thinking that this is a web page that belongs to Microsoft so that the miscreants behind this phishing attack can grab your email credentials. To further go down this rabbit hole, I used an throwaway Outlook.com email address that I have specifically for testing out stuff like this. But it’s tied to the Microsoft Authenticator app which enables multi factor authentication. What that means is that if this is a legitimate Microsoft page, which I already know it isn’t, Microsoft Authenticator on my iOS device should immediately alert me to enter my second factor to let me access this document that I supposedly have to review. If it doesn’t do that, then I know it is a phishing attack. The thing is that the scumbags behind this attack still won’t be able to get in and I can just change the password later because I have Microsoft Authenticator. So I did that, first with an incorrect password and here’s the result:

The first interesting thing is that the word invalid is spelled “inValid” which further supports that this is a phishing page. The second thing is that it somehow knew that I had entered a incorrect password. That was interesting. So I entered my actual password and sure enough, Chrome served this up to me.

Proof positive that this is a phishing site. My guess is that they were after my email account to launch more involved email attacks. Like trying to scam money for example as attacks on Office 365 accounts to do that among other things are a trend at the moment. But they won’t be able to use my throwaway account due to the fact that I’ve used multi factor authentication to stop that from happening. Plus I have changed the password. Now because I have Microsoft Authenticator installed, I can see what the miscreants do and what IP address they come from so that maybe I can figure out who they are. I’ll keep you posted on what I find out. But if you get an email like the one I got, don’t click on anything. Simply delete it and move on with your day as that is the best way to protect yourself from something like this.

Waze Welcomes Audible To Its Audio Player Program

Posted in Commentary with tags on February 9, 2021 by itnerd

Waze, the platform bringing together communities on and off the road, today announced Audible has joined its Audio Player Program, giving drivers a way to fill time in the car with meaning, learning, art and storytelling.

Audible on Waze offers drivers with an Audible membership easy access to its catalogue of more than 600,000 Audible Originals, audiobooks, podcasts, and other audio programs. So whether riding with the kids, road tripping, or heading home from work, there’s an Audible title to accompany every drive. 

Audible members can listen on Waze by simply opening the Waze app and tapping the music note icon to select Audible as their audio player. They can start enjoying audio content directly through Waze right away, including Audible Originals, audiobooks and podcasts. Audible members will also receive next turn directions from Waze inside the Audible app.

Audible is the latest streaming service to integrate its audio experience into Waze by using the Waze Audio Kit.

The Audible integration for Waze Audio Player will begin rolling out from today. You can download Waze here, and to integrate your audio app with Waze, apply for the Waze Audio Kit here.

Axio Launches Free Ransomware Preparedness Assessment Tool

Posted in Commentary with tags on February 9, 2021 by itnerd

Axio today announced the availability of a free Ransomware Preparedness Assessment tool to give organizations detailed visibility into their cyber posture with respect to ransomware. 

The assessment is based on data from hundreds of real ransomware events, guidance from the U.S. Department of Homeland Security, and Axio’s research. 

By using the Axio360 platform, users can rapidly assess and prepare for a ransomware attack, the most widespread cyber scourge of our time. The framework was designed by Axio’s research and development team, who have extensive experience building the most widely used cybersecurity maturity models for critical infrastructure.

The output of the Axio360 Ransomware Preparedness Assessment will be accepted as supplementary evidence in support of cyber insurance applications. 

The assessment output can be used to rapidly evaluate gaps in an organization’s cybersecurity posture that make it more susceptible to big-game-hunting ransomware. These results are critical in identifying and implementing protections against ransomware and will have the secondary effect of increasing the organization’s overall cybersecurity posture. The assessment interface in the Axio360 platform includes a comprehensive reporting functionality for executive stakeholders such as the C-suite and board members. Functionality in Axio360 supports targeting, planning, and tracking improvements to ensure that they are implemented.

Axio’s core value is centered around helping organizations solve cyber risk. In 2020, the company provided three free cyber risk program assessment tools that give organizations visibility into their cyber posture. Axio360’s free tool set also includes the complete NIST Cybersecurity Framework (NIST CSF), the complete Cybersecurity Capability Maturity Model (C2M2), a wizard-based on-ramp to the C2M2 called C2M2 Foundation. In 2021, Axio will continue providing the latest cutting-edge instruments, including a wizard-based on-ramp to the NIST CSF called the NIST CSF Foundations and support for company-specific control frameworks for more advanced subscribers. 

By using the Axio360 free tool set, initial assessments can be the baseline to build a cybersecurity management program. Axio recommends setting a current and target state for improvement, which is easy and convenient to track over time in the platform. 

For more information on how to secure your organization and improve your cyber risk management, access all of Axio’s free tools here: https://learn.axio.com/free-tool.

Guest Post: ATM Hacks Surged 269% In Europe In 2020 H1, Recent Findings From Atlas VPN Reveal

Posted in Commentary with tags on February 9, 2021 by itnerd

Criminals have been targeting automated teller machines (ATMs) for as long as they have been available to the public. Many already know about scams where fraudsters hook up a small device to the ATM to steal credit card information, usually referred to as card skimming. 

However, recent findings by Atlas VPN reveal that cybercriminals started to hack into the ATMs using malware and logical attacks. A logical or malware attack is a type of cyber attack where threat actors alter the ATM software to access the cash dispenser.

When hackers gain access to the dispenser, they can collect ATM users’ credit card details to prepare fake credit and debit cards. Also, hackers can collect the cash available in the ATM, depending on what part of the software the criminals could access.

The research is based on European Association for Secure Transactions (EAST) data covering the first six months of 2020. 

ATM malware and logical attacks against ATMs went up from 35 to 129 in the first half of 2020, which represents a 269% increase from last year. Losses caused by malware and logical attacks rocketed from less than €1,000 in 2019 H1 to just over €1 million in 2020 H1.

Physical attacks cause most losses

Physical ATM attacks are much more common and cause bigger financial losses. There are various types of physical attacks. One of the most common types of physical attacks is ram raids, rip out, explosive attacks, or burglary. 

ATM-related physical attacks were down from 2,376 to 1,829, amounting to a 23% decline.

However, even though the number of attacks declined in 2020 H1, losses due to physical attacks were €12.6 million, an 11% increase from the €11.4 million in 2019 H1.

The bigger part of the damages was driven by an increase in losses due to explosive and gas attacks, which went up from €5.1 million to €7.6 million, representing a 49% jump in a year. The number of explosive attacks increased only slightly, from 503 incidents in 2019 H1 to 505 attacks in 2020 H1.

To read the full article, head over to: https://atlasvpn.com/blog/atm-hacks-surged-269-in-europe-in-2020-h1-recent-findings-reveal

Security Operations Teams Get Relief From Alert Overload With The Trend Micro Vision One Platform

Posted in Commentary with tags on February 9, 2021 by itnerd

Trend Micro Incorporated combats security alert overload and resource constraints with an extensible platform that provides visibility and response from a single console. The new platform, Trend Micro Vision OneTM, has extended detection and response (XDR) at its core and raises the bar with new capabilities to helpsecurity teams to see more and respond faster.

Organizations are struggling with siloed tools, disjointed alerts and stealthy, sophisticated threats, whether they have a Security Operations Center (SOCs) or are relying on stretched IT security teams for SOC functions. Trend Micro has helped hundreds of organizations identify and reduce cyber risk by correlating alerts across the entire IT environment, with the industry-first XDR solution launched in 2019.  Now, with Vision One, Trend Micro is solving more complex security challenges with enhanced XDR, new risk visibility, new third-party integrations, and simplified response to threats across security layers.

With Trend Micro Vision One, organizations can maximize efficiency by making less sophisticated security resources operate at a more expert level. The new platform allows them to faster dissect security incidents, identify critical threat patterns and complex attacks and understand their overall security posture and trends, so organizations can proactively identify and assess potential security risks.

According to Gartner, Innovation Insight for Extended Detection and Response, March 2020, “Two of the biggest challenges for all security organizations are hiring and retaining technically savvy security operations staff, and building a security operations capability that can confidently configure and maintain a defensive posture as well as provide a rapid detection and response capacity. Mainstream organizations are often overwhelmed by the intersectionality of these two problems.”

The holistic threat defense platform is true to its name, offering:

  • Visibility & threat intelligence: Cross-layer detection models, along with security risk visibility supported by Trend Micro Research insights, enable enterprises to see complex attacks and particular points of security risk that siloed solutions miss. In preview, are new insights into SaaS application usage, their risk levels and trends over time.
  • Purpose-built sensors: Native integrations with Trend Micro security stack across critical security layers.
  • Fit with existing infrastructure: Out-of-the-box, API integrations with existing third-party solutions already in use to compliment workflows.
  • Simplified management: Ability to adjust security policies and drive response actions across security layers from a single console instead of swivel chair management

In addition to the layered security from Trend Micro, customers can easily connect this new platform into other security technologies such as third-party endpoint protection platforms and SIEM and SOARs, including new integrations with Fortinet,  Microsoft Sentinel and Splunk just to name a few. Early adopting customers are ready to act on the developing opportunity to integrate beyond SIEM and SOAR, with solutions like firewalls, ticketing solutions, identity and access management.

This new blog from IDC resulted from a briefing prior to launch and goes into further detail on the new Trend Micro platform. To find out more about Trend Micro Vision One, please visit TrendMicro.com

Review: SanDisk Extreme PRO 128GB USB 3.2 Solid State Flash Drive

Posted in Products with tags on February 9, 2021 by itnerd

For years I’ve been walking around with a 32GB USB thumb drive on my keychain. But lately I’ve found that 32GB isn’t enough for me when I do work for clients. For example when I have to move files from one computer to another. So that made me look for a replacement, and I chose the SanDisk Extreme PRO 128GB USB 3.2 Solid State Flash Drive.

For the record, this drive comes in sizes of 128GB, 256GB, 512GB and a mind blowing 1TB. All of which fit on your keychain. It really feels like a well constructed premium product that will survive something longer than 10 seconds in your pocket. It’s cool to the touch as well which adds to the premium feel. You can thank the aluminum metal casing for that. The USB-A connector slides out using a slide mechanism on the top of the drive that has a very satisfying click when you use it. It also means when it is recessed, it is less likely to get damaged.

Now the company on their website which I linked to above makes some very conservative claims about how fast this drive is. The packaging however, makes some really bold claims:

Super fast SSD performance? Speeds of 420 MB/s read and 380 MB/s write? Hmmmm….. I think a marketing person drank one to many glasses of wine coming up with this copy. Because those numbers don’t equal “Super fast SSD performance”. But let’s prove that. First let’s test a 32GB USB stick from a name brand company using CrystalDiskMark 8.0.1 as a starting point to see what sort of performance we get:

Now this is the performance that you typically get from a USB thumb drive. Pretty middling sequential read and write numbers. And pretty abysmal random read and write numbers. The reason being is that most USB thumb drives are built to a price point (as in as cheap as possible) and are not built to perform at top speed.

Let’s contrast that with the SanDisk Extreme PRO 128GB USB 3.2 Solid State Flash Drive. I used the same PC and the same USB port to do this test:

In short, the Sandisk drive destroyed the 32GB drive. And it’s pretty clear that the speeds of 420 MB/s read and 380 MB/s write that Sandisk quotes came from the sequential read speeds. Because any drive will perform well doing sequential reads and writes. But the random reads and writes were pretty impressive and consistent. So in short, this is the quickest USB thumb drive that I’ve come across. But there’s that one claim of “Super-fast SSD performance” that was on the packaging. While I will admit that the performance that this drive is capable of has the look of an SSD because of how balanced the performance is when it comes to random and sequential scenarios, it’s nowhere near as fast. To illustrate this, I will use the Samsung 970 EVO NVMe SSD which is currently in the “God tier” of SSD drives, and is in the same PC that I used to conduct the first two tests to illustrate this:

I’m guessing that the Samsung drive didn’t break a sweat humbling the Sandisk drive. So, why am I pointing this out? Well, if you put a claim on the package, you better be able back it up. They couldn’t and here we are talking about it. And what’s funny is that there is no fine print or disclaimers of any sort regarding this claim on the packaging. In short, someone in their marketing department needs a talking to because it seems like someone made some stuff up in hopes of selling a few extra copies of this drive to people who wouldn’t know any better.

Now if you ignore the marketing fail, this is an insanely quick USB thumb drive. There are some extras like software that will do software based encryption on the drive, and data recovery software. But in my opinion, if you need a drive that does encryption, there are secure hardware based encryption thumb drives that you should look at. And when it comes to data recovery, you should pay an expert to do that for you if you get in that situation. Though if you accidentally delete a file, I suppose it can’t hurt to run this software to see if you can get it back first.

Here’s the bottom line. If you need large amounts of storage and it has to be quick by thumb drive standards, this is the thumb drive to get. My 128GB drive cost me $49.99 CDN on Amazon. 256GB is $80 CDN and 512GB is $165 CDN. I couldn’t find a price for the 1TB version. Check it out if you fit the use case for this drive. Just don’t believe everything on the packaging.

TELUS & Google Announce Strategic Alliance

Posted in Commentary with tags , on February 9, 2021 by itnerd

Google Cloud and TELUS today announced a strategic alliance to co-innovate on new services and solutions that support digital transformation within key industries, including communications technology, healthcare, agriculture, security, and connected home. The 10-year collaboration will also accelerate TELUS’ IT and network modernization initiatives, enabling further operational agility and supporting improved customer experiences. 

As part of the partnership, TELUS and Google will collaborate on the following initiatives:

  • Reimagining the future through co-innovation: Google Cloud and TELUS will generate new industry solutions and go-to-market strategies that will drive growth in adjacent industries, commencing with communications technology, healthcare, agriculture, security and automation. One of the areas of focus will be on redefining the way healthcare and agriculture solutions are delivered, increasing collaboration and efficiency between healthcare providers, providing consumers with fresher and healthier food by improving traceability, and enabling business customers to streamline their IT and network operations. Both companies will also collaborate on the evolution of entertainment and smart home technology, bringing state-of-the-art connectivity, control, and convenience to more families and businesses.
  • Accelerating TELUS’ digital transformation: TELUS will accelerate its public cloud adoption on Google Cloud’s enterprise platform to drive greater operational efficiency of its core IT and network infrastructure. Through this partnership, Google Cloud will also become one of TELUS’ partners in the delivery of 5G services and Multi-Access Edge Computing (MEC), which leverages Google Cloud’s managed application platform, Anthos. TELUS will utilize Google Cloud Contact Center AI to reinvent the customer experience, improving customer interactions and realizing significant savings. To increase growth opportunities, TELUS can expect enhanced agility, scalability, and reliability across its wireless and wireline services and numerous lines of business including security, agriculture and healthcare. 
  • Embracing sustainability and social responsibility: As recognized global leaders in corporate social responsibility, TELUS and Google Cloud will prioritize working together to improve the social, economic, environmental, and health outcomes for Canadians. TELUS and Google Cloud will strengthen their respective commitments to building a more sustainable world through technology by reducing TELUS’ carbon footprint, creating value along the entire supply chain for businesses significantly impacted by COVID-19, and optimizing industry solutions for social impact through data analytics and machine learning.

TELUS and Google will continue to partner with TELUS International, a digital customer experience (CX) innovator that designs, builds and delivers next-generation solutions for global and disruptive brands, to help enterprises achieve their digital transformation goals.