Archive for December 6, 2021

The Markup Details How Much Life360 Relies On Selling Data…. And What Might Be In Store For Tile Users Now That They Own Tile

Posted in Commentary with tags on December 6, 2021 by itnerd

Last week I wrote about Life360 and their purchase of Tile. In that writeup, I mentioned this:

But I suspect that Tile users may want to be ready for Life360’s rather craptastic privacy policy. Life360 data harvests and sells your data (including location data). My sense is that this will mean that Tile users will likely defect to other solutions. 

Well, there are more details about the way they handle data. And the details don’t paint Life360 in a positive light:

Through interviews with two former employees of the company, along with two individuals who formerly worked at location data brokers Cuebiq and X-Mode, The Markup discovered that the app acts as a firehose of data for a controversial industry that has operated in the shadows with few safeguards to prevent the misuse of this sensitive information. The former employees spoke with The Markup on the condition that we not use their names, as they are all still employed in the data industry. They said they agreed to talk because of concerns with the location data industry’s security and privacy and a desire to shed more light on the opaque location data economy. All of them described Life360 as one of the largest sources of data for the industry. 

And this doesn’t help Life360’s cause either:

Meanwhile, selling location data has become more and more central to the company’s health as it’s struggled to achieve profitability. In 2016, the company made $693,000 from selling data it collected. In 2020, the company made $16 million—nearly 20 percent of its revenue that year—from selling location data, plus an additional $6 million from its partnership with Arity. 

So Tile users, this is who has purchased your location tracking service. They don’t sound like the best people, and I for one would interested to see how Life360 responds to this so that their purchase of Tile doesn’t go down the tubes.

Russian Hackers Make The Rounds With Ceeloader Malware

Posted in Commentary with tags on December 6, 2021 by itnerd

Russian hacking group is using new stealthy type of malware called Ceeloader. The Nobelium hacking group has continued to breach gov’t and enterprise networks worldwide by targeting their cloud and managed service providers:

Ceeloader communicates via HTTP, while the C2 response is decrypted using AES-256 in CBC mode.

The custom Ceeloader downloader is installed and executed by a Cobalt Strike beacon as needed and does not include persistence to allow it to automatically run when Window is started.

Nobelium has used numerous custom malware strains in the past, specifically during the Solarwinds attacks and in a phishing attack against the United States Agency for International Development (USAID).

And:

To hamper attempts at tracing the attacks, Nobelium uses residential IP addresses (proxies), TOR, VPS (Virtual Private Services), and VPN (Virtual Private Networks) to access the victim’s environment.

In some cases, Mandiant identified compromised WordPress sites used to host second-stage payloads that are fetched and launched into memory by Ceeloader.

Finally, the actors used legitimate Microsoft Azure-hosted systems with IP addresses that had proximity to the victim’s network. 

This approach helps blend external activity and internal traffic, making detecting the malicious activity unlikely and the analysis harder.

Eddy Bobritsky, CEO, Minerva Labs (www.minerva-labs.com) had this commentary:

“The Ceeloader looks to be another evolution step in the ever increasing malware sophistication, using more improved evasion techniques and very specific low level attack methods such as file-less downloading and memory injection.

Most traditional antiviruses and protection services base their detection on known signatures and threat actor behaviors. This makes attacks like these very difficult to mitigate for zero-day and unknown malware variants, especially those designed to evade detection, and require specialized approaches like implementation of Hostile Environment Simulation Models along with other anti-evasion protection techniques.”

This seems pretty scary for admins and those who are charged with protecting networks from being hacked and pwned. I guess it’s time for everyone to bring their “A” game to keep this threat at bay.

Security.org Research Finds Passwords Managed By Memory Have 2x Chance Of Being Stolen Or Compromised

Posted in Commentary with tags on December 6, 2021 by itnerd

Nearly one-third of Americans had their identity or online credentials stolen in the past year yet, per new research, just one-in-five Americans (estimated 45 million) currently use an encrypted password manager (also known as “password vault”). Another 128 million non-users are open to trying them, but is there more to blame for slow adoption than concerns about security and cost? And, has the further increase in cybercrime during the pandemic made a difference in those – including recent victims – who may now consider the option?

Security.org surveyed more than 1K American adults about their personal experience with cybercrime, methods of password tracking, and opinions of password manager applications, and found that:

  • Among those who suffered a password or identity theft, 90 percent were not using a password manager at the time
  • Those who rely on their memory to manage their passwords are twice as likely to have their credentials or identity stolen as those who use password storage tools
  • More than two-thirds of those who don’t currently use password managers, or approximately 128 million people, would consider getting one in the future
  • Our personal, professional and financial information reside behind passwords that 60 percent of Americans track with their memory or paper notes

Full research is here: https://www.security.org/digital-safety/password-manager-annual-report/

TekSavvy Publishes Dystopian Digital Comic Book That Refers To Today’s Challenges In The Telco Space

Posted in Commentary with tags on December 6, 2021 by itnerd

In an absolutely brilliant move, Canadian telco TekSavvy has just published a digital comic about a dystopian future that reflects a real and significant shift over the past few years in Canada’s telecommunications industry toward fewer companies consolidating their market power and influence over decision-making processes.

Though the comic is an exaggeration, this cautionary tale reflects a real and significant shift over the past few years in Canada’s telecommunications industry toward fewer companies consolidating their market power and influence over decision-making processes. I just read it and it’s very much worth looking at and sharing with your friends.

StrikeReady Honored with 2021 ‘ASTORS’ Homeland Security Award 

Posted in Commentary with tags on December 6, 2021 by itnerd

StrikeReady, a cloud-based security operations and management company, announced today that it was named a 2021 ‘ASTORS’ Homeland Security Award for Best Threat Intelligence Solution by American Security Today.

The Annual ‘ASTORS’ Awards, now in its sixth year, is the preeminent U.S. Homeland Security Awards Program, highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today. The program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security, enterprise and public safety vertical markets.

American Security Today (AST), the ‘New Face in Homeland SecurityTM’, is the premier digital media platform in the U.S. Homeland Security and Public Safety Industry, focused on breaking news and in-depth coverage of the newest initiatives and hottest technologies in physical & IT security on the market today. AST highlights the most cutting-edge and forward-thinking security solutions across a wide variety of media products delivered daily, weekly and monthly to over 75,000 qualified government and security industry readers, essential to meeting today’s growing security challenges to ‘Secure our Nation, One City at a Time™’. To learn more visit www.americansecuritytoday.com, or contact AST by email at mmadsen@americansecuritytoday.com or phone 646-450-6027.

StrikeReady Inc. is a cybersecurity startup based out of California. The company was founded in 2019 and offers the industry’s first cloud-based security operations and management platform that enables organizations to increase the effectiveness, efficiency, and affordability of their security operations, while empowering and augmenting cybersecurity teams with institutional knowledge and automation.

StrikeReady is backed by several Bay Area VC firms, along with executives from FireEye, CrowdStrike, Zscalar, and others.

StrikeReady has won numerous awards and mentions in the short time that it has been in existence, including American Security Today ‘ASTORS’ Homeland Security Award 2021, Security Today’s Product of the Year Award 2021, Globee’s Disruptor Award 2021, CB Insights 2021 Cyber Defender, and 2020 Red Herring’s Top 100 North America Award. Connect with them at www.strikeready.co.

The CCTS Report Is Out And The Results Are Interesting

Posted in Commentary with tags on December 6, 2021 by itnerd

The annual report from the Commission for Complaints for Telecom-television Services (CCTS) is out, and if you’re Bell, Rogers or Fido, the news is bad for you. Out of 42,000 complaints covering all aspects of the telecom industry, here’s how things broke down:

  • Bell represented 20 percent of complaints
  • Rogers was in second with 13.9 percent of complaints
  • Fido in third with 10 percent of complaints

If you’re wondering where TELUS is, the were at 7 percent of complaints.

The most complained about category was wireless services. The second most complained about category is the internet. TV was in third place. I’ve linked the report above and I encourage you to give it read.

Guest Post: 2022 Cybersecurity Predictions

Posted in Commentary with tags on December 6, 2021 by itnerd

By Anurag Gurtu, CPO of StrikeReady 

As we foray into the second decade of the 21st century, it’s worth looking at what cyber-security might be in 2022. What are some possible predictions? How will this industry evolve and change to keep up with more sophisticated hackers and cybercriminals?

Over the years, the rise in cyberattacks’ sophistication has become more significant. We all know that in 2021, one of the worst things was when Colonial Pipeline suffered a cyber attack that caused fuel shortages across much of their East Coast. This event had significant consequences for America and its people. Microsoft Exchange also got hacked last December, resulting in denial-of-service attacks that paralyzed many operations around North America (and even Europe). There were some more types of attacks leaving some negative impact, and this is inevitable.

I believe that in 2022 the hackers will become more sophisticated and take advantage of the current geopolitical climate. My biggest concern is that hackers have speedier access to newer technologies and organization won’t be able to keep up with them. And if things continue this way in the coming years, it’s definitely going to disrupt several normal business flows – if not a total business ruin. Hence, it is now important to stay ahead of such threats. By being proactive, every organization stands a better chance against cybercriminals seeking to take advantage of loopholes. In this regard, here are my top cybersecurity predictions for 2022 that every business needs to be aware of. 

  • Digital Cyber Analyst

The coming year is expected to be most challenging concerning the ongoing cybersecurity talent crunch. Among the factors responsible include digital transformation initiative, accelerated adoption of hybrid cloud, and post-pandemic projects ramping up. There is a need to augment cybersecurity workforce using Digital Cybersecurity Analysts. These Digital Analysts will learn in real-time from the experiences and knowledge of other cyber experts all over the world, then use this information to guide junior analyst with their decision-making processes when it comes time for resolving threats or proactively protecting their organization. A digital analyst is the newest trend and will grow in number even more through 2022 and beyond.

  • Deep Fake Tech

Deep fake content – manipulation of video or other digital material designed to make someone else look like they’re saying something when it’s not them is gaining popularity with each passing day. Also, machine-learning algorithms can create realistic-looking videos without human input whatsoever. Several open sources have noted how threat actors have utilized manipulated media to bypass multi-factor authentication (MFA) security protocols. The same approach has been used successfully against Know Your Customer (KYC) identity verification. I believe that deep fake technology will become more readily available in 2022, while criminal espionage actors will increasingly utilize manipulated media to achieve their objectives.

  • Automotive Hacking

As we can see, the automotive industry is going through a massive transition, not only shifting from an oil based fuel source to a totally electric source, but also seeing a massive overhaul of technology – autonomous driving. Assuring that these vehicles are secure from hackers will be one of its biggest challenges. In the event of an attacker taking control of a self-driving car, they would endanger not only themselves but those around them as well.

  • Increased Aggressiveness with Cyber Warfare

In this case, four prominent nation-state actors, including Russia, Iran, China, and North Korea, are expected to show enhanced aggressiveness with cyberwarfare. This is especially for Russia as several recent incidents, such as the manipulation of UNC2452 authentication methods, have shown that the country possesses a high level of sophistication when it comes to cyberwarfare. Also, Iran is likely to consider creating more power balance towards its own interest, with more emphasis on region promotions. As for China, the country is expected to continue supporting the Belt and Road initiative with the use of cyber-espionage while North Korea is willing to take the risk, if need be, and continue funding nuclear ambitions and strategic intelligence with the North Korean cyber apparatus. And as these nations use “cyber operations as a low-cost tool of statecraft” as part of their malpractices, I do not see any slowdown for these nations, while some more may also join in 2022. 

  • Increased risk to US infrastructure

With cyber-attacker now intensifying and data breaches rising, there is an expectation that many US infrastructures would be at increased risk. This is already in play as a US insurance giant had to pay $40 million in ransom to hackers in May 2021. It is expected that the ransom demand from attackers will also increase in the coming year. 

  • Accelerated use of Ransomware as a Service

One of these troubling trends is Ransomware-as-a-Service (RaaS). As cyber criminals lease ready-made malware tools to buyers, increasing accessibility makes this threat more relevant than ever before because anyone can perform attacks with little technical expertise no matter what level they are at in criminal endeavor.

  • Larger Extortion Payouts with a Rise in Bitcoin Prices and Crypto Hacking

In 2021 we saw most of the extortionists threatened companies to pay large sums of money in Bitcoin. This has a lot to do with the rise in Bitcoin-to-USD price and as these prices are expected to rise again, I believe that a larger wave of an extortion payout may not be farfetched. And with cybercriminals using various techniques including “mixing” – where funds from different users are mixed together so as to break any traceable trail, making them less likely to get caught thing are just going to get worse. 

Hacking also plagues the world of crypto currencies. In a world where money becomes pure software, hackers will have a blast. In the coming year and years to come, I anticipate them becoming more aggressive with stealing bitcoins and altcoins.

  • A New Wave of Attacks Targeting Cloud Services

The continual rise of the cloud-based technologies and infrastructure does not show any sign or indication of slowing down. In fact, organizations are expected to keep relying on cloud or cloud-hosted third-party providers for fundamental business tasks. Cloud vulnerabilities are no longer an exception, especially with the adoption of remote work following pandemics have made them a necessity. Thus I see them as a prime target of compromise due to its high-value nature.
 

  • Let’s Confuse the Market with another Buzz Word – XDR

XDR is the future of cybersecurity according to almost every analyst firm and security vendor. It is the magic bullet that can detect new threats and protect enterprises that have needs we have yet to imagine, such as in a hybrid-work environment. I view it as another promise SIEM made and couldn’t keep. So who am I to disagree with industry experts who have already agreed on XDR being the next big thing? 

GoAnywhere Achieves SOC 2 Type 1 Compliance

Posted in Commentary with tags on December 6, 2021 by itnerd

GoAnywhere by HelpSystems announced today it has successfully completed the SOC 2 (System and Organization Controls) audit assessment for its managed file transfer (MFT) solution. Completing this audit assessment demonstrates HelpSystems’ commitment to ensuring customers have the highest level of cybersecurity possible as they transfer files. SOC 2 assessment completion also gives customers additional confidence in GoAnywhere for secure file transfer activity. 

As a key part of HelpSystems’ security and automation portfolio, GoAnywhere MFT is an industry leader in the secure movement, automation, and integration of data both in and out of the cloud. 

SOC 2 engagement is an attestation standard defined by the AICPA (American Institute of Certified Public Accountants). 

GoAnywhere by HelpSystems is an award-winning cybersecurity product line that helps more than 3,000 global enterprises, governments, and small and medium organizations safely connect to their trading partners, automate their IT processes, protect their data, and keep their sensitive information out of the DMZ. 

HelpSystems is a software company focused on helping exceptional organizations Build a Better IT. Their cybersecurity and automation software simplifies critical IT processes to give customers peace of mind. Learn more at www.helpsystems.com.