Archive for March 21, 2022

White House Warns Russia Preparing Possible Cyberattacks Against US

Posted in Commentary with tags , , on March 21, 2022 by itnerd

The Biden administration has warned in recent weeks that Russia could look to target infrastructure in the U.S. or elsewhere with cyberattacks, but officials previously said there was no specific or credible threats against the U.S.

White House deputy national security adviser Anne Neuberger said Monday that officials have seen some “preparatory activity” and that the administration briefed companies who could be affected in a classified setting last week.

Lucas Budman, CEO of TruU (www.truu.ai) has this comment:

“Enterprises need to act and ensure all attack surfaces are covered. While network and endpoint protection are important, identity is the biggest laggard and the ripest for attack with approximately 80% of breaches linking back to it. Most business still use passwords but there is no safety in numbers as credentials can be compromised from phishing, brute force, credential stuffing, or buying lists of already compromised accounts. After all, people tend to reuse passwords which results in 2FA effectively being secured by just the second factor alone. Passwordless MFA inclusive of biometrics, presence, and behavior is one of the few modern options to dramatically limit the identity attack surface.”

I’m not really surprised by this as Russia is known for housing groups that perpetrate cyberattacks. Thus businesses in the US and beyond should heed this warning and do what they need to do to prepare themselves for what is sure to be a barrage of cyberattacks in the next few weeks.

Leave a comment »

iCloud Has Been Down In Whole Or In Part…. And That Includes For Apple Employees #iCloudDown #iCloudOutage

Posted in Commentary with tags on March 21, 2022 by itnerd

Apple is having a very bad day today as just after noon EST iCloud went down. The thing was for at least 45 minutes, Apple’s Status Page was saying everything was fine when in fact it was the exact opposite.

And those complaints were surfacing on Twitter, Down Detector and other places. If you do a search for #iCloudDown or #iCloudOutage on Twitter for example, it won’t be hard for you to find examples of this. But ultimately Apple did admit there were issues. Lots of issues. At one point I counted 23 separate iCloud services that were down. You can click on the Tweet above to see the screenshots that I took and examples of what you would get if you encountered a service that was out.

As I type this, 9 Services are still out. Which is still not good. But better than it has been.

But it’s not just consumers that are dealing with this outage. It appears that Apple Employees are as well:

And this was confirmed with this Tweet:

Apple’s services don’t go down that often. But this is pretty catastrophic. And everyone knows about it. Which means that Apple will have to explain this at some point. The question is, how transparent will they be? I’m guessing not very transparent. But I am free to be surprised.

UPDATE: As of 3:38 PM EST Apple claims that everything is back online.

1 Comment »

The Browser In The Browser (BitB) Phishing Attack Is Deadly

Posted in Commentary with tags on March 21, 2022 by itnerd

According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).

While the default behavior when a user attempts to sign in via these methods is to be greeted by a pop-up window to complete the authentication process, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window:

With this technique we are now able to up our phishing game. The target user would still need to land on your website for the pop-up window to be displayed. But once landed on the attacker-owned website, the user will be at ease as they type their credentials away on what appears to be the legitimate website (because the trustworthy URL says so).

Well, that’s not good. Largely because one thing that I tell users to do during the security training that I provide is to check the URL. But reading the write up that mrd0x_ has, this advice no longer has any value.

Lucas Budman, CEO of TruU (www.truu.ai) had this to say:

“Bad actors continue to create clever ways to trick people into thinking that their malicious sites are actually a valued business resource. With these exploits, it’s only a matter of time before employees unknowingly provide their passwords to the wrong person (and relegating MFA to a single factor as the password is already compromised). This is particularly dangerous because people re-use passwords including places that are not MFA enabled. As long as username/password is used, even with 2FA, it is completely vulnerable to such attacks. As bad actors get more sophisticated with their attacks, the move to passwordless MFA is more critical now than ever. Eliminate the attack vector by eliminating the password with password-less MFA.”

It will be interesting to see what sites do to combat this attack. In the meantime, looking into passwordless authentication is one option to keep yourself safe as Google and Microsoft do support that. And many other companies have or are coming to market with similar solutions.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“Web-based attackers have become increasingly sophisticated: from the backend, they’re using obfuscated and polymorphic code to dodge blockers or URL filters; from the front end, they are using elaborate JavaScript constructions to deceive even the most vigilant Internet users – the Browser-in-the-Browser attack is a perfect example.”

“Combined with malicious redirects embedded on-site through compromised third-party code, this technique provides a method that attackers could use to funnel users from a legitimate website (like CNN) to a fraudulent one without requiring them to click on a single ad or suspicious email. This is just one of many reasons we say organizations need to be more focused on Web and mobile devices: these digital channels are the next frontier for malicious actors.”

Leave a comment »

Simply Easier Payments Expands Services To the Financial Advisor Vertical 

Posted in Commentary on March 21, 2022 by itnerd

Simply Easier Payments, which offers turn-key and customized payment solutions for highly regulated industries, is extending its offerings to include working with financial advisors in addition to the insurance sector.  

Since 2006, the Durham-based company has partnered mainly with insurance agencies, MGAs, and carriers on payment processing solutions, and it’s now turning that experience working within state and federal regulations to the financial advisor industry, which is also highly regulated.

Simply Easier offers both standalone payment options that can be set up quickly as well as customized solutions with company branding that can be embedded within the company’s own website. In both cases, customer information is kept secure in a Payment Information Vault and all applicable state and federal regulations are followed. Simply Easier maintains the highest level of security with PCI Level 1 validation.

For fee-only financial advisors, Simply Easier guarantees that access to account information and payment authorization remains strictly with the client, ensuring non-custodial financial advisors do not have access to sensitive customer data. Its robust customer portal also allows for automated invoicing and client-controlled auto-pay features.

Founded in 2006, Simply Easier Payments is a leading total payment solution partner for the insurance sector and financial advisors accepting mobile and online payments. Providing a one-stop credit card payment processing solution designed for regulated businesses, it offers a hassle-free experience without the high fees other providers charge, and it’s 100 percent compliant in all 50 states in the U.S. For more than a decade, Simply Easier Payments has provided secure, compliant, and reliable payment solutions to thousands of businesses around the nation. Since its inception, reliability and affordability have been the cornerstone principles for delivering real, working solutions to its customers. To learn more, visit:  https://www.simplyeasier.com. 
                                                                                                                   

Leave a comment »

FBI Posts Warning About AvosLocker Ransomware

Posted in Commentary with tags on March 21, 2022 by itnerd

The FBI has warned of a ransomware which uses DDoS to threaten victims of its attacks. AvosLocker “claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets,” said the FBI’s Intent Crime Center (ICS) report. AvosLocker RaaS launched in July 2021 and has continued to attack US critical infrastructure.

Peter Stelzhammer, Co-Founder, AV-Comparatives offered up this advice:

“Never ever pay the Ransomware – have back-ups.” 

“Ransomware is a type of malware that is capable of encrypting a victim’s files. In order to restore access for the victim, the attacker demands a ransom. This amount can range from a few hundred to millions of dollars or euros. It is believed that the first ransomware attack took place in 1989 and the healthcare industry was the target. Three decades later, ransomware attacks continue to grow rapidly and pose greater challenges to businesses than ever before.”  

“As the entire world underwent a significant shift in digital direction due to the 2020 pandemic, cyber threats to businesses also skyrocketed.  According to studies, the third quarter of 2020 saw a 139% year-over-year increase in ransomware attacks compared to the third quarter of 2019. These attackers not only hold networks or data hostage, they also exfiltrate data and threaten to release it if their financial demands are not met.”

“In recent years, there has been an evolution in the nature of ransomware attacks. Compared to old-school attacks, we are now seeing the use of coordinated and strategic ransomware. This new technique involves deep penetration of target systems instead of simply sending a series of spam emails with attachments. These security incidents are commonly referred to as “big-game hunting” and begin with an initial vector. The most common of these vectors include:”  

  • Phishing: Attackers impersonate someone they are not, such as a representative of a bank or telecommunications company, to obtain victims’ passwords, account information, etc.” 
  • Network vulnerability: If the software of network devices is not patched, attackers can easily exploit this vulnerability to initiate ransomware attacks.”
  • Remote desktop protocol: cyber perpetrators can also access a device via a remote desktop software tool and grab information.”

“Looking at the current state of affairs, it is likely that combating ransomware will be a top priority for cybersecurity professionals in the coming years. Some of the recommended measures to reduce the risk of a ransomware attack include:  

  • Using an effective spam filter 
  • Configuring desktop extensions 
  • Filtering out files with typical malicious extension from emails   
  • Blocking malicious JavaScript files 
  • Rights management 
  • Ensuring all software is updated with the latest security patches 
  • Move to a zero-trust architecture  
  • Prioritizing assets and evaluating traffic 
  • Implement strict policies at segmentation gateways, application level, and in NGFWs. 
  • Adaptive monitoring and tagging 
  • Additional threat protection through the use of a cloud access security broker (CASB) 
  • Rapid response testing 
  • Consistent updating of anti-ransomware software  
  • Storage of backups offline 
  • Block advertising 
  • Updating email gateways 
  • Raising awareness of ransomware among employees”

This ransomware, and the people behind it are very unique as I’ve never heard of anything like this where you get phone calls, threats of DDoS attacks and the like. I can see how this would warrant a warning from the FBI, which means that enterprises everywhere should take this seriously.

UPDATE: Saryu Nayyar, CEO and Founder, Gurucul added this commentary:

“This is another example of pen testing tools weaponized for usage by threat actors. The DDoS is a new twist where those types of attacks used to be commonly run to help malware exploits slip passed overrun resources similar to a mob distracting guards to allow the true threat to slip passed defenses. In this case, it is used as punishment for negotiations not going so well. These types of ransomware attacks show that current XDR and SIEM solutions are insufficient at preventing the successful data theft and detonation of the payload. The time it takes for these platforms to detect the various techniques and tools used to evade current defenses has proven to be too late to prevent damage and loss.  A solution incorporating a large set of machine learning models that are self-training along with behavioral analytics to identify the unusual activity can also adapt to the newer attack techniques being implemented and is therefore more apt to stop the attack at different points in the kill chain.  Very few solutions can automatically correlate, analyze and prioritize an emerging attack campaign like this out-of-the-box to prevent the ransomware attack from being successful.” 

UPDATE #2: Saumitra Das, CTO and Cofounder of Blue Hexagon had this to say:

“Ransomware has recently moved to using double extortion and triple extortion so that they can extract payment for leverage, not just by encrypting files which tends to be harder. This is a newer technique that is somewhat connected to threats of disrupting servers in an affected organization from the inside. The key new aspect here is the threat of DDoS from outside instead of disrupting processes in internal machines.”

Leave a comment »