Archive for April 21, 2022

Five Eyes Serves Up A New Warning About Russian Cyber Threats

Posted in Commentary with tags on April 21, 2022 by itnerd

USA, Canada, New Zealand, The United Kingdom and Australia who are known collectively as the “Five Eyes” have released a warning about Russian State-Sponsored actors taking aim at critical infrastructure:

Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations

Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.

This means that attacks are likely inbound on any country that supports Ukraine. And it means that we all need to up our cybersecurity game. To get some color commentary on this, I reached out to Darktrace and got a pair of quotes. The first is from Darktrace’s CEO, Poppy Gustafsson:

“Since the start of the war critical infrastructure globally has been on high alert to cyber-attacks. Russia has previously displayed its ability to get into the heart of critical systems and launch attacks in cyber space that have real-world impacts – such as the attack on Ukraine’s energy grid in 2015. The attack on Colonial Pipeline last year also served as a wake-up call showing defenders of critical national infrastructure that no system is invulnerable to attack.

While we’ve seen examples in the Ukraine conflict of attacks targeting industrial systems, such as Industroyer 2.0, we have yet to see any novel cyber-attacks at scale during the crisis to date. But we can say with a degree of confidence that the Russian state and state-affiliated actors have novel and destructive cyber-attacks in their arsenal and it is only a matter of time before these are deployed.

The warning from the Five Eyes represents another global effort to combat disinformation, and serves as another reminder of the urgency with which defenders must act to ensure their digital assets are protected. We have to think about the people on the other side of these warnings; the people that are responsible for defending critical infrastructure. These defenders can only take a ‘shields up’ approach so far – we must augment security teams with advanced technology that can spot, stop and investigate attacks on their behalf.”

Additionally, I have the following comment from Darktrace’s Canadian Director of Enterprise Security, David Masson:

“The US Government set a precedent some weeks ago by issuing warnings about Russia’s attack plans for the invasion of Ukraine. This was a Five Eyes government releasing intelligence to the public about Russia’s intentions. Our own intelligence agencies have repeatedly warned us about potential Russian cyber-attacks on Canadian critical infrastructure.

In the last twenty-four hours, the head of the Canadian Centre for Cyber Security, Sami Khoury, shared a joint Five Eyes advisory on social media about the “increased risk of malicious cyber activities posed by Russian state-sponsored advanced persistent threat (APT) actors, their proxies, and independent cybercriminal groups.” On American television, the US Deputy Attorney General, Lisa Monaco, said that the Russians are probing critical infrastructure, and she used the analogy of a burglar “trying to jiggle the lock to see if it’s open.” 

Now is the time for all Canadian organizations, private and public, critical infrastructure or not, to work on their resilience plans, train staff, and be ready to deploy technology to deal with cyber-attacks. We need to make sure our doors are locked, but more importantly, our jewels are locked in a safe. We need to assume that sophisticated attackers will find a back door (or window) to get in and that we are prepared to catch them once inside.”

Seeing as Russian backed threat actors are already going after critical infrastructure in Ukraine, it a certainty that those attacks are coming here. Thus now is a great time to get your defences in order so that you don’t become the next company with a really bad headline.

Leave a comment »

Rogers Announces 2.5 Gbps Symmetrical Fibre…. Which Won’t Be Coming To You Anytime Soon

Posted in Commentary with tags on April 21, 2022 by itnerd

Hot off the heels of Rogers rising from the dead after being beaten down by Bell for years because Bell has a much faster Internet offering, comes this announcement. To follow up with their announcement of 8 Gbps fibre that is coming this summer, comes the announcement of 2.5 Gbps service:

Rogers announced today that it has launched new fibre-powered Ignite Internet packages and bundles, with symmetrical download and upload speeds of up to 2.5 Gigabits per second (Gbps). Existing Rogers customers that subscribe to Ignite Internet Gigabit 1.5 will be automatically upgraded to symmetrical speeds up to 2.5 Gbps starting today at no extra cost. Building on its commitment to provide leading next-generation products and services to its customers, Rogers is offering even faster download and upload speeds in a growing number of homes and neighbourhoods across Ontario, New Brunswick and Newfoundland.

That’s great if you have their 1.5 Gbps service. Because prior to writing this story I pinged a bunch of my clients all over what is known as the Golden Horseshoe which is basically Toronto, east of Toronto, Hamilton, and Niagara Region and nobody has their 1.5 Gbps service. Most of them are stuck on Rogers uncompetitive and rather embarrassing 1 Gbps downstream/30 Mbps upstream service or tiers that are slower than that. Which means that this new service isn’t going to benefit the majority of Rogers customers anytime soon. Contrast that with Bell who served this up on Twitter this morning:

Bell continues to be hyper aggressive in terms of getting their fibre network to more places as fast as they can as evidenced by the Tweet above. As a result Bell’s fibre footprint is massive compared to what little fibre Rogers has. Which means that Bell’s lead when it comes to the speed of their Internet offerings is only going to increase, and conversely Rogers will continue to be on the back foot desperately trying to catch up. It also does it solve the issue of Rogers customers who can’t get above 1 Gbps looking at Bell and saying “Bell’s speeds destroy’s anything that Rogers has to offer. Let’s switch to them.”

So while this release from Rogers, and the one that they put out earlier this week sound good. They’re really meaningless as these moves from Rogers do nothing to help existing and loyal Rogers customers get a competitive Internet product from the telco. And that’s going to bite Rogers sooner rather than later.

2 Comments »

Guest Post: Web Threats Increase By Over 130% At The End Of 2021 Says Atlas VPN

Posted in Commentary with tags on April 21, 2022 by itnerd

Web threats affect everyone and every device that is connected to the internet. Web threats enter users’ networks without their awareness and can be activated by opening a spam email or clicking on an executable file attachment.

According to the data presented by the Atlas VPN team, web threats have increased by 133% in November and December of 2021, compared to September and October. In addition, JavaScript downloaders and crypto miners were the most active web threats at the end of 2021.

Web threats reached 59,478 unique malicious URLs in September 2021, which resulted in 319,497 total threats. In October, the number kept slightly increasing to 60,440 unique malicious URLs, accumulating 361,184 hits.

November and December months combined accumulated 133% more web threats than September and October. The 84,470 unique malicious URLs in November turned into 833,924 total web threats. Even more, unique malicious URLs were seen in December at 93,999, which aggregated 749,956 threats.

Black Friday and Christmas sales in November and December influenced the rapid increase in web threats. Cybercriminals are particularly active during these seasons as they target e-commerce websites to steal customer personal information.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on web threats:

“The landscape of web threats has changed dramatically in recent years. Smart devices and high-speed mobile networks have enabled an always-connected route of malware, fraud, and other compromises. The top concern that continues to pose new risks to security and privacy is the lack of caution when using the web.”

Most popular web threats

Cybercriminals can employ different types of web threats to target people’s devices.

JavaScript (JS) downloaders were observed to have 61,283 unique malicious URLs, which accumulated 726,372 total threats from October to December 2021.

From the total of 628,725 crypto miner threats, 59,550 were unique malicious URLs. Web miners that operate in internet browsers demand substantial CPU resources, causing computer use to be exceedingly slow.

Next up, 328,310 web threats were collected from 26,614 unique URLs with web skimmers. JavaScript redirectors amassed 115,497 web threats, of which 4,097 were unique malicious URLs. Finally, web scams accumulated 86,999 total threats, of which 15,130 were unique malicious URLs.

To read the full article, head over to: https://atlasvpn.com/blog/web-threats-increase-by-over-130-at-the-end-of-2021

Leave a comment »

OVHcloud Acquires ForePaaS

Posted in Commentary with tags on April 21, 2022 by itnerd

OVHcloud, the European leader in cloud computing, announces that it has acquired ForePaaS, a unified platform specializing in data analytics, machine learning, and artificial intelligence projects for businesses. The 23 employees of the ForePaaS teams as well as its founders are joining the Group’s ranks as of today, to jointly build a set of solutions that will actively contribute to the deployment of OVHcloud’s growth acceleration strategy by enriching its Platform as a Service (PaaS) offering.

Since inception in 2015, ForePaaS has distinguished itself with key accounts thanks to its integrated solution that allows to initiate, simplify, and accelerate the implementation of machine learning and data analytics projects. The ForePaaS suite addresses a very wide range of use cases to fully manage the data value-chain and create critical applications based on data for analysis, business intelligence and optimization of existing processes.

The ease of use and deployment of the ForePaaS solution has enabled the company to quickly develop an international customer base. In Europe, its expertise has been adopted by Klépierre and Gefco. In Asia, ForePaaS has notably entered a strong partnership with the Mitsubishi Research Institute (MRI), which will be further developed in the context of this operation.

This additional expertise will ultimately be integrated into the development environments that OVHcloud delivers to its 1.6 million customers worldwide. Building on a unified roadmap, developers will be provided with a complete suite of solutions to address the entire data value chain, from storage to database administration to artificial intelligence algorithms. The technical bricks of the ForePaaS analytics platform will thus be at the heart of OVHcloud’s value proposition in the Platform as a Service segment.

These new solutions will be fully integrated into OVHcloud’s value proposition, which aims at providing technologies with the best price-performance ratio in an open, reversible, predictable, and transparent environment.

In line with the recent acquisitions of OpenIO, Exten Technologies and BuyDRM, OVHcloud will pursue its strategy of targeted acquisitions to accelerate the deployment of PaaS solutions on an open and trusted infrastructure that provides unfettered sovereignty over data. To date, OVHcloud offers a catalog of more than 70 PaaS solutions and plans to expand it to 80 by the end of August 2022.

Leave a comment »

Hackers Spoof Credit Unions to Obtain User Credentials and Extract Funds: Avanan

Posted in Commentary with tags on April 21, 2022 by itnerd

In February, the National Credit Union Administration (NCUA) put out a statement noting that, due to the geopolitical climate, credit unions should “adopt a heightened state of awareness and to conduct proactive threat hunting.” Studies showed that 66% of credit unions lack proper email security to protect against phishing and 92% of credit unions don’t have strong enough email security. Avanan researchers have seen a significant uptick in spoofs of local credit unions, all with the goal of taking funds and credentials from end-users.

With that said Avanan, A Check Point Company published a new attack brief that analyzes how threat actors are impersonating local credit unions to get into inboxes. Hackers presented victims with a variation of attack strategies, ranging from wire transfer codes to incoming payment notifications to document alerts. 

I would recommend giving this report a look as it not only details the attack strategies, but it also makes suggestions as to how to mitigate these attacks.

Leave a comment »

Review: Kensington UH1400P USB-C Mobile Hub And 100W USB-C Power Adapter

Posted in Products with tags on April 21, 2022 by itnerd

Over the last few months I’ve been evolving my home office desk setup. Which meant looking at the tech and other items that I have which allows me to be more productive. While I admit that this is still a work in progress, the pieces are starting to fall into place on that front. One of those pieces is the Kensington UH1400P USB-C Mobile Hub which is currently my docking solution of choice at the moment. Let’s have a look at the mobile hub.

From the back you get a HDMI 2.0 port capable of 4K resolution at 60 Hz, a USB-A 3.2 Gen1 port, and a USB-C port which supports USB-C PD 3.0 power delivery.

On the front you get two more USB-A 3.2 Gen1 ports as well as an SD card reader and a microSD card reader. The card readers do UHS-I speeds which is 104 Mbps.

On the side you get an Ethernet jack capable of gigabit speeds.

The mobile hub is tiny. If you’re using this on the go it will easily fit into a backpack or a briefcase. In my case, I’m using it on my desk because it takes up very little real estate. It’s also made of metal (which is handy because while it is in use it is warm to the touch) and feels very premium. Kensington promises that this mobile is plug and play. And that was the case when I plugged it into my Mac as it worked without any drivers or hopping through hoops to get it going.

Now my use case is to have it connected to my Acer monitor, my uninterruptible power supply, and have it charging my MacBook Pro. To help with that last part, I also got this:

This is the Kensington 100W USB-C Power Adapter which uses GaN technology to pack a lot of charging power into a small package. And as a bonus, it won’t produce a lot of heat in the process.

Here’s the Kensington power adapter next to the Apple 140W adapter that came with my MacBook Pro. As you can see it’s significantly smaller, and I can say it’s lighter as well. Now while I will highlight that the Apple adapter will do 140W, it will only do that over MagSafe. Via USB-C it’s capped at 100W. So if you’re travelling, you likely want to carry the Kensington power adapter with you because it will take up less space and it is lighter. But in my case, I replaced the Apple adapter with the Kensington one because it takes up less space on my uninterruptible power supply. That allows me to get this result:

This gives me a one cable solution that allows me to use my monitor and charge my MacBook Pro as well as have the uninterruptible power supply communicate with my computer. And unlike the USB-C adapter that I was using previously, I get two USB-A ports and a couple of card reader ports as well. I’m not using the Ethernet jack as I’ve got 802.11ax/WiFi in the condo which eliminates the need for a wired connection.

One thing that I did observe is from a video perspective, this hub delivers much sharper and more fluid video than my previous adapter provided. And it supported 120 Hz video via HDMI even though 60 Hz is the supposed limit of the Kensington adapter. In terms of data transfer speeds, while the Kensington adapter maxes out at 5Gbps a second, I found transfer speeds from USB-A attached devices more than acceptable. If you need something faster, Kensington can sell you a Thunderbolt 3 or 4 dock. In terms of charging, the Kensington adapter is capped at 85W which is fine for me as my MacBook Pro has amazing battery life and 85W allows me to charge it at a decent rate.

In terms of gripes? I really don’t have any major ones. This seems to be a well sorted piece of kit that I’d recommend either for a portable use case or my use case. Kensington UH1400P USB-C Mobile Hub has a MSRP of $99.99 CDN and the Kensington 100W USB-C Power Adapter has a MSRP of $99.99 CDN. That’s not a lot to pay for the functionality that you get. I’d take a good look at these products if you need a USB-C hub and power adapter at your desk or on the go.

2 Comments »

Attackers Take Aim At Kubernetes & Software Supply Chain

Posted in Commentary with tags on April 21, 2022 by itnerd

A new report from Aqua Security has found that attackers are focused more on the cloud and using sophisticated tactics to aim at Kubernetes and the software supply chain. Seeing as the Kubernetes is the thing at the moment, that means that your approach has to change accordingly. Sitaram Iyer, Global Security Architect, Venafi had this to say:  

“As the popularity of Kubernetes has risen, so too has the severity and frequency of attacks on them, as cybercriminals have realised that Kubernetes can be vulnerable. The cybercrime group TeamTNT has been a real exponent of this, having compromised more than 50,000 Kubernetes clusters over the last few years, spreading malware at will, and eventually launching a cryptominer.“With the pace of innovation in cloud rocketing, so too is the number of machine identities in use for the deployed applications. Many of these applications will be spun up and down in a matter of seconds and are highly ephemeral . However, each application needs to be given an identity, which must be managed throughout its lifecycle. Enterprises are struggling to issue and manage these identities at cloud speed and scale. The result is new security risks due to mismanagement of machine identities.”

“Zero trust is vital to protecting organisations against attacks targeting Kubernetes. Its important businesses stop blindly trusting everything within their build environments and instead adopt a stance whereby every component of the build pipeline is proactively challenged.

“Automated machine identity is crucial to ensuring companies don’t kill the speed of development whilst deploying this zero trust model. Through automation, organisations can ensure the dynamic nature of cloud-native environments remain secure, as manually checking the provenance of every component of a build pipeline would take weeks. Developers need solutions that enable – instead of hinder – speed and security.”

If Kubernetes is your thing, I’d be taking Mr. Iyer’s advice as clearly threat actors are targeting you.

Leave a comment »

CommSafe AI: First-to-Market Software That Flags Toxic Workplace Emails And DMs

Posted in Commentary on April 21, 2022 by itnerd

CommSafe AI, a leader in workplace conflict and violence prevention, announces the commercial launch of its first-to-market flagship product, CommSafe AI Safe Communication Software™. The software has received certification with ServiceNow, a leader in enterprise digital process automation tools. CommSafe AI also integrates with Microsoft products and Google Workspace accounts.

The CommSafe AI tool is a Software-as-a-Service (SaaS) product that in near real-time allows companies to get ahead of threats of conflict and violence in the workplace before they escalate to situations of physical or psychological harm causing costly lawsuits. The tool uses artificial intelligence (AI) models to analyze company communication to identify toxic behaviors and IP loss.

The smart and scalable software integrates into a company’s human resource workflow to capture in real time toxic email and chat communications among employees. In addition, CommSafe AI employs algorithms not only to identify toxicity, but also poor sentiments.

Because employees feel safer knowing their company is taking steps to protect them from harassment, they are focused and more productive. Equally important, company brand reputation remains uncompromised.

Earlier this year, CommSafe AI spent time beta testing its communication analysis tool with select clients and conducted toxicity audits to assess any threats companies are currently facing.

The company’s software release comes at a time when concern over conflict and violence are at an all-time high in the United States. A recent report, “2021 State of Protective Intelligence Report: The Outlook from Physical Security, Legal, Compliance and Risk Leaders,” showed top concerns for security decision-makers at U.S. companies include a dramatic rise in physical threats, lack of unified intelligence, and physical security challenges brought on by COVID-19.

For companies and employees worried about privacy concerns, the software does not monitor electronic communications; rather it scans and flags potentially toxic language and poor sentiment.

Certification by ServiceNow is only granted to Apps available in the ServiceNow Store and signifies that CommSafe AI has successfully completed a series of tests surrounding Now Platform® security, compatibility, performance, and integration interoperability. The certification also reflects that ServiceNow best practices are utilized in the design and implementation of CommSafe AI.

Leave a comment »

Oracle Patches Java Bug That’s Very Bad

Posted in Commentary with tags on April 21, 2022 by itnerd

Oracle has apparently patched a vulnerability in server-side Java that allowed an attacker to forge some kinds of SSL certificates and handshakes, along with several kinds of authentication messages. The vulnerabilities were discovered by ForgeRock security researcher Neil Madden and documented here. But here’s the info that what you need to know:

It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU). For context, almost all WebAuthn/FIDO devices in the real world (including Yubikeys*) use ECDSA signatures and many OIDC providers use ECDSA-signed JWTs.

If you have deployed Java 15, Java 16, Java 17, or Java 18 in production then you should stop what you are doing and immediately update to install the fixes in the April 2022 Critical Patch Update.

Lovely.

Kevin Bocek, VP, Security Strategy & Threat Intelligence at Venafi had this comment:

“This vulnerability is just one more example of how important machine identities are to global security. It allows an attacker to bypass the TLS session handshake for specific servers so they can install malware and look for ways to pivot across networks. This is a serious vulnerability that needs to be patched quickly.”

Given the severity of this bug, I’d be patching all the things right now before you get pwned now that this is out there.

Leave a comment »