Archive for August 4, 2022

Mandiant Discovers Pro Chinese Information Operations Campaign

Posted in Commentary with tags on August 4, 2022 by itnerd

Mandiant today has released their findings on an ongoing Pro-PRC IO campaign leveraging infrastructure from a Chinese PR firm to spread content to inauthentic news sites. Mandiant identified at least 72 suspected sites and a number of suspected social media assets which disseminate content strategically aligned with the political interests of the People’s Republic of China (PRC). The sites present themselves primarily as independent news outlets from different regions across the world, publishing content in 11 languages. The sites are believed to be linked to Shanghai Haixun Technology Co., Ltd, a Chine PR firm.

Chris Olson, CEO of The Media Trust had this comment:

     “By now it’s widely recognized that the Web is a dangerous tool for spreading propaganda, manipulating elections and changing public opinion – but we rarely recognize how deep the problem goes. Aside from creating fake websites to spread their message, foreign adversaries regularly leverage otherwise legitimate news platforms to spread their stories in the U.S and around the world.

With the help of third-party code – which includes promoted content features and programmatic advertising – nation-state actors can reach consumers across social media and entertainment sites, mobile apps, news platforms and more. Until publishers, developers and legislators commit to defending our digital borders – not just our physical ones – misinformation and propaganda will continue to spread unchecked.”

This really underscores the line “don’t believe everything that you read”. But you can buy into the Mandiant report and it is very much worth reading as the detail level of this campaign is excellent and will give you a great view into how this campaign works.

Malicious API Traffic Now Accounts For 2.1% Of All API Traffic Seen: Salt Security

Posted in Commentary with tags on August 4, 2022 by itnerd

Salt Security yesterday published their quarterly report which found that malicious API traffic now accounts for 2.1% of all API traffic seen by its customers. On average, those organizations were hit by 26.46 million malicious API calls for the month of June 2022, a more than 100% increase compared to the 12.22 million average malicious API calls per month experienced in 2021. A total of 44% of customers are now seeing an average of 11 to 100 attack attempts every month, with 34% seeing more than 100 attempts each month and 8% seeing more than a thousand. The attacks are increasing at a time when overall API traffic grew 168% over the past year, the report noted. 

Giora Engel, CEO and Cofounder of Neosec had this to say:

     “The growth of the number of APIs with the increasing traffic is leading to an increase in the number of attacks, As the API attack surface grows, so does the number and sophistication of attacks. The shadow API problem is real, but more worrying is that very few companies know what normal usage of their APIs looks like and have no visibility it the abuse that is occurring. Being able to detect an API attack or any abusive behavior is becoming the biggest problem to solve for security professionals.”

This should serve as a warning on those who make or rely on API’s. Which is that security of API’s have to top of mind or they will be attack vectors for threat actors everywhere.

Over Half of Canadian Organizations Feel Somewhat Exposed to Cyber Risks such as Phishing, Ransomware and IoT Attacks: Trend Micro

Posted in Commentary with tags on August 4, 2022 by itnerd

New research from global cybersecurity firm Trend Micro has revealed that 58 per cent of Canadian organizations feel they currently have a moderate risk exposure. However, over half (53 per cent) feel their organization is exposed to cyber risk threats such as phishing (59 per cent), ransomware attacks (55 per cent), supply chain (55 per cent) and IoT attacks (52 per cent).  Respondents also indicated that overly complex tech stacks and lack of awareness from leadership are exacerbating issues.

On average, Canadian organizations estimated having 57 per cent visibility of their overall attack surface, and more than a quarter of respondents still approach their attack surface by mapping their systems manually (27 per cent). This may explain why only around 37 per cent are able to fully and accurately detail any one of the following based on risk assessments:

  • Risk levels for individual assets
  • Attack attempt frequency
  • Attack attempt trends
  • Impact of a breach on any particular area
  • Industry benchmarks
  • Preventative action plans for specific vulnerabilities

About 43 per cent of the IT and business decision makers Trend Micro interviewed say that keeping up-to-date with the ever-evolving attack surface is the main area they struggle with. In addition, nearly half (44 per cent) consider phishing or email attacks as the primary way of a cyber-attack starting against their organization.

The inability of organizations to accurately assess attack surface risk also keeps business leaders in the dark. According to Trend Micro’s insights, 11 per cent of Canadian organizations do not have a well-defined way to assess the risk exposure of its digital attack surface, and 69 per cent of respondents think the C-Suite should play a more active role in promoting good cybersecurity practices. 

A quarter (24 per cent) of those surveyed believe that increasing cybersecurity training or education would have the greatest impact in enabling leadership to better understand cyber risk.

There’s a clear opportunity here for organizations to leverage third-party expertise.

Only one-third (36 per cent) of Canadian respondents are already invested in a platform-based approach to attack surface management, while nearly half (47 per cent) of respondents say they’d like to do the same. Of those who’ve already made the move, improved visibility (42 per cent), reduced costs (40 per cent) and faster breach detection (35 per cent) are the most cited advantages.

Among those not planning to switch to a platform model, 37 per cent Canadian organizations consider time to move as the biggest disadvantage to using a platform model. 

Trend Micro commissioned Sapio Research to interview 6297 IT and business decision makers across 29 countries to compile the study.

For more information on Trend Micro’s global risk research, click here: https://www.trendmicro.com/explore/trend_global_risk_research_2

Review: The Bell Fibe TV App

Posted in Products with tags on August 4, 2022 by itnerd

If you’ve been keeping tabs on yours truly dumping Rogers, you’ll recall that as part of my move to Bell, they snuck in the Fibe TV app along with six months free of Crave TV which is Bell’s streaming service. I use the word “snuck” because if you read my post on that, they literally gave me a price for Internet and home phone, didn’t speak to the Fibe TV app until I got an email saying that I was paying $10 a month for the Fibe TV app with a basic TV package. But the price I was quoted on the phone was the price that was in the email.

That’s pretty sneaky.

You may also recall that at the time I got my Bell Internet and home phone installed, Fibe TV wasn’t working because they had yet to create an account number for me. That I found to be weird but whatever. But that changed on Monday where Bell sent me an email asking me to create a MyBell account. The thing was that I had done this last week. However something was messed up with it so I had to delete it and recreate it. When I did, I had a Bell account number and I was able to get Fibe TV working. Now the Fibe TV is available to you in three ways:

  • You can log in here on the web via a web browser.
  • You can download the Fibe TV app for iOS and Android
  • You can use an Apple TV 4K, Amazon Fire TV Stick, An Android TV, or a Google Chromecast. Strangely, Roku isn’t on that list.

Since Roku isn’t on that list, I went the route of using the iOS app for the majority of my testing. Downloading it and setting it up now that I had a working MyBell profile. Using the credentials for that I was able to log in and get up and running. Here’s the first thing that I saw:

Here you can see the programming that is currently live or “trending” according to Bell. Plus you can see their suggestions for both normal TV and Crave TV.

If scrolling to see what’s on right now by channel is your thing, this screen allows you to do that.

If however you want to pick a channel and see what shows are available on demand on that channel, then this screen will allow you to do that.

For example if I check CTV, here’s a sample on what’s available on demand.

You can create a watchlist of the series or movies that you want to see, as well as download episodes to your phone or tablet for data free viewing. By default the ability to watch and download on cellular networks is turned off. But if you have a better data plan than most of us, you can turn that functionality on and watch TV anywhere.

The bottom line is all of this is easy to navigate and easily find the content that you’re looking for.

Now, because of the lack of a Roku TV app, was I was prepared to criticize that. But this feature made me rethink that:

This app supports AirPlay and Casting which is a welcome addition to make up for the fact that Fibe TV doesn’t support the biggest streaming TV platform on the planet.

So how does this app work? It works very well as I had no issues streaming content to my TV via AirPlay. So from a technical standpoint, this app works fine. Ditto for watching TV via the website. That method allowed me to stream content on both my PC and Mac via a browser.

The Fibe TV app with what Bell calls their “Standard” package is $14.95 a month. Though I am getting a $4.95 credit as I am with Bell for Internet. Making this $10 a month. That gives you local TV and a few other channels which is fine as my wife and I don’t watch TV a whole lot. But if you want to watch anything interesting, you’re going to have to pay. For example, Crave TV is an extra $20 a month. But I am getting a $20 credit until the new year which makes it free until then. Crave TV gives me access to some movies and HBO shows among other things. I guess that would be cool for some people. But with the exception of a handful of movies, the things that my wife and I want to watch are exclusively available on other streaming services. Thus this will be cancelled when we’re done watching the shows and movies that Crave TV offers.

Speaking of which, Bell has a very interesting strategy at work here. I want to find out what some of their channels cost. But instead of displaying a price, I got this:

You’ll note that instead of displaying a price, it tells you to go to mybell.ca or phone them. I don’t like speaking to Bell humans because of how aggressive they are, so I went to mybell.ca and found that regular broadcast channels are $4-$5 a month each, sports channels are roughly $10 a month. Plus there are packages available that bundle together a bunch of channels for one place.

So, what do I think of the Fibe TV app? I think it’s fine for people like my wife and I who don’t watch a whole lot of broadcast TV. As I mentioned earlier, we’ll be nuking the Crave TV subscription once we finished streaming all the things and keep the app for the few times we need to watch local TV. But if I could give Bell once piece of advice, they should really do a Roku app given the size of that streaming platform in Canada.

New Report Finds Hackers Host Phishing Pages By Exploiting Intelligent Diagramming App/Visual Collab Platform

Posted in Commentary with tags on August 4, 2022 by itnerd

Avanan, A Check Point Company, has published an analysis of its latest findings revealing how threat actors are using the site’s legitimacy, of Lucidchart, an intelligent diagramming application for visual communication and cross-platform collaboration, to embed phishing links into shareable documents for users to render personal credentials. 

In this attack, users are presented with an email requesting to verify an invoice that has been submitted for payment. The user is encouraged to follow a series of instructions that will direct them to open a Lucidchart document containing a fake phishing link leading to a credential harvesting website.

You can read the full analysis here.

Hackers Send Spoofed Coinbase Emails gather Users’ Credentials to Steal Cryptocurrency in Real Time: PIXM

Posted in Commentary on August 4, 2022 by itnerd

Researchers at PIXM have revealed their latest observations of a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Hackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users’ legitimate Coinbase accounts in real-time.

How it works: Hackers present users with a notification that their account needed attention due to an urgent matter (ex: locked account, transaction confirmation). Users were prompted to enter login credentials and a 2 factor authentication code into the fake website. With the newly obtained personal information, the attacker immediately gains access into users’ legitimate sessions on the coinbase website. This attack is centered around three core techniques and is patently different from other phishing attacks tracked by PIXM in the way that domains stay alive for extremely short periods of time:

  • Short Lived Domains
  • Context Awareness
  • 2-Factor Relay

You can get more details on this phishing campaign here.