Archive for February 1, 2023

London Trading Software Provider Pwned By Lockbit

Posted in Commentary with tags on February 1, 2023 by itnerd

Today, a company that plays a crucial role in Britain’s financial system has been hit by the same threat actor attacking UK’s largest mail delivery service, Royal Mail, just last month, implicating critical operations with a cyberattack:

Lockbit, the group behind the cyber attack against Royal Mail last month, targeted trading software provider Ion Group on Tuesday.

The London-based company plays an integral role in the plumbing that underpins the trading of shares, debt and derivatives in the Square Mile and around the world.

Ion said 42 clients have been affected by the attack as it faces disruption in its cleared derivatives division.

One senior City banker described the attack as a “major incident” that “would take out most of the City if it were to escalate”.

It is understood that some clients could not contact Ion by phone on Tuesday, forcing some to physically travel to the company’s office at St Paul’s to seek answers about the attack.

Oz Alashe MBE, CEO of CybSafe had this to say: 

“The beginning of 2023 has been marked by several high-profile security incidents linked to the Lockbit ransomware group. First was the postal and delivery sector with Royal Mail, and now, financial services with Ion Group. Unfortunately, the frequency of these attacks is a trend likely to continue in 2023. 

“According to CybSafe’s analysis of ICO cyber incident data, in the 2021-2022 financial year, the financial services and insurance sector accounted for 12% of total cyber attacks. More notably, the number of ransomware attacks has increased by 12% to represent 35% of all cyber attacks within the sector. 

“Financial services are fundamental to the economy. While cyber security is a top priority for many organizations within the sector, more can and must be done. The days of viewing cyber security as an annual tick-box exercise must end. To adequately address the threat level, cyber security must become an ongoing process within financial services. Employees want to be part of the solution. Therefore the onus is on businesses to equip their employees with the right tools and education to display positive security behaviors and protect data.”

I am concerned that this will continue to be a trend into 2023, and businesses of all sorts really need to look at the threat landscape and prepare themselves for the attacks that are sure to come. As demonstrated by this case, these attacks can be devastating.

Leave a comment »

Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC

Posted in Commentary with tags on February 1, 2023 by itnerd

Radiant Logic announced today that it has entered into a definitive agreement to acquire Brainwave GRC, a leader in Identity Governance and Analytics (IGA) headquartered in France. Together, Radiant Logic and Brainwave GRC address a broad set of identity use cases, and the acquisition accelerates the companies’ shared vision of an Identity Data Fabric that uses the science of data to ensure the right information is in place to make the right policy decisions.

The acquisition will strengthen both Radiant Logic and Brainwave GRC’s respective market positions as identity, analytics and intelligence experts by offering a new lightweight data-centric governance capability and a market-defining identity data intelligence platform. By combining their unique capabilities into a single platform, customers can speed time-to-value by eliminating burdensome IGA deployments and focusing on what really matters to audit and compliance teams—getting the right data, which can be trusted, in a timely manner.

The identity analytics and intelligence insights resulting from Radiant Logic + Brainwave’s data-driven approach will give unprecedented insight into near real-time user behavior within an enterprise environment, transforming how organizations detect cyberattacks, fraudulent activity, lateral movement from insider threats, and more. Radiant + Brainwave is a winning combination that will provide an unmatched Zero Trust and Identity-First Security foundation for enhanced data security, reduced audit and compliance costs, and improved understanding and visibility of malicious activity.

Established in 2010 in France, Brainwave GRC has a strong reputation in helping companies across EMEA ensure compliance and protect their assets from fraud and cyber threats. Brainwave GRC provides essential Access Governance reports that include access risks, accounts, attestations, and out-of-the-box reports for major compliance frameworks—a common requirement in highly regulated markets. Their light IGA capabilities complements Radiant Logic’s identity data management expertise, and is in-line with its strategic direction to expand its offerings in the IGA market segment.

Brainwave will maintain independent operations for the near-time, while both platforms continue to be supported, invested in, and integrated over time. The transaction is subject to customary closing conditions. Terms of the acquisition were not disclosed.

Leave a comment »

Twitter Usage Drops By 9% Since Elon Musk Took Over… But There’s More Details That You Should Pay Attention To

Posted in Commentary with tags on February 1, 2023 by itnerd

Buzzfeed has posted a story where the top line headline is that Twitter is shedding users to the tune of 9% who have left the platform. But there are other things to pay attention to. Specifically:

  • In October 2022, just before Musk took ownership, the study found, 32.4% of Americans were using Twitter. In December and January, that figure had dropped to 29.5%. 
  • The drop in users was mostly from Democrats, who quit Twitter at higher rates than independents or Republicans. Thirty-eight percent of those identifying as Democrats used Twitter in October, but that had dropped to 32.9% by January. The change in Republicans and independent users was statistically insignificant, the study found. 
  • Unsurprisingly, people who identified as Democrats were less trusting of Musk. Forty-eight percent said they do not trust him “at all” to do what’s right, and another 28% said they trusted him “not too much.”  
  • Trust in Twitter was never high, but it went up among Republicans after Musk took over as CEO. Previously, Democrats were more likely to trust that Twitter would do what’s right compared to Republicans, but as trust in Democrats sank and trust among Republicans rose, they met in the middle: both at 34%. 

I think this highlights the fact that Elon Musk has really slanted Twitter towards the right. Which seems completely incompatible with his pronouncements of being independent and wanting to have “free speech” despite doing things that run counter to free speech. My thought is that reports like this are likely to send more people to the exits as it will become more and more clear what Elon Musk is up to.

Leave a comment »

Fortra’s Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Posted in Commentary with tags on February 1, 2023 by itnerd

The new Phishing Benchmark Global Report, based on the 2022 Gone Phishing TournamentTMhosted by Fortra’s Terranova Security, reveals that large organizations of 10,000 employees or more are most susceptible to phishing attacks promising a gift, despite potentially having access to more cyber security resources than smaller businesses.

Co-sponsored by Microsoft, the annual tournament measures and evaluates how employees respond to one of the most common types of cyber threats – phishing attacks. The 2022 Phishing Benchmark Global Report results emphasize the growing need for all organizations to implement engaging and informative security awareness training programs. Ideally, those programs would leverage real-world phishing simulations to ensure employees are aware of the latest phishing tactics, can detect and report cyber threats and, in time, change unsafe online behaviors.

According to the report, many employees are still prone to answering requests for sensitive information – even when they come from unknown or suspicious email senders. This level of trust leaves an organization’s confidential data vulnerable to hackers. 

2022 Phishing Benchmark Global Report: Key Results

7 percent of all end users who participated in the 2022 phishing simulation clicked on the link in the phishing email. In addition, 3 percent of all end users failed to recognize the warning signs of the simulation’s webpage and proceeded to enter their credentials on the malicious webpage.

Despite the seemingly low totals, this year’s form completion rate poses a cause for concern. Globally, 44 percent of those who clicked on the phishing simulation link eventually completed the web form on the subsequent webpage and submitted their login credentials.

The simulation found that employees from large organizations are most susceptible to phishing attacks. According to participant data, organizations with 10,000 employees or more rarely missed security awareness training, indicating a potential lack of effectiveness. 

Other key data highlights from the fourth edition of this event include:

  • For click rates by industry, nonprofit, education, manufacturing, and food and agriculture exhibited the highest totals, all scoring over 6 percent. Meanwhile, participants from the public sector, energy, and finance industries kept their click rates under 3.5 percent.
  • The consumer products space had the highest form completion rate across all industries, with 40 percent of those who clicked on the initial phishing link eventually entering their credentials on the malicious webpage.
  • Europe was the top performer of the five regions represented, claiming the lowest email link click and form completion rates. North America, the top-performing region in 2021, slotted into second place.

2022 Phishing Benchmark Global Report: Methodology

The 2022 Gone Phishing Tournament took place in October to coincide with Cybersecurity Awareness Month. With over 250 participating organizations and over 1.2 million phishing emails sent out during this year’s event, it was one of the largest phishing simulations of its kind. The increase in the participation rate shows phishing is a major concern for many organizations considering the ever-evolving complex nature of real-world cyber threats.

Microsoft supplied this year’s email and webpage templates designed to imitate a real-world scenario that many employees experience: a gift card scam. The scenario, selected by the Terranova Security leadership team, measured several end-user behaviors, such as clicking on a link in the body of a phishing email and entering credentials into a form on a phishing webpage.

If users clicked on the link in the phishing simulation’s email, they were redirected to a landing page, which prompted them to enter credentials that, had the simulation been an actual attack, would have been compromised. If users completed this second step, they were brought to a phishing simulation feedback page highlighting the warning signs they missed and the best practices they should follow.

Though the 2022 Gone Phishing Tournament simulation was deemed easier than in previous years, the click rate and web form submission rate should still be considered high as a result. 

Download the 2022 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.

Leave a comment »

Cradlepoint Expands 5G Portfolio with Innovative “Router-on-the-Roof” for Vehicles

Posted in Commentary with tags on February 1, 2023 by itnerd

Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network solutions, announces the R2100 Series 5G Ruggedized Router, adding to Cradlepoint’s growing 5G Wireless WAN portfolio. Built for vehicle and IoT networks, the sleek exterior-mounted solution provides mass transit, public safety, and other organizations that require a high-bandwidth IoT or mobile router with the latest cellular performance in a uniquely flexible and simplified form factor. 

As in-vehicle applications have rapidly advanced, more use cases have emerged, along with diverse deployment requirements. Designed to be mounted on the rooftop of a vehicle or attached to IoT cabinet enclosures, the R2100 integrates the modem, antennas, and router into a single aerodynamic, IP67-rated casing that guards against weather, vibration, and shock. The R2100 is sold with or without Wi-Fi 6 and can be deployed as a self-contained router or to supplement an existing router as a 5G adapter. Key benefits include:

  • Simplified router installation: Since antenna cables are no longer needed, many vehicle installations will only require one power cable and a single small hole to the router on the roof. Organizations with large fleets can significantly reduce installation complexity and cost.
  • Seamless 5G extension: Customers can add 5G to a current installation by deploying the R2100 in Captive Modem mode as an adapter that is controlled by an attached Cradlepoint router. The NetCloud management system treats the R2100 as an internal modem, eliminating the need for a separate license (saving the customer money).
  • Streamlined Wi-Fi addition: Similar to Cradlepoint’s unique Captive Modem capability, the R2100 Series can serve as an additional Wi-Fi source in captive mode to expand coverage for applications such as video offload, enhanced customer broadband, Computer Aided Dispatch connectivity while in the station, and more. Adding this Wi-Fi capability won’t incur an additional expense as all control and licensing is attributed to the incumbent router.
  • Straightforward third party 5G add-on: The R2100 can take the form of a 5G adapter that can be added to a third-party in-vehicle router via the WAN port.  
  • Easy edge computing with integrated containers: The R2100 is designed to support local containers for edge computing functionality. NetCloud handles container creation as well as container and workload distribution and connectivity, making deploying edge computing applications a simple and secure process.

The R2100 Series 5G Ruggedized Router is powered by Cradlepoint NetCloud, providing an enterprise-class, unified edge security solution for in-vehicle and IoT networks. For example, NetCloud gives vital public service agencies end-to-end encryption, industry-leading threat detection, and defence functionality to enable secure direct cloud and internet access for applications and IoT devices, with or without Wi-Fi. The R2100 can also support the NetCloud Exchange services which provide Zero Trust Network Access and 5G Optimized SD-WAN.

For more information on Cradlepoint’s R2100 Series 5G Ruggedized Router, please visit: https://cradlepoint.com/product/endpoints/r2100-series.

Leave a comment »

Anker FINALLY Admits That It Lied About End To End Encryption With Their Eufy Security Cameras

Posted in Commentary with tags , on February 1, 2023 by itnerd

You might recall that last year it was discovered that Eufy security cameras which were made by Anker, were not “end to end encrypted” despite what their advertising said. This link will give you my thoughts on this along with this follow up where they tried to make this issue go away via a software update that wasn’t really a software update, which didn’t go over well.

The Verge has been doing its best to get answers from Anker on this. And last night they finally did:

In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal, like the ones we accessed from across the United States using an ordinary media player

But Anker says that’s now largely fixed. Every video stream request originating from Eufy’s web portal will now be end-to-end encrypted — like they are with Eufy’s app — and the company says it’s updating every single Eufy camera to use WebRTC, which is encrypted by default. Reading between the lines, though, it seems that these cameras could still produce unencrypted footage upon request. 

That’s not all Anker is disclosing today. The company has apologized for the lack of communication and promised to do better, confirming it’s bringing in outside security and penetration testing companies to audit Eufy’s practices, is in talks with a “leading and well-known security expert” to produce an independent report, is promising to create an official bug bounty program, and will launch a microsite in February to explain how its security works in more detail. 

Those independent audits and reports may be critical for Eufy to regain trust because of how the company has handled the findings of security researchers and journalists. It’s a little hard to take the company at its word!

I for one cannot take Anker at its word. Even with all of this, I don’t believe that this company can be trusted again regardless of the promises that it makes. And given that their cameras and other security products live inside your homes, you should not trust them either. This company needs to disappear from the face of the Earth as either screwing up to this degree or outright lying is completely unacceptable. And there must be some sort of punishment for that that deters others from pulling this sort of stunt. So if governments won’t act to ban Anker, consumers should be voting with their wallets to make sure that companies think twice about doing something like this.

Leave a comment »

Review: Apple Black Unity Sport Loop

Posted in Products with tags on February 1, 2023 by itnerd

February is Black History Month and Apple over the last couple of years has released a limited edition Apple Watch band. Two years ago they released a Black Unity Sport band. Last year they released and I reviewed a Braided Solo Loop Band, and this year they’ve released a Sport Loop version. Let’s have a look at it:

Just like last year it comes in a black box that highlights the band.

On the back of the box, it’s mentioned that Apple supports racial equity and justice.

Inside the box you get two things. A thick piece of paper that says “unity” on it in the Pan African colours, and the band itself.

Opening the piece of paper that says “unity” you get this text in a number of languages.

And here’s the sport band in the Pan African colours. One thing that is interesting is that the yellow that you see in the band is really a combination of red and green woven to make it look yellow. That’s a clever trick. The black sections that make up the word “UNITY” on the band are raised and are soft to the touch. As for what it feels like when you wear it, well it feels like your typical sport loop to be honest. That is that it is comfortable and stretches a bit.

On the inside of the band, you get this “Black Unity” label.

And here’s the band on my Apple Watch Ultra with the Unity Mosaic watch face which showed up in watchOS 9.3. There’s a matching iPhone wallpaper that was added to iOS 16.3.

This band is at $59 CDN is far more affordable than the $119 CDN that last year’s band went for. Thus I suspect that you’ll see a lot more of them in the wild. And the fact that it has a meaning and a message, as well as the fact that it supports efforts for racial justice is something that should make Apple Watch owners want to grab one.

Leave a comment »

BEC Threat Group CC’s Impersonated Executives for Convincing Third-Party Reconnaissance Attacks

Posted in Commentary with tags on February 1, 2023 by itnerd

In contrast to other forms of financial supply chain compromise, third-party reconnaissance occurs when an attacker knows a relationship between two organizations but has limited or no knowledge about actual outstanding payments. Abnormal Security is today revealing that attackers are finding new ways to use vendor relationships to run BEC attacks, even when they don’t know anything about the relationship between the two parties.

The Abnormal Threat Intel team has identified 300+ BEC campaigns attributable to threat group Firebrick Ostrich dating to April 2021. These campaigns impersonated 100+ different third parties using 200+ malicious registered domains. The group’s use of newly-registered domains highlights how young domains can be used as an effective signal to identify threats. Abnormal Security has seen Firebrick Ostrich target organizations in various industries, including financial services, healthcare, education, hospitality, and retail. 

You can read the report here.

Leave a comment »

Threat Analyst Finds 73% Increase In Leaked Security Credentials/Certificates Advertised on Underground Markets Capitalizing on Layoffs

Posted in Commentary with tags on February 1, 2023 by itnerd

As mass layoffs and unemployment rates continue to rise to its peak, people are clamouring to find jobs and even resorting to alternatives: gaining access shortcuts to certification on the dark web, including fake certificates and diplomas, cheating services for exams, and leaked courses. This is according to a new report from Dov Lerner, Head of Threat Research at Cybersixgill. In the report it is noted that there is a 73% Increase in Leaked Courses Advertised on Underground Markets. 

You can read the full report here.

Leave a comment »