Archive for October, 2023

« Older Entries
Newer Entries »

EleKtra-Leak Cryptojacking Attacks Discovered By Palo Alto Networks

Posted in Commentary with tags on October 30, 2023 by itnerd

Palo Alto Networks Unit 42 Researchers today published details on an active campaign called EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations:

Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations. We believe these operations have been active for at least two years and are still active today.

We found that the actor was able to detect and use the exposed IAM credentials within five minutes of their initial exposure on GitHub. This finding specifically highlights how threat actors can leverage cloud automation techniques to achieve their goals of expanding their cryptojacking operations.

Jeff Williams, co-founder and CTO of Contrast Security, commented: 

“Disappointing that we are struggling with the very simplest of cybersecurity issues.  It’s not complicated, you just don’t post your keys in public. However, it’s also not fair to blame developers.  There are thousands of these kinds of issues, and they have to perform perfectly on all of them or get dragged for being dumb or lazy.  We need better authentication systems that make it easier for developers to make good choices.  They should never be tempted to put their keys in AWS because doing things the right way is too difficult.  Let’s make the secure path the easiest one as well.”

This Unit 42 report is very much worth reading as it provides a ton of insightful and actionable information. Thus you should put reading this report on your to do list.

Leave a comment »

Here’s Proof That Twitter Is A Dumpster Fire When It Comes to Brand Impersonation

Posted in Commentary with tags on October 30, 2023 by itnerd

Earlier today, I listened to my wife sit on hold with Porter Airlines. For 95 minutes I listened to her endure hold music while trying to get to an actual human being. And what made this worse is that their phone system claimed that there was a five minute wait and she was number 26 in line. Clearly neither of those things were true. So I hopped onto Twitter to express my displeasure:

Now as an aside here, this is a horrible customer experience. If you say that a customer only has to wait a few minutes, then it should only be a few minutes. This experience suggests to me that the wait time that the phone system that Porter uses is lying to customers. Ditto for the number of people in line to wait to get connected to a human. This suggests to me that Porter’s call centre is likely understaffed relative to the number of calls that they receive. Again, that’s not a good customer experience.

Now, I’m not here to talk about how bad Porter’s customer experience is. What I am here to talk about is what happened after I posted that Tweet. I got this:

https://twitter.com/airlines__u/status/1719001470488498400

Now this looks like Porter’s Twitter account. Except it isn’t. Let’s start with the name of the account:

@Airlines_u is not Porter’s official Twitter account @PorterAirlines is. So right off the top, that’s a red flag. Second, there’s the quality of English. A phrase like “It’s unfortunate for the challenge encountered” isn’t something that a business would use. Finally, the ask to “DM your WhatsApp number” is not something that any business would ever ask. Clearly this is a fake account on Twitter that is trying to fool you into doing something that won’t end well for you.

But wait, there’s more. A second fake Porter Twitter account sent me a message:

https://twitter.com/porterairl/status/1719004244462755952

Again, let’s pick this apart. Starting with the twitter account name:

Well, “@porterairl” is marginally better than the last one, and this might fool someone who isn’t looking too closely. But it’s still fake. And the second tip off is that the phrase “Kindly follow back and share your number via DM so we can assist you promptly” sounds like a phrase that a non-native English speaker might use.

Here’s why this matters. This sort of thing is now an epidemic on Twitter as Elon Musk has just simply destroyed any means for Twitter users to use Twitter to get assistance from a company. And it’s not just me saying that. Sticking with fake airline accounts, here’s what others have said:

https://twitter.com/realtraindev/status/1716312193241891268
https://twitter.com/DanaHFreeman/status/1718271517694296433

Such is the dumpster fire that is Twitter. Given what I’ve experienced, I am surprised that any company would want to have a presence on Twitter as there’s just no way that they could conduct business in any meaningful way. Thus I would say that if you need help, and you need to reach out to a company, you can’t rely on Twitter to get that help. As for companies who are on Twitter, consider this your big hint to dump Twitter and beef up your other support channels. Because Twitter is not a credible platform for you to do business on.

UPDATE: I am now up to four fake accounts that have tried to reach out to me:

I honestly don’t know how Porter or any other company can conduct business on Twitter given this.

2 Comments »

White House Issues Executive Order on Safe, Secure, and Trustworthy AI

Posted in Commentary with tags on October 30, 2023 by itnerd

Today the White House has announced on using an executive order to mitigate AI risks:

As part of the Biden-Harris Administration’s comprehensive strategy for responsible innovation, the Executive Order builds on previous actions the President has taken, including work that led to voluntary commitments from 15 leading companies to drive safe, secure, and trustworthy development of AI.

The link above has a very extensive document that is worth reading as it goes into a lot of detail as to what this executive order covers.  John Gunn, CEO, Token had this comment:

The aim is noble and the need is certain, but the implementation will be challenging considering that Generative AI technology is already being used extensively by hackers and enemy states to attack US companies with phishing emails that are nearly impossible to detect. Most AI technologies that deliver benefits can also be used for harm, so almost every company developing AI solutions needs to make the required disclosure today.

This is likely to be a hot topic today. Thus as I get other reactions to this, I will post it here.

UPDATE: Anurag Gurtu, CPO, StrikeReady had this comment:

As President Biden prepares to leverage emergency powers for AI risk mitigation, it’s a clear signal of the critical juncture at which we find ourselves in the evolution of AI technology. The administration’s decision reflects a growing awareness of the transformative impact AI has on every sector, and the need for robust frameworks that govern its ethical use and development.

This initiative isn’t just about preemptive measures against potential misuse; it’s a foundational move towards establishing a global standard for AI that aligns with our values of safety, security, and trustworthiness. It’s an acknowledgment that while AI presents unparalleled opportunities for advancement, it also brings challenges that must be addressed to protect societal welfare and national interests.

For businesses and developers, this move will likely mean a more stringent regulatory environment, but also a clearer direction for innovation within safe and secure boundaries. It’s time for all stakeholders to engage in dialogue and contribute to a balanced approach that fosters innovation while safeguarding against the risks that have kept policymakers and citizens alike vigilant.

UPDATE #2: George McGregor, VP, Approov had this to say:

If you market a cybersecurity solution in the USA, you had better read through this Executive Order (EO)  – it may affect your business!  If your solution is deterministic in nature, then life will be easier, but if you are promoting the use of AI in your product, then life may well get more complicated: Not only do you need to demonstrate to customers that false-positives and management overhead due to AI are not an issue,  but with these new guidelines, the AI methods you employ will be under the microscope also.

Here are some other comments, each followed by the relevant text from the EO:

First – if you are an AI based cybersecurity vendor, you may be expected to share your test results with the government. The success or failure of a security solution, by its very nature, “poses a risk to national security”.

  • From the EO text:  Require that developers of the most powerful AI systems share their safety test results and other critical information with the U.S. government. In accordance with the Defense Production Act, the Order will require that companies developing any foundation model that poses a serious risk to national security, national economic security, or national public health and safety must notify the federal government when training the model and must share the results of all red-team safety tests. These measures will ensure AI systems are safe, secure, and trustworthy before companies make them public.

Second, attestation techniques will become critical – this is already true for mobile app code which can easily be reverse-engineered and replicated unless steps are taken. Fingerprinting techniques used in mobile may be applicable here.

  • From the EO text: Protect Americans from AI-enabled fraud and deception by establishing standards and best practices for detecting AI-generated content and authenticating official content. The Department of Commerce will develop guidance for content authentication and watermarking to clearly label AI-generated content. Federal agencies will use these tools to make it easy for Americans to know that the communications they receive from their government are authentic—and set an example for the private sector and governments around the world.

A program to use AI to eliminate vulnerabilities is a very noble pursuit but should not be viewed as a replacement for good software development discipline and implementing run time visibility and protection.

  • From the EO text:  Establish an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software, building on the Biden-Harris Administration’s ongoing AI Cyber Challenge. Together, these efforts will harness AI’s potentially game-changing cyber capabilities to make software and networks more secure.

The use of AI will not only be a power for good. The hackers will seek to use these techniques also and there will inevitably be an arms-race between security teams and hackers. To start with however, the cost of entry for bad actors will be high, in terms of knowledge required and complexity of the task, and this will mean that only well funded “nation state” teams will be the primary users of AI for nefarious purposes.   National Security teams will need to have the resources to track and counter these efforts.

  • From the EO text: Order the development of a National Security Memorandum that directs further actions on AI and security, to be developed by the National Security Council and White House Chief of Staff. This document will ensure that the United States military and intelligence community use AI safely, ethically, and effectively in their missions, and will direct actions to counter adversaries’ military use of AI.

Leave a comment »

Visa and BMO Expand Flexible Payment Options in Canada 

Posted in Commentary with tags , on October 30, 2023 by itnerd

Visa and BMO announced a new collaboration to provide eligible BMO credit cardholders access to Installments, enabled by Visa. The convenient payment option is expected to launch in 2024 and enables consumers to convert qualifying purchases into smaller, equal payments made over a defined period of time. BMO will be the latest Canadian issuer to launch installments with Visa since its product launch in 2021.  

The launch will expand on BMO’s post-purchase credit card-based installment plan solution, BMO PaySmart™. With BMO PaySmart™, clients can shop in-person or online, and later convert eligible purchases into installment plan payments through BMO Online Banking. Clients can then make their installment payments as part of their monthly credit card payments. As clients continue to face economic uncertainty, they can turn to BMO PaySmart™ to maintain control with smaller, predictable payments.  

This new offering will make it simple for clients to select an installment option that fits their budget at time of purchase with participating merchants. Like any BMO PaySmart™ installment plan, clients can then view and manage these plans through BMO Online Banking.  

Installments enabled by Visa provides issuers, processors, and merchants with an installment payment option for their customers. For more information on Visa Installments, visit: Visa.ca/installments

For more information on BMO PaySmart™, visit: BMO.com/paysmart. 

Leave a comment »

It Now Seems That I Am Not The Only Person That Apple Has Accused Of Running “Beta” Software

Posted in Commentary with tags on October 30, 2023 by itnerd

Almost a year ago, I had a problem adding credit cards to Apple Wallet after a repair of my 2021 MacBook Pro. After going back and forth with Apple Tech Support on this, Apple accused me of running “beta” software which was a complete lie on their part. You can read all about the repair experience, which was bad along with Apple Support lying to me here. But I want to focus in on the latter issue which is the inability to add credit cards to my MacBook Pro. First this issue seemed to get resolved when I installed macOS Sonoma. That implies that Apple fixed something in Sonoma. Thus if you have this issue, try installing Sonoma to see if that fixes thing for you as I had people email me asking for help with this issue as I wasn’t the only one that has experienced this.

That brings me to the something that I tripped over on Reddit recently. It appears that I am not the only person who has had Apple accuse them of running beta software. Take this example from the Apple Watch forum:

Now this could be considered an isolated incident. But as I like to say, something happening once is a fluke. Something happening twice is a pattern. And here’s a second example that illustrates a pattern:

This suggests to me one of two things is at play here. The first is that Apple as an organization is having a failure to communicate. That’s bad if that’s the case because not being able to disseminate information affects the customer experience which is something that Apple claims to care a lot about. That seems to be backed up by this comment:

That’s a big problem if that’s accurate.

The second thing that could be at play here is that Apple’s staff is simply using this excuse to avoid troubleshooting an issue that they have no clue how to troubleshoot. That’s worse than the above because that illustrates that Apple is okay with their employees lying to customers. I say that because Apple claims that all calls to technical support are recorded which implies that they should be reviewed for quality and corrective action taken if there are issues. But I guess that isn’t happening as if it was, I would not be here talking about this. On top of that, there doesn’t seem to be any quality control for retail staff as they are parroting the same lines. That’s very troubling as all of this shows that Apple has taken several steps back in terms of the customer experience. And this isn’t a new problem for Apple as my wife discovered when she became a victim of “battery gate” which happened years ago.

For a company that claims to care about the customer experience, Apple is really coming up short here. Which is a massive disservice to their customers, and a radical change from the days when Apple had the best technical support and the best retail staff in the business. If I were Deirdre O’Brien who is the Senior Vice President of Retail at Apple, I’d really be looking into these sorts of claims that are becoming more and more frequent in places like Reddit and figure out what needs to be done to change course here, and fast. And I would copy and paste that for whomever runs their tech support as well. Because what’s clear here is Apple is failing its customers. And at some point, their customers will not stand for this and take their dollars elsewhere.

Leave a comment »

The Toronto Public Library Appears To Have Been Pwned

Posted in Commentary with tags on October 30, 2023 by itnerd

I was alerted late yesterday to this post that was put up by the Toronto Public Library. Apparently the are currently dealing with some sort of “cybersecurity incident” which is code for the fact that they have likely been pwned by hackers. Here’s the salient information:

We are actively addressing a cybersecurity incident that came to our attention on Saturday, October 28. 

As a result of the incident, the following services are unavailable: tpl.ca, “your account”, tpl:map passes and digital collections. Public computers and printing services at our branches are also unavailable.

Branches are open as scheduled. Wifi is available in library branches, and branch telephone lines are working. Materials can be borrowed and returned in branches until further notice.

As of now, there is no evidence that the personal information of our staff or customers has been compromised.

TPL has proactively prepared for cybersecurity issues and promptly initiated measures to mitigate potential impacts. We have engaged with third-party cybersecurity experts to help us in resolving this situation. We do anticipate though that it may take several days before all systems are fully restored to normal operations.

We will update this page as more information becomes known. We appreciate your patience and understanding while we do everything we can to resolve this matter as quickly as possible.

It will be interesting to find out what happened, and more importantly how library patrons are affected by this. Because I would not be surprised if those patrons along with their staff have been affected despite what they say.

Watch this space.

2 Comments »

Elon Musk’s Latest Brainwave Is That He’s Adding Video Calling To Twitter… Along With Banking

Posted in Commentary with tags on October 29, 2023 by itnerd

Elon Musk is really taking this “everything app” thing way too seriously. I say that because he’s adding two features. Starting with video calling that is on by default:

The feature is now being officially rolled out, Elon Musk confirmed. He said it was an “early version” of a tool he has been hinting at for a year.

Video calls are part of Elon Musk’s plans to make Twitter, which he has renamed X, into the “everything app”, offering a wide array of different functionality.

For now, video calls are limited to the iOS app, and appear to be rolling out slowly. But they are also switched on by default.

The system means that all accounts are liable to receive calls from accounts you follow, or those run by people whose number you have in your address book. To be able to call someone, they must have sent at least one direct message to your account.

Users have the option to change that setting, however, either to switch it off or to change who has the ability to make calls. From the direct message settings, users can either disable it entirely or change it so that they can receive calls from people in your address book, from people you follow, or from all “verified” users.

Making phone calls is limited to premium subscribers, who pay the monthly subscription for what was once called Twitter Blue.

This makes no sense to me because this market is so saturated. Skype, WhatsApp, and other options already exist. So what value does Elon’s offering offer? None in my mind. But he’s not done. He also wants to replace your bank:

Elon Musk wants X to be the center of your financial world, handling anything in your life that deals with money. He expects those features to launch by the end of 2024, he told X employees during an all-hands call on Thursday, saying that people will be surprised with “just how powerful it is.”

“When I say payments, I actually mean someone’s entire financial life,” Musk said, according to audio of the meeting obtained by The Verge. “If it involves money. It’ll be on our platform. Money or securities or whatever. So, it’s not just like send $20 to my friend. I’m talking about, like, you won’t need a bank account.”

X CEO Linda Yaccarino said the company sees this becoming a “full opportunity” in 2024. “It would blow my mind if we don’t have that rolled out by the end of next year,” Musk said.

The company is currently working on locking down money transmission licenses across the US so that it can offer financial services. Musk told employees Thursday that he hopes to get the others X needs in “the next few months.”

I don’t know who would trust a narcissistic temperamental man child with their money. I wouldn’t. And I don’t think that anyone else should. Because given the way that Elon has run Twitter, it is highly likely that your money will go up in smoke.

Leave a comment »

LockBit Claims To Have Pwned Boeing

Posted in Commentary with tags on October 29, 2023 by itnerd

News has surfaced that the infamous LockBit ransomware gang is claiming to have pwned aircraft manufacturer Boeing:

Boeing said on Friday it was assessing a claim made by the Lockbit cybercrime gang that it had “a tremendous amount” of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn’t pay ransom by Nov. 2.

The hacking group posted a countdown clock on its data leak website with a message saying, “Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!”

“For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline,” the hacking group said.

The hacking group typically deploys ransomware on a victim organization’s system to lock it up and also steals sensitive data for extortion.

“We are assessing this claim,” a Boeing spokeswoman said by email.

The claim by LockBit was also posted on Twitter:

IF this is true, this is likely the biggest victim that LockBit has had.

Ken Westin, Field CISO, Panther Labs had this to say:

This is another example of a Russian based threat group gaining access to potentially sensitive data.

Ransomware groups have been increasing their level of sophistication and capabilities, so no organization is safe from a potential ransomware incident. Even organizations with the best security posture and following best practices are still at risk. This compromise, along with the recent compromise of DC voter data via DataNet Systems by RansomVC, raises national security concerns as often times these groups not only encrypt the data, but also exfiltrate it. LockBit is a predominantly Russian speaking ransomware group believed to be operating out of Russia with ties to the Russian government. Data from Boeing can be very valuable to foreign governments, particularly their “Defense, Space & Security” division. The scope of the breach has not been announced so it’s not clear if data from this division was compromised, but it could be a threat.

This is a story to keep an eye on because I am sure that we will find out what the truth is in the coming days.

1 Comment »

Clark County School District Appears To Have Been Pwned

Posted in Commentary with tags on October 28, 2023 by itnerd

Three weeks after the fifth largest school district in the country became aware of a “cybersecurity incident” and a week after they informed parents and employees, hackers have started leaking 200,000 students’ information and numerous other files with personal information.  


 Since Monday, Nevada’s Clark County School District parents have expressed frustrations about the district’s lack of transparency and have become increasingly concerned about the breach after receiving emails supposedly from the hackers with their children’s personal information. One parent described an email received as:

“Warning me that my children’s information was released or hacked into and it had three PDF files. Each one had my children’s picture, all of their contact information, email addresses, student ID numbers, my information, our address.”  

The files that appeared to be from the district were leaked on a file-sharing site earlier this week, but have since been removed. Student personal information observed in the leaks included:

  • Name
  • Student ID
  • DOB
  • Email addresses
  • Picture
  • Household members
  • Cellphone numbers
  • Race
  • Attendance records
  • Incident reports
  • Medical information

The Clark County School District released a statement saying that it is cooperating with the FBI following a recent cyberattack. This is the district’s second breach in 4 years.

Emily Phelps, Director, Cyware had this comment:
 
   “Securing sensitive data is complex even under the best conditions. With limited resources, expertise, and support, it becomes daunting. School districts often lack the level of resourcing needed to modernize security programs, but as one of our most critical areas, education must not only begin prioritizing strong security practices, they must be transparent in their communities to build and maintain trust.”

Corey Sinclair, Cyber Threat Intelligence Analyst, Horizon3.ai follows with this:
 
   “Schools, and subsequently their students, are the perfect target because they house sensitive personally identifiable information (PII) like names, social security numbers, and medical histories, while largely being underfunded and understaffed in terms of IT infrastructure and expertise.
 
   “What is done with the PII after it is sold on the black market will largely depend on the age of the students targeted and the time horizon of the cyber threat actors and other criminals. The younger the student, the more time criminals have to build a fake persona that may contain numerous bank accounts, credit cards, passports, &c. When it comes time for the student to actually set up their own bank accounts or apply for credit, they may be unable to do so given the number of actions that have already been completed on their behalf.”

The fact that this school board has been pwned twice in four years should send chills down the spines of parents. Yes it is true that other than health care, education is a prime target for threat actors. But one would have thought that given that this is not a new message, more effort would have been put into making sure that education doesn’t remain a prime target. Clearly based on this example, that’s not the case.

Leave a comment »

Beyond the Ballot: Navigating Digital Threats with Election Security – A Blog Post From Flashpoint

Posted in Commentary with tags on October 28, 2023 by itnerd

Flashpoint published a blog today about election security. Which is a timely topic given the times that we live in.

The blog covers protecting election security, the election security landscape, countering election threats and empowering election security.

You can read the blog post here: https://flashpoint.io/blog/digital-threats-election-security/.

Leave a comment »

« Older Entries
Newer Entries »