Posted in Commentary with tags Appdome on December 14, 2023 by itnerd
The global surge in mobile app usage has transformed brand engagement, but it brings a heightened risk of cybersecurity threats. Appdome‘s survey of 25,000 consumers across 12 countries reveals that 40% have experienced or known someone close to them falling victim to cyber-attacks, emphasizing the urgent need for robust security measures.
Consumer concern is evident, with 73% stating they would swiftly abandon an app at the slightest hint of vulnerability. App developers must recognize their pivotal role in shielding users from cyber threats, transitioning from basic protection to a robust mobile app defense.
Crucially, users now demand prevention, not compensation after a privacy breach, necessitating closer collaboration between app developers and security vendors from the start of the development process.
For a detailed exploration of the state of mobile app security, please have a look at the full report.
Posted in Commentary with tags Esso on December 14, 2023 by itnerd
Let me get you up to speed here. Last weekend I wrote about Imperial Oil which is the parent company of Esso and Mobil here in Canada transitioning to a new contactless payment app. Replacing what I considered to be the best contactless payment app in a two app shootout a year ago. In the process, I was unable to log into the app when I went to use it for the first time. I did some troubleshooting, gave up, and submitted a help request to Imperial Oil. As I type this, I have never heard from them. This is bad because not responding to requests from your customers when they need help creates a very negative customer experience and dis-incentivizes them from doing business with you.
However, I did test the app this morning for giggles and I was finally able to log in. So whatever issues that they had on their back end are clearly resolved. But it did push me to try the Shell app to see what that was like. And I will have a review of that online on Monday. That wouldn’t have happened if the Esso/Mobil app didn’t work. Thus I guess I have to thank Imperial Oil for prompting me to look at the Shell app and telling all of you about it.
Finally, since I am all about keeping things fair. I am posting this to Twitter and tagging Imperial Oil so that if they have a comment on my experience, they can give it as I’d really like to hear about why the app stopped working, and why they didn’t respond to the request for help that I left here. Let’s see if they actually do respond.
November Ransomware Trends: Total observed victims increased by 32% and exceeded the calendar year 2023 average by only 16%, while the rolling average increased by only 6%, indicating a relatively consistent pace of operations since Q2.
Threat Actor Trends: GRIT also observed a marginal decrease in active ransomware groups. However, this was influenced by the arrival and drop-off of several smaller emerging groups, and 82% of victims were attributed to ransomware groups that have operated for at least six months.
Victims by Country: TheUS accounted for nearly half (48%) of last month’s victims; the Netherlands is in the top 10 again, accounting for 21% of its total victim count in 2023; Canada saw a decrease in victims, typically ranking in the top 3, but fell to #6; Germany saw a spike in attacks, returning to the top 5.
Increased Ransomware Impact: Nearly a quarter of 2023’s ransomware attacks against China took place in November, impacting energy, automotive, legal, and pharmaceutical industries, a departure from the most frequently affected manufacturing industry, further complicating this potential anomaly.
Most Targeted Industries: Yet again, Manufacturing was the most targeted industry. Healthcare came in second, followed by Retail and Wholesale, Transportation, and Education to round out the top 5 most targeted sectors in November 2023.
Posted in Commentary with tags Fortra on December 14, 2023 by itnerd
By Nick Oram, Security Operations Manager at Fortra
The allure of airline status and points, along with the abundance of personal identifiable information (PII) of customers and employees, make the airline industry a prime target for threat actors on the dark web. Depending on the goal of the actor and the nature of the stolen data, criminals can find airline-specific materials for sale on a variety of markets. Below, we take a look at the types of threats targeting airlines and their customers on dark web marketplaces, and what organizations can do to prevent exposure and attacks.
Marketplaces that specialize in the sale of account credentials are havens for threat actors interested in exchanging compromised information. In these marketplaces, stolen customer account information is in steady supply, as threat actors are consistently adding new data acquired through network compromise and phishing scams. This data is often sold for minimal fees, allowing threat actors of all levels of experience to use for the malicious purposes of their choosing.
Threat Types
Account Data
Account data associated with specific airline providers is commonly advertised with varying levels of access on dark web marketplaces. Below is an example of data attributed to the Turkish Airlines brand. This particular data set contains customer names, points available on accounts, and print screens showing the account actively logged into. By capturing this intelligence, security teams can identify compromised customers without purchasing the data directly off the marketplace.
Overview of Available Account Data for Turkish Airlines
Account Data for Sale
Print Screen of Airline Account for Sale
Airline Status
Threat actors will frequently look to purchase different levels of status for well-known airline brands. Not only do members of the dark web advertise their stolen data for sale, but individuals also broadcast their preferences of information to buy. In this type of exchange, threat actors will typically provide the best method of contact in posts on dark web forums.
In the example below, the threat actor is instructing potential sellers to reach out via the chat messaging platform for sales inquiries.
Card Data/Credit Unions
Credit unions associated with the airline industry are also targeted on the dark web. The sale of member credit/debit card data can be found in varying levels of detail on both carding marketplaces as well as forums. This type of information can be obtained by threat actors through malicious means such as skimming devices, point-of-sale malware, and sniffers.
Below are two examples of card data targeting an airline’s credit union branch. The data from the first screenshot showcases customer PII tied to the account on a typical carding marketplace. The second displays full credit card numbers posted over a carding forum.
Database Leaks
As withother industries, airline customers and employees are not immune to data leaks being posted on the dark web. Data leaks can be advertised by threat actors for a fee, with the stolen data, or the fully compromised credentials posted for free.
The screenshot below showcases two Colombian airlines with various customer data exposed. The types of information include: user data, name, date of birth, passport numbers, phone, email, and more.
It is commonplace for threat actors to post small samples or highlights from the stolen data on dark web forums. The purpose of this is to entice members to reach out via private message in regards to procuring the information. In the screenshot below, the threat actor gives examples of the types of information included in a small database compromised directly from a company server.
Below, in the same forum, the threat actor has posted samples of the data in addition to offering the total database for a fee of $3,000 USD.
Infostealers
In addition to purchasing sensitive data, infostealer data has been a popular vector for threat actors to gain internal access to companies and should be considered a high-priority security threat. Infostealers are a type of malicious software commonly used to exfiltrate data from infected computers. This information is then sold to other criminals, who abuse company credentials to infiltrate network systems.
Threat actors also purchase infostealer malware and launch attacks themselves.
Below is an example of an airline database compromise affecting 3,200 vendors due to a Redline infostealer infection. In this instance, the target of the attack was an airline employee with third-party access to internal systems. The leaked information included names, addresses, phone numbers, and email addresses.
Redline, along with many infostealer malware variants, can be distributed to victims via traditional phishing methodologies, mobile applications, and pirated materials that will infect devices with malicious software when it is downloaded.
Infostealers continue to be a popular method for threat actors to infiltrate an institution’s internal environment or gain access to their customer’s information. Compromised data as a result of an infostealer attack can be purchased for a very small fee and manipulated by the purchaser for their needs.
For instance, infostealer malware can go beyond access to the username and password of the compromised account to capture authentication cookies/tokens of the compromised machine. This allows a user to remain logged into online services without having to constantly sign back in with their password or a two-factor authentication code.
By using session cookies/tokens within their own browser, the buyer is able to bypass security protection measures like two-factor authentication and remain undetected by the compromised user.
Ransomware
The airline industry continues to be targeted by ransomware groups. Many of these groups have leak sites on the dark web where they will publicly shame compromised corporations. These sites include countdowns documenting the time to pay ransom before data is leaked, samples of the data, screenshots of documents that were compromised, and download links to get the full set of data.
The example below advertises compromised data belonging to Allegiant Air on a Clop ransomware group leak site.
The dark web is ripe with marketplaces distributing stolen information and the tools needed to target and attack vulnerable industries. Account data belonging to the airline sector is highly sought after and available through these marketplaces, where cybercriminals advertise varying types of stolen information for relatively small fees.
While the dark web can be difficult to navigate, security teams should familiarize themselves with spaces where compromised information associated with their brand may be present. By proactively identifying data linked to their brand, customers, employees, or partners, they will have the opportunity to limit or contain any damage that could occur as a result of compromise.
Posted in Commentary with tags Rogers on December 14, 2023 by itnerd
Rogers and Lynk Global, Inc. today announced they completed Canada’s first successful satellite-to-mobile phone call using Samsung S22 smartphones. The call took place in historic Heart’s Content, where the world’s first transatlantic telegraph cable took place between Canada and Ireland over 150 years ago. The two companies also tested SMS, data and emergency alerting services.
Technology available on existing smartphones The phone call was made between Andrew Furey, Premier of Newfoundland and Labrador, and a member of the Newfoundland and Labrador Search and Rescue Association using Lynk’s low-earth orbit (LEO) satellites and Rogers national wireless spectrum. Wireless spectrum ensures this technology works on existing smartphones so customers don’t need to install customized apps or not yet available hardware.
Rogers to launch satellite-to-mobile phone technology in 2024 Rogers will launch satellite-to-mobile phone technology in 2024, starting with SMS texting, mass notifications and machine-to-machine AI applications, and then expand the service to include voice and data services quickly thereafter. This new technology will deliver wireless services to the country’s most remote wilderness, national parks and rural highways.
Rogers is committed to improving public safety through its national network investments. This includes the company’s commitment to bring 5G wireless service and 911 access throughout the entire Toronto subway system for all TTC riders and extend wireless coverage along Canada’s remote highways. The company also continues to invest to bring Canadians the largest and most reliable 5G network, which now covers more than 2,200 communities.
Posted in Commentary with tags Google on December 14, 2023 by itnerd
Last weekGoogle introduced Gemini, their latest and most capable AI model, and explained their vision, revealed technical details and shared a roadmap of what’s to come. They also previewed what developers will be able to build with its state-of-the-art multimodal capabilities.
Google is now making Gemini Pro available to developers and organizations, as well as a range of other AI tools, models and infrastructure.
Here’s what They’re announcing:
The Gemini Pro API is available to developers in Google AI Studio.
It’s also available to enterprises through Google Cloud’s VertexAI platform.
They’re also introducing other models in Vertex AI to help developers and enterprises flexibly build and ship applications:
An upgraded Imagen 2 text-to-image diffusion tool.
A family of foundation models fine-tuned for the healthcare industry, MedLM available (via allowlist) to Google Cloud customers in the U.S.
And they announced general availability of Duet AI forDevelopers and Duet AI in Security Operations.
Posted in Commentary with tags Apple on December 14, 2023 by itnerd
It seems that Beeper Mini’s victory over Apple in terms of getting their iMessage on Android app back online was short lived. Last night, this was posted to Twitter:
We're investigating reports that some users cannot receive iMessages on Beeper Mini and Beeper Cloud.
This doesn’t come as a shock. When Beeper found away around whatever Apple did to shut them down, I fully expected Apple to retaliate. And so they have. But there is a workaround apparently. How long that workaround continues to work is anybody’s guess. And I also fully expect the “-5%” of users affected by this to grow.
At this point, I expect this cat and mouse game between Beeper and Apple to continue for some time until, Beeper taps out. The only thing that is at question here is how long it will take for Beeper to tap out.
I’ll be watching this story as I expect there will be more developments.
Critical Need for Closer Ties Between Developers and Security Vendors: Appdome
Posted in Commentary with tags Appdome on December 14, 2023 by itnerdThe global surge in mobile app usage has transformed brand engagement, but it brings a heightened risk of cybersecurity threats. Appdome‘s survey of 25,000 consumers across 12 countries reveals that 40% have experienced or known someone close to them falling victim to cyber-attacks, emphasizing the urgent need for robust security measures.
Consumer concern is evident, with 73% stating they would swiftly abandon an app at the slightest hint of vulnerability. App developers must recognize their pivotal role in shielding users from cyber threats, transitioning from basic protection to a robust mobile app defense.
Crucially, users now demand prevention, not compensation after a privacy breach, necessitating closer collaboration between app developers and security vendors from the start of the development process.
For a detailed exploration of the state of mobile app security, please have a look at the full report.
Leave a comment »