Public Mobile Launches Canada’s First 5G Subscription Phone Service 

Posted in Commentary with tags on May 25, 2023 by itnerd

Public Mobile has launched Canada’s first 5G subscription phone service, offering Canadians the unique opportunity to experience mobility differently on an award-winning network.

Different from traditional postpaid and prepaid plans, Public Mobile’s subscription service offers a number of features and benefits:

  • For the first time ever, Public Mobile customers have the ability to access premium 5G wireless service, backed by an award-winning wireless network.
  • The ability to choose between a monthly or 90-day subscription, the speed plan and premium features (like unlimited data) that best fits their needs.
  • No overage fees, no credit checks, no confusing contracts and no surprises 
  • An all-new Public Mobile app that lets you manage your Public Mobile experience  digitally . From activating in minutes with eSIM to 24/7 account management and digital support and rewards with Public Points, Canadians can do it all on the app any where, anytime. 

This launch addresses a growing consumer demand and pain point, with a new survey commissioned by Public Mobile uncovering that more than 60% of Canadians agree that having a subscription service provides them cost certainty, convenience and peace of mind. Furthermore, 94% of Canadians feel they deserve more options when it comes to mobile phone plans, furthering why Public Mobile’s unique offering is a game-changer for Canadian mobility.

Here’s a message from Jim Senko, Chief of the Unexpected Officer, Public Mobile, for more information on the new offering and what it means for Canadians.

Leave a comment »

Guest Post: ESET Research Reveals New Analysis Of AceCryptor: Used By Crimeware, It Hits Computers 10,000 Times Every Month

Posted in Commentary with tags on May 25, 2023 by itnerd

ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected over 240,000 detection hits of this malware, which amounts to over 10,000 hits every month. It is likely sold on dark web or underground forums, and tens of different malware families have used the services of this malware. Many rely on this cryptor as their main protection against static detections.

“For malware authors, protecting their creations against detection is challenging. Cryptors are the first layer of defense for malware that gets distributed. Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors, it often may be time-consuming or technically difficult to maintain their cryptor in a fully undetectable state. Demand for such protection has created multiple cryptor-as-a-service options that pack malware,” says ESET researcher Jakub Kaloč, who analyzed AceCryptor.

Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware available for purchase on underground forums and used to steal credit card credentials and other sensitive data, upload and download files, and even steal cryptocurrency. RedLine Stealer was first seen in Q1 2022; distributors have used AceCryptor since then, and continue to do so. “Thus, being able to reliably detect AceCryptor not only helps us with visibility into new emerging threats, but also with monitoring the activities of threat actors,” explains Kaloč.

During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor. Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. AceCryptor is heavily obfuscated and has incorporated many techniques to avoid detection throughout the years.

“Even though we don’t know the exact pricing of this service, with this number of detections, we assume that the gains to the AceCryptor authors aren’t negligible,” theorizes Kaloč.

Because AceCryptor is used by multiple threat actors, malware packed by it is distributed in multiple ways. According to ESET telemetry, devices were exposed to AceCryptor-packed malware mainly via trojanized installers of pirated software, or spam emails containing malicious attachments. Another way someone may be exposed is via other malware that downloaded new malware protected by AceCryptor. An example is the Amadey botnet, which we have observed downloading an AceCryptor-packed RedLine Stealer.

Since many threat actors use the malware, anyone can be affected. Because of the diversity of packed malware, it is difficult to estimate how severe the consequences are for a compromised victim. AceCryptor may have been dropped by other malware, already running on a victim’s machine, or, if the victim got directly afflicted by, for example, opening a malicious email attachment, any malware inside might have downloaded additional malware; thus, many malware families may be present simultaneously.

AceCryptor has multiple variants and currently uses a multistage, three-layer architecture.

Even though attribution of AceCryptor to a particular threat actor is not possible for now, ESET Research expects that AceCryptor will continue to be widely used. Closer monitoring will help prevent and discover new campaigns of malware families packed with this cryptor.

For more technical information about AceCryptor, check out the blogpost “Shedding light on AceCryptor and its operation” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Leave a comment »

Ron DeSantis Makes The Mistake Of Launching His Presidential Campaign On Twitter

Posted in Commentary with tags on May 25, 2023 by itnerd

Ron DeSantis is seen as a frontrunner for the Republican nomination to become President of the United States. And he decided to launch his bid for The White House on Twitter with is “friend” Elon Musk.

Bad move Ron. Here’s why:

The start of a much-anticipated Twitter event in which Florida Gov. Ron DeSantis planned to announce his 2024 Republican presidential bid was repeatedly disrupted Wednesday when Twitter’s servers apparently could not handle the surge in traffic. 

The app crashed repeatedly as Twitter users tried to listen to the event where Twitter owner Elon Musk joined DeSantis for the announcement. 

DeSantis eventually was able to speak, about 20 minutes after the scheduled start, after Musk closed the initial Twitter Spaces event and started a second one on the app. That space attracted about 161,000 users, according to Twitter’s public-facing data, as DeSantis read a short speech.

And:

Voices early in the Twitter Spaces event were openly concerned Trump would take advantage of the early glitches, a notable admission because the event was set up by DeSantis supporters.’

“This is going to be a stain that Trump is going to leverage for at least a few weeks,” one person could be heard saying amid the event’s early glitches.

As the first Twitter Spaces event kicked off, metrics published by Twitter indicated that more than 600,000 were attempting to listen. 

“We’ve got so many people here that I think we are kind of melting the servers,” Sacks said at one point.

“We’re reallocating some of the server capability to be able to handle the load here. It’s really going crazy,” Musk said.

By the time DeSantis got the moment his political team had spent weeks negotiating, there were fewer than 70,000 viewers remaining, a significantly smaller audience than is traditional for a major presidential campaign launch.

That’s a #fail. But the bad news doesn’t end there:

Trump aides and allies immediately — and gleefully — mocked the Florida governor for the initial tech fiasco.

“Glitchy. Tech issues. Uncomfortable silences. A complete failure to launch. And that’s just the candidate!” Steven Cheung, spokesman for former President Donald Trump’s campaign, told NBC News. 

President Joe Biden’s Twitter account posted a link to his own fundraising page, writing, “This link works.”

You have to think that Elon must be embarrassed that such a high profile event caused Twitter to pretty much implode. It illustrates just how badly Elon is running Twitter at the moment. And should serve as a warning to anyone who wants to do a high profile event to not do it on Twitter. Meanwhile, I am sure a bunch of Twitter employees who were fired by Elon in the early days of his takeover of Twitter are laughing at Elon because of this embarrassing situation. Sucks to be Elon.

2 Comments »

Hackers Creating Magic Links, Exploiting URL Deception and Obfuscation

Posted in Commentary on May 25, 2023 by itnerd

Avanan, a Check Point Software Company, has released a report unveiling how hackers create “magic links” that transform from safe to malicious upon pasting in the browser. The report uncovers a sophisticated phishing technique that exploits URL deception and obfuscation, enabling hackers to bypass traditional security measures and deliver malicious content to unsuspecting victims.

The attack involves the creation of “magic links” that appear harmless at first glance but transform into malicious destinations upon pasting them into a browser. Through email vectors and techniques such as URL obfuscation, hackers can deceive both users and security filters, successfully infiltrating the target’s inbox with malicious content.

You can read the report here.

Leave a comment »

ChatGPT Impersonation Fuels a Clever Phishing Scam: INKY

Posted in Commentary with tags on May 25, 2023 by itnerd

INKY has published a new Fresh Phish that impersonates OpenAI and takes numerous creative steps to harvest credentials. 

To give you an idea of the complexity, here is a recap of the techniques used in this phish:

  • Brand impersonation — using brand logos and trademarks to impersonate well-known brands.
  • Spoofing – disguising an email address so it appears to be from someone familiar. 
  • Malicious links – a clickable link that directs users to an illegitimate or unsafe website, usually for the purpose of harvesting credentials.
  • Credential harvesting — occurs when a victim thinks they are logging in to one of their resource sites but are really entering credentials into a dialog box owned by the attackers.
  • Dynamic redirection — uses elements of the victim’s email address, particularly the domain, to guide the attack flow.

You can read their research here.

Leave a comment »

Chinese Sponsored Hackers Target US Infrastructure

Posted in Commentary with tags , on May 25, 2023 by itnerd

Microsoft has said that it has found malicious activity by a Chinese-state sponsored hacking group that has stealthily gained access into critical infrastructure organizations in Guam and elsewhere in the US, with the likely aim of disrupting critical communications in the event of a crisis. 

In a report published Wednesday, Microsoft said the group, named Volt Typhoon, had been active since mid-2021, targeting organizations that span manufacturing, construction, maritime, government, information technology and education. 

Joe Saunders, CEO, RunSafe Security had this comment on this rather disturbing news:

“In all these attacks, denying the adversary the ability to target memory weaknesses in code is essential to thwart any additional steps in the attack, especially if  if we want to make our infrastructure resilient. Achieving cyber resilience is an urgent need for our country.”

Although Chinese state-sponsored hackers have never launched a disruptive cyberattack against the United States, even over decades of data theft from US systems, the country’s hackers have periodically been caught inside US critical infrastructure. Thus the time is to act now before these hackers escalate their activities beyond what they have done to date.

UPDATE: I have two more comments on this. The first is from Willy Leichter, VP, Cyware:

   “These state-sponsored groups are relentless in trying to get a persistent foothold in our critical infrastructure systems, and attacks are inevitable. While all organizations need to remain vigilant about tracking threats, and closing vulnerabilities, we really need to improve how quickly we disseminate critical intelligence industry-wide. Information sharing communities (ISACs) in critical infrastructure, energy, and other sectors are providing some of this intelligence, but we need much more wide-spread adoption and automation, so an attack on one system can be automatically defended against across an entire industry sector.”

Roy Akerman, Co-Founder & CEO, Rezonate followed up with this:

   “While described as novel, the TTPs mentioned in the report have been used for years. Webshells, Living-off-the-Land, command line, proxies for exfiltration. IOCs extracted are valuable but unfortunately have a short shelf life as attackers evolve their infrastructure. The report coming from CISA and NSA provide a fantastic insight on the techniques however you can also clearly identify where traditional EDR solutions will fall short against LOLBin use and how a layered defense approach is critical to augment and further provide critical context.”

Finally Steve Stone, Head of Rubrik Zero Labs concludes with this:

“Rubrik believes the combination of multiple private companies and several governments publicly reporting their findings is a great situation for the overall cybersecurity community.  In particular, the US Government and its partners are working to publicly report activity sooner than in the past at the cost of maintaining their potential access.  This demonstrable shift by the US government is a major step forward for private organizations.

“This activity is in-line with well-established Chinese hacking efforts.  This in no way undercuts the reporting, but its critical we view this as an existing assessment confirmation instead of net new activity.

“The continued focus on valid users and valid tools by threat actors presents one of the largest threats to the industry. The valid user is the most capable attack surface an attacker can gain.  Additionally, these types of actions are notoriously difficult to detect.  For all of these reasons, Rubrik is heavily investing in user intelligence in 2023, which we will combine with data trends.  We think this remains one of the largest problems to solve from a threat perspective.”

Leave a comment »

Watering Hole Attack Targets Shipping And Logistics Firms

Posted in Commentary on May 25, 2023 by itnerd

ClearSky researchers have identified eight “watering hole sites” infected with a common JavaScript method. All eight sites are Israeli shipping and logistics sites and are believed to be the work of Iranian actors raising concerns about companies operating in this sector.

“In watering hole attacks, the attacker compromises a website that is frequently visited by a specific group of people, such as government officials, journalists, or corporate executives,” reads the company Advisory. “Once compromised, the attacker can inject malicious code to the website, which will be executed when users visit it. Currently, the campaign focuses on shipping and logistics companies, aligning with Iran’s focus on the sector for the past three years.”

The watering hole tactics shared the following characteristics:

  • C2 Attribution -The domain jquery-stack[.]online is attributed to TA456 (Tortoiseshell).
  • Known iranian TTP – Watering hole attacks have been part of the initial access stage used by Iranian threat actors since 2017. 1 This initial access technique was also mentioned by Mandiant 2 in August 2022, where an Iranian threat actor named UNC3890 was targeting shipping companies in Israel using the samewatering hole attack. In the current attack, visiting user data is collected and sent to the attacker’s C2 server.
  • Usage of “jQuery” – Our team observed four domains impersonating jQuery, a legitimate JavaScript framework, by using “jQuery” in their domain names. This is done to deceive anyone who checks the website code. 
  • – Usage of open source tools – Use of open-source penetration test tools that focus on web browsers. The attacker used code taken partly from Metasploit framework 3, with a few added unique strings. According to one of the victims, the JavaScript found in this research is unknown to them, indicating that the script is malicious.

I have two perspectives on this. The first is from Mark Bermingham, VP, Cyware:

“Watering Hole Attacks, especially those with some track record, can often be avoided thru a combination of threat intel, to identify the threat, and orchestration, to automate action to prevent the site from being reached.”

Dave Ratner, CEO, HYAS adds this comment:

   “Having visibility into adversary infrastructure and command-and-control  (C2) structures is critical for a modern cyber security stack, but as ClearSky points out, C2 infrastructure may not always be created by the adversary. This is why more than pure allow-and-deny lists and feeds are required. It’s important to understand in real-time what is and isn’t being utilized by malicious actors, and how that changes.”

Clearly the bad guys are getting very sophisticated. That means that those who defend against these sorts of attacks need to up their game as it were. That’s the only way to keep the bad guys out, and bad press from hitting the headlines.

Leave a comment »

79% Expect Ransomware Attacks This Year And 77% Wrongly Think EDRs Will Stop Them 

Posted in Commentary with tags on May 25, 2023 by itnerd

The Ransomware Report 2023 from Cybersecurity Insiders and BullWall offers findings from a survey of 435 cybersecurity professionals across several sectors, showing that ransomware remains a top concern, and the effectiveness of remediation steps are often misunderstood. Although 76% were confident in the organization’s ability to prevent an attack, only 35% were confident in the organization’s current ability to remediate ransomware after it locks or encrypts data within their systems. Moreover, 79% expect their organization to be a ransomware target within the next year.

I have two views on this. The first is from Mark Bermingham, VP, Cyware:

   “This research highlights the general apathy around a serious situation with EDR. If these numbers were about threats to individuals’ retirement income you would hear a lot more alarm bells. Better solutions exist and many are already deployed, but we need better tools for dealing with all the threat noise, connecting these dots with existing tools, and taking proactive action.“

Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:

   “We often see that despite controls put in place to prevent ransomware, they are often misconfigured and therefore not able to prevent and at best detect active encryption attempts. Proactively simulating ransomware-type attacks can help an organization assure existing security investments are fully utilized and properly configured. Increasing readiness in case of an actual attack against their infrastructure. The Ransomware readiness architecture highlights actions to be taken pre- and post-attacks across prevention, detection, investigation, and recovery and only once we proactively take these actions across the complete cycle, we are able to truly reduce risk.”

What this says to me is that organizations need to wrap their head around getting better defences in place to mitigate ransomware attacks. If they don’t they are guaranteed to be the next headline that I write about.

Leave a comment »

The White House Makes Another Announcement Related To AI

Posted in Commentary with tags on May 24, 2023 by itnerd

For the second time this month, The White House has made an announcement in regards to the responsible use of AI. Unlike an earlier announcement, this one centres around R&D and deployment:

AI is one of the most powerful technologies of our time, with broad applications. President Biden has been clear that in order to seize the opportunities AI presents, we must first manage its risks. To that end, the Administration has taken significant action to promote responsible AI innovation that places people, communities, and the public good at the center, and manages risks to individuals and our society, security, and economy. This includes the landmark Blueprint for an AI Bill of Rights and related executive actions, the AI Risk Management Framework, a roadmap for standing up a National AI Research Resource, active work to address the national security concerns raised by AI, as well as investments and actions announced earlier this month. Last week, the Administration also convened representatives from leading AI companies for a briefing from experts across the national security community on cyber threats to AI systems and best practices to secure high-value networks and information.

Ani Chaudhuri, CEO, Dasera was kind enough to provide their view of this announcement:

The Biden-Harris Administration’s recent steps to advance responsible artificial intelligence (AI) research, development, and deployment are crucial in our rapidly evolving digital age. Undoubtedly, AI technologies will transform how we live and work, so we must approach this field with a responsible yet innovative mindset.

One fundamental aspect of this responsible approach is to ensure data security. Every AI system relies on vast amounts of data, whether it’s automating tasks, making predictions, or creating new services. Ensuring the security of this data, its privacy, and its ethical use is not just a good practice; it’s a necessity. An AI system is only as good as the data it’s trained on, and if that data is biased, misused, or breached, the consequences can be severe.

However, while the government’s role in fostering responsible AI innovation is critical, we should be mindful of the potential pitfalls of heavy-handed regulation. We must strike a careful balance: on one side, safeguarding the rights and safety of individuals, and on the other side, not stifling innovation and competition. This is a delicate act. It’s essential to refrain from giving too much power to the government over the tech sector and limit regulatory barriers that could hamper the global competitiveness of our AI industry.

 Sam Altman, CEO of OpenAI, was recently in front of Congress and proposed a new agency to oversee AI. The idea of issuing licenses to train and use AI models is thought-provoking. Still, it could create regulatory capture where established players protect their position by creating barriers for others.

Instead, we should consider a more collaborative and decentralized approach that fosters trust, transparency, and accountability. Regulations should be built with an understanding of the technology and, more importantly, its implications on society and individuals. Instead of a single body that issues licenses, why not have a network of organizations, including academic institutions, non-profits, and private enterprises, that review, audit, and certify AI systems and their uses?

The risks associated with AI are complex and multifaceted, akin to cybersecurity risks. Cybersecurity has always been a cat-and-mouse game between those who seek to exploit vulnerabilities and those who work tirelessly to patch them. The same will likely be true with AI.

We should learn from our experiences in handling cybersecurity and data privacy issues. Clear guidelines, self-regulation, transparency, and domestic and international cooperation are vital in managing these risks without curbing innovation. While it’s true that we might not be able to regulate every AI model, we can build regulations for how these models are used, just like we have regulations for how personal data is used.

It’s crucial to focus on the main goal: making AI serve humanity, protect individuals, and foster innovation. We should not just regulate AI but guide it towards that goal. Our approach should be both proactive and adaptive, ready to embrace the opportunities AI presents and address the risks it poses. After all, AI is a tool we created, and it’s up to us to ensure it’s used responsibly.

It is a positive step that The White House is interested in putting up guardrails around AI. Because in my mind, AI could either be a positive force for all of us, or it could go off the rails in a really bad way. The actions that we take now will decide which way that goes.

UPDATE: Craig Burland, CISO, Inversion6 adds this comment:

On the surface, this is a well-considered, positive, and actionable step forward. The government appears to be looking at AI as a tool with both potential and risks, seeking first to understand. This is a smart approach for any new technology, particularly for something disruptive like AI.

The nine strategies outlined within the updated roadmap are sound, again balancing both the potential and risk of AI.  For example, the first strategy focuses on investment in AI research.  The third strategy focuses on ethical, legal, and societal implications of AI.  Maybe more importantly, what the administration lays out is actionable. They’ve outlined strategies that the US government can drive. They’ve avoiding calling for moratoriums, global bans, or other unattainable steps that would accomplish little.

UPDATE #2: Kevin Bocek, VP Ecosystem and Community, Venafi adds this commentary:

“We are still in the early stages of understanding the impact of AI on both businesses and the public, and it’s a constantly moving target, with new use cases and products being announced on a daily basis. So, it is very encouraging to see The White House take the first steps in developing a responsible AI framework. As part of this process, it is vital that the government recognizes that smart organizations will not slow down the innovation that we’re seeing with Generative AI, and that the results will be overwhelmingly positive. However, there are known and unknown risks that need to be skillfully mitigated. 

“As such, the priority for regulations must be to contain risks while encouraging exploration, curiosity and trial and error. But any steps to achieve this can’t be approached with a “set and forget” mentality. Regulators need to establish policies and guidelines that are reviewed and refreshed frequently as we explore the power of AI in more depth. This means the government will need to constantly collaborate and communicate with experts in the field to avoid neglect and exploitation.”

Leave a comment »

Tesla’s Brand Reputation Takes A Dive Thanks To Elon Musk

Posted in Commentary with tags on May 24, 2023 by itnerd

Elon Musk has a lot of problems right now. And here’s one more that he has to deal with. The Harris Poll has put out their Reputation Quotient, and boy did Tesla take a serious hit. Tesla’s score fell 6.4% to 74.3 out of a possible 100. The only company that I could find that took a bigger hit was BP. As in the company that was responsible for the Deepwater Horizon disaster. But here’s the thing. Tesla was ranked so highly in the previous year’s Reputation Quotient. Meaning that it’s reputation fell more than BP.

So, why would Tesla take such a hit? I’ve got a few theories:

  • Elon’s management of Twitter is casting a negative light on Tesla
  • Elon’s embracement of the alt-right is casting a negative light on Tesla
  • Elon’s lack of focus on Tesla is hurting Tesla
  • All of the above

The fact is that from my perspective, it’s Elon’s fault that Tesla’s brand reputation has tanked the way it has. Now while I have always said that Tesla would have the high ground in terms of EVs until traditional carmakers got serious about EVs, I never thought that Elon would simply hand the market over to his competition. Because that’s what he’s doing by behaving the way he is at the moment. Including saying that he didn’t care if his companies lost business because of what he chooses to say.

Well, perhaps he should care as this is sure to influence EV buyers away from Tesla and towards other brands who don’t have an unstable personality as its CEO.

Leave a comment »

« Older Entries
Newer Entries »