Two Research Reports Show That Phishing Emails Are Not Only Increasing, But They Are More Dangerous Too

Posted in Commentary with tags , on March 30, 2023 by itnerd

According to Cofense researchers, in their latest State of Email Security Report, the volume of phishing emails sent in 2022 is up 569%.

Using artificial and machine learning analysis, researchers analyzed global network data from 35 million users. The email security report revealed five specific trends:

  • Credential phishing emails: + 478%
  • Top malware gangs: Emotet and QakBot
  • Top cybercrime: BEC
  • Web3 use: +341%
  • Use of Telegram bots for exfiltration: +800%

In data compiled by Open Text Cybersecurity in their 2023 Global Threat Report, researchers revealed that phishing sites detected using HTTPS increased nearly 56%, highlighting that domain authorities are becoming less effective at preventing bad actors from obtaining and using legitimate certificates to enhance their phishing success rates.

Translation: None of this is good if you’re responsible for stopping the bad guys from getting in the door. I have two comments on this, the first is from Dave Ratner, CEO, HYAS:

“Either finding credentials on the dark web or stealing credentials via phishing continues to be one of the main entry points into the enterprise for malicious actors. While MFA and other techniques can help secure this entry point, any approach should be complimented with a Protective DNS solution — bad actors will continue to use social engineering and other approaches to obtain proper credentials, but a Protective DNS solution can and will uniquely identify the anomalous communication that bad actors generate once they get inside, as they beacon out to their command-and-control. This layer of visibility ensures that such breaches can be identified and shut down before they progress into major issues.”

The second is from Morten Gammelgaard, EMEA, co-founder, BullWall

    “The growth here is miniscule compared to what will happen in 2023. The rise of natural language AI, like ChatGPT, will EXPLODE the efficacy of phishing overnight. Threat Actors have just two ways to Phish. Firstly, they can write a form email meant for generic people. This is less effective but it’s a numbers game. You may send out 100,000 thousand of these but you only need one to click. Or you can Spear Phish, that is where you research the email recipient, view their boss on LinkedIn, their vendors they interact with, and write a custom email to trick that single user. Maybe 1 out of 100 of those will be successful. 

   “With AI you get the best of both worlds. Mass email campaigns that are highly targeted at a scale that can produce 100,000 custom attacks instantly. This will explode cybercrime, and there is an arms race between the largest companies on the planet, Google, Apple, Microsoft and others throwing billions of dollars to rush their AI apps out, often putting aside safety and use cases in exchange for being first. They have everything at stake if they lose their footholds. But the Russians and Chinese also are secretly funding billions of dollars into AI, but for Cyber Espionage, Ransom and Attacks. You can’t stop it. You must focus on building your defensive stack, including rapid containment tools on your Endpoints, like Endpoint Detection and Response, and on your Critical Infrastructure and File Shares with tools like Ransomware Containment and Critical Infrastructure monitoring.”

What’s clear from these threat reports is that that these phishing attacks are becoming more sophisticated. Which will make them more dangerous and costly if a multi-faceted approach to defending against them isn’t taken. And the time to act on that front is now.

Leave a comment »

BREAKING: Elon Musk Tried To Meet With FTC Chair And Got Flipped Off

Posted in Commentary with tags on March 30, 2023 by itnerd

The New York Times is reporting that Elon Musk tried to meet with the chair of the FTC Lina Kahn, but he didn’t get that meeting. Here’s the TL:DR:

After Mr. Musk requested to meet with Ms. Khan, she consulted with the enforcement division inside the F.T.C.’s consumer protection bureau, which has been leading the Twitter investigation, according to the email among agency staff members describing the situation. Acting on the enforcement team’s advice, Ms. Khan declined to meet with Mr. Musk at that time.

In Ms. Khan’s Jan. 27 letter to Twitter, she noted that the company was under investigation and had dragged its heels in providing documents to the F.T.C., delaying depositions with witnesses including Mr. Musk. She said she was “troubled by Twitter’s delays and the obstacles that these delays are creating for the F.T.C.’s investigation.”

“I recommend that Twitter appropriately prioritize its legal obligations to provide the requested information,” she wrote. “Once Twitter has fully complied with all F.T.C. requests, I will be happy to consider scheduling a meeting with Mr. Musk.”

What does this tell you. Elon must really think that the FTC is about to lower the boom on him in a serious way, and he wants to head this off before it becomes costly. Be that in fines, forcing him to change how he does business, or most likely both. For all of his bravado, he’s at least smart enough to figure out that getting three letter agencies in the US mad at him is not a smart move. The thing is, I have to believe that he’s way too late on that front and he’s on the cusp of having yet another problem to deal with on top of the many, many other problems he has at the moment.

Leave a comment »

34% Of Shoppers Rank Data Security As A High Priority: BR-DGE

Posted in Commentary with tags on March 30, 2023 by itnerd

New research from BR-DGE reveals consumers’ concern over payment security, with 34% of shoppers ranking data security and payment encryption as being the most important element in an online shopping experience. A further 83% of the 1,200 UK consumers surveyed stated their concern regarding where their card details are processed and stored during transactions.

Rui Ribeiro, CEO and Cofounder, Jscrambler:

     “The new BR-DGE research shows that consumers recognize the growing need for effective payment security. With every purchase transaction, they offer up their money, their data and their trust. It’s imperative for e-commerce companies to better protect them by securing their payment pages. On average, 70% of the scripts that power components like payment forms come from third-parties. The majority of websites have more than 10 different vendor scripts accessing their payment pages. 

E-commerce companies need to focus on gaining visibility and control over these scripts to prevent data compromise – and protect their revenue, reputation, and ability to comply with regulations. The risk of third-party scripts must be not only understood but minimized in order to protect customers and keep up with the rapidly increasing pace and expectations of the online payment landscape.”

I for one am glad that consumers have awareness about payment security. Hopefully this translates into retailers doing everything they can to ensure that consumers can shop safely online.

Leave a comment »

My Official Advice For People Stuck In The Rogers Email Fiasco Is As Follows: Abandon Rogers Email

Posted in Commentary with tags on March 30, 2023 by itnerd

What started as a general outage with Rogers Internet offering that happened almost a month ago has evolved into a situation where users of Rogers email service (in other words they have a @Rogers.com address) can’t get their email on any device or application that they choose. And that has dragged on for weeks. This is in part due to the fact that Rogers requires users to create  App Specific Passwords via Rogers Member Center on each program or device that an email address is used on. The creation of new app specific passwords doesn’t work and existing app specific passwords appear to have been deleted in many cases. That pretty much breaks your applications that rely on them. There is a workaround, but that workaround is sub-optimal because viewing mail through a web browser is not the best experience. Especially on a smart phone. And they’re the fact that you might have to call Rogers to get someone to reset your email password if you don’t know what it is. The problem with that is that since this fiasco began, Rogers wait times to speak to someone have gone through the roof. Making that a sub-optimal experience as well for Rogers customers.

Now Rogers knows that this is an issue, but at this point it is crystal clear that if an issue that has affected their users for almost a month hasn’t been fixed, it likely means that Rogers can’t fix it, or isn’t going to fix it. I don’t know which it is but either is on the table. And honestly, which it is doesn’t really matter at this point because it hasn’t been fixed in any timely manner.

Based on the fact that I get daily emails or calls from existing clients of mine asking “is it fixed yet?”, along with referrals who got my name in hopes that I could fix their Rogers email because Rogers can’t, I have come to the conclusion that Rogers customers need to simply find another provider that isn’t Rogers for their email. I say that because there has been zero communication from Rogers on this issue, which means that there is zero insight about if or when this might be fixed.

The workflow that I have been using with clients of mine to get them off Rogers email is as follows:

  1. Create a new email address either with a “free” provider or by hosting your own domain: I have a high level overview of these two options in this article that I wrote about not using your ISP’s email. I personally recommend the latter option, but I know that not everyone is going to go through the time and effort, not to mention money to take that option. Which is why I offer up the former option. Once you have that account set up on all your applications and devices, you can start using it. In case you’re wondering why I have the word “free” in quotes, “free” email services are known to troll your email to show you advertisements that are relevant to you, not to mention use that data for who knows what. Thus “free” in this case mean that you the product.
  2. Broadcast the fact that you have a new email account: You should do a couple of things to make sure that as many people as quickly as possible know that you’re changing email accounts:
    • Send out an email blast saying that your changing email addresses and the old one will not be used past a certain date. That way it incentivizes people to use your new email address as quickly as possible.
    • Set up a vacation alert on Rogers email with the same information. That way every email that hits your Rogers inbox gets the same information. Rogers has info on how to do that here.
  3. Change the emails related to any online service that you use to your new email address: You’ll have to change the email addresses that are used by anything like online shopping, newsletters, Facebook, Instagram, etc. to your new email address. And this is a good time to look at the various mailing lists that you belong to and ask yourself if you really need to be getting that one extra piece of email.

Now you’ll have to check your Rogers email with a web browser periodically to make sure that you don’t miss any emails that you didn’t account for when you went through the above steps. But if the stars align, you should see the emails coming to your Rogers account decrease over time, and increase in your new email inbox. Making this a win. And then whenever Rogers fixes their email issues, you can export all your email so that you have a record of it. I actually have documented how to export not only your email, but your contacts as well here. But that will only work when Rogers sorts out their issues as it requires an App Specific Password, which of course isn’t working at the moment. But once you do that, you then have the freedom to dump Rogers as your ISP if you so choose as you have no practical need to stay with them as your email is no longer locked in with them. And I can tell you that I have a number of customers just waiting to do that the second that Rogers addresses their email issues and they can get their mail exported.

UPDATE: For those who really want to go into the weeds on these ongoing email issues with Rogers, you can feel free to read this.

4 Comments »

Judge Grants Twitter’s Request To ID Source Code Leaker Along With People Who Downloaded The Source Code

Posted in Commentary with tags on March 30, 2023 by itnerd

Yesterday a court in California granted Twitter’s request to force GitHub identify who leaked source code onto GitHub and who’s downloaded said source code from GitHub.

Let’s start with the who part. The GitHub user ID associated with the leaked source code is “FreeSpeechEnthusiast” which I am sure is a shot at the fact that Elon Musk claims to be a free speech absolutist, but hasn’t demonstrated that since buying Twitter. It doesn’t take a rocket scientist to figure out that “FreeSpeechEnthusiast” is most likely a disgruntled former Twitter employee who’s decided to take a little revenge on Elon for firing him or her. Whether they can actually track this person down is anyone’s guess as I have to assume that they would have smart enough to have covered their tracks. But I guess we’ll see as that sometimes isn’t the case when people try to take some form or revenge on a former employer.

Now over to the people who downloaded this source code. Chances are they’ll find a bunch of people who downloaded this code for giggles. But those aren’t the people who should concern Elon. Threat actors who downloaded this code, and who really want to take Twitter down or make life miserable for Elon aren’t going to be that easy to find. Thus I believe that the damage to Twitter has only begun as I fully expect attacks on Twitter to begin soon and no amount of legal intervention will change that.

GitHub has until April 3 to produce all of this information. It’s not clear to me if they can or will do that. And it isn’t clear if this code exists elsewhere on GitHub. I suppose Elon could get one of the few people who are left at Twitter to spend their time looking through GitHub trying to find any other copies of Twitter’s source code. But I suspect that Elon will have bigger issues to deal with shortly.

Tune in April 3rd or earlier to see what happens next.

Leave a comment »

Valve To Gamers: Upgrade Your Microsoft OS To At Least Windows 10 Or You Can’t Play Our Games

Posted in Commentary with tags on March 30, 2023 by itnerd

There’s a lot of gamers out there that have top of the line hardware and are also running Windows 10 or 11. But there’s also a significant camp of gamers who don’t have the latest and greatest hardware, and are also running operating systems like Windows 7. If you’re in the latter camp, Valve who makes the popular Steam game distribution system have a message for you. You need to upgrade to at least Windows 10 by the start of 2024, or else:

As of January 1 2024, Steam will officially stop supporting the Windows 7, Windows 8 and Windows 8.1 operating systems. After that date, the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will need to update to a more recent version of Windows.

This change is required as core features in Steam rely on an embedded version of Google Chrome, which no longer functions on older versions of Windows. In addition, future versions of Steam will require Windows feature and security updates only present in Windows 10 and above.

Now I’ve seen some outrage online about this. But seriously folks, Windows 7, 8 and 8.1 have been deemed end of support in the case of Windows 8.1, and end of life in the case of Windows 7. That means that there’s no technical support, no bug fixes, and no security fixes. The latter is the important part as no security fixes means that your chances of getting pwned by something are way higher than the person running Windows 10 or 11. But beyond that, you’ll be seeing messages from other software companies saying that they can’t support you with new versions of their software, not to mention bug fixes. So as difficult as it may by it’s time to bite the bullet and buy that new gaming rig that you know that you want with Windows 11 or Windows 10 on it. You’ll be better off as a result.

Leave a comment »

Hackers Spoof French Energy Company in Phishing Campaign

Posted in Commentary with tags on March 30, 2023 by itnerd

Avanan, a Check Point Software company has a dive deep on their blog which analyzes an attack that spoofed a reputable energy company in France, TotalEnergies, to steal funds.  

In this attack, hackers change the reply-to address to send emails from what appears to be a reputable company, however it is a spoofed account. The email is asking for a quotation surrounding the purchase of a centrifuge and a document is attached that has all the requested information. The hackers’ ultimate goal is for users to steal victims’ money at the end of the attack. 

You can read the deep dive here.

Leave a comment »

Cado Security Introduces Masked-AI: Open Source Library to Secure Sensitive Data 

Posted in Commentary with tags on March 30, 2023 by itnerd

Cado Security, provider of the first cloud forensics and incident response platform, today announced the availability of Masked-AI. This open-source library enables the usage of Large Language Models (LLM) APIs such as OpenAI/GPT-4 more securely without sending out sensitive information. Available as a download from the GitHub repository, Masked-AI allows developers to use APIs such as OpenAI without worrying about security concerns.

Previously, the company introduced an Interactive Incident Response feature within the Cado Platform utilizing GPT-3 to further streamline forensic investigations and expedite response. Cado noted several potential issues with using GPT-3 in production environments for the incident response use case, including privacy-related concerns. Introducing Masked-AI is Cado Security’s initiative to foster a community around speeding up incident response in the cloud while leveraging LLM APIs securely to increase the efficiency of security teams.

Sharing highly-sensitive data with a third-party API is a massive security and privacy concern. Even with data usage policy changes, there have still been security issues causing concerns amongst the industry including the exploitation of users’ AI conversations. With these types of incidents still at large, the launch of Masked-AI offers users the ability to conceal sensitive data shared via API to ensure confidentiality and greater security, while continuing to take advantage of all of the benefits AI has to offer.

Masked-AI currently masks individuals’ names, credit card numbers, email addresses, phone numbers, web links, and IP addresses. The tool is “masking” or replacing sensitive data with a placeholder and sending the masked request to the API. The solution stores a lookup table locally to then later reconstruct the API output to include the sensitive data for the user to consume.  

The Python SDK and CLI tool is a free, open-source companion to Cado’s enterprise/commercial product for cloud forensics and incident response. The new open-source tool developed by Cado’s software engineering team has also been integrated with the Cado platform to further optimize and expedite the end-to-end incident response process.

For more information on getting started with Masked-AI, please visit https://www.cadosecurity.com/introducing-masked-ai-an-open-source-library-that-enables-the-usage-of-llm-apis-more-securely/.

To learn more about the Cado Platform, visit https://www.cadosecurity.com/platform/.  

Leave a comment »

ByteDance Appears To Have A Backup Plan For A TikTok Ban… And It’s Called Lemon8

Posted in Commentary with tags on March 30, 2023 by itnerd

The United States and various other countries are looking to ban TikTok because it is seen as a tool of the Chinese Communist Party to spread misinformation and gather information on people that they can use against them. That’s sent TikTok’s parent company ByteDance looking for options to keep itself alive. And the company over the last month has started to push an app called Lemon8 towards US audiences. This app seems to be a version of Instagram that allows users to share photos. It doesn’t appear to have video support, but I am sure that’s coming. And the thing is that TikTok users can link their TikTok accounts to Lemon8. And apparently that’s happening with the biggest influences on TikTok not only linking their accounts to Lemon8, but actively promoting the app. Thus it’s no shock that the app is getting downloads as a result. In fact according to TechCrunch, Lemon8 is already in the top ten of the US version of the Apple App Store. Though I will point out that the app has been around since 2020 and is extremely popular in other parts of the world. Though the app is not yet available in Canada as I type this.

But I have to ask the question, is this really a backup plan? I ask because I’ve written about the RESTRICT act which if passed would give the US the ability to ban apps like TikTok. The way the law is written, it’s beyond a safe bet that Lemon8 would meet the same fate. So why should ByteDance bother with this? My guess is that ByteDance was originally going to go after Instagram with this app, but they appear to now shifted it to being a haven for TikTok users in the short term if TikTok were to be banned. Thus kind of forcing the US government and other governments into a game of “whack a mole”. Also, during the disastrous (for ByteDance) hearings last week on Capitol Hill, ByteDance sent an army of influencers to the hill to lobby politicians against banning TikTok. I’m also guessing that by shifting those influencers to Lemon8, it’s a means to show how powerful that community is and that Congress can’t ignore them.

It will be interesting to see how this plays out as I have to believe that it’s only a matter of time before the RESTRICT act passes congress and lands on the President’s desk. And once he signs it, then it’s game on in terms of what happens to ByteDance and all their apps.

Leave a comment »

New Research Reveals 15+ Million Vulnerable Instances That Are Susceptible To APTs From CISA’s KEV Catalog

Posted in Commentary with tags on March 30, 2023 by itnerd

Rezilion has released its latest research report, a comprehensive analysis of the CISA Known Exploited Vulnerabilities (KEV) Catalog that reveals the vast attack surface created by software vendors’ lack of awareness and action regarding KEV vulnerabilities. These are prime targets for APT groups and financially motivated threat actors.

Rezilion’s research identifies over 15 million vulnerable instances, primarily Microsoft Windows instances, and emphasizes prioritizing patching based on exploitability. 

  1. These vulnerabilities account for less than 1% of the total vulnerabilities discovered by organizations yearly.
  2. Most vulnerabilities are rated as critical or high (250 marked as CRITICAL and 535 marked as HIGH).

APT groups and profit-driven threat actors frequently exploit these vulnerabilities, often connecting to or receiving sponsorship from nation-states such as Russia, Iran, China, and North Korea. Millions of systems remain vulnerable to KEV, despite the availability of patches to resolve them.

You can read the report here.

Leave a comment »

« Older Entries
Newer Entries »