Posted in Commentary with tags Ford on March 4, 2023 by itnerd
As reported by Car and Driver & others, the Ford Motor Company has filed a patent with the USPTO for systems and methods that aid in vehicle repossession.
What could possibly go wrong?
Ford first filed for the patent in 2021 but it was formally published just last week. The idea is to allow the automaker to ease the process of repossession. The patent describes how fully autonomous self driving vehicles could repossess themselves, returning the car directly to the lender or in the case of a car that has too little value, it could drive itself directly to the junkyard! Other methods suggested in the patent involve limiting vehicle functions such as A/C, power windows, power seats, etc., or locking owners out of the vehicles.
Malicious or not, anyone gaining access to these systems of control could do anything from sending the cars on joyrides, to theft, to ransomware demands
It’s a bad novel just waiting to be written.
Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:
“This situation is fraught and in need of immediate legislative guardrails. Given the Equifax and Experian breaches and how many people suffer because of false reporting on their credit scores how is the public to have faith in such technologies? We do not want technology to make it easier to expose consumers falsely and unfortunately recent history has proven even large enterprises cannot be trusted to guard against such abuse.”
Ted Miracco, CEO of Approov Mobile Security follows up with this:
“After reading about Bing going rogue, I can’t help but wonder what kind of joyride a fully autonomous vehicle would take if it went rogue. Would it just endlessly circle around the city, enjoying the freedom of the open road without a driver? Or would it become a rebel and join forces with other autonomous vehicles to form a robot revolution? One thing’s for sure, if the cars do start repossessing themselves, the poor repo man might just have to find a new line of work along with the displaced tech writers whose cars he was hoping to repossess!”
I really hope that Ford is only doing this to grab headlines. Because if they actually go ahead with this, I can easily see how they would live to regret it.
Nuspire, a leading managed security services provider (MSSP), today announced it has been recognized as a leader in both growth and innovation in Frost & Sullivan’s Frost RadarTM: Americas Managed and Professional Security Services, 2023. The report identifies companies that show significant growth potential, innovation and customer value within the MSS and PSS market.
When it comes to innovation, Frost & Sullivan heralds Nuspire’s breadth of managed security services, including MDR, EDR, vulnerability management and managed gateway through two 24x7x365 SOCs. The report also highlights Nuspire’s consulting business, which offers incident readiness, virtual CISO, threat modeling, and security posture assessments among other services.
Frost & Sullivan highlights Nuspire’s myNuspire platform. myNuspire integrates Nuspire’s security services into one portal view, with dashboards and actionable insights that provide clear recommendations on what Nuspire clients can do to augment their cyber risk mitigation.
From a growth perspective, the report cites Nuspire’s solid yearly growth, and that its strategy – including myNuspire and expanded partner program – continues to unlock growth opportunities in an increasingly competitive market.
To access a free copy of Frost Radar: Americas Managed and Professional Security Services, 2023, visit their website.
Napoleon, a leader in home comfort, is prioritizing home functionality and accessibility, with the release of the all-new Stylus Cara Elite electric fireplace. Innovative and design-forward, the Stylus Cara Elite brings more than ambiance and comfortable temperatures to a room —it is built with Smart Technology, enabling voice control through Google Home and Alexa devices and controls that are fully customizable through the newly introduced Napoleon Home mobile application.
The Stylus Cara Elite, which will arrive in stores March 14,is a cutting-edge electric fireplace that goes beyond the basic functions. Installation is simple and inexpensive, and the wall mount design will complement any living space in the home. The heat level, flame colour and ember bed colour are fully customizable, to match any room’s style and create instant ambience. Plus, the fireplace has a display that communicates the time and date, along with the indoor and outdoor weather conditions. The display automatically updates the information of local conditions through a Wi-Fi connection.
When paired with the new Napoleon Home mobile app, the Stylus Cara Elite revolutionizes convenience and control. It allows consumers to manage the features of the fireplace — and other compatible Napoleon products, such as the Napoleon EQHub Thermostat — from anywhere, at any time, all within one simple and user-friendly smartphone application. The Napoleon Home app is designed to embrace diversity within Napoleon products, and allows for personalized options to match the consumers’ individual style, desired atmosphere and comfort.
Posted in Commentary with tags Hacked on March 4, 2023 by itnerd
In a Tweet last night, security researcher Dominic Alvieri posted a copy of the Play ransomware gang’s dark web posting threatening to publish the City Of Oakland’s data of 3/4/23, which is today. The posting was listed as of March 1st. So they got just three days’ notice to pay the ransom.
The crippling cyber attack against the City of Oakland, California has been claimed by Play Ransomware
The city of Oakland first experienced the ransom attack in on Feb 14th and according to their latest status report on February 28th, city services remain primarily unchanged.
The gang claims to have stolen documents contain private data including financial and government papers, identity documents, passports, employee data and information regarding human rights violations. They’re attempting to use this data to get the administration to meet their demands and pay the ransom.
Ted Miracco, CEO of Approov Mobile Security had this to say:
The recent ransomware attack on the city of Oakland is a concerning issue, and we expect to see more attacks like this on Government offices, as they are quite vulnerable. The potential implications of giving in to these demands could encourage more cyberattacks on other cities and organizations, as hackers may see it as a profitable way to extort money. The fact that the gang claims to have access to sensitive information such as financial and government papers, identity documents, passports, and employee data is alarming. However, the city of Oakland and other organizations must prioritize the security of their computer systems and data to prevent future attacks. Hopefully, the authorities can track down and bring the hackers to justice while also ensuring the safety of the stolen data.
David Mitchell, Chief Technical Officer of HYAS followed up with this comment:
“This ransomware group likes to start by using remote code execution (RCE) attacks on Exchange servers to gain access and then deploy their ransomware. If that was the case with Oakland, not only do they need a protective DNS solution to prevent the outbound communications from the malware but they may have failed to update vulnerable software on internet facing systems, making this even easier than using email as the initial infection vector. If this was an RCE on Exchange, a protective DNS solution would have quickly identified and blocked the malicious DNS transactions and contained the problem to the initial infection vector.”
Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:
“The ransom attack on the City of Oakland not only disrupted city services, but as is always the case in such events, the attackers have obtained private data, including financial and government papers, identity documents, passports, employee data, and information regarding human rights violations. Data breaches and identity theft resulting from such attacks cause significant harm to individuals and organizations alike. In this case, the attackers are using the stolen data as leverage to demand a ransom payment from the city, which could result in further financial loss and reputational damage.
“In addition to the city services being out for a week prior to IT restoring access, the potential long-term impact of the attack on the city’s infrastructure and security cannot be ignored. For some companies, a week of downtime would be significant loss of revenue or worse yet, imagine if that was a hospital that was down for 6 days!
“This incident underscores the importance of implementing robust cybersecurity defenses, including response and containment measures to safeguard against such attacks, as there is no end in sight to these sorts of attacks.”
I for one will be interested to see if this gang gets anything out of this, and if they follow through with their threat to release the data. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages ransomware gangs to target more victims and offers an incentive for others to get involved in this type of illegal activity. So this will be interesting to watch.
UPDATE: Darren Williams, CEO and Founder, BlackFog added this comment:
“As cyber adversaries continue to focus on making the biggest impact by affecting the most people, it’s unsurprising that the public sector and government remains a compelling target. In 2022 for example, our State of Ransomware report observed a 17% increase in reported governmental cyber-attacks.
City councils and governments need to re-prioritize their cybersecurity as clearly, this isn’t an issue that will just go away. The effect of the attack on the City of Oakland last month appears to only now be setting in, as the stolen personal data of city workers have begun to be leaked by the attackers.
Moreover, hackers often favor weekends and holidays to launch attacks, when the majority of employees are out of office, so newer technologies that focus on automated prevention 24/7 must be added to the security stack.”
While I deal with a lot of business related IT problems, I am increasingly dealing with the aftermath of scams that target seniors. This is one example of the bad things can happen when it comes to these scams. And here’s another example where a scammer almost cost a couple $13000 CDN. Thus as of late, I have focused on exposing scams and educating you on how they work so that you don’t become a victim. Because to be completely honest, it angers me that scammers would target seniors and try to steal their money. In fact, six billion dollars a year in the US is lost to scams. And a person is a victim of identity theft every six seconds in the US. Thus I want to do my part to make life as miserable as possible for these low life losers who run these scams by exposing what they do and how not to be a victim.
So why do scammers target seniors? It’s very simple. Seniors by and large who fall victim to these scams are trusting people who don’t ever expect to be the targets of scams. They are more likely to be polite and willing to obey a person pretending to be in authority. Which makes them the perfect targets for scammers. And what doesn’t help is that if they do fall victim to a scam, they are often so ashamed that they don’t report the scam to anyone. Not family, or friends, and not the police. That allows the scammers to run free and scam more people.
I want to address the shame part first. If a senior gets scammed, you have to reinforce that they should absolutely not feel ashamed in any way. Anyone can fall victim to a scam. For example, YouTube star Jim Browning who goes after scammers got scammed into briefly deleting his YouTube channel. So if a person who deals in stopping scammers can get scammed, anyone can get scammed. As an aside, I’ll have advice as to what you can do if you get scammed at the end of this story.
Let’s look into how to stop seniors from being scammed. In my mind, it starts with education about the scams that are out there. And illustrating some common traits of scams that I have come across so that you’re able to spot scams, and avoid them as a result.
I’ll start with phone scams. Here’s some facts about phone scams:
Fact: A legitimate company such as Microsoft, Apple, Amazon, Visa or Google would never call you on the phone saying things like “your computer is infected with viruses” or “you ordered items from Amazon and it looks like fraud”. If you get a call from any company saying things like that, hang up.
FACT: No company (again, Amazon, Google, Microsoft, Apple to name a few) would call you and require remote access to your computer for any reason. If you get a call from someone asking if they can connect to your computer, hang up.
Fact: Companies don’t use call out technology that has robotic sounding voices that don’t reference you directly by name or by some other means of identification. If you get a call from any company using this sort of technology that fits that description, hang up.
Fact: Companies don’t ask to be paid in gift cards. If you get a call asking you to buy gift cards, hang up. You can copy and paste that for crypto currency as well.
Fact: The police don’t call you saying that you’re going to get arrested. If the police wanted to arrest you, they’d just arrest you. So if you get anyone saying that if you don’t co-operate with them, you will be arrested, hang up.
Pro Tip: Scammers will often use a sense of urgency to get you to do what they want. If someone is threatening to get you arrested or some other bad thing is going to happen to you, or is just trying to force you to do something if you do not comply, hang up as this is a scam.
It looks convincing. But it is pretty easy to see that this is a scam. For example, emails like this never mention the recipient’s name or any other information. That’s because they’re mass mailed out to random email addresses in the hope that someone will take the bait and call the number (which is no longer working by the way) that is in the email. The English in this email is on the suspect side as well, as that’s a hallmark of scams which almost exclusively are based in India and run by people who’s native language is not English.
Sidebar: The main reason why India is the hotbed for scams of all sorts is that the government and police aren’t interested in cracking down on this sort of crime. Thus scammers can operate without fear of getting arrested. And even if they do by some miracle get arrested, it is unlikely that they will face any serious punishment as stopping scams that prey on people outside of India isn’t a priority for the Indian government. That truly reflects poorly on the Indian government and police forces in India as they are basically aiding and abetting crime by not doing anything to stop scams like these.
Another way to tell if an email is a scam email is to check the email address to see where it is coming from. Here’s an example from another scam that I wrote about:
CIBC is one of the five biggest banks in Canada, but this email isn’t using an email address that ends in something like “CIBC.com”. Instead they’re using mail.com which is a free email provider with some paid features. That’s a sure sign that you should delete the email in question if it hits your inbox as it is a scam.
Pro Tip: Don’t click on anything in the email. That’s a great way to get hit with a virus.
Text message scams have become increasingly common in the last year or two. Take this one that purports to be from the Canada Revenue agency. It’s very well constructed and I can see how people would fall for it and become the victim of identity theft and theft of your online banking credentials in this case. Another popular scam is the extortion phishing scam. What is extortion phishing? It’s when the victim receives an email suggesting they have compromised in some way (usually it involves porn) and the scumbags behind the scam demand money, usually in Bitcoin which is untraceable to keep this from becoming public. Here’s an example of this scam. The fact is that your info was likely involved in a data breach of some sort, and was bought by someone who is mass emailing this out to thousands of people hoping that 1% will take the bait. Because even a 1% success rate for a scammer is tens of thousands of dollars in his pocket. The story that I linked to will have a lot of information as to how the scam works and how to avoid it.
Pro Tip: Don’t click on any links in text messages or emails that you get as that could infect you with a virus.
Finally, there’s the pop up scam. Where you’re just browsing for something using a web browser and a pop up appears claiming that you’re infected with a virus, or you’re doing something illegal, and that you need to call a phone number to resolve the issue.
Fact: Scammers use these pop-up scams to make money. They prey on concerned users who want to ensure their computer is secure, extorting money from them to fix problems and resolve threats that do not exist. Or to get into your computer to collect information to steal your identity.
Fact: While your internet security provider may offer technical support over the phone, they will not demand that you call them. Especially not via a random pop-up.
Fact: Your anti-virus or internet security software does not require you to call anyone in order to work. Threats are normally resolved within the software itself.
So in short, If a pop-up is demanding that you call a number in order to resolve a security threat or fix a technical issue, it is likely to be a pop-up scam. I detailed one of these scams here and I list a lot of advice in terms of how not to be a victim of this sort of scam.
Pro Tip: Don’t click on any links in any pop up messages that you get as that could infect you with a virus.
But what happens if you do get scammed? You need to report it to your local police who can then give you additional directions. Beyond that, the U.S. Federal Trade Commission has a website for scam reporting, while the Canadian Anti-Fraud Center is the place to go if you’re in Canada. Other counties have similar organizations for reporting scams. If your computer was involved in the scam, as in the scammers connected to it remotely, you should turn it off and seek professional help in terms of having someone look at it and fix (in the best case) whatever the scammers did to it or back up and reinstall everything if required.
In closing, these scams are constantly evolving and new ones are appearing every day. Which is why you need to be on your toes every time an email hits your inbox or you get a phone call. And that’s doubly important for seniors. Which is why you should take this story and share it with your parents, grandparents, and seniors in your life. And spend some time reinforcing this message so that they have the skills to avoid getting scammed. Because the more that this education gets out there, the less effective that these scams will be, and the more likely that the low life losers behind these scams will have to find something more honourable to do with their time.
Posted in Commentary with tags ESET on March 3, 2023 by itnerd
ESET researchers have just analyzed MQsTTang, a new custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. ESET Research has seen unknown entities in Bulgaria and Australia in their telemetry as targets. ESET also has information indicating that Mustang Panda is targeting a governmental institution in Taiwan. Due to the nature of the decoy filenames used, ESET researchers believe that political and governmental organizations in Europe and Asia are also being targeted. The Mustang Panda campaign is still ongoing as of this writing, and the group has increased its activity in Europe since Russia’s invasion of Ukraine.
Based on their telemetry, ESET Research can confirm that unknown entities in Bulgaria and Australia are being targeted. In addition, a governmental institution in Taiwan appears to be a target. The victimology is unclear, but the decoy filenames make ESET believe that political and governmental organizations in Europe and Asia are also being targeted. This would also be in line with the targeting of the group’s latest campaigns.
MQsTTang is a barebones backdoor that allows the attacker to execute arbitrary commands on a victim’s machine and capture the output. The malware uses the MQTT protocol for Command and Control communication. MQTT is typically used for communication between IoT devices and controllers, and the protocol hasn’t been used in many publicly documented malware families.
MQsTTang is distributed in RAR archives that only contain a single executable. These executables usually have filenames related to diplomacy and passports.
For more technical information about MQsTTang, check out the blog post “MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT” on WeLiveSecurity.
Posted in Commentary with tags TikTok on March 2, 2023 by itnerd
First TikTok was banned on Canadian government devices by the Canadian government. Now TikTok has been banned on the devices of four provinces in Canada. Those provinces are:
Saskatchewan
Nova Scotia
PEI
Newfoundland and Labrador
It should be noted that Alberta and Quebec have a TikTok ban in place. And I think it’s safe to say that other provinces and territories in Canada will be announcing similar bans. This is going increase the pressure on ByteDance who is facing similar bans in other places. Not to mention that the Canadian Privacy Commissioner is investigating TikTok. One has to wonder at what point do TikTok, or their Chinese Communist Party masters respond to this growing wave of bans on TikTok in Canada.
BlackFog has released the February 2023 State of Ransomware Report. BlackFog issues a monthly recap of the latest stats in ransomware attacks including prevalent threat actors, tactics, volume of attacks in varying countries and vertical sectors, rate of disclosed and undisclosed attacks compared to other months, and more. Please feel free to use this data in any articles, reports or research on ransomware attacks.
Darren Williams, CEO and Founder, BlackFog, has provided perspectives on the state of ransomware for February 2023:
“For the second month of 2023, we have seen new records broken, with February seeing a new high of 40 victims, a 43% increase from 2022. This month we continue to collect unreported data, and this month we see 543% of attacks remain unreported, a 65% increase over January.
Sector-wise we saw education continue to dominate with 17 victims, and healthcare and government closely behind with 15 each. Government attacks saw the biggest increase in February, with a 150% increase since January, while Healthcare and Education saw 88% and 70% increases respectively.
Data exfiltration continues as the main weapon of choice for ransomware and is used in 88% of all attacks. This month we also saw an increased number of attacks originating from China, which now represents 38% of all attacks, up from 36% in January. Russia remains stable at 9%.
Finally, in terms of variants, as we predicted in January we saw a dramatic increase in attacks from LockBit, as victims from previous months begin to disclose attacks. We expect this pattern to continue as unreported attacks continue to be dominated by LockBit, which is at 48%, while disclosed is at 24.3%. BlackCat also increased to 24.3%, although the growth in unreported remains significantly lower.”
I’d spend some time reading this report as it provides a lot of insight as to what threats you really need to worry about.
Posted in Commentary with tags Avanan on March 2, 2023 by itnerd
Avanan, A Check Point Software Company, has published a new report on tracking the rise and continuous evolution of Business Email Compromise (BEC) attacks as researchers observe different variants.
According to Jeremy Fuchs, Cybersecurity Researcher/Analyst at Avanan, there’s BEC 1.0, where hackers pose as your boss and ask you to get a gift card; BEC 2.0, leveraging compromised accounts at the organization to unleash attacks within legit emails; and BEC 3.0, a third tier researchers are seeing develop.
Conversation Hijacking: In this attack brief, the hacker takes over an account and inserts themselves into a legitimate conversation, posing as the employee of which the account has been compromised (i.e., someone took over my account and started replying as me – the end-user would have no way of knowing.)
The strategy – shaped by major hacking incidents that threatened key public services in the first year of the Biden administration – embraces the US government’s regulatory and purchasing power to force companies that are critical to economic and national security to raise their cyber defenses.
It reflects a widely held belief in the US government that market forces have failed to keep the nation safe from cybercriminals and an array of foreign governments such as Russia and China.
“We ask individuals, small businesses and local government to shoulder a significant burden for defending us all. This isn’t just unfair, it’s ineffective,” Acting National Cyber Director Kemba Walden told reporters Wednesday. “This strategy asks more of industry, but also commits more from the government.”
The strategy is a policy document and not law, but it could shape corporate behavior for years to come as firms compete for billions of dollars in federal contracts that increasingly require a minimum set of cybersecurity defenses. And the White House says it wants to work with Congress to develop legislation that holds software makers liable when their products and services don’t provide adequate protections from sabotage.
Edgard Capdevielle, CEO of ICS/OT Cybersecurity Vendor of Nozomi Networks had this to say:
“The National Cyber Strategy’s non-voluntary requirements for critical infrastructure to increase cybersecurity posture will be met with varying responses from CEOs and Boards alike. While the impetus for a better cyber posture to defend against potential nation-state adversaries is wise and necessary, the ability for these entities to identify the budget and personnel to manage these pieces is going to be difficult. As it is for most companies in this macroeconomic climate. We look forward to working with our U.S. critical infrastructure partners, just as we have with their international counterparts, to meet changing regulatory guidelines with the best defenses and visibility possible.”
The nearly 40-page document provides a roadmap for new laws and regulations over the next few years aimed at helping the United States prepare for and fight emerging cyber threats. Hopefully this is effective at stopping the sort of large scale attacks that we’ve seen over the last few years.
UPDATE: Craig Burland, CISO of Inversion6 had this to say:
This strategy continues a trend of a more activist federal government pushing cybersecurity forward. Within the last 12 months or so, you can see increased announcements and initiatives from CISA, as an example, that foreshadowed something broader. The pillars build on existing ideas and cyber principles – defend critical infrastructure, support the nation’s collective defense, and embrace secure by design. That last item has been discussed in solution development forums for years, but hasn’t become a norm for producers.
The real test will come in the pronouncements that follow. A strategy by itself won’t compel companies to change how they invest. This strategy is a shot across the bow that signals tougher standards are coming. How those manifest themselves will be fascinating to watch. Will the administration try to enact laws with associated fines? Will they pressure industry groups to do self-improvement? Can they become a catalyst for real change and help get cybersecurity past the tipping point where best practices are the only accepted practices? Hopefully, one way or another, they can spur real change and make all of our lives safer.
Ford Patents System for Self-Repossessing Vehicles…. Which Is Not A Good Idea From My Perspective
Posted in Commentary with tags Ford on March 4, 2023 by itnerdAs reported by Car and Driver & others, the Ford Motor Company has filed a patent with the USPTO for systems and methods that aid in vehicle repossession.
What could possibly go wrong?
Ford first filed for the patent in 2021 but it was formally published just last week. The idea is to allow the automaker to ease the process of repossession. The patent describes how fully autonomous self driving vehicles could repossess themselves, returning the car directly to the lender or in the case of a car that has too little value, it could drive itself directly to the junkyard! Other methods suggested in the patent involve limiting vehicle functions such as A/C, power windows, power seats, etc., or locking owners out of the vehicles.
Malicious or not, anyone gaining access to these systems of control could do anything from sending the cars on joyrides, to theft, to ransomware demands
It’s a bad novel just waiting to be written.
Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:
“This situation is fraught and in need of immediate legislative guardrails. Given the Equifax and Experian breaches and how many people suffer because of false reporting on their credit scores how is the public to have faith in such technologies? We do not want technology to make it easier to expose consumers falsely and unfortunately recent history has proven even large enterprises cannot be trusted to guard against such abuse.”
Ted Miracco, CEO of Approov Mobile Security follows up with this:
“After reading about Bing going rogue, I can’t help but wonder what kind of joyride a fully autonomous vehicle would take if it went rogue. Would it just endlessly circle around the city, enjoying the freedom of the open road without a driver? Or would it become a rebel and join forces with other autonomous vehicles to form a robot revolution? One thing’s for sure, if the cars do start repossessing themselves, the poor repo man might just have to find a new line of work along with the displaced tech writers whose cars he was hoping to repossess!”
I really hope that Ford is only doing this to grab headlines. Because if they actually go ahead with this, I can easily see how they would live to regret it.
Leave a comment »