How Do You Minimize The Impact Of A Ransomware Attack? PhishLabs Can Help You With That

Posted in Commentary with tags on June 28, 2022 by itnerd

Ransomware operators are strategically targeting enterprises, disabling critical systems, and publishing stolen data. The average ransom demand has increased 144% and the pressure to pay is evident with payments met more than half the time. Industries of all types are being targeted, with critical services and infrastructure no longer immune to attack.

This leads to the question of how you can protect yourself from a ransomware attack? Or if you are the unfortunate victim of one, how do you minimize the impact?

Eric George, Director, Solution Engineering at PhishLabs by HelpSystems says:

“Businesses that fall prey to ransomware often feel helpless determining a solution post incident because the threat itself is in a constant state of evolution. Determining what action your organization should take in the wake of an attack is more than a binary decision and must be approached in a comprehensive manner that adds layers of depth to existing security measures.

Ultimately, enterprises experience the most pain when they are faced with compromise and lack options or a clear path of action. If unprepared, enterprises can find themselves in a situation in which the only viable option is to pay the ransom and hope the threat actor honors the agreement. Multiple ransomware actors and complex campaigns make this choice problematic however, as compromised data is likely to be leaked or sold regardless of whether the ransom is paid.”

This is why PhishLabs has a security playbook that can help an organization.:

  1. Identify and mitigate attacks before they occur
  2. Maintain broad visibility into data leaks and threat actor activity
  3. Prepare a plan of action in the event data is further compromised

You can find the playbook here. I had a look at it last night and I believe that this will be really helpful to organizations of all sizes as threat actors are targeting everyone these days.

Leave a comment »

BenQ Announces InstaShow WDC30  

Posted in Commentary with tags on June 28, 2022 by itnerd

BenQ has announced its new ultra-secure InstaShow WDC30. Featuring three layers of wireless protection — Wi-Fi 6 encryption, ISO EAL6+, and FIPS 140-3 — the InstaShow WDC30 is engineered and certified to meet the stringent security requirements of U.S. government agencies, financial institutions, healthcare organizations, and other high-risk enterprises. Users can instantly connect the germ-resistant WDC30 button to their laptop and tap to present sensitive data with stunning, smooth 4K@60fps video output to up to two displays without network logins or software downloads, which can pose network security threats.

Focused on Security
Meetings are a vital part of ensuring the smooth operation of banks and government agencies. However, these meetings can contain highly sensitive and confidential data and intellectual property that can be leaked or accessed when shared via an app-, network-, or USB-based wireless presentation systems (WPS). Likewise, these types of systems can expose the connected device and the network. Unlike any other WPS, BenQ’s InstaShow WDC30 protects data, devices, and the network with robust security certification. Its network-free, secure, button-based design prevents vulnerabilities caused by network exposure, reliance on apps or software, or malicious USB inputs. 

Opening up the option for financial institutions and government agencies to wirelessly present without an expensive HDMI matrix system, sharing cables, and network patches, the WDC30 triple protects the wireless transmission of data from cyberattacks in three key ways: 

  • WPA3™ -Encrypted Wi-Fi 6 Technology: Wi-Fi 6 technology not only ensures a fast, stable connection but also the highest grade of encryption available. WPA3’s cutting-edge security protocols enable more robust authentication, deliver increased cryptographic strength for highly sensitive data markets, and maintain the resiliency of mission-critical networks. 
  • ISO EAL6 Tested and Certified Design: The Evaluation Assurance Level (EAL) in Common Criteria ranges from EAL1 to EAL7, and EAL6+ is defined as a level that offers extremely high security assurance for protecting high-value assets against severe security risks. The certification, done by a third-body security party, took BenQ two years to achieve. Only EAL7 military-grade certification is higher.
  • FIPS 140-3-Certified Crypto Module: Federal Information Processing Standards (FIPS) certification is required by the U.S. government and other regulated industries (e.g., financial and healthcare) that collect, store, transfer, share, and disseminate sensitive data. Compliant with 140, Level 3, the WDC30 has enhanced physical security, which includes BenQ’s InstaShow chip that has no ability to communicate with or send data to devices or networks. 

More Flexible, Simpler Meetings
In addition to its evolutionary security infrastructure, the InstaShow WDC30 supports wireless presentations in any shared space, providing instant connection in frequently challenged environments and allowing devices to connect up to 90 feet away. It works with any type of presentation device and any operating system, with the split-screen function supporting up to four inputs from multiple devices simultaneously and fast switching between presenters. With quick, one-tap presentation technology, presenters don’t have to hassle with logins or software downloads, allowing meetings to start right on time. It can present any content, including crisp text and smooth video at up to 60 fps at 4K resolution, to up to two displays. Plus, each secure button features BenQ’s silver ion coating to help prevent the spread of germs between users. 

More information on the full line of BenQ WPS is available at www.benq.com/en-us/business/index.html

Leave a comment »

Guest Post: The Most dangerous and safest US travel destinations by cybercrime in 2022 According To Atlas VPN

Posted in Commentary with tags on June 28, 2022 by itnerd

The summertime is synonymous with the travel season. Before departing for their destination, tourists frequently assess a variety of health and physical safety precautions; however, only a few consider their online safety.

In 2021, around 500,000 Americans were victims of cybercrime and lost an excess of $6 billion, but how does that look on a state-by-state basis? 

The Atlas VPN research team has created a list of the most dangerous and secure US travel destinations in terms of cybercrime. 

The safety of each US state was ranked according to its cybercrime index. 

To calculate the cybercrime index, Atlas VPN first worked out each state’s victim count per 100,000 population. For the second measure, Atlas VPN calculated each victim’s average losses.

To determine the final ranking, each measure was normalized on a 0-1 scale, with 1 corresponding to the measure that would most negatively impact the final score. These measurements were then summed up and converted to a score scale of 100.

The initial cybercrime victim and cybercrime loss numbers for each state were based on Federal Bureau of Investigation 2021 statistics. Atlas VPN also included each state’s ranking according to its popularity as a travel destination.

The calculations reveal that North Dakota and Nevada are by far the most dangerous states in terms of online safety. Both states have unique cybercrime profiles and a cybercrime index of over 57.

North Dakota is distinctive because even though there were only 87 victims per 100k population, the losses per victim stood at $31,711, which is the highest in all of America. 

While victims in Nevada lost an average of $4,728 per scam, it was also the state with the highest number of victims per 100k population. The Battle Born State is also the third most common travel destination in the US. 

The Golden State is also at the top of the list, with 169 victims per 100k citizens and losses at $18,302. Unsurprisingly, California ranks as the most popular travel destination. 

New York is the 5th most visited state and, at the same time, 4th in terms of cybercrime severity. New Yorkers lost around $19,266 for each internet fraud case, with 151 individuals out of 100,000 encountering this misfortune.

The District of Columbia also makes the top 5 list, mainly due to the high number of victims per 100k population. 

To see the comprehensive research, which includes an analysis of all US States, please head over to:
https://www.atlasvpn.com/travel-destinations-by-cybercrime

Leave a comment »

Black Basta Ransomware Group Going After New Targets: Report

Posted in Commentary with tags on June 27, 2022 by itnerd

Security researchers with Cybereason have warned that the Black Basta ransomware-as-a-service group has been observed targeting manufacturing, construction, pharmaceuticals and other industries, in the latest update of the new threat group. Additionally, the ransomware syndicate has developed a Linux variant, designed to attack VMware ESXI virtual machines running on enterprise servers.

Chris Olson, CEO, The Media Trust had this to say:

“Today, data breaches aren’t just about stealing sensitive data for financial gain: they are also a danger to public safety. On average, cyber defenders have less than an hour to stop a ransomware event in progress. In addition to virtualization and cloud computing software, web and mobile apps are increasingly targeted by cyber actors using sophisticated techniques such as obfuscated and polymorphic code to dodge blockers or URL filters. Businesses must pivot to prevention over treatment, monitoring IT and digital infrastructure in real time while working to harden entry points.”

I’ve written about the fact that you have less than an hour to stop a ransomware attack here. That alone makes defending against these attacks a must. I would read the warning and my previous story so that you can harden your enterprise accordingly.

UPDATE: I have additional commentary from Jake Williams who is the Executive Director of Cyber Threat Intelligence for SCYTHE:

The Black Basta threat group is a capable player in ransomware operations. Their capability to encrypt ESXi servers underscores the necessity of security access to hypervisor systems. While Black Basts isn’t the first to develop capabilities against ESXi (LockBit, Hive, and Cheerscrypt already have demonstrated ESXi capabilities), this shows the relative sophistication of the teams working under Black Basta performing the ransomware operations. 

Use of commodity malware like Qakbot demonstrates that there is no such thing as a “commodity” malware infection. Organizations must treat every malware detection as an opportunity for a threat actor to deploy ransomware. Black Basta highlights just how damaging the outcome can be if commodity malware infections are ignored simply because they were “mitigated” by endpoint protection platforms. Other threat actor malware can be – and often is – in the network.

And I have additional commentary from Robert Shaughnessy, VP, Federal for GRIMM:

“Ransomware-as-a-service (RaaS), including groups like “Black Basta,” is a fast-growing business, with comparisons being made to traditional Software-as-a-Service (SaaS) offerings. It may be more accurate to think of groups like Black Basta as loosely affiliated criminal gangs forming from the leftovers of larger organized criminal organizations. Conti, for example, has been broken up as if a lockpick, alarm specialist, appraiser, and accountant who met in prison decided to rob houses together. Enterprises are the houses, and their data are the jewels. Like home invaders, the Black Basta syndicate is looking for enterprises with a combination of valuable data and vulnerable defenses. With Black Basta, the current thinking is it was formed from former members of Conti and REvil, the leading Ransomware gangs from 2021, and leveraging partnerships including with the QBot malware. As reported recently by Nathan Eddy, writing for DARKReading (https://www.darkreading.com/threat-intelligence/black-basta-ransomware-esxi-servers-active-campaign), one interesting feature of Black Basta is a trend toward encrypting Virtual Machines (VMs) via the VM ESXi hypervisor. Leveraging larger servers, typically acting as ESXi hypervisor host machines, provides Black Basta with access to much more powerful processing and memory pools than a single workstation would typically have, resulting in faster encryption times and reducing the overall Time to Ransom. This makes it substantially harder for defenders to detect, isolate, and remediate attacks. Even though emerging ransomware gangs are beginning to use novel Tools, Techniques, and Procedures (TTPs), including VM hypervisor attacks, they are not invincible. As with most ransomware campaigns, a good defense against Black Basta starts with basic cyber hygiene: conduct regular in-depth threat assessments, ensure complete enterprise visibility, keep all systems properly patched, employ a zero-trust model across the enterprise, and closely monitor systems for the earliest signs of atypical utilization and access rights modifications.”

Leave a comment »

Lithuania Hit By Cyber Attack From A Russian Linked Threat Actor

Posted in Commentary with tags on June 27, 2022 by itnerd

Reuters is reporting that Lithuania has been hit by a cyber attack. Specifically that Lithuanian state and a some private institutions were hit by a denial-of-service cyber attack on Monday the National Cyber Security Centre said in a statement released by the defence ministry. Considering that the country is in a “feud” with Russia over scansions related to Russia’s invasion of Ukraine, it’s likely not a shock that this happened. Nor is it a shock that a Russian linked hacker group has claimed responsibility for the attack.

Chris Clymer who is a Director & CISO at Inversion6 had this comment:

Every significant military power in the world has developed cyber capabilities. These have evolved from espionage tools into full fledged weapons to be used as part of a coordinated military response. Targeting another country with these arguably constitutes an act of war, but one less severe than kinetic attacks with missiles and tanks.  Russia has a collection of theoretically autonomous groups like Killnet which give it the ability to strike at its enemies while still denying responsibility – not a new tactic.  This year alone, Killnet has reportedly targeted Romania, Moldova, Czech Republic, and Italy with Lithuania now added to the list. This harassment will continue, and what’s more interesting is that it doesn’t seem to have targeted the US and major European powers as strongly as first expected. With what we know of internet infrastructure, it’s hard to believe this is because those targets are stronger. Perhaps the Russians are trying to stay focused on targets it feels it can afford to antagonize.

Clearly we live in an era where the battlefield includes cyberspace. Thus it makes anyone and everyone a target. Thus now is a really, really good time for everyone to review their cyber defences so that they aren’t the next target.

Leave a comment »

Waze Welcomes Tour de France To Its Global Event Partner Program

Posted in Commentary with tags on June 27, 2022 by itnerd

Waze, the world’s largest community-based traffic and navigation app, today announced a three-year sponsorship and partnership with the Tour de France and the Tour de France Femmes avec Zwift, as the prestigious cycling race returns for its 109th year. The Tour is the latest event to join more than 300 event producers around the world as a Waze Global Event Partner, harnessing the power of Waze to make travelling to and from the race as seamless as possible for fans, while minimizing the impact of traffic for all travellers on the road.

In a first-of-its kind collaboration, Waze is the Tour’s Official Traffic Manager, providing its tools, data and insights to drivers, athletes, fans and more. Ahead of the start line, Waze’s community of volunteer map editors will update the maps with 4,000KM of road closures, the start and finish points, temporary car parks and live traffic speeds, ensuring drivers can navigate event traffic.

Waze will also become an official event sponsor, supporting logistics and branding four safety vehicles and a guest car in the Tour’s famous ‘caravan’: a procession of vehicles that precedes the riders onto the track at each stage, from Copenhagen to Paris and from Paris to the Super Planche des Belles Filles.

Established as a two-way data share, Waze provides partners with real-time, anonymous, Waze-generated incident and slow-down information directly from the source: drivers themselves. The Waze Global Event Partner Program allows partners to utilize Waze tools, data and insights to help alleviate event-day parking and traffic challenges, leading to happier fans.

Download Waze to complete your Tour de France experience: https://www.waze.com/apps. Find out more about the Waze Global Event Partner program: https://www.waze.com/wazeforcities.

Leave a comment »

Cafe Press Fined $500K For Data Breach

Posted in Commentary with tags on June 27, 2022 by itnerd

This is the sort of story that I like writing about as it illustrates that companies who don’t seriously protect their customer’s data will be held to account. In this case Cafe Press who I’ve written about before has been fined $500,000 for a data breach that affected 23 million customers. You can read about it here, but I’ll hit the highlights for you:

  • Residual Pumpkin and PlanetArt who now own Cafe Press have to implement multi-factor authentication
  • They have to minimize the amount of collected and retained data
  • They have to encrypt all stored Social Security numbers.
  • PlanetArt is being ordered to alert buyers and sellers whose personal info was accessed or stolen during the security breaches and provide them with information on how they can protect themselves

All of this centers around a February 2019 breach of CafePress’ servers where unknown attackers gained access to, stole, and later put up for sale on the dark web personal information belonging to 23,205,290 CafePress users. Then CafePress tried to cover this up until it was reported by Bleeping Computer. And to top it all off, the company knew they had issues but didn’t do anything about it. And they also didn’t investigate any of the attacks. Which makes it pretty clear that dealing with Cafe Press is a bad idea. Though this fine may have them rethink how they handle customer data going forward.

Leave a comment »

Another Reason Not To Buy The M2 13″ MacBook Pro… The SSD Is SLOW

Posted in Commentary with tags on June 26, 2022 by itnerd

Frequent readers of this blog know that I wrote a story about why nobody should buy the 13″ M2 MacBook Pro. Besides everything that I mentioned in that article, there’s a brand new reason that people who have gotten their hands on this computer from Apple have found.

The SSD’s are slower than the ones in the M1 13″ MacBook Pro.

YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic’s Disk Speed Test and found the SSD’s are about 30% slower than the M1 versions. This is due 256GB model is equipped with only a single NAND flash storage chip. The M1 version had two NAND chips that were likely 128GB each. This creates a RAID like setup that resulted in better performance. The only reason why I can think that Apple did this to save a few bucks so that they can have higher margins on the computer. And what makes that worse is that Apple raised the price this time around. What’s even more interesting is that reviewers who got the new computer early didn’t note this. But they were apparently supplied with 1TB models. That implies that either they have a pair of 512GB NAND chips or any speed differences were glossed over because Apple doesn’t hand over computers for review to just anyone. They only hand over computers to reviewers that are friendly to Apple.

The bottom line is this, the 13″ MacBook Pro was a bad deal before. It’s a worse deal after this revelation. My advice is to avoid this model altogether. And in a bonus piece of advice, I would also suggest waiting for the first reviews by Max Tech and Created Tech of the M2 MacBook Air to see if Apple pulled the same stunt. Because it wouldn’t surprise me if they did. Which means that you need to be aware of that if you plan on putting down your hard earned money on one.

1 Comment »

Google Says Italian Spyware Vendor Worked With ISPs To Infect iOS And Android Users With Spyware…. WTF??

Posted in Commentary with tags , on June 25, 2022 by itnerd

I truly hope that someone within the European Union is aware of this, because this is just a mind blowing story. Google’s Threat Analysis Group (TAG) revealed that RCS Labs which an Italian spyware vendor similar to notorious Israeli spyware vendor The NSO Group , has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools:

All campaigns TAG observed originated with a unique link sent to the target. Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.

Google has notified Android victims that their devices were hacked and infected with spyware, dubbed Hermit by security researchers at Lookout in a detailed analysis of this implant published last week.

According to Lookout, Hermit is “modular surveillanceware” that “can record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.”

Google has also disabled the Firebase projects used by the threat actors to set up a command-and-control infrastructure for this campaign.

What’s even more scary is this: While a lot of attention has been placed on the activities of The NSO Group, spyware as a business is clearly thriving. This needs to change and these companies need to face some sort of consequences for their actions as this can’t be seen as acceptable in a civilized world. And the ISPs who helped this company carry this attack out needs to face some sort of punishment as well as that is also not acceptable in a civilized world.

Leave a comment »

Microsoft Prepares To Put The Bullet In Windows 8.1… Sorry To The Six Of You Who Still Use It

Posted in Commentary with tags on June 24, 2022 by itnerd

Microsoft is getting ready to send reminders to Windows 8.1 users that support will end on January 10th 2023. Which is the same strategy that they used with Windows 7. What does that mean for you? Microsoft has a webpage here that has a FAQ which spells out what the end of support will means.

My advice is that if you’re still on Windows 8.1, or Windows 7 for that matter, you should be looking towards upgrading to a Windows 11 (or Windows 10) PC as that will provide you with a safer and more secure platform to do whatever it is that you need your computer to do. Because holding on to any computer that runs an earlier Microsoft OS really isn’t a good idea.

Leave a comment »

« Older Entries
Newer Entries »