The Next Front Of The Ukraine/Russia War Is Going To Be Cyberspace

Posted in Commentary with tags , , on February 25, 2022 by itnerd

A swath of major American businesses — from major banks to utility companies — are preparing for possible cyberattacks against their computer networks as Russia on Thursday threatened “consequences” for nations that interfere with its invasion of Ukraine. 

Their concerns, echoed in C-suites and around Washington, follow recent warnings from the Biden administration that U.S. firms should harden their defenses against potential cyberattacks that could disrupt the nation’s critical infrastructure. American officials say there are no current threats against the U.S. But they have nonetheless urged organizations to plan for worst-case scenarios and more aggressively monitor their computer networks for possible intrusions. 

“Right now, everybody needs to be at a heightened alert in the event this continues to escalate, and Russia tries to sway political opinion by causing damage in the United States and its Western allies,” said David Kennedy, the chief executive officer of security firm TrustedSec. He said companies should be going through their computer infrastructure “with a fine-tooth comb” to ensure previous intrusions can’t be used to cause future, more damaging, attacks. Major U.S. banks, for instance, fear aggressive cyberattacks if Washington imposes deeper financial sanctions on Russia, said two banking executives who spoke on condition of anonymity to discuss private conversations. CEOs of major financial firms and their cybersecurity experts recently met with Treasury officials as Russian threats of war intensified, according to the executives.

Related to the above, it shouldn’t come as a surprise that the government of Ukraine is asking for volunteers from the country’s hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops:

As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv. “Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country,” the post read, asking hackers and cybersecurity experts to submit an application via Google docs, listing their specialties, such as malware development, and professional references. Yegor Aushev, co-founder of a cybersecurity company in Kyiv, told Reuters he wrote the post at the request of a senior Defense Ministry official who contacted him on Thursday. Aushev’s firm Cyber Unit Technologies is known for working with Ukraine’s government on the defense of critical infrastructure. Another person directly involved in the effort confirmed that the request came from the Defense Ministry on Thursday morning.

Thus this conflict is about to get wider in scope. And it will be interesting to see if there’s actual nation state cyberattacks from countries like the UK or the US. After all, one could say that if Russia does this sort of thing, those countries have every right to retaliate.

1 Comment »

Apple News Appears To Have Rolled Out Local News Coverage In Toronto And Montreal

Posted in Commentary with tags on February 25, 2022 by itnerd

First noted by Apple YouTuber Rene Ritchie, Apple has appeared to have rolled out Local News content to Toronto and Montreal.

https://twitter.com/reneritchie/status/1496975779787423752

This allows users of Apple News to get content that is highly specific to those cities. Joining Charlotte, Miami, Washington D.C., San Francisco, the Bay Area, New York, Houston, Los Angeles, San Diego, Sacramento, and San Antonio as cities that get local news coverage. I added it via the link for Toronto above and it seems to work fine for me as it shows me news stories that I normally don’t see. But I don’t the other stuff that Apple News Local coverage promises. Such as curated entries under the categories of Sports, Arts & Events, Business & Real Estate, and Food & Drink. I am assuming that will come later.

Hopefully this is the first sign that Apple is going to take the Canadian market more seriously as opposed to being an afterthought.

Leave a comment »

I Investigated A Scam That Wasn’t A Scam…. Maybe….

Posted in Commentary with tags on February 25, 2022 by itnerd

Frequent readers of this blog will know that one of the things that I like to do is not only investigate scams, but when possible expose them so that you know what the bad guys are doing, and that the bad guys are less effective at scamming you. Yesterday, something very interesting hit my inbox, and I would like to detail it to you. It all started with this email:

Now right off the the top, this screamed scam to me. And my first thought about the Word document at the bottom right is that it was booby trapped with some sort of malware. But in the interest of science, I started poking around. First there was the email address it was sent from:

I Googled that and it came back as a legitimate address related to the New Delhi Police and their cybercrime unit. Here’s an example of what I found:

So at first blush, someone might be taken in by this and think that this was legitimate. But I was pretty sure it wasn’t. So I decided to dig further. I opened the attachment in a virtual machine so that if it had some sort of malware, it wouldn’t affect me. And I found this after determining that this Word document was not booby trapped:

A couple of things on this. First they did not include “our press clipping”. Which if they did, it would have tried to add some legitimacy to this. The second thing is that they say that my “contact details were found in their system” during their raid. If that is true, should they not be referring to me by name seeing as they have my details instead of sending me a very generic letter? That was kind of odd.

Having said that, I decided to go down the rabbit hole further by Googling “Insp. Manoj Kumar”. That actually brings up a real police officer in the Delhi police that works in the cyber crimes group. That was interesting and I’ll get back to Insp. Kumar in a bit. I decided to do some further research and found some news articles like this one that detailed a raid last summer that almost precisely fit the description of what this Word document was talking about. In short, it seems like the Delhi Police took down a pair of call centers that were scamming Americans.

I was beginning to think that this could be real unlike 99% of the things that I look into. And doing a whois lookup on the domain that the email came from yielded some interesting results. It came back as being legitimate as I compared them to other Indian Government organizations, all of which had the same registration details with the same registrar.

So to really get to the bottom of this, I called “Insp. Manoj Kumar” and I got him on his mobile phone to have a brief conversation with him. He claims trying to get to all the victims of the scam call center that the Delhi Police raided. He asked me a few questions without asking for any personal information. And I should note that the phone I called him from wasn’t broadcasting my caller ID. So there would be no way for him to call me back. He acted very professional during our entire conversation.

So what I am left with? It appears that this who episode is legitimate. But I am not 100% convinced of that just yet as I am cynical by default. After all this could just be a really sophisticated scam where the scammers have gone to great lengths to ensure that they can take advantage of as many people as possible. Thus I have reached out to Delhi Police for additional commentary. Hopefully they get back to me quickly so that I can update you on this.

Stay tuned for more.

Leave a comment »

Surprise! Truth Social Is Banning And Censoring Users After Saying It Wouldn’t Ban And Censor Users

Posted in Commentary with tags on February 24, 2022 by itnerd

Assuming that you were one of the few who were able to get into former President Donald Trump’s social network known as Truth Social, you might have a new problem that is different than trying and failing to register and/or being put on a waitlist of hundreds of thousands of people. You might get banned or censored if you say the wrong thing.

Take Matt Ortega who is a bit of a prankster. He tried to register DevinNunesCow on Truth Social. Devin Nunes is the CEO of the company behind this gong show of a social media network. And he was also a congressman who loved to be a cheerleader for Trump. But he also has very thin skin who tried to sue a pair of parody Twitter accounts who were trolling him. Namely Devin Nunes’ Mom and Devin Nunes’ Cow. Those lawsuits didn’t go Nunes way, and clearly Truth Social doesn’t want him to be trolled. Which is why Ortega likely had this happen to him:

That’s kind of funny. But this isn’t.

If you click the graphic, you will see the following:

You can find some basic facts about Stew Peters here. But here’s what you need to know. He’s an anti-vaxxer with some…. extreme views of the universe.

Both of these events go against the pledge that Truth Social’s pledge to be censorship free. But there was zero chance that Truth Social was ever going to be censorship free. The simple fact is that Truth Social currently has no web interface like Twitter or Facebook do. Thus they are totally reliant on apps. Or app seeing as they are only on the Apple App Store at the moment. And the App Store along with Google Play have rules that say that if you have content that violates their terms of service, your app get punted. Just ask Parler what that means. So Truth Social has to do some sort of moderation, aka censorship, or get banned out of existence very quickly. The DevinNunesCow thing is just Truth Social’s CEO not being able to take being trolled. But the Stew Peters thing is about the survival of Truth Social for something longer than 60 seconds. Thus if Trump supporters were hoping that they were going to find a place where they could yell into their echo chamber with their “views” of the universe, it’s not happening on Truth Social.

Leave a comment »

Guest Post: Atlas VPN hands out VPN subscriptions to support journalists in Ukraine

Posted in Commentary with tags on February 24, 2022 by itnerd

The recent wave of cyberattacks directed at Ukraine urged the Atlas VPN team to share advice on how users can protect themselves against these types of threats. Moreover, to show support to journalists and media personnel in Ukraine, Atlas VPN is handing out Premium VPN subscriptions.

Atlas VPN hands out VPN subscriptions to support journalists in Ukraine

As we stand for freedom online and beyond, we wish to help journalists who risk their safety to provide the most accurate information to the public. Therefore, Atlas VPN will hand out Premium VPN subscriptions to journalists in Ukraine until the crisis is over. 

This way, media representatives can carry out their investigations online and share their findings while being protected by military-grade encryption, which will completely hide their online activities. 

There are two benefits of using a VPN in this scenario.

First, it protects individuals from being attacked by DDoS attacks. This is especially important for independent reporters, who have no backing if they get targeted by threat actors. 

While it is challenging for large enterprises to protect themselves against DDoS attacks, this is not the case for individuals. Users can hide their IP address by connecting to a VPN server, which means that hackers cannot locate your network and, in turn, cannot target you. 

Secondly, neither their ISP nor other third parties will have any track of the reporter’s activities online, which, hopefully, will encourage them to share information even more openly, even if that is done under an alias or by private messages with media outlets.

Premium VPN subscriptions

If you are a journalist in Ukraine in need of a Premium VPN subscription, send Atlas VPN an email at pr@atlasvpn.com, and the team will get back to you within 24 hours.

Journalists will receive a 1-year Premium subscription of Atlas VPN, which also includes advanced security features like Tracker Blocker, Data Breach Monitor, MultiHop+, and many more

To read the full article, head over to:
https://atlasvpn.com/blog/atlas-vpn-hands-out-vpn-subscriptions-to-support-journalists-in-ukraine 

Leave a comment »

Research Paper Claims Samsung Shipped 100 Million Phones With Flawed Encryption

Posted in Commentary with tags on February 24, 2022 by itnerd

According to a research paper, Samsung reportedly shipped an estimated 100 million smartphones with botched encryption. In short, researchers at Tel Aviv University in Israel found that millions of Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 devices were shipped to customers with a security loophole that could have allowed hackers to steal sensitive information:

ARM-based Android smartphones rely on the TrustZone hardware support for a Trusted Execution Environment (TEE) to implement security-sensitive functions. The TEE runs a separate, isolated, TrustZone Operating System (TZOS), in parallel to Android. The implementation of the cryptographic functions within the TZOS is left to the device vendors, who create proprietary undocumented designs.

In this work, we expose the cryptographic design and imple- mentation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES- GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

We discuss multiple flaws in the design flow of TrustZone based protocols. Although our specific attacks only apply to the ≈100 million devices made by Samsung, it raises the much more general requirement for open and proven standards for critical cryptographic and security designs.

Yikes!

The good news is that the researchers approached Samsung last May and July with the details of the vulnerabilities. Then Samsung fixed them via patches that went out to the affected devices. But here’s where I would be nervous if I were a Samsung user. Unlike iPhone in which every iPhone on Earth gets patched at roughly the same time, Android phones in general don’t get the same treatment. Patches might come from Samsung, Google, or your carrier. And they may be region specific. Thus it may take weeks or months before a patch hits your phone. If it hits your phone at all. So it is possible that not all of the phone that were affected by this are patched. And that’s a problem as it’s a safe bet that threat actors are looking at this paper and seeing how they can exploit any phone that still has these flaws. Thus my advice would be to make sure that your Samsung phone is running the latest security update. More info on that can be found here.

Leave a comment »

Cradlepoint Cellular Intelligence Simplifies Management & Control of LTE & 5G Wireless WAN Deployments

Posted in Commentary with tags on February 24, 2022 by itnerd

Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network edge solutions, today announced the launch of Cellular Intelligence, a collection of software-based features that uniquely sense, orchestrate, and optimize connections, data plans, and traffic of cellular networking deployments. Now, Cellular Intelligence includes SIM Management based on the integration of Ericsson’s IoT Accelerator with Cradlepoint’s NetCloud and other databases. Customers can now activate and manage cellular routers, SIMs and data plans from a single pane of glass. This new extension of Cellular Intelligence highlights Cradlepoint’s commitment to providing enterprises with the freedom to simply connect people, places, and things from anywhere. 

IT managers will need a new set of tools to meet the unique demands of cellular networking – especially as the Wireless WAN scales. As 5G adoption rates continue to rise, IDC predicts that by 2024, “wireless first” will be mainstream for wide area connectivity, accelerating 65% of organizations to “untether” their operations. As this demand for cellular adoption increases, Cellular Intelligence gives IT teams the necessary tools to manage the unique demands of cellular through sophisticated management and control capabilities. 

Leveraging Cradlepoint’s decade-long history in enabling enterprise-class 4G/LTE and 5G connectivity, Cellular Intelligence has been built into every aspect of the Cradlepoint portfolio to equip IT teams with the management, control, and security capabilities they need, including:

  • Live stats, health dashboards, and cellular data breakout (by carrier, connection type, by network type, by 5G mmWave vs. sub-6, and more) that increase visibility and control of cellular services.
  • Integrated SIM Management provides peace of mind with centralized and precise consumption visibility and control of data plans across the Wireless WAN. 
  • Cellular signal mapping allows organizations, like public safety agencies, to map and display cellular reception across driven routes. 
  • Software-driven modem functionality optimizes connectivity across multiple modems, and multiple carriers, for predictable and persistent cellular connectivity. 
  • Unique cellular-optimized SD-WAN capabilities enable traffic steering policies based on applications and real-time WAN conditions, ensuring quality of experience.
  • Application-aware visibility, reporting, and controls gives administrators visibility to the performance of their applications, so they can easily take corrective action if needed.
  • Application-based failover control allows IT organizations to control exactly which applications and functions utilize a cellular failover connection. For example, IT can suspend guest Wi-Fi access when on cellular failover. 
  • Cellular-efficient secure management protocol, with in-depth diagnostic, alerting and log data, improves troubleshooting without impacting customer data plans. 

One of the newest Cellular Intelligence feature — SIM Management — is based on an integration with Ericsson’s IoT Accelerator platform. Communication Service Providers (CSPs) and other channel partners that utilize IoT Accelerator will now be able to provide customers with the ability to view, activate and adjust cellular data plans in real-time for their Cradlepoint devices. There are also plans to integrate with SIM aggregation databases to provide broader visibility across all global carrier’s data plans.  With these integrations, Cradlepoint Cellular Intelligence now exclusively provides real-time SIM Management capability.

To learn more about Cellular Intelligence, shipping now as part of the NetCloud Service, please visit: https://cradlepoint.com/technology/cellular-intelligence/.

Cradlepoint will be at Mobile World Congress Barcelona from February 28 – March 3, 2022, visit us in booth 2J20. For more information on the event, visit: https://www.mwcbarcelona.com/exhibitors/cradlepoint  

Leave a comment »

Cisco Firepower Firewall Customers Told To Quickly Patch All The Things Or Bad Things Will Happen To Them

Posted in Commentary with tags on February 24, 2022 by itnerd

Uses of Cisco Firepower firewalls need to pay attention to this.

Cisco has put out a Field Notice advised that the SSL certificate authority used to sign certificates for Talos security intelligence updates will be decommissioned and replaced on March 6, 2022. What that means is that Firepower devices “might” not be able to receive Talos updates. Those updates contain lists of sites identified as sources of malware, spam, botnets, and phishing to these firewalls. The firewalls in turn can automatically apply them so that you don’t have to add to the always-growing list of threats manually. So in short, after March 6, you might not be protected from the latest threats that exist on the Interwebs. Which of course is bad.

Users of FirePOWER Services Software for ASA, Firepower Threat Defense (FTD) Software, Firepower Management Center Software, and Firepower 6.1.x through 7.1.x have therefore been advised they’ll need to update their software. The update is required for both physical firewalls and FirePOWER running in clouds. And the deadline for doing the update is March 5th. Which means that you don’t have a lot of time to do these updates which are already available. The only exception is those who run Firepower 7.1.x, who have been warned that their update is “Planned for release by March 1, 2022.” That’s four days which is an insanely short amount of time.

Thus you should prepare to get about patching all the things. Because you know that cybercriminals will be getting ready to pwn those who don’t patch all the things.

Leave a comment »

#Fail: Trump Facing Lawsuit Over Truth Social Logo

Posted in Commentary with tags on February 23, 2022 by itnerd

The rather shambolic launch of former President Donald Trump’s Truth Social has taken another turn. It’s now come to light that the logo is similar to a logo for a UK company called Trailar. A seller of truck solar panels. You can guess what happened next:

Matthew Summers, head of marketing at Trailer, confirmed to Insider on Tuesday that the company was considering legal action against Truth Social because of the similarity of the two logos.

Summers had earlier told The Daily Beast: “We are now seeking legal advice to understand next steps and options available to protect our brand.”

For reference, here’s the two logos side by side:

More than a passing resemblance. No?

It will be interesting to see how Trump and company respond to this lawsuit when it gets filed. Regardless, Truth Social is not off to a great start.

Leave a comment »

Cyberattack Takes Out Government Websites And Banks In Ukraine

Posted in Commentary with tags on February 23, 2022 by itnerd

Things are getting worse on the Ukraine front. And that includes cyberspace. Several Ukrainian government websites were offline Wednesday as a result of a mass distributed denial of service attack, Mykhailo Fedorov, head of Ukraine’s Ministry of Digital Transformation, said in his Telegram channel.

The attack, which also impacted some banks, began around 4 p.m. local time, according to Fedorov. He didn’t say which banks were attacked or what the extent of the damage was. Websites for the Ukrainian Ministry of Foreign Affairs, Cabinet of Ministers and Rada, the country’s parliament, were among those down as of Wednesday morning Eastern time. The government sites were offline as officials attempted to switch traffic elsewhere to minimize damage, he said. A DDoS attack is when a hacker floods a victim’s network or server with traffic so that others are unable to access it.

It’s safe to assume that the Russians are behind this, though that hasn’t been confirmed. Regardless it’s a major escalation as this is the second time this has happened. And it will likely only get worse from here.

UPDATE: Saumitra Das, CTO and Founder, Blue Hexagon had this comment:

“Business leaders should assume that there could be cyber attacks to disrupt operations not just in the infrastructure sector but anywhere disruption helps provide leverage to a nation-state. Nation-state attackers usually can craft mutated attacks to render threat intelligence unhelpful, use living off the land techniques to bypass endpoint security and focus on disruption rather than ransoming data which can in many cases be easier to achieve.”

“Key tactics business leaders need to focus on are: (1) invest in detection and response on both the network (NDR) and endpoint (EDR). Even for criminal gangs which are less sophisticated than nation-state attackers’ prevention-based security like Network Firewall (NGFW) and Endpoint Protection have clearly not worked given the number of ransomware incidents we have seen (2) Use AI-based security to find attacks that are mutated. Rules and signatures have limited effectiveness for nation state attacks. Raise the bar for the attacker (3) Don’t limit to on-premises only because attackers understand that cloud infrastructure for a business tends to be highly misconfigured by developers and provides an easier way in than the on-prem walled gardens. Nation states can easily disrupt a business by taking down workloads in the cloud that handle things like pricing, analytics, payments etc without even breaking into the on-prem infrastructure. “

Leave a comment »

« Older Entries
Newer Entries »