Jump to content

KL FC Bot

Members
  • Posts

    36
  • Joined

  • Last visited

    Never

Everything posted by KL FC Bot

  1. With each version of iOS, we’ve seen developers try to protect user data better. However, the core principle remains unchanged: You, the user, gets to decide what information to share with which apps. With that in mind, we’ve put together an in-depth review of app permissions in iOS 15 to help you decide which requests to allow and which to deny. Where to find iOS 15 app permission settings iOS 15 offers several ways to manage permissions. We’ll talk about each of the three methods separately. Managing permissions when you first launch an app Every app requests permission to access certain information the first time you launch it, and that’s the easiest time to choose what data to share with the app. But even if you accidentally press “Yes” instead of “No,” you can still change it later. Setting up all permissions for a specific app To see and set all permissions for a particular app at once, open the system settings and scroll down to see a list of installed applications. Select an app to see what permissions it has and revoke them if you need to. Setting specific permissions for different applications Go to Settings → Privacy. In this section, you will find a long list of basic iOS 15 permissions. Click on each permission to see which applications requested it. You can deny access to any of them at any time. Not all permissions are in the Privacy menu; you’ll need to go to other settings sections to configure some of them. For example, you can disable mobile data transfer for apps in the Mobile section, and permission to use the Internet in the background is configured in the Background App Refresh section. Now you know where to look for what. Next, we’ll go into more detail about all of iOS’s permissions. Location Services Tracking Contacts Calendars Reminders Photos Local Network Nearby Interaction Microphone Speech Recognition Camera Health Research Sensor & Usage Data HomeKit Media & Apple Music Files and Folders Motion & Fitness Focus Analytics & Improvements Apple Advertising Record App Activity Mobile Data Background App Refresh Location Services What it is: Permission to access your location. This permission isn’t just about GPS; apps can also navigate using mobile network base stations, Bluetooth, and the coordinates of Wi-Fi hotspots you are connected to. Access to location services is used, for example, by maps to plot routes and show you nearby businesses. What the risks are: Having location access enables apps to map your movements accurately. App developers can use that data for marketing purposes, and cybercriminals can use it to spy on you. You may not want to give this permission to an app if you don’t fully trust it or don’t think it needs that level of information. For example, social networks can do without location access if you don’t add geotags to your posts or if you prefer to do so manually. In case you need an app that needs location access to work properly, here are two ways to protect yourself from being tracked: Allow access to location only while using the app to give the app access to your coordinates only when you are actually using it. If the app wants to receive location information in the background, you will be notified and may opt out. Turn off Precise Location to restrict the app’s knowledge of your location. In this case, the margin of error will be about 25 square kilometers (or 10 square miles) — that’s comparable to the area of a small city. What’s more, iOS has long had an indicator that lets you know that an app is requesting access to your location. With iOS 15, that indicator has become much more prominent, appearing as a bright blue icon with a white arrow at the top of the screen. Where to configure it: Settings → Privacy → Location Services Tracking What it is: Permission to access a unique device identifier — the Identifier for Advertisers, or IDFA. Of course, each individual application can track a user’s actions in its own “territory.” But access to IDFA allows data matching across apps to form a much more detailed “digital portrait” of the user. So, for example, if you allow tracking in all applications, then a social network can not only see all of your records and profile information in it, but also find out what games you play, what music you listen to, the weather in cities you are interested in, what movies you watch, and much more. What the risks are: Tracking activity in apps enables the compilation of a much more extensive dossier on the phone’s owner, which increases advertising efficacy. In other words, it can encourage you to spend more money. Starting in iOS 14.5, users gained the ability to disable tracking requests in apps. Where to configure it: Settings → Privacy → Tracking Contacts What it is: Permission to access your address book — to read and change existing contacts and to add new contacts. Data an app can get with this permission includes not only names, phone numbers, and e-mail addresses, but also other information from your list of contacts, including notes about specific contacts (although apps need separate approval from Apple to access the notes). What the risks are: Databases of contacts — with numbers, addresses, and other information — can, for example, be used to attack an organization, send spam, or conduct phone scams. Where to configure it: Settings → Privacy → Contacts Calendars What it is: Permission to view, change, and add calendar events. What the risks are: The app will receive all of your personal calendar information, including past and scheduled events. That may include doctor’s appointments, meeting topics, and other information you don’t want to share with outsiders. Where to configure it: Settings → Privacy → Calendars Reminders What it is: Permission to read and change existing reminders and add new ones. What the risks are: If you have something personal recorded in your Reminders app, such as health data or information about family members, you may not want to share it with any app developers. Where to configure it: Settings → Privacy → Reminders Photos What it is: This permission allows the app to view, add, and delete photos and videos in your phone’s gallery. The app also can read photo metadata, such as information about where and when a photo was taken. Apps that need access to Photos include image editors and social networks. What the risks are: A personal photo gallery can say a lot about a person, from who their friends are and what they’re interested in to where they go, and when. In general, even if you don’t have nude photos, pictures of both sides of your credit card or screenshots with passwords in the gallery, you should be cautious about giving apps access to yours. Starting with iOS 14, Apple developers added the ability to give an app access to individual files without giving them the entire gallery. For example, if you want to post something on Instagram, you can choose precisely which images to upload and keep your other photos invisible to the social network. In our opinion, that’s the best option for providing access to your images. Where to configure it: Settings → Privacy → Photos Local Network What it is: Permission to connect to other devices on your local network, for example, to play music with AirPlay, or to control your router or other gadgets. What the risks are: With this type of access, applications can collect information about all of the devices on your local network. Data about your equipment can help an attacker find vulnerabilities, hack your router, and more. Where to configure it: Settings → Privacy → Local Network Nearby Interaction What it is: Permission to use Ultra Wideband (UWB), which the iPhone 11 and later support. Using UWB lets you measure the exact distance between your iPhone and other devices that support the technology. In particular, it’s used in Apple AirTag to find things you’ve tagged. What the risks are: A malicious app with UWB access can determine your location extremely accurately, to an exact room in a house or even more precisely. Where to configure it: Settings → Privacy → Nearby Interaction Microphone What it is: Permission to access your microphone. What the risks are: With this permission, the app can record all conversations near the iPhone, such as in business meetings or at a medical appointment. An orange dot in the upper right corner of the screen indicates when an app is using a microphone (the dot becomes red when you turn on the Increase Contrast accessibility feature). When an app is using the microphone, iOS 15 shows an orange dot Where to configure it: Settings → Privacy → Microphone Speech Recognition What it is: Permission to send voice-command recordings to Apple’s servers for recognition. An app needs this permission only if it uses Apple’s speech recognition service. If the app uses a third-party library for the same purpose, it will need another permission (Microphone) instead. What the risks are: By and large, asking for this permission is indicative of an app developer’s honest intentions — by using Apple’s proprietary speech recognition service, they are following the company’s rules and recommendations. A malicious app is much more likely to ask for direct access to the microphone. Nevertheless, use caution granting permission for speech recognition. Where to configure it: Settings → Privacy → Speech Recognition Camera What it is: Permission to take photos and videos, and to obtain metadata such as location and time. What the risks are: An application can connect to the phone’s cameras at any time, even without your knowledge, and obtain access to photos’ metadata (the time and location where they were taken). Attackers can use this permission to spy on you. If an application is currently accessing the camera, a green dot lights up in the upper right corner of the screen. When an app is using the camera, iOS 15 shows a green dot Where to configure it: Settings → Privacy → Camera Health What it is: Permission to access data you keep in the Health app, such as height, weight, age, and disease symptoms. What the risks are: App developers may sell your health information to advertisers or insurance companies, which can tailor ads based on that data or use it to calculate health insurance rates. Where to configure it: Settings → Privacy → Health Research Sensor & Usage Data What it is: Access to data from the phone’s built-in sensors, such as the light sensor, accelerometer, and gyroscope. Judging by indirect references in this document, that could also include data from the microphone and facial recognition sensor, as well as from iWatch sensors. The permission can also provide access to data about keyboard usage, the number of messages sent, incoming and outgoing calls, categories of apps used, websites visited, and more. As you can see, this permission can provide a range of sensitive data about the device’s owner. Therefore, only apps designed for health and lifestyle research should request it. What the risks are: The permission can allow outsiders to obtain information about you that is not available to ordinary apps. In particular, this data allows examination of your walking pattern, the position of your head while you’re looking at the screen, and collecting a lot of information about how you use your device. Of course, you shouldn’t provide that much data about yourself to just anyone. Before agreeing to participate in a study and providing permission to the app in question, take a good look at what data the scientists are interested in, and how they plan to use it. Where to configure it: Settings → Privacy → Research Sensor & Usage Data HomeKit What it is: The ability to control smart home devices. What the risks are: With this level of access, an app can control smart home devices on your local network. For example, it can open smart door locks and blinds, turn music on and off, and control lights and security cameras. A random photo-filter app (for example) should not need this permission. Where to configure it: Settings → Privacy → HomeKit Media & Apple Music What it is: Permission to access your media library in Apple Music and iCloud. Apps will receive information about your playlists and personal recommendations, and they will be able to play, add, and delete tracks from your music library. What the risks are: If you don’t mind sharing your music preferences with the app, you probably have nothing to worry about, but be aware that this data may also be used for advertising purposes. Where to configure it: Settings → Privacy → Media & Apple Music Files and Folders What it is: Permission to access documents stored in the Files app. What the risks are: Apps can change, delete, even steal important documents stored in the Files app. If you’re using Files to store important data, keep access limited to the apps you truly trust. Where to configure it: Settings → Privacy → Files and Folders Motion & Fitness What it is: Permission to access data about your workouts and daily physical activity, such as number of steps taken, calories burned, and so on. What the risks are: Just like medical data from the Health app, activity data may be used by marketers to display targeted ads and by insurance companies to calculate health insurance costs. Where to configure it: Settings → Privacy → Motion & Fitness Focus What it is: This permission allows apps to see if notifications on your smartphone are currently muted or enabled. What the risks are: None. Where to configure it: Settings → Privacy → Focus Analytics & Improvements What it is: Permission to collect and send data to Apple about how you use your device. It includes, for example, information about the country you live in and the apps you run. Apple uses the information to improve the operating system. What the risks are: Your smartphone may use mobile data to send Apple data, potentially draining both the battery and your data plan a bit faster. Where to configure it: Settings → Privacy → Analytics & Improvements Apple Advertising What it is: Permission to collect personal information such as your name, address, age, gender, and more, and use it to show targeted ads from Apple’s ad service — but not to share it with other companies. Disabling this permission will not eliminate ads, but without data collection they will be generic, not targeted. What the risks are: As with any targeted ads, more effective advertising may lead to extra spending. Where to configure it: Settings → Privacy → Apple Advertising Record App Activity< What it is: Permission to keep track of what data (location, microphone, camera, etc.) any given application accessed. At the time of this writing (using iOS 15.1), users may download the collected data as a file, albeit not a very informative one. Future versions of iOS (starting with 15.2, expected at the end of 2021) will use this data for the App Privacy Report, which is a bit like Screen Time, but for app tracking. What’s useful: If you want to use the App Privacy Report as soon as iOS 15.2 becomes available, you may want to enable app activity logging in advance. Where to configure it: Settings → Privacy → Record App Activity Mobile Data What it is: Permission to use mobile Internet. Applications need access to the Web to send messages, load photos and news feeds, and complete technical tasks such as sending bug reports. What the risks are: Apps working in the background can quickly deplete data allowances. Users may prefer to deny mobile Internet access to apps that send a lot of data over the Web, instead limiting them to Wi-Fi use, especially when roaming. We strongly recommend users go through their app lists and disable unnecessary mobile data permissions before trips abroad. Where to configure it: Settings → Mobile Background App Refresh What it is: Permission to refresh content when you are not using an app, that is, when it’s running in the background. What the risks are: Updating content consumes data and battery power, but all modern smartphones are designed to run apps in the background. Take action only if you notice that a certain program is sending a lot of data over the Web and significantly reducing your smartphone’s runtime. You can check apps’ mobile data and power consumption in the system settings, under Mobile Data and Battery. Where to configure it: Settings → General → Background App Refresh Better safe than sorry Protecting yourself from apps that are too greedy in collecting your personal information takes very little time. We strongly recommend taking that time, though, carefully considering all requests and being judicious about what you share and with whom. Remember that you are responsible for your privacy, so you can rest easy after denying any requests that seem suspicious or unreasonable, knowing your photos, videos, documents, and other data are safe. View the full article
  2. If someone gets access to your mailbox, one possible consequence is a BEC attack, in which case your correspondence can contribute greatly to its success. Of course, security software helps adjust the odds in your favor, but anyone can fall for phishing, so it’s important to minimize potential damage by removing any messages you would not want to fall into someone else’s hands — just in case. Here is what to remove first. Authentication data Most modern services avoid sending even temporary passwords, instead providing unique links to a password-change interface. Sending passwords through unencrypted e-mail is a terrible idea, after all. But some companies do still send passwords by e-mail, and the practice is somewhat more common with internal services and resources. Moreover, employees sometimes send themselves passwords, logins, and their answers to secret questions. Such letters are exactly what attackers are looking for: With access to corporate resources, they can get extra information for social engineering manipulations and further develop attacks. Online service notifications We get all sorts of notifications from online services: registration confirmations, password reset links, privacy policy update notifications. The letters per se are of no interest to anybody, but they show what services you subscribe to. The attackers will most likely have scripts ready to automate their search for these notifications. In most cases your mailbox is the master key to all of these services. Knowing which ones you use, the attackers can request a password change and get in through your mailbox. Scans of personal documents Corporate users (particularly those in small business) are often tempted to use their mailboxes as a sort of cloud file storage, especially if the office scanner delivers scans by e-mail. Copies of passports, taxpayer IDs, and other documents are often required for routine paperwork or business trips. We recommend deleting any messages containing personal information immediately. Download the documents and keep them in encrypted storage. Sensitive business documents For many employees, document exchange is an integral part of business workflow. That said, some documents may be of value not only for your colleagues, but also for attackers. Take, for example, a financial report. Likely to be found in the accountant’s mailbox, a financial report provides a wealth of powerful information — and an ideal starting point for BEC attacks. Instead of sending scattershot scam letters to colleagues, for example, cybercriminals with such information can directly use real info about specific contractors, accounts, and transaction sums to craft appealing subject lines. They can also obtain useful information about the company’s business context, partners, and contractors so as to attack them as well. In some cases, careful study of a financial report may also present an opportunity for stock exchange manipulation. Therefore, it is important to delete sensitive information on receipt and never to exchange it unencrypted. Personal data Other people’s personal data, such as resumes and CVs, application and registration documents, and so forth, can find their way into your mailbox, too. When people give your company permission to store and process their personal data, they expect you to keep that information safe and secure. Regulators expect that as well, especially in countries with strict PII laws. How to secure yourself against a mailbox compromise We recommend deleting any information that may be of interest to attackers — not only from your inbox but also from your Sent and Deleted folders. If your business requires you to send commercially sensitive information by e-mail, use encryption, which most e-mail clients for business support. Additionally, we recommend using two-factor authentication wherever possible. If you do, then even if an attacker compromises your mailbox, your other accounts won’t end up in their hands. Store passwords and scanned documents in specialized applications such as our Password Manager. Practice prevention by keeping your mailbox secure, carefully screening your incoming mail at the mail server level and, as an additional layer of protection, using reliable security solutions on corporate computers. View the full article
  3. Welcome to the 229th episode of the Kaspersky Transatlantic Cable podcast. Ahmed, Dave and I start by looking into the world of NFTs. 💀OMG WHO RIGHT CLICKED ALL OF THE #NFTs?☠️ 🛳🏴‍☠️ https://t.co/o0YRK78AkL 🏴‍☠️🛳 👀 pic.twitter.com/g74TFqzX0n — 🏴‍☠️ thenftbay.org 👋🇵🇹 (@GeoffreyHuntley) November 18, 2021 In this tale, it seems that a pirate site will allow users to download any NFT that has been bought and sold. Please tell me again, how a NFT site can be fooled by CTRL-Right Click? From there, we dive into the Metaverse, where Facebook is rolling out their clone of the Oasis. Now, while they say that the haptic gloves will help make digital handshakes and eliminate business travel, we all know what they are really about… data. For our third story, we discuss how a glitch at Tesla locked some folks out of their autos. After the Tesla snafu, we jump to an odd story in the US. While there is a lot of weird in the US going on at any given day, this story takes a look at a woman who tried to buy a hitman to kill her ex-husband. Fortunately for him, and unfortunately for her, she used a fake site that then shared her info with the authorities. Now, for a PSA, please check out the site, it is quite comical and anyone who would think that it is legitimate, you have to wonder a bit. We close out the pod looking at a warning from the FBI on potential ransomware attacks tied to the US-Thanksgiving holiday as well as some tips to stay safe online shopping. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: ‘Piracy’ website offers NFT art as free downloads Facebook’s freaky new glove Some Tesla owners unable to unlock cars due to server errors Michigan woman tries to hire a hitman on fake ‘Rent-A-Hitman’ website to kill ex-husband FBI and cybersecurity agency issue urgent Thanksgiving warning after ransomware attacks on Independence & Mother’s Day Black Friday 2021: How to Have a Scam-Free Shopping Day View the full article
  4. Telehealth promises many benefits: remote 24-hour monitoring of the patient’s vital signs; the ability to get expert opinions even in the most remote regions; and considerable savings of time and resources into the bargain. In theory, the modern level of technology makes all this possible right now. In practice, however, telehealth still faces certain difficulties. Our colleagues, assisted by Arlington Research, interviewed representatives of large medical companies around the globe about the application of telehealth practices. The questions probed their views on the development of this field and, above all, the difficulties that doctors face when providing medical services remotely. Here is what they found. Patient data leaks According to 30% of those surveyed, patient data at their clinics had been compromised as a result of telehealth sessions. In today’s climate of strictly regulated PII protection, leaks can cause serious problems for medical institutions in terms of both reputational damage and fines from regulators. не з How to fix it? Before adopting a new IT-based process, it makes sense to carry out an external audit to identify and remediate security and privacy flaws. Lack of data protection understanding 42% of respondents admitted that medical employees taking part in telehealth sessions do not have a clear understanding of the data protection processes practiced in their clinic. This is undoubtedly bad. The doctor (a) might make a mistake that leads to a leak and (b) will be unable to answer (increasingly common) questions from the patient. How to fix it? First, the medical institution needs to produce a document that clearly spells out how data is stored and processed, and send it to all employees. Second, doctors should be more aware of modern cyberthreats. This will minimize the chance of error. Unsuitable software 54% of respondents said their institutions provide telehealth services using software not designed for this purpose. Again, this can cause leaks simply due to the technical limitations of the software platforms used or unpatched vulnerabilities contained inside them. How to fix it? Wherever possible, use software designed specifically for medical purposes. Conduct a security audit of all applications used to provide remote services. Diagnostic errors due to technical limitations 34% of organizations had experienced cases of misdiagnosis due to poor photo or video quality. This issue is partly a consequence of the previous one: video-conferencing software often automatically reduces image quality to ensure a seamless session. But problems can also arise due to congested servers or communication channels. How to fix it? Unfortunately, not everything here depends on the medical company — the root of the problem may lie in low-quality client-side equipment. All the same, the company should do all it can to minimize potential complications by providing backup capacity (if on-prem servers are used for teleconferencing) and a spare communication channel. Legacy operating systems 73% of telehealth companies use equipment based on legacy operating systems. In some cases, this is for compatibility requirements, but it can also be due to upgrade costs or the simple lack of qualified IT staff. A vulnerable legacy system in the network can potentially serve as an entry point for attackers and be used both to steal patient data and to sabotage telehealth processes. How to fix it? It goes without saying that operating systems should be updated whenever possible. However, this is not always feasible, for example, when using outdated medical equipment. In this case, we recommend isolating vulnerable systems in a separate network segment offline, and fitting them with specialized security solutions operating in Default Deny mode. More details about the Telehealth Take-up: Risks and Opportunities report are available here. View the full article
  5. Remote work and distance learning have been part of our reality since the spring of 2020, and they seem to be here to stay. College students enrolled after 2019 missed a huge part of the experience. But along with the obvious shortcomings, distance learning offers benefits that are no less significant: more sleep, better diet, and the ability to mix work and study more efficiently. Here is how to leverage the pros of distance education while smoothing over the cons. 1. Set clear boundaries The first thing everyone I know was excited about when school went remote was being able to work and study without getting out of bed. Among other things, early-morning classes became manageable. That illusion vaporized fairly quickly, though. The whole concept of learning without having to get out of bed proved a bit less amazing in practice than I’d expected. After a few weeks of taking advantage of the relaxed atmosphere, I found I’d erased the boundary between study and leisure, and I started waking up at night, thinking about an impending deadline. We all need the right environments for our various activities. For learning, I strongly recommend creating the space you need to focus, listen, converse, read, and work. If you’re going to be studying or working at home, draw a clear line between learning and leisure spaces and keep your activities in the appropriate areas. Keeping up customary rituals from the old normal can help as well: Get up on time, change into appropriate clothes, brush hair, have breakfast, and so on — essentially, do what you’d be doing if you were going to school in person. 2. Sleep and eat In making the transition to online learning, it’s easy to go to one extreme or the other. My problem was overfocusing on studies, but examples of the opposite abound as well, with classes taking a back seat to social networks, TV shows, and mobile games. Strange as it may seem, the same set of tips can help with both. First, work on your sleep schedule. In traditional learning environments, we spend a lot of time traveling and packing, but likely not with remote learning. That newly available time might be better spent getting enough sleep. Another important step is evaluating and improving eating habits. For example, you may want to ensure you have breakfast, lunch, and dinner at the same time every day, or spend a bit more time preparing healthier meals. With distance learning, you can eat when you need to, not just when class schedules dictate, freeing you to spend less on meals and eat better at the same time. Neglecting leisure is not a good idea, either. Deadlines and home assignments will never end, but everyone needs room for friends, movies, and TV shows, and just plain recreation. Breaks help us learn more productively and gain fresh perspectives on old problems. 3. Don’t forget to move Being active is absolutely essential to good health. If you have to spend most of your time sitting at home, try to find even 20 or 30 minutes to move around between or after classes. It will make a world of difference in the quality of your life. Consider an app, if that seems useful for you. Look for workout or other activity plans that are realistic but challenging, with a variety that appeals to you — with equipment or without; functional, cardiovascular, yoga, sports; slow, fast, intense, or gentle. Getting outdoors in between classes doesn’t hurt, either. 4. Prepare for video calls Distance education has forced all students and educators into a new world of Zoom, Teams, Skype, Discord, and many other online communication tools. We probably should all have the hang of it by now, but well over a year into the pandemic, there’s still no end to the funny and embarrassing incidents. Thus, this past September, my whole class was keenly aware that a classmate’s friend hit his first million views on TikTok. Always check that your microphone is muted and your camera is off! 5. Don’t put off lectures for later Teachers often record their online lectures and share the recordings, which makes skipping class tempting. I just can’t recommend that. Keep the option for when you really cannot attend, but strive to follow a schedule; it’ll help you stay organized and focused — and let’s be honest, how often do you actually watch those recordings? 6. Set notifications and remember your passwords Speaking of things that do not belong on the back burner, it is especially important to put deadlines on your calendar, or else they can sneak up on you. Helpful tools include Google Calendar, Google Keep, Todoist, Tick-tick, and the good old paper calendar. Notifications can save you if you have forgotten about the deadline for submitting a course paper or an important home assignment. To keep messages from course chats and school calendars or e-mail alerts from getting buried under junk, configure your notifications properly. Here are a few how-to articles: How to turn off annoying notifications in macOS How to configure notifications in Windows 10 Getting rid of browser notifications Distance learning has made each of us create about a thousand accounts with various services, and remembering all of your passwords is no small feat. So, if you do not have a password manager yet, now's the time to start using one. 7. Learn to manage background noise Humanity’s engineering achievements can help to address some of the challenges online learning presents. You can always ask those around you to keep it down, but keeping the peace may require technological solutions. Those apps can keep the people you talk with from hearing excessive noise, but what about your concentration? You have a few options for keeping your study space calm and quiet, not all of which involve actually shushing the neighbors. 8. Upgrade your hardware Learning from home is more likely than not to require some equipment upgrades. If you have been delaying getting that powerful laptop or a second monitor, now may be the time. Cash-strapped students may not be able to buy expensive devices, and it may make sense to cover at least some of your needs with old gadgets. For example, an old tablet could become a second screen, and a smartphone makes a good webcam. Wi-Fi routers needs special attention as well; they’re sure to see extra work. Carpe diem! Distance learning may have prevented us from enjoying part of the traditional student experience, but it can also uncover a wealth of new possibilities — and don’t forget, the pandemic will be over one day, whereas the skills you develop during this time are yours for life. View the full article
  6. University of Cambridge experts described a vulnerability they say affects most modern compilers. A novel attack method uses a legitimate feature of development tools whereby the source code displays one thing but compiles something completely different. It happens through the magic of Unicode control characters. Unicode directionality formatting characters relevant to reordering attacks. Source. Most of the time, control characters do not appear on the screen with the rest of the code (although some editors display them), but they modify the text in some way. This table contains the codes for the Unicode Bidirectional (bidi) Algorithm, for example. As you probably know, some human languages are written from left to right (e.g., English), others from right to left (e.g., Arabic). When code contains only one language, there’s no problem, but when necessary — when, for example, one line contains words in English and in Arabic — bidi codes specify text direction. In the authors’ work, they used such codes to, for example, move the comment terminator in Python code from the middle of a line to the end. They applied an RLI code to shift just a few characters, leaving the rest unaffected. Example of vulnerable Python code using bidi codes. Source. On the right is the version programmers see when checking the source code; the left shows how the code will be executed. Most compilers ignore control characters. Anyone checking the code will think the fifth line is a harmless comment, although in fact, an early-return statement hidden inside will cause the program to skip the operation that debits bank account funds. In this example, in other words, the simulated banking program will dispense money but not reduce the account balance. Why is it dangerous? At first glance, the vulnerability seems too simple. Who would insert invisible characters, hoping to deceive source code auditors? Nevertheless, the problem was deemed serious enough to warrant a vulnerability identifier (CVE-2021-42574). Before publishing the paper, the authors notified the developers of the most common compilers, giving them time to prepare patches. The report outlines the basic attack capabilities. The two execution strategies are to hide a command within the comments, and to hide something in a line that, for example, appears on-screen. It is possible, in theory, to achieve the opposite effect: to create code that looks like a command but is in fact part of a comment and will not be run. Even more creative methods of exploiting this weakness are bound to exist. For example, someone could use the trick to carry out a sophisticated supply-chain attack whereby a contractor supplies a company with code that looks correct but doesn’t work as intended. Then, after the final product is released, an outside party can use the “alternative functionality” to attack customers. How dangerous is it, really? Shortly after the paper was published, programmer Russ Cox critiqued the Trojan Source attack. He was, to put it mildly, unimpressed. His arguments are as follows: It is not a new attack at all; Many code editors use syntax highlighting to show “invisible” code; Patches for compilers are not necessary — carefully checking the code to detect any accidental or malicious bugs is sufficient. Indeed, the problem with Unicode control characters surfaced, for example, way back in 2017. Also, a similar problem with homoglyphs — characters that look the same but have different codes — is hardly new and can also serve to sneak extraneous code past manual checkers. However, Cox’s critical analysis does not deny the existence of the problem, but rather condemns reports as overdramatic — an apt characterization of, for example, journalist Brian Krebs’ apocalyptic ‘Trojan Source’ Bug Threatens the Security of All Code. The problem is real, but fortunately the solution is quite simple. All patches already out or expected soon will block the compilation of code containing such characters. (See, for example, this security advisory from the developers of the Rust compiler.) If you use your own software build tools, we recommend adding a similar check for hidden characters, which should not normally be present in source code. The danger of supply-chain attacks Many companies outsource development tasks to contractors or use ready-made open-source modules in their projects. That always opens the door to attacks through the supply chain. Cybercriminals can compromise a contractor or embed code in an open-source project and slip malicious code into the final version of the software. Code audits typically reveal such backdoors, but if they don’t, end users may get software from trusted sources but still lose their data. Trojan Source is an example of a far more elegant attack. Instead of trying to smuggle megabytes of malicious code into an end product, attackers can use such an approach to introduce a hard-to-detect implant into a critical part of the software and exploit it for years to come. How to stay safe To guard against Trojan Source–type attacks: Update all programming language compilers you use (if a patch has been released for them), and Write your own scripts that detect a limited range of control characters in source code. More broadly, the fight against potential supply-chain attacks requires both manual code audits and a range of automated tests. It never hurts to look at your own code from a cybercriminal perspective, trying to spot that simple error that could rupture the whole security mechanism. If you lack the in-house resources for that kind of analysis, consider engaging outside experts instead. View the full article
  7. Imagine getting paid for access to just a tiny portion of your Internet bandwidth at work. Sounds pretty sweet, doesn’t it? The computer is on all the time anyway, and you have unlimited Internet access, so why not? It’s not even your own resources, just corporate equipment and bandwidth. That all sounds simple, but you don’t have to look too closely to see that when you agree to install a proxyware client on a work computer, it’s not harmless at all. Install proxyware and you’re exposing your corporate network to risks that far outweigh any income you might earn from the deal. To put it bluntly, no other questionable Internet money-making scheme comes with such a variety of undesirable consequences. Today we explain why proxyware is dangerous. What is proxyware? Researchers at Cisco Talos coined the term proxyware and have reported on the phenomenon in depth. Essentially, a proxyware service acts as a proxy server. Installed on a desktop computer or smartphone, it makes the device’s Internet connection accessible to an outside party. Depending on how long the program remains enabled and how much bandwidth it is permitted to use, the client accumulates points that can eventually be converted into currency and transferred to a bank account. Of course, these kinds of services do not have to be used for illegal purposes, and they do have some legitimate applications. For example, some appeal to the marketing departments of large companies, which need as many Web entry points as possible in different geographic regions. Why proxyware on a company computer is a bad idea Although proxyware services claim “tenants” are harmless, problems sometimes still occur, including IP address reputation damage and software reliability. Pessimization of the IP address The most common problem with proxyware for the users of the computers on which it runs — or even for the entire network if it has a single IP address — is that the services often encounter CAPTCHAs, whose entire point is to ensure only real humans can get access to an online resource. A computer with proxyware raises suspicions, and rightly so. One way bandwidth tenants can use proxyware-laden computers is to scan the Web or measure the speed of website access by regularly deploying a flood of requests. Automatic DDoS protection systems do not like that. It can also be a sign of something even more shady, such as spam mailings. Keep in mind that the consequences can be much more dire for the company, with automated requests landing the organization’s IP address on a list of unsafe addresses. So, for example, if the e-mail server operates on the same address, at some point the employees’ messages may stop reaching external recipients. Other e-mail servers will simply start blocking the organization’s IP address and domain. Fake proxyware clients Another risk employees take in installing proxyware is that they may download something they didn’t mean to. Try this little experiment: Go to Google and search for “honeygain download.” You’ll get a couple of links to the developer’s official website and hundreds to unscrupulous file-sharing sites, half of which include “bonus content” with their downloads. What kinds of bonus content? Well, researchers describe one such trojanized installer as deploying a cryptocurrency-mining program (which devour a PC’s resources and electricity) and a tool to connect to the cybercriminals’ command server, from which anything else can be downloaded at any time. That kind of proxyware can take down an organization’s entire IT infrastructure. It could also lead to ransomware encrypting data, ransom demands, and more. In sum, proxyware is a grab bag of dangers for a business. Covert installation of proxyware Most scenarios resemble the above: unintended consequences of purposeful (if sometimes unauthorized) installations. The converse sometimes happens as well, with an employee catching actual malware on a shady site, and that malware installing a modified proxyware client on the computer. That’s nothing but trouble: slowed computers, less network bandwidth, and, potentially, data theft. Recommendations for businesses Your best way to combat criminal exploitation through proxyware is to install a reliable antivirus solution on every computer that has Internet access. Not only will that protect your company from the harmful effects of proxyware, but if said proxyware includes, or is included with, other malware, you’ll still be covered. To be clear, even “clean” proxyware is not much better. A sound security policy should not allow anyone to install proxyware or any other questionable software on employees’ computers, regardless of whether the computers are in the office or employees are connecting to the organization’s VPN. As a rule, most employees do not need, and should not be allowed, to install software on their computers independently. View the full article
  8. This week on the Kaspersky Transatlantic Cable podcast, we take a look at some serious stories, including news of REvil arrests. To kick off the conversation, Dave, Jeff, and Ahmed jump on news that some folks on Twitter are trying to be good cops, hunting down cryptoscammers in the DeFi (decentralized finance) world, but not all is as it appears. From there, discussion moves on to how a scammer was able, briefly, to hit the number one spot in Google results for “OpenSea” — which is a legitimate site for the trading of NFTs. As ever, be wary of clicking without checking! Finally, to wrap up, the team looks at two stories about ransomware: the first on the return of Emotet and the second looking at the recent arrest of an affiliate related to the REvil ransomware gang. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Twitter vigilantes are hunting down crypto scammers Top Google result for NFT marketplace OpenSea was a phishing site Emotet malware is back and rebuilding its botnet via TrickBot REvil affiliates arrested; DOJ seizes $6.1M in ransom View the full article
  9. Movies and TV shows have been a huge source of comfort for many in these COVID times, and the number of new shows on Netflix, Amazon Prime, and the like has skyrocketed. But when searching for the latest megahit, don’t neglect basic security measures or you might find that someone else is enjoying it at your expense — or worse, that the money in your bank account has evaporated. It’s more fun to ponder what to watch next than to dig through security settings, but attackers are ready and waiting to siphon off your personal and payment information. Phishing bait Streaming services offer a variety of payment plans, but generally they all involve paying with a credit card. And where there are card details, there is phishing. What’s more, newbies and seasoned account holders may experience different forms of bait. We collected some examples from users who agreed to share threat information. “Subscribe now!” To sign up for a streaming service, you need a valid e-mail address; and to pay, you need some form of online payment such as a credit card or PayPal account. (If you plan to watch Apple TV, you’ll also need an Apple ID.) Unsurprisingly, cybercriminals have created fake sign-up pages to net all of those goodies in one go. Armed with your info, they can withdraw or spend your money right away; your e-mail address should come in handy for future attacks. In the example below, the fake site is not very convincing. Can you spot the phishing signs? Fake Netflix sign-up page “Refresh data” If you already have a paid subscription, then attackers will threaten to block it, assuming, logically, that you value it. Here’s an e-mail from “friends at Netflix,” telling the recipient to update or confirm payment details or they’ll close the account. And it includes a big, red button. Don’t rush to click that — remember what happens in the movies when they push the big, red button? “Dear costumer, please update your account” The link takes you to a payment confirmation page. Now, many phishing messages contain such obvious mistakes as addressing “costumers,” but take the form below as an example that actually looks plausible. It has no spelling mistakes or weird design elements, but the inattentive user who falls for it could lose money from their bank account. Fake Netflix website prompts to enter personal and banking data, allegedly for account reactivation A dangerous premiere In the example below, cybercriminals used popular shows to attract fans who didn’t have subscriptions, offering them the opportunity to watch the shows on the fake website. This unofficial page invites fans to watch or download The Mandalorian As a teaser, they show a short clip, which they sometimes try to pass off as a new, previously unaired episode. More often than not, it is cut from trailers that have long been in the public domain. Intrigued victims are then asked to buy a low-cost subscription to continue watching. What follows is a classic scenario: Any payment details users enter go straight to the crooks, and the never-before-seen episode remains such. No longer your account Cybercriminals are interested in more than bank account details; account credentials for streaming services are also hot. Because hijacked accounts with paid subscriptions get put up for sale on the dark web, you could log in one day and discover someone else is already there. After all, depending on your Netflix plan, you can stream on 1–4 devices simultaneously, and cybercriminals can sell your login credentials to any number of streamers. That means you might find yourself having to wait in line until some stranger decides to sign out. This fake Netflix login page looks just like the real one That may not be the end of it, either: Many people use the same password for different accounts, and databases of stolen passwords die hard. If their password is the same everywhere, the victim need only enter it on a phishing page once. Buy a subscription for yourself, not cybercriminals Cybercriminals scam movie and TV show lovers in different ways. Some of their ruses are quite easy to spot, others less so. By following simple digital security rules, you can protect your data not only in online movie theaters, but elsewhere as well. Do not click links in e-mails, even if a message seems to be from a real streaming (or other) service; always go to the official website by entering the address manually or through the app; Do not trust any person or site promising viewings of movies or shows before the official premiere; Pay attention to red flags that warn of phishing e-mails or fake websites; Stay alert and read more about scams and phishing schemes to learn how to sense which e-mails and websites are trustworthy, and which you should avoid; Use different passwords for all accounts that you value, and use a password manager to remember them for you; Use a reliable security solution that identifies malicious attachments and blocks phishing websites. View the full article
  10. What do you do when an unsolicited e-mail lands in your work inbox? Unless you’re a spam analyst, you will most certainly probably just delete it. Paradoxically, that’s exactly what some phishers want you to do, and as a result, our mail traps have been seeing more and more e-mails lately that appear to be notifications about obviously unwanted messages. How it works Cybercriminals, relying on users’ inexpert knowledge of antispam technologies, send notifications to company employees about e-mails that allegedly arrived at their address and were quarantined. Such messages look something like this: Fake notification about quarantined e-mails. The choice of topic is generally unimportant — the attackers simply copy the style of other advertising for unsolicited goods and services and provide buttons for deleting or keeping each message. It also provides an option to delete all quarantined messages at once or to open mailbox settings. Users even receive visual instructions: Visual instructions sent by scammers. What’s the catch? The catch, of course, is that the buttons are not what they seem. Behind every button and hyperlink lies an address that brings the clicker to a fake login page, which looks like the Web interface of the mail service: Phishing site. The message “Session Expired” is meant to persuade the user to sign in. The page serves one purpose, of course: to harvest corporate mail credentials. Clues In the e-mail, the first thing that should set alarm bells ringing is the sender’s address. If the notification were real, it would have to have come from your mail server, which has the same domain as your mail address, not, as in this case, from an unknown company. Before clicking any links or buttons in any message, check where they point by hovering the mouse cursor over them. In this case, the same link is stitched into all active elements, and it points to a website that has no relation to either the domain of the recipient or the Hungarian domain of the sender. That includes the button that supposedly sends an “HTTPs request to delete all messages from quarantine.” The same address should serve as a red flag on the login page. How to avoid spam and phishing To avoid getting hooked, corporate users need to be familiar with the basic phishing playbook. For this, look no further than our online security awareness platform. Of course, it is better to prevent encounters between end users and dangerous e-mails and phishing websites in the first place. For that, use antiphishing solutions both at the mail server level and on users' computers. View the full article
  11. Millions of people around the world already use a VPN app (and if you’re not one of them, now’s the time to try). Some do so to protect the data they transfer, others want to hide their IP address or virtually change location, for example to watch movies and TV shows that are not available in their country. Every one of those core features is important, and we never stop working to ensure that Kaspersky VPN Secure Connection handles them all perfectly. In this post, we’re diving in to the latest updates to our application. More choice, more speed One of the most important parameters of a VPN connection is speed. In terms of data transfer speed, Kaspersky VPN Secure Connection is a market leader, as independent reports confirm. Our solution handles streaming video, downloading files, and connecting to game servers particularly well. Normally, the closer you are to the server, the faster the connection. That’s why we continually expand our network of servers — with excellent results. In the past year alone, for example, we have expanded our server count to 2,000, and with servers across 55 countries, you are sure to find a super-fast connection. What’s more, to achieve maximum speed, you don’t need to choose manually from a list of options — the paid version of the app automatically determines which server offers the best connection speed and connects to it. If the automatic selection doesn’t suit you, you can connect to another point, choosing a country or even a particular city. Content from any country is always available For those who subscribe to Netflix but miss their favorite TV shows because they’re not available in certain countries, Kaspersky VPN Secure Connection also lets users watch such content. They just have to connect to the right server. Our solution lets you select not only countries, but also streaming platforms. In addition to Netflix, you can enjoy local content from Amazon Prime Video, HBO Max, Hulu, Disney+, and BBC iPlayer as if you were physically in the US, UK, Germany, or Japan. New features to keep you safe It should go without saying that your security remains our top priority. To ensure your protection at all times, Kaspersky VPN Secure Connection turns on automatically when you connect to public networks or run certain programs, such as banking apps. The solution applies AES-256 encryption to all traffic to prevent data interception. And when we say all traffic, we mean every byte of data: The Kill Switch feature blocks data transmission until a secure connection is established and prevents all interception attempts in any situation — for example, when you connect to a hotspot and your device comes online, but the data transmission channel is not yet secure. We have supplemented Kaspersky VPN Secure Connection with the ability to set up a secure connection not only directly on your phone or laptop, but also on the router, using the built-in OpenVPN client. In such cases, the solution automatically protects traffic sent from all devices in your network, meaning you don’t have to configure the service for each individually. It also means that the secure connection will work for your smart TV, letting you watch content available only in other countries. Now you can also use our secure connection on any device that supports an OpenVPN client, which covers, for example, Linux machines and Chromebooks in addition to smart TVs with Android TV or Fire TV. Trust and privacy When it comes to privacy, trust in the makers of your security solution is paramount. What information do the developers collect about you? How do they use it? If a company is not ready to answer these questions, think twice before placing your safety in its hands. Kaspersky has been in the information security market for almost 25 years. We maintain maximum operational transparency and do not collect unnecessary data. In particular, Kaspersky VPN Secure Connection does not store your IP address outside the session, never records your Internet activity, and does not retain your name and e-mail address. Our recent report on data processing describes in detail how and what we collect, store, and process; and, in line with the highest security standards, we reliably protect all of the user information we receive. The trust of our millions of users worldwide is very important to us, and their feedback helps us further develop our applications. This approach is bearing fruit: Kaspersky VPN Secure Connection scores 4.5 out of 5 on Google Play and 4.7 out of 5 in the App Store based on thousands of reviews. Reviews in specialized publications also confirm the superior protection of our solutions and the openness of our data-processing policy. Security that doesn’t break the bank Change is good, but so is stability. Therefore, we left some things unaltered: As before, Kaspersky Secure Connection costs less than most other solutions in its class. A completely free version of our solution is also available. It limits daily traffic and lacks some advanced features such as server selection and Kill Switch but still does a great job of protecting your connection. View the full article
  12. We recently observed World Mental Health Day, an international holiday that highlights the importance of mental health in an effort to bring about positive change. Adolescents’ mental health deserves extra attention in our era of social media, about which questions have been raised over psychological addiction and other problems. Social media anxiety A recent Facebook study found that Instagram can harm the psyche of teens, especially girls. Thirty-two percent of teenage girls said that when they felt bad, Instagram made them feel even worse. Among the frequently cited causes of stress were unrealistic standards of beauty and feelings of inadequacy about their standard of living compared to those shown on the screen. Instagram is trying to deal with some of these problems by introducing various functions to do things like hiding the likes counter or prohibiting filters that demonstrate unrealistic beauty standards. There are also simple steps users can take: Unsubscribe from accounts that make you feel sad, inadequate, unconfident or upset. Try to reduce the amount of time you spend online. Take small breaks and digitally detox to escape from social networks, relax and focus on yourself. Kaspersky has launched a digital CyberSpa space, to help you do this. Cyberbullying Cyberbullying is another well-known issue that can affect a teen’s mental health. Whenever it happens, it should not be tolerated or ignored. If a teen is being bullied online, the first step is to seek help from parents or other trusted adults like a school counselor, sports coach or teacher. If the victim is uncomfortable telling friends about the problem, they can contact a helpline and talk to a professional consultant. Today, social networks, including Instagram, actively use AI to combat abusive comments under pictures and videos. Each social platform also has tools to customize who can comment on or view your posts, as well as to block users and report cases of bullying or intimidation. It can also sometimes be useful to collect evidence in the form of screenshots to confirm what is happening. Facebook Facebook has developed an Anti-Bullying Center for Teens. To fight against bullying on Facebook you can: Track who tags you on their content. This can be done in the Chronicle & Tags settings. Check already published materials with your tags, and, if necessary, remove them from materials you do not want to be associated with, using the Activity Log. Remove the aggressors from your friends list so that they will not have the opportunity to contact you. And if deleting them does not help, you can block users. Remember they will not be notified of this. Blocking will prevent abusers from finding your profile and tagging your content. In addition, they will not be able to add you as a friend and track your actions. Be sure to report offending materials to the support service. You can complain about content next to a post, photo or comment — this will draw the attention of Facebook moderators. Instagram Instagram tracks the content posted by users. If the platform sees possible violations, it will notify the user that they are about to publish information that crosses the boundaries. Others steps Instagram users can take include: Use a restrictive tool to protect your account without notifying the dangerous users. Moderate comments under your posts. Change the privacy setting on your account to choose who can watch and comment on your content. Twitter Twitter also has an Online Bullying help center offering help and advice. Here are steps Twitter users can take to fight bullying: Use Twitter’s expanded notification filters. These allow you to filter the accounts from which you receive notifications. For example, you may not receive notifications from users without a profile picture. Twitter has a mute and notification option that you can customize to suit your needs. For instance, you can turn off notifications for keywords or entire phrases. You can turn off notifications for a day, a month, or indefinitely. One effective step is also the option to block users. This will prevent blocked accounts from posting, seeing your tweets, and reading your feed. If you are a victim of bullying, you should also report offending content. This will allow Twitter to act and block the user or content. TikTok TikTok is also creating various tools that allow users to limit unwanted attention. The company has produced a guide that helps to identify bullying behavior and take measures against it. Here are some features teens can use: Configure video privacy settings on a personal account, to choose who can view each video and restrict the upload of personal videos. The unwanted comments filter allows you to create a list of unwanted keywords that will be blocked in the comments on videos or during live broadcasts to protect users from bullying. User filter allows you to choose who can add the Duet to a user video. Blocking users makes it possible to block bullies who violate the community rules and notify the platform about their actions. Family settings keep teens safe and support them in their creative endeavors without breaking personal boundaries. In its relatively short history, we’ve learned that social media may not always be beneficial for our mental health, even while it has other benefits. But by taking advantage of some of the tools at our disposal we can take matters into our own hands and help guide teens on a healthier path. View the full article
  13. Doing business today without big data would be unthinkable. Market specialists gathering information for analysis and forecasts, developers producing numerous versions of programs, and business processes at times requiring storage of gigantic amounts of files are just a few broad examples of how business rests on data — and storing such volumes of information on one’s own systems tends to be cumbersome. As a result, companies are increasingly turning to public cloud platforms such as Azure Storage or Amazon S3. Somewhere during migration to the cloud, however, a common question arises: How can you scan uploads to prevent cloud storage from becoming another source of cyberthreats? Why scan uploads at all? Not every file uploaded to the cloud comes from a trusted computer. Some may be files from clients, for example, and you can never be sure what kind of security solution, if any, they use. Some data may be transferred in automatically (e.g., files uploaded once a day from remote devices). And ultimately, you cannot rule out the possibility of attackers gaining access to the credentials of a company employee and uploading malicious files on purpose. In other words, you cannot eliminate every trace of cyberrisk. Scanning incoming files is an obvious and critical safety process. That said, we have always advocated for multilayered approaches to security as part of a defense in depth strategy. As well, incident investigations rely on knowing not only that a file contains a threat but also exactly when the threat arrived. Knowing whether the file became compromised on the client side or was replaced with malware in your cloud storage, for example, helps identify the source of the problem. Moreover, some business processes require file access for partners, contractors, or even customers. In such cases, no one can guarantee the reliability of the security mechanisms they employ, so if an incident occurs, your cloud storage will be considered, fairly or not, the source of the threat. Hardly great from a reputational point of view. How to stop cyberthreats from spreading through your file storage We recommend using Kaspersky Scan Engine to scan all incoming files in any file storage. If your data is stored in Azure Storage or Amazon S3, there are two possible use scenarios. Scenario 1: Running through Kubernetes If you use Kubernetes, a container-orchestration system for applications, then integrating Kaspersky Scan Engine for file scanning is not difficult. We provide a solution in the form of a ready-made image. Customers need only mount the container and run it. Scenario 2: Support through connectors If you don’t use Kubernetes, then you’ll need native platform support. However, that situation is not much more complicated; we provide connectors for attaching Kaspersky Scan Engine to Azure Storage or Amazon S3. All of the tools you’ll need to configure and fine-tune our engine are right in the cloud control panel. You’ll find more information about Kaspersky Scan Engine on the solution's page. View the full article
  14. In this week’s jam-packed episode of the Transatlantic Cable podcast, Jeff, Ahmed, and I tackle some prickly topics. To begin, we look at how the FBI is making some serious noise about DarkSide, offering $10 million for the capture of gang members. From there we have a look at Facebook shutting down its controversial facial recognition system. After that, it’s two stories about crypto: the first a scam having to do with Squid Games cryptocurrency and the second looking at how the mayor-elect of New York, Eric Adams, has requested his first three paychecks be payable in Bitcoin. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Feds offer $10 million bounty for DarkSide info Facebook, citing societal concerns, plans to shut down facial recognition system Squid Game themed “play-to-earn” cryptocurrency explodes in value — scam warning issued New York’s next mayor wants to be paid in Bitcoin View the full article
  15. Have you disabled annoying e-mail notifications from social networks? We think that’s great! We even periodically offer advice on how to cut down on digital noise. But LinkedIn is a special case. People really do expect messages from the social network for professionals — one could be from a prospective employer or business partner, after all. But a message from LinkedIn might just as easily come from a scammer pretending to represent a legitimate company. In this post, we’re taking apart some phishing e-mails masquerading as LinkedIn notifications. “I am a bussinessman and am interested in doing business with you” On the face of it, this type of e-mail looks like a typical partnership proposal. It includes the photo, position, and company name of the potential “partner,” and even a LinkedIn logo. The message is too short, though, and one might expect the word “businessman” to be spelled correctly in a legitimate message. You may also see that the message came from “LinkediinContact” — note the extra “i” — and the sender’s address has nothing to do with LinkedIn. E-mail purportedly from LinkedIn proposing cooperation with an Arab businessman The link in the e-mail leads to a website that looks similar to the real LinkedIn login page. Phishing LinkedIn login page But the URL is far removed from LinkedIn’s, and the domain is the Turkish .tr, not .com. If the victim enters their credentials on this site, the account will soon be in the hands of the scammers. “Please send me a qoute” A similar case is this message seemingly from an importer in Beijing, asking for a quote for the delivery of goods. The notification looks convincing; the message footer includes links to view help and unsubscribe from notifications, a copyright notice, and even the actual postal address of LinkedIn’s China office. Even the sender’s address looks like the real deal. Nevertheless, we see some red flags. E-mail purportedly from LinkedIn in which a Chinese buyer requests a quote. The sender’s address looks clean, but that doesn’t mean everything’s in order For example, an article is missing in front of the word “message” in the subject line. The author may not speak fluent English, but the platform generates the subject of LinkedIn notifications automatically, so the subject can’t contain errors. If you smell a rat and do a search for the company (UVLEID), you won’t find it because it doesn’t exist. And most important, the links in the e-mail point to a suspicious address in which random words, numbers and letters have been added to the name of the social network. The domain is again wrong, as well. This time it’s .app, which app developers use. The button points to a phishing site The “LinkedIn login page,” which the link opens, has issues: a blue square covering part of the last letter in the logo, and Linkedin instead of LinkedIn (under the username and password fields). arefully check the URL of the site and the name of the social network “You appeared in 2 search this week” Links in fake notifications don’t always open fake login pages — sometimes they can lead to more unexpected places. For example, this message saying that the recipient’s profile has been viewed twice — common information for LinkedIn users to see — obviously uses bad English, but even if you miss that, a few other details should catch your attention: Unknown sender address and link to a site in a Brazilian domain With this kind of deception, if the victim misses the strange set of letters in the sender’s address or the Brazilian domain, they may well click the button and get to an unexpected site — in our case, a “how to become a millionaire” online survey. After a few redirects, we ended up at a form asking for contact information, including phone numbers. The scammers most likely use the collected numbers for phone fraud. Online survey with redirect for further data harvesting How to tell if a message from a potential partner or employer is fake Cybercriminals use phishing to steal accounts, personal data, and money, but that is no reason to stop using LinkedIn or other services. Instead, learn how to guard against phishing, and always keep these basic tips at the ready: Watch out for unexpected messages from well-known companies; Look for inconsistencies in the names and addresses of senders, as well as typos in links, the subject line, and the e-mail body; Check notifications using official apps or websites, and in the latter case, manually type in the address or open it from your bookmarks; Enter contact information, card numbers, or login credentials only after double-checking you are on the real site; Use a reliable security solution that warns you of danger and blocks phishing and fraudulent sites. View the full article
  16. Welcome back to the Community Podcasts, a mini-series on the Kaspersky Transatlantic Cable podcast. Joining me again as our co-host for this series is Anastasiya Kazakova, a Senior Public Affairs Manager who coordinates global cyber diplomacy projects at Kaspersky. As a reminder, the Community Podcasts is a short series of podcasts featuring frank cyber diplomacy conversations with cyber-heroes who unite people despite everything – growing fragmentation, confrontation, and cyber threats – there are people who build communities and unite people to work together for the common good. Why are they doing this? And are their efforts working? For our 4th episode, by Allison Pytlak, the Program Manager for Reaching Critical Will. Reaching Critical Will is the disarmament program of the Women’s International League for Peace and Freedom (WILPF), the oldest women’s peace organization in the world. Reaching Critical Will works for disarmament and arms control of many different weapon systems, the reduction of global military spending and militarism, and the investigation of gendered aspects of the impact of weapons. Allison contributes to the organization’s monitoring and analysis of disarmament processes and its research and other publications, as well as liaises with UN, government, and civil society colleagues. Over the course of our conversation, we discuss the importance of gender in the international cybersecurity landscape, working with the UN, what the future holds for her and WILPF and more. For some of the articles referenced in the podcast, check out: Why gender matters in international cyber security (WILPF and APC) Programming action: observations from small arms control for cyber peace (WILPF) Cyber Peace & Security Monitor (WILPF-RCW monitoring of OEWG meetings) plus our relevant page: https://reachingcriticalwill.org/disarmament-fora/ict System Update: Towards a Women, Peace and Cybersecurity Agenda (UNIDIR, diverse authors) Gender approaches to cyber security (UNIDIR, diverse authors) Technology and Innovation for Gender Equality (WILPF) Making Gender Visible in Digital ICTs and International Security (Sarah Shoker, University of Waterloo) View the full article
  17. In terms of daily workload, few infosec roles compare with that of a security operations center (SOC) analyst. We know this firsthand, which is why we pay special attention to developing tools that can automate or facilitate their work. Following our recent upgrade of Kaspersky CyberTrace to a full-fledged threat intelligence (TI) platform, here we demonstrate how a SOC analyst can use this tool to study the attack kill chain. For example, suppose someone uses a workstation on the corporate network to visit a website that is flagged as malicious. The company’s security solutions detect the incident, and the security information and event management (SIEM) system logs it. Ultimately, a SOC analyst armed with Kaspersky CyberTrace sees what’s going on. Identifying the attack chain In the list of discovered anomalies, the analyst sees a detection based on data from the “Malicious URL” feed and decides to take a closer look. Contextual information (IP address, hashes of malicious files associated with the address, security solution verdicts, WHOIS data, etc.) is available to the analyst directly in the feed. However, the most convenient way to analyze the attack chain is to use a graph (the View on gGraph button). Kaspersky CyberTrace: Starting the attack analysis So far we have little information: the fact of detection, the detected malicious URL, the internal IP address of the computer from which the URL was opened, and the ability to view full contextual information for the detected threat in the sidebar. That’s just a prelude to the interesting part, however. By clicking on the icon of the malicious URL, the analyst can request the known indicators associated with the address: IP addresses, additional URLs, and hashes of malicious files downloaded from the site. Related CyberTrace indicators request The next logical step is using the indicators to check for other detections in the infrastructure. Doing so couldn’t be simpler: Click any object (for example, a malicious IP address) and select Related CyberTrace Detects. Additional detections are displayed as a graph. In just one click, we can find out which user accessed the malicious IP address (or on which machine a URL query to the DNS server returned the IP address). Similarly, we can check which users have downloaded files whose hashes are present in the indicators. Related CyberTrace detects request All indicators in the screenshots represent tests and constitute an example of fairly modest incidents. In the real world, however, we might see thousands of detections, sorting through which manually, without a graphical interface, would be quite difficult. With a graphical interface, however, each point of the graph pulls all context from the threat data feeds. For convenience, the analyst can group or hide objects manually or automatically. If analyst has access to some additional sources of information, he can add indicators and mark the interrelationships. Now, the expert while studying indicator interconnections can reconstruct the full attack chain and learn that the user typed the URL of a malicious site, the DNS server returned the IP address, and a file with a known hash was downloaded from the site. Integration with Kaspersky Threat Intelligence Portal Matching detections to threat data feeds serves for analysis of one isolated incident, but what if the incident is part of a large-scale, ongoing, multiday attack? Getting historical background and context is critical for SOC analysts. For this purpose, the upgraded Kaspersky CyberTrace features integration with another of our analysis tools, Kaspersky Threat Intelligence Portal. Kaspersky Threat Intelligence Portal has access to complete cyberthreat database, built by our antimalware experts since the day one of Kaspersky. Through the Related External Indicators menu, the analyst can access with one click all of the information Kaspersky have accumulated to find out which domains and zones are associated with a malicious IP address, what other URLs were previously associated with the IP, hashes of the files that have attempted to gain access to the URL, hashes of files downloaded from that URL, which URLs sites hosted at this IP have linked to (and from which URLs it has been linked), and more. Another advantage of this integration is the ability to search for reports on APT attacks associated with a specific URL or file hash. Kaspersky Threat Intelligence Portal subscribers can readily find and download reports that mention such URLs or file hashes. None of this information was unavailable before, but getting it required manual work — finding the right hash or address, copying it, navigating to the portal. New quick and easy access to all of this information enables infosec to take appropriate timely countermeasures on attack detection, and it also simplifies incident investigation. What else can Kaspersky CyberTrace do? Kaspersky CyberTrace not only works with threat data feeds from Kaspersky, but it can also connect with third-party sources. What’s more, it has a convenient tool for comparing information in different feeds: the Supplier Intersections matrix. The matrix enables analysts to see which feeds have more data — and if one feed has no unique data, the analyst can unsubscribe. CyberTrace also supports teamwork in multiuser mode: The analyst can give colleagues access to comment on or contribute to the investigation. If necessary, analysts can unload indicators from CyberTrace, making them accessible via the URL. Such an action may be needed to, for example, add a rule for automatic blocking of indicators at the firewall level. Another useful feature is Retroscan, which analysts can use to save old logs from SIEM systems and check them later against new feeds. In other words, if analysts had insufficient data for a proper investigation at the time of incident detection, they can still carry one out retrospectively. See our CyberTrace page for more information. View the full article
  18. In the six years since the launch of Discord’s chat and VoIP service, the platform has become a popular tool for building communities of interest, especially among gamers. However, just like any other platform that hosts user-generated content, Discord can be exploited. Discord’s extensive customization options also open the door to attacks on ordinary users, both on and off the chat server. Recent research into Discord security has revealed several cyberattack scenarios linked to its chat service, some of which can be truly dangerous for users. Here’s how to protect yourself. Malware being spread through Discord Malicious files distributed through Discord represent the most obvious threat. A recent study identified several dozen types of malware. We call this threat “obvious” simply because sharing files through Discord is very easy; every file uploaded to the platform is assigned a permanent URL, formatted as follows: cdn.discordapp.com/attachments/{channel ID}/{file ID}/{file name} Most files are freely available for download by anyone with the link. The study describes a real-life attack example: a fake website offering Zoom Web conferencing client downloads. The website looks like the real one, and the malicious file is hosted on a Discord server. That gets around restrictions on downloading files from untrusted sources. The rationale is that the servers of a popular application used by millions are less likely to be blocked by antimalware solutions. The malicious “lifehack” is as obvious as are the means of combating it: High-quality security solutions look at more than just the download source to determine the level of threat a file may pose. Kaspersky tools immediately detect malicious functionality the first time a user tries to download the file, for example, and then, with the help of a cloud-based security system, let all other users know the file should be blocked. All services that permit uploads of user-generated content face issues of misuse. Free Web hosting sites see phishing pages created on them, for example, and file-sharing platforms are used for spreading Trojans. Form-filling services serve as spam channels. The list goes on. Platform owners do try to combat the abuse, but with mixed results. Discord developers also clearly need to implement at least some basic means of user protection. For example, files used on a particular chat server need not be made available to the whole world. Checking and automatically blocking known malware also seems wise. Regardless, this is Discord’s least exotic problem, and combating it is really no different than dealing with any other method of malware distribution. It is not, however, the only threat users face. Malicious bots Another recent study demonstrates how easy it is to exploit Discord’s bot system. The bots extend chat server functionality in various ways, and Discord offers a vast array of options for customizing users’ own chats. One example of chat-related malicious code was recently published on (and fairly quickly removed from) GitHub: Using mainly capabilities provided by the Discord API, the author was able to execute arbitrary code on a user’s computer. It might look something like this: A malicious chatbot launches an arbitrary program on a user’s computer after receiving a command through a Discord chat. Source In one attack scenario, malicious code relies on a locally installed Discord client to launch automatically on startup. Installing a bot from an untrusted source can lead to such an infection. The researchers also looked at another Discord misuse scenario that doesn’t rely on the user having installed a Discord client. In this case, the malware uses the chat service to communicate. Thanks to the public API, uncomplicated registration process, and basic data encryption, a backdoor can easily and conveniently use Discord to send data about the infected system to its operator and, in turn, receive commands to execute code, upload new malicious modules, and more. That kind of scenario appears quite dangerous; it greatly simplifies the work of attackers, who then do not need to create a communication interface with infected computers but can instead use something already available. At the same time, it somewhat complicates the detection of malicious activity; conversations between the backdoor and its operator look like regular user activity in a popular chat. Protection for gamers Although the aforementioned threats apply to all Discord users, they relate mainly to those who use Discord as a game add-in: for voice and text communication, streaming, collecting gaming statistics, and so on. Such use entails substantial customization and adds to users’ risks of finding and installing malicious extensions. The relaxed, seemingly safe environment actually represents further threat, increasing the success rate of social engineering techniques — bait goes down easier in a cozy chat with people you believe are your friends. We recommend following the same digital hygiene rules on Discord as you do elsewhere on the Web: Don’t click suspicious links or download obscure files; scrutinize offers that sound too good to be true; and refrain from sharing any personal or financial information. As for the Trojans and backdoors, Discord-based or simply distributed through the platform, they are not special or essentially different from other kinds of malware. Use a reliable antivirus app to stay safe, keep it running at all times — including when you install any software or add bots to a chat server — and pay attention to its warnings. Performance need not be a concern. For example, our security products include a game mode that minimizes overhead without compromising protection. View the full article
  19. For this edition of the Kaspersky Transatlantic Cable podcast, we have quite the entertaining conversation, if you ask me. To open pod 226, we discuss a $10 billion hit caused by Apple. In this story, we take a look at the business impact Apple’s app-tracking policy has had on major social networks including Facebook, Snapchat, and more. From there, we discuss Facebook’s change to Meta. Our third story takes us back to school, with a trip to Harvard, where there is a bit of tomfoolery and black hat SEO going on with the university’s self-publishing system. After that, we talk about German authorities’ exposing one of the REvil group’s major players. To close out the podcast, we have a weird story involving an Instagram hacker using hostage-style videos for scams. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Apple’s app tracking policy reportedly cost social media platforms nearly $10 billion Facebook changes its company name to Meta Scammers are creating fake students on harvard.edu and using them to shill brands Suspected REvil gang insider identified Instagram hacker forces victim to make hostage-style video View the full article
  20. Everyone needs certain skills to survive in today’s digital world. Adults tend to acquire them as new technologies come along, but today’s children are practically born with a smartphone in their hand. It’s up to parents to teach them how to exist in a world of constant information bombardment. Here are seven habits that will help your children adapt to the Web. 1. Schedule time without devices When children spend a lot of time using technology, they can get addicted to it. According to researchers from the American Academy of Child & Adolescent Psychiatry, this addiction can lead to sleep problems, mood shifts, weight gain, poor self-image, and body-image issues. Experts suggest introducing children to today’s online world by gradually increasing their screen time and removing restrictions. Some tips also apply to children of any age: The simplest and most effective include not using devices close to bedtime and silencing devices overnight. You should also agree on other times when kids are not allowed to use their phone, such as during family meals. 2. Take charge of charging Although technology is advancing at lightning speed, today’s devices still run out of power quickly. You can kill two birds with one stone at bedtime by having children leave their devices charging somewhere outside of their bedroom such as in the entryway or kitchen — the device will always be charged in the morning, and your children won’t be able to watch TikTok trends right before bedtime. Keep in mind that children tend to use their devices so much during the day that by the time evening rolls around, the phone battery is probably dead. If that’s the case in your household, consider buying portable chargers for your children, and get them into the habit of taking the chargers when they’ll be out for long. 3. Pay attention to information security and more When children are immersed in the virtual world, they are susceptible to a host of dangers, both on the Web and in the real world. Start by stressing to them that they should not be staring at their phones while they’re crossing the street or walking up or down stairs. Next up is online safety including Internet threats such as scams, theft of personal data, viruses, and much more. Tell your children not to visit suspicious websites (and teach them what that means), enter passwords or any personal information there, open strange-looking links, or download apps from anywhere but the official app stores. Emphasize that they should never share personal documents, credit card information, or photos that could put them or their friends in a compromising position. It is unlikely that children will remember and follow all of those rules right off the bat. To get help, you can turn to a reliable security solution. For example, Kaspersky Internet Security protects devices from viruses, phishing, and online scams, and Kaspersky Safe Kids helps shield children from dangerous content and limit the amount of time they spend on their devices. 4. Aim for sustainable media consumption When our devices are constantly sending notifications, we can easily get overwhelmed and lose our concentration. Even adults sometimes have a hard time fighting the temptation to check messages, so you can imagine how difficult it is for kids. Limit the alerts on your children’s phones so they don’t get distracted from schoolwork or other tasks — and so they can finish their homework faster. Unfortunately, you can’t get rid of notifications from all apps on all devices at once; you need to configure them separately on phones and laptops, and every operating system has its own specific features and built-in tools for doing so. We have some posts that can help you manage notifications: How to turn off notifications in iOS and iPadOS How to configure notifications in Android Getting rid of browser notifications 5. Follow digital etiquette Just as in the real world, unspoken rules govern Internet behavior. People usually master them simply by communicating online, but children need help avoiding awkward situations, so you should discuss certain expectations with them before they go online. For example, discuss the differences between communicating over e-mail, on social networks, and in messaging apps. It’s also important to explain acceptable behavior. One rule of thumb is to ask before posting — every time — would I say this in person? Writing insults and demeaning people online is more than rude; it can be consequential. 6. Organize information Some say an organized phone or computer reflects an organized mind. A messy closet probably doesn’t really affect your child’s life, but losing passwords or files or forgetting phone numbers can be a problem. Kids should learn to organize information from an early age. Better yet, they should get in the habit of making backup copies of their most critical information. Make the most of external drives — flash drives or hard drives — or cloud storage. The latter is an important topic worth discussing separately. The cloud is a great resource, but children need to be cautious with it. They especially need to be careful not to allow just anyone access to important files. 7. Schedule a regular digital detox With digital technology infiltrating almost every aspect of children’s lives, it’s virtually impossible to avoid information overload. That means children need to be able to step away and make the Internet a less important part of their lives — first with your help and then on their own. First and foremost, limit the use of social networks — they tend to be the biggest drain on time and energy. The post “Eight steps to freedom: How to detach from social networks” has useful tips to help you and your children with this. A more effective, although also more complicated, way to combat information overload is the digital detox, when you put away your devices for a certain amount of time. For best results, do this on a regular basis. You can combine detoxes with nature excursions, exercise, or activities with friends — no devices allowed. The digital age has forced parents to confront brand-new challenges. As you deal with them, remember that you can be the best example for your children. It will be challenging to follow these rules at first, but over time they’ll become ingrained and will help your children reconnect with the world around them. View the full article
  21. Need to represent data in a way that really grabs attention? That calls for an infographic. Preferably interactive. Preferably global. And most preferable of all, encompassing the entire planet. Here are six world maps that could suck you in for hours (so don’t open them if you have urgent business to attend to). Everyone else, welcome to our list of top Internet globes. Google Earth: The one and only https://earth.google.com/ It’s scary to think that Google launched its Earth project 20 years ago. The map grew and changed, became popular, and then seemed to fall out of fashion — unjustly, it has to be said. The current version not only lets you scour any piece of land to find your home, but also now features 3D models of the planet’s top architectural monuments and geographical wonders. Anyone sick of gazing at the Sydney Opera House or the Eiffel Tower can take a computer-generated flight over the Alps or the Himalayas. The app includes virtual tours for those cooped up at home because of the pandemic, as well as handy tools for measuring distances and calculating areas. LeoLabs: Everything in orbit https://platform.leolabs.space/visualization This globe will appeal to prophets of doom and fans of conspiracy and espionage theories: The map tracks all of the satellites (and what they are turning into, i.e., space debris) currently orbiting our planet. You can zoom in and hover your mouse cursor over any object to find out its name and type (satellite, debris, or something else). Detailed satellite information, sadly, is not provided, but you can do your own online search based on names. Ventusky: Weather at your fingertips https://www.ventusky.com/ Nothing to talk about? That’s what the weather’s for! This map provides real-time visualizations of meteorological data for any location on Earth. On the left-hand side, you can select temperature, cloud cover, pressure, precipitation, humidity, air quality — anything that goes on outside. On the right, you can change the units of measurement so as not to wrestle with inches versus centimeters or Fahrenheit versus Celsius. The timeline at the bottom offers a rudimentary weather forecast. Our favorite pastime at the moment is checking the temperature in Verkhoyansk, that well-known vacation spot and an excellent data point for anyone who complains “it’s a bit chilly today.” Flightradar24: Everything about aircraft https://www.flightradar24.com/ For those frustrated with the lack of detailed satellite data in LeoLabs’ visualisation, welcome to Flightradar24. Here you can find out about almost any aircraft currently in flight or about to take off, in real time. That includes information about the airline, place of departure and destination, model, altitude, speed, and route progress. Besides being incredibly interesting, the service has practical benefits for those who like to keep everything under control. Say you’re meeting someone at the airport: Just enter the flight number on the Flightradar24 to learn the plane’s precise landing time. Flight info on the airport website is for wimps. Paid subscribers get to see a more comprehensive flight history, with aircraft serial number, vertical speed, outboard temperature, and a bunch of other stats for true aviation geeks. Incidentally, a similar map exists for seagoing vessels. And even though the Ever Given blockage has long been cleared, it’s still fascinating to watch the marine traffic through the Suez Canal. TheTrueSize: Which is bigger, Greenland or India? https://thetruesize.com/ The greatest ever illusionist is not David Blaine or your bank manager, but Gerardus Mercator. There are other ways to project a sphere onto a plane, but the world map familiar to everyone since childhood is his. Print out the map and try to stick it evenly onto a globe, however, and you’ll drift off course — and as you get closer to the poles, the size mismatch only increases. The trick is, with the Mercator projection, the horizontal dimensions in the extreme northern and southern latitudes have to be stretched, which causes Greenland and Africa to look roughly equal in size. TheTrueSize lets you take any country — from that same Mercator projection — and drag it around the map to make objective comparisons. Just type a country’s name in the search bar, and when it’s highlighted on the map, drag it to a different part of the world to see, for example, Mexico’s real size relative to Europe, or the Democratic Republic of the Congo’s to Alaska. Not recommended for users from Greenland. Earth 2050: Glimpse the future https://2050.earth/ It’s our very own predictions of the future, all in one interactive globe. Choose a planning horizon (to 2030, 2040, or 2050) and find out which fruits of progress will ripen. Check out when the first underwater farms, transformer apartments, and Martian colonies — or even (don’t hold your breath) Half-Life 3 — will appear. Some predictions come from professional futurologists, others from users. So if you feel like the map is missing something, we encourage you to share your vision. Note that submissions are moderated, so please try to keep them within the laws of physics. View the full article
  22. The recently released No Time to Die lowers the curtain on the Daniel Craig era. With that in mind, let’s run through all five of his Bond outings from a cybersecurity perspective — you’ll be shaken, but hopefully not stirred, by our findings. What unites the movies, aside from Craig himself, is a complete lack of understanding of cybersecurity basics by the movie’s MI6 employees. Whether the oversight is deliberate (highlighting the outdatedness of Bond and the whole 00 section concept) or due to the incompetence of the scriptwriters and lack of cyberconsultants is not clear. Whatever the case, here’s a look at some of the absurdities we spotted in the films, in order of appearance. Spoiler alert! Casino Royale In Craig’s first Bond movie, we see the following scene: Bond breaks into the house of his immediate superior, M, and uses her laptop to connect to some kind of spy system to find out the source of a text message sent to a villain’s phone. In reality, Bond could only do that if: MI6 does not enforce an automatic screen lock and logout policy, and M leaves her laptop permanently on and logged in; MI6 does not enforce the use of strong passwords, and M’s passwords are easily guessable; M does not know how to keep her passwords secret from her colleagues, or she uses passwords that were compromised. Any one of these scenarios spells trouble, but the third is the most likely one; a little later in the story, Bond again logs in remotely to a “secure website” using M’s credentials. Bond’s password attitude is no better. When he needs to create a password (of at least six characters) for the secret account that will hold his poker winnings, he uses the name of colleague (and love interest) Vesper. What’s more, the password is actually a mnemonic corresponding to a number (like the outdated phonewords for remembering and dialing numbers on alphanumeric keypads). It is effectively a 6-digit password, and based on a dictionary word at that. Quantum of Solace The least computerized of the last five Bond movies, Quantum of Solace nonetheless includes a moment worthy of attention here. Early in the film, we learn that Craig Mitchell, an MI6 employee of eight years — five as M’s personal bodyguard — is actually a double agent. Of course, that’s an old-school security issue rather than the cyber kind. However, M’s carelessness with passwords, as seen in the previous film, suggests MI6’s secrets may well be in the hands of cat-stroking supervillains the world over. Skyfall At the other end of the cyberspectrum lies Skyfall, the most computerized of the five. Here, information security lies at the very heart of the plot. The cybermadness is evident from scene one. For convenience, we’ll break down our analysis chronologically. Data leak in Istanbul An unknown criminal steals a laptop hard drive containing “the identity of every NATO agent embedded in terrorist organizations across the globe.” Even MI6’s partners do not know about the list (which moreover does not officially exist). The very idea of such a drive is already a massive vulnerability. Let’s assume that the database is vital to MI6 (it is). What, then, was it doing in a safe house in Istanbul, protected by just three agents? Even if the drive is, as we’re told, encrypted and alerts MI6 of any decryption attempt? Cyberterrorist attack on SIS The first real cyberincident crops up a bit later: a cyberterrorist attack on the headquarters of the British Secret Intelligence Service. The attacker tries to decrypt the stolen drive — seemingly, according to the security system, from M’s personal computer. The defenders desperately try to shut down the computer, but the evildoers blow up the SIS building on the bank of the Thames. The ensuing investigation reveals that the assailant hacked into the environmental control system, locked out the safety protocols, and turned on the gas; but before doing so, they hacked M’s files, including her calendar, and extracted codes that make decrypting the stolen drive a question of when, not if. Let’s assume the alert from the stolen drive on M’s computer represented an attempt at disinformation or trolling (after all, the drive could not have been in the building). And let’s ignore questions about the building’s gas supply — who knows, maybe MI6 corridors were lit with Jack-the-Ripper-era gas lanterns; Britain is a land of traditions, after all. In any case, hacking the engineering control systems is perfectly doable. But how did the engineering control systems and M’s computer — supposedly “the most secure computer system in Britain” — end up on the same network? This is clearly a segmentation issue. Not to mention, storing the drive decryption codes on M’s computer is another example of pure negligence. They might at least have used a password manager. Cyberbullying M The perpetrators tease M by periodically posting the names of agents in the public domain. In doing so, they are somehow able to flash their messages on her laptop. (There seems to be some kind of backdoor; otherwise how could they possibly get in?) But MI6’s experts are not interested in checking the laptop, only in tracing the source of the messages. They conclude it was sent by an asymmetrical security algorithm that bounced the signal all over the globe, through more than a thousand servers. Such tactic may exist, but what they mean by “asymmetrical security algorithm” in this context is about as clear as mud. In the real world, asymmetric encryption algorithm is a term from cryptography; it has nothing to do with hiding a message source. Insider attack on MI6 Bond locates and apprehends the hacker (a former MI6 agent by the name of Silva), and takes him and his laptop to MI6’s new headquarters, unaware that Silva is playing him. Enter Q: nominally a quartermaster, functionally MI6’s hacker-in-chief, actually a clown. Here, too, the reasoning is not entirely clear. Is he a clown because that’s funny? Or was the decision another consequence of the scriptwriters’ cybersecurity illiteracy? The first thing Q does is connect Silva’s laptop to MI6’s internal network and start talking gobbledygook, which we will try to decipher: “[Silva]’s established failsafe protocols to wipe the memory if there’s any attempt to access certain files.” But if Q knows that, then why does he continue to analyze Silva’s data on a computer with such protocols installed? What if the memory gets erased? “It’s his omega site. The most encrypted level he has. Looks like obfuscated code to conceal its true purpose. Security through obscurity.” This is basically a stream of random terms with no unifying logic. Some code is obfuscated (altered to hinder analysis) using encryption — and why not? But to run the code, something has to decipher it first, and now would be a good time to figure out what that something is. Security through obscurity is indeed a real-life approach to securing a computer system for which, instead of robust security mechanisms, security relies on making data hard for would-be attackers to puzzle out. It’s not the best practice. What exactly Q is trying to convey to viewers is less than clear. “He’s using a polymorphic engine to mutate the code. Whenever I try to gain access, it changes.” This is more nonsense. Where the code is, and how Q is trying to access it, is anyone’s guess. If he’s talking about files, there’s the risk of memory erasure (see the first point). And it’s not clear why they can’t stop this mythical engine and get rid of the “code mutation” before trying to figure it out. As for polymorphism, it’s an obsolete method of modifying malicious code when creating new copies of viruses in the strictest sense of the word. It has no place here. Visually, everything that happens on Silva’s computer is represented as a sort of spaghetti diagram of fiendish complexity sprinkled with what looks like hexadecimal code. The eagle-eyed Bond spots a familiar name swimming in the alphanumeric soup: Granborough, a disused subway station in London. He suggests using it as a key. Surely a couple of experienced intelligence officers should realize that a vital piece of information left in plain sight — right in the interface — is almost certainly a trap. Why else would an enemy leave it there? But the clueless Q enters the key without a murmur. As a result, doors open, “system security breach” messages flash, and all Q can do is turn around and ask, “Can someone tell me how the hell he got into our system?!” A few seconds later, the “expert” finally decides it might make sense to disconnect Silva’s laptop from the network. All in all, our main question is: Did the writers depict Q as a bumbling amateur on purpose, or did they just pepper the screenplay with random cybersecurity terms hoping Q would come across as a genius geek? Spectre In theory, Spectre was intended to raise the issue of the legality, ethics, and safety of the Nine Eyes global surveillance and intelligence program as an antiterrorism tool. In practice, the only downside of creating a system such as the one shown in the film is if the head of the Joint Secret Service (following the merger of MI5 and MI6) is corrupted — that is, if as before, access to the British government’s information systems is obtained by an insider villain working for Bond’s sworn enemy, Blofeld. Other potential disadvantages of such a system are not considered at all. As an addition to the insider theme, Q and Moneypenny pass classified information to the officially suspended Bond throughout the movie. Oh, and they misinform the authorities about his whereabouts. Their actions may be for the greater good, but in terms of intelligence work, they leak secret data and are guilty of professional misconduct at the very least. No Time To Die In the final Craig-era movie, MI6 secretly develops a top-secret weapon called Project Heracles, a bioweapon consisting of a swarm of nanobots that are coded to victims’ individual DNA. Using Heracles, it is possible to eliminate targets by spraying nanobots in the same room, or by introducing them into the blood of someone who is sure to come into contact with the target. The weapon is the brainchild of MI6 scientist and double agent (or triple, who’s counting?) Valdo Obruchev. Obruchev copies secret files onto a flash drive and swallows it, after which operatives (the handful who weren’t finished off in the last movie) of the now not-so-secret organization Spectre break into the lab, steal some nanobot samples and kidnap the treacherous scientist. We already know about the problems of background checks on personnel, but why is there no data loss prevention (DLP) system in a lab that develops secret weapons — especially on the computer of someone with a Russian surname, Obruchev? (Russian = villain, as everyone knows.) The movie also mentions briefly that, as a result of multiple leaks of large amounts of DNA data, the weapon can effectively be turned against anyone. Incidentally, that bit isn’t completely implausible. But then we learn that those leaks also contained data on MI6 agents, and that strains credulity. To match the leaked DNA data with that of MI6 employees, lists of those agents would have to be made publicly available. That’s a bit far-fetched. The cherry on top, meanwhile, is Blofeld’s artificial eye, which, while its owner was in a supermax prison for years, maintained an around-the-clock video link with a similar eye in one of his henchmen. Let’s be generous and assume it’s possible to miss a bioimplant in an inmate. But the eye would have to be charged regularly, which would be difficult to do discreetly in a supermax prison. What have the guards been doing? What’s more, at the finale, Blofeld is detained without the eye device, so someone must have given it to him after his arrest. Another insider? Instead of an epilogue One would like to believe all those absurdities are the result of lazy writing, not a genuine reflection of cybersecurity practice at MI6. At least, we hope the real service doesn’t leak top-secret weapons or store top-secret codes in cleartext on devices that don’t even lock automatically. In conclusion, we can only recommend the scriptwriters raise their cybersecurity awareness, for example by taking a cybersecurity course. View the full article
  23. Unidentified scammers are selling Green Passes (certificates required for travel and access to many public places and events in the European Union) on hacker forums and in Telegram channels. To demonstrate their capabilities and attract potential customers, they created a Green Pass issued in the name of Adolf Hitler. Perhaps most disturbing, the QR code passes app verification as valid. This raises a number of questions, which we will try to answer in this post. What is Green Pass? Green Pass is a certificate that verifies its owner either was vaccinated, recently recovered from COVID-19, or received a negative test result no more than 48 (for rapid test) or 72 (for PCR) hours ago. The certificate contains a QR code that can be validated with an application. Green Pass is a standard document in the countries of the European Union and some others — in Israel (where it was initially developed), Turkey, Iceland, Ukraine, Switzerland, Norway, and some others. Usually, medical institutions issue Green Pass certificates. Depending on the country, a Green Pass may be required for travel; for visiting bars, restaurants, museums, and public events; in educational institutions; and even for work. The Green Pass also exists in paper form, but most often it is an application that displays a QR code to verify the certificate. How attackers can sign fake certificates Some shady traders on the Internet and Telegram channels in particular are selling forged Green Pass certificates apparently issued by health services in Poland or France. Several theories explain how they could succeed. According to one, criminals somehow got a secret cryptographic key enabling them to issue such certificates. If that’s the case, the legitimate Green Pass certificates will probably have to be reissued. According to another theory, the sellers have accomplices in France’s and Poland’s healthcare systems. In that case, reissuing the cryptographic key is unlikely to help — law enforcement agencies will have to find the insiders. Is the entire Green Pass system compromised? For now at least, the Green Passes most EU countries issue remain as legitimate as before. Only certificates issued in Poland and France are under suspicion. Will Green Pass certificates issued in Poland and France be revoked? EU authorities are conducting investigations. In the worst case scenario, Poland and France will have to reissue certificates — but not necessarily all of them. If the malefactors cannot manipulate issue dates, then only some will have to be replaced. Can you buy a fake Green Pass? Well, there’s nothing stopping you from spending your money. However, visiting EU countries with a fake certificate is not a good idea. First, the fake certificates will be revoked, and although you’d most likely just lose some money, it is also possible customers will be caught in the same law-enforcement net as forgers. With a fake Green Pass, you have a good chance of winning a long conversation with European law enforcement agents. We have reason to believe this is far from the last fraud scheme regarding the Green Pass system. Various scams will most likely appear quite soon. However, this incident will also draw more attention from law enforcement agencies. For that and other reasons, we do not recommend getting a Green Pass from anywhere but an official European medical institution. View the full article
  24. With Dave on vacation, our APAC head of social media joins Ahmed and me for this week’s edition of the Kaspersky Transatlantic Cable podcast. A warm welcome to Jag Sharma. To kick off the conversation, we revisit the topic of REvil — again. This week, we look at the FBI’s infiltration of the ransomware gang and how the new approach differs from the usual. Although of course we discuss the news, we also debate the merits of the live-blogging the gang has been doing as well. From there, Jag gets his indoctrination by fire in one of Ahmed’s famous quizzes. Moving along, we discuss the need to secure space’s infrastructure. If everyone’s heading that way anyway, best to make it safe. Our third story takes a look at the Squid Game phenomenon and the rise of Joker-infested unofficial apps on the Play Store. The podcast closes with a story of how AI and a T-shirt led to a man getting a ticket for his automobile. No, you didn’t read that wrong – the AI really thought a woman’s T-shirt was a license plate. But hey, AI is the future, right? If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: REvil servers shoved offline by governments – but they’ll be back, researchers say FBI, others crush REvil using ransomware gang’s favorite tactic against it Space infrastructure and cyber threats Squid Game app downloaded thousands of times was really Joker malware in disguise Driver fined after traffic camera thinks pedestrian’s shirt is a license plate View the full article
  25. Today I’m proud to announce that we have acquired a company called Brain4Net, an SD-WAN and NFV orchestration software developer. That means we’re going to significantly boost our cloud security capabilities and XDR offering. The acquisition enables us to develop reliable detection and response capabilities in the “cloud-first” paradigm by delivering our own solutions based on SD-WAN and NFV to the market. To begin, let’s talk about strengthening our solution portfolio with Secure Access Service Edge capabilities. On the market since 2015, Brain4Net spent six years developing solutions for IT automation and building software-defined networking. Now the team is joining us to build a compelling Secure Access Service Edge (SASE) solution, adding its experience and developments to help us create a unified platform by adding a network-security layer to our best-in-class security expertise. Using a single data lake and a single investigation tool across endpoint, cloud, and network data significantly accelerates security teams’ operations in threat detection and response. Distributed IT architecture is the new normal A typical enterprise IT infrastructure used to include headquarters with a central data center as well as branches that directed all of their traffic through HQ. In time, companies began migrating their infrastructure to the cloud. However, since the COVID-19 pandemic began, the speed of migration has skyrocketed, and the trend of working from anywhere is rendering traditional approaches to IT infrastructure virtually obsolete. One way to reduce expenses and streamline distributed IT operations is to adopt software-defined wide-area network (SD-WAN) technologies. Using an SD-WAN enables the construction of wide-area networks (WANs) on the principles of software-defined networking (SDN). SD-WAN solutions enable the routing of traffic through various parts of corporate networks efficiently while providing a single point for management and monitoring. They create virtual overlays using all sorts of existing networks (based on MPLS, Internet broadband, LTE, 5G, or similar), and they are less expensive and easier to deploy and manage than traditional MPLS-based WANs are. On the IT side, SD-WAN brings high performance, visibility, and corporate network agility. It also reduces maintenance costs. Our approach to distributed security Protecting distributed infrastructure requires first delivering security as a cloud computing service to the source of connection, be it a remote office or an employee working from home, and second, ensuring complete visibility of network and endpoint events. You can achieve that by adopting a SASE principle reinforced with extended detection and response (XDR). To meet market demands, network security companies are building endpoint capabilities and forging alliances with traditional security vendors. But existing security providers are unable to deliver holistic approaches to securing systems against advanced threats. Integrating external network controls into XDR developed by endpoint security vendors does not provide enough visibility into or investigation capabilities for incidents happening inside enterprise environments. That is why we chose another approach: Integrating the Brain4Net team will enable us to create a unified platform seamlessly integrating endpoint protection capabilities with network controls. Working together, the XDR platform with SASE will allow enterprises to implement a zero-trust strategy. Advantages of our own SD-WAN The move brings us into new territory and sharpens our goal of becoming a single-point provider of enterprise security both for endpoints and for networks. Kaspersky’s SASE offering means not only securing our customers, but also becoming their connectivity service provider. The step into network security enables us to upgrade our XDR proposition as well. We already provide our customers with best-in-class security software; adding a network security layer gives us an additional competitive edge. Covering all possible scenarios by filtering traffic and monitoring endpoint security incidents, and correlating network and node activity, further improves our abilities to detect and respond to complex threats. We are moving our core enterprise security business in this important direction to provide our customers with stable and cost-efficient networking services while continuing to protect them from most advanced and stealthy threats. Further plans Kaspersky is becoming more active in mergers and acquisitions, with an eye toward acquiring strong teams that can bring synergies to our core business. As an example, Brain4Net is a successful company with technologies, solutions, and paying customers, with a team and products we are very optimistic about integrating. And this is far from the final stop in our M&A journey; other deals in the pipeline stand to improve our value proposition even more. View the full article
×
×
  • Create New...