Month: August 2018

Manufacturing businesses are seeing higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity.

This is due to the convergence of IT with IoT devices and Industry 4.0 initiatives, according to a new report from AI-powered attack detection specialists Vectra

"The disconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit," says Chris Morales,head of security analytics at Vectra.

State

affiliated attackers accounted for 53 percent of attacks on manufacturing,according to the 2018 Verizon Data Breach Industry report. The most common types of data stolen were personal (32 percent), secrets (30 percent) and credentials (24 percent).

Analysis of data from Vectra’s Cognito threat detection and hunting platform shows a much higher volume of malicious internal behaviours in manufacturing, which is a strong indicator that attackers are already inside the network. There is also an unusually high volume of reconnaissance behaviour, which indicates that attackers are mapping out manufacturing networks in search of critical assets. A high level of lateral movement is another strong indicator that the attack is proliferating inside the network.

The study shows a growth in data smuggling — where an internal host device controlled by an outside attacker acquires a large amount of data from one or more internal servers and then sends a payload to an external system — between January and June too.

HP has plugged two critical vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting many of its InkJet printers and is urging users to implement the provided firmware updates as soon as possible.

The vulnerabilities, discovered and reported by a still unnamed third-party researcher, can be triggered via a maliciously crafted file sent to an affected device. Such a file can cause a stack or static buffer overflow, which could allow remote code execution.

The list of affected devices is long and encompasses the Pagewide Pro, DesignJet, OfficeJet, DeskJet and Envy product lines.

Updates can be downloaded and installed directly from the printer or from the HP website (instructions on how to do it can be found here).

HP’s print security bug bounty program

The company did not mention whether the vulnerabilities it plugged were flagged as part of the newly revealed bug bounty program it launched with Bugcrowd in May, but it’s likely that they were.

For the moment, the program is still private.

According to CSO Online, 34 researchers were invited to participate in it. They have been told to limit their efforts to endpoint devices (all HP enterprise printers) and to concentrate on firmware-level vulnerabilities, including remote code execution, cross-site request forgery (CSRF) and cross-site scripting (XSS) flaws.

Vulnerability reporting is to be done through Bugcrowd, which will verify bugs and reward researchers based on the severity of the flaw and awards up to $10,000.

“Reporting a vulnerability previously discovered by HP will be assessed, and a reward may be offered to researchers as a good faith payment,” HP noted.

Shivaun Albright, HP’s Chief Technologist of Print Security, said that the company is already keeping security in mind while developing printers, but they want to see whether they have missed anything.

Citing Bugcrowd’s most recent State of Bug Bounty Report, HP pointed out that the top emerging attackers are focused on endpoint devices, and the total print vulnerabilities across the industry have increased 21 percent during the past year.

Virus-free. www.avg.com

Research analysts at Terbium Labs released a list of the most common activities seen on the Dark web indicate a breach, or other unwanted incident, has taken place.

Despite increased security budgets and better defences, organizations are losing the battle against cyber attacks. According to the 2018 cost of Data Breach Study: Global Overview by Ponemon Institute and IBM Security, data breaches continue to be costlier and result in more consumer records being lost or stolen, year after year.

This year the report found that the average total cost of a data breach ($3.86 million), the average cost for each lost or stolen record ($148), and the average size of data breaches have all increased beyond the 2017 report averages. In fact, the costs of the largest breaches can reach into the hundreds of millions of dollars in damage. Ultimately, the inevitability of attacks and ongoing risk exposure of sensitive data has prompted organizations to seek new ways to proactively monitor for lost or stolen data.

The following top 10 list outlines activities, in no particular order, that take place on the dark web that organizations should be most watchful of:

1. Doxing of VIP. Dark web and clear web sites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent.

2. Full PANs, BINs, payment cards for sale. There is a robust economy for payment cards on the dark web. Sellers update markets with new cards regularly, sometimes daily.

3. Guides for opening fraudulent accounts. The dark web offers guides for sale containing detailed, step-by-step instructions on how to exploit or defraud an organization. The appearance of the guide has a dual impact: fraudsters learn how to take advantage of an organization’s systems and processes and the criminals’ attention is focused on the target company.

4. Proprietary source code. A leak of source code can enable competitors to steal intellectual property and allow hackers to review the code for potential vulnerabilities to be exploited.

5. Dump of a database. Third-party breaches can put organizations at risk by revealing employee credentials that can unlock other accounts or provide fodder for phishing attacks.

6. Template to impersonate a customer account. The dark web is full of account templates that allow fraudsters to pose as customers of financial institutions, telecommunications companies and other service providers. These templates are then used to solicit loans, open accounts, or as part of a broader scheme for identity theft or fraud.

7. Connections between employees and illicit content. Posts doxing individuals who engage in illegal activities on the dark web, such as child exploitation, can draw undue negative attention to their employers or affiliated organizations.

8. W2s and tax-fraud documents. Before tax season each year there is a rush of activity on the dark web gather compromised identity information in order to file fraudulent tax returns before the legitimate taxpayer can. This tax fraud is enabled by the sale of W2s and other tax fraud-specific documents, which can be tied back to the employers where those documents came from originally.

9. Secure access and specialty passes: While most of the materials on the dark web are for generalized personal information, vendors sometimes offer special access materials. These can range from the benign, e.g., amusement park tickets, to the more concerning, e.g., military IDs.

10. Inexpert dark web searching. Security vendors not properly immersed in the dark web can expose an organization to harm by simply searching for information related to the company. For example, one security vendor searched for a CISO’s name so many times on the now-defunct dark web search engine, Grams, that the full name made it to the front page “trending” section of the site.

Google has updated the Play Store Developer Policy page to ban mobile mining apps that mine cryptocurrencies using the computational resources of the devices.

Due to the surge in cryptocurrency prices, many legitimate websites and mobile apps are increasingly using cryptocurrency miners.

Following Apple’s decision of banning cryptocurrency mining apps announced in June, also Google has updated the Play Store Developer Policy page to ban mobile apps that mine cryptocurrencies using the computational resources of the devices.

“We don’t allow apps that mine cryptocurrency on devices,” reads the entry included in the policy.

Google will start to remove any app from the official Play Store that uses a device’s resources for mining operations, but it clarified that “apps that remotely manage the mining of cryptocurrency” are not included in the ban.

Mining activities have a dramatic effect on the performance of the device and in some cases, it could also damage it by causing overheat or destroy batteries.

In December, experts from Kaspersky have spotted an Android malware dubbed Loapi that includes a so aggressive mining component that it can destroy your battery.

Google banned cryptocurrency mining extensions from its Chrome Web store after finding many of them abusing users’ resources without consent.

Since January, Facebook also banned ads that promote financial products and services that are frequently associated with misleading or deceptive promotional practices, such as binary options, initial coin offerings, and cryptocurrency.