Tag Archive for: abuse

DOJ Clarifies Policy on Charging Computer Fraud and Abuse Act

/in


On May 19, 2022, the Department of Justice (“DOJ”) announced significant clarifications to its policy on charging Computer Fraud and Abuse Act (“CFAA”) violations that give some comfort to cyber security consultants who engage in network testing and related operations.  Such activity has long been a gray area for “white hat” hackers.

The CFAA, 18 U.S.C., §1030, provides the government with the authority to prosecute cyber-based crimes by making it a crime to “intentionally access[ ] a computer without authorization or exceed[ ] authorized access and thereby obtain[ ] (A) information contained in a financial record of a financial institution…(B) information from any department or agency of the United States; or, (C) information from any protected computer.”  Most computers have the potential to fall under Section 1030’s definition of a “protected computer,” which includes any computer “used in or affecting interstate or foreign commerce or communication.” The new guidance demonstrates an evolving view of how the statute should be enforced with the ultimate aim of leaving the public safer as an overall result of government action.  In this regard, the DOJ directive expressly states that good faith security research should not be prosecuted.

Good faith security research is defined by the DOJ as “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability.” The update further clarifies that “such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

The updated policy further explains that, generally speaking, security research is not per se conducted in good faith. For example, research conducted for the purposes of identifying security flaws in devices and then profiting from the owners of such devices, does not constitute security research in good faith.  This…

Source…

How to Prevent API Abuse

/in


API Security concept; blue digital background with API graphic

API abuse, when the API is used in an unexpected way, is a growing problem in software development and one of the leading attack vectors cybercriminals exploit. According to a recent security research report that surveyed more than 200 enterprise security professionals, there was a 21.32% growth in malicious API call volume between December 2020 and December 2021. The same study also established that 95% of respondents had suffered an API security incident in the past year.

Cybersecurity Live - Boston

Salt Security graphic showing results of API security survey

Source: Salt Security

Examples of API Abuse

Some typical examples of ways that APIs are abused include:

  • Man in the Middle attacks: Attackers can use Man in the Middle (MitM) attacks to intercept communications between the app and the backend server. Once communications are intercepted, valuable or sensitive information may be seized and/or manipulated in order to use gain access to backend servers via the API. 
  • Repackaged or modified apps: Hackers can modify an existing app to include malicious code. The modified app then makes calls to the API to allow the attacker to access sensitive data or to convince genuine users to use the compromised app.
  • Scripts or bots: Criminals can use scripts or bots to automate requests to the API in order to scrape data, apply compromised credentials, or overload the system. This is the most common form of API abuse and can lead to denial of service conditions among other conditions which will impact legitimate API users.
  • Reverse engineered apps: Attackers can reverse engineer an app to discover the secrets it uses to access its API and the business logic contained within the app. The bad actor can then use this knowledge to make unauthorized calls to the API. 

Why is API Abuse a Serious Issue?

Some of the reasons that API abuse is a major threat for organizations include:

  • Lack of Awareness: One of the biggest challenges in preventing API abuse is that many organizations are simply unaware that it’s a problem. They may not have experienced an attack yet or may not be monitoring with sufficient granularity to detect this kind of suspicious activity. Specifically, many organizations lack the means to differentiate between a genuine user and a script/bot.
  • Mobile Apps…

Source…

Protect Yourself From Abuse: How to Find and Remove Stalkerware on Your Phone and PC

/in


What if your phone calls, texts, FaceTime sessions, and GPS locations were being logged without your consent? What if they were all being sent to a tech-savvy stalker—often a former romantic partner or an abusively controlling current partner—who had gotten malware onto your phones, tablets, and pcs, effectively bugging them? That’s the unsettling job of stalkerware, a type of commercially available software designed to spy on victims without being detected.

Stalkerware can operate stealthily, so you probably wouldn’t know if your devices had it installed. According to a 2020 report from cybersecurity company Kaspersky, a majority of people with stalkerware on their devices don’t even know that the type of software exists, meaning they can’t protect themselves from it. We’ll help you understand what stalkerware is, how to remove it from your devices, and how to make sure stalkers can’t install it on your devices again, once they are clean.

What Stalkerware Is and Why It’s Considered Abusive

Make no mistake, stalkerware is a form of abuse. According to the Coalition Against Stalkerware (CAS), this type of software “may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” Stalkerware is often marketed as a way to spy on current or former romantic partners, but it can also be found packaged as parental control software or employee tracking solutions.

Stalkerware programs’ legal status is vague in most countries. In many places, the software itself can be distributed legally. Using stalkerware to monitor someone, however, may be a punishable offense. The people who create stalkerware usually mention this in the terms and conditions, stating that you must not use the software in a manner that is illegal in the country or territory in which you live.

Technology-enabled abuse isn’t limited to stalkerware. Abusers can use seemingly innocuous utilities and built-in parental control apps like the “Find My” and Screen Time functions on Apple devices to keep tabs on their partner’s whereabouts and activity. Google’s Family Link application can be similarly used and abused by stalkers to track survivors or limit the sites they can…

Source…

More and more malware is using Discord’s CDN for abuse

/in


A hot potato: When talking about “abuse” in relation to popular instant messaging service Discord, it’d usually be about the group chat platform being used by trolls or for hateful and NSFW content. But Discord’s content delivery network (CDN) is now increasingly being used to host malicious files and hand out malware through links that seem legitimate.

A report by Sophos has exposed the scale and variety of malware using the Discord’s CDN: “Sophos products detected and blocked, just in the past two months, nearly 140 times the number of detections over the same period in 2020,” said authors Sean Gallagher and Andrew Brandt, with 17,000 unique URLs found pointing to malware in the second quarter of 2021.

And those 17,000 URLs are only counting malware hosted by the service, which keeps files on Google Cloud and uses Cloudflare as a frontend. The vast figure excludes malware hosted elsewhere that makes use of the infrastructure provided by the CDN; Discord’s chatbot APIs have been used for command-and-control of malware in infected targets, as well as for exfiltrating stolen data into private servers.

Malware using the platform varies, but according to the authors the majority of it is centered around data theft, either through direct credential-stealing or remote access trojans (RATs). Threats targeting Android platforms were also seen, ranging from ad-clickers to banking Trojans, as well as expired ransomware that lacked any way to pay the attackers.

Visualization of a small portion of malicious (red) and benign (black) files hosted on Discord’s CDN.

Discord is a popular messaging platform that was originally targeted at gaming communities, and they continue to have a substantial presence on the platform, so it’s not surprising that a lot of the malicious files hosted and distributed on it are tied to gaming.

For example, researchers identified a modified Minecraft installer that also captured keystrokes, screenshots, and camera images, as well as a “multitool for FortNite” (sic) that infected systems with a Meterpreter backdoor.

Others targeted Discord itself, stealing credentials and authentication tokens, or disguised…

Source…