Tag: experts | Page 5

Connected vehicles can be at risk of hacking, consumer awareness paramount: experts

October 13, 2023/in Internet Security

TORONTO — Blasting the heat with a remote sensor before you even get into your vehicle on a brisk winter morning is a welcome convenience. So are the comforts of lane assistance, voice command, Bluetooth and Wi-Fi.

But experts warn modern, connected vehicles, which are heavily packed with microchips and sophisticated software, can offer an open door to hackers.

These cars are vulnerable to hackers stealing sensitive information or even manipulating systems such as steering wheels and brakes, said Robert Falzon, head of engineering at cybersecurity solutions company Check Point in Canada.

“Cars are tracking how fast you’re going, where you’re going, what your altitude is — and all the different pieces of information are being calculated … It’s all computerized,” he said.

“Unfortunately, security is not always the primary thought when these (features) are developed.”

A global automotive cybersecurity report by Upstream shows remote attacks — which rely on Wi-Fi, Bluetooth and connected networks — have consistently outnumbered physical attacks, accounting for 85 per cent of all breaches between 2010 and 2021.

That proportion grew to 97 per cent of all attacks in 2022, the report said.

There’s a growing concern about privacy breaches among connected cars, experts added.

“Let’s say someone is driving on the highway and the doors get locked, the car speeds up and the (driver) gets a message asking for bitcoin or they’ll crash the vehicle,” said AJ Khan, founder of Vehiqilla Inc., a Windsor, Ont.-based company offering cybersecurity services for fleet cars.

“That scenario is possible right now.”

Khan added any car that can connect to the internet, whether gas-powered or electric, could be at risk of hacking.

But electric vehicles are particularly vulnerable to cybersecurity thefts.

Researchers at Concordia University in Montreal found significant weaknesses in their 2022 study of public and private EV charging stations across Canada — all of them connect…

Source…

Experts Discuss Cyber Risk, From Law Enforcement to Insurance Claims

August 25, 2023/in Internet Security

To combat cyber activity, law enforcement agencies in the United States and abroad interact to exchange information about their cyber adversaries. The FBI maintains 56 field offices, each with a multiagency cyber task force manned with investigators, special agents, intelligence analysts, digital forensic technicians, and more, all with a focus on helping victims of cybercrime. These offices work with the Intelligence Community, the National Cyber Investigative Joint Task Force, and cyber assistant legal attachés to protect national security against cyber threats worldwide.

These agencies share intelligence information to keep the United States safe from cyber threats, and they also aim to develop relationships with private sector companies to share information about cyber activity before an attack occurs. Therefore, it’s important for the agencies to develop relationships with companies in the private sector. The agencies can deploy their cyber action teams within hours, domestically and globally, to assist companies onsite when a major incident or attack does happen.

“If … a private sector company is about to get hit by a ransomware attack or by any other type of intrusion, we want to get out there immediately and let that victim know how they can best mitigate that attack,” said Scott. “We only can do that if we have the relationship built, and the better we do that ahead of time, the stronger those relationships are.”

As a success story, Scott discussed how the agencies worked as a team and shared information to take down the HIVE ransomware group. Hive was a ransomware variant that was a threat worldwide. In July 2022, the team gained persistent access to Hive’s control panel, which enabled the team to get the decryption key. Having that, the team was able to reach out and provide assistance to victims as they were being victimized by Hive. They responded to 1,500 victims in 48 states and 88 countries, preventing an estimated loss of $130 million to victims.

The FBI had always estimated that only 20% to 25% of cyber victims report a cyber incident. As a result of the team’s interaction with Hive victims, the FBI was able to substantiate that percentage.

Source…

Computer security experts offer advice to freeze out risk of thermal attacks

August 11, 2023/in Computer Security

A team of computer security experts have developed a set of recommendations to help defend against “thermal attacks” which can steal personal information.

Thermal attacks use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads.

Hackers can use the relative intensity of heat traces across recently-touched surfaces to reconstruct users’ passwords.

Last year, Dr. Mohamed Khamis and colleagues from the University of Glasgow set out to demonstrate how easily thermal images could be used to crack passwords.

The team developed ThermoSecure, a system which used AI to scan heat-trace images and correctly guess passwords in seconds, alerting many to the threat of thermal attacks.

Now, Dr. Khamis and colleagues have put together the first comprehensive review of existing computer security strategies, and surveyed users on their preferences on how thermal attacks can be prevented at public payment devices like ATMs or transport ticket dispensers.

Credit: University of Glasgow

Their research, set to be presented as a paper at the USENIX Security Symposium conference in Anaheim, California, on Friday 11 August, also includes advice to manufacturers on how their devices could be made more secure. USENIX Security is widely recognized as one of the leading conferences in the fields of computer security and cybersecurity.

The team identified 15 different approaches described in previous papers on computer security which could reduce the risk of thermal attacks.

Those included ways to reduce the transfer of heat from users’ hands, by wearing gloves or rubber thimbles, or changing the temperature of hands by touching something cold before typing.

Approaches suggested in the literature also included pressing hands against surfaces or breathing on them to obscure their fingerprint heat once they had…

Source…

Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks

July 6, 2023/in Computer Security

A cyber espionage group linked to the Iranian government has been impersonating think-tank employees to phish Middle Eastern nuclear weapons experts, according to researchers at Proofpoint.

The group — called “TA453,” “Charming Kitten” or “APT35,” depending on the threat intelligence service you’re relying on — has a long track record of targeting U.S. and European government officials, politicians, think tanks and entities involved in critical infrastructure.

The latest campaign detailed by Proofpoint dates from March to May of this year and begins with benign emails that seek to establish a rapport with foreign policy researchers in the West.

Those initial emails were later followed by phishing emails that link to a password-protected DropBox URL, ostensibly to access the research. Instead, it executes .RAR and LNK files and run a PowerShell script that installs a backdoor on the victim’s system, before calling out to a cloud hosting provider for additional malware payloads.

Full infection chain for GorjolEcho, one of the malware payloads deployed by Charming Kitten (Source: Proofpoint)

Joshua Miller, senior threat researcher at Proofpoint, told SC Media the campaign appears to be extremely targeted: thus far they are aware of fewer than 10 individuals who received phishing emails from the group. Miller said their visibility over the campaign is restricted to data and follow-ups culled from Proofpoint customers, and that none were successfully infected.

It’s not the first time Charming Kitten, which U.S. officials have linked to Iran’s Islamic Revolutionary Guard Corps’ intelligence organization, has targeted think tanks and other research institutions, seemingly in an effort to gather intelligence about Western foreign policy decision-making. While the group has targeted government officials in the past, they may find it easier to obtain some of the same information they’re looking for by targeting and compromising parties at the edge of those discussions.

“When we see them go after think tanks [and] academics, basically they’re informing the policy positions of the West and governments for nuclear sanctions or diplomatic policies. The idea is that that…

Source…

Tag Archive for: experts