Tag Archive for: Patterns

Unclear data patterns? New risks from the MuddyWater hackers revealed


Photo: Pexels

MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), have been using compromised corporate email accounts to deliver phishing messages to their targets. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor.

Looking into the issues surrounding these attacks for Digital Journal is Joe Gallop, Cyber Threat Intelligence Manager at Cofense.

Gallop begins by looking at the attack vector and the implications: “Spear-phishing continues to be the intrusion vector of choice for many advanced threat groups, and although users may often not see themselves as important targets, they can easily become a stepping stone toward the real target.”

Spear-phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. It is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim.

Gallop continues with the attack operandi: “Advanced persistent threat actors are definitely persistent in more ways than one, and will often expend significant effort in open-source research to identify an important target’s social and professional network.”

Furthermore, finds Gallop: “If they can compromise just one email account belonging to someone in that network, they are able to abuse established trust by sending phishing emails from that account to the final target or to other “stepping stones,” as reportedly done in the MuddyWater campaign against Egyptian hosting companies.”

There are some worrying patterns with the attack approach, says Gallop: “The use of HTML attachments (as seen in this campaign) is not new, but Cofense Intelligence has observed some notable spikes in HTML attachment phishing recently. The use of HTML smuggling legitimate HTML5 and JavaScript capabilities in an HTML attachment to deliver embedded malicious content is done after the file has been opened on the target computer, rather than beforehand, by operators of Qakbot malware, which is our “phishing malware family to watch” for this quarter. HTML attachments are used to harvest…

Source…

6 historical threat patterns suggest that cyberwar could be inevitable


We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Predicting cyberthreats has been an elusive goal. Unlike in healthcare, where early diagnostics can be used to predict and hopefully prevent disease, cybersecurity has never had a reliable means for determining that an attack is coming. This is especially true for isolated cyberbreaches, such as data theft, which are often decided on a whim. 

That said, it’s been noticed by this author recently that certain historical patterns do exist that can be used to predict large-scale cyberthreats. Sadly, as will be shown below, analysis and extrapolation of the patterns suggest an uncomfortable progression toward a major global cyberwar. Let’s go through the relevant patterns.

Threat pattern 1: Worms

In 1988, the first worm was created by a student with the innocent goal of determining whether such a program might work. This was followed by a long period of minimal worm activity, only to be broken in 2003 by a major rash of worms such as Slammer, Blaster and Nachi. These worms caused significant disruption to major business operations.

The pattern here was that an initial small-scale attack occurred in 1988, followed by 15 years of relative quiet, which ended with a significant large-scale attack in 2003. Worms still represent a cyberthreat, but not much change has occurred in their design since 2003. Worms are now in a period of relative quiet once again.

Threat pattern 2: Botnets

In 1999, the first botnet appeared, followed by a similar attack in March of 2000. This was followed by a period of relative quiet in terms of DDoS attack design innovation. Attack volumes, for example, remained relatively constant until 13 years later when Iranian hackers launched a series of massive layer 3/7 DDoS attacks at US banks

Again, the pattern was that an initial small-scale attack occurred in 1999, followed by 13 years of quiet, which ended with a large-scale event in 2012. Like worms, botnets are also still a security problem, but they have not experienced much…

Source…

Insights into TypingDNA typing patterns and the type-to-output tool


What are typing patterns?

Typing patterns are the digital representation of a person’s unique typing behavior, similar to physical biometrics such as fingerprint recognition, facial recognition, and iris scanning. 

To generate a typing pattern, TypingDNA uses an array of different metrics, including press time, which is the duration that a key is pressed, and seek time, which is the duration between keystrokes. When people type on their keyboards, TypingDNA develops a string of parameters that determine individual attributes of the way they type. 

What are TypingDNA recorders?

Whenever you implement TypingDNA, you should start by integrating our typing pattern recorders. Make sure to go to TypingDNA’s GitHub repository and download the latest version of the recorder that works best for the technology you are using. 

Direct links:

Take a look at this tutorial we’ve made to find out how to record good typing patterns.

What forms a typing pattern?

Any typing pattern has a header and a body. The header is crucial for the accurate interpretation of the information found in the body of the typing pattern, which defines the way the user types. Type 1 & 2 (more information below) patterns share a similar structure:

The header of a typing pattern consists of general information, including device type, recorder version, text length, operating system, browser type, browser version, and browser language. It also includes text ID, ahashed value obtained from the data typed by the user used to verify whether they have previously saved other typing patterns for the same text without knowing what the user has actually typed.

The body of the typing pattern allows us to go into more detail about how the user types: the time between two keypresses, how long they hold a key down, keyboard input (whether the keyboard is touch-based, physical, or a combination of both), and keyboard type (internal, external, or mixed).

Find out more in the API documentation.

How does a typing pattern differ on mobile?

For mobile, typing patterns also include data gathered on each keypress from the gyroscope and accelerometer, including acceleration, rotation, pitch, and roll, all of which help increase…

Source…

Machine Learning Aided Ransomware Detection Using Process Power Consumption Patterns – Infosecurity Magazine

Machine Learning Aided Ransomware Detection Using Process Power Consumption Patterns
Infosecurity Magazine
ransomware samples with active Command and Control (C2) at the time of experiment on three different Android devices, namely: a Samsung Galaxy SIII (Android 4.4), a Samsung Galaxy S Duos (Android 4.0.1), and an Asus Padfone Infinity (Android 4.4).

android ransomware – read more