Tag Archive for: risk

Experts Discuss Cyber Risk, From Law Enforcement to Insurance Claims

/in


To combat cyber activity, law enforcement agencies in the United States and abroad interact to exchange information about their cyber adversaries. The FBI maintains 56 field offices, each with a multiagency cyber task force manned with investigators, special agents, intelligence analysts, digital forensic technicians, and more, all with a focus on helping victims of cybercrime. These offices work with the Intelligence Community, the National Cyber Investigative Joint Task Force, and cyber assistant legal attachés to protect national security against cyber threats worldwide.

These agencies share intelligence information to keep the United States safe from cyber threats, and they also aim to develop relationships with private sector companies to share information about cyber activity before an attack occurs. Therefore, it’s important for the agencies to develop relationships with companies in the private sector. The agencies can deploy their cyber action teams within hours, domestically and globally, to assist companies onsite when a major incident or attack does happen. 

“If … a private sector company is about to get hit by a ransomware attack or by any other type of intrusion, we want to get out there immediately and let that victim know how they can best mitigate that attack,” said Scott. “We only can do that if we have the relationship built, and the better we do that ahead of time, the stronger those relationships are.”

As a success story, Scott discussed how the agencies worked as a team and shared information to take down the HIVE ransomware group. Hive was a ransomware variant that was a threat worldwide. In July 2022, the team gained persistent access to Hive’s control panel, which enabled the team to get the decryption key. Having that, the team was able to reach out and provide assistance to victims as they were being victimized by Hive. They responded to 1,500 victims in 48 states and 88 countries, preventing an estimated loss of $130 million to victims.

The FBI had always estimated that only 20% to 25% of cyber victims report a cyber incident. As a result of the team’s interaction with Hive victims, the FBI was able to substantiate that percentage.

Source…

Research hack reveals call security risk in smartphones

/in


Research hack reveals call security risk in smartphones
Smartphone manufacturers listen up; malware created by academic researchers showed how call security can be compromised in three areas. Credit: Texas A&M Engineering

Advanced smartphone features attract users who want more from their devices, especially in health and entertainment areas, but do these features create a security risk when making or receiving actual calls? A team of academic researchers from Texas A&M University and four other institutions created malicious software, or malware, to answer that question.

The researchers’ malware, called EarSpy, used machine learning algorithms to filter a surprising amount of caller information from ear speaker vibration data recorded by an Android smartphone‘s own motion sensors—and did so without overcoming any safeguards or needing user permissions.

“A standard attack on a cell phone taps the microphone and records the voices,” said Ahmed Tanvir Mahdad, a doctoral student in the Department of Computer Science and Engineering at Texas A&M. “We are recording motion sensor data, which is not directly related to speech, and detecting caller information from that in a side-channel attack.”

Mahdad was the primary author of “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers,” a paper published in December 2022, on the pre-print server arXiv, that explained the project’s results.

Ear speakers at the top of smartphones are traditionally small and produce low sound pressures during conversations. These vibrations improve clarity when the phone is pressed against the user’s ear.

The speakers are not considered a good source for audible eavesdropping because of their size and how they function. Yet some manufacturers are replacing these small speakers with bigger ones to create the stereo sounds needed for videos and streaming without considering how much vibration data the bigger ear speakers emit. Since smartphones are equipped with motion sensors called accelerometers to record vibration data tracking user…

Source…

Computer security experts offer advice to freeze out risk of thermal attacks

/in


Computer security experts offer advice to freeze out risk of thermal attacks
Thermal camera. Credit: University of Glasgow

A team of computer security experts have developed a set of recommendations to help defend against “thermal attacks” which can steal personal information.

Thermal attacks use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads.

Hackers can use the relative intensity of heat traces across recently-touched surfaces to reconstruct users’ passwords.

Last year, Dr. Mohamed Khamis and colleagues from the University of Glasgow set out to demonstrate how easily thermal images could be used to crack passwords.

The team developed ThermoSecure, a system which used AI to scan heat-trace images and correctly guess passwords in seconds, alerting many to the threat of thermal attacks.

Now, Dr. Khamis and colleagues have put together the first comprehensive review of existing computer security strategies, and surveyed users on their preferences on how thermal attacks can be prevented at public payment devices like ATMs or transport ticket dispensers.

Credit: University of Glasgow

Their research, set to be presented as a paper at the USENIX Security Symposium conference in Anaheim, California, on Friday 11 August, also includes advice to manufacturers on how their devices could be made more secure. USENIX Security is widely recognized as one of the leading conferences in the fields of computer security and cybersecurity.

The team identified 15 different approaches described in previous papers on computer security which could reduce the risk of thermal attacks.

Those included ways to reduce the transfer of heat from users’ hands, by wearing gloves or rubber thimbles, or changing the temperature of hands by touching something cold before typing.

Approaches suggested in the literature also included pressing hands against surfaces or breathing on them to obscure their fingerprint heat once they had…

Source…

I’m a Wi-Fi expert – don’t make five huge security mistakes that can put security and speed at risk

/in


WI-FI users have been urged to not make five security mistakes that can cost them.

It’s no secret that Wi-Fi has greatly improved the way we browse the internet.

Wi-Fi users have been urged to not make five security mistakes that can cost them

1

Wi-Fi users have been urged to not make five security mistakes that can cost themCredit: Alamy

But, as with all things technological, Wi-Fi routers are also susceptible to hacking.

By breaking into vulnerable servers, devices, and networks, hackers can steal your data and eventually your money.

To help mitigate this risk, cybersecurity experts have shared with Wi-Fi users some important tips that can help.

PLACE IN CENTRAL LOCATION

Experts recommend placing your Wi-Fi router in a central location in your home.

There are many benefits to this, including improved speeds and better connectivity with devices.

However, what many users aren’t aware of is that this can also keep your Wi-Fi network more secure.

That’s because the signal is not being sent outside of the confines of your home, therefore cannot be accessed by others.

USE A VPN

A virtual private network (VPN) extends a private network across your Wi-Fi network.

This allows users to safely share and receive data without the prying eyes of nefarious third parties.

VPNs work by scrambling your personal information so that without the correct decryption key, it can’t be read by hackers.

As such, enabling VPN software can help to keep your network secure.

CHANGE WI-FI PASSWORD OFTEN

You are likely aware that having stronger passwords keeps you safer from hackers.

But did you know that experts also recommend changing your password often?

Changing your credentials frequently makes it harder for threat actors to hack your system.

What’s more, if your password is compromised or breached without your knowledge, this rectifies that problem.

NOT UPDATING ROUTER FIRMWARE

It’s important to update your router regularly so it runs smoothly and also has the latest security software uploaded.

Generally, you need to find out your router’s IP address and type that into a web browser to access an admin page.

Use your router’s username and password to log in and access the settings.

Check if there are any software updates available and select to download them when…

Source…