Tag Archive for: stopping

Google Proposes Method for Stopping Multifactor Runaround

/in

Google recognizes that cookie theft poses a significant challenge for users and is actively working on a solution to mitigate it. They propose a mechanism called Device Bound Session Credentials (DBSC), which aims to tie authentication data to a specific device, rendering stolen cookies ineffective.

Cookies remain a common method for websites to store session information locally, enabling users to stay signed in and retain site preferences. However, malicious software can target cookies, extracting them from a user’s device and transmitting them to remote attackers for potential unauthorized access to user data.

Google’s DBSC initiative involves employing cryptographic keys to associate sessions with individual devices. This process involves generating a unique public/private key pair locally on the device, with the private key securely stored by the operating system, possibly leveraging hardware features like Trusted Platform Module (TPM) for enhanced security.

The DBSC API facilitates the association of sessions with the generated public key, allowing periodic refreshment of sessions with cryptographic proof of device binding. This verification occurs separately from regular web traffic and only when the user is actively engaged in the session.

Google emphasizes privacy protection, ensuring that each session is linked to a distinct key and preventing sites from correlating keys across different sessions on the same device. Only the per-session public key is transmitted to the server for proof of key possession.

Initial adoption of DBSC is expected to cover approximately half of desktop users, dependent on hardware capabilities like TPM availability. Google contemplates extending support to software-based keys for broader user coverage and compatibility.

To encourage widespread adoption, Google is collaborating with industry stakeholders, including identity providers and potentially Microsoft for integration into its Edge browser. The project is being developed openly on GitHub with the intention of establishing an open web standard.

DBSC aligns with Google’s strategy of phasing out third-party cookies in Chrome. Early experiments are underway to protect Google Account users in Chrome Beta, with plans to extend the technology to Google Workspace and Google Cloud customers for enhanced account security.

This initiative draws parallels to Intel’s past attempt with Processor Serial Number (PSN) for tracking, which faced backlash and discontinuation due to privacy concerns. However, Google aims to address privacy issues and gain broader industry support for DBSC as a standardized security measure.

 

Researcher takes on ransomware and the products for stopping it

/in


Ransomware, one of the most troublesome forms of cyber attacks, is in the crosshairs of a leading cybersecurity research outfit. The researchers at the MITRE Corporation’s Ingenuity program recently called for industry to help find out the effectiveness of cybersecurity products designed to help stop. For the answers, the Federal Drive with Tom Temin spoke with William Booth, the general manager of MITRE’s evaluations program.

Tom Temin And just a brief word on the ingenuity program, which is one of the major channels of MITRE’s work. And then tell us a little bit about the program that you specifically run for evaluating software.

William Booth Yeah. So I run a tech evaluations, which is born out of and based on either attack framework, which is really a way of describing cybersecurity tactics and techniques used in the real world. And we take that knowledge base and we apply it through evaluations to all the leading cohort of cybersecurity products.

Tom Temin In other words, you try to make sure that the products out there actually match and can take on what you know to be the real threats.

William Booth Yes. And that people have insights and a reference for performance on how they’re doing, both on the detections and on the protection side.

Tom Temin All right. And now the latest call out for industry to join with you, you’re looking at specifically what problem and what types of software?

William Booth We’re mostly focused this time on ransomware continues to be a leading issue both for private and for government. And so we’re tackling that through slightly different than before where we chose a single adversary. Here we’re using an amalgamation of multiple very prevalent and relevant ransomware attacks. And in addition to that, we’re also for the first time, introducing Mac OS, which is going to be focused on the DPR case activity. Recently, there’s a lot of products out there that cover Windows and Linux and also have Mac, but that’s kind of unknown right now on performance and where the benchmark is. And so we’re hoping to set that.

Tom Temin So the North Korea then is going after Macs for ransomware. And are they generally going after…

Source…

Justice ‘Hacked the Hackers’ of Hive Ransomware, Stopping $130M in Demands

/in


After a months-long effort, the Department of Justice has disrupted the Hive ransomware group—which the FBI labeled a top 5 ransomware threat—according to an announcement on Thursday.

The efforts of the DOJ and international partners “hacked the hackers,” hindering $130 million in ransom demands, according to Deputy Attorney General Lisa O. Monaco.

Hive ransomware group went after more than 1,500 victims in 80-plus countries, the announcement noted. Victims included hospitals, school districts, financial firms and critical infrastructure. 

These attacks have greatly disrupted victims’ operations, such as impacting a hospital’s response to COVID-19, the DOJ stated. Specifically, one hospital had to use analog methods to treat existing patients and could not accept new patients after the attack. 

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in a press release. “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”

The FBI infiltrated Hive’s networks in July 2022 and remained to capture the group’s decryption keys. The FBI provided more than 300 decryption keys to victims under attack and more than 1,000 decryption keys to previous victims, preventing victims from having to pay $130 million in ransom demands. Beginning in June 2021, the ransomware group was able to extort more than $100 million in ransom payments, before the FBI operation.

As noted in the announcement, Hive utilized a ransomware-as-a-service, or RaaS, model that included administrators—occasionally called developers—and affiliates. According to the announcement, RaaS is a…

Source…

Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)

/in


Ransomware attacks are in decline, according to reports by several cybersecurity companies. Why is that?

More effort for less pay

In its mid-year 2022 Cyber Threat Report, SonicWall notes that there has been a global 23% drop in ransomware, “as geopolitical forces, volatile cryptocurrency prices, and increased government and law-enforcement focus impacted both who cybercriminals chose to attack and how well they were capable of carrying out those attacks.”

After witnessing many high-profile destructive attacks, companies have also been hardening their defenses, putting another obstacle in front of ransomware groups.

Among the reasons for the decline could also be that fewer organizations are willing to pay a ransom: According to Coveware, in Q1 of 2019, 85% of the cases they handled ended in the cyber criminal receiving a ransom payment, and in Q1 2022 that percentage fell down to 46%.

In Q2 2022, the median ransom payment also went down by 51% from Q1 2022.

“This trend reflects the shift of RaaS affiliates and developers towards the mid market where the risk to reward profile of attack is more consistent and less risky than high profile attacks. We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts,” the company shared.

To pay or not to pay?

Two US states (North Carolina and Florida) recently prohibited state agencies, counties and minicipalities from paying a ransom in response to a ransomware incident. North Carolina’s prohibition even extends to public schools and universities. BakerHostetler counsel Benjamin Wanger and associate Elise Elam say that they “expect to see similar laws introduced and/or passed in several additional states.”

Whether that’s a good move remains to be seen, but even IBM Security’s 2022 Cost of a Data Breach Report notes that, oftentimes, it doesn’t pay to pay the ransom.

“Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom…

Source…