Tag Archive for: stronger

NCC-CSIRT urges stronger security measures to prevent ransomware attacks – WorldStage

/in


WorldStage Newsonline– The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has urged organisations to adopt stronger cybersecurity measures.

These measures include ensuring that organisations’ employees use strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it is supported to prevent ransomware attacks as well as advising organisations to ensure regular systems backup.

The NCC-CSIRT’s warning contained in its advisory of August 12, 2022, came after the Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser.

Ransomware is a malware designed to deny a user or organization access to files on their computer until they pay the attackers.

Cisco reported the security incident on its corporate network but said it did not identify any impact on its business although the threat actors had published a list of files from this security incident on the dark web on August 10.

NCC-CSIRT estimated potential damage from the incident to be critical while predicting that successful exploitation of the ransomware will result in ransomware deployment to compromise computer systems, sensitive products and customers’ data theft and exposure, as well as huge financial loss to organizations by incurring significant indirect costs and could also mar their reputations.

The team said, “The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it’s supported.”

It further disclosed that “In response to the attack, Cisco has immediately implemented a company-wide password reset. Users of Cisco products should ensure a successful password reset.

 “As a precaution, the company has also created two Clam AntiVirus signatures (Win.Exploit.Kolobko-9950675-0 and Win.Backdoor.Kolobko-9950676-0) to disinfect any potentially compromised assets. Clam AntiVirus Signatures (or ClamAV) is a multi-platform…

Source…

[Editorial] There Is No Privacy Without Stronger Security — That’s Why We’re Joining Forces With the Security Community To Keep You Safe

/in


▲ Seungwon Shin,1 VP and Head of Security Team at Mobile eXperience Business, Samsung Electronics

Dangerous Times

It’s hard to imagine a better time for cyber-criminals. The conditions are ideal right now for anyone with ill intentions and technical know-how.

 

A rise in remote workers means more reliance on unsecure public Wi-Fi. New frontiers like the blockchain leave confused customers ripe for scams. Cyber-attacks are on the rise. And not just where you expect them. Recent wars have started with digital attacks on critical infrastructure, months before physical incursion.

 

All this when we are putting more of our lives into our smartphones. They are our wallets, our house keys and our IDs. A single intrusion can be devastating, so now more than ever we need our devices to be secure. Let’s examine what truly makes a device safe — so that you can go out into the world and live freely, without worrying about your data getting into the wrong hands.

 

 

What Security Is… and What It Isn’t

By now you’re likely thinking you’re fine, because you’re sensible. But there are many common misconceptions about security. You don’t let apps share your name, email, or habits. You even disable app tracking permissions. Great, but that doesn’t mean your data’s safe. Please don’t confuse privacy for security. Closing your curtains will do no good if someone kicks your door down. You think you have chosen a safe mobile ecosystem, one akin to a walled garden. But hackers adapt to their targets. Unsecure Wi-Fi, social engineering scams — these are threats regardless of what ecosystem you use.

 

You don’t open suspicious attachments. Great, but there are ‘zero-click’ attacks, which compromise a device without user interaction. That happened with Pegasus, spyware that exploited a flaw in a popular messaging system. All it took was for users to receive a message, and the hackers got in. Feeling safer than you are leads to complacency — that’s what cyber-criminals are counting on.

 

It’s unsettling to think that there are so many threats and no safe harbor. But that’s what inspires our work on Samsung…

Source…

Stronger Security for Smart Devices To Efficiently Protect Against Powerful Hacker Attacks

/in


Stronger Security for Smart Devices

MIT engineers demonstrated that analog-to-digital converters in smart devices are vulnerable to power and electromagnetic side-channel attacks that hackers use to “eavesdrop” on devices and steal secret information. They developed two security strategies that effectively and efficiently block both types of attacks. Credit: MIT News

Engineers demonstrate two security methods that efficiently protect analog-to-digital converters from powerful attacks that aim to steal user data.

Researchers are racing against hackers to develop stronger protections that keep data safe from malicious agents who would steal information by eavesdropping on smart devices.

Much of the effort into preventing these “side-channel attacks” has focused on the vulnerability of digital processors. Hackers, for example, can measure the electric current drawn by a smartwatch’s CPU and use it to reconstruct secret data being processed, such as a password.

MIT researchers recently published a paper in the IEEE Journal of Solid-State Circuits, which demonstrated that analog-to-digital converters in smart devices, which encode real-world signals from sensors into digital values that can be processed computationally, are vulnerable to power side-channel attacks. A hacker could measure the power supply current of the analog-to-digital converter and use machine learning algorithms to accurately reconstruct output data.

Now, in two new research papers, engineers show that analog-to-digital converters are also susceptible to a stealthier form of side-channel attack, and describe techniques that effectively block both attacks. Their techniques are more efficient and less expensive than other security methods.

Minimizing power consumption and cost are critical factors for portable smart devices, says Hae-Seung Lee, the Advanced Television and Signal Processing Professor of Electrical Engineering, director of the Microsystems Technology Laboratories, and senior author of the most recent research paper.

“Side-channel attacks are always a cat and mouse game. If we hadn’t done the work, the hackers most likely would have come up with these methods and used them to attack analog-to-digital converters, so we are…

Source…

Diavol ransomware sample shows stronger connection to TrickBot gang

/in


Diavol ransomware sample shows stronger connection to TrickBot gang

A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware.

The recent research is the second one that finds common ground in the code of the two threats, tying them to the same actor.

Early sample comes with hints

Previous analysis of Diavol (Romanian for Devil) ransomware from Fortinet’s FortiGuard Labs revealed a set of similarities with the TrickBot malware as well as differences that prevented high-confidence attribution of the code.

Fortinet’s assessment at the beginning of July noted that both Diavol and Conti – a ransomware family strongly connected with TrickBot – used the same command-line parameters for a variety of tasks (logging, encryption, scanning).

A report from the IBM X-Force threat analysts Charlotte Hammond and Chris Caridi provides clues pointing to a stronger connection between Diavol ransomware and the TrickBot gang.

Unlike the sample analyzed by Fortinet, which was a newer, “fully functional and weaponized piece of ransomware,” the one that IBM examined is an older variant closer to a development version used for testing purposes.

The incomplete state of the malware contained the signs that allowed the researchers to reach a more reliable conclusion.

IBM X-Force looked at a sample submitted to Virus Total on January 27, 2021, with a reported compilation date of March 5, 2020. By comparison, the compilation date for the version in Fortinet’s analysis is April 30, 2021.

The researchers noticed that Diavol ransomware collected basic information from the infected system and generated a System or Bot ID that help the attacker track multiple intrusions from affiliates in the ransomware-as-a-service (RaaS) operation.

Diavol ransomware’s Bot ID format includes the hostname, username, and Windows version of the compromised system, and a global unique identifier (GUID). The format is “almost identical” to the one generated by TrickBot malware, the analysts note.

[hostname]-[username]_W[windows _version].CBMic2h0dHBzOi8vd3d3LmJsZWVwaW5nY29tcHV0ZXIuY29tL25ld3Mvc2VjdXJpdHkvZGlhdm9sLXJhbnNvbXdhcmUtc2FtcGxlLXNob3dzLXN0cm9uZ2VyLWNvbm5lY3Rpb24tdG8tdHJpY2tib3QtZ2FuZy_SAXdodHRwczovL3d3dy5ibGVlcGluZ2NvbXB1dGVyLmNvbS9uZXdzL3NlY3VyaXR5L2RpYXZvbC1yYW5zb213YXJlLXNhbXBsZS1zaG93cy1zdHJvbmdlci1jb25uZWN0aW9uLXRvLXRyaWNrYm90LWdhbmcvYW1wLw

A very similar Bot ID pattern has been seen with Anchor DNS, another piece of malware attributed to the TrickBot gang, the researchers say in their…

Source…