Displaying items by tag: cybersecurity
In 2018 Kaspersky’s Global Research and Analysis Team (GReAT) published findings on AppleJeus – an operation aimed at stealing cryptocurrency carried out by prolific threat actor the Lazarus group.
The new findings show that the operation has continued with more careful steps from the infamous threat actor, improved tactics and procedures and the use of Telegram as one of its new attack vectors.
Victims in the UK, Poland, Russia and China, including several connected to cryptocurrency business entities, were affected during the operation.
The Lazarus group is one of the most active and prolific advanced persistent threat (APT) actors, which carried out a number of campaigns targeting cryptocurrency-related organizations. During its initial 2018 AppleJeus operation, the threat actor created a fake cryptocurrency company in order to deliver their manipulated application and exploit a high level of trust among potential victims.
This operation was marked by Lazarus building, its first macOS malware. The application was downloaded by users from third-party websites and the malicious payload was delivered via what was disguised as a regular application update. The payload enabled the attacker to gain full control of the users’ device and steal cryptocurrency.
Kaspersky researchers identified significant changes to the group’s attack tactics in the ‘sequel’ operation. The attack vector in the 2019 attack mimicked the one from the previous year, but with some improvements. This time, Lazarus has created fake cryptocurrency-related websites, which hosted links to fake organization Telegram channels and delivered malware via the messenger.
Just as in the initial AppleJeus operation, the attack consisted of two phases. Users would first download an application, and the associated downloader would fetch the next payload from a remote server, finally enabling the attacker to fully control the infected device with a permanent backdoor. However, this time the payload was delivered carefully in order to evade detection by behavior-based detection solutions.
In attacks against macOS-based targets an authentication mechanism was added to the macOS downloader and the development framework was changed, in addition, a file-less infection technique was adopted this time. When targeting Windows users, the attackers avoided the use of Fallchill malware (which was employed in the first AppleJeus operation) and created a malware that only ran on specific systems after checking them against a set of given values. These changes demonstrate that the threat actor has become more careful in their attacks, employing new methods to avoid being detected.
Lazarus has also made significant modifications in the macOS malware and expanded the number of versions. Unlike in the previous attack, during which Lazarus used open source QtBitcoinTrader to build a crafted macOS installer, during the AppleJeus Sequel the threat actor started to use their homemade code to build a malicious installer. These developments signify that the threat actor will continue to create modifications of the macOS malware and our most recent detection was an intermediate result of these changes.
“The sequel AppleJeus operation demonstrates that despite significant stagnation in the cryptocurrency markets, Lazarus continues to invest in cryptocurrency-related attacks, making them more sophisticated. Further changes and diversification of their malware demonstrates that there is no reason to believe that these attacks will not grow in numbers and become a more serious threat,” commented Seongsu Park, Kaspersky security researcher.
The Lazarus group, known for its sophisticated operations and links to North Korea, is noted not only for its cyber-espionage and cybersabotage attacks, but also for financially-motivated attacks. A number of researchers, including those at Kaspersky, have previously reported on this group targeting banks and other large financial enterprises.
To protect from this and similar attacks, Kaspersky recommends crypto businesses to introduce basic security awareness training for all employees so that they can better distinguish phishing attempts, conduct an application security assessment to help them showcase their reliability to potential investors and to monitor for emerging vulnerabilities in smart contract execution environments.
As for consumers who are already exploring or plan to explore cyrptocurrencies, Kaspersky recommends they only use reliable and proven cryptocurrency platforms, do not click on links that lure them to an online bank or web wallet and to use a reliable security solution for comprehensive protection form a wide range of threats such as Kaspersky Security Cloud.
As governments around the world struggle to come to terms with the initial banning of Huawei products by US President Donald Trump and the whiplash of his subsequent decision to lift it, Malaysia has taken a firm stance by choosing not to rush blindly into judgment, preferring to approach the subject of 5G cybersecurity in a liberal manner instead of pandering to the West’s seemingly baseless accusations towards the Chinese telecommunications colossus.
According to the Communications and Multimedia Minister Gobind Singh Deo, the Malaysian Communications and Multimedia Commission (MCMC) is currently working on a report known as the 5G Testbed and Trials to ensure a comprehensive plan for high-speed internet deployment in the country. The outcome of these trials, which will be facilitated by the MCMC from April to October of this year, will then establish whether or not a ban on Huawei’s 5G technology is absolutely necessary to protect Malaysia’s cybersecurity interests.
In his keynote speech at the British Malaysian Chamber of Commerce Digital Innovation Conference in Kuala Lumpur in March, Gobind said, “As the nation is enhancing footprints in digital economy development, and with the advent of the newest technologies, we must take into consideration the cyber threat concern and risks. Cybersecurity will be one of the most pressing issues of our time.”
The MCMC has stated that it would take “a broad look at the security compliance issues surrounding 5G” and, despite the commotion surrounding Huawei, it maintains that it is “not focused on any specific supplier.”
“5G will present new opportunities that at the same time open the door to a new set of risks,” a representative of MCMC said. “However, the MCMC is currently collaborating with the National Cyber Security Agency [NACSA] to engage with all mobile operators and equipment suppliers involved in 5G, aimed at identifying the risks to national security and to manage them accordingly.”
Security threats from the utilization of 5G is also being thoroughly reviewed and established by the Malaysian Armed Forces, which will present its findings to the government for further analysis.
The Malaysian Prime Minister, Tun Dr Mahathir Mohamad has previously spoken out against Trump’s policy, outwardly criticizing the US President for what he believes are attempts to secure dominance over China in terms of trade and security. During a recent trip to Japan, Mahathir made it clear that Malaysia will not be following Trump’s lead anytime soon, stating that the country tries to “make use of their [Huawei] technology as much as possible” and snubbed any concerns that it poses security issues within Malaysia.
Malaysia is considered one of the top three ASEAN nations which will be contributing 75% of the cybersecurity market share in the next five years. This in itself demonstrates the immense opportunity and potential the country has in advancing its cybersecurity industry.
BT has made new investments in its cybersecurity capabilities in Europe with the aim of further enhancing its position as a leading provider of security services in the region and globally. The company announced the opening of a new Cyber Security Operations Centre (Cyber SOC) in Paris, as well as upgraded facilities, new customer solutions and recruitment at its existing SOCs in Madrid and Frankfurt.
BT’s global network of Security Operations Centres and 3000 security specialists protect it against 125,000 cyber-attacks per month, and offer solutions to consumers, governments and businesses, including some of the world’s best known brands. BT’s latest round of investments will offer increased protection for customers who are looking to combat escalating levels of cybercrime while deploying new technologies based on the Cloud and the Internet of Things. Customers will benefit from real-time intelligence sharing across BT’s global network of SOCs, coupled with in-country capabilities such as support in local languages and compliance with data protection regulation.
The Paris Cyber SOC will provide advanced incident detection, threat intelligence, orchestration and automation services. It has also been specifically designed to meet both PDIS and European NIS Directive requirements, which would allow BT to qualify as a ‘Security Incident Detection Service’ provider. Under French law, organisations that manage Critical National Infrastructure can only contract with security providers that have the PDIS certification, and BT is currently going through the qualification process.
Kevin Brown, Managing Director of BT Security, commented: “Our ongoing expansion of our security capabilities in Europe shows BT’s commitment to providing industry-leading services to customers in the region. We are increasingly regarded as the most trusted experts to mitigate cyber threats, and we’re continuing to invest and recruit in order to meet demand. Our services are designed to meet the most demanding standards in the world for cyber-attack detection, as well as the rapidly-evolving requirements of our customers.”
As part of the expansion, BT’s Cyber SOC in Madrid will soon relocate to new, purpose built facilities, with around 50 cyber experts due to be based at the centre. The enhanced Cyber SOC will offer Cloud SIEM (Security Incident & Event Management), allowing its cyber experts to detect and remediate cyber-attacks of all types, and to generate on-demand compliance reports with real-time status of organisational risk posture.
In addition, as of July 2019, BT’s Frankfurt SOC will also offer Cloud SIEM services directly to customers, further harmonising BT’s portfolio of services across Europe and worldwide. BT’s Frankfurt SOC opened in 2017, providing a broad range of security services to regional and international customers, while ensuring their data is handled and stored in compliance with German regulation.
Huawei today filed a motion for summary judgment as part of the process to challenge the constitutionality of Section 889 of the 2019 National Defense Authorization Act (2019 NDAA).
In his keynote remarks delivered yesterday at the Potsdam Conference on National Cybersecurity in Berlin, Germany, Ken Hu, Deputy Chairman, Huawei said that in recent days, restrictions, based on ungrounded allegations, have been imposed on Huawei in order to disrupt business operations.
On Thursday, WikiLeaks founder Julian Assange was arrested by British Police at the embassy of Ecuador in London.
The 28 EU members have been asked to share some data to assess any risks involved with the rollout of 5G technology in Europe, according to Reuters.
The Reuters report stated that Andrus Ansip, head of the European Commission, is set to make the recommendations on Tuesday.
Ansip plans to use the processes which are outlined in the directive on network and information systems from 2016 and has also very recently passed the Cyber Security Act.
For the past couple of years, the US has been trying to dissuade its allies from benefitting Chinese businesses, namely Huawei. The US and Huawei have been at odds recently with regards to 5G deployment. Washington has claimed that Huawei’s products could be used to spy on other countries by the Chinese government which they have no solid proof of. Huawei sued the US on 7 March.
Many countries have not reacted to the claim. However, Australia and New Zealand have barred the use of Huawei gear.
With the UK leaving the EU soon, it is still uncertain whether they will follow the European Commission’s suggestion. Last month at a conference in Brussels, the head of the UK’s National Cybersecurity Centre, Ciaran Martin, said that any threat posed by Huawei was manageable.
“Because of our 15 years of dealing with the company and 10 years f a formally agreed mitigation strategy which involves detailed provision of information, we have a wealth of understanding of the company,” said Martin.
He continued, “We also have strict controls for how Huawei is deployed. It is not in any sensitive networks, including those of the government. Its kit is part of a balanced supply chain with other suppliers. Our regime is arguably the toughest and most rigorous oversight regime in the world for Huawei.”
On 9 April, an EU-China summit will take place where discussions surrounding this topic will be held alongside other relevant topics pertaining to the Chinese economy.
Security researcher Victor Gevers has uncovered a database of 1.8 million women in China who have their names, addresses, marital status, education levels, and phone numbers listed however the most troubling part of this database is the fact that women of a certain age group were also categorized as “breed ready”.
Gevers has said that anyone with an IP address has access to this database. This comes after his discovery of the Chinese database that leaked 300 million private messages last week.
“We don’t know who is behind this database and what the intention was… that is the part that worries us the most,” said Gevers. Most of the women in the database were located in Beijing.
Gevers reported the database on Twitter and had it closed down by 4am ET on Monday.
Some of the women are linked to their Facebook profiles and as Facebook is banned in China, they must have accessed it through the use of a VPN.
“In China, they have a shortage of women. So an organization started to build a database to start registering over 1.8 million women with all kinds of details like phone numbers, addresses, education, location, ID number, marital status, and a “BreedReady” status?” he tweeted.
Also, around 90 per cent of the women on that list were listed as single and were between the ages of 15 and 95. The “BreedReady” women were categorized, the youngest status was given to 18 year olds and the oldest with the status was 39.
The purpose of this database still remains uncertain however, many internet users said that it may have been the Chinese government’s effort to track the fertility of Chinese women as China’s birth rate has hit an all-time low.
China’s National Statistics Bureau found that only 15 million children were born in 2018 which was 2 million less than the previous year.
The House of Lords has called for a new central digital super-regulator to be created in order to inspect the different bodies protecting the internet and to replace the ‘clearly failing’ system of self regulation in place.
The Lords’ communications committee report has recommended a new Digital Authority. The report warns that the contribution of several regulators for the digital realm can be more problematic than helpful as it creates overlaps and gaps.
The report also states that large tech companies have failed to tackle cybersecurity issues and Ofcom should, in the future, expand their services to involve implementing a duty of care on those companies.
Lord Gilbert of Panteg, Chair of the committee, stated: “The government should not just be responding to news headlines but looking ahead so that the services that constitute the digital world can be held accountable to an agreed set of principles.”
He continued: “Self-regulation by online platforms is clearly failing and the current regulatory framework is out of date. The evidence we heard made a compelling and urgent case for a new approach to regulation. Without intervention, the largest tech companies are likely to gain ever more control of technologies which extract personal data and make decisions affecting people’s lives.”
The Lords said that the new Digital Authority should be guided by 10 guiding principles pertaining to online regulation. Some of these basic principles include: transparency, parity, recognition of childhood, accountability, privacy and human rights.
Last month, a Digital Culture, Media and Sport committee held Facebook responsible for being run by “digital gangsters” and as a result, recommending that tech and social media companies could regulate themselves independently under a ‘code of ethics’ which could be overseen by Ofcom.
The report by the Lords echoed this sentiment. It stated that self-regulation from internet behemoths from the likes of Google and Facebook were “clearly failing”.
Lord Panteg wrote: “Policy makers across different sectors have not responded adequately to changes in the digital world.”
He added: "The Digital Authority should be empowered to instruct regulators to address specific problems or areas. In cases where this is not possible because problems are not within the remit of any regulator, the Digital Authority should advise the Government and Parliament that new or strengthened legal powers are needed.”
The report recommends many changes to already existing regulations whether the Digital Authority is created or not. An example of these proposed changes is the public interest test for mergers and acquisitions which would protect peoples’ data from being bought and sold with no prior consent from the individual.
Additionally, the report recognizes the power which this new Digital Authority would hold and justified it by stating: “This is necessary because of the magnitude of urgent social and political problems caused by regulatory fragmentation in the digital world. These problems are less likely to become more complex as technology develops.”
Internet giants such as Google, Amazon and Facebook were not held in high regard amongst the Lords, especially in the report.
It concluded, “Major platforms have failed to invest in their moderation systems, leaving moderators overstretched and inadequately trained. Online platforms should make community standards clearer through a new classification framework akin to that of the British Board of Film Classification.”
The profiles and personal messages of 364 million users of Chinese social media sites were leaked online, exposing private records such as photos and identity card numbers which were being gathered by the Chinese government through a surveillance program.
Cybersecurity researcher for the NGO GDI Foundation, Victor Gevers, revealed in a series of tweets that the Chinese government was using a social media surveillance program which was “retrieving messages per province from 6 social platforms and extracts named, ID numbers, ID photos, GPS locations, network information, and all the conversations an file transfers get imported into a large online database.”
He continued “Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The date is then distributed over police stations per city/province to separate operators’ databases with the same surveillance network name.”
Gevers went on to say that the program used to retrieve all the private and sensitive information looked “like a jerry-rigged PRISM clone of the NSA.” NSA was the US government’s surveillance system that Edward Snowden revealed back in 2013.
In a direct message on Twitter, Gevers voiced some of his concerns regarding the situation.
“These surveillance systems are dangerous when they are open and fully accessible to anyone, which increases the risk of remote data manipulation. We have seen databases get ‘ransomed’ in the past.”
A great deal of the leaked data included information about cybercafés, which Gevers pointed out in a screenshot and said that those cafes may have been used as a potential tool to gather data on users.
QQ and WeChat were among the six Chinese messaging services which are both operated by Tencent.
In the past, WeChat denied their monitoring of user chat logs for government surveillance, however according to the Chinese legal system, all internet companies operating in China are expected to collect and store user data locally in case of an official inspection.
Security researcher Jane Manchun Wong said: “If sensitive information was exchanged in some of those conversations, it could have been sold to black markets, the same way how stolen credit card info from compromised databases work.”
She continued, “Except this one, it’s effortless to hackers. They could essentially just walk in and everything seems to be in plain text and accessible without any login information.”
The database was allegedly secured after Gevers exposed the issue.
There have been a few major leaks in China over the past few years.
Just last month Gevers reported a case regarding a Chinese tech company, SenseNets, which stored the data of 2.6 million people in the region of Xinjiang which is of Muslim majority and is under heavy police surveillance. The data included the ID numbers and addresses of the residents.