Saturday, January 31, 2015

The evolution of cyber fraud in a Big Data and IoT environment

Saturday comes, and with time to rest and be with family. Review your inbox from our personal email. The perfect time to be the victim of a digital fraud.

100 million users have been victims of a new campaign of fraud in Facebook. A message with an allegedly pornographic video sent by one of your friends, and a call to action sufficiently accurate to 100 million users have fallen into the trap. ¿After the wedding? A page that asks us update the Flash Player, which as you might of course comes with a “present”.

Friday, January 30, 2015

Phishing, botnets and DDoS attacks

Phishing, botnets and DDoS attacks are the most feared trio by companies and users while it is the most used by cybercrime.

You get up in the morning and check your emails while the coffee is heating. Wow, that a Russian girl wants to meet you! A high Nigerian representative has died with no family and chosen you as his heir! You need to change your iCloud password now! Check that your data on an .exe file attachment are correct to deliver you a lottery prize which you didn’t even played! There several hooks to lead a victim to give up his data, access fraudulent websites or open malicious files.

Thursday, January 29, 2015

Privacy and perception of security on the Internet

Yesterday was the World Privacy Day (#PrivacyDay), a way to remind everyone of the importance of protecting his digital assets. It is also a call to both businesses and governments towards a more fair and accessible Internet.

Moreover it was the day chosen by specialist security researcher Markt Dowd to reveal one of his latest discoveries: A critical vulnerability in Silent Text messaging service which allows an attacker to remotely access the chat history and contacts stored on the device. This announcement allowed the company engineers to patch it almost immediately. Nevertheless this case raises doubts on a suite specifically designed for an specific gadget like the Blackphone.

Wednesday, January 28, 2015

Everything you need to know about cybercrime

The digital world entails exactly the same risks as the real world. The same. Neither more nor less. The problem is that rules are different while our nature and education is not yet ready to face it. Hence you can notice a scam on the street but you can be tricked by a malicious email. Therefore just one mistake is needed to finally "break down" your digital identity.

The best example of it are social media profiles, a juicy target for cybercrime. While criminal minds would have it far more difficult in real life, to impersonate anyone online is relatively affordable. You only need to obtain some access credentials. How? Tricking the victim, as it seems that happened to Taylor Swift on both Twitter and Instagram a few hours ago.

Tuesday, January 27, 2015

The 6 essential tasks for security anaylists

Computer analysis laboratories are not so far from the concept that we usually have of what a laboratory is. They have rooms specifically prepared for research, treatment and documentation, using computers as a study tool. A chemical may need a few centrifuges, while security analyst works with virtual machines. A mechanic bring a toolbox with him everywhere, while a security analyst will use digital services. As you can see, there are lots of similarities between them. So… What are the six main tasks of an infosec laboratory?

  1. To research: to find new creative (or not) ways of dealing with security problems is a cornerstone of their daily work. For instance, looking for patterns that simplify the arduous malware checking process. This is even done by visual techniques, graphical representations of executable files that allow to find code similarities at a glimpse.
  2. To test: To understand how malware evolves , you need to keep your eyes open and be willing to continually face new challenges. Unfortunately this happens when you least expected. For example, you visit a website, and roll out ad blows all your internal alarms. Yes, that’s right! You are facing a new type of adware, aimed at OS X devices, and distributed by a malicious ad that encourages you to download a HD media player.
  3. To document: Okay, you have found a vulnerability or a threat. What do you have to do now? The ‘nicest part’ of the work is to document everything, right? To collect data on the vulnerability of a software like one used by the Chilean government, which allows access to private data and updates remote control shells.
  4. To report: It must be done following security measures and relevant legislation. If a vulnerability affects a specific company’s software, such company should be contacted addressing the issue. If it is a study on the evolution of malware, (internal or external) blogs should be used to keep your users, customers and partners aware. An example of this is the study recently published by the FBI, warning of the increase in the spreading of ransomware which is a lucrative business for cybercriminals.
  5. To minimize the problem as much as possible: When you reporte a campaign like this, you are already minimizing its effects. Sometimes it is diffcult to solve, especially when the Chinese government intervenes. Astrill, StrongVPN and Golden Frog are three popular VPN (virtual private network) services that recently went through a trouble situation to offer their services in that country, presumably due to the Great Chinese Firewall.
  6. To fix: It is essential to find the most effective solution to avoid bad guys exploiting the issue. And no matter how crazy it is, if it works, go ahead. This is the case of Tempest. It was a research we told you about a few months ago. It was able to perform espionage just getting a device next to a computer to listen to the sounds made when processing information. There is no "cure" for Tempest, but this tactic could be fought by rewriting the code in a way that functions were "quieter" or easy to confused with others, up to the point of making them incomprehensible.
Here you have six basic elements that every security analyst should take into consideration every day.

Monday, January 26, 2015

Ups and downs in the digital world, just like in politics

This week began with breaking news in Greece: the political map of "the cradle of Western democracy" has dramatically changed. Political turmoil always generates informative pills full of ups and downs. From this perspective, it is difficult to blur the boundaries between politics and information security. Are you ready... for one more day of vertigo in infosec?

Malaysia Airlines’s website was defaced in the weekend. A typical 404 error warning said "Plane not found" instead of “Page not found.” This fact clearly has to do with the disappearance of one of their flights months ago. A picture of a lizard left clear the authorship of such attack: Lizard Squad again.

Sunday, January 25, 2015

Top 5 Infosec links of the week (LXI)

There's more and more people who pay attention to computer security, sometimes due to bad experiences as suffering their Facebook acount's robbery or, commonly, discovering their computer's full of virus. For many years viruses have been number one Internet users' fear. But today there are more complex threats: not only you have a virus, but also it can turn your computer into a botnet's zombie. Or the risk is not only that an evil hacker can attack a company: your home network can also be attacked.

Their routers and home WiFi networks are major concerns for netizens. And to secure them, without being experts in this field, is their big problem. So they thank handbooks as most read this week: a fast and easy text to manage our WiFi networks.

Saturday, January 24, 2015

Watch this video

We'll get serious this Saturday and recommend to our audience not hesitate to spend an hour of your day off watching the public conversation between Bruce Schneier, guru of computer security gurus, and Big Hacker Edward Snowden, responsible for leaking thousands of classified documents from EEUU and UK secret services.

The talk was held yesterday at Harvard Data Privacy Symposium and touched on various issues related to privacy, from effectiveness of encryption tools to government monitoring on the Internet. Delightful talk that sheds light on always dark world of secret services, but also disturbing because of the experts' dialog was showing.

Friday, January 23, 2015

Identity is key in our society

Identity is key in our society. In such a globalized world, identity gives meaning to individuals defining and differentiating them from the rest of the people. This resource takes on a new level in the digital world, where anyone can handle different identities, whether they are real or not.

B2B International and Kaspersky Labs recently carried out a survey on the risk and security implications of leaving shared devices unprotected, which is a common practice even in the corporate world (32%). This situation could lead to an exponential increase in terms of risks, not only for the device itself, but for the different identities associated with it.

Thursday, January 22, 2015

The most effective low-tech techniques for cybercrime

"Hey buddy! Watch out for pickpockets!" It is likely that you have heard things like this lots of times at home.  Along with the creation of urban centers, dangers arising from our relationships with other human beings increased. But today pickpockets are not only on the street, but behind a screen.

You should be very careful with ATMs in particular. At Kaspersky’s blog they collected several common techniques used by these new pickpockets. And most of them are not high-end technology tactics. For example, they cover some pieces of cash machines with electronic parts which are sometimes created with same materials and finish to make them look as original ones. So the pickpocket only has to buy this pieces on the black market and wait for a banking customer who doesn’t notice the trick.

Wednesday, January 21, 2015

The complex society of ants

Ants are fascinating insects. Generally, the members of different mounds are very aggressive between them. But it happens in some parts of the world that several breeds establish "friendship agreements," leading to the creation of supercolonies like the one in Hokkaido island in Japan. It is formed by 306 million worker ants and about 1 million queen ants, living in a vast metropolis of 45,000 interconnected ant nests. In fact, the complexity of this social ecosystem can rivalise with the human one.

Ants also have discrepancies that they solve thanks to a strict set of laws that is adapted to the environment. In our world, one day President Obama announces an increase in security measures and a reinforcement of legislation against hackers, and the day after the Democratic Party itself along with several technology experts do not hesitate to show their opposition. Such measures affect not only cyber criminals but also security researchers, and could jeopardize their work.

Tuesday, January 20, 2015

The name of Internet’s enemy begins with the letter “E” for Espionage

Every good story a great villain. This bad guy gives meaning to the life of heroes who (disinterested or selfishly) fight to protect the interests of the rest of society. On The Foundation Trilogy by Isaac Asimov, the great villain was the Mule. Actually if you look at Tsugumi Ohba’s (Death Note) work, his main character is both hero and villain at the same time. On cybersecurity, the enemy starts with a capital “E” just like Espionage.

Wherever you look, bad boys always have the same goal: To get something from you. It may be money or information, but boundaries between pure and simple robbery and sophisticated espionage are increasingly blurring. Fobus malware targets Android devices. It is obfuscated under pretext of protecting your privacy. The user downloads an alleged adblocker, usually  from unofficial app markets, which will bring new friends for stealing your information, hijacking your accounts and subscribing to premium services.

Monday, January 19, 2015

The question "how much" in cybersecurity

Have you ever looked carefully at the suggested results offered by search engines like Google or Bing while you are typing your search term? Users tend to go to search engines to resolve their doubts. A recurrent one is the question “how much is...?.” What suggested results could  someone get when searching a “how much” question on a corporate cybersecurity search engine?

How many resources should you invest to implement adequate security measures for an Internet-connected infrastructure? This may be the first suggestion. And its first result certainly would link this new study released by ENISA (European Cyber ​​Security Agency listing a number of best practices that guarantee protection such architectures.

Sunday, January 18, 2015

Top 5 Infosec links of the week (LX)

Who said that nobody's interested on privacy? This belief should be rephrased because our most read news this week, with wide margin, refers to mobile privacy. Interestingly, however, other informations relating to new DNI cards' privacy have caused big discussions among computer security experts, but received no attention from our readers. Possibly because they are not using this new DNI yet.

Indeed, this week has two stories that have had very high audience. Most read's a guide created by Asturias Hacklab with advice on mobile security and privacy: Social networks, photos, messaging, etc. Following this and also with unusual audience there's an information that touches many people: the announcement of an important vulnerability in Movistar routers.

Saturday, January 17, 2015

Three good hackers and one bad hacker

Nothing in our universe is completely white or black, but sometimes it seems. Even in  computer security planet, where it's so easy to say: "He's bad". Actually, gray's the dominant color among hackers and non-hackers: sometimes we do things right, sometimes we're wrong and everything is relative, what's good for you can be bad for me. It goes without saying that, given the title of this post, we'll relate some stories that would seem positive or negative to us, but should not seem the same to everybody, nor 100%.

Researcher Eduardo Novella has discovered a hole in routers that Telefonica Movistar company provides to its customers. The ruling is important because it allows an attacker to take device's remote control and use it, for example, as a bomber in Distributed Denial of Service Attacks. As a good hacker, when Novella discovered the hole reported it to the manufacturer and Movistar... in 2013! No answer in two years, so he has decided to publish it on his own.

Friday, January 16, 2015

I’ve never cared for digital security

Best projects are born in your heart. It is said that James Hetfield wrote the following lines while talking on the phone with his girlfriend: "Never cared for what they say, Never cared for games they play, Never cared for what they do, Never cared for what they know." This stanza would eventually become part of one of the most famous ballads by Metallica called "Nothing else matters."

We never care about anything... until something becomes a problem. A home router commonly used in both Spain (Movistar) and Argentina (Arnet) has a critical vulnerability that allows an attacker to perform hijacking tactics on ​​outgoing connections. A criminal who knows the public IP of the router can steal sensitive information from his victim and even redirect him to fake services.

Thursday, January 15, 2015

The True Story of The Three Little Pigs in the digital world

"Then I'll huff, and I'll puff, and I'll blow your house in." These words belongs to one of the most famous tales. The True Story of the Three Little Pigs is the perfect example of how the wolf always finds a way to get into your home. And it gives us a very interesting learning for security industry: if you establish appropriate security measures, he can enter but you will give it a tough time.

Digital wolves lurk around where you least expect it and make use of all tools at their disposal to bring down your defenses. Skeleton malware has recently demonstrated its potential for stealthily accessing the Active Directory dashboard of a global company set in London. It is a remote access trojan that is stored in temporary memory and disappears after reboot. It is even able to filter sensitive information.

Wednesday, January 14, 2015

More sheep, less wolves in 2015

2015 is the Year of the Sheep in the traditional Chinese horoscope. It is said it will be the year of equality, since the sheep represents humility, happiness, and desire of seeking agreement for the interests of the majority. These ones are precisely the qualities that you need to meet the challenges this year.

The terrible attack against the satirical newspaper Chalie Hebdo has been the perfect excuse for many political voices in Europe to demand an increase in digital security. Among them, the British Prime Minister David Cameron showed his determination to combat encrypted communications, which is something that citizens use for defending their right to privacy. In response, the European Union Agency for Network and Information Security (ENISA) issued a statement in order to safeguard public interest. In this regard, it urges secure communications to remain the same for personal and corporate security.

Tuesday, January 13, 2015

Raiders of good use of Internet

"US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you. [...] We won't stop! We know everything about you, your wives and children. US soldiers! We're watching you!" ISIS terrorist group recently appealed to "Cyber ​​Caliphate" in social networks by these collection of tweets.

But they wouldn’t have made so many headlines if these tweets had not been dropped on the American Command Center (CENTCOM) Twitter account. In fact, this Twitter account was embarrassingly hacked a few hours ago. Along with the appeal, the hackers also published several documents with supposedly private data of the army personnel. Nevertheless it did not take so long to prove that they had been obtained from public sources in spite of the agency’s private computers.

Monday, January 12, 2015

You can't please everybody

Someone always goes badly in our society. Whether it is facing a dispute or dealing with a new project. Someone always ends up upset or giving up on his piece of the cake. Actually it is the daily bread in the information security field.

Last Saturday we told you about Google disclosing a vulnerability on Microsoft systems. It did not take long to come Microsoft’s response to the issue. Chris Betz from the Microsoft Security Response Center has criticized Google for this, and its whole Coordinated Vulnerability Disclosure (CVD) program. He considered it as a strategy to discredit its rival companies in an alleged attempt for keeping users safe. Alternatively, Betz advocates the use of cooperation platforms where companies can share their findings in a discreet way, thus protecting the privacy and security of the customers.

Sunday, January 11, 2015

Top 5 Infosec links of the week (LIX)

This Sunday it's very clear what news have most liked our readers on this week: 2014 security abstracts have swept in audience. That brings us the thought: why we like so much to have it all, past also, under control, well organized and packaged? Maybe for the illusion that our lives are not subjected to natural, universal and irreversible law of entropy, queen of chaos and confusion. 

Ah, what fools we are! Confirm it dozens of companies that could not avoid the robbery of thousands and even millions of their customers' data, from small enterprises to very big corporations as Orange, eBay, Apple, Sony... Data theft is king of crimes in the network, as highlight 2014 abstracts from Ontinet and PandaLabs. Our readers have also been interested by Windows vulnerabilities on 2014, compiled by ESET.

Saturday, January 10, 2015

Crime -almost- always pays in Internet

If you're a criminal, Internet has many good things for you, including free resources that facilitate your work and, as they cost you nothing, make your profit greater. Also, if you're a good professional, no one will follow your steps because you can clear your fingerprints. And, with this information revolution Big Bang still expanding, new devices are connected to the Internet every second, potential victims for you. It's a bargain to be a cybercriminal.
Galen Marsh, disloyal employee at Morgan Stanley
Maybe Lizard Squad group thought it. They were known for riding spectacular bombings against gaming sites... until police caught them. Their last action was Lizard Stresser, a public tool that performs DDoS attacks. We now know that the basis of Lizard Stresser were thousands of infected domestic routers, attacking under the criminals orders. Cheap workforce.

Friday, January 9, 2015

The only way to live the present is learning from the past

Silent walking, watchful eye, infinite curiosity... Dogs are known as​ man's best friend, but the truth is that cats begin to conquer the hearts of more and more Spanish families. For over 10 years, these animals are more common in American and British households than its counterpart (dogs), and it looks like they will also become something usual in Spanish-speaking countries. As a matter of fact, cats are one of the most curious species in the animal world, what will surely lead them to burn their own legs with kitchen fires, or jump from a first floor window. But if the result is not how they expected, they won0t do it AGAIN.

You may be wondering what have cats to do with computer security, but the answer is very simple: why do humans make mistakes once and over again? Should not we learn from the past to enjoy the present moment with confidence? Under this paradigm, today we collect many recent studies on the evolution of malware and vulnerabilities in 2014.

Thursday, January 8, 2015

Security and IT risk: the eternal game of chess

The ouroboros is a symbol used to represent different eternal cycles for more than 300 years. It sometimes does as daily struggle, as a futile effort or as the unity of all things, among many others. Its graphical representation is usually an animal eating its own tail, drawing a circle with its body.

In infosec and IT risk fields it is usual to feel that we live in a continuous cycle, in a digital ouroboros. Security measures increased and new risks emerge in consequence, which leads to lift more protections and the developing of new risks cyber criminals...

Wednesday, January 7, 2015

IT risks, here we go again

“La Maqueta” ("The Demo", in English) was recorded by Estopa in 1999. As its title indicates this was the first LP of the Spanish musical group formed by two brothers that will eventually define the urban rumba style. Among the 38 songs in the album, which gone viral thanks to P2P and word-of-mouth, you will find "Vuelvo a las  Andadas" (“Here I go again”).

Here we go again.  Yesterday it was disclosed what might have been the first high-profile cyberattack in 2015. One of the largest bitcoin exchanges called Bitstamp closed its service on Monday due to an assault on its wallet system which have resulted in 19,000 bitcoins losses, about $ 5.1 million.

Tuesday, January 6, 2015

There is a present for you from the Three Wise Men

Today is bank holiday in Spain. We are celebrating the Three Wise Men Day, which is a magical time for both kids and adults. The Three Wise Men traditionally bring Christmas gifts for Spaniards of all ages on January 6th as they did for Jesus Christ more than two thousand years ago, according to the Bible. 

So CIGTR’s team would like to give you this article as a special present for the security of both your family and you. 

Monday, January 5, 2015

Letter to the Three Wise Men: More security, more privacy and less cybercrime

Retrieve personal and sensitive data.
To trace location via GPS.
To access photos and other files stored on accessible devices (eg. SD card).
To read, write and delete files.
To send and read emails or texts.
To make phone calls.
To turn on your camera or microphone.
Automatic updates of code and apps.
To run commands.

Although it could look like this, this is not a letter to the Three Wise Men, who are the ones who bring gifts to people in Christmas time, according to the Spanish traditionThe truth is that it is simply a list of actions that an attacker can perform via a free app. In fact, any app free of malware could represent a potential threat if it uses a compromised ad network. Such advertising acquires all permissions previously given to the application, and it can jump from app to app inheriting permissions to perform sophisticated and dangerous attacks.

Sunday, January 4, 2015

Top 5 Infosec links of the week (LVIII)

It happens that way: we start new year thinking and hoping it'll be different than past year. We promise to exercise more, quit smoking, pass that forgotten exam... But, quite a surprise, we look at our weekly five most read news and discover that, while 2014 was turning into 2015, nothing has changed in outside world: data theft, pedophilia and phishing stay the same ill-fated trending topics on Internet.
Most read news this week belongs to new year, was published on Friday, January 2th: Massive data thefts persist in big US commercial chains. The problem is that data is not theirs but their customers' names and credit card numbers, customers who rely on establishments that invest virtually zero budgets in computer security.

Saturday, January 3, 2015

Good news in computer security? Really?

Yes! Maybe because criminals are now professionals and have Christmas holidays as the rest. Computer security world is not prodigal in happy news, rather is full of news about attacks, robberies, extortion, bombings... But on this Saturday, surprisingly, most informations have a point of positivity.

Just like that arrest of two Lizard Squad members, one in UK and another in Finland. These are not good news for them, but for thousands of people affected by their bombings against videogames sites, whom could not play online on Christmas. A hackers group created ex professo, Finest Squad, found them and led to their detention.

Friday, January 2, 2015

If you try to ban it, it will go viral

“Our Beloved Leader is wise. He is gentle, kind and strong. We wish him joy. We wish him peace. We wish him love.  [...] They are arrogant and fat. They are stupid and they're evil. May they drown in their own blood and feces." ‘The Interview' could have been just another movie released, it could have been just another title stored in video libraries. But it is about to become film of the year, thanks to hackers. The question is... what hackers?

Although US authorities pointed quickly and decisively to the North Korean regime, it is increasing the number of voices calling such statement into question. There are even references to hacktivism groups which mock the FBI’s "effectiveness", and several researchers at cybersecurity firm Norse carried out a research linked to a group called "Guardians of Peace" (GoP): six individuals, including a former employee of Sony, would be behind much talked about cyber criminal operation.