Wednesday, August 31, 2016

Human identification using WiFi signal

Identification (and verification) in digital environments has become the Holy Grail of our time

It is relatively quick and easy to manage identities of users at local level. What complicates matters is deal with a structure able to identify users in decentralized environments in such way that we could optimize users experience and control their different permissions.      

And to make matters worse, the Internet of Things is forcing us to correspond digital word with the physical one so as not to be dependent on non standardized variables.

Monday, August 29, 2016

Cyber (public) secrets...

Today, one year ago...

As known as something that is supposed to be kept a secret but everybody knows it, even if the tittle says that the secret is safe and sound. This is what we call a public secret and we can find them in cyber security field. If we cast our minds back we discover that August 2015 was a special date for these public secret that were known by almost everybody.

One of them is the announcement of the powerful Google about its browser Chrome would no longer offered Flash content, a not much appreciated technology by other but Adobe lived as it never would affect them. "It is over" they said from Mountain View. If your ads are not in hands of a big platforms or HTML5 you would never see them again. We all know that, sooner or later, it would happen but "when" was not defined.

Friday, August 26, 2016

New technologies applied to the cyber crime industry

There are continously advances in technology. Cybercrime industry, as an early adopter, is always looking for adapting it for its own purpose.

The reason is pretty clear. This sector is very anxious to becoming the leader of the rest of industries, taking into advantage the lack of responsiveness to new techniques and those that are already in circulation.

Today we are going to review some news of the last week related with the use of new technologies in Infosec.

For example, the application of artificial intelligence algorithms to phishing campaigns. This increases the chances of success as much as manual and directed campaigns do.

We can also talk about the new tactic used by threat actors, who are now attempting to install and run a virtual machine, with the purpose of hiding their malicious actions This technique allows these pieces of code to pass the security control of the system.

These innovations not only affect technology but also the existing control tools used. Twitoor is the first Trojan that uses Twitter API to get the control of all infected Android devices.

Of course the good ones are always alerted and sometimes they take actions in order to avoid all these new techniques.

We could saw an example with this prototype of auto-validated chip. The chip alerts when a malware is detected and it is not working as a normal hardware would do.

This chip is something we would really need in the not too distant future if we are serious about the interest of cybercriminals in the use of electronic implants.

Hacking a social network account or extorting a company can be a really lucrative business but thinking about people's insulin pumps or implantable defibrillators means something really different and it turns more interesting.

New technologies are available for cybercrime industry. Available to all those interested in moving out of their comfort zone. For better or for worse. 

Wednesday, August 24, 2016

Security and trust measures at hardware level

In recent years, the production and assembly of integrated circuits industry has grown a lot. Consequently, the number of intermediaries is now far of the control that all chips need to ensure their smooth functioning in the final product.

This is also known by cryber crime industry. It has left its mark on this chain, leaving back doors or design flaws, in order to let cyber criminals to show the security in end devices.

In this scenario it is important to call attention to an interesting proposal of Siddharth Garg, an assistant professor of electrical and computer engineering at the NYU Tandon School of Engineering. Siddharth defends the implementation of a chip with an embedded module that proves that its calculations are correct and an external module that validates the first module's proofs.

Monday, August 22, 2016

Don't let your guard down: it is cyber-August

A year ago...

We usually think that nothing is happening in August because it is summertime almost everywhere. However, history is littered with important events like the atomic bombs in Hiroshima and Nagasaki or many episodes of independence in Latin America. On this day, Cadillac Motor Company was born, BBC started its first TV experiments and English Civil War started (1642). So August is not a quiet month.

And we will always remember August. It is the month when 60 Gb of information embarrassed a large amount of people. We are talking about Ashley Madison, the online dating site for married dating and extramarital affairs that was a victim of Impact Team group. The moral burden was not enough and Avid Life Media (The owning company of the website) learned that one of its executives had robbered information from a competitor that Avid had intented to buy. The thief had been stolen.

Friday, August 19, 2016

Marketing and cyber attacks

Cyber security has emerged as one of the most important economic pillars that sustain industries.

It is no wonder. The business of almost all markets are at stake. This sometimes encourages media to give much more importance to the topic than it actually has.

It has always happened with press and TV, and it is happening now with cyberthreats.

A few years ago if an exploit put into a hard spot this technology then only those interested in the topic would read about that. Nowadays if it happens, it would have enough marketing to be published in all media.

Wednesday, August 17, 2016

Invisible bitcoins for the ransomware-as-a-service

Ransomware industry has been positioned as one of the most profitable industry for cyber crime. Victims are extorted to pay a good deal of money to get all their files back, relying on the good faith of the thieves.

Check Point Software Technologies has published a report analyzing the economic and operational impact of one of the biggest ransomware-as-a-service (RaaS) in circulation. It uses a new variant of the well known Cerber ransomware and it is generating about $2,5 million in returns to its creators.

There are now 161 active campaigns and 8 new campaigns are launched everyday. It is believed that criminals made around $200,000 just for the month of July. Victims have deposited money into different Bitcoin wallets which results 1 bitcoin (around $590) per attack.

Tuesday, August 16, 2016

One year ago: cheese with holes

We sometimes think that cybersecurity has more holes than Gruyere cheese. In fact, when we look back, we see that it is a reality and it has been like this.  In this Special Summer Issue, every Monday we look back on one year ago, we remember middle of August 2015. That month was more prone to give us tasting cheese news. Note: don't forget we are talking about only one year ago.


We would have to award  Lenovo with the prize for "The cheese with the most hidden hole". An researcher discovered a serious vulnerability that had been circulating in dozens of models of  PC oriented to final consumer, some of them with great commercial success. The new forced Lenovo to publish a note explaining the origin and scope of the bug and, of course, to produce a patch to remedy the problem

Friday, August 12, 2016

The (t)errors from the past

The cultural legacy of the 1980s and 1990s (at least the heritage from the people that lived in slums and defined that period) is back. Maybe is because the generation that lived that epoch is holding now the reins of the market. Other option is that we are just following a cultural cycle, accentuated by the democratization and globalization of new technologies.

We should not be surprised that old-timer bugs, we thought they had become obsolete, have returned.  One of the most significant one is the outcome of Avast. The popular free antivirus program has shown in some versions of Windows the "Blue Screen of Death" that we thought had disappeared forever. 

Wednesday, August 10, 2016

Which vulnerabilities can be adquired in the Dark Web?

The evolution of 0-day follows random patterns and depends on a number of factors. Moreover, detecting those exploits at an early stage can help organizations to minimize impact of them.
For that reason we are taking on board the investigation runed by several researchers from Arizona State University, called "Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence" (EN/PDF). During four weeks they have been scraping 27 of the Dark Web key markets in order to find relationships between these markets and the proliferation of 0-days in future cyber attacks.

During this time it has been found 21 discussions related with this kind of attacks and up to 16 zero-days being sold to the highest bidder. In fact, one of them made use of one vulnerability already known by WebView (on of the components that allows an Android App to show content of a web wrapped in the same app) that affected all Android  with versions 4.3 and before, figures that represented the 60% of the total of Android devices in circulation.

The prices to undertake this exploit will range during the next days, but the opening bid started with 40 Bitcoin, which is about 24,000 dollars.

As said, this kind of researches are really interesting to understand the 0-days broadcast stream from their discovery, generally thanks to an element of the cybercrime chain, passing through the sale and finishing in their market exploitation.

If companies were able to establish an automated monitoring in this king of forums they could, where possible, second-guess criminals: patching, updating or replacing major vulnerabilities systems, even before the attack.

To conclude, we need to play a more proactive role against cybercrime attacking its major weakness: the exhibition needed to sell 0-day. It happens in the early stages so it could be used as a defense in future attacks.

 It is also noteworthy the Oracle`s MICROS presummed hacking, the payment system of the most TPVs of the market, and the development of Quadrooter, a new Android vulnerability in over 900 million devices.

Monday, August 8, 2016

Do not play with cybersecurity: Better once

There is an Spanish expression, with some variations, about the importance of  dealing with difficult decisions before they get more complicated.: better once red than a hundred times yellow. It's odd, but one year ago not one or two or three cybersecurity news were accumulated, attesting that this expression is valid for the cybersecurity world too.   

And if we're talking about getting yellow, talking about China is the best thing. One year ago we knew that Chinese cyberspies were going into and out of some Obama´s Administration high rank members mails since at least 2010. At least, if we trust in the version we received then, the compromised accounts were the private ones because the work accounts were "more secure". Maybe, but the Chinese have been making the USA´s officials get yellow for five years.  

Friday, August 5, 2016

Shell Gamers take up the news

Shell Game, mosqueta or Pepito pays double. It's the same. Is the same game, based on deception, to cheat money to the audience. An that's, a real shell game, what cybersecurity has become this week. It´s always like that in one way or another, but these days it has become more evident: the little ball never stops where we thought it was, but under another beaker (or shell as shown in the image that accompanies to this outline ). The scammer takes his part, and don't ask for a complaint: you already knew it could be a trap.

As the Whatsapp messages you thought that were erased. They weren´t. They are there, waiting for somebody wise enough to find the hole to bring them back to life. Of course, it´s the price to pay for decades being content with the fact that the files erasing was never categorical, except when performing a lethal formatting. So we now pay the consequences. Wrong beaker.

Wednesday, August 3, 2016

Selling cards in the black market

Dark Web and Deep Web terms are usually used in a similar way, but the first one defines all those pages only available using specific Dark Web technologies (such as TOR) and the second term includes portals hosted in the public network, which because one reason or another (content blocked by admins, webs closed with a login system...) are not indexed by search engines.

They are two pieces of the same thing, and that should think the guys from Arizona's State University when defining the impact of black market at presence and products catalogue levels. Their whitepaper, published under the title Product Offerings in Malicious Hacker Makers, was part of a research conducted during six months on the 17 industry best known black market webs, in the Dark Web and the Deep Web too.

Monday, August 1, 2016

On this day one year ago: Windows 10, Facebook and General Motors

We're on a Summer break with the usual Monday interviews and we focus on more fresh notes, to alleviate the rigours of the summer, with permission from our readers from the other side of the sea, who are enjoying Winter by now.  We've asked ourselves: In a changing environment as cybersecurity, what happened one year ago? Looking to the past allows us, at least, to check if we have done our homework.

We have been taking notes about the importance of securing access for years, but only one year ago the social network by excellence (at least by number of users), released its Security Checkup which allowed us a better control of our accounts access. Nowadays most of us live so accustomed to this system that for us its hard to believe how could we live without it. The policy of carrot and stick for Zuck´s guys, then Whatsapps owners: a year ago a 19 years old student explained how to assault other people's conversations, and their contacts too if the victim was an iPhone.