Expert(s):
Security Awareness Advocatefeature_status*/ ?>
KnowBe4

Comments Dotted : 48
December 14, 2020

Experts Reaction On 4 Major Browsers Are Getting Hit In Widespread Malware Attacks
Attackers love to have access to usernames and passwords that they will then use in credential stuffing attacks.
This is a great example of how technically advanced modern attackers are. While we often hear about data breaches and fraudulent wire transfers, campaigns like this quietly run in the background generating income by redirecting search results. In many cases, it’s likely that the advertisers are unaware that malware is being used to increase this traffic. The advertisers are losing money, as they are presenting ads to possibly uninterested people, while paying the cybercriminals. The addition .....Read More
This is a great example of how technically advanced modern attackers are. While we often hear about data breaches and fraudulent wire transfers, campaigns like this quietly run in the background generating income by redirecting search results. In many cases, it’s likely that the advertisers are unaware that malware is being used to increase this traffic. The advertisers are losing money, as they are presenting ads to possibly uninterested people, while paying the cybercriminals. The addition of credential theft from the Firefox browser is a valuable tool. Attackers love to have access to usernames and passwords that they will then use in credential stuffing attacks on other accounts such as banking or shopping websites. These are successful because people often reuse the same password for many different accounts. To defend against this, users need to be educated about the dangers of installing software from untrusted websites, and the importance of password hygiene, including not reusing them across accounts.  Read Less
November 25, 2020

Expert Insight On The Bluetooth Attack To Steal A Tesla Model X In Minutes
Tesla did a great job quickly fixing the issue with an over the air update.
This vulnerability helps to illustrate how our homes and vehicles have become more connected and as convenience features are added, the attack surface increases. In this case, while relatively low cost considering the value of a targeted Tesla, there are a number of steps that need to take place in order to pull it off. While not difficult, it could raise some suspicion if done in a public parking lot or other populated public space. Tesla did a great job quickly fixing the issue with an over.....Read More
This vulnerability helps to illustrate how our homes and vehicles have become more connected and as convenience features are added, the attack surface increases. In this case, while relatively low cost considering the value of a targeted Tesla, there are a number of steps that need to take place in order to pull it off. While not difficult, it could raise some suspicion if done in a public parking lot or other populated public space. Tesla did a great job quickly fixing the issue with an over the air update and the researcher showed responsible reporting ethics by notifying Tesla and allowing them to develop the fix before publicly releasing the vulnerability and the exploit. BLE (Bluetooth Low Energy) is used extensively in modern smart devices such as smartphones, fitness trackers, smart watches, home door locks and home automation devices, among many others, to allow for seamless data transfer while using very little battery power. While this is not an attack on BLE itself, it illustrates how the devices handling of registration and communication can be circumvented from a distance using these types of wireless protocols. Attacks such as this are why it is important to purchase devices from a reputable company that will continue to offer patches and updates in the event of a vulnerability being discovered. Publicly reporting vulnerabilities like this will help secure vehicles and devices of all manufacturers across many industries and applications.  Read Less
November 20, 2020

Experts Reacted On Android Chat App With 100 Million Installs Exposes Private Messages
Consumers should be aware that just because a lot of others are using the service, doesn’t mean that the service is secure or safe to use.
This is an example of the dangers of trusting third-party apps and a lesson in how not to respond to reported security issues. This vendor uses no authentication to ensure that only the intended recipients can receive the multimedia files. Instead, by using only a short, generated hex number to retrieve the file, they leave a huge number of people vulnerable to having private photos and data pilfered without their knowledge. More concerning is the thought that users may not even be aware of how .....Read More
This is an example of the dangers of trusting third-party apps and a lesson in how not to respond to reported security issues. This vendor uses no authentication to ensure that only the intended recipients can receive the multimedia files. Instead, by using only a short, generated hex number to retrieve the file, they leave a huge number of people vulnerable to having private photos and data pilfered without their knowledge. More concerning is the thought that users may not even be aware of how to, or even have the ability to, delete these files once stored on the application developers’ servers. Having notified the vendor over the course of three months, the security researchers followed a reasonable notification attempt before publicly disclosing the vulnerability. This is a tough call for researchers, especially when sensitive information is at risk, however, leaving the vulnerability in place and not informing potential users is also not acceptable. As more and more applications are available for mobile devices, this threat will continue to grow. Consumers should be aware that just because a lot of others are using the service, doesn’t mean that the service is secure or safe to use.  Read Less
October 14, 2020

Experts On News That Intcomex Suffers Breach
It is unfortunate to see that so much of the data was removed without being noticed by the organisation.
Not only is this leak significant in the volume of data that was leaked, but also the sensitive contents of the data as well. This is not a simple matter of an email address and a name; when sensitive information such as passport numbers and license scans along with payroll information are lost, these can cause significant damage to the users of the service, up to and including real identity theft. Between legal fees, fines and identity theft protection services being provided to the victims,.....Read More
Not only is this leak significant in the volume of data that was leaked, but also the sensitive contents of the data as well. This is not a simple matter of an email address and a name; when sensitive information such as passport numbers and license scans along with payroll information are lost, these can cause significant damage to the users of the service, up to and including real identity theft. Between legal fees, fines and identity theft protection services being provided to the victims, these types of attacks can be very costly for organisations. In addition, with this organisation serving 41 countries, they are going to have a mess of notification requirements, and additional fines are likely from foreign entities. It is unfortunate to see that so much of the data was removed without being noticed by the organisation. This is a lesson that Data Loss Prevention (DLP) controls are simply not optional for organisations in the modern-day. Between straightforward breaches such as this and the newer ransomware strains that also exfiltrate data, this really needs to be high on the list for those that do not currently have it deployed. DLP also needs to be routinely tested and configured to ensure it is offering protection.  Read Less
August 19, 2020

Security Experts On Carnival Hit With Ransomware Attack Exposing Data
Just because the data is not leaked to the public, it does not mean it will not be sold on the dark web.
This is just another example of how ransomware continues to wreak havoc on organizations of all size across most any industry. In this case, unfortunately the strain is one of the newer types that exfiltrates data prior to encrypting the files. In these cases, the data exfiltration is often worse than the file encryption component as encrypted files can be restored from a backup, but once the data is exfiltrated, it cannot be undone. This one-two punch of data exfiltration and denying access.....Read More
This is just another example of how ransomware continues to wreak havoc on organizations of all size across most any industry. In this case, unfortunately the strain is one of the newer types that exfiltrates data prior to encrypting the files. In these cases, the data exfiltration is often worse than the file encryption component as encrypted files can be restored from a backup, but once the data is exfiltrated, it cannot be undone. This one-two punch of data exfiltration and denying access through encryption is only getting worse and resulting in higher ransom demands than ever before. It is important to understand that once the data leaves the organization’s control, unless the data exfiltrated was encrypted by the organization before it was taken, the organization must treat this as a data breach even if they pay the attackers not to publicly release the data. Make no mistake, just because the data is not leaked to the public, it does not mean it will not be sold on the dark web. Carnival is understandably withholding statements at this time as they work to find out the extent of the incident and the potential impact to customers or the organization, a process that does take time. I am hopeful that Carnival will share the information discovered during the investigation, even if it is through an anonymous data sharing entity, in order to help other organizations protect themselves from these types of attacks.  Read Less
August 11, 2020

Expert Reaction On BBB Warns of Immigrants Targetted Scammers
Like so many other scams that we see, this one also relies on the emotional element.
This is an unfortunate side effect of the enduring COVID-19 chaos mixed with the confusing and arduous processes related to U.S. immigration. By taking items or programs that people may have heard of or are mildly aware of and promising to help the individuals navigate the confusing process, the attackers make the scam look more credible and attractive to potential victims. The victims would not see anything unusual in the information being requested by the scammers, as this information makes.....Read More
This is an unfortunate side effect of the enduring COVID-19 chaos mixed with the confusing and arduous processes related to U.S. immigration. By taking items or programs that people may have heard of or are mildly aware of and promising to help the individuals navigate the confusing process, the attackers make the scam look more credible and attractive to potential victims. The victims would not see anything unusual in the information being requested by the scammers, as this information makes sense in the context of immigration filings. Like so many other scams that we see, this one also relies on the emotional element. The frustration, the hope of a better life or education, and the trepidation of trying to navigate quickly changing laws, rules, and guidelines, all contribute to making scams like this more successful. These emotions are simply the vulnerabilities that we as humans have. This is true at the individual level and within organisations who are often targeted with the same basic, but effective techniques. This is another case where unfortunately we must ask ourselves, how low will these cyber criminals go to make a few bucks? To counter them, we need to ensure that people have resources to contact and that they are educated in spotting scams such as this. Whenever dealing with emotionally charged situations, people need to be more vigilant than normal as emotions cloud our judgment. People should take extra precautions to apply critical thinking to situations that trigger a strong emotional response.  Read Less
August 07, 2020

Expert On News: Intel Investigating Breach Of 20GB Documents Leak
it is important to log not only who has access, but when and what data they are accessing.
While this appears to be an issue related to a third party, it does underline the security concerns around intellectual property when working with business partners both up and down the supply chain. There is always a risk when sharing potentially sensitive information to these business partners, however, this is often an unavoidable part of doing business. Intel appears to have quickly traced the source of the information and I have no doubt, will be taking steps to review access and logs as.....Read More
While this appears to be an issue related to a third party, it does underline the security concerns around intellectual property when working with business partners both up and down the supply chain. There is always a risk when sharing potentially sensitive information to these business partners, however, this is often an unavoidable part of doing business. Intel appears to have quickly traced the source of the information and I have no doubt, will be taking steps to review access and logs as they seek to identify the source of this data. While we often think of data breaches in the context of customer data lost and potential PII leakage, it is very important that we also consider the value of intellectual property, especially for very innovative organisations and organisations with a large market share. This intellectual property can be very valuable to potential competitors, and even nation-states, who often hope to capitalise on the research and development done by others. Whenever providing intellectual property access to another organisation or individual, it is important to log not only who has access, but when and what data they are accessing. Even better, as in this case with Intel, ensuring that you know where the documents have been shared by potentially marking the document itself, can be very valuable when hunting potential misuse as appears to have occurred here.  Read Less
July 13, 2020

Cyber Experts Comment On US Secret Service Creates New Cyber Fraud Task Force
It is nice to see the government taking this seriously and making moves to address the issue.
This consolidation is good news, as so many financial crimes these days have a cyber element and cyber crime has a traditional element, such as the use of money mules to withdraw and muddy the money trail. By consolidating, there is far less bureaucracy and red tape to deal with when crimes cross both sides of the spectrum. Given the sheer amount of money that the organizations within the U.S. are hemorrhaging every year due to financial and cyber crime, it is nice to see the government taking .....Read More
This consolidation is good news, as so many financial crimes these days have a cyber element and cyber crime has a traditional element, such as the use of money mules to withdraw and muddy the money trail. By consolidating, there is far less bureaucracy and red tape to deal with when crimes cross both sides of the spectrum. Given the sheer amount of money that the organizations within the U.S. are hemorrhaging every year due to financial and cyber crime, it is nice to see the government taking this seriously and making moves to address the issue.  Read Less
June 26, 2020

Experts On 350,000 Social Media Influencers And Users At Risk Following Data Breach
This breach has released the same information about hundreds of thousands of victims who also are now at risk.
While people generally focus on breaches that involve passwords, credit card numbers, or other financial details, breaches of this magnitude that compromise a significant amount of personal information cannot be ignored. It is important to understand that not only was the information about the individual stolen, but other data such as Facebook friend lists and additional data that could even put others at risk. Given the volume of information lost here, it is important that the organisation.....Read More
While people generally focus on breaches that involve passwords, credit card numbers, or other financial details, breaches of this magnitude that compromise a significant amount of personal information cannot be ignored. It is important to understand that not only was the information about the individual stolen, but other data such as Facebook friend lists and additional data that could even put others at risk. Given the volume of information lost here, it is important that the organisation contact victims as soon as possible and that they provide a statement about the breach, something they have not done yet. The practice of doxing, or releasing personal information about people's addresses, phone numbers or even employers, has long been looked upon as grievous offence in the cybersecurity community due to the potential impact it can have on the victims. This breach has released the same information about hundreds of thousands of victims who also are now at risk. The 253,051 records that contain information such as Facebook account names and associated friend lists is a gold mine for social engineers. This information can be used to create fake lookalike accounts that can then be used to attack these friends. It is not uncommon to see these attacks used, often through a friend request or a message request that makes the user believe they are speaking to the real person, to spread malware or perpetrate other scams. These victims of the breach should be very vigilant toward future emails, text messages and phone calls, as these are prime attack techniques for this type of information.  Read Less
June 24, 2020

Expert Insight On New WastedLocker ransomware
Once ransomware encrypts your backups, your choices become very limited as to how to proceed.
It's not really surprising to see this group getting back into the ransomware game after a bit of an absence. Now it seems we know why they were gone for a little while -- they were working on this new strain of ransomware. I've often joked about products that are marketed as new AND improved, however, in this case, that does seem to be the truth. A lot of effort went into writing this, apparently from scratch, where generally we can expect to see a variant of a previous strain, or at least.....Read More
It's not really surprising to see this group getting back into the ransomware game after a bit of an absence. Now it seems we know why they were gone for a little while -- they were working on this new strain of ransomware. I've often joked about products that are marketed as new AND improved, however, in this case, that does seem to be the truth. A lot of effort went into writing this, apparently from scratch, where generally we can expect to see a variant of a previous strain, or at least some code reuse, within the new product. Interestingly enough, it seems the only similarities lie in the ransom note. Another unusual thing is that they are not exfiltrating data. Since that has been the hot trend in new versions of ransomware, or even older ones being adapted to also exfiltrate data, it is interesting to see this without those capabilities. For the Evil Corp gang, it does simplify things quite a bit, as they don't have to deal with the storage and publishing of the exfiltrated data or risk tipping their hand as the data is moved out of the network prior to encryption. Their price tags are big enough that we can assume they will be happy with getting just a few victims to pay up. They do seem to have a pretty good plan that covers how to make that happen by targeting specific types of servers and looking for backups wherever they can find them. Once ransomware encrypts your backups, your choices become very limited as to how to proceed. To defend against Evil Corp and WastedLocker, organisations need to ensure they have backups either offsite or in a location that is not network accessible. In addition, because we know the primary attack vector for Evil Corp is phishing emails, organisations need to ensure their end users are trained to spot and report phishing attacks quickly. The reporting aspect, something that a lot of organisations lack, is a critical piece, as it allows the security team to take steps to remove potential phishing emails from other members of the organisation who may have been targeted in that campaign.  Read Less