Expert(s):
Head feature_status*/ ?>
Juniper Threat Labs, Juniper Networks

Comments Dotted : 22
November 25, 2020

Experts Warning And Advice On Black Friday Threats
Think twice about signing on through Google or a social media account.
To protect themselves on Black Friday, Cyber Monday, and throughout the holiday shopping season, here are three ways consumers can protect their online security. - Don’t register at every website – they don’t need to host your PII or payment data. - Think twice about signing on through Google or a social media account – this gives away much more data than many would care to share. - It’s difficult at this time of year to remember every website you use, but try and keep track of those .....Read More
To protect themselves on Black Friday, Cyber Monday, and throughout the holiday shopping season, here are three ways consumers can protect their online security. - Don’t register at every website – they don’t need to host your PII or payment data. - Think twice about signing on through Google or a social media account – this gives away much more data than many would care to share. - It’s difficult at this time of year to remember every website you use, but try and keep track of those you’re using for the first time or have only infrequently used and monitor your charge card data.  Read Less
November 20, 2020

2020 Black Friday/Cyber Monday – Likely Magecart Attack Increase Due To Plug-in Vulns – Experts Perspective
Magecart is more of a threat in 2020 than ever before.
E-commerce and retailers are at substantial and increased risk of Magecart attacks this year, largely because the site plug-in providers are a vast, unmonitored and leaky supply chain for most online retail websites. The average online retailer website has 39-40 external sources of Javascript alone, not counting CSS code. In most organizations, no one person tracks who added them or why and through what vetting process, if any. The ecosystem at website-level continually expands, forming a.....Read More
E-commerce and retailers are at substantial and increased risk of Magecart attacks this year, largely because the site plug-in providers are a vast, unmonitored and leaky supply chain for most online retail websites. The average online retailer website has 39-40 external sources of Javascript alone, not counting CSS code. In most organizations, no one person tracks who added them or why and through what vetting process, if any. The ecosystem at website-level continually expands, forming a gargantuan supply chain that no one knows exists. This problem is far bigger than the owner of the domain can address on their own. Vulnerability scanning does not pick up every sort of injection attacks that Magecart thrives on. Of the four techniques of injecting malicious code, three are done through supply chains and just one through direct code injection. Ongoing pen testing of sites and auditing of source code is sorely needed, but third party site builders often don’t take this on as their responsibility – it’s not their reputation at stake, but the site owner’s brand’s. Examples of plug ins include ad servers and shopping carts with plug-ins such as “rate this” on payments pages. Magecart is more of a threat in 2020 than ever before, both because: a) more shoppers have moved online so the volumes are higher, and b) in the rush to introduce new online and curbside services during the pandemic, far more new plug-ins and APIs were added, creating new potential vulnerabilities. Shifting to crypto payments won’t reduce Magecart vulnerability. The Masad Stealer is an example of an attack that is on the victim’s browser. When they enter the information for the party they intend to pay, the stealer replaces it with their own and the outbound payment is routed to them. Steps toward solutions that retailers should consider include Sub Resource Integrity (SRI), which will assure that content doesn’t get edited along the way. Most sites are edited by multiple third parties like content delivery networks. Also, Content Security Policies, which are policies supported by browsers and web servers that say “Here are the only domain names allowed to fetch executable scripts from on my behalf.” In the retailer’s code, rules should authorize only those few approved domains. This would close several avenues that Magecart uses to infiltrate Javascript. Other recommendations include: 1. Companies must also ID all third-party e-commerce providers and advertisers they work with and ensure that they do continuous self-assessments and audits. The best way to do this is to require their code be audited by a trusted third-party. To then avoid supply chain injections, the company must host that third-party code themselves if possible and not fall for the ease of inclusion by reference. Then they need to keep it up to date with security patches. 2. Test everything – for example, inject their own Javascript code into the browser and review what’s happening. There are tools to do that. 3. Ensure scanners have access to critical flows, such as shopping carts. 4. Javascript virtualization – it’s important to keep an eye on performance, as delays can be detrimental to overall company goals. The biggest problem is a people problem - not with users and consumers, but with the organizations themselves. They don’t see the massive amount of unmanaged third-party plug-ins as vulnerabilities, so the problem continues.”  Read Less
November 13, 2020

Microsoft Advises To Stop Using Phone-Based 2FA – Security Expert Reaction
The only caveat to that is the social engineering tactics used to perform SIM swapping, transferring your phone number to someone else illegitimately.
I wouldn’t sound the alarm for everyone using phone-based 2FA. No security is perfect. A determined and well-funded actor with lots of time and resources can indeed defeat such 2FA security for worthy targets. But it does not mean everyone needs to worry about their bank’s 2FA using phones. It requires much more access than what a cybergang member in a foreign country would have access to. The only caveat to that is the social engineering tactics used to perform SIM swapping, which would.....Read More
I wouldn’t sound the alarm for everyone using phone-based 2FA. No security is perfect. A determined and well-funded actor with lots of time and resources can indeed defeat such 2FA security for worthy targets. But it does not mean everyone needs to worry about their bank’s 2FA using phones. It requires much more access than what a cybergang member in a foreign country would have access to. The only caveat to that is the social engineering tactics used to perform SIM swapping, which would transfer your phone number to someone else illegitimately.  Read Less
November 05, 2020

Experts On RegretLocker Ransomware Strikes Windows Virtual Desktops
Their decision of communicating with victims through email only seems again like a poor choice.
Going after virtual disks seems like a niche market for threat actors. Most ransomware does not need to deal with virtual disks to pose a threat. Their decision of communicating with victims through email only seems again like a poor choice. It is true that picking an Iceland-based email provider gives them some privacy, but it doesn’t protect against criminal activity. Once Ctemplar takes action and closes their email account, their victims will be left hanging to dry with no contact with.....Read More
Going after virtual disks seems like a niche market for threat actors. Most ransomware does not need to deal with virtual disks to pose a threat. Their decision of communicating with victims through email only seems again like a poor choice. It is true that picking an Iceland-based email provider gives them some privacy, but it doesn’t protect against criminal activity. Once Ctemplar takes action and closes their email account, their victims will be left hanging to dry with no contact with the attackers.  Read Less
November 02, 2020

Home Depot Data Breach/Leak – Experts Insight And Next Steps
Fortunately, the harm that can come from this kind of data breach is limited and nowhere near what a threat actor can do with the same information.
We often think of data breaches as the consequence of a threat actor infiltrating a network and gaining access to a sensitive data set. The majority of data breaches are small in the number of records exposed and are caused by human error when either policies are set wrong or data is sent to the wrong people. Fortunately, the harm that can come from this kind of data breach is limited and nowhere near what a threat actor can do with the same information.
October 20, 2020

Albion Games Online Forum Suffers Data Breach – Experts Insight
It is indeed unlikely the password hashes would be reusable on some other site where you have used the same username and password.
Most professionals wouldn’t look twice at a game portal data breach that only exposed usernames and password hashes. It is indeed unlikely the password hashes would be reusable on some other site where you have used the same username and password. But the attacker had access to the users’ profiles, which includes email addresses and that’s a bit more valuable to mount future phishing attacks.
October 01, 2020

Swatch shuts down some technology systems after cyber attack
Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks
Swatch watchmaker’s CIRT team gets it: time is of the essence, no pun intended. Responding quickly to what seems a bit off on an InfoSec console screen can make the difference between staring at a ransom note and saving the day.
August 18, 2020

Canada Revenue Agency shuts down after cyberattack – hacked login credentials at fault
Credentials reuse is a big issue.
Credentials reuse is a big issue getting a lot of smart people to think about getting rid of passwords as an authentication method altogether. But we’re not there yet, so I’m glad the government of Canada was able to spot the brute force attempt quickly. Can you imagine if this was perpetrated slowly over months instead of hours? It is possible that the attack would go undetected.
August 12, 2020

Expert On Bitcoin Thieves Use Malicious Tor Relays To Hijack Traffic With SSL Stripping Attacks
The anonymity of TOR comes from its distributed nature and its ephemeral relay servers.
People think that TOR is a bullet proof anonymity tool. It’s not. It has been known that sometimes even authorities run TOR exit nodes just to monitor traffic. The anonymity of TOR comes from its distributed nature and its ephemeral relay servers. But if someone manages to throw enough servers into the mix, they might just control enough of the traffic to get a pretty good idea of what’s flowing though the network.
August 06, 2020

Experts Reaction On 900 Pulse Secure Enterprise VPN Passwords Leaked
This data could have been sitting in this hacker’s treasure trove for a number of months until they decided to publish it.
The immediate focus of every organization should be to ensure no future unauthorized logins occur. Anyone who had run the vulnerable version of Pulse VPN after the disclosed vulnerability should force all users to change passwords immediately and invalidate those passwords that do not get changed in a 24 hour window. Admins should also change their passwords and ssh keys on the Pulse VPN devices. It is true that the list seems to have been put together starting June 27, 2020, but that is not.....Read More
The immediate focus of every organization should be to ensure no future unauthorized logins occur. Anyone who had run the vulnerable version of Pulse VPN after the disclosed vulnerability should force all users to change passwords immediately and invalidate those passwords that do not get changed in a 24 hour window. Admins should also change their passwords and ssh keys on the Pulse VPN devices. It is true that the list seems to have been put together starting June 27, 2020, but that is not an indication of when the device compromise took place. This data could have been sitting in this hacker’s treasure trove for a number of months until they decided to publish it. So, even if you patched in January, consider your organization at risk. A lot of threat researchers have access to the published list, as it is now downloadable from public repositories. Therefore, you could reach out to your security vendor to ask if any of your IPs were among the leaked ones. But again, this is no guarantee that your device was not compromised and your credentials are not in some other unpublished list.  Read Less