CCleaner – Trusted Application Compromised

September 18, 2017 at 4:16 pm | Posted in Cyber Security | Comments Off on CCleaner – Trusted Application Compromised
Tags: , , , , , ,

Cisco’s cyber threat intelligence division TALOS released details today of a major exploit that it has discovered within popular PC clean up program CCleaner.

TALOS’s investigation began last week when they noticed that the latest installation of CCleaner was triggering Cisco’s Advanced Malware Protection systems indicating that the software was malicious.
Further investigations indicated that within the download for CCleaner there was a hardcoded commander and control request to download malicious software through a Backdoor.

Cisco immediately informed the manufacturers of CCleaner of the exploit and a fresh version has been released.

If you have CCLeaner 5.33 please do download the latest version immediately as this has fixed the potential issue.

The bigger concern is that millions of people could have downloaded this application from a trusted supplier since the exploit was installed by the attacker and shows the importance of cyber security in order to maintain brand reputation as like Neytra attack earlier this year this is a trusted application.

for further reading check out TALOS’ blog
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

Advertisements

Black Hat vs White Hat

August 7, 2017 at 4:00 pm | Posted in Cyber Security, Musings | Comments Off on Black Hat vs White Hat
Tags: , , , , , ,

This Blog is entirely my own opinion and is no way tied to my employer. 

Last week, news broke that the cyber security analyst who stopped the Wannacry cyber security incident in May had been arrested in Las Vegas while attending the ethical hacking conference. He was accused and charged with having previously creating a piece of banking malware that gained notoriety around 2014.

Now, in this case as always the presumption is innocent until proven guilty.

However, it does pose significant questions as to those researchers who were previously wearing the “Black hat” and facing off against the security industry and later chose to go legitimate and become “white hats” in security industry.

If there is a sword of Damocles hanging over them about their past then it adds a further question as to if they want to go legitimate.

It all boils down to the principles of Sun Tzu and the Art of War. How far are States willing to overlook past crimes for the greater good.

Sun Tzu says on spies, in chapter 13 of Art of War
“Having CONVERTED SPIES, getting hold of the enemy’s spies and using them for our own purposes.”

Converted Spies are deemed the most useful by Sun Tzu as it enables other spies to be brought in based on the knowledge of the converted spy.

A thousands year old text still has relevance today and in the cyber security industry chapter 13 is especially relevant. As the knowledge that those researchers who were formally on the other side of the battle is extremely valuable.

It is entirely possible that regardless of whether the Wannacry researcher is guilty or not that the actions taken in the US have potentially put off future Black Hats from becoming White Hats and that the knowledge they would have brought is now lost.

A Newer Threat Emerges – Destruction of Service

July 27, 2017 at 9:38 am | Posted in Cyber Security | Comments Off on A Newer Threat Emerges – Destruction of Service
Tags: , , ,

Another theme that emerged from the cisco mid-year cybersecurity report is the rise of destruction as a service.

Now many DDoS (Distributed Denial of Service) as a Service already exist and are can be purchased from the dark web for as little as $7 an hour and used to shut down any website you want by flooding their servers for an hour or so. These attacks are usually deployed against the various console systems over the Christmas period (Xbox live etc) in order to disrupt their services.

However, now attacks are not only seeking to disrupt and deny services but to destroy them.

Attackers are now seeking to remove the safety net that organisations rely on to restore systems following cyber incidents that disrupt their services. By wiping data instead of locking it and also compromising back-ups it is entirely possible for these new attacks to completely wipe out an organisation.

An example was the Netyra attack from a month ago which wiped out data across many industries and continues to impact companies affected. TNT for example is still trying to recover and is reporting that they still have parcels that they cannot deliver in their warehouses due to the destroyed records.

These attacks are a startling new trend in cyber security and Cisco and the rest of the industry’s strategy to try to combat these attacks is to reduce the time that it takes to detect a breach of systems before it can spread.

Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Comments Off on Cisco Mid-Year Security Report – Exploits Down Spam Up
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

Further Data Breaches

July 10, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on Further Data Breaches
Tags: , , , , ,

Over the weekend there was further news of Data Breaches, with once again my number on the board of cyber security breaches has not gone above three thus far.

Last week the Guardian Australia revealed that the Australian Medicare records were compromised and available for purchase on the dark web. These records it now appear to have been stolen from an insider threat rather than a full scale Breach of the Medicare records system.

News also broke that one of India’s largest telecoms providers Reliance Jio had suffered a data breach with around 100 million of their customer’s records found online unencrypted. Investigations are ongoing but this is correct then this would be one of the largest on record.

The Largest data breach in history that is currently know is the leak of around 1.4 Billion records from River City Media. The Great Irony of this particular Data Breach Is that River City Media was one of the largest Spam Email providers on the internet.

Even the bad guys sometimes make mistakes.

What is a Trojan Virus – Beware of Ukrainians bearing Gifts?

July 6, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on What is a Trojan Virus – Beware of Ukrainians bearing Gifts?
Tags: , , ,

In the Cybersecurity industry, things have come a long way since the first Computer Viruses of the 1980’s and 1990’s. However, Malware (Malicious Software) in both scope and scale has changed dramatically. From about 1 Million new pieces of Malware created in 2006 to around 140 million created in 2015.

There are many times of different names and types of Malware, from Worms to Viruses and from Ransomware to Spyware.

One of the most common forms of Malware however is the Trojan Malware.

A Trojan Malware is, as its name suggests a piece of legitimate software that has been compromised by malicious actors in order to spread their malicious software.
Once a Trojan is installed, it can then be used to install Ransomware, Spyware or a Botnet in order to be used for monetary gain by the criminals.

Research has now concluded that the Netyra attack of last week spread from an accounting software program.  This is a classic example of a Trojan in action as legitimate software disguised a malicious piece of software within it.

Trojans account for about a quarter of all pieces of Malware that are currently seen by the industry and remain one of the most common methods of attack.

NYETRA/PETYA/NOT PETYA – Cyber Attack Update

July 3, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on NYETRA/PETYA/NOT PETYA – Cyber Attack Update
Tags: , , , , ,

Last Week a new Cyber Attack began to make itself known. Originating in the Ukraine this particularly vicious piece of Malware managed to take down numerous Ukrainian organisations before spreading outside of Ukraine and affecting other companies around the globe.

The impact was significant on several levels with Cargo ships unable to unload at ports around the globe and entire companies taken off line. Rather than encrypting individual files, NYETRA encrypted the operating system.

The Spread however, was not as wide scale as WannaCry.

The reason was the delivery method, while both NYETRA and WannaCry used the same exploit system their original delivery and latter spread was different. As Netyra only spread from a compromised application on the internal network as opposed to also spreading on the external network like WannaCry did.

There is also currently debate as to whether this was a Ransomware attack or was an attacked designed to wipe data from targets. The Ransom and clean-up elements of NYETRA were considerably weaker than WannaCry.

I am leaning towards the Wiper opinion on this latest Cyber Attack personally.

Once again I urge readers to ensure that their PC’s are up to date as this attack could once again been prevented if the march update from windows had been installed.

WannaCry should have been a warning.

Fool me once shame on you, Fool me twice shame on me.

For further in depth reading on this latest attack, do check out Cisco Talos’ Blog
http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

Note: This Blog is my own thoughts and are in no way associated to those of my current employer.

Reset the Clock – Cyber Security Attack in Progress

June 27, 2017 at 4:07 pm | Posted in Cyber Security | Comments Off on Reset the Clock – Cyber Security Attack in Progress
Tags: , , ,

We are entering the final few weeks of the quarter at work and it was month end last Friday. As part of an experiment my Whiteboard at work has been cleaned and I did a “Days since last Cyber Attack/Breach”

The number reached the dizzying height of 3 days before I wiped it down to zero a few hours ago.

There is currently a major cyber security attack in progress that has been code named PETYA. Much like WannaCry this is a piece of Ransomware that is spreading across the globe.

Organisations hit include a shipping firm, the Ukrainian government and marketing companies. With one company ordering its staff to shut down computers and go home.

The Cyber Security industry has mobilised and is now working to contain the outbreak.

More to come.

The encryption traffic conundrum solved?

June 22, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on The encryption traffic conundrum solved?
Tags: , , , ,

A challenge that has risen in recent years is the rise of encryption on internet communication traffic. Many websites are now HTTPS, especially if you submit any private details.

It also means that many cyber criminals have also adopted encrypted traffic communication in order to protect themselves and make it harder for traditional security solutions to spot malware meaning that Malware spread through encrypted traffic has become a major source of data breaches.

Currently in order to deal with this threat vector the solution is to decrypt all files resulting in a potential trade-off between security and privacy.

Cisco however, has just announced a new approach by using analytics to analyse the intent of encrypted traffic and assess whether an encrypted file is in fact malicious. This is achievable by using Cisco Talos’ intelligence of current and suspected attack vectors.

Early trials are showing it to be extremely effective and I look forward to seeing it in person and in action soon as this could solve several issues that currently are challenges to the security industry.

The Value of Cyber-Crime

May 22, 2017 at 8:25 pm | Posted in Cyber Security | Comments Off on The Value of Cyber-Crime
Tags: , , , ,

The Days of mobsters demanding extortion or protection money is long gone.
Or has it? The reality is it has moved to a more virtual space.

The WannaCry attack from last week is a prime example of one of the more common types of Cybercrime on the internet and it is extortion. The ransomware takes possession of something you own and demands payment for release.
Just like the criminal gangs of the past. They are virtual now.
It was estimated that the value of the Crimes on the internet are around $500 Billion dollars (roughly the value of Microsoft) and are growing annually.

It has also become a commodity market for criminals as well, with botnets and malware being created on demand from a Cyber Criminal Ebay.
Latest intelligence is that a piece of Malware like WannaCry can be created for around $2000 to $5000.

WannaCry has so far acquired around $100,000 in paid ransoms that is a return of around twenty times the original investment.

This is the challenge facing the cyber-security industry as the era of individuals hacking computers for the fun of it in their parents basement is over, we are now in the Era of organised criminal gangs operating in Cyber Space.

Next Page »

Blog at WordPress.com.
Entries and comments feeds.