Posts tagged with "malware"

Covid created by Allison Christensen from 360 Magazine for use by 360 Magazine

Tik Tok × Covid-19

With 732 million users worldwide, TikTok, a trending video-sharing platform, is one of today’s most popular social media networks. During the lockdown, the app’s short and amusing videos drew a lot of attention, but it was not long before cybercriminals took advantage of TikTok’s fame for their own gain.

According to the data presented by the Atlas VPN team, TikTok was the most impersonated app in Covid-19 related to Android app scams in the first half of 2021. There were a total of 88 TikTok copy-cat apps detected spreading FakeApp malware.

Malicious applications impersonating organizations that give out free laptops to students were also highly prevalent. There were 37 bogus Android laptop registration applications detected in H1 2021.

The third spot on the list is occupied by apps impersonating vaccine registration channels. Overall, 14 such malicious applications were found in the first half of this year. 360 Magazine is surprised to see this research about Tik Tok, which is widely used internationally.

Fake apps often imitate the login pages of the official apps to harvest users’ credentials and other personal data. They are typically distributed through third-party app stores, but on occasion, fake apps make it to the official Google Play store as well.

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, gives advice on how to recognize fake applications: “What makes fake apps so dangerous is that they are typically designed to look exactly like an official app, making them hard to spot. The best defense consumers have against falling prey to fake app downloads is knowing what to look out for. Reading the apps reviews, taking some time to research the developers, and reading the permissions agreement are just some of the things consumers should do before proceeding with an app.”

Apart from fake apps, cybercriminals have launched multiple other cyberattacks leveraging the global pandemic, including phishing campaigns, malicious URLs, as well as malware. While cyberattacks were widespread across the world, some countries suffered more than others. In total, 35.9% of such threats affected the United States in the first half of 2021. Other highly affected countries include Germany (18.9%), Colombia (10.5%), Italy (3%), and Spain (2.5%).

illustration by Samantha Miduri for use by 360 Magazine

Ransomware: Piracy on the IPs

By: Casey Allen with Concentric 

Where there is commerce, thar be pirates! The techniques, tactics, and procedures of modern-day pirates have expanded significantly since the Lukkan buccaneers first raided Cyprus back in the 14th century. The practice of maritime piracy is still alive and well, but as technology has advanced from bronze to blockchain the booty of choice for 21st-century corsairs has evolved from gold to Bitcoin. Data has become the world’s most valuable commodity, and the submarine communications cables that form the backbone of the internet are the shipping lanes for trillions of dollars worth of global commerce. With so much at stake, it should come as no surprise that cybercriminals continue to raise the Jolly Roger in digital form. 

Ransom has been a staple of the pirate’s playbook since Teuta, the Pirate Queen of Illyria, captured the Epirus capital city of Phoenice in 231 BCE. Queen Teuta was successful in holding the city hostage long enough to force the Epirotes into paying her a ransom to release their citizens and vacate its borders. The extent of Queen Teuta’s means, the sophistication of her organization, and the insatiability of her greed made her an “Advanced Persistent Threat” (APT) to victims all over the Mediterranean. As cybercriminals have become more sophisticated and organized, they too have become APTs, with their reach extending the entire breadth and depth of our information superhighways. 

Ransomware is a specific type of malware that infects information systems with the goal of making them inaccessible until a ransom is paid in exchange for restoring the victim’s access. Such a disruption can be crippling for an organization, often leaving leadership with no other choice but to submit to the ransomer’s demands in order to resume normal operations as quickly as possible. Information security professionals and government agencies agree that paying these ransoms is incentivizing future attacks, and should only be done as a last resort. However, without adequate alternatives, the average cost of downtime remains 24 times higher than the average ransom amount, resulting in ransom payment being considered the most expedient and cost-effective solution for the victim. 

The U.S. Department of Treasury announced in October of 2020 that companies facilitating payments on behalf of ransomware victims may be in violation of federal law if the cybercriminals are on a list of sanctioned entities identified by OFAC (Office of Foreign Assets Control). Several states have followed suit and begun drafting legislation that would criminalize paying these kinds of ransoms. There is significant debate in the security community as to whether or not this outright ban on paying ransoms would cause more harm than good. Banning ransom payments would almost certainly result in the creation of another black market to facilitate these transactions and discourage victims from reporting ransomware incidents to the authorities. A similar position was taken by the USG in response to hostage ransom payments by families. Ultimately, however, punishing the victim was determined to be an ineffective—and unethical—deterrent, nor did we see ripples of that preclusion within the international hostage-taking market. The Treasury Department’s recent involvement in cyber extortion response, specifically their success in returning $2.3M of the $4.4M ransom paid for the Colonial Pipeline extortion event, is a significant demonstration of the benefit of including the USG in extortion response efforts. 

The scale and sophistication of ransomware attacks have been steadily increasing since Joseph Popp—widely credited as the father of digital ransom—first attempted to extort victims of the PC Cyborg Trojan he authored nearly 30 years ago. Once a system had been infected, Popp’s malware asked victims to send $189 to a post office box in Panama in exchange for a repair tool. By comparison, the largest single payout for ransomware to date was made in May of 2021 by CNA Financial in the amount of $40M worth of Bitcoin. 

The final step in any sales funnel is always the completion of a financial transaction. One of the major enabling factors for the profitability of cybercrime has been the proliferation of cryptocurrency. $40M worth of pirate booty would weigh around 1,370 pounds in the form of gold, or just over 880 pounds in the form of $100 bills. Bitcoin, on the other hand, weighs absolutely nothing. Not only is cryptocurrency easy to store and move around, but it’s also hard to track and easy to launder. While this is advantageous for the attackers it can present additional challenges for their victims. 

Many organizations that fall victim to ransomware don’t have the liquidity to pay such ransoms, let alone cryptocurrency assets on their balance sheets. Ransomware attacks typically involve a ticking clock intended to create a sense of urgency in victims. The time factor compounds victims’ panic by threatening to delete their data permanently if the ransom isn’t paid by a certain deadline. For organizations who don’t have any backups of their data, this could be the iceberg in their hull that sinks them for good. For organizations who have the means and foresight to maintain robust backups, attackers will often threaten to publish their sensitive data and invaluable intellectual property if their ransom demands aren’t met; this trend is called “double extortion”. For victims scrambling to make ransom payments, getting their hands on enough cryptocurrency can be a challenge. Cash is still king in terms of liquidity. Even Bitcoin—easily the most liquid of all cryptocurrencies—isn’t anywhere close to fiat currencies in terms of its liquidity. The popularity of Bitcoin has led to dramatic increases in the volume of transactions, which can lead to significant delays in conversions and transactions. When evaluating the risk ransomware poses to your organization it is critical to consider these secondary and tertiary risks beyond the inability to access your data. 

If your organization maintains digital assets of any significant value, the possibility of falling victim to a ransomware attack should be high on the heatmap of your risk assessment. However, there are steps individuals and corporations can take to ensure that an extortion-level event does not become an extinction-level event. So, what can you do to not be a victim of piracy on the IPs? 

  1. Prepare. Conduct a business impact assessment to understand the impact a cyber extortion event could have on your organization. This should include a financial analysis for potential ransom responses and techniques for ransom payment, if necessary. Develop a robust incident response plan and conduct table-top exercises on a regular cadence to build muscle memory, test its efficacy, and identify gaps. 
  2. Prevent. Use a password manager and long, strong, unique passwords in conjunction with multi-factor authentication wherever possible. Keep systems up-to-date to limit vulnerabilities and restrict access to information systems according to the principle of least privilege. Educate your workforce with engaging security awareness training, especially with respect to identifying and reporting phishing emails.
  3. Partner. Experts in the cyber crisis field can assist you prior to and during these extortion events. All too often ransomware victims wait to reach out until after the breach has occurred. For best results, it is highly recommended to establish a relationship with a trusted partner prior to an incident occurring to enable efficient and effective solutions. 
Green Car by Mina Tocalini for 360 Magazine

Concentric Q×A

In the current age of digital technology, car owners are being forced to consider their vehicle’s susceptibility to ransomware attacks. These malicious cyber-attacks can expose your personal data to online hackers. However, there are certain measures that car owners can take to help prevent security breaches. Proactive car owners are utilizing services like Concentric to safeguard their technology and online identity. 360 Magazine spoke with Laura Hoffner, Chief of Staff at Concentric, and Sam Connour, Concentric Intern, about how to best practice car system security.

What steps can proactive car owners take to protect their vehicles from security threats and hackers?

First, understand that all digital property can be hacked.

Second, as a result, be conscious of what personal technology you connect to or tether with. Understand that if you connect your phone to your car via Bluetooth, someone hacking into your car will then result in vulnerability to your phone (and everything else connected to your phone such as your home Wi-Fi, addresses, credit cards.)

Third, ensure your vehicle’s software is up today. Car makers, like Tesla and Jeep, are known to push out patches for these potential holes hackers can access. Keeping your vehicle up to date will aid in that effort.

Finally, protect that vulnerability by being aware of the modifications you’re making to your vehicle’s software. Don’t let unknown devices connect to your car, and be wary of who has physical access to your vehicle

What makes a car susceptible to ransomware attacks?

Cars are now equal [in terms of susceptibility] to computers as a result of their connectivity capabilities both to the internet and to Bluetooth. If a car is connected to an insecure and unprotected internet connection, hackers are capable of installing malware into a vehicle’s operating or infotainment systems.

What models of cars are the most likely to encounter hacking/privacy issues?

Cars with self-driving capabilities, or features such as lane assist or automatic braking, are particularly at risk. But practically any vehicle made in the past 20 years can be hacked. Generally, vehicles [from] 2007 or newer run a higher risk of personal information being compromised. Car makers, with a warning from the FBI, are taking steps to beef up cybersecurity within their vehicles.

Should customers be weary of certain car brands when buying technology systems for their vehicles? How can consumers find quality retailers with safe car products?

Rather than it being a concern about specific car brands, consumers should instead educate themselves on the risk associated with these vulnerabilities and take proper protocol to mitigate those risks.

Can Concentric offer any services for car owners looking to safeguard their vehicles?

Concentric offers holistic security solutions for our clients. Included in that is a residential risk assessment that can identify specific concerns and vulnerabilities. This is where personal risk associated with property would be assessed, [as well as] physical and behavioral recommendations.

How did your experience as a Naval Intelligence Officer and in the Naval Reserves translate into your current role at Concentric?

Understanding the threat landscape both nationally and internationally– as well as the acknowledgement that we make both micro and macro decisions about risk daily– ultimately prepared me to understand the corporate security landscape. Holistically viewing a problem set and identifying creative solutions are [at] the core of Naval Intelligence, thus it wasn’t a large leap to bring that mindset over with me from the government side.

As Concentrics’ Chief of Staff, what is your best advice regarding car related security?

Car-related security advice is the same as all other security advice we have: educate yourself, your family, and your team to know what risk decisions you are making that have vast implications across your security vulnerability spectrum. Additionally, security is not something to think about when you’re in a crisis. Avoid or better prepare yourself for the crisis beforehand by taking steps to vastly reduce, or eliminate, your vulnerabilities to exploitation.

Cybersecurity illustration by Heather Skovlund for 360 Magazine

Amazon × MGM Studios Merger

Amazon announced that it will be acquiring MGM Studios for $8.45 billion, in an effort to bolster the already growing Amazon studios and making it the second largest acquisition on Amazon’s part, following its $13.7 purchase of Whole Foods in 2017.

According to cybersecurity expert Mark Stamford, CEO of OccamSec, a deal of this scale will require a complete review of its cybersecurity infrastructure, as the process of fully merging these entities are rarely completed in the expected timescale.

Mark continues:

  • The standard “merger” due-diligence template goes into great detail looking at financial & legal status issues, but rarely seems to consider the potential liability associated with linking into an organization with a seriously compromised infrastructure. 
  • Trying to coherently map risks or produce an enterprise security plan for this type of environment is incredibly challenging, when multiple systems are coming together
  • With such notable deals, most attackers reside within the organization’s network for over 100 days before discovery, so there is a very real risk of starting work on merging infrastructure, whilst being observed by an interested resident attacker, who will be keenly looking out for an opportunity to vector into the core organization’s networks

Mark says, “Exercising strategic due-diligence during a merger or acquisition, is the most effective what for any organization, like Amazon, to protect itself from cyber threats.”

We had the opportunity to ask Mark Stamford some questions as far as the merger and his expert opinion(s):

Q: What changes can be expected with a merger like the Amazon/MGM Studio merger?

MS: The merging of two different cultures always prompts a lot of changes. In this case, MGM is going to become more like Amazon than the other way round.

Q: Do the benefits outweigh the risks with this type of merger?

MS: Yes, I assume so, from a cyber perspective, the main risk is joining two networks together that have different structures, and probably issues. So, for example I was called in to help with some M&A work once, the new network was plugged in…and brought a heap of malware with it which quickly spread into the acquirers’ network.  It later transpired that some of the IP, which was the very reason for the merger, had been stolen.

Q: What challenges is Amazon, an online retailer, facing when merging with MGM Studio?

MS: Both operate in different ways. The majority of movie making companies seem to follow the “if it ain’t broke don’t fix it” mantra. So, technology tends to be a hodge podge, along with processes etc.… Amazon meanwhile is a tech company, and while primarily known as a retailer, has considerable presence in the cloud (with AWS) so has a lot of cutting-edge technology at its disposal.

Q: What are some ways to help the process move along with ease?

MS: Again, in a cyber perspective there needs to be due diligence done on the MGM environment. At the same time, since both organizations probably have a range of security tools, seeing who has the best tool for the job can save money in the long term.

Also, not to be discounted is the human element in cyber security – any merger results in layoffs. So, the potential for a “disgruntled insider” increases. The way to help with that is communication – not more monitoring.

Q: How can Amazon prevent cyber-attacks during the process of the merger?

MS: MGM makes a nice target right now, since at some point their technology will be integrated into Amazon, and if I was a bad guy, I would assume they are the softer target of the two. Amazon should work with MGM to ensure their security is at a “good” level, and work on the integration aspects – two distinct cyber security teams need to become one, quickly.

Q: In your opinion, does Amazon face cyber risks from vendors or third parties with the onset of the merger?

MS: I think amazon always faces this risk, as does everyone. Since the organization is increasing in size, the “attack surface increases” so yes, they do face risks.

Q: What are the biggest cybersecurity threats at the moment?

MS: Motivated attackers, be that nation states, criminal groups, hacktavists, or others. Ransomware is getting a lot of press right now. However, I think the biggest threat is the endless cost spiral companies are trapped in trying to deal with this.

Q: What are some ways to ensure that the infrastructure is not compromised?

MS: Defense in depth continues to be the key. Layers of security, which work together, and consider the context of the organization (how it makes money or delivers its service) in order to support that mission.  I assume Amazon will expand their cyber security program across MGM fairly quickly, which checks a number of boxes and provides a good starting point.

One issue may be that a movie studio faces different kinds of attackers than Amazon. Movie studios are primarily about their IP, everything else always seemed to be secondary to that. Stealing a movie is a different attack then ransomware, which we have seen borne out in practice (various insider attacks to steal content for example).

Q: What are your certifications in the cybersecurity field?

MS: I have been involved in cybersecurity since I was 11. Was senior penetration tester for a global consulting company, ran a security program at a global investment bank, and have been running a security company for 10 years.

Q: What does effective cybersecurity look like to you?

MS: Cost effective, business aware, and layered.

Computer illustration by Heather Skovlund for 360 Magazine

Your Online Privacy Is in Your Hands

Many Internet users don’t take online privacy seriously because they believe that they have nothing to hide. Even if you don’t want to secure your data from the curious eyes of big brother, you should be aware of other privacy threats on the Internet.

  • Other states: Even if you trust your own government, do you trust other states? Many foreign governments take a keen interest in the online activities of other citizens.
  • Marketers: Advertisers and other businesses use many methods to track your Internet activity to build an online profile that they can sell to other organizations.
  • Acquaintances: Many people who are curious about you will consume your publicly available data that’s of a private nature.
  • Stalkers: Ex-partners, jealous lovers, stalkers, or predators can use malicious software to breach your privacy. Some stalkerware can take your pictures and record your videos through webcams when you’re not aware. Stalkerware can also monitor your physical movements through the GPS on your laptop.

Share Your Data Sensibly

It’s a good idea to take basic security precautions on social media. Accept friend requests carefully. Verify suspicious-looking profiles to ensure that they’re legitimate. Limit posts that carry sensitive information to your friends and avoid sharing confidential information publicly.

When downloading apps, avoid handing out permissions needlessly. For example, does your fitness app really need access to your contacts, camera, and videos?

Of course, set strong passwords for all your social media accounts to keep hackers at bay. A good password should be at least 12 characters long and feature upper case letters, lower case letters, numbers, and symbols.

Avoid Suspicious Websites and Emails

Avoid visiting unknown websites and clicking strange emails and files. Cybercriminals can infect fraudulent websites, emails, and files with malware like adware or spyware that’s designed to breach your privacy, security, or both.

Stay Wary of Strangers

Trust your instincts and be cautious. Avoid friend requests from people you don’t trust. Likewise, please don’t click on links from such people as they may be Trojan horse attacks engineered to install stalkerware on your devices. Similarly, don’t accept tech gifts from strangers. For example, a USB drive or keyboard could be a keylogger that records your keystrokes, allowing a cybercriminal to read your emails or learn your login credentials.

Find a Good VPN Service

Protect your network with a firewall and a top-of-the-line VPN service. For example, Malwarebytes VPN protection will encrypt your data with its technologically advanced software and even mask your IP address.

Without your IP address, states, threat actors find it exceptionally challenging to track you to your location across the Internet. There are other advantages to subscribing to an excellent VPN service too. For one, you can bypass geo-blocks and consume entertainment from different parts of the world. For example, a VPN can allow you to watch Netflix USA while in Canada! But please steer clear of free VPNs as they’re slow, carry spyware, and may even spy on you.

In addition to network security tools, use advanced antivirus software to protect yourself from malware like viruses, worms, spyware, adware, ransomware, and even dangerous stalkerware. With the right cybersecurity software and some vigilance, you can surf the Internet all day stress-free.