Lenovo’s installation of a security-breaking app called Superfish on some computers has customers justifiably angry, but some folks are now unnecessarily confused by false positive detection.
The post Lenovo and Superfish? Don’t panic, you may not be affected appeared first on We Live Security.
In his speech, before a hall full of business and tech leaders, students and professors, the President again emphasized the importance of the government and private sector working together.
He pointed out, “So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone. But the fact is that the private sector can’t do it alone either, because it’s government that often has the latest information on new threats. There’s only one way to defend America from these cyberthreats, and that is through government and industry working together, sharing appropriate information as true partners.”
Clearly this is a president who recognizes the dangers and complexities of cybersecurity, and equally wants digital safety to be a cornerstone of his legacy.
As he said elsewhere in his speech, “…. it’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm… The same social media we use in government to advocate for democracy and human rights around the world can also be used by terrorists to spread hateful ideologies.” We are fortunate to have a president who “gets it”.
In his speech, the President outlined four basic principles for cybersecurity:
(See a full transcript of the President’s speech here.)
The President followed his speech by signing an Executive Order that encourages and promotes the sharing of cybersecurity threat information within the private sector and between the private sector and federal government. As he stated, it will also “…encourage more companies and industries to set up organizations – hubs – so you can share information with each other.”
It’s no surprise that the President picked Stanford for his cybersecurity summit.
Besides being in the cradle of information technology and in the heart of Silicon Valley, Stanford announced a major Cyber Initiative in November that will address, through an interdisciplinary (and campus-wide) focus, the “crucial and complex opportunities and challenges raised by cyber-technologies.”
As regards the President’s speech, I like the practical realization that the government and business must work together; but most of all I like the fact that the President recognizes that the privacy of the individual is paramount. As a security firm our mission is to protect your data, but beyond that, it is to make sure that you, and your privacy, and the privacy of your loved ones, is secure. As we move forward, we’ll keep our eye on these policies and initiatives with that in mind.
US newspaper The New York Times has published a fascinating news story about what could be the largest bank robbery in history. According to the article, the thieves have stolen at least $300 million but this figure could be triple that amount, reaching almost $1 billion.
In order to carry it out, the thieves used malware to infect employees’ computers, compromise them and give the cyber-criminals access to the internal network. In this way the attackers studied the internal functioning of the bank’s daily routines, so that the transfers they planned to make did not attract any attention and blend in with the normal daily operations.
Today a report will be published that will clarify some of the questions surrounding the attack. I was struck by the way the article begins, with what seems like the beginning of a Hollywood story: an ATM in Kiev started “spitting out” cash without anyone touching it.
The most surprising aspect is not the act itself. A cash machine is just a computer and attacking it so that it can obey commands not given by the bank is perfectly possible. However, if one thing does not make sense, it is that the criminals even bothered to carry out this attack when they are capable of stealing millions of dollars without attracting any attention using transfers.
The answer to this mystery is simple. It is not a robbery but hundreds of them. Multiple banks from different countries are victims of the attack and in each one they have carried out the attacks that best adjusted to the level of comprise they achieved, according to what they were able to access, etc. In those in which they were able to carry out transfers and send money abroad, that is what they did. If they could not do this but were able to hack the cash machines, they took the money in this way.
Cyber-criminals have compromised 100 banks in 30 countries. According to the information published so far, some employees received emails that infected their computers with malware. Once a computer has been compromised it is relatively easy –for them at least– to move across the internal network, compromising more computers and gaining access to all of the resources they need. When they had control of the key computer, they installed a Trojan which gave them full access to it.
In the light of the data published, it is clear that the losses that a robbery like this can generate are huge, and it is very noteworthy that an attack of this kind had gone unnoticed for so long (they had been working on it since the end of 2013). The banks I know take security very seriously. I have no doubt that they all had some kind of security solution installed and a team to make sure that it was operating correctly. Neither do I doubt that it was insufficient, although that is easy to say when we have just seen the magnitude of the attack.
What should they do? Is there any way to stop all of these attacks? No system is perfect or 100% attack proof. However, there are some measures that are relatively easy to implement that significantly increase security, preventing attacks like this.
Firstly, in a bank it is very debatable that any employee should be able to install and run (consciously or not) any software that has not been previously approved by the security team. Simply preventing the installation of unauthorized software will eliminate the majority of attacks carried out.
Remember that this attack has been described by a representative of the company investigating it as “one of the most sophisticated attacks the world has seen to date”, and the attackers still needed to send an email and an employee to open it and run the attachment (or click on a link).
You might think that the attack could have used an unknown vulnerability to compromise the computer, which has been done in the past and is perfectly plausible. In this case, simply visiting a website could compromise the computer. However, if you have a system that monitors the behavior of the processes running on each computer, these types of attacks can be detected. If the browser process, for example, downloads and tries to run an unknown program, automatically block it and problem solved.
Some readers could think that if it were that easy all large companies would use this type of system, if not on all computers at least on those that can access critical data and should be well protected. Unfortunately, there are very few solutions of this type on the market. Whitelisting-based applications, which basically only allow known files to be run, are very awkward to use in the day to day and on top of that, once they let a process run (the Internet browser, for example), they do not monitor it.
What is left? Well, from my 16 years of experience in the IT security world I can assure you that it is time to get serious. We must forget about fear and back disruptive technology that allows us to control everything that happens on our networks. They must be flexible enough to give me the option to “lock down” the network and not allow anything unknown to be installed or run, or to be a little more open provided that we have timely information on what is happening in the network.
This set of technologies and services, which we have been working on for more than 2 years, is available with Panda Advance Protection Service.
With the information that I now have on what is the largest bank robbery in history, I can say that if any one of the 100 banks affected had used Panda Advance Protection Service, they would have been protected and the attackers would probably not have been able to steal a penny.
The post The largest bank robbery in history appeared first on MediaCenter Panda Security.
Is America’s new Cyber Threat Intelligence Integration Center a step forward? Or a duplication of the National Cybersecurity and Communications Integration Center at DHS?
The post Cyber Threat Intelligence Integration Center: will CTICC be a game changer? appeared first on We Live Security.
Anthem Blue Cross Blue Shield, a medical insurance provider in the US, was subject to serious data breach that included personal information of its members past and present.
The data stolen includes names, birthdays, medical IDs/social security numbers, street address, email addresses and employment information including income data.
The type of data that has been reported to have been stolen means that this breach is potentially much more serious than most of the large data breaches we saw last year. These hacks were primarily of credit card and transaction data.
Generally, when credit card account details are taken, victims can limit the damage by stopping their card and changing their password. Credit card companies will also cover most of the liability.
The difference with this theft though is that stolen data is a lot more difficult to track than a simple financial transaction. Social security and insurance information can be used for anything from a false insurance claim to collecting prescription drugs.
If you think that this data breach may affect you then you should carefully check your next health insurance bill. Be sure to check that all the claims are indeed yours and dispute things that seem strange.
It’s important to catch the misuse of your insurance quickly before medical debt notices are issued because of unpaid bills. That could lead to credit rating issues or in the worst case, you could be refused insurance due to a condition that you don’t actually suffer from.
As a precaution here some other actions you should take, not forgetting the above one of checking medical statements:
Follow me on twitter @tonyatavg
Car manufacturers regularly introduce new features to make our motoring lives easier and more secure. However in recent week, vulnerabilities have emerged that highlight potential dangers of smart car connectivity.
As reported by The Register, a vulnerability was discovered affecting BMW cars allowing an attacker to open doors and windows via a weakness in the My BMW Remote smartphone app.
BMW have reportedly deployed a software patch for all affected models remotely, but it is worth double-checking with your dealer to make sure it has been applied.
Worryingly, this type of vulnerability is not new. Keyless entry systems for cars built within the last decade have increasingly come under attack, and exploits only get more sophisticated over time.
In 2011, Swiss security researchers from ETH Zurich University conducted experiments covering 10 cars from different manufacturers and found serious flaws that could allow someone to open the doors and start the engine of your car using a “relay station attack”.
The research demonstrated that some modern cars using a “Passive Keyless Entry System” (PKES), where you don’t need to insert a key into the car to start it, could be stolen by using a trick to amplify the radio signal transmitted by your keyless remote.
When you park your car at night, where do you leave your keys? I’ll be placing mine inside a lead box from now on – or taking the battery out! And let’s hope the car manufacturers eventually get it right in the meantime.
Until next time, stay safe out there.
A war hero in a mathematician’s skin. That was Alan Turing. The man considered the father of computer science played a key role during World War II: Historians believe that Turing’s work shortened the war by two years. How? By breaking the Nazi’s Enigma Code, considered an impossible feat until then.
Forced to undergo chemical castration for his sexual orientation and branded a criminal for the same reason, Alan Turing and his role in World War II were almost forgotten until Great Britain, through a letter written by Prime Minster Gordon Brown, apologized in 2009 for how this computing genius was treated.
Now Hollywood is paying homage to Turing with ‘The Imitation Game‘, the movie that premiered in the United States and the United Kingdom in November in which Benedict Cumberbatch, known for his starring role in the series ‘Sherlock’, plays Alan Turing.
The movie, with some inaccuracies, focuses on the fight against Enigma, the machine that the Germans used during World War II to send messages without the allies being able to understand their content in time.
It all happened in Bletchley Park. This estate located an hour from London was the headquarters of the United Kingdom’s Government Code and Cypher School (GC&CS), training an army of cryptographers whose goal was to intercept and decipher the messages that the Nazis were sending at the height of World War II.
One of the leaders of the cryptographers who worked at Bletchley Park was Alan Turing, who joined the GC&CS aged just 26. It was there that Turing developed his own machine, the one that helped break the powerful Enigma Code: it was called ‘the bombe’.
Enigma worked with a system of five rotors that resulted in millions of combinations of coded text. And that is not all, the machine’s settings changed every day and the volume of messages was so large that Bletchley Park had up to 10,000 cryptographers trying to decipher them at the necessary speed.
That was until the bombe arrived. Based on the work done by the Polish intelligence service, in just three months Turing developed a machine capable of deciphering the Germans’ messages using mathematical analysis techniques that determined the most probable position of Enigma’s rotors.
Created in 1940, three years later the bombe was deciphering more than 84,000 Enigma messages a month. The system created by Turing, and Gordon Welchman, thereby accelerated the discovery of the Germans’ movements communicated under the guise of Enigma.
Turing’s work not only shortened the war by two years but it is estimated that no less than fourteen million lives were saved by the discovery made at Bletchley Park.
After this milestone, which made him a war hero, Turing continued striving to become known today as the father of computer science: after World War II came the Turing test, or the first computer chess game. Unfortunately, a tragic and final end and five decades of obscurity also came. Now it is starting to be repaired.
The post ‘The Imitation Game’: The greatest milestone in the history of cryptography hits the big screen appeared first on MediaCenter Panda Security.
The latest incident involving a drone has more serious implications than buzzing a neighbor’s yard. In January, a drone crashed into a tree on the South Lawn of the White House. Apparently, the drone was small enough to avoid detection by the White House security radar.
The man who was operating the drone is an employee of the National Geospatial-Intelligence Agency. After seeing the story on the news the following day, he contacted officials to confess. He later admitted that he had been drinking.
The point is that drone adventures are getting increasingly (and literally) out of control.
The White House incident comes just days after the Department of Homeland Security held a conference in Arlington, Va., on the dangers that such drones pose to the nation’s critical infrastructure and government facilities.
The New York Times reported that the conference exhibited a DJI Phantom drone — the same type of drone that reportedly crashed at the White House.
However, the drone on display at Homeland Security’s conference had three pounds of fake explosives attached to demonstrate how easy it would be to weaponize. Frightening.
The President said in an interview with CNN that he has instructed federal agencies to examine and address the broader problem and the need for regulations on drone technology.
As the President wisely noted, regarding drones, “We don’t yet have the legal structures and the architecture both globally and within individual countries to manage them the way that we need to.”
Part of the idea for legislation or enforcement, the President said, “is seeing if we can start providing some sort of framework that ensures that we get the good and minimize the bad.”
Legislation and regulation needs to happen soon. Even though it is illegal to fly drones in Washington DC, that appears to be a small deterrent.
Let’s see how this unfolds. There are privacy and security hazards with drones that everyone needs to be aware of, and this incident might spur some real action.
Careful! We have detected a new phishing attack!
If you receive an email with the Spanish text: “Hola, nuestro sistema ha detectado autorizado entrada intento de su Apple ID…” (“Hello, our system has detected authorized access attempt of your Apple ID…,”) careful, it is phishing!
Below is an example of the email and the first thing that should catch your attention is the sender’s email address: AppIe Support <[email protected]>
Using the excuse that someone has tried to access your Apple ID account, the cyber-criminals ask you to change your details. When you click on the link, a page opens that is an almost perfect imitation of Apple’s website:
After signing in with your Apple ID login details, the next step is to update your personal details.
In addition to your name, address or telephone number, it requests your bank and credit card details in order to verify your identity and as the default method of payment for purchases and for iTunes or the App Store.
So, if you fall into the trap and enter all of this data, you will be giving the criminals access to this sensitive information.
As we always say, no company will ever ask you to send your personal details to them via email. If they do, be suspicious! In addition, in this case prevention is better than cure and it is important to have an extra layer of protection by installing one of the antivirus software from our 2015 line.
The post Apple ID user? Careful! There is a new phishing attack! appeared first on MediaCenter Panda Security.
As we approach February, and look forward to a year of stronger cybersecurity, there is still time to give your passwords a refresh and resolve to do so regularly.
Password protection is more important than ever, especially with so many devices, which provide ready access to so much of our personal information.
AVG’s own Tony Anscombe noted in his Safer Internet Day 2015 post recently, “Protecting your online world starts with devices and setting a passcode…”
It was interesting to find that in the annual list of Top 25 most common passwords on the Internet, as researched by the password management provider SplashData, the easy targets like “123456″ and “password” continue to hold the top two spots!
Other favorites in the research conducted by analyzing passwords that had been leaked in 2014: QWERTY and football. Their popularity makes them notoriously some of the “worst” passwords to use and the “easiest” for hackers to figure out.
Picking a strong password doesn’t need to be difficult. We recently published an infographic on how to create a strong password that is also easy to remember.
