Doug Bedell — August 5, 2020, 1:04 pm

‘Grand Crab’ Ransomware an Example of Computer Extortion

Watch out for guys like this. Paul Ducklin on the Naked Security blog reports on the arrest of a 31-year-old man “who is alleged to have extorted more than 1000 victims with the infamous Grand Crab ransomware in 2017 and 2018.

“He apparently demanded payments ranging from $400 to $1500 in Bitcoin.

“Unlike more targeted attacks where crooks break into networks first and directly infect them with ransomware later, the unnamed suspect is said to have gone after victims by the more traditional route of spamming out booby-trapped emails across the globe.”

Emails can be a treacherous form of communication. Read warily anything appearing on a computer screen. The question to ask: Who sent this and why?

Doug Bedell — August 3, 2020, 10:19 am

Hacking Twitter Could Pose a Security Threat to Us All

Bruce Schneier advises that the recent hacking disruption of Twitter, the social network, is a warning of what could happen if the entire Twitter network is disrupted by computer attackers.

“Imagine a government using this sort of attack against another government,” Schneier suggests, “coordinating a series of fake tweets from hundreds of politicians and other public figures the day before a major election, to affect the outcome. Or to escalate an international dispute. Done well, it would be devastating…

“Internet communications platforms — such as Facebook, Twitter, and YouTube — are crucial in today’s society,” Schneier continues. “They’re how we communicate with one another. They’re how our elected leaders communicate with us. They are essential infrastructure. Yet they are run by for-profit companies with little government oversight. This is simply no longer sustainable. Twitter and companies like it are essential to our national dialogue, to our economy, and to our democracy. We need to start treating them that way, and that means both requiring them to do a better job on security and breaking them up.”

Thus social media could be a digital threat to all of us.

Doug Bedell — July 31, 2020, 11:50 am

Online Safety a Big Concern in Remote Learning

To the extent that remote learning will be practiced in the new school year, educators, parents and students have to do some quick learning about cybersecurity, The Last Watchdog blog advises.

“Overnight, those in charge must learn how to operate all of our elementary, junior high and high schools as if they were digital-native startups,” Byron V. Acohido advises. “Students, parents and teachers at each K-12 facility, henceforth, need to be treated as the equivalent of remote workers given to using a wide variety of personally-owned computing devices and their favorite cloud services subscriptions. And it must be assumed that many of them are likely ignorant of good cyber hygiene practices.”

Computer security suddenly has new urgency for parents, teachers and students alike.

Doug Bedell — July 29, 2020, 11:36 am

Continual Alertness Required for Computer Security

The KnowBe4 security awareness training blog, in a post by Roger Grimes, advises that “Seventy to ninety percent of all malicious breaches are due to social engineering and phishing!” Those are deceptive e-mail or text messages for gaining private information for sinister purposes. Unpatched software is another source of digital risk.

“I’m asking you,” Grimes writes, “to ask yourself about when a hacker or malware got through your defenses, over your career and own personal experiences, how did it happen? It was probably social engineering and unpatched software, with social engineering leading the way. When you hear about a big compromise in the news, how did it happen? Probably social engineering and unpatched software.”

Grimes and other sources cited in Barrier Briefs posts make the point that alertness along with continually updated software are necessary for computer security. Don’t just coast along thinking you’re safe when you’re actually at risk.

Doug Bedell — July 27, 2020, 11:21 am

Preparing For a Career in Cybersecurity

Krebs on Security discusses what it takes to have a cybersecurity career. It’s challenging but, like most desirable skills, attainable with study and experience.

“Granted, most people who have just graduated with a degree lack practical experience. But happily, a somewhat unique aspect of cybersecurity is that one can gain a fair degree of mastery of hands-on skills and foundational knowledge through self-directed study and old fashioned trial-and-error.”

As always, aspiration comes before attainability.

Doug Bedell — July 24, 2020, 12:50 pm

A Security Rub: We’re All Masked Now

It’s not so easy during the COVID-19 pandemic to identify people by full facial recognition – practically everybody is wearing masks. The Security Industry Association discusses what that means in a blog post.”Skeptics say that the adjustments will not be simple.”

“While companies are adjusting their facial recognition systems in response to virus countermeasures, they are also adding new functionality to their algorithms, including what might be called mask recognition. Artificial intelligence is being applied to video feeds to identify people who are not wearing masks in places where it is required. Forbes reported that airlines in particular are interested in this technology as they seek to reassure people of the safety of flying.”

Read on to consider how this era differs from that of the Lone
Ranger – his mask only covered his eyes and Tonto didn’t have one.

Doug Bedell — July 22, 2020, 12:07 pm

Genealogy, Too, Can Be a Pursuit With Web Security Risks

You never know where computer security can run afoul. Consider and Family Tree Maker genealogy software.

The ThreatPost blog reports that “A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity.

“Research led by Avishai Efrat at WizCase has discovered the leak, which affected an open and unencrypted ElasticSearch server that belonged to Software MacKiev, according to a report posted online by Chase Williams, a web security expert at WizCase.

“Software MacKiev currently maintains the Family Tree Maker, or FTM, software, which in turn syncs user data of a widely-known family history search platform, leak exposed a MacKiev server with 25 gigabytes of Ancestry user data and MacKiev Software user subscriptions, including information such as email addresses, user location, user support messages and technical data. Most of the users whose data was leaked appear to be U.S. residents, according to the report.

“The leaked data could have given cybercriminals and scammers access to user personal information, putting many people in great risk of having their credentials used against them,” according to a report posted online by Chase Williams, a web security expert at WizCase.

If you are doing genealogical research, there’s more in the post to give you jitters.

Doug Bedell — July 20, 2020, 11:33 am

Twitter’s Account of a Cyber Attack on Its Employees

The big guys – like Twitter – get hit with cyber attacks too. Here, on, is an account from Twitter – “An update on our security incident” – on one such incident that occurred on July 15.

“At this time,” Twitter advises, “we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.

“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames…”

There’s more to the incident in Twitter’s report. But the point is, it’s hardly comforting to learn that a social media giant can be plagued by cyber attackers too. Be watchful, always.

Doug Bedell — July 17, 2020, 10:02 am

U.S. Army Helps Fight the Coronavirus Pandemic

The U.S. Army has been going to war to respond to the coronavirus crisis, reports.

“Soldiers have built hospitals, supported hospital staff, helped deliver food and managed nursing homes since the president declared a national emergency in March as COVID-19 cases began sweeping across the country, now killing more than 137,000 Americans…

“The Army took on new coronavirus-related missions earlier this month. U.S. Army North announced it dispatched medical and support troops to Texas and California, two states that have seen summer spikes in COVID-19 cases.

“The request to send military personnel to the two locations came from the Federal Emergency Management Agency and the states.”

The Army is aiming for a size of 486,000 by the end of 2021 and is planning to boost its size to 500,000 over the next decade, notes.

Doug Bedell — July 15, 2020, 11:12 am

For Computer Security, Read About RATS and Zombies

Read up on how computers can become infected by stealthy intruders, in this instance RATS, or remote access Trojans, courtesy of Paul Ducklin on the Naked Security blog.

Zombie is another name for RAT. “Indeed, the name RAT was originally coined as a metaphor that referred as much to the criminals that deployed the malware as to the malware itself.

“But few RATs were ever just about surreptitious access to webcams and screenshots.

“Remote access tools of this sort are more generally known as bots, short for software robots, or zombies, because they lie in wait for commands to arise and wreak havoc.

“And almost every zombie out there supports, in addition to any built-in features such as file stealing, screen capturing and webcam snooping, a generic command by which it can update and replace itself with completely new malware, or download and install new malware to run alongside itself.”

A link to the full SophosLabs report on RATS is provided. It’s well worth digging into.