By Andrew Paulette, Marvin Marin, Mesay Degefu, and Colby Proffitt, with contributions by Donnie Corliss
1.) “Perverse” malware infecting hundreds of Macs remained undetected for years (July 27, 2017)
Summary: A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher—remained undetected until recently and may have been active for almost a decade.
Why it matters: This article touches on the point that this malware is a bit of an oddball once you start to dig and understand not just how it was built, but why. There was no monetization component, and this malware was not used to monitor agencies or governments.
The ability to spy on users brings to mind the use of the iOS Trident vulnerabilities and Pegasus spyware used in late August of 2016 against a political dissident in the United Arab Emirates. While these strains of malware are almost certainly not connected (Fruitfly’s install base of 100s of users suggests it was not state surveillance), it shares the similarities of spying on individuals and a targetting an OS that has a smaller market share (therefore less chance of success/profit).
This odd blip in the catalog of malware strains may remain a mystery.
2.) Google Study Quantifies Ransomware Profits (July 27, 2017)
Summary: Over the past two years, 35 unique ransomware strains earned cybercriminals $25 million, with Locky and its many variants being the most profitable.
Why it matters: It’s incredible to read articles that talk about ransomware profits – terms and concepts such as “keeping development seperate from distribution,” “affiliate model,” and ”topnotch customer support” sound more at home in a pitch for business software than malware, but time and time again these concepts are referenced. This underscores one of the critical points why ransomware is so successful and how we should focus on stopping it: ranswomare is a business.
As discussed in NetCentrics’ series on Ransomware, this form of malware will continue to innovate in the pursuit of more profits. By the same token, law enforcement, governments and the tech industry must take a multi-pronged approach to help reduce the effectiveness of ransomware by making the cost of doing business too high to be a successful model.
3.) Report: The top 5 cybersecurity threats of 2017 (July 26, 2017)
Summary: Based on intelligence gathered from iDefense, the top five cybersecurity threats for 2017 are: Reverse Deception Tactics, Sophisticated Phishing Campaigns, Strategic Use of Information Operations, Alternative Crypto-Currencies and DDoS-for Hire Services.
Why it matters: It is essential for organizations to have a sustainable security system. This includes departmental budget increase, expanding security research and training more analysts and cyber professionals. In addition, it’s recommended that organizations adopt more proactive prevention, elevate email controls, insulate infrastructure and plan for continuity.
4.) Adobe’s Move to Kill Flash Is Good for Security (July 26, 2017)
Summary: Adobe this week announced plans to finally kill off its Flash media player by the end of 2020, citing obsolescence as one of the primary drivers for its decision. But the reason many want to see the end of the product is security.
Why it matters: Adobe’s decision to halt development of Flash at the end of 2020 is definitely a win for the security community, as zero days and other vulnerabilities have been numerous. That said, it is important to remember such developments will have signifigant business impacts as teams have to redeploy software and retrain members to use other code such as HTML5 to drive its software development. While it would be nice to have Flash out of the picture sooner, the timeline to its sunset is one that attempts to balance business needs with the needs in an age where information security is becoming a higher priority.
5.) Hacker Steals $8.4 Million in Ethereum (4th Heist in a Month) (July 24, 2017)
Summary: An unknown hacker has just stolen nearly $8.4 million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – in yet another Ethereum hack that hit Veritaseum’s Initial Coin Offering (ICO).
Why it matters: Ethereum thefts have been common in the past month, with hackers making off with millions over the course of the past few weeks. It will be interesting to see if these attacks increase as more cyber criminals see the ease with which other attacks have been completed.
6.) Bluetooth makes a mesh of itself with new spec (July 21, 2017)
Summary: The Bluetooth Special Interest Group has released the spec for Bluetooth Mesh, a many-to-many extension of the technology.
Why it matters: While the bluetooth mesh will open many possibilties for bluetooth communications over long distances, the question of how to secure this data travelling through multiple points and across IoT devices (with a poor security track record) remains. While there are no doubt standards in place to ease these concerns, the proof will be in the implementation to see if companies can successfully secure data which may not be tolerant to disclosure or disruption.
7.) Researchers shut down AI that invented its own language (July 21, 2017)
Summary: An artificial intelligence system being developed at Facebook has created its own language. It developed a system of code words to make communication more efficient. The researchers shut the system down as it prompted concerns we could lose control of AI.
Why it matters: If you’ve ever seen the movie I, Robot, you’ll understand the fascination and fear of articifial intelligence. Without letting AI run its course uninterrupted, it’s hard to fully know the intent or potential. Shortcutting English may seem harmless enough; the machines were just figuring out more efficient and effective ways to communicate – weren’t they? Sci-fi movies are sometimes rooted in outlandish dreams, but those dreams are increasingly becoming actual possibilities with rapid advances in IT. What’s important is that our cyber defenses keep pace with those advances.
8.) The State of Online Privacy 2017 (July 20, 2017)
Summary: Online privacy is a growing concern for Americans. Whether it is congress’ decision to revoke FCC Privacy Protections or Facebook’s ever-changing privacy settings, online privacy has forced its way into public discourse.
Why it matters: As this article details, the public does not have high confidence that the various digital platforms we use in our day-to-day life can protect our private information, with all companies receiving relatively low marks in consumer confidence. In addition to the privacy incidents highlighted in this article, users should also be concerned about the aggregation of their data. With so many data points on each individual added on a daily basis and companies sharing this information with one another, it’s easier than ever to fill-in-the-blanks on an individual simply by compromising a few personal accounts (also relatively easy due to password reuse). While we should continue to hold companies accountable for protecting our information, we should also ensure that we safeguard our own data by thinking twice about what we add to the treasure trove of information that is already available on each individual. With so much data stored for longer terms, a statement or casual action posted to the internet, in conjunction with all the other information collected about us, can have serious implications years later.
9.) Data takes to the road – the technology behind the Tour de France (July 20, 2017)
Summary: The world’s greatest cycle race is transforming its relationship with fans thanks to internet of things, data analytics, and machine learning technologies.
Why it matters: While the new IoT tech is impressive, pushing immense amounts of data almost instantaneously to viewer televisions and other smart devices, challenges still remain. For example, at one point in the tour, the data reported was incorrect, seemingly transporting one rider from France to Kenya. Aside from the challenge of getting the data right the first time and every time, there’s also the challenge of protecting the data, devices, and riders from cyber criminals. Taking control and altering the data could alter race results, and depending how IoT is further used in future races, it could be leveraged to stop bikes from functioning at all, halting the race altogether.
What’s important to remember is that if it’s connected, it’s susceptible to attack. And, somewhere out there, there’s a hacker with the motivation, patience, and skill necessary to compromise the device.