Browse > Home /

Microsoft: Now It Is the Chinese Because Russia, Well, Russia

October 3, 2022

Brad Smith, president of Microsoft Corp, pinned the blame for the SolarWinds’ misstep on 1000 super cyber warriors from the all-time leader in muffing bunnies. With Russia’s special operation, few would attribute technical super powers to a nation state unable to refuel tanks or prevent troops from eating poisoned cookies offered by a grandmotherly type. China, I think it is your turn to be cast as the dark nemesis for the outstanding Microsoft Exchange Server.

“More Trouble for Exchange Server As Zero-Day Exploits Attacked” asserts:

Microsoft has acknowledged the issues in a post on the Security Response Center, identifying two vulnerabilities, one a Server Side Request Forgery, and another that allows remote code execution via PowerShell. These vulnerabilities are apparently being currently exploited, with signs pointing to China state sponsored hacking groups, who are known to use some of the web shells used in the attacks.

Are there fixes? Sure, the write up reports:

The company also lists some possible detection techniques using Microsoft Sentinel, Defender for Endpoint, and Defender Antivirus.

Microsoft offers some after-the-fact words in this oracular Redmondian emission. Do I have some questions? Nah. Been there. Done that. Do I have observations? Nah, been there and done that too.

One thing could be added to the list of life’s certainties: Microsoft and security are the new peanut butter and jelly of technology. Bad actors love the combo.

Stephen E Arnold, October 3, 2022

Written by Stephen E. Arnold · Filed Under Uncategorized | Comments Off on Microsoft: Now It Is the Chinese Because Russia, Well, Russia 

Increasingly Sophisticated Cybercrime

December 8, 2016

What a deal! Pymnts.com tells us that “Hacked Servers Sell for $6 On The Dark Web.” Citing recent research from Kapersky Lab, the write-up explains:

Kaspersky Lab researchers exposed a massive global underground market selling more than 70,000 hacked servers from government entities, corporations and universities for as little as $6 each.

The cybersecurity firm said the newly discovered xDedic marketplace currently has a listing of 70,624 hacked Remote Desktop Protocol (RDP) servers for sale. It’s reported that many of the servers either host or provide access to consumer sites and services, while some have software installed for direct mail, financial accounting and POS processing, Kaspersky Lab confirmed.

Kapersky’s Costin Raiu notes the study is evidence that “cybercrime-as-a-service” is growing, and has been developing its own, well-organized infrastructure. He also observes that the victims of these criminals are not only the targets of attack, but the unwitting server-owners. xDedic, he says, represents a new type of cybercriminal marketplace.

Kapersky Lab recommends organizations take these precautions:

*Implement multi-layered approach to IT infrastructure security that includes a robust security solution

*Use of strong passwords in server authentication processes

*Establish an ongoing patch management process

*Perform regular security audits of IT infrastructures

*Invest in threat intelligence services”

Stay safe, dear readers.

Cynthia Murrell, December 8, 2016

Written by Stephen E. Arnold · Filed Under Analytics, Legal matters, News, Privacy, Security | Comments Off on Increasingly Sophisticated Cybercrime 

Good Old Sleuthing Can Still Beat Dark Web

November 8, 2016

Undercover investigative work of different agencies in Bergen County, New York resulted in arrest of an 18-year old man who was offering hitman services over the Dark Net.

As reported by Patch.com in news report titled Hitman Who Drove To Mahwah For Meeting Arrested: Prosecutor :

The Mahwah Police Department, Homeland Security Investigations, and the Bergen County Prosecutor’s Office Cyber Crimes Unit investigated Rowling, a Richmondville, New York resident. Rowling allegedly used the dark web to offer his services as a hitman.

Tracking Dark Web participants are extremely difficult, thus undercover agents posing as buyers were scouting hitmen in New York. Rowling without suspecting anything offered his services in return for some cash and a gun. The meeting was fixed at Mason Jar in Mahwah where he was subsequently arrested and remanded to Bergen County Jail.

As per the report, Rowling is being charged with:

In addition to conspiracy to murder, Rowling was charged with possession of a weapon for an unlawful purpose, unlawful possession of a weapon, and possession of silencer, Grewal said.

Drug traffickers, hackers, smugglers of contraband goods and narcotics are increasingly using the Dark Web for selling their goods and services. Authorities under such circumstances have no option but to use old techniques of investigation and put the criminals behind bars. However, most of the Dark Net and its participants are still out of reach of law enforcement agencies.

Vishal Ingole, November 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, Legal matters, News, Security, Technology | Comments Off on Good Old Sleuthing Can Still Beat Dark Web 

Hackers Having Field Day with Mirai Botnet

November 7, 2016

The massive cyber-attack that crippled major website across the US on October 21 was executed using an extensive network of infected computers and smart devices. The same botnet is now on sale on Dark Web which will enable hackers to launch similar or even massive attacks in the future.

As reported by Cyberscoop in article titled You can now buy a Mirai-powered botnet on the dark web:

A botnet of this size could be used to launch DDoS attacks in addition to automated spam and ransomware campaigns. The price tag was $7,500, payable in bitcoin. The anonymous vendor claimed it could generate a massive 1 terabit per second worth of internet traffic.

The particular botnet used in the Dyn attack are all infected with Mirai malware. Though the source code of the malware is freely available across hacker forums, a vendor over Dark Net is offering ready to use Mirai-Powered botnet for $7,500. This enables any hacker to launch DDoS attack of any scale on any network across the globe.

As the article points out:

With the rise of Mirai, experts say the underground DDoS market is shifting as vendors now have the ability to supercharge all of their offerings; giving them an avenue to potentially find new profits and to sell more destructive DDoS cannons.

Though the botnet at present is for sale, soon the prices may drop or even become free enabling a teenager sitting at home to bring down any major network down with few clicks. Things already have been set in motion, it only needs to be seen, when and where the next attack occurs.

Vishal Ingole, November 7,  2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, Marketing, News, Security, Technology | 2 Comments 

Multiple Vendors Form Alliance to Share Threat Intelligence

October 20, 2016

In order to tackle increasing instances of digital security threats, multiple intelligence threat vendors have formed an alliance that will share the intelligence gathered by each of them.

An article that appeared on Network World titled Recorded Future aligns with other threat intelligence vendors states that stated:

With the Omni Intelligence Partner Network, businesses that are customers of both Recorded Future and participating partners can import threat intelligence gathered by the partners and display it within Intelligence Cards that are one interface within Recorded Future’s platform

Apart from any intelligence, the consortium will also share IP addresses that may be origin point of any potential threat. Led by Recorded Future, the other members of the alliance include FireEye iSIGHTResilient Systems and Palo Alto Networks

We had earlier suggested about formation inter-governmental alliance that could be utilized for sharing incident reporting in a seamless manner. The premise was:

Intelligence gathered from unstructured data on the Internet such as security blogs that might shed light on threats that haven’t been caught yet in structured-data feeds

Advent of Internet of Things (IoT) will exacerbate the problems for the connected world. Will Omni Intelligence Partner Network succeed in preempting those threats?

Vishal IngoleOctober 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Written by Stephen E. Arnold · Filed Under Dark Web, Data, News, Security | Comments Off on Multiple Vendors Form Alliance to Share Threat Intelligence 

What Lurks in the Dark Web?

October 20, 2016

Organizations concerned about cyber security can effectively thwart any threats conditionally they know a threat is lurking in the dark. An Israeli SaaS-based startup claims it can bridge this gap by offering real-time analysis of data on Dark Web.

TechCrunch in an article Sixgill claims to crawl the Dark Web to detect future cybercrime says:

Sixgill has developed proprietary algorithms and tech to connect the Dark Web’s dots by analyzing so-called “big data” to create profiles and patterns of Dark Web users and their hidden social networks. It’s via the automatic crunching of this data that the company claims to be able to identify and track potential hackers who may be planning malicious and illegal activity.

By analyzing the data, Sixgill claims that it can identify illegal marketplaces, data leaks and also physical attacks on organizations using its proprietary algorithms. However, there are multiple loopholes in this type of setup.

First, some Dark Web actors can easily insert red herrings across the communication channels to divert attention from real threats. Second, the Dark Web was created by individuals who wished to keep their communications cloaked. Mining data, crunching it through algorithms would not be sufficient enough to keep organizations safe. Moreover, AI can only process data that has been mined by algorithms, which is many cases can be false. TOR is undergoing changes to increase the safeguards in place for its users. What’s beginning is a Dark Web arms race. A pattern of compromise will be followed by hardening. Then compromise will occur and the Hegelian cycle repeats.

Vishal Ingole, October 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under AI, Big data, Dark Web, News, Security, Social Media | Comments Off on What Lurks in the Dark Web? 

Labor Shortage of Cyber Security Professionals

October 13, 2016

It’s no surprise that hackers may be any age, but that teenagers could cause 60 million pounds worth of damage to a corporation is newsworthy, regardless of age. The Telegraph published an article, From GCHQ to Google: the battle to outpace hackers in the cyber race, reporting on this. A 15-year-old boy hacked the TalkTalk computer network stole personal data, including financial information, of 157,000 customers. This comes at a time when the UK government announced plans to invest £1.9 billion in cyber security over the next five years. We also learned,

No amount of money will help overcome one of the greatest difficulties in the security industry though: the lack of skilled people. By 2019 there will be a global shortfall of 1.5 million security professionals, according to ISC Squared, a security certification and industry education body. And the numbers could in fact be significantly higher, given that there are already more than 1 million cybersecurity positions unfilled worldwide, according to a 2015 Cisco report. Heading up the government’s move to train more cyber defenders is spook agency GCHQ, which sponsors academic bursaries, runs summer camps and training days, holds competitions and has created a cyber excellence accreditation for top universities and masters programmes. The intention is to spot talent in children and nurture them through their education, with the end goal being a career in the industry.

The problem of for any rocketing industry ready to blast off always seems to boil down to people. We have seen it with big data in all of it’s forms from electronic medical records to business analytics to cyber security. It seems industry is most fertile when people and technology work best stride-by-stride.

Megan Feil, October 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Analytics, Google, News, Technology | Comments Off on Labor Shortage of Cyber Security Professionals 

Tech Savvy Users Turn to DuckDuckGo

May 18, 2016

A recent report from SimilarWeb tells us what sorts of people turn to Internet search engine DuckDuckGo, which protects users’ privacy, over a more prominent engine, Microsoft’s Bing. The Search Engine Journal summarizes the results in, “New Research Reveals Who is Using DuckDuckGo and Why.”

The study drew its conclusions by looking at the top five destinations of DuckDuckGo users: Whitehatsec.com, Github.com, NYtimes.com,  4chan.org, and  YCombinator.com. Note that four of these five sites have pretty specific audiences, and compare them to the top five, more widely used, sites accessed through Bing: MSN.com, Amazon.com, Reddit.com, Google.com, and Baidu.com.

Writer Matt Southern observes:

“DuckDuckGo users also like to engage with their search engine of choice for longer periods of time — averaging 9.38 minutes spent on DuckDuckGo vs. Bing.

“Despite its growth over the past year, DuckDuckGo faces a considerable challenge when it comes to getting found by new users. Data shows the people using DuckDuckGo are those who already know about the search engine, with 93% of its traffic coming from direct visits. Only 1.5% of its traffic comes from organic search.

“Roy Hinkis of SimilarWeb concludes by saying the loyal users of DuckDuckGo are those who love tech, and they use they use DuckDuckGo as an alternative because they’re concerned about having their privacy protected while they search online.”

Though Southern agrees DuckDuckGo needs to do some targeted marketing, he notes traffic to the site has been rising by 22% per year.  It is telling that the privacy-protecting engine is most popular among those who understand the technology.

 

Cynthia Murrell, May 18, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Bing, Data, Google, News, Privacy, Search | Comments Off on Tech Savvy Users Turn to DuckDuckGo 

Anonymous Hacks Turkish Cops

May 16, 2016

Anonymous has struck again, this time hacking  the Turkish General Directorate of Security (EGM) in its crusade against corruption. The International Business Times reports, “Anonymous: Hacker Unleashes 17.8 GB Trove of Data from a Turkish National Police Server.” It is believed that the hacker responsible is ROR[RG], who was also deemed responsible for last year’s Adult Friend Finder breach.  The MySQL-friendly files are now available for download at TheCthulhu website, which seems to be making a habit of posting hacked police data.

Why has Anonymous targeted Turkey? Reporter Jason Murdock writes:

“Anonymous has an established history with carrying out cyberattacks against Turkey. In 2015 the group, which is made up of a loose collection of hackers and hacktivists from across the globe, officially ‘declared war’ on the country. In a video statement, the collective accused Turkish President Recep Tayyip Erdo?an’s government of supporting the Islamic State (Isis), also known as Daesh.

“’Turkey is supporting Daesh by buying oil from them, and hospitalising their fighters,’ said a masked spokesperson at the time. ‘We won’t accept that Erdogan, the leader of Turkey, will help Isis any longer. If you don’t stop supporting Isis, we will continue attacking your internet […] stop this insanity now Turkey. Your fate is in your own hands.’”

We wonder how Turkey will respond to this breach, and what nuggets of troublesome information will be revealed. We are also curious to see what Anonymous does next; stay tuned.

 

Cynthia Murrell, May 16, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

 

Written by Stephen E. Arnold · Filed Under Data, News, Security, Technology | 1 Comment 

Venture Dollars Point to Growing Demand for Cyber Security

April 4, 2016

A UK cyber security startup has caught our attention — along with that of venture capitalists. The article Digital Shadows Gets $14M To Keep Growing Its Digital Risk Scanning Service from Tech Crunch reports Digital Shadows received $14 million in Series B funding. This Software as a service (SaaS) is geared toward enterprises with more than 1,000 employees with a concern for monitoring risk and vulnerabilities by monitoring online activity related to the enterprise. The article describes Digital Shadows’ SearchLight which was initially launched in May 2014,

“Digital Shadows’ flagship product, SearchLight, is a continuous real-time scan of more than 100 million data sources online and on the deep and dark web — cross-referencing customer specific data with the monitored sources to flag up instances where data might have inadvertently been posted online, for instance, or where a data breach or other unwanted disclosure might be occurring. The service also monitors any threat-related chatter about the company, such as potential hackers discussing specific attack vectors. It calls the service it offers “cyber situational awareness”.”

Think oversight in regards to employees breaching sensitive data on the Dark Web, for example, a bank employee selling client data through Tor. How will this startup fare? Time will tell, but we will be watching them, along with other vendors offering similar services.

 

Megan Feil, April 4, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Written by Stephen E. Arnold · Filed Under Data, Management, News, Search, Security, Technology | Comments Off on Venture Dollars Point to Growing Demand for Cyber Security 

Next Page »

  • Archives

  • Recent Posts

  • Meta