A fresh report from the IT company Red Canary reports on. A new virus that steals data from cryptocurrency wallets. Cybercriminals distribute it under the guise of an activator for Windows.
According to network security researchers. The infected KMS Pico utility contains an executable file that. If it gets on a computer, unpacks on its own and steals data from known crypto wallets. Also, the virus is capable of intercepting confidential information from
browsers. Experts note that users of pirated copies of Windows. Who use various activators to bypass the activation process, are at risk? It is also noted. That the virus uses a sophisticated masking algorithm from detection.
2022 is Set to be a Huge Battle to Safeguard Information
The cyber security industry will be on the move from ransom ware threats to misinformation about elections to scams targeting consumers.
Security threats are expected to grow in 2022 as cybercriminals improve their tried-and-true ransom ware techniques and seek to exploit the technology’s vulnerabilities that connect with the web. US elections also provide an ideal opportunity for spreading fake news.
The prospect of a surge in hacks, attacks, and data theft follows the massive increase in ransom ware attacks – taking over inaccessible computers until the ransom is paid – which impacted people’s lives in 2021. Cyber-attacks that stopped the oil transportation company Colonial Pipeline and Meatpacking Company JBS USA contributed to temporary increases in gas prices and shortages of meat in some parts of the US.
The November discovery of the Log4j vulnerability, which is a serious flaw in software for logging widely used on the internet, gave an insight into the supply chain for software vulnerabilities that had already taken the brunt of this year’s Solar Winds attack. Security experts warn that hackers are likely to be looking for ways to make use of Log4j and other vulnerabilities in the interconnected systems that we depend on.
The feared attacks are set against the background of a never-ending virus that can cause additional problems. With many working at home, hackers exploit remote connections to penetrate corporate networks. Certain scammers take on everyday people who are spending increasing amounts of time on the computer screen to steal bank information, passwords for personal accounts, and other information that could be used to attack accounts.
Andrew Useckas, chief technology officer and co-founder of cyber security firm Threat X, believes that a large part of the issue is that businesses aren’t aware of the extent of the issue due to the amount of data stored on corporate networks.
Many companies don’t know how vulnerable they are,” Useckas said.
A large number of cybercrimes, both large and small, aren’t reported, and it isn’t easy to keep track of all data. However, experts claim that some key indicators have increased in the last year, raising alarms.
Notably, the number of data breaches disclosed in the first three months of the year 2021 were more than the number reported in the entire year 2020, According to identity Theft Resource Center. Ransom ware-related suspicious payments reported from banks and other establishments were $590 million at the beginning of the year in October, according to a report from the Department of the Treasury. The number easily beat the $416 million of suspicious payments reported for the entire year of 2020.
The administration of President Joe Biden has taken action to limit ransomware and other cyber-attacks. It is reported that the White House recently held a worldwide online event against ransom ware and promised to impose sanctions on crypto exchanges and financial institutions that support ransom ware.
In the aftermath of the Log4j incident, Log4j’s security has been questioned by the White House plans to hold a gathering of executives from software companies in the coming months to discuss ways to increase software security.
Congressional elections during November could create changes to security priorities should the balance of power between both the House and Senate change. Elections will pose their security threats, and experts warn that an inundation of false information will flood social media as November. Eight approaches.
Cyber-attacks Continue to Come. However, is the Government Ready to be Able to Take Action?
Ransom ware-related attacks that only affect the back office of corporations often remain unnoticed by the general public. However, when hackers shut down businesses that consumers depend on the most, everyone is aware.
The Treasury Department said in September that it would begin sanctioning cryptocurrency exchanges and other organizations that facilitate ransomware payment. The reasoning behind this decision is to take action against illicit activity in the crypto market, which is the preferred currency for ransomware payment because it is largely undetectable and will deter ransomware hackers.
In the meantime, politicians in the US and other nations began making legislation that would require businesses to report any ransomware or other cyberattack that occurs. A lot of ransomware attacks are not reported. It is difficult for law enforcement agencies to keep track of the number of attacks occurring, which targets are being targeted, and the amount of money going to cybercriminals.
If the threats and demands for more are not stopped, the need for politicians to introduce legislation to prove they are fighting the problem, said Tony Anscombe, the chief security advocate at antivirus firm ESET. This legislation could be expanded to prohibit ransomware-related payments.
“This could then become a race around the world to enact legislation as cybercriminals will target those territories where paying is still permitted,” Anscombe stated.
Concerns about the Supply Chain
A vulnerability in Log4j, the most widely-used Java library that records errors in networks, has highlighted how dependent all government agencies and even the consumer-oriented internet of things are on freely downloaded software integrated into a myriad of other software applications.
The simplest exploit, which lets attackers take control of computers connected to the internet that run that software, is a prime instance of a vulnerability in the supply chain of software. It is often difficult to determine the exact devices operating the program. Like cars, the software is dependent on the supply chain. Engineers design software using prefabricated components typically composed of smaller components.
When a piece of software is done, it could be difficult to identify the individual components and the source they were sourced from.
Justin Cappos, an associate professor at the New York University’s Tandon School of Engineering, states that the present structure of the supply chain for software isn’t fully transparent since many applications rely on open-source code. Even if you purchase software from a large company, the source code that might be used to create it is not clear.
A vulnerability in Log4j, the most widely-used Java library that records errors in network applications, has highlighted how dependent every aspect of government to the internet for consumers of things is on freely utilized software integrated into a myriad of other software applications.
The simplest exploit, which allows attackers to gain control of computers connected to the internet that run this software a prime illustration of vulnerabilities in the supply chain for software. Sometimes, it is unclear the exact devices using the application. Like cars, the software is dependent on the supply chain. Engineers design software using prefabricated components, typically comprised of smaller parts.
After a piece is done, it could be not easy to pinpoint the individual components after a piece is done and from where they all were sourced.
Justin Cappos, an associate professor at the New York University’s Tandon School of Engineering, believes that the current structure of the supply chain for software isn’t clear because a lot of software products are built on open-source code. Even if you purchase software from a big company, it’s not clear the source code that could have been involved in its development.
The Spread of Misinformation increases ahead of Midterm Elections.
Misinformation is already a problem and will become more prevalent by 2022. False information, or misinformation that is spread, regardless of whether it’s designed to mislead, could be in various forms.
Conspiracy theories about vaccinations, global plots, and the election’s saga have already inundated social media. Facebook and Twitter, as well as others, have attempted to understand the issue, but they’re not able to keep up with the never-ending game of Whack-a-mole. Fact-checkers from the media and other organizations have also attempted to block the stream of misinformation. There is no doubt that more misinformation is in the pipeline.
Advanced deep fakes, manipulated videos or audio recordings that alter reality to appear to be saying something that they weren’t is becoming more affordable and simpler to utilize. Although they’ve not been extensively used, other than for demonstrations, their presence alone may be enough to cause people to be skeptical of what they see online.
The problem is that, as the US gets more divided, the public is more inclined to trust information that is in line with their views on the world regardless of the information’s quality. The news media has become fragmented, and they sometimes ignore stories that don’t align with a plan, according to Cappos.
This could cause a fracture in the already divided America and further undermine trust in the federal government and democratic institutions ahead of the midterm elections.
“People believe all kinds of weird stuff that they want to believe,” Cappos declared. “In a lot of cases, they won’t listen to fact-checkers.”
Russia, China and other US adversaries are pleased to see the political polarization even if they’re not behind the political campaigns. Anything that creates tension and gridlock, reduces the American democratic process, or undermines trust in the democratic process can be to their advantage.
Jon Clay, vice president of threat intelligence for cybersecurity firm Trend Micro, said he anticipates disinformation attacks from Russia and other countries to increase up before the election of November. It’s up to the public to discern the truth from fiction. “People are going to have to be very critical about information and where they get their information,” said the expert stated, adding that this is going to be a challenge considering how quickly information is spread through social media, regardless of its reliability
The Scams are Getting More Frightening, so go Mobile.
COVID has forever altered our work habits. Even in the unlikely event that the virus can be controlled this year, many are likely to work from home for at least a portion or all of the time.
Cybercriminals are working as well. They’ll be looking for methods to exploit the internet connections and the devices workers utilize to dial in the remote.
COVID has forever changed how we work. Even in the unlikely scenario that the disease can be controlled this year, many people will continue to work from home for at least a portion during the day.
Cybercriminals are working as well. They’ll be looking for methods to exploit the devices and connections that employees use to connect from a distance.
The Girl Sent the Smartphone for Repair Under Warranty & She was Hacked in Search of “Nudity”
Blogger and designer Jane McGonigal said on Twitter. That Google hacked her Pixel to gain access to candid photos. She discovered the breach by receiving many securities email alerts. Jane shares that she sent her Google Pixel 5a in the mail for repair. The company has partnered with FedEx and accepts devices for service. According to the tracking, the smartphone arrived at a service center in Texas a few weeks ago. After a while, Jane began to receive email notifications. They said that someone using her smartphone had reset. Their passwords and logged into her Google and Dropbox accounts. The girl says that according to the activity logs of the accounts. She saw what exactly they were looking for in her cloud storages. According to her, unknown persons “rummaged” in photo albums in particular. They looked through her pictures in a swimsuit, tight sportswear and dresses. As well as postoperative photos with seams. Notifications about actions in the account were “cleaned up” by them. Most likely, the burglars were looking for a photo with “nudity”, but, Jane did not have such photos. Jane McGonigal @avantgame
McGonigal tried to clean her Pixel 5a using Google’s Find My Device feature, but failed. The girl turned to her followers on Twitter. Asked to inform her about similar cases to file a class action lawsuit. By the way, at least one similar case has already found. A Reddit user sent his wife’s Pixel smartphone to the same service center in Texas. After which he discovered that their candid photos appeared on social networks. Also, an attempt made to steal money from the PayPal account. A Google spokesman has already reacted to the situation. He said that the company is investigating the incident. So recalled that Google recommends backing up your smartphone data. So, cleaning it before sending it for warranty service. It should note that, depending on the type of breakdown, it is far from always possible to do this.
Hacker Interview “Anyone Can Be Hacked”
How hackers choose the light or dark side, learn to hack into computer systems, and what the cybersecurity community thinks about hackers from Russia???
Hackers divided into “white” and “black”. The former check IT systems, and the latter break into them to steal information. Paula Yanushkevich. Who created her own information security company CQURE? He told us about the life of a “white” hacker.
How do you live? Come to the office every day and work until the evening? Or can you choose the time and place to work?
I would like to choose a place to work, but I cannot. Possible, but my role in the company requires a presence on the customer premises. Thus, I am always on trips, visiting different countries. To conduct an internal penetration test, you have to visit customers. External can carried out even on the beach.
How do you conduct pentests? A test of the security of IT systems from unauthorized intrusions? Are you picking the right time for a cyber-attack? Or you can test companies anytime, anywhere, and testing is a technical matter?
In the end, it all comes down to technique, but there are nuances. For example, if a client does not work at night, it is best to test at that time. When we do [daytime] penetration tests for US companies, we can work all night while in Europe, and that’s okay. But, as a rule, we prefer a normal working day – it’s easier and everyone is happy. We don’t like working all night, but it happens.
We often test a copy of a website or service. For example, recently we did a penetration test of custom applications for one bank. I had to work with a copy of the system because there was a lot of traffic on the site. And if problems arise during the test, this will affect the image of the bank.
Do you have Customers asking to do Real Pentests in Real time?
Yes of course. Sometimes we do this on a regular business day. They warned about this, they are “in standby mode”. If something happens, they are immediately in touch, they expect a call from us to deal with the situation. Once, while testing in real time. We “dropped” the site because the service could not cope with so many requests. , it was one of the companies cooperating with Russian oil companies. This shocked the customer; they spent the whole day figuring out how this could happen. Anything can happen, but we do not have a goal to “break” the site, our task is to show weak points for an attack
Anyway, do you Need to Run Both Tests, Internal and External?
Depends on the circumstances. Some customers do not want to do a penetration test from within the company. No, no, because when you do this, you can hack us.” And: “My God, why then do a penetration test?” In such cases, we only do an external test. , this is correct: why not do an internal test if we do an external one? We try to explain, but…
How to Become a Hacker
Did you start out as a hacker or have you always been an information security (IS) engineer? What is the correct name for your area?
Did I do something illegal? Yes, but was it an offense if no one knew about it? Or there was nothing like that at all.
When did you become Interested in this Profession?
I’ve always worked in the security industry. I plunged into technology. Responsible for the security of the school network. Then I was 17, I didn’t know much about it, but I wanted to do information security. I was looking for my way. You see, at the age of 17 it is difficult to understand what is worth doing and what is not. There is only what you want to do: this is cool, I want to do it. But whether this is good for the future – I did not know.
We do not know What will Happen to us Tomorrow?
What was the first operating system you hacked? OK, tested for Vulnerability.
There were two of them – Windows and Linux.
“Windows was the first system I hacked.” A good title would be…?
At the time, Windows and Linux used different security systems. It was the time of “NT4.0” (Windows operating system released in 1996. Then everyone knew that if a certain parameter was not changed, the computer would hack. Finding vulnerabilities was easier. Now hacker attacks have taught us how to defend ourselves, so we are now in a somewhat better position.
Which OS is better and safer: Windows, Mac OS, and Linux?
In the end, what matters is what the systems mean to the business. The most used operating system is Windows, we all know that. Ransom ware exists for Mac and Linux too. They enter the system in a different way. There is also a difference in the availability of solutions. The question is, are there companies and how many of them that can secure your system. It is not necessary to pose a real threat to information security. But checking the security infrastructure will improve this security. The risk of penetration into your systems.
What can you say about the level of security of B2B systems in the world? Are they ready for cyber-attacks?
Every time we make a penetration test, we penetrate the system. Let me put it this way. You can hack anyone, every time we manage to hack them.
And this is not surprising. Because there are many things that no one told them about. There is no acceptable training for security professionals. Of course, there are some courses, trainings. So on, but even if you pay for a university or study for free. Somehow still study, there is no direct road to cyber security. Plus, not everyone can afford to study, but how can you become a good security professional if you can’t pay for it?
But no one will give you education for free, because this is very specific knowledge. This is such a natural niche. The Financial Times predicts that by 2019. There will be a need for 6 million information security specialists in the world. But with the current pace of development, about 4-5 million will be available on the market. So, for the guys who will be on the market, the situation is wonderful. Everyone needs them. And they will need even more, but this is, of course, an unhealthy market. There is a problem of training security specialists.
Is a cyber-security Engineer a Profession of the future?
Then what is the best way to get it if the universities are not preparing for it Online courses?
There are many free resources, but systematic knowledge is preferable, of course. There are many different courses on the internet. They are inexpensive. You can buy such a course and systematize your knowledge. But the problem with these courses is that they teach more about hacking techniques. And these are the so-called “cheap hacking techniques.” And besides, they train in not very realistic environments. The best way is to train specialists on your own. And this, for example, is what our team is doing.
We do this because we have a shortage of employees. More and more projects appear, and we postpone them, postpone, because there is no time. We hire people with a good approach to work. This is enough to get amazing results. Everything else will follow. We test them in different directions send them to our engineers. Often take them to our master classes, and then conduct tests again. They must develop. These students have the opportunity to travel. Or, for example. When we run a five-day workshop. A new employee may become a participant.
A good option for young people is to get a job in a company like ours. But in the realm of security. You need to make serious investments to provide a fantastic service later. Thus, the payment may look different, but it should be. We train on a contract basis, with a guarantee fee. Later, the money for training will returned to you. But you will have the opportunity to work in a good team for 2-3 years. Undergo trainings, receive useful tools, knowledge, and see real environments. So, if possible, help the team. At the same time, we take a deposit for training. And this is the only possible option,
We cannot invest in an employee so that later he or she says, “Okay, thanks, goodbye.” To keep a person in the company, educate them, help them develop valuable skills, and have them stay. But this I my opinion.
How many People Currently Work for Your Company?
It depends on how you count. We have 20 people on the staff. And 36 contractors. But contractors work with us for several weeks every month. So this is almost a full-time job.
How many young employees?
About 30 – about half. We train these people because some of them have no experience at all.
Do you hire them Right after university?
Yes. And this is awful. Because until a certain point it is not clear who you are dealing with. Everything looks good, and then … Our younger generation has a terrible reputation, and we are not very happy with it. So, we select only those who fit into the team. We were wrong twice.
Do you have employees from Russia?
Not yet. But we are opening new markets now, because we see a prospect in this. So, who knows, we will have someone from Russia.
We hear about cyber-attacks involving Russian hackers almost every day. The Russians allegedly attacked Trump, Yahoo, Sony, no, sorry, North Korea. So found vulnerabilities in Sony’s infrastructure. Are Russian hackers that smart and so in demand as outsourcers? Or is it clichés and misconceptions of the media?
No, it is. You have a high level of knowledge in this area. Many hackers indeed from Russia. But this is my opinion. That this facilitated by. The difficulties in finding employment for people living in remote cities. It is easier for them to find remote work than office work: you can be a developer, or you can be a pentester. This position allows you to work from anywhere, because security is important to many. If you have the opportunity to study at the company’s office. So want to work as a consultant. You will have to travel to Moscow, Krasnodar, St. Petersburg & other cities. Where the customer companies located. But if you live elsewhere. This [working as a developer or penetration tester] will be a great opportunity.
This is the situation in many countries. For example, in Romania. There is a rather remote city of Cluj – this is the place of developers and security specialists. There is something similar in our country. My God! It is fantastic. You can work from anywhere in the world. In general, according to statistics people from Russia. They have a very high level of intelligence and analytical thinking. Russians are great fellows.
“Black” hackers – good fellows?
Both “black” and “white”. The question is, if you qualified, you can make more money. And then ethical issues are of great importance. These two factors determine the choice. If a person sees potential income & does not have problems with ethical principles. Then he has two ways.
You are the owner of the company. Why did you become a Microsoft MVP member? Does this impose any obligations on you? What are the benefits?
I have participated in various community projects from sending out presentations. So, research on the results of conferences to various master classes & organizing events. For example, I organized Woman in Technology Park, now I don’t have time for that. Then it turned into speaking at conferences and preparing articles for blogs. This can do.
Thanks to MVP status awarded to outstanding IT professionals. Who make intellectual contributions to the development of technical communities? So, participation in security programs, I have access to the source code of Windows. It’s not about 100% of the code, of course. I have received it since Windows XP released, that is, about 8 or 9 years ago. This gives my company a little more advantage. Because we can always test our hypotheses. While it is more difficult for other specialists to do this. This is the nicest thing.
Imagine that all security problems will be solved. What are you going to do?
I’ll be lying on the beach. But – an interesting question. What will be my second profession? Most likely, I will continue to work in IT. But, if all problems in IT solved, I will move on to mathematics, because it is an analytical and rigorous science. Most likely, I will sell something somewhere. So, deal with transactions, because I like math. Somewhere on Wall Street.