Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! You’re woken up at 3 am, only to discover your worst nightmare. The new intern just deleted the production database during routine maintenance by accident. You quickly restore from a backup. During the … Continue reading “Who dropped the DB? Find out with Teleport Database Access”
Daily Archives: February 7, 2022
Twitter blackout for Vodafone customers
Vodafone customers in the UK are spitting tacks after an “issue” has left them unable to use Twitter properly for days, after the display of images and movie files, and – in some cases – the entire website, was blocked.
Argo CD flaw puts cloud infrastructure at risk
A high-risk vulnerability that could allow attackers to steal sensitive information secrets from software projects was found and fixed in Argo CD, a widely used continuous delivery platform for applications deployed via Kubernetes.
According to researchers from cloud application security Apiiro, who found and reported the vulnerability, attackers could feed a maliciously crafted Kubernetes application deployment configuration file to Argo that can expose files, environment settings and secret tokens from the central repository server. This could potentially lead to privilege escalation and further lateral movement into the organization’s cloud infrastructure.
Savvy cryptomining malware campaign targets Asian cloud service providers
Asian cloud service providers have been targeted by a sophisticated malware campaign designed to steal computing power for mining cryptocurrency. The attack techniques deployed by the CoinStomp malware include timestomping (modification of a file’s timestamp), removal of system cryptographic policies, and use of a reverse shell to initiate command and control communications with the malicious software.
“Timestomping has been used by the Rocke group in prior cryptojacking attacks,” Matt Muir, a researcher for Cado Security, wrote at the company’s website. “However, it’s not a technique commonly seen in the wild. Generally, this technique is employed as an anti-forensics measure to confuse investigators and foil remediation efforts.”
Information systems and cybersecurity: Connections in UX and beyond
Image source: Pexels
This blog was written by an independent guest blogger.
Information systems and cybersecurity go hand in hand. Understanding the relationship between the two is paramount for enterprises to optimize the user experience (UX).
How information systems transform enterprises
Enterprises use information systems to organize, process, analyze, and disseminate data. In doing so, enterprises can transform information into insights. Then, they can leverage these insights to find ways to become more productive and efficient than ever before.
Information systems can deliver immense value to enterprises. As such, hackers frequently target these systems. This can lead to revenue losses, brand reputation damage, and compliance penalties. It can also result in UX issues.
Accuracy and agility drive information systems management
When it comes to information systems management, enterprises must balance accuracy and agility. But doing so can be difficult.
Enterprise data must be consistent across information systems. Otherwise, data can become suspect and of little value. Thus, enterprises need processes to verify data accuracy.
Furthermore, data must be both secure and accessible to authorized users. Safeguards can protect against unauthorized access to information systems. Yet they can force enterprise users to commit significant time, energy, and resources to access data.
Discover how cybercriminals target information systems
Enterprises must account for a wide range of information systems threats, including:
Privilege Escalation: Occurs when a cybercriminal exploits a system vulnerability to illegally access data and/or perform actions.
Virus: Refers to any computer program used to alter system files.
Trojan: Lets a hacker remotely access a system.
Cybercriminals will attack information systems repeatedly, without notice, and until they are successful — and enterprises must plan accordingly. That way, enterprises can protect their information systems against current and emerging cyber threats.
Why sustainable UX design is key
A sustainable UX design offers many benefits relative to information systems management. First, the design ensures data is easily discoverable. It limits load times, so users won’t have to wait long to access the information they need when they need it. At the same time, the design helps an enterprise limit its carbon footprint. The design thereby provides cost savings. Also, the design highlights an enterprise’s commitment to sustainability. As such, it helps an enterprise build goodwill with consumers and can lead to sales and revenue growth.
Developing and launching a sustainable UX design for information systems requires research. Designers must consider the current environmental impact of the existing UX, along with ways to minimize data use. Moreover, designers must account for cybersecurity.
Build security into information systems management
UX design for information systems can be sustainable and secure. However, planning for a sustainable and secure UX design requires attention to detail. And an enterprise must look beyond the design itself to ensure cybersecurity is incorporated into all aspects of information systems management.
The development and implementation of policies surrounding information systems management are critical. Enterprises must consider physical threats and other data security dangers. From here, they can create policies to secure their information systems. They can also fine-tune associated processes, so users can manage them with speed and precision.
Offer information systems management training
Education plays a vital role in information systems management. Teaching users about ransomware, malware, and other cyber threats can help an enterprise guard against cyberattacks. It empowers users with insights they can use to identify such attacks and respond to them accordingly.
Enterprises can leverage training sessions and tabletop exercises to teach users about information systems security. They can offer regular tutorials throughout the year to keep users up to date about new cyber threats. And they can provide staff with opportunities to earn an information systems management degree as well.
Additionally, enterprises can update their information systems policies, processes, and training programs in conjunction with one another. This ensures consistency across all areas of information systems management.
Perform ongoing information systems analysis
Enterprises must seek out ways to enhance their information systems. Audits can be conducted periodically to learn about information systems security issues that disrupt the UX.
With audits, enterprises understand their information systems’ strengths and weaknesses. They can then produce reports that deliver insights into information systems security. These insights can provide the basis for information systems upgrades.
Explore ways to get the most value out of information systems
Information systems management and optimization is a continuous process. Enterprises must consider the functionality of their information systems and ensure it meets the needs of their stakeholders. Meanwhile, they must balance security and UX, to the point where users can leverage the systems without putting enterprises or their data at risk.
There is no one-size-fits-all approach to ensure an enterprise can maximize the value of its information systems. By evaluating security and UX in combination with each other, an enterprise is well-equipped to streamline information systems management. This enterprise can ensure users can safely and seamlessly access data. It can be persistent in its efforts to constantly improve its information systems and the way they are managed, too.
Make information systems management a priority. Work diligently to incorporate security into UX design, and vice versa. This empowers an enterprise to get the most value out of its information systems, now and in the future.
UK Adds New Offenses to Online Safety Bill
UK Adds New Offenses to Online Safety Bill
The UK government has unveiled plans to strengthen its Online Safety Bill, which includes the creation of new criminal offenses.
The legislation, first drafted in May 2021, will place new obligations on social media sites and other services hosting user-generated content or allowing people to talk to others online to remove and limit the spread of illegal and harmful content. This includes child sexual abuse, terrorist material and suicide content.
The UK’s communications regulator, Ofcom, will be responsible for holding these firms to account, with the power to fine those failing to meet their duty of care up to £18m or 10% of annual global turnover, whichever is higher.
Digital Secretary Nadine Dorries has now announced that three new offenses relating to abusive and offensive online communications will be included in the bill. This followed a review by the Law Commission, which concluded that current laws in this area have not kept pace with the rise of smartphones and social media. The new offenses are:
A ‘genuinely threatening’ communications offense, where communications are sent or posted to convey a threat of serious harm. This will combat online threats to rape, kill and inflict physical violence or cause people serious financial harm. This is particularly designed to protect public figures such as MPs, celebrities or footballers.
A harm-based communications offense to capture communications sent to cause harm without a reasonable excuse. This offense will be based on the intended psychological harm towards the victim by considering the context in which the communication was sent. It is hoped this will better tackle abusive messages towards women and girls, which may not seem obviously harmful when considered on their own. It is also designed to avoid criminalizing communications sent with no intention to cause harm, such as consensual messages between adults.
An offense for when a person sends a communication they know to be false with the intention to cause non-trivial emotional, psychological or physical harm. This will cover false communications deliberately sent to inflict harm, such as hoax bomb threats, instead of misinformation where people are unaware that what they are sending is false or genuinely believe it to be true.
These offenses will carry different maximum sentences, including up to five years in prison for threatening communications.
Professor Penney Lewis, Commissioner for Criminal Law, explained: “The criminal law should target those who specifically intend to cause harm while allowing people to share contested and controversial ideas in good faith. Our recommendations create a more nuanced set of criminal offenses, which better protect victims of genuinely harmful communications as well as better protecting freedom of expression.
“I am delighted that the government has accepted these recommended offenses.”
In addition, new obligations will be placed on social media companies to remove the most harmful illegal content and criminal activity on their sites more quickly. These priority offenses include revenge porn, hate crime, fraud, the sale of illegal drugs or weapons, the promotion or facilitation of suicide, people smuggling and sexual exploitation. Terrorism and child sexual abuse were already categorized in this way. For these types of content, social media sites must take proactive action to prevent them from being viewed by users. This is instead of taking down content in response to user reports.
Dorries commented: “This government said it would legislate to make the UK the safest place in the world to be online while enshrining free speech, and that’s exactly what we are going to do. Our world-leading bill will protect children from online abuse and harms, protecting the most vulnerable from accessing harmful content and ensuring there is no safe space for terrorists to hide online.
“We are listening to MPs, charities and campaigners who have wanted us to strengthen the legislation, and today’s changes mean we will be able to bring the full weight of the law against those who use the internet as a weapon to ruin people’s lives and do so quicker and more effectively.”
European Police Flag 500+ Pieces of Terrorist Content
European Police Flag 500+ Pieces of Terrorist Content
European police have found and referred 563 pieces of terrorist content to service providers in the region, as a UK man was jailed for sharing a bomb-making manual online.
The Referral Action Day took place last week at Europol’s headquarters. The EU’s Internet Referral Unit (EU IRU) coordinated the referral activity with specialized counter-terrorism units from France, Germany, Hungary, Italy, the Netherlands, Portugal, Spain, Switzerland and the UK.
In particular, they were looking for content on “explosive chemical precursors” being shared online by terrorist-supporting networks, including jihadists. This refers to content such as bomb-making tutorials and information on carrying out terrorist attacks.
The content found on 106 websites and platforms will now be assessed by the relevant online service providers against their terms and conditions.
Last November, over 20 websites in Germany and the UK were suspended by service providers for disseminating online terrorist propaganda – fewer than half the number of sites originally flagged by police.
However, a new EU regulation will soon give the authorities the power to demand the removal of online terrorist content.
The news comes after a 19-year-old UK man was sentenced to 42 months in jail for sharing a bomb-making manual on social media.
Connor Burke, from southeast London, pleaded guilty at Woolwich Crown Court to disseminating a terrorist publication that contained information on how to create improvised explosive devices (IEDs).
He also pleaded guilty to four counts of possession of a document “likely to be useful” to a would-be terrorist.
“Burke had an unhealthy interest in extreme right-wing terrorist ideology, and this led to him sharing extremely dangerous material with others online,” argued Richard Smith, head of the Metropolitan Police’s Counter Terrorism Command.
“Increasingly, we’re seeing young people being drawn into extremist ideologies, some of whom – like Burke – then go on to commit serious terrorism offenses.
Swissport Ransomware Attack Delayed Flights
Swissport Ransomware Attack Delayed Flights
Airport services giant Swissport is restoring its IT systems after a ransomware attack struck late last week, delaying flights.
The Zurich-headquartered firm operates everything from check-in gates and airport security to baggage handling, aircraft fuelling and de-icing and lounge hospitality. It claims to have provided ground services to 97 million passengers last year and handled over five million tons of air freight.
Swissport took to Twitter on Friday to warn its IT infrastructure had been hit by ransomware and apologize for any impact on service delivery.
However, a day later, the firm appeared to have things back under control.
“IT security incident at #Swissport contained,” it tweeted. “Affected infrastructure swiftly taken offline. Manual workarounds or fallback systems secured operation at all times. Full system clean-up and restoration now under way. We apologize for any inconvenience.”
It’s unclear exactly how severely the outage impacted its many clients around the globe. However, one report from German media revealed it led to temporary delays at Zurich airport.
“Due to system problems at our airport partner Swissport, 22 flights were delayed by three to 20 minutes yesterday,” a spokeswoman for the airport is quoted as saying.
The attackers are believed to have struck early in the morning of Thursday February 3. By Friday, there was no significant impact on operations at Zurich airport.
Backup procedures reportedly kicked in during the outage so that there was no impact on aircraft crews. However, a Swissport spokesperson reportedly admitted: “there may be delays in some cases.”
The news follows a series of attacks and disruptions at European ports and oil terminals over the past week, impacting fuel supply chains at a time of rising prices and heightened concern over the possible knock-on effect of Russia invading Ukraine.
“Whether the surge in attacks is related to current geopolitical events is unknown,” said Andy Norton, European cyber-risk officer at Armis.
“However, providers of critical services should immediately review the adequacy of their risk assessments, with emphasis on the criticality of ancillary IT systems that have increased connectivity, and the potential to impact OT and ICS production and service delivery.”
Social engineering: Definition, examples, and techniques
What is social engineering?
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data.
For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
[ Learn what makes these 6 social engineering techniques so effective. | Get the latest from CSO by signing up for our newsletters. ]
CISOs are burned out and falling behind
The CISO’s text was brief but telling: “I never want an operational role again,” it read, arriving on Jeff Pollard’s phone in December as security teams scrambled to deal with the latest headline-making threat, Log4j.
“He’s an effective CISO with a long tenure, but his mentality was ‘Here we go again.’ He was speaking to the herculean effort he knew he and his team would have to make. No one needed more of that. And it was sort of like, ‘I’m done,’” says Pollard, vice president and principal analyst with Forrester Research.
Most workers—most people, for that matter—have had that I’m done feeling at one time or another; studies today are finding, in fact, that many individuals are feeling overwhelmed and worn down by the pandemic and all the disruptions it has brought.