All posts by rocco

Black Hat, White Hat, Gray Hat, Script Kiddies – Who they are?

Read Time:2 Minute, 3 Second

The term hacker often takes on a negative connotation. 

In the past, we often focused on the distinction between a hacker, a person with deep security knowledge who explores technologies, systems and related vulnerabilities out of pure passion, and crackers, the “malicious” counterpart, who uses his knowledge to cause damage and steal data. a certain value (for example, credit cards). 

RFC1392 provides the following definitions:

   hacker

      A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where “cracker” would be the correct term.

 cracker

      A cracker is an individual who attempts to access computer system without authorization. These individuals are often malicious, as  opposed to hackers, and have many means at their disposal for  breaking into a system.

Unfortunately, media have never bothered to understand the distinction and, for the masses, there is no difference between crackers and hackers.

In our opinion, here is the correct terminology to be used in the security sector:

Black hats (Crackers)

Crackers, or black hats, have got extraordinary computing skills but they lack ethics. They may violate laws by committing malicious or destructive acts.

Script Kiddies

An unskilled cracker who compromises systems using tools, scripts and software developed by others.

White Hats (Ethical Hacker)

An individual who uses his hacking skill for defensive purposes. 

They analyse computer systems or networks to detect security issues and give recommendations for improvement to their owners.

A white hat will penetrate a system only with the authorisation and upon request of the infrastructure owner. 

Gray Hats

Gray hats use their skills both offensively and defensively. 

They often look for system vulnerabilities without the permission or knowledge of the owner. If they find a security issue, they may reveal it to the owner upon the payment of a small fee. Sometimes, their ultimate goal is to show their skills and create awareness about the intrinsic insecurity of the Internet.

It may be useful to know some additional terms. State-sponsored hackers are employed by the government to penetrate other government systems to damage or gain top-secret information. You have surely heard about Cyber Terrorists, individuals moved by political or religious beliefs to create fear among civilians and influence the policy of the targeted governments.

An Examination of the Bug Bounty Marketplace

Read Time:1 Minute, 2 Second

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary:

…researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. This report illuminates the risks and insecurities for hackers as gig workers, and how bounty programs rely on vulnerable workers to fix their vulnerable systems.

Ellis and Stevens’s research offers a historical overview of bounty programs and an analysis of contemporary bug bounty platforms — ­the new intermediaries that now structure the vast majority of bounty work. The report draws directly from interviews with hackers, who recount that bounty programs seem willing to integrate a diverse workforce in their practices, but only on terms that deny them the job security and access enjoyed by core security workforces. These inequities go far beyond the difference experienced by temporary and permanent employees at companies such as Google and Apple, contend the authors. The global bug bounty workforce is doing piecework — they are paid for each bug, and the conditions under which a bug is paid vary greatly from one company to the next.

Read More

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Read Time:4 Minute, 51 Second

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine.

The FSB headquarters at Lubyanka Square, Moscow. Image: Wikipedia.

The FSB said it arrested 14 REvil ransomware members, and searched more than two dozen addresses in Moscow, St. Petersburg, Leningrad and Lipetsk. As part of the raids, the FSB seized more than $600,000 US dollars, 426 million rubles (~$USD 5.5 million), 500,000 euros, and 20 “premium cars” purchased with funds obtained from cybercrime.

“The search activities were based on the appeal of the US authorities, who reported on the leader of the criminal community and his involvement in encroaching on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption,” the FSB said. “Representatives of the US competent authorities have been informed about the results of the operation.”

The FSB did not release the names of any of the individuals arrested, although a report from the Russian news agency TASS mentions two defendants: Roman Gennadyevich Muromsky, and Andrey Sergeevich Bessonov. Russian media outlet RIA Novosti released video footage from some of the raids:

REvil is widely thought to be a reincarnation of GandCrab, a Russian-language ransomware affiliate program that bragged of stealing more than $2 billion when it closed up shop in the summer of 2019. For roughly the next two years, REvil’s “Happy Blog” would churn out press releases naming and shaming dozens of new victims each week. A February 2021 analysis from researchers at IBM found the REvil gang earned more than $120 million in 2020 alone.

But all that changed last summer, when REvil associates working with another ransomware group — DarkSide — attacked Colonial Pipeline, causing fuel shortages and price spikes across the United States. Just months later, a multi-country law enforcement operation allowed investigators to hack into the REvil gang’s operations and force the group offline.

In November 2021, Europol announced it arrested seven REvil affliates who collectively made more than $230 million worth of ransom demands since 2019. At the same time, U.S. authorities unsealed two indictments against a pair of accused REvil cybercriminals, which referred to the men as “REvil Affiliate #22” and “REvil Affiliate #23.”

It is clear that U.S. authorities have known for some time the real names of REvil’s top captains and moneymakers. Last fall, President Biden told Putin that he expects Russia to act when the United States shares information on specific Russians involved in ransomware activity.

So why now? Russia has amassed approximately 100,000 troops along its southern border with Ukraine, and diplomatic efforts to defuse the situation have reportedly broken down. The Washington Post and other media outlets today report that the Biden administration has accused Moscow of sending saboteurs into Eastern Ukraine to stage an incident that could give Putin a pretext for ordering an invasion.

“The most interesting thing about these arrests is the timing,” said Kevin Breen, director of threat research at Immersive Labs. “For years, Russian Government policy on cybercriminals has been less than proactive to say the least. With Russia and the US currently at the diplomatic table, these arrests are likely part of a far wider, multi-layered, political negotiation.”

President Biden has warned that Russia can expect severe sanctions should it choose to invade Ukraine. But Putin in turn has said such sanctions could cause a complete break in diplomatic relations between the two countries.

Dmitri Alperovitch, co-founder of and former chief technology officer for the security firm CrowdStrike, called the REvil arrests in Russia “ransomware diplomacy.”

“This is Russian ransomware diplomacy,” Alperovitch said on Twitter. “It is a signal to the United States — if you don’t enact severe sanctions against us for invasion of Ukraine, we will continue to cooperate with you on ransomware investigations.”

The REvil arrests were announced as many government websites in Ukraine were defaced by hackers with an ominous message warning Ukrainians that their personal data was being uploaded to the Internet. “Be afraid and expect the worst,” the message warned.

Experts say there is good reason for Ukraine to be afraid. Ukraine has long been used as the testing grounds for Russian offensive hacking capabilities. State-backed Russian hackers have been blamed for the Dec. 23, 2015 cyberattack on Ukraine’s power grid that left 230,000 customers shivering in the dark.

The warning left behind on Ukrainian government websites that were defaced in the last 24 hours. The same statement is written in Ukrainian, Russian and Polish.

Russia also has been suspected of releasing NotPetya, a large-scale cyberattack initially aimed at Ukrainian businesses that ended up creating an extremely disruptive and expensive global malware outbreak.

Although there has been no clear attribution of these latest attacks to Russia, there is reason to suspect Russia’s hand, said David Salvo, deputy director of The Alliance for Securing Democracy.

“These are tried and true Russian tactics. Russia used cyber operations and information operations in the run-up to its invasion of Georgia in 2008. It has long waged massive cyberattacks against Ukrainian infrastructure, as well as information operations targeting Ukrainian soldiers and Ukrainian citizens. And it is completely unsurprising that it would use these tactics now when it is clear Moscow is looking for any pretext to invade Ukraine again and cast blame on the West in its typical cynical fashion.”

Read More

Friday Squid Blogging: The Evolution of Squid Eyes

Read Time:25 Second

New research:

The researchers from the FAS Center for Systems Biology discovered a network of genes important in squid eye development that are known to also play a crucial role in limb development across animals, including vertebrates and insects. The scientists say these genes have been repurposed in squid to make camera-lens-type eyes.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More

Upcoming Speaking Engagements

Read Time:30 Second

This is a current list of where and when I am scheduled to speak:

I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022.
I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022.
I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022.
I’m speaking at the RSA Conference 2022 in San Francisco, June 6-9, 2022.

The list is maintained on this page.

Read More

Today’s Trends: Consumers Prioritize Protection Over Convenience

Read Time:3 Minute, 38 Second

People have made it clear. They’re feeling more exposed to online threats and want stronger protection.

Our 2022 Trends Study puts figures to these feelings, saying that they believe the risks to their online privacy have increased over the past year. Moreover, 42% believe the risks to their personal and financial information have increased as well.

These findings come as more consumers shift their daily lives online, with greater use of internet banking, more investment in virtual assets, and a proliferation of online activities due to COVID-19. A lot more sensitive personal information is being stored and shared on the web, which is putting increased pressure on passwords and security measures.

As more sensitive personal information is being stored and shared on the web, people are showing a strong preference for increased security overall. For example, when asked to choose between connecting with others from anywhere to always being fully protected, the response was overwhelming in favor of strong protection (63%) over ease of connection (16%). The same sentiment extended to the workplace, where “work meetings that are guaranteed seamless” trailed significantly at 14% versus “meetings that are guaranteed secure” at (62%).

Curious as to what steps you can take to be safer online? A few tools along with a few good habits can go a long way toward keeping your privacy and identity secure.

1. Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like steering you clear of malicious downloads and links, protecting your email from phishing attacks, and providing you with a digital shredder that can permanently remove sensitive documents from your computer (simply deleting them won’t do that alone).

2. Use a VPN: A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.

3. Improve your passwords and use multi-factor authentication (MFA): Strong, unique passwords for each of your accounts, updated regularly, offer a strong line of defense against attackers. While this may require a bit of effort, a password manager can do the work for you by securely creating and storing strong, unique passwords for you. Comprehensive online protection software will include a password manager as one of its many features. Additionally, MFA adds yet another layer of security by double-checking your identity beyond your username and password, usually with a text or email. If any of your accounts offer MFA, consider using it.

4. Monitor your accounts: Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.

5. Check your credit report: This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.

6. Consider using identity protection: In addition to checking your own credit report, an identity protection service provides yet deeper monitoring of your personal information. Identity protection such as ours monitors up to 60 different pieces of vital personal information and notifies you of potential misuse—up to ten months sooner than similar services. In addition to this around-the-clock monitoring, it also provides up to $1 million in coverage for lawyer fees, travel expenses, lost wages, and more.

 

The post Today’s Trends: Consumers Prioritize Protection Over Convenience appeared first on McAfee Blogs.

Read More