It’s Data Privacy Day: Here’s How to Stay Protected in 2022

Read Time:4 Minute, 42 Second

When you logged on to your computer this morning, data privacy probably wasn’t the first thing you were thinking about. The same goes for when you opened your phone to catch up on social media and check emails, turned on your smart TV for a family movie night, or all the other ways we routinely use our connected devices in our everyday lives.  

Although we live in an increasingly connected world, most of us give little thought to data privacy until after our personal information has been compromised. However, we can take proactive steps to help ourselves and our loved ones navigate this environment in a safe way. On January 28th – better known as Data Privacy Day2 – we have the perfect opportunity to own our privacy by taking the time to safeguard data. By making data privacy a priority, you and your family can enjoy the freedom of living your connected lives online knowing that your information is safe and sound.  

Data Security vs. Data Privacy 

Did you know that there is a difference between data security and data privacy? Although the two are intimately intertwined, there are various characteristics of each that make them different. National Today3 provides a useful analogy to define the two:  

Data security is like putting bars on your windows to make it difficult for someone to break into your home (guarding against potential threats).  
Data privacy is like pulling down the window shades so no one can look inside to see what you are wearing, who lives with you, or what you’re doing (ensuring that only those who are authorized to access the data can do so).   

At this point, we already know not to share our passwords or PIN numbers with anyone. But what about the data that is collected by companies every time we sign up for an email newsletter or make an online account? Oftentimes, we trust these companies to guard the personal data they collect from us in exchange for the right to use their products and services. However, the personal information collected by companies today is not regarded as private by default, with a few exceptions. For this reason, it’s up to us to take our data privacy into our own hands.  

The Evolution of Data Breaches  

Because we spend so much of our day online, plenty of our information is available on the internet. But what happens if one of your favorite online retailers experiences a data breach? This is the reality of the world we live in today, as data breaches have been on the rise and hackers are continuously finding clever, new ways to access our devices and information.   

Thanks to the COVID-19 pandemic, we’ve become more reliant on technology than ever before. Whether it be for distance learning, online shopping, mobile banking, or remote work, we’ve all depended on our devices and the internet to stay connected. But with more time online comes more opportunities for cybercriminals to exploit. For example, with the massive increase in remote work since the onset of the pandemic, hackers have hijacked online meetings through a technique called ‘Zoombombing4.’ This occurred after the online conferencing company shared personal data with Facebook, Google, and LinkedIn. Additionally, the number of patient records breached in the healthcare industry jumped to 21.3 million in the second half of 2020 due to the increase in remote interactions between patients and their providers5 

When it comes to data breaches, any business is a potential target because practically every business is online in some way. When you put this in perspective, it’s important to consider what information is being held by the companies that you buy from. While a gaming service will likely have different information about you than your insurance company, you should remember that all data has value, and you should take steps to protect it like you would money.  

Protecting Your Privacy With McAfee  

Your browsing history and personal information are private, and we at McAfee want to keep it that way. By using McAfee Secure VPN, you can browse confidently knowing that your data is encrypted.  

To further take control of your data privacy, monitor the health of your online protection with McAfee’s Protection Score. This tool provides simple steps to improve your security and allows you to know how safe you are online, which is the first step towards a safer, more confident connected life. Check your personal protection score here

Here are a few more tips to keep you on top of your data privacy game:  

1. Update your privacy and security settings. Begin with the websites and apps that you use the most. Check to see if your accounts are marked as private, or if they are open to the public. Also, look to see if your data is being leaked to third parties. You want to select the most secure settings available, while still being able to use these tools correctly.  

2. Lock down your logins. Secure your logins by making sure that you are creating long and unique passphrases for all your accounts. Use multi-factor identification, when available. 

3. Protect your family and friends. You can make a big difference by encouraging your loved ones to protect their online privacy. By helping others create solid safety habits as they build their digital footprints, it makes all of us more secure. 

Follow the conversation this Data Privacy Day by following #PrivacyAware and #DataPrivacyDay on social media. 

The post It’s Data Privacy Day: Here’s How to Stay Protected in 2022 appeared first on McAfee Blog.

Read More

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Read Time:6 Minute, 55 Second

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat“), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

Image: Varonis.

According to an analysis released this week by Varonis, ALPHV is actively recruiting operators from several ransomware organizations — including REvil, BlackMatter and DarkSide — and is offering affiliates up to 90 percent of any ransom paid by a victim organization.

“The group’s leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater,” Varonis’s Jason Hill wrote.

One concern about more malware shifting to Rust is that it is considered a much more secure programming language compared to C and C++, writes Catalin Cimpanu for The Record. The upshot? Security defenders are constantly looking for coding weaknesses in many ransomware strains, and if more start moving to Rust it could become more difficult to find those soft spots.

Researchers at Recorded Future say they believe the ALPHV/BlackCat author was previously involved with the infamous REvil ransomware cartel in some capacity. Earlier this month the Russian government announced that at the United States’ request it arrested 14 individuals in Russia thought to be REvil operators.

Still, REvil rolls on despite these actions, according to Paul Roberts at ReversingLabs. “The recent arrests have NOT led to a noticeable change in detections of REvil malicious files,” Roberts wrote. “In fact, detections of files and other software modules associated with the REvil ransomware increased modestly in the week following the arrests by Russia’s FSB intelligence service.”

Meanwhile, the U.S. State Department has a standing $10 million reward for information leading to the identification or location of any individuals holding key leadership positions in REvil.

WHO IS BINRS?

A confidential source recently had a private conversation with a support representative who fields questions and inquiries on several cybercrime forums on behalf of a large and popular ransomware affiliate program. The affiliate rep confirmed that a coder for ALPHV was known by the handle “Binrs” on multiple Russian-language forums.

On the cybercrime forum RAMP, the user Binrs says they are a Rust developer who’s been coding for 6 years. “My stack is Rust, nodejs, php, golang,” Binrs said in an introductory post, in which they claim to be fluent in English. Binrs then signs the post with their identification number for ToX, a peer-to-peer instant messaging service.

That same ToX ID was claimed by a user called “smiseo” on the Russian forum BHF, in which smiseo advertises “clipper” malware written in Rust that swaps in the attacker’s bitcoin address when the victim copies a cryptocurrency address to their computer’s temporary clipboard.

The nickname “YBCat” advertised that same ToX ID on Carder[.]uk, where this user claimed ownership over the Telegram account @CookieDays, and said they could be hired to do software and bot development “of any level of complexity.” YBCat mostly sold “installs,” offering paying customers to ability to load malware of their choice on thousands of hacked computers simultaneously.

There is also an active user named Binrs on the Russian crime forum wwh-club[.]co who says they’re a Rust coder who can be reached at the @CookieDays Telegram account.

On the Russian forum Lolzteam, a member with the username “DuckerMan” uses the @CookieDays Telegram account in his signature. In one thread, DuckerMan promotes an affiliate program called CookieDays that lets people make money by getting others to install cryptomining programs that are infected with malware. In another thread, DuckerMan is selling a different clipboard hijacking program called Chloe Clipper.

The CookieDays moneymaking program.

According to threat intelligence firm Flashpoint, the Telegram user DuckerMan employed another alias — Sergey Duck. These accounts were most active in the Telegram channels “Bank Accounts Selling,” “Malware developers community,” and “Raidforums,” a popular English-language cybercrime forum.

I AM DUCKERMAN

The GitHub account for a Sergey DuckerMan lists dozens of code repositories this user has posted online over the years. The majority of these projects were written in Rust, and the rest in PHP, Golang and Nodejs — the same coding languages specified by Binrs on RAMP. The Sergey DuckerMan GitHub account also says it is associated with the “DuckerMan” account on Telegram.

Sergey DuckerMan’s GitHub profile.

Sergey DuckerMan has left many accolades for other programmers on GitHub — 460 to be exact. In June 2020, for example, DuckerMan gave a star to a proof-of-concept ransomware strain written in Rust.

Sergey DuckerMan’s Github profile says their social media account at Vkontakte (Russian version of Facebook/Meta) is vk.com/duckermanit. That profile is restricted to friends-only, but states that it belongs to a Sergey Pechnikov from Shuya, Russia.

A look at the Duckermanit VKontakte profile in Archive.org shows that until recently it bore a different name: Sergey Kryakov. The current profile image on the Pechnikov account shows a young man standing closely next to a young woman.

KrebsOnSecurity reached out to Pechnikov in transliterated Russian via the instant message feature built into VKontakte.

“I’ve heard about ALPHV,” Pechnikov replied in English. “It sounds really cool and I’m glad that Rust becomes more and more popular, even in malware sphere. But I don’t have any connections with ransomware at all.”

I began explaining the clues that led to his VK account, and how a key cybercriminal actor in the ransomware space had confirmed that Binrs was a core developer for the ALPHV ransomware.

“Binrs isn’t even a programmer,” Pechnikov interjected. “He/she can’t be a DuckerMan. I am DuckerMan.”

BK: Right. Well, according to Flashpoint, the Telegram user DuckerMan also used the alias Sergey Duck.

Sergey: Yep, that’s me.

BK: So you can see already how I arrived at your profile?

Sergey: Yep, you’re a really good investigator.

BK: I noticed this profile used to have a different name attached to it. A ‘Sergey Kryakov.’

Sergey: It was my old surname. But I hated it so much I changed it.

BK: What did you mean Binrs isn’t even a programmer?

Sergey: I haven’t found any [of] his accounts on sites like GitHub/stack overflow. I’m not sure, does binrs sell Rust Clipper?

BK: So you know his work! I take it that despite all of this, you maintain you are not involved in coding malware?

Sergey: Well, no, but I have some “connections” with these guys. Speaking about Binrs, I’ve been researching his personality since October too.

BK: Interesting. What made you want to research his personality? Also, please help me understand what you mean by “connections.”

Sergey: I think he is actually a group of some people. I’ve written him on telegram from different accounts, and his way of speaking is different. Maybe some of them somehow tied with ALPHV. But on forums (I’ve checked only XSS and Exploit) his ways of speaking are the same.

BK: …..

Sergey: I don’t know how to explain this. By the way, binrs now is really silent, I think he’s lying low. Well, this is all I know.

No doubt he is. I enjoyed speaking with Sergey, but I also had difficulty believing most of what he said. Also, I was bothered that Sergey hadn’t exactly disputed the logic behind the clues that led to his VK account. In fact, he’d stated several times that he was impressed with the investigation.

In many previous Breadcrumbs stories, it is common at this point for the interviewee to claim they were being set up or framed. But Sergey never even floated the idea.

I asked Sergey what might explain all these connections if he wasn’t somehow involved in coding malicious software. His answer, our final exchange, was again equivocal.

“Well, all I have is code on my github,” he replied. “So it can be used [by] anyone, but I don’t think my projects suit for malwares.”

Read More

Tracking Secret German Organizations with Apple AirTags

Read Time:1 Minute, 19 Second

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up:

Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices.

“To understand where mail ends up,” she writes (in translation), “[you can do] a lot of manual research. Or you can simply send a small device that regularly transmits its current position (a so-called AirTag) and see where it lands.”

She sent a parcel with an AirTag and watched through Apple’s Find My system as it was delivered via the Berlin sorting center to a sorting office in Cologne-Ehrenfeld. And then appears at the Office for the Protection of the Constitution in Cologne.

So an AirTag addressed to a telecommunications authority based in one part of Germany, ends up in the offices of an intelligence agency based in another part of the country.

Wittmann’s research is also now detailed in the German Wikipedia entry for the federal telecommunications service. It recounts how following her original discovery in December 2021, subsequent government press conferences have denied that there is such a federal telecommunications service at all.

Here’s the original Medium post, in German.

In a similar story, someone used an AirTag to track her furniture as a moving company lied about its whereabouts.

Read More

White House Releases Zero Trust Strategy for Federal Government

Read Time:2 Minute, 37 Second

White House Releases Zero Trust Strategy for Federal Government

The White House has unveiled its strategy to embed a zero trust approach to cybersecurity across the federal government.

The memorandum, published by the Office of Management and Budget (OMB), sets out a series of specific security goals for agencies to establish a ‘never trusted, always verified’ model. This includes introducing stronger enterprise identity and access controls, such as multi-factor authentication (MFA). It also wants federal agencies to have a complete inventory of every device it operates and authorizes for government use and encrypt all DNS requests and HTTP traffic within their environment.

The strategy represents a key component of delivering President Joe Biden’s Executive Order last year, which mandated a drive to secure cloud services and zero trust across federal government departments and their suppliers.

Federal agencies must incorporate the additional requirements identified in the new memorandum into their plans to develop zero trust architecture within 60 days. In addition, they need to designate and identify a zero trust strategy implementation lead for their organization.

The latest requirements were developed in response to increasingly sophisticated cyber-attacks, including the Log4j vulnerability. The OMB said such incidents have demonstrated that the federal government can no longer depend on conventional perimeter-based defenses to protect critical systems and data.

Federal chief information officer Clare Martorana commented: “Security is the cornerstone of our efforts to build exceptional digital experiences for the American public.

“Federal agency CIOs and IT leadership are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public.”

Responding to the memorandum, Vats Srivatsan COO of ColorTokens, pondered whether the UK will take a similar approach to mandating zero trust principles across the government. “This week the United States took a proactive step towards safeguarding the nation with resilient security. Government-wide zero trust mission completion will be a journey, and the path has been laid out in a set of goals and implementation efforts outlined in the OMB’s strategy. This undoubtedly sets a precedent for other countries and is a well laid-out model of implementation that the UK can and should borrow from.

“Zero trust is widely recognized as a highly effective, long-term approach to breach resilience; however, zero trust architecture can’t be achieved overnight. The sooner any institution embarks on a zero trust journey to modernize its cyber-defenses, the sooner zero trust maturity and breach resilience can be achieved. Boris Johnson is known to keep his eye on modern technology, so it is a surprise that the UK appears to be kicking the zero trust can down the road. That being said, the UK frequently follows suit on US policy, oftentimes with some initial hesitation. If the UK plans to stay ahead of the threat environment, it will certainly want to follow the US’s lead.”

Earlier this week, the UK government announced a new cybersecurity strategy designed to protect essential public sector services from being shut down by hostile actors.

Read More

M&A Trending In Cybersecurity Industry Vertical For 2022

Read Time:4 Minute, 46 Second

This blog was written by an independent guest blogger.

Requires strong due diligence

Nowadays you need a scorecard to keep track of the monthly acquisitions and mergers in the cybersecurity industry. Mergers and acquisition (M&A) of products, capabilities, and companies has become a common strategy for business and market growth.  Even through the Covid19 pandemic, trends in acquisition and consolidation of information security oriented companies remained quite strong. In fact, the volume of U.S. cybersecurity M&A deals hit 151 in the first three quarters of 2021, compared to 80, 88 and 94 in 2018, 2019 and 2020, respectively, according to data from 451 Research. Please see graphic from S&P Global Market Intelligence.

According to CSO, 2021 shaped up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity managementzero trust, managed security services, DevSecOps and cloud security. Top cybersecurity M&A deals for 2021 | CSO Online

In December 2021 alone, Security Week’s cybersecurity M&A roundup for December 2021 listed 35 deals amounting to $ billions of dollars in transactions. Cybersecurity M&A Roundup: 35 Deals Announced in December 2021 | SecurityWeek.Com

In 2022 M& A in cybersecurity will likely expand to ever greater heights. Because of the trend digital transformation, almost every company in every vertical has an information technology or operational technology component vital to successful operations. A breach could be devastation to a company bottom line and reputation, so cybersecurity capabilities have become more of a priority for the C-Suite as the stakes have risen.

No matter what industry you may be in, there certainly are high stakes involved with M & A. Companies are taking great risks in terms of their economic future when acquiring assets of a target company. A great amount of due diligence is invested in the M&A process to discover potentially harmful legal claims, tax issues, environmental issues, and confirming that the target company assets are provable, real, and unencumbered.

According to the consulting firm Deloitte, it is estimated that in 2022, about 60 percent of the organizations will consider cybersecurity posture in their due diligence process as a critical factor during any M&A2. Technology disruption Technology disruption assists companies to evolve into new business models and upgrade their traditional modes of operating business. PowerPoint Presentation (deloitte.com)

It is all about risks. “A damaged asset is worth less,” according to Sean Wessman, a Principal at EY’s Americas Risk and Cybersecurity Practice. “Cybersecurity issues potentially affect M&A in a number of ways. Given how costly data breaches can be in both tangible and intangible terms, acquirers want to get as much certainty as possible about the risks they are buying in a deal. “The Role of Cybersecurity in M&A – Journal of Cyber Policy

There is an array of activities involved in basic cybersecurity due M & A diligence. This include having a solid inventory of both hardware and software assets of the company being targeted for acquisition or merger.  Knowledge of where all sensitive data is kept, who has (or had) administrative access, and which 3rd parties participate in the supply chain is important to investigate. Of course, there are also the legal requirements of confirming validity of patents.

Physical security due diligence is a necessary step to how data centers are configured and protected and especially what hardware devices are connected to the networks. An unauthorized, or negligently networked device provides an easy means for economic espionage and avenue for hackers to exfiltrate data.

In our budding digital transformation era, the same focus must be applied to due diligence of software applications that serve as the core operation center of a company. An undiscovered vulnerability can seriously undermine the value and optimization of an acquisition.

 With software applications due diligence requires knowing what you have and what you do not have. Are the applications configured correctly, is there any hidden malware, are there risky legacy programs attached to the applications? And are there any potential Zero Day risks?

There is only one sure fire way to mitigate software application risk, at that is through comprehensive penetration testing.  Testing identifies vulnerabilities and allows for understanding the cyber- risks they are obtaining in a deal. Before the mergers & acquisition formally proceeds, all acquired application software should be tested to detect all variations of malware, known and unknown. Sometimes, the potentially acquired company does not even know fully what devices or applications they have operating in their own networks.

Testing can proactively discover vulnerabilities in legacy applications, distribution of IT assets, and many other use cases, including how the data and intellectual properties acquired are protected.

In conjunction with application testing, the cybersecurity M & A Process should also explore the proper business alignment and maintenance of all acquired applications and be part of a larger framework. For example, the Kroll Cyber Due Diligence for M & A infographic  provides a working overview. It should be noted, cyber due diligence, including testing of applications, is also important for post transaction operations.

The new realities of sophisticated and growing cyber threats in a digital world ensures that      M & A will continue to be a preferred strategy by companies for improving market capabilities and positioning for the near term. The trend in both government and the private sector of Zero Trust combined with regulatory initiatives will amplify the need for stronger products and services to meet challenges ahead. Including keeping our cybersecurity M & A scorecards up to date.

Read More

NCSC Warns UK Organizations to Prepare for Russian Cyber-Attacks

Read Time:2 Minute, 26 Second

NCSC Warns UK Organizations to Prepare for Russian Cyber-Attacks

The National Cyber Security Centre (NCSC) has warned UK organizations to prepare for Russian cyber-attacks amid ongoing geopolitical tensions in Ukraine.

The new guidance follows numerous malicious cyber-incidents in Ukraine in the past month, which the NCSC said corresponds with past Russian behavior. These include more than a dozen Ukrainian government websites getting taken offline in a cyber-attack, while a major malware wiper campaign targeting government, IT and non-profit organizations across the country was recently detected by Microsoft.

The agency noted that such incidents resemble high-profile attacks like NotPetya in 2017 and cyber-attacks against Georgia in 2019, which the UK government attributes to the Russian government.

While no specific threats to the UK have currently been identified, the UK government’s support for Ukraine in the crisis is likely to make it a target of Russian threat actors.

The dispute revolves around Russian concerns that Ukraine will join NATO, and it has built up a substantial force on the border, leading to fears of invasion.

To prepare for potential attacks, the NCSC has urged UK organizations to take action to secure their systems. These include patching systems, enabling multi-factor authentication, implementing an effective incident response plan and checking that backups and restore mechanisms are working. This guidance is primarily aimed at larger organizations. The NCSC has also advised any organization that has fallen victim to a cyber-attack to report the incident to the NCSC’s 24/7 Incident Management team.

Paul Chichester, NCSC director of operations, commented: “The NCSC is committed to raising awareness of evolving cyber-threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organizations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organizations follow the guidance to ensure they are resilient.

“Over several years, we have observed a pattern of malicious Russian behavior in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”

Commenting on the guidance, David Carroll, MD of Nominet Cyber, said: “Organizations should take heed of the NCSC’s warning today and prioritize its recommendations to increase their cyber-resilience in the wake of worsening relations with Russia. This guidance is in line with the cybersecurity reality that has emerged over the past decade, where geopolitical activity and real-world warfare are increasingly mirrored in the cyber sphere.

“Experience has taught us that government, public sector and private sector organizations can become targets for malicious activity from hostile states and the UK government is right to take a proactive approach to protection. Organizations should prioritize identifying and patching vulnerabilities in their software, which have traditionally been a vector for large-scale attacks in the past, and be actively monitoring for breaches or potentially suspicious activity.”

Read More

Online Investment Fraud Network Taken Down by Law Enforcement

Read Time:1 Minute, 30 Second

Online Investment Fraud Network Taken Down by Law Enforcement

Bulgarian law enforcement has successfully taken down a network of online investment fraudsters responsible for losses of more than €10m.

The operation, supported by Europol and Eurojust, took place on January 26. This resulted in the arrest of one individual by the Bulgarian National Police on suspicion of defrauding mainly German and Greek investors out of at least €10m. In addition, 24 locations were searched, police officers interviewed 66 witnesses in Sofia and Burgas and a variety of electronic equipment, financial information and recordings were seized.

The scam was conducted by an organized crime group that set up bogus websites and call centers. Call operators speaking German, Greek, English and Spanish posed as financial consultants and contacted potential investors with promises of significant profits. This led to several hundred victims making substantial investments, which they lost entirely.

German and Greek investors who lost their investments notified law enforcement, leading to the investigation and subsequent action.

During the operation, two experts from Europol were on the ground to facilitate the information exchange and provide real-time operational analysis and technical expertise. The joint action was coordinated by Eurojust, who also provided cross-border judicial support.

Europol explained: “In 2019, Bulgarian authorities started investigations and Eurojust set up a joint investigation team (JIT) between Bulgaria, Germany, Greece, Serbia and Europol. Following five coordination meetings with Europol and Eurojust, the JIT members were able to identify the two fraudulent call centers in Bulgaria. The Bulgarian police, supported by the Serbian authorities, dismantled both call centers on the action day.”

Last November, Proofpoint warned consumers of a significant rise in call center threat activity, in which attackers use email alongside call center customer service agents to scam victims, sometimes out of tens of thousands of dollars.

Read More

“A Journey to Zero Trust With Zero Passwords” – download the free guide now

Read Time:21 Second

Graham Cluley Security News is sponsored this week by the folks at HYPR. Thanks to the great team there for their support! The analysts at The Cyber Hut have produced a new guide that explains how Zero Trust can increase business agility, and provides practical guidance for eliminating passwords to accelerate your Zero Trust strategy. … Continue reading ““A Journey to Zero Trust With Zero Passwords” – download the free guide now”

Read More

News, Advisories and much more

Exit mobile version