Yet another method of surveillance:

Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exists in current Google Nest smart displays, though instead of radar, Google employs ultrasonic sound waves to measure a person’s distance from the device. When a Nest Hub notices you’re moving closer, it highlights current reminders, calendar events, or other important notifications.

Proximity alone isn’t enough. What if you just ended up walking past the machine and looking in a different direction? To solve this, Soli can capture greater subtleties in movements and gestures, such as body orientation, the pathway you might be taking, and the direction your head is facing — ­aided by machine learning algorithms that further refine the data. All this rich radar information helps it better guess if you are indeed about to start an interaction with the device, and what the type of engagement might be.

[…]

The ATAP team chose to use radar because it’s one of the more privacy-friendly methods of gathering rich spatial data. (It also has really low latency, works in the dark, and external factors like sound or temperature don’t affect it.) Unlike a camera, radar doesn’t capture and store distinguishable images of your body, your face, or other means of identification. “It’s more like an advanced motion sensor,” Giusti says. Soli has a detectable range of around 9 feet­ — less than most cameras­ — but multiple gadgets in your home with the Soli sensor could effectively blanket your space and create an effective mesh network for tracking your whereabouts in a home.

“Privacy-friendly” is a relative term.

These technologies are coming. They’re going to be an essential part of the Internet of Things.

Read More

Critical vulnerabilities in a software agent that’s used for remote management could allow hackers to execute malicious code and commands on thousands of medical and other types of devices from healthcare, manufacturing and other industries. Patches have been issued by the software agent’s developer, but most of the affected device vendors will need to release their own updates.

In the meantime, users should mitigate the risks by doing network segmentation and blocking some of the communication ports that can be used to exploit the vulnerabilities.

Seven vulnerabilities on the Axeda platform

Seven flaws ranging in severity from critical to medium were discovered in the Axeda platform by researchers from Forescout and CyberMDX. Axeda was a standalone solution, but is now owned by computer software and services company PTC, which develops solutions for the industrial IoT market.

To read this article in full, please click here

Read More

Businesses today have many tools in their security stack and security teams find themselves spending too much time managing the tools and not enough time tackling business-critical projects. Security tool overload creates internal challenges and distracts from the primary business mission. How can companies better protect themselves while staying on track to achieve goals?

 Let’s take a look at how working with a managed security service provider (MSSP) to manage your extended detection and response (XDR) solution can improve security coverage in busy and complex environments.

Much like secure access service edge (SASE) combines several network security protections, XDR combines network and endpoint detection and response capabilities with endpoint protection and security orchestration, automation, and response (SOAR). As with SASE, the devil is in the details.

XDR as a service helps you scale

One material way to simplify security is to enlist the aid of an MSSP. These experts have a deep understanding of how the tools work, and they have broad experience installing and running a variety of products and platforms in different customer environments.

XDR provides protection, detection, and response across the security ecosystem

While AT&T’s USM-based XDR is vendor-agnostic, it features a unique integration with SentinelOne, one of the leading vendors in the endpoint detection and response space. SentinelOne consolidates multiple endpoint security solutions, including next generation antivirus, pre-execution protection, and AI-based detection and response, into a single agent. The USM Anywhere integration with SentinelOne powered by the SentinelOne Advanced AlienApp allows the SOC analyst to terminate malicious processes, quarantine infected devices, and even roll back events to keep endpoints in a constant clean state. All this is achieved from a single pane of glass with the USM Anywhere platform.

Services based on AT&T’s USM Anywhere and SentinelOne bring broad visibility into your environment through their ability to interoperate with many security tools utilizing AT&T’s AlienApp integrations. These connections across your environment pull events and security intelligence into one centralized hub for further correlation and add context to help you respond faster to investigations and threats. With an extensive and evolving library of AlienApps, you will not need to rip and replace your current infrastructure; as you grow or change, your security can too.

Intelligence is key

Threat intelligence is critical for accurate detections and reducing false positives. This is one of the strengths of the USM Anywhere-based solutions—they include access to AT&T’s unique perspective as a service provider and operator of one of the largest networks in the world.

It starts with the world’s largest open threat intelligence community, AT&T Alien Labs Open Threat Exchange (OTX), feeding in data from researchers around the globe. Additional machine learning and security analytics help correlate the data and provide context so threats can be identified faster and more accurately. However, the biggest advantage is the AT&T Alien Labs researchers who, in combination with the OTX platform, can discover infrastructure and tools used by threat actors to host their operations and launch ransomware and other sophisticated cyberattacks. By concentrating on threat actor tactics, techniques, and procedures (TTPs), this approach provides early-stage, more predictive identification of threats, which means higher-fidelity detection of evolving threats.

Highly contextualized and correlated data is automatically maintained and fed into the award-winning USM platform, along with AlienApp intelligence for data analysis across your growing business.

Vendor lock-in, or multi-vendor integration?

One approach to addressing security tool complexity is to “go all in” with one vendor. The argument here is that standardizing on one vendor’s approach is better because the tools were designed to work together. However, the truth is that often each vendor’s products are more a collection of acquired technology than an integrated solution, and roadmaps for consolidation frequently stretch to the horizon. Not to mention that vendors tend to be leaders in one type of tech but followers in most other areas.

Another approach to consider is an open XDR solution. This approach brings together two important existing solutions: advanced security information and event management (SIEM) platforms with correlation engines, and endpoint detection and response agents. They also have deep integrations with third-party tools such as firewalls, SaaS/IaaS clouds, SASE solutions, and more. These integrations make responding to incidents, and automating responses, quick and easy. With this approach, you are free to choose the best security vendors with the confidence that they can be used together without the need for you to replace your entire stack.

Conclusion

There are no quick fixes for most of our modern security challenges, but one clear way to simplify things is to select products and services that are well integrated and offer the flexibility to mix and match critical components. By relying on MSSPs, organizations can reduce the need for both staff and subject matter expertise. Since detection and response has a significant learning curve, businesses can also realize significant savings and rest assured that their network is guarded by professionals. AT&T’s USM-based XDR brings together our strongest resources to help you improve your time to detect, respond, and recover from threats. Leverage our advanced security analytics, leading endpoint security, deep integrations with industry-leading vendors, and world-class 24×7 support to drive efficiencies in your security operations and help you find and quickly act on true threats to your business.

To learn more, visit AT&T Cybersecurity MSSP Partner Program (att.com)

Read More

Crypto firms say digital currency unlikely to be used to evade sanctions

Read More

FBI reveals concerning new details of RagnarLocker campaigns

Read More

The year is 2054 and a man walks into a Gap store. The virtual salesperson greets him by name, “Hello Mr. Yakomoto. Welcome back to the Gap,” from the life-size video monitor. This famous scene is cribbed from the film Minority Report. The prescience displayed in the 2002 film has actually short-changed the advances of science and technology between then and now. Indeed, some may argue that today we are well beyond the fictional capabilities of the Minority Report. The moral dilemma posed in the film, however, remains.

Today many sensors and cameras are in constant search-and-connect mode. Recently, Clearview AI has announced that it is taking its advanced facial recognition technologies beyond the already controversial government/law enforcement usage into the commercial sector. The company, according to the Washington Post, has accumulated over 100 billion facial photos and is adding to the total at a rate of 1.5 billion images per month, which it wishes to monetize. 

To read this article in full, please click here

Read More

New research has highlighted the creative and occasionally unusual lengths fraudsters take to carry out social engineering attacks. Proofpoint has listed what it describes as the five strangest social engineering scams it detected last year, with campaigns including the spoofing of soccer coaches and scholars to trick victims into parting with data and money.

As organizations continue to struggle to defend information, devices, and systems against socially engineered attacks, experts say the most successful social engineering groups are usually the most imaginative. “Social engineering is inherently people-centric, and regardless of whether threat actors are targeting businesses or individuals, they’re responding in real time to the events and themes that have the attention of the wider world,” Lucia Milică, global resident CISO at Proofpoint, tells CSO.

To read this article in full, please click here

Read More

New discovery could give attackers full control over a targeted system

Read More

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies, what it was like on a typical day at the Conti office, and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies.

When you’re perhaps the most successful ransomware group around — Conti made $180 million last year in extortion payments, well more than any other crime group, according to Chainalysis — you tend to have a lot digital currency like Bitcoin.

This wealth allowed Conti to do things that regular investors couldn’t — such as moving the price of cryptocurrencies in one direction or the other. Or building a cryptocurrency platform and seeding it with loads of ill-gotten crypto from phantom investors.

One Conti top manager — aptly-named “Stern” because he incessantly needled Conti underlings to complete their assigned tasks — was obsessed with the idea of creating his own crypto scheme for cross-platform blockchain applications.

“I’m addicted right now, I’m interested in trading, defi, blockchain, new projects,” Stern told “Bloodrush” on Nov. 3, 2021. “Big companies have too many secrets that they hold on to, thinking that this is their main value, these patents and data.”

In a discussion thread that spanned many months in Conti’s internal chat room, Stern said the plan was to create their own crypto universe.

“Like Netherium, Polkadot and Binance smart chain, etc.,” Stern wrote. “Does anyone know more about this? Study the above systems, code, principles of work. To build our own, where it will already be possible to plug in NFT, DEFI, DEX and all the new trends that are and will be. For others to create their own coins, exchanges and projects on our system.”

It appears that Stern has been paying multiple developers to pursue the notion of building a peer-to-peer (P2P) based system for “smart contracts” — programs stored on a blockchain that run whenever predetermined conditions are met.

It’s unclear under what context the Conti gang was interested in smart contracts, but the idea of a ransomware group insisting on payments via smart contracts is not entirely new. In 2020, researchers from Athens University School of Information Sciences and Technology in Greece showed (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts.

Before that, Jeffrey Ladish, an information security consultant based in Oakland, Calif., penned a two-part analysis on why smart contracts will make ransomware more profitable.

“By using a smart contract, an operator can trustlessly sell their victims a decryption key for money,” Ladish wrote. “That is, a victim can send some money to a smart contract with a guarantee that they will either receive the decryption key to their data or get their money back. The victim does not have to trust the person who hacked their computer because they can verify that the smart contract will fairly handle the exchange.”

The Conti employee “Van” appears to have taken the lead on the P2P crypto platform, which he said was being developed using the Rust programming language.

“I am trying to make a p2p network in Rust,” Van told a co-worker “Demon” on Feb. 19, 2022. “I’m sorting it out and have already started writing code.”

“It’s cool you like Rust,” Demon replied. “I think it will help us with smart contracts.”

Stern apparently believed in his crypto dreams so much that he sponsored a $100,000 article writing contest on the Russian language cybercrime forum Exploit, asking interested applicants to put forth various ideas for crypto platforms. Such contests are an easy way to buy intellectual property for ongoing projects, and they’re also effective recruiting tools for cybercriminal organizations.

“Cryptocurrency article contest! [100.000$],” wrote mid-level Conti manager “Mango,” to boss Stern, copying the title of the post on the Exploit forum. “What the hell are you doing there…”

A few days later Mango reports to Stern that he has “prepared everything for both the social network and articles for crypto contests.”

DISTRIBUTED DENIAL OF DISCORD?

On June 6, 2021, Conti underling “Begemot” pitched Stern on a scheme to rip off a bunch of people mining virtual currencies, by launching distributed denial-of-service (DDoS) attacks against a cryptocurrency mining pool.

“We find young forks on exchanges (those that can be mined), analyze their infrastructure,” Begemot wrote.

Begemot continues:

“Where are the servers, nodes, capitalization, etc. Find a place where crypto holders communicate (discord, etc. ). Let’s find out the IP of the node. Most likely it will be IPv6. We start ddosing. We fly into the chat that we found earlier and write that there are problems, the crypt is not displayed, operations are not carried out (because the crypt depends on mining, there will really be problems ). Holders start to get nervous and withdraw the main balance. Crypto falls in price. We buy at a low price. We release ddos. Crypto grows again. We gain. Or a variant of a letter to the creators about the possibility of a ransom if they want the ddos ​​to end. From the main problem points, this is the implementation of Ipv6 DDoS.”

Stern replies that this is an excellent idea, and asks Begemet to explain how to identify the IP address of the target.

SQUID GAMES

It appears Conti was involved in “SQUID,” a new cryptocurrency which turned out to be a giant social media scam that netted the fraudsters millions of dollars. On Oct. 31, 2021, Conti member “Ghost” sent a message to his colleagues that a big “pump” moneymaking scheme would be kicking off in 24 hours. In crypto-based pump-and-dump scams, the conspirators use misleading information to inflate the price of a currency, after which they sell it at a profit.

“The big day has arrived,” Ghost wrote. “24 hours remaining until the biggest pump signal of all time! The target this time will be around 400% gains possibly even more. We will be targeting 100 million $ volume. With the bull market being in full effect and volumes being high, the odds of reaching 400% profit will be very high once again. We will do everything in our power to make sure we reach this target, if you have missed our previous big successful pumps, this is also the one you will not want to miss. A massive pump is about to begin in only 24 hours, be prepared.”

Ghost’s message doesn’t mention which crypto platform would be targeted by the scam. But the timing aligns with a pump-and-dump executed against the SQUID cryptocurrency (supposedly inspired by the popular South Korean Netflix series). SQUID was first offered to investors on Oct. 20, 2021.

As Gizmodo first reported on Nov. 1, 2021, just prior to the scam SQUID was trading at just one cent, but in less than a week its price had jumped to over $2,856.

Gizmodo referred to the scam as a “rug pull,” which happens when the promoter of a digital token draws in buyers, stops trading activity and makes off with the money raised from sales. SQUID’s developers made off with an estimated $3.38 million (£2.48m).

“The SQUID crypto coin was launched just last week and included plenty of red flags, including a three-week old website filled with bizarre spelling and grammatical errors,” Gizmodo’s Matt Novak wrote. “The website, hosted at SquidGame.cash, has disappeared, along with every other social media presence set up by the scammers.”

Read More

Access blocked to 7000 publications after strike on world’s largest digital newspaper distributor

Read More