Post on 18-Aug-2020
transcript
The 16th International Conference on
Applied Cryptography and Network
Security – ACNS 2018
Location: Leuven, Belgium
Date: July 2-4, 2018
https://www.basecybersecurity.com/cyber-
security-events-infosec-conferences-it-
security-trainings-europe-2018-
calendar/the-16th-international-conference-
on-applied-cryptography-and-network-
security/
ACNS is an annual conference focusing on current developments that attempt to advance the areas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works as well as developments in industrial and technical frontiers. The conference is organised by the Computer Security and Industrial Cryptography (COSIC) group at KU Leuven. eCrime & Artificial Intelligence Forum
Location: London, UK
Date: July 5, 2018
http://akjassociates.com/event/aiforum/
The e-Crime AI Forum will cover the key
subjects for its audience of professionals
tasked with safeguarding digital assets and
sensitive data. There will be real-life case
studies, strategic talks and technical break-
out sessions to help end-users understand
how these new technologies can be cost-
effectively deployed in real-life business
situations.
SteelCon
Location: London, UK
Date: July 7-8, 2018
https://www.basecybersecurity.com/cyber-
security-events-infosec-conferences-it-
security-trainings-europe-2018-
calendar/steelcon-2018/
SteelCon is a hacker conference organised
for anyone who is interested in how things
Enough memory?
If we talk about large archives in the past, surely the Library of Alessandria is representative of this domain, like the Google archive; the library was built around the III century BC during the reign of Tolomeo II. From what we know, in the library there was a team of grammarians and philologists with the task of annotating and correcting the texts of the various works. Of each work were then written critical editions also kept within the Library. It is estimated that the preserved parchment rolls were around 490,000. We are, therefore, talking about the largest and most extensive library in the ancient world and the main center of Hellenistic culture. Archive of great value but destroyed several times in the period 48 A.C and 642 D.C In this case, the deletion of data is due not to data leakage, but accidental events or piloted, such as the fire following the expedition of Julius Caesar in 48 BC, in which Seneca speaks of over 40,000 books went destroyed. Phenomena that have been repeated in history cancelling part of our analog memory. Today in the digital world we are faced with similar issues. The Internet Archive, a non-profit project, is already something similar at the Library of Alexandria. Here there are over 300 billion images from the network and cataloged. The founders of this project believe that the memory of the network is not resilient and that important pieces of our history may be lost. If we analyze some numbers, we realize that Big Data has reached a considerable dimension. Every minute on Snapchat, last year, 500,000 photos were sent, and the Google engine managed something like 3 million searches.
Twitter, the social network of 280 characters, generates 12 million petabytes every day. Knowing the capabilities that we have of producing memory is easy to calculate that, with these trends, storage areas may be scarce. I would say that already today, each of us has already abandoned the use of CD and DVD using the services in the cloud to store their data. Moreover, many users that were relying on CD had discovered that they were not able to recover their data and lost them. In this context, in addition to the problem of the production capacity of memory, in order to reach levels of availability compatible with the size of Big Data, there is also the theme of how to differentiate data. What should be stored and what can be considered rubbish, where to store, how to protect our memory and history. This is the responsibility on which we need to raise awareness toward organizations, governments in order to create a cultural heritage rather than an amnesia we might risk suffering in the near future. In the digital world, data can be erased with just one click, and viruses or computer attacks could eliminate entire parts of our history and knowledge. Today what remains of the codes of Leonardo da Vinci or the code of Hammurabi are preserved and consultable. The same should happen for the algorithms that are changing our dynamics, life and that are no longer carved in stone. Enjoy your reading Nicola Sotira General Manager GCSEC
events
editorial
2018 June
Mobile Financial Malware 2017: international threat report by Davide Fania – XTN
Protecting your digital assets against cyber attacks by Marco Essomba – iCyber-Security Group Poker and Security by Leron Zinatullin – author of The Psychology of Information Security.
The international threat report is intended to describe the typical behaviour of Android malware, in particular within a financial context. To
access the full document please scan the QRCode below.
Developers of mobile banking/payments malware are the first to use new technologies and are always looking for ways to bypass security mechanisms implemented in mobile operating systems.
The full report is composed of four sections as follows:
Section 1 describes the context of a mobile malware attack. A huge amount of mobile malware has been developed in the last years. This is caused by two factors. In the first place, the mobile app development context is technologically less mature, especially considering the security prospective. Secondly, users have less insight into the implications of their actions when they use a mobile device. A very meaningful quote that best describes this aspect in a few words, is:
“For those who target personal bank accounts, mobile malware is cheaper and safer to use than banking trojans.”
With the purpose of addressing the importance of mobile security, Figure 1 shows the ever-growing number of Mobile devices across the world, that in 2016, has even surpassed Desktops in terms of connections to the Internet. Enforcing security on mobile devices has never been so crucial: what we've seen so far is only the beginning.
Figure 1: Snapshot of worldwide Internet usage through October 2016 (source: StatCounter).
work, how things can be broken and how
they can be fixed. The organisers aim to
deliver something for everyone with a wide
range of talks, workshops, challenges and
good old fashioned social networking.
4th Global Summit and Expo on Multimedia & Artificial Intelligence
Location: Rome, Italy
Date: July 19-21, 2018
https://multimedia.global-summit.com/
4th Global Summit and Expo on Multimedia
& Artificial Intelligence is a leading
conference for international community of
academic experts, scholars and business
people in the field of Multimedia & Artificial
Intelligence Technologies.
Multimedia 2018 conference serves as a
multi-disciplinary gathering for the
discussion and exchange of information on
the research, development, and applications
on all topics related to Multimedia & AI.
Attackers Spy and Steal from Financial Firms
https://www.infosecurity-
magazine.com/news/attackers-spy-and-
steal-from/
In an attempt to steal sensitive data, cyber-criminals have been targeting financial firms by building hidden tunnels in order to break into networks. According to a report released today by Vectra, these attack behaviors are the same as those that led to the 2017 Equifax breach. According to a new report, 2018 Spotlight
Report on Financial Services, attackers are
able to gain remote access through the use of
command-and-control (C&C). In the data
analyzed, attackers had established nearly 30
web shells accessible from approximately 35
different public IP addresses, which allowed
them to exfiltrate data while going undetected.
Banks must use technology to stay
compliant and profitable
https://www.itproportal.com/features/banks-
must-use-technology-to-stay-compliant-
and-profitable/
Banking and financial services are undoubtedly among the most heavily regulated sectors to work in -and for good reason. Companies in these sectors frequently handle the data of millions of consumers, not to mention businesses and even governments. From the new Second Payment Services Directive (PSD2) and the even newer EU General Data Protection Regulation (GDPR), to the Financial Services and Markets Act 2000 (FSMA) and the Payment Card Industry Data Security Standard (PCI DSS) there are many rules…
Mobile Financial Malware 2017: international threat report by Davide Fania – XTN
in this issue
news
Section 2 describes how attackers inject malicious applications or
code in users’ devices. The typical goal of attackers is obtaining payment credentials, that could be used later on to commit fraud, or accessing private user data.
Summarizing, a mobile attack consists of three main phases: injection, backdoor installation, data exfiltration.
o The malware injection phase aims at bringing a
malicious application or piece of code to the execution
environment in which the attack will be performed.
o The backdoor installation phase aims at opening a
unidirectional or bidirectional connection towards a backend
owned by the attacker. Its purpose is to set up a persistent
communication channel between the infected device and the
malicious agent.
o The exfiltration phase purpose is to access sensitive
information and forward them through the communication
channel established in the previous phase.
“Attackers typically aim at compromising confidential user
information with the purpose of executing final attacks on
other channels.
In order to access private user data, an attacker exploits
users' trust in known sources and users’ risk misperception in
performing sensitive actions on mobile devices”.
This approach is used in the injection phase, for example by means
of trojans and/or in the data exfiltration phase. Figure 2 shows an
example of a bankbot malware sample, Jewel Star Classic
distributed through the Google PlayStore. This trojan, created by
injecting a malicious payload in a legitimate code, aimed at spoofing
the identity of Jewels Star, a quite famous game, according to
statistics, with 50 to 100 thousand of legitimate installations. This
way, attackers were able to induce users at downloading and
installing it. At this point, the injection phase is completed.
Figure 2: The malicious version of Jewel Star in the PlayStore.
Section 3 describes how financial malware typically works and
provides an overview of the current malware landscape. An extensive analysis of a relevant amount of financial malware samples identifies the six typical behaviours of malware, the malware families and their geographical distribution. Financial cybercriminals are always looking for new ways to exploit users and extract money from them. In these last years, a huge amount of financial malware has been developed which has led to a variety of malware families. However, the most widespread trends are gaining
Threat modeling: What’s all the buzz about? https://www.helpnetsecurity.com/2018/06/21/threat-modeling/ Keen observers will have noted an uptick in activity around threat modeling within the information security community recently with new tools being released and strategies and methodologies being discussed on social media; culminating in a week-long threat modeling track at the Open Security Summit (formally OWASP Summit). What is threat modeling? In order to answer this question I will refer to the recently updated OWASP application threat modeling page: Threat modelling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. WannaCry is back! (Psych. It's just phisher folk doing what they do) https://www.theregister.co.uk/2018/06/21/wannacry_is_back_except_its_not/ An unusually large wave of phishing emails was spewed out this morning, with recipients warned that all their devices had been infected by WannaCry. Action Fraud UK has said it has already received over 200 reports of the phishy email this morning, while beleaguered IT support contractors – seemingly mostly based in the UK – were asking users to delete, refrain from clicking links and carry on with their lives. Still others were, um, urging clients to install extra security software... Teen phone monitoring app leaked thousands of user passwords
https://www.difesaesicurezza.com/en/cyber-en/here-it-is-zacinlo-a-malware-that-is-operating-in-stealth-since-6-years/
There is a malware on Windows 10 that
operated for 6 years covertly. It’s dubbed
Zacinlo and it has been discovered by
Bitdefender cyber security experts. This rare
strain of malware typically operates by
silently rendering webpages in the
background in hidden windows to simulate
clicks and keyboard interactions, or can
replace ads naturally loaded in an open web
browser with its own ads to collect revenue.
The malicious code is armed with a
sophisticated array of features to ensure it
remains undetected, featuring an adware
cleanup routine to remove any potential
rivals.
It can also uninstall or delete services based
on instructions it receives from the command
and control infrastructure, to which it
routinely sends information about its
environment, including what form of anti-
malware services may be installed, and
which applications are running on startup.
administration privileges and tricking users through overlays. A very representative family that is showing such behaviour and is currently attacking a variety of organizations is Red Alert24.
In addition to its behaviour, another interesting part is the overlay attack mechanism which differs from older families both in terms of implementation and in targets management. In fact, targets are stored onto the attacker's server and are not sent back to the mobile malware, making the life of an analyst much harder. Cybercriminals are constantly looking for ways to bypass Android’s new protection mechanisms, often using basic, but valid techniques.
Section 4 describes the solution against the ever-growing threat of financial malware,that is a behavioural-based detection mechanism named malware engine. Conventional antivirus programmes that are available in the market often still base their detection on signatures, even if these are more punctual in detection, this type of approach presents many drawbacks and is generally unable to detect unknown malware. In the mobile context, which is drastically dynamic, this is a huge problem.
To verify if a new file is malicious can be complex and time consuming. In many cases the malware has already evolved by then. The delay in identifying new forms of malware makes corporations and consumers vulnerable to serious damage. For this reason, our engine based on behavioural analysis involves machine learning mechanisms and advanced algorithms, modelled and implemented as a result of long-term business intelligence tasks.
The advantages for analysts using this kind of solution can be explained with the following quote:
“Malware detection is only the first step. It provides information about the related family along with the detected
behaviours, allows an analyst to understand the possible impacts on a final client and then trigger the most suitable
mitigation”.
Scan to access the full document or click here
3,000+ mobile apps leaking data from unsecured Firebase databases https://www.helpnetsecurity.com/2018/06/20/unsecured-firebase-databases/
Appthority security researchers discovered the HospitalGown vulnerability in 2017 which leads to data exposures, not due to any code in the app, but to the app developers’ failure to properly secure backend data stores (hence the name). The new Firebase variant exposes large amounts of mobile app-related data stored in unsecured Firebase databases. Exposed data from includes personally identifiable information (PII), private health information (PHI), plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and registration numbers, and more data leaking from vulnerable apps. Modern Cybersecurity Demands a Different Corporate Minds https://www.darkreading.com/vulnerabilities---threats/modern-cybersecurity-demands-a-different-corporate-mindset-/a/d-id/1332013?utm_content=bufferce9b6&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Today, all organizations are digital by default. However, it has never been more difficult for organizations to map the digital environment in which they operate, or their interactions with it. Every organization's technology infrastructure is both custom-made and increasingly complex, spanning networks that consist of tools and technologies that may be on-premises or in the cloud — or, quite commonly, a combination of both. Yet there is no reward without risk. Digital business inherently means utilizing new technology, connecting devices and operating platforms, embracing different ways of working, building large-scale data silos, and so on. The convergence of Internet of Things networks with what were once separate and self-contained — and therefore more manageable — systems represents a fundamental change. Will blockchain power the next generation of data security? https://www.helpnetsecurity.com/2018/06/18/blockchain-next-generation-data-security/ Cryptomania is dominating conversations from Silicon Valley to Wall Street. But ‘cryptocurrency’ is only one implementation of the underlying technology innovation that has the ability to transform the way future technology products are designed and built. Of course, that technology is blockchain, the decentralized digital ledger that makes Bitcoin and other cryptocurrencies possible.
You have been hacked! Those are four words that no organization wants to hear - ever. The reality is that all organisations are vulnerable to cyber criminals activities. According to a recent article by Kelly Sheridan (Dark Reading), the Cybercrime Economy Generates $1.5 Trillion a Year!T hat’s a mind blowing figure. In this article, I share some thoughts as to why the current mechanisms of fighting back against cyber attacks are not working. Read on. Cybercrime pays There are many reasons why cyber criminals appear to be winning the fight and reaping the rewards. For one, it is clear that cybercrime pays and most of those criminal organisations now run like legitimate businesses with organized operations, strategies, support, and profits reinvested into research and development efforts. Those criminal organisations are not much different to security software vendors that are continuously looking for issues and provide updates to patch vulnerabil ities and security flaws. It’s an always on race.
Lack of a fully integrated security ecosystem Cybersecurity Ventures listed 500 of the world’s hottest and most innovative cybersecurity companies to watch in 2017. From Adaptive Security Platforms, Email Security products, to Anti-Virus & Malware Protection, the list is huge. Which one should you use and for what purpose? Will your chosen product integrate well with other security vendors? How do those products compare? There are a lot of considerations that
each organisation have to take into account. From the total cost of ownership of the product, ease of use, quality of service, support, etc. In any case, 500 security vendors is a huge menu to select from. Network & Security Managers have the challenging task of assessing multiple vendors and selecting the product and services that match their organisation’s needs. Not an easy task in a very crowded and noisy cyber security market place. Security analysts have been predicting for a while that the entire cyber security industry is ripe for consolidation. The same thing happened in other sectors like manufacturing, systems management, enterprise applications, and telecommunications. So it makes sense that the cyber security industry will go through the sa me process. More integration, more consolidation, less security vendors Fundamentally, software will continue to have vulnerabilities that can be exploited by malicious attackers for their own gains. As software developers get more adept at secure coding, it is expected that vulnerabilities will steadily diminish but cannot be avoided altogether. Machines are very good at boring and repetitive tasks but lack context and insights. Humans are very good at contextualising and finding solutions in creative ways but lack the repetitive stamina to conduct boring tasks consistently. As machines carry more and more automated security analysis to look for vulnerabilities in various systems, both humans and machines must work together. Fully Integrated & Coordinated Cyber Defence Infrastructure Organisations will need to find better ways to integrate their entire cyber security infrastructure and ecosystem in order to respond better and faster to cyber attacks. Like criminal organisations, companies that are serious about cyber security will have to use a defence-in-depth strategies that include a fully integrated security infrastructure that is working as one effective defence system. They should combine traditional network defence mechanisms such as firewalls, intrusion detection systems, endpoint protection, web application firewalls, etc. with external threat intelligence methods, and adaptive threats response, in order to stay one step ahead of cyber criminals Conclusion The cyber security industry is ripe for consolidation. Too many security vendors. Too many products. What is required is a fully integrated approach to cyber security, where humans and machines work as one, in an self -automated and coordinated manner in order to fight back effectively against the relentless and ever growing cyber threats.
Protecting your digital assets against cyber attacks by Marco Essomba
Good poker players are known to perform well under pressure. They play their cards based on rigorous probability analysis and impact assessment. Sounds very much like the sort of skills a security professional might benefit from when managing information security risks. What can security professionals learn from a game of cards? It turns out, quite a bit. Skilled poker players are very good at making educated guesses about opponents’ cards and predicting their next moves. Security professionals are also required to be on the forefront of emerging threats and discovered vulnerabilities to see what the attackers’ next move might be. At the beginning of a traditional Texas hold’em poker match, players are only dealt two cards (a hand). Based on this limited information, they have to try to evaluate the odds of winning and act accordingly. Players can either decide to stay in the game – in this case they have to pay a fee which contributes to the overall pot – or give up (fold). Security professionals also usually make decisions under a high degree of uncertainty. There are many ways they can treat risk: they can mitigate it by implementing necessary controls, avoid, transfer or accept it. Costs of such decisions vary as well. Not all cards, however, are worth playing. Similarly, not all security countermeasures should be implemented. Sometimes it is more effective to fold your cards and accept the risk rather than pay for an expensive control. When the odds are right a security professional can start a project to implement a security change to increase the security posture of a company. When the game progresses and the first round of betting is over, the players are presented with a new piece of information. The poker term flop is used for the three additional cards that the dealer places on the table. These cards can be used to create a winning combination with each player’s hand. When the cards are revealed, the player has the opportunity to re-assess the situation and make a decision. This is exactly the way in which the changing market conditions or business requirements provide an instant to re-evaluate the business case for implementing a security countermeasure.
There is nothing wrong with terminating a security project. If a poker player had a strong hand in the beginning, but the flop shows that there is no point in continuing, it means that conditions have changed. Maybe engaging key stakeholders revealed that a certain risk is not that critical and the implementation costs might be too high. Feel free to pass. It is much better to cancel a security project rather than end up with a solution that is ineffective and costly. H owever, if poker players are sure that they are right, they have to be ready to defend their hand. In terms of security, it might mean
convincing the board of the importance of the countermeasure based on the rigorous cost-benefit analysis. Security professionals can still lose the game and the company might get breached, but at least they did everything in their power to proactively mitigate that. It doesn’t matter if poker players win or lose a particular hand as long as they make sound decisions that bring desired long-term results. Even the best poker player can’t win every hand. Similarly, security professionals can’t mitigate every security risk and implement all the possible countermeasures. To stay in the game, it is important to develop and follow a security strategy that will help to protect against ever-evolving threats in a cost-effective way.
Poker and Security by Leron Zinatullin
GCSEC - Global Cyber Security Center Viale Europa, 175 - 00144 Rome - Italy
http://www.gcsec.org