It’s time for our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from Q4 2020. We’ll also update you on our own index that tracks public security companies called, Security Weekly 25.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
In video games jargon, the phrase “Console Wars” refers to the fierce competition between hardware manufacturers for market share. It turns out, however, that the only war going on at the moment is for acquiring a console. And thus far, Grinch Bots are winning. Video Games’ Popularity Is Peaking Throughout The Pandemic Data from Nielsen […]
Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed.
And the Fonix ransomware (also known as FonixCrypter and Xinof), one of those ransomware-as-a-service (RaaS) offerings, is the latest to join the club.
Fonix was first observed in mid-2020, but it only started turning heads around September-October of that year. Believed to be of Iranian origin, it is known to use four methods of encryption—AES, Salsa20, ChaCha, and RSA—but because it encrypts all non-critical system files, it’s slower compared to other RaaS offerings.
Encrypted files usually bear the .FONIX and .XINOF (Fonix spelled backwards) file extensions; however, the .repter extension was also used. The Desktop wallpaper of affected system is changed to the Fonix logo.
A variant of the Fonix ransomware note displayed to victims (Courtesy of Malware Intelligence Analyst Marcelo Rivero)
The same account that announced the end of Fonix later tweeted an apology:
Project started only because of bad economical situation. But this work wasn’t thing my heart wants. Now after closing Project i can sleep with be feeling guilty. No one else will encrypted with my ransomware and i feel better now.
Regards.
At least we have Special apology for all infected systems users.
To make up for our mistakes , We will launch a malware analyze website soon To use our abilities in positive ways.
“We cannot despair of humanity, Since we ourselves are human begins”
That promise came in the form of the master decryption keys needed to decrypt .FONIX and .XINOF files, and an administration tool, which can only decrypt one file at a time. Cautious readers may want to wait for more useful decryption tools, written by more legitimate organisations, before trusting code released by known cybercriminals.
This isn’t the first time a ransomware group has displayed a conscience—that is assuming we take their word they will continue to “use our abilities in positive ways”. In 2018, developers of the GandCrab ransomware, another RaaS that also made a public announcement of shutting down its operations in mid-2019, made a U-turn and released decryption keys for all its victims in Syria after a Syrian father took to Twitter to plead with them. GandCrab had infected his system and encrypted photos of his two sons who had been taken by the war.
In 2016, when TeslaCrypt made an exit from the RaaS scene, a security researcher reached out to its developers and asked if they would release the encryption keys. They did release the master key that helps decrypt affected systems for free.
It remains to be seen if the Fonix gang will keep their word. If some or all of them change their minds and go back to a life of crime, they wouldn’t be the first ransomware gang to do so. Any ransomware group packing up and leaving is good news. However, while Fonix appears to have left the building, it was only one small player in a vast criminal ecosystem. The threat of ransomware remains.
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.
An increase in physical security incidents since the start of the COVID-19 pandemic may be adding to IT security teams’ workloads at many organizations.
In a recent survey by Pro-Vigil, a provider of remote video-monitoring services, nearly 20% of 124 business operations leaders surveyed said their organizations had experienced more physical security incidents than the prior year. One-third said they believed they will see an increase in these incidents in 2021.
Concerns over physical security has prompted 40% of the organizations in the survey to make changes to their security strategy, including an increas in their use of video cameras and security guards, since the start of the pandemic.
Jeremy White, founder of Pro-Vigil, says some of the changes on the physical security front have a direct impact on IT security teams as well.
“The more physical security that we deploy, the greater the need for cybersecurity,” he says.
Organizations are aware of the cyber-risks associated with the digital technologies that are increasingly being deployed for physical security and often have strict IT security requirements when deploying them, White says.
“IT security organizations are primarily responsible these days for the deployment and management of not only digital camera systems, but also IP-based access control and many other related products and services,” he says.
Pro-Vigil’s findings are similar to those of a study the Ontic Center for Protective Intelligence commissioned last year. The latter study found many organizations were planning to increase budgets for physical security in 2021 because of COVID-19-related concerns. Forty-three percent of the respondents in the Ontic commissioned study said keeping remote employees safe was a challenge, and 36% said the same of their ability to secure physical access to corporate data. Thirty-five percent expressed concern over reduced physical security headcount as a result of the economy, 33% said managing physical threat data was a challenge, and 32% were worried about physical security threats to company leadership and members of the C-suite.
The Ontic survey also revealed a high-level of concern over threats to business continuity from physical security breaches. Sixty-nine percent of respondents said they expected their organizations would experience irrecoverable financial and reputational damage if a fatality were to occur as the result of a missed security threat. Just as with cybersecurity, 39% of the respondents in Ontic’s study said COVID-19 had caused them to accelerate plans to modernize their physical security capabilities. Ninety-one percent felt that a technology-driven industry standard was essential for identifying, investigating, and managing physical security issues.
White says IT teams often have control over the procurement of physical security. As a result, there is a growing need for the IT and physical security teams to work hand-in-hand to ensure physical security technologies are deployed correctly and operate efficiently.
“It’s a shift from physical security management in the past,” he notes. “As physical security has shifted from an analog offering into a more advanced IP-based or digital solution, the greater the requirement for both physical security to learn more about IT and for IT to learn more about physical security.”
The convergence between IT and physical security has been in the making for several years, but it has accelerated recently due to the adoption of the Internet of Things (IoT) and increasingly sophisticated industrial IoT devices at many organizations. Nearly half of the respondents in the Pro-Vigil study, for instance, said they are using modern digital video systems with artificial intelligence (AI) for object recognition.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), the trend has “led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security.”
According to the agency, an organization’s cyber and physical assets together represent a significant risk. “Each can be targeted, separately or simultaneously, to result in compromised systems and/or infrastructure,” it says.
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio
This week in the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
@SwiftOnSecurity is a driving force for many cool ideas and one of them brought this looong thread about great tools people use to life. I bookmarked it and I recommend you doing so too.
One of the tools that caught my eye in that thread is DocFetcher. As per the web site:
DocFetcher is an Open Source desktop search application: It allows you to search the contents of files on your computer. — You can think of it as Google for your local files. The application runs on Windows, Linux and OS X, and is made available under the Eclipse Public License.
Sounds cool. been looking for something like this for ages. If you are a hoarder like me, you must have tones of docs in many formats all over the place and grepping through it is tiring. I always wanted to clean it up a bit, so learning about this tool was a a great opportunity to give both cleanup and the tool a try.
I ended up not liking this tool at all! It does its job and provides you a way to search through all these indexed documents, but somehow the usability factor is just not there
After installing it, and seeing it in action I now like it quite a lot.
Why?
It can index lots of files for you and in many different formats (.pdf, .doc, .xls, .epub, .mobi, .txt, etc.)
The UI is simple, but very “result-oriented” (see below)
As you type queries, they nicely autocomplete:
You can run advanced queries:
It presents results in a way that is customizable – you can modify the HTML-driven results page — in the example below I added <hr> and changed icons’ sizes to be smaller, as well as the font to be more readable
You probably noticed it shows you snippets of text as well.
When you open a doc of your choice, it will highlight the findings in the doc:
Now, you may be asking yourself why did I mention Threat Intelligence Analysts in the title.
Well, we all use search engines and it’s easier to just go and Google stuff. However, not all the stuff that is searchable is on the Internet. For instance, documents shared privately, customer reports, documents under NDA/TLP;RED;, etc. will not make it to the Internet (hopefully). Having a tool at hand that can index these documents in so many different formats and make them searchable in an instant makes it a very desirable tool for any report reader. That’s pretty much all of us in the infosec at this stage – we are all Threat Intel Analysts.
Many thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s BSidesSF 2020, and on the DEF CONYouTube channel. Additionally, the BSidesSF 2021 will take place on March 6 – 9, 2021 – with no cost to participate. Enjoy!
This week, we start off the show with our quarterly segment to review the money of security, and then we round out the show with a special news segment about how WallStreetBets ‘Hacked’ The Hedge Funds!
→Full Show Notes: https://securityweekly.com/bsw204
→Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
Hello there, and welcome back! If you’re just now tuning in, I’ve decided to do a collection of blog posts on what I think are going to be major cybersecurity topics this coming year. In the first blog post, I introduced you to what a supply chain attack is, why it’s such a big […]
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
2/1/2021
01:35 PM
How confident are you in your security team’s ability to protect your organization from phishing?
The Edge is Dark Reading’s home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio
Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. The below demonstrates how the attack was executed.
via the textual amusements of Thomas Gx, along with the Illustration talents of Etienne Issartia and superb translation skillset of Mark Nightingale – the creators of CommitStrip!
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
New month, new chance to get those creative wheels turning as The Edge presents a brand new cartoon caption contest.
We can sense that you’re already thinking … Submit your caption in the Comments section (below), and our editors will reward the winner with a $25 Amazon gift card. Second-place winner will receive a $10 Amazon gift card.
The contest ends Thursday, Feb. 18, 2021. If you don’t want to enter a caption, please help us pick a winner by voting on the submissions. Click thumbs-up for those you find funny and thumbs-down for those not so much. Editorial comments are encouraged and welcome.
John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron’s, and The Wall Street Journal.
Web site: … View Full Bio
In episode 158: Cybersecurity researchers targeted by North Korean hackers, Apple patches three iOS zero-day exploits, and details on Google’s Federated Learning of Cohorts (FLoC) which may one day replace third-party cookie tracking. ** Links mentioned on the show ** Check out these recent popular episodes! https://sharedsecurity.net/2021/01/28/tanya-janca-ceo-and-founder-we-hack-purple/ https://sharedsecurity.net/2021/01/18/the-capital-riot-first-amendment-and-deplatforming-cybersecurity-lessons-learned/ New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple […]
Toward the end of 2020, law enforcement agencies from a multi-country task force seized the web domains and server infrastructure of three virtual private network (VPN) services that provided a safe haven for cybercriminals. The services in question had been active for more than a decade, and were extensively advertised on both Russian- and English-speaking..
Be the first to post a comment regarding this story.