Malware Devil

Thursday, February 18, 2021

Oracle is Said to Help China Find Dissidents and Jail Minorities

Oracle Corp. stands accused of selling analytics to Chinese police forces that’s being used to hunt down political dissidents and lock up Uyghur Muslims.

The post Oracle is Said to Help China Find Dissidents and Jail Minorities appeared first on Security Boulevard.

The post Oracle is Said to Help China Find Dissidents and Jail Minorities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/oracle-is-said-to-help-china-find-dissidents-and-jail-minorities/?utm_source=rss&utm_medium=rss&utm_campaign=oracle-is-said-to-help-china-find-dissidents-and-jail-minorities

Kia Motors Hit With $20M Ransomware Attack – Report

So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publish sensitive data bits on the gang’s […]
Read More

The post Kia Motors Hit With $20M Ransomware Attack – Report appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/kia-motors-hit-with-20m-ransomware-attack-report/?utm_source=rss&utm_medium=rss&utm_campaign=kia-motors-hit-with-20m-ransomware-attack-report

2021-02-01 thru 2021-02-18 – Quick post: 46 malicious emails

The post 2021-02-01 thru 2021-02-18 – Quick post: 46 malicious emails appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/2021-02-01-thru-2021-02-18-quick-post-46-malicious-emails/?utm_source=rss&utm_medium=rss&utm_campaign=2021-02-01-thru-2021-02-18-quick-post-46-malicious-emails

Microsoft Azure Front Door Gets a Security Upgrade

New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.

The post Microsoft Azure Front Door Gets a Security Upgrade appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/microsoft-azure-front-door-gets-a-security-upgrade-2/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-azure-front-door-gets-a-security-upgrade-2

Microsoft Azure Front Door Gets a Security Upgrade

New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.

Microsoft today is launching Azure Front Door Standard and Premium in preview with two new SKUs that add threat detection, application security, and additional security protections to the content delivery network (CDN).

Azure already offers two edge networking tools: Azure Front Door, which focuses on global load-balancing and site acceleration, and Azure CDN Standard, which offers static content caching and acceleration. The new Azure Front Door brings together security with CDN technology for a cloud-based CDN with threat protection and additional capabilities.

These updates stem from Microsoft’s efforts to bring zero-trust principles to businesses using Azure network security tools, says Ann Johnson, Microsoft’s corporate vice president of Security, Compliance, and Identity (SCI) Business Development. Its zero-trust strategy has underpinned several initiatives as it believes this is how companies will become more secure.

Johnson uses three principles to describe zero trust, the first of which involves adopting explicit verification for every transaction during a session: “So not just verifying the human, but the device, the data, the location, if it’s an IoT device, the application – everything that happens in the session should be verified and anomalous behavior should be flagged,” she explains.

The second principle is ensuring least privilege access. Many organizations still provide too much privileged access to employees, Johnson says. One of the steps Microsoft is taking with its content and application delivery is implementing more controls around access.

The third principle: “Then, finally, assume you’ve been breached,” she says. Assumed breach is a topic the security industry has discussed for years, but with zero trust, they have to assume they have been breached, and that anything within the organization could potentially be breached.

These principles have grown essential as application-delivery networks undergo a massive transformation to the cloud, Johnson explains. The new capabilities in Azure Front Door aim to provide organizations with one platform that meets availability, scalability, and security needs.

The new Azure Front Door SKU offers both static and dynamic content acceleration, global load-balancing, SSL offload, domain and certificate management, improved traffic analytics, and basic security capabilities, Microsoft writes in a blog post. The Azure Front Door Premium SKU builds on these with more security capabilities: Web application firewall (WAF), bot protection, private link support, and integration with Microsoft threat intelligence and security analytics.

In addition to supporting all the features available via Azure CDN Standard, Azure Front Door, and Azure Web Application Firewall, the new standard and premium SKUs bring a few new capabilities, Microsoft officials write in a blog post. These include a simplified user experience, simplified management experience, and TLS certificate management: both standard and premium SKUs offer Azure managed TLS certificates by default for all custom domains at no additional cost. More details on the capabilities of standard and premium can be found here.

“I’m encouraging our customers to encrypt all their communication channels across the cloud and hybrid networks,” says Johnson. “This means they would need to secure user to app, and site to site, and we have leading encryption capabilities such as TLS within our VPN.”

A Proactive Approach

She notes today’s updates are not a reaction to attacker activity, but a proactive step given how businesses have transitioned to the cloud in recent years; especially in 2020. As Microsoft CEO Satya Nadella said last April, “We’ve seen two years’ worth of digital transformation in two months.”

“They’re moving a ton of apps … and they need to deliver them globally, at scale, and we want to make sure we can do that from an app delivery standpoint, and an API standpoint, or even a website standpoint in a secure manner.” The ability of Azure Front Door to combine security and CDN creates an opportunity to improve the way businesses deploy and secure content.

While there are cloud network security vendors with “a range of maturity in their solutions,” Johnson notes that everyone is playing “just a little bit of catchup” because businesses are moving to the cloud faster than many network security capabilities can be built. Some Microsoft customers say that even after the pandemic slows, they will keep roughly half of their employees at home, Johnson says.

“That just means they’re going to continue to operate in the way that they do,” she continues. “And that need to move so many applications so quickly to the cloud … really drove the need to improve solutioning in this space.”

Businesses that already subscribe to Microsoft’s network security capabilities, depending on which they have, will automatically be able to try the SKUs in preview. Those who don’t use Microsoft for CDN and some of these capabilities will need to subscribe, Johnson says.

This week Microsoft also announced Azure Firewall Premium is now available in preview, which is designed to provide next-gen firewall capabilities required for sensitive and regulated environments. This release brings capabilities including TLS inspection, a signature-based intrusion detection and prevention system (IDPS), URL filtering, and the ability for admins to filter outbound user access to the Internet based on specific Web categories. More details here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Strategies for Success with Digital Transformation

More Webcasts

White Papers

Sunburst: Impact and Timeline

The State of DevSecOps Report

More White Papers

Reports

Building an Effective Cybersecurity Incident Response Team

DNS Network Traffic Volumes During the 2020 Pandemic

More Reports

The post Microsoft Azure Front Door Gets a Security Upgrade appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/microsoft-azure-front-door-gets-a-security-upgrade/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-azure-front-door-gets-a-security-upgrade

Romance scams: FTC reveals $304 million of heartache

In 2020, reported losses to the FTC for romance scams went up by 50% from 2019, totalling $304 million. And things weren’t exactly good before: Romance scams have cost people a fortune for 3 years running, according to the FTC. Their latest report suggests a steady rise in these kind of scams generally and ponders the impact of the pandemic. If nobody can go out, it stands to reason that dating in the virtual world would experience a surge of interest.

Love is most definitely in the air for people up to no good.

Some key findings

Scams often begin on social media but are unexpected. Potential victims aren’t necessarily on a site for dating in the first place.
The use of gift cards for sending money to scammers increased 70%.
Reports of money lost increased across every age group in 2020.

Many of the old tricks are still in play, because they’re tried and tested. Throw enough of them out there and a scammer snags a bite eventually. It only takes one or two direct hits to make a small fortune. Meanwhile, people face losing huge sums of money which is often not recoverable.

Sending all my love…and my money

The report mentions many reports of large losses involve scammers claiming to send a victim money. Once the victim receives it, the scammer invents a reason why they need it sent back, or forwarded to a third party. This is how people end up as money mules. As we often mention, this is a bad situation to be in. While the mule ends up in various degrees of legal trouble, the anonymous scammer pulling the strings gets away with it.

It’s unfair, and very cruel for people who would naturally assume they’d done nothing wrong.

We see a variety of romance con-tricks involving requests to move funds. One we examined recently adds a small spin to proceedings. The scam works as follows:

The scammer connects with a victim on a dating app, and supplies photos and audio recordings.
After some small talk, the scammer says they want to send the victim some money. The scammer “can’t use their account” from their location, but they’re happy to give login details so the victim can do it themselves.
The scammer sends a link to a fake banking website where the victim is likely to be asked to complete a transaction, to increase their trust in the scammer, or for their own personal or banking details.

Gift cards: a wealth of opportunity

As mentioned already, gift cards are an attractive proposition for people up to no good. They’re easy to obtain and can be bought in small amounts. Unlike a few years back, they’re not limited to a narrow selection of items or stores. This is good for fakers, because they’re less likely to make victims feel like they’re being sent on a wild goose chase. They can pretty much buy anything and it’ll be of value to the scammer, either through usage or selling on. If gift cards are ever mentioned on dating apps or on social media, you’ve every right to be suspicious.

Steering victims away from the theoretical safety of their online space is a common tactic, not specific to dating scams. (Gaming scams will often take victims away from their gaming console ecosystem to third party sites, for example.) Romance scammers often try to lure people away from the dating apps where they met. This is good for the scammer, problematic for the victim: The digital paper trail becomes muddied, certain protections and safety mechanisms may not apply or be usable, and so on.

A trick of the eye

Catfishing romance scams use fictional personas that often rely on stolen images. People will use photos of models from different parts of the world, or pretend to be U.S. Army soldiers, or even celebrities, to get the job done. All they care about is grabbing the cash, and it doesn’t matter how much the victim on the other side of the screen is impacted.

To combat this, people should make use of reverse image search to see where else the images appear. AI generated images are also common in this realm though, so reverse image search is useful but not foolproof.

On a similar note, refusing to do video calls could be suspicious. They may simply be shy, but one would probably expect video for dating is a reasonable expectation a year into the pandemic.

Tips for avoiding romance scams

Attempts to get you away from the platform where you met, requests for cash, or requests for a lot of personal information / logins should set alarm bells ringing. Asking for money for a visa / travel, or sudden medical aid, should too. Sending scans of passport pages is also a bit unusual. Anything which goes from 0 to 60 in the blink of an eye or seems too good to be true should definitely cause you to be very careful.

Be sure to check out our tips for dating safety and security before you next delve into the world of digital dating. The last thing anybody needs right now is financial fallout caused by a bogus romantic interlude. The more you can reduce the odds of that happening, the better everyone using dating platforms will be for it. Let’s consign these fakers to the digital rubbish bin, where they belong.

The post Romance scams: FTC reveals $304 million of heartache appeared first on Malwarebytes Labs.

The post Romance scams: FTC reveals $304 million of heartache appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/romance-scams-ftc-reveals-304-million-of-heartache-2/?utm_source=rss&utm_medium=rss&utm_campaign=romance-scams-ftc-reveals-304-million-of-heartache-2

BSidesSF 2020 – Alethe Denis’s ‘Phishy Little Liars – Pretexts That Kill’

Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group’s BSidesSF 2020 Conference, and on the Organization’s YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 – 9, 2021 – with no cost to participate. Enjoy!

Permalink

The post BSidesSF 2020 – Alethe Denis’s ‘Phishy Little Liars – Pretexts That Kill’ appeared first on Security Boulevard.

The post BSidesSF 2020 – Alethe Denis’s ‘Phishy Little Liars – Pretexts That Kill’ appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/bsidessf-2020-alethe-deniss-phishy-little-liars-pretexts-that-kill/?utm_source=rss&utm_medium=rss&utm_campaign=bsidessf-2020-alethe-deniss-phishy-little-liars-pretexts-that-kill

The Rise of Software Supply Chain Attacks

Software supply chain attacks are back in the news. Last week, security researcher Alex Birsan executed a novel attack against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber by leveraging a design flaw in automated build and installation tools. Along with the recent SolarWinds breach, this most recent attack is renewing attention on software supply chain security.

What Is a Software Supply Chain Attack?

A software supply chain attack occurs when a malicious actor gains access to an organization’s system through malware installed on the software of a trusted third-party partner or provider.

In a software supply chain attack, Malicious actors infiltrate a legitimate application then change source code and hide malware in build and update processes with the intention of distributing that malware downstream automatically to a wider audience. In this type of attack, the original victim is not the final target, but rather a stepping stone to many other potential networks. The trusted vendor is unaware that they are sending malicious code to their customers.

These types of attacks work because they occur when users update software built by a vendor that they already have a relationship with and trust. When malicious code is installed on the target organization’s site, it runs with the same permissions as the trusted application. Depending on the popularity of the infected application, software supply chain attacks have the potential to reach a large number of victims.

The SolarWinds Breach

Perhaps the biggest breach of 2020 was a supply chain attack involving SolarWinds’ Orion platform, which monitors network performance, log files, storage, config files, databases, and more. A malicious actor – evidence points to hackers backed by Russian intelligence – injected malware into one of the Orion tools during the build process. That software update was then automatically distributed downstream to Orion customers, including Cisco, Intel, Nvidia, VMware, and numerous US federal government agencies.

This attack was successful and went unnoticed for months because the software update appeared to be legitimate. Updates were signed off by SolarWinds, and customers had no reason to suspect a compromise had occurred. The malware contained in the SolarWinds update opened a backdoor to infected systems, giving hackers access to the infrastructure of any company using the Orion platform. In the SolarWinds breach, the supply chain was the attack vector used to distribute the malware. SolarWinds’ customers, and not SolarWinds itself, were the intended targets.

The Dependency Confusion Breach

The most recent software supply chain attack was the work of researcher and ethical hacker Alex Birsan. In a nutshell, Birsan took advantage of a design flaw in the way open source systems handle dependencies to push malware into targeted systems.

It began when another researcher shared a manifest file, package.json, from an npm package used internally by PayPal. Birsan noticed PayPal’s file contained a mix of public npm and private dependencies. He surmised that the private package names were most likely hosted internally by PayPal because they did not exist in the public npm registry. Birsan wondered what would happen if malicious code was uploaded to npm under the private package names. Would PayPal’s internal projects start defaulting to the new (now malicious) public packages instead of the private ones?

The Main Application Security Technologies to Adopt in 2021 Download Free
Report

To test his theory, Birsan uploaded duplicate packages to open source repositories including PyPI, npm, and RubyGems. It turned out that if a dependency package used by an application existed in both a public open-source repository and a private build, the public package was given priority and was pulled instead – without requiring any action from the developer. Birsan also realized that in some cases, packages with higher version numbers would be prioritized regardless of whether they were public or private. This allowed Birsan to launch a supply chain attack against multiple high-profile enterprises.

One way to think about this attack is to imagine you’re shopping for cereal. You’re in the grocery store aisle and you reach for your favorite – a box of Lucky Loops in its signature purple box. You toss the box in your cart and head on down to the milk cooler without a second thought. You don’t open the box to check that it actually contains those sweet and crunchy green cereal loops. You just assume it does. Now imagine you get home, open the box, and discover that it contains muesli. This is essentially what is happening in this supply chain attack. Birsan uploaded packages that looked the same on the outside, but contained malware on the inside. Automated build and update tools are designed to look only at the packaging. They’re not looking inside to check the contents of the box.

Dependency confusion where the package looks the same but the contents are different.

It should be noted that Birsan uploaded these packages from his own account with the disclaimer, “This package is meant for security research purposes and does not contain any useful code.” For his efforts, Birsan earned USD 130,000 from four different bug bounty programs.

The Impact of New Attack Vectors on Open Source

Though Alex Birsan’s software supply chain attack involves open source repositories, it is not directly related to open source code. The attack was more about exploiting how automated build or installation tools install dependencies.

Despite the attention and subsequent fixes raised by these recent breaches, software supply chain attacks are expected to grow, especially on open source platforms still struggling to deal with issues like dependency confusion. Thankfully, malicious open source packages are far less common than accidental open source security vulnerabilities, which are disclosed and announced publicly, usually along with a fix.

As the saying goes, an ounce of prevention is worth a pound of cure. To that end, Microsoft published a white paper that details three ways to prevent this type of breach, which the company calls a substitution attack:

Reference one private feed, not multiple
Protect your packages using controlled scopes
Utilize client-side verification features

The software we use today has become a mix of proprietary, third party, and open source. While we understand the security risks associated with each on their own – and do our best to prevent vulnerabilities through extensive security scanning and testing – we have not yet learned enough about the risks that come with this hybrid approach to software. Until we learn more about the risks inherent to today’s complex software ecosystems, novel attacks will continue to surface.

The post The Rise of Software Supply Chain Attacks appeared first on Security Boulevard.

The post The Rise of Software Supply Chain Attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/02/18/the-rise-of-software-supply-chain-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=the-rise-of-software-supply-chain-attacks