Cyber Security Predictions: 2019 and Beyond

By: Dr.Hugh Thompson - Steve Trilling

As you think about how to deploy in advance of a new year of cyber threats, here are the trends and activities most likely to affect your organization

In anticipating the major cyber security and privacy trends for the coming year, you can find plenty of clues in the events of the past 12 months. Among the now familiar forms of attack, cyber hacks of major corporate systems and websites continued in 2018 and will inevitably be part of the 2019 cyber security scene. Many well-known organizations around the world suffered significant breaches this year. The single largest potential data leak, affecting marketing and data aggregation firm Exactis, involved the exposure of a database that contained nearly 340 million personal information records.

Beyond all-too-common corporate attacks, 2018 saw accelerated threat activity across a diverse range of targets and victims. In the social networking realm, Facebook estimated that hackers stole user information from nearly 30 million people. A growing assortment of nation-states used cyber probes and attacks to access everything from corporate secrets to sensitive government and infrastructure systems. At the personal level, a breach into Under Armour’s MyFitnessPal health tracker accounts resulted in the theft of private data from an estimated 150 million people.

So, what can we expect on the cyber security front in the coming year? Here are some of the trends and activities most likely to affect organizations, governments, and individuals in 2019 and beyond.

Attackers Will Exploit Artificial Intelligence (AI) Systems and Use AI to Aid Assaults

The long-awaited commercial promise of AI has begun to materialize in recent years, with AI-powered systems already in use in many areas of business operations. Even as these systems helpfully automate manual tasks and enhance decision making and other human activities, they also emerge as promising attack targets, as many AI systems are home to massive amounts of data.

In addition, researchers have grown increasingly concerned about the susceptibility of these systems to malicious input that can corrupt their logic and affect their operations. The fragility of some AI technologies will become a growing concern in 2019. In some ways, the emergence of critical AI systems as attack targets will start to mirror the sequence seen 20 years ago with the internet, which rapidly drew the attention of cyber criminals and hackers, especially following the explosion of internet-based eCommerce.

Attackers won’t just target AI systems, they will enlist AI techniques themselves to supercharge their own criminal activities. Automated systems powered by AI could probe networks and systems searching for undiscovered vulnerabilities that could be exploited. AI could also be used to make phishing and other social engineering attacks even more sophisticated by creating extremely realistic video and audio or well-crafted emails designed to fool targeted individuals.  AI could also be used to launch realistic disinformation campaigns.  For example, imagine a fake AI-created, realistic video of a company CEO announcing a large financial loss, a major security breach, or other major news.  Widespread release of such a fake video could have a significant impact on the company before the true facts are understood.

And just as we see attack toolkits available for sale online, making it relatively easy for attackers to generate new threats, we’re certain to eventually see AI-powered attack tools that can give even petty criminals the ability to launch sophisticated targeted attacks. With such tools automating the creation of highly personalized attacks–attacks that have been labor-intensive and costly in the past–such AI-powered toolkits could make the marginal cost of crafting each additional targeted attack essentially be zero.

More: https://www.symantec.com/blogs/feature-stories/cyber-security-predictions-2019-and-beyond

New Shamoon Malware Variant Targets Italian Oil and Gas Company

By: Swati Khandelwal

Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia’s largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East.

Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, including Saudi Arabia, the United Arab Emirates and Kuwait, but also in India and Scotland.

Saipem admitted Wednesday that the computer virus used in the latest cyber attack against its servers is a variant Shamoon—a disk wiping malware that was used in the most damaging cyber attacks in history against Saudi Aramco and RasGas Co Ltd and destroyed data on more than 30,000 systems.

The cyber attack against Saudi Aramco, who is the biggest customer of Saipem, was attributed to Iran, but it is unclear who is behind the latest cyber attacks against Saipem.

Meanwhile, Chronicle, Google’s cybersecurity subsidiary, has also discovered a file containing Shamoon sample that was uploaded to VirusTotal file analyzing service on 10th December (the very same day Saipem was attacked) from an IP address in Italy, where Saipem is headquartered.

However, the Chronicle was not sure who created the newly discovered Shamoon samples or who uploaded them to the virus scanning site.

More: https://thehackernews.com/2018/12/shamoon-malware-attack.html?m=1

América Latina registra 3,7 milhões de ataques de malware por dia, afirma Kaspersky Lab

By: TI Inside Online

A Kaspersky Lab registrou um aumento de 14,5% nos ataques de malware durante os últimos 12 meses na América Latina em relação a 2017– o que significa uma média de 3,7 milhões de ataques diários e mais de 1 bilhão no ano. Entre os países que registraram maior crescimento, a Argentina está no primeiro lugar com um aumento de 62%, seguido pelo Peru (39%) e México (35%). “Os resultados mostram que toda a região tem experimentado uma quantidade considerável de ciberameaças, com a grande maioria concentrada em roubo de dinheiro”, destaca Fabio Assolini, analista sênior de segurança da Kaspersky Lab.

Além dos malware, a Kaspersky Lab bloqueou mais de 70 milhões de ataques de phishing na América Latina entre novembro de 2017 e novembro de 2018; a média de ataques diário é de 192 mil, representando um crescimento de 115% quando comparado com o período anterior (novembro/2016 até novembro/2017). O ranking dos países mais atacados por phishing está diferente neste ano: o Brasil perdeu a liderança e agora figura em terceiro lugar no ranking, com um aumento de 110%. O México (120%) está na primeira posição e a Colômbia (118%) em segundo lugar.

Phishing e vulnerabilidade

O aumento constante dos números de ataques de phishing é uma das principais razões de comprometimento de contas. Isso porque, os usuários que clicam em links suspeitos, por muitas vezes, fornecem informações pessoais e logins de acesso. As violações de dados têm se tornado comuns e preocupantes, já que as pessoas revelam não apenas uma grande quantidade de informações sobre elas mesmas, mas também informam detalhes do cartão de crédito e conta corrente. Em posse destes, violações e acessos não-autorizados são os menores dos problemas, o maior deles serão os danos financeiros, pois a primeira coisa que o cibercriminoso fará será tentar efetuar compras em nome da vítima.

“Tipos de incidentes assim servem como um grande passo para que algumas mudanças importantes nas políticas de privacidade e no comportamento das pessoas sejam feitas em relação aos dados que são compartilhados”, diz Assolini. “É muito comum que os usuários utilizem as mesmas senhas para diferentes sites e o cibercriminoso testará a combinação em todos os serviços e redes sociais mais populares. Ao ter informações vazadas, a primeira e mais importante ação que deve ser feita é a troca das senhas em outros logins – mesmo que este não tenha sido comprometido.”

Países

Por mais que Argentina, Brasil, Chile, Colômbia, México e Peru façam parte da América Latina e sejam visados por diferentes cibercriminosos, é preciso entender que os golpes têm se desenvolvido de maneiras distintas em cada país. Na Argentina, o caso Prilex voltou à tona quando um turista viajou ao Brasil e teve seu cartão de crédito clonado. “A primeira vez que identificamos esse grupo foi em um ataque à caixas eletrônicos direcionado aos bancos, principalmente no território brasileiro. Posteriormente, o grupo migrou seus esforços para sistemas de pontos de venda desenvolvidos por fornecedores brasileiros, clonando cartões de crédito, o que permitia a criação de um novo golpe totalmente funcional, habilitado inclusive para transações protegidas por chip e senha”, explica Assolini.

Redes sociais, nuvem e celulares serão os principais alvos do cibercrime em 2019

By: TI Inside Online

Em seu Relatório de Previsões de Ameaças para 2019, a McAfee, empresa de segurança cibernética, identificou as principais ameaças virtuais para o próximo ano. Os pesquisadores preveem o aumento de malware como serviço, o mercado de terceirização de ataques e a evolução dessas ameaças, cada vez mais inovadoras e ágeis. Além disso, dados corporativos, eletrodomésticos de IoT e a reputação de marcas estarão em risco, já que os criminosos cibernéticos usarão amplamente as redes sociais, a nuvem e celulares como principais focos de ataque.

Confira abaixo as principais previsões para 2019:

Roubo de dados na nuvem

A McAfee prevê um aumento considerável no número de ataques de grandes volumes de dados corporativos, armazenados na nuvem. Até 21% do conteúdo atualmente gerenciado na nuvem inclui materiais confidenciais como propriedade intelectual, dados de clientes e informações pessoais. Os possíveis cenários incluem ataques nativos tendo como alvo APIs vulneráveis ou endpoints de API não governados, roubo em bancos de dados bem como o uso da nuvem como um “trampolim” para ataques de interceptação ou de ransomware ou cryptojacking (mineração de criptomoedas).

Criminosos unidos

Os criminosos, com diferentes experiência e conhecimentos, estão se unindo para vender componentes de ataques modulares, fortalecendo o mercado de malware e realizando ataques bem-sucedidos com maior facilidade. As quadrilhas cibernéticas tendem a se associar com crimes de lavagem de dinheiro, técnicas de evasão e explorações de vulnerabilidades. Deverá haver um aumento no número de malwares móveis, botnets, fraudes bancárias e ransomwares.

 Ataques simplificados

À medida que a segurança vem sendo reforçada, os criminosos precisam ser cada vez mais criativos. A disponibilidade de componentes de ataque modulares no mercado clandestino deverá permitir que os atacantes combinem e readaptem táticas e tecnologias tradicionais para atingir novos objetivos.

Mais:  http://tiinside.com.br/tiinside/seguranca/mercado-seguranca/07/12/2018/

10 cyber security trends to look out for in 2019

By: Nick Ismail

What cyber security trends and issues can the world expect in 2018: more stringent regulation, creations of new roles?

2018 was an interesting year for all things cyber.

It was the year that brought major breaches pretty much every week. Most recently, the Marriott Hotel group suffered a significant data breach, while Quora fell foul to some cyber criminals.

Cyber security is still the issue on every business leaders mind.

This year, organisations have had to get their house in order with GDPR, amongst others, coming into force on 25 May. The stakes for protecting your organisation from cyber threats have never been higher.

So, what can we expect to see in 2019 then? Here are some things to consider.

Cyber security regulations improvement

We need to see a continuing improvement in the relevant regulations as apply to cyber security.

The dynamic and fast-moving nature of cyber security outpaces regulation which is far too slow and clumsy to be of any benefit and might actually hinder security by building a culture of compliance with regulations and a false sense of security against enemies who are agile, motivated, and clever.

Data theft turning into data manipulation

We can expect to see attackers changing their methodology from pure data theft and website hacking to attacking data integrity itself.

 This type of attack, in comparison to a straightforward theft of data, will serve to cause long-term, reputational damage to individuals or groups by getting people to question the integrity of the data in question.

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

By: Swati Khandelwal

Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution.

The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute arbitrary code on the targeted computer and eventually gain full control over the system.

The newly discovered Flash Player zero-day exploit was spotted last week by researchers inside malicious Microsoft Office documents, which were submitted to online multi-engine malware scanning service VirusTotal from a Ukrainian IP address.

The maliciously crafted Microsoft Office documents contain an embedded Flash Active X control in its header that renders when the targeted user opens it, causing exploitation of the reported Flash player vulnerability.

According to cybersecurity researchers, neither the Microsoft Office file (22.docx) nor the Flash exploit (inside it) itself contain the final payload to take control over the system.

Instead, the final payload is hiding inside an image file (scan042.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive which is then distributed through spear-phishing emails, as shown in the video below:

More: https://thehackernews.com/2018/12/flash-player-vulnerability.html

 

Sua opinião é realmente sua?

By: Renato Rosa

Já não é novidade o funcionamento dos algoritmos responsáveis pelos parâmetros de entrega de conteúdos e conexões das redes sociais. Teoricamente, os conteúdos sociais que temos acesso são favoráveis à nossa opinião e, de certa forma, nos poupa tempo de busca por uma melhor experiência social. Não apenas conteúdos, mas assuntos, marcas e até posicionamentos políticos são priorizados em meio a um número quase indigesto de posts e mídias entregues por um feed social.

Desconsiderando os impactos provenientes de uma eventual polarização partidária, eventuais bolhas de opinião e clusterizações de audiência desses ambientes, o problema começa a ficar mais evidente quanto essa mesma lógica atinge o mercado de consumo – saindo das redes sociais.

Aquela dúvida que acaba surgindo quando você busca uma passagem aérea e, a partir da segunda consulta pelo mesmo trecho – mesmo que em outro site – aparenta a ter um preço consideravelmente mais alto. Aquele produto que você visualizou com um clique no Instagram ganha prioridade em um e-commerce por um preço questionável. O contato que você adicionou no telefone começa a aparecer como uma sugestão de amizade em uma rede social.

Tudo isso faz parte de uma estrutura de dados interligados sobre você, seus gostos, preferências e características sociais, compartilhado por grandes players da indústria do consumo, comunicação e marketing digital.

Até agora nada é novidade, mas começa a ser quando você consegue perceber que as opções que você tem para tomar uma determinada decisão não representam efetivamente todo o espectro possível. Isto é, sua opinião é determinada pelo que você recebe de informações. Se o universo o qual você é exposto é limitado, você tecnicamente está sendo manipulado.

Baseado na teoria de que conhecimento é liberdade – e você acredita conhecer todas as opções para tomar uma determinada decisão – você possui uma liberdade restrita às camadas informação entregues à você. Logo, o maior problema não é você não ser livre, mas acreditar ser, o que garante que você nunca buscará a liberdade.

Mais: http://tiinside.com.br/tiinside/services/02/12/2018/sua-opiniao-e-realmente-sua/?noticiario=TI

Vulnerability Found in Cisco Webex Meetings

By: Kacy Zurkus

A security researcher has discovered a vulnerability in an elevation of privilege in the update service of the Cisco Webex Meeting application. The update service fails to properly validate user-supplied parameters, according to SecureAuth.

The vulnerability was discovered by Marcos Accossatto from SecureAuth exploits’ writers team, and the release of today’s vulnerability advisory was a coordinated effort between SecureAuth and Cisco. Reportedly used by millions of people each month, the video conferencing product’s flaw (CVE-2018-15442) impacts code execution in Cisco Webex Meetings v33.6.2.16 and likely affects older versions as well, though they were not checked.

With a common weakness enumeration (CWE-78) classified as OS command injection, the vulnerability could allow an unprivileged local attacker to run arbitrary commands with system user privileges by invoking the update service command with a crafted argument, according to the advisory.

In the privilege escalation proof of concept (PoC), the researcher wrote: “The vulnerability can be exploited by copying to an a local attacker controller folder, the ptUpdate.exe binary. Also, a malicious dll must be placed in the same folder, named wbxtrace.dll. To gain privileges, the attacker must start the service with the command line: sc start webexservice install software-update 1 ‘attacker-controlled-path’ (if the parameter 1 doesn’t work, then 2 should be used).”

While the video conferencing provider had fixed this vulnerability last month, Accossatto was reportedly able to bypass that fix using DLL hijacking. Cisco’s Webex Meetings has now released a new patch and updated its previous security notice.

More: https://www.infosecurity-magazine.com/news/vulnerability

Gartner Lists Top 10 Strategic IoT Technologies, Trends Through 2023

By: Chris Preimesberger

At its symposium and IT expo Nov. 7 in Barcelona, Spain, IT researcher and market analyst Gartner announced what it sees as the most important strategic internet of things (IoT) technology trends that will drive digital business innovation from now through 2023.

“The IoT will continue to deliver new opportunities for digital business innovation for the next decade, many of which will be enabled by new or improved technologies,” Nick Jones, research vice president at Gartner, said in a media advisory. “CIOs who master innovative IoT trends have the opportunity to lead digital innovation in their business.”

In addition, CIOs must obtain the necessary skills and partners to support key emerging IoT trends and technologies because by 2023 most CIO will be responsible for more than three times as many endpoints as they were this year, the researcher said.

Analysts discussed how CIOs can lead their businesses to discover IoT opportunities and make IoT projects a success during Gartner Symposium/ITxpo, which is taking place in Barcelona through Nov. 8.

Following is Gartner’s list of the 10 most strategic IoT technologies and trends that it expects will enable new revenue streams and business models during the next five years.

Trend No. 1: Trusted

Gartner forecasts that 14.2 billion connected things will be in use in 2019, and that the total will reach 25 billion by 2021, producing an immense volume of data. “Data is the fuel that powers the IoT, and the organization’s ability to derive meaning from it will define their long-term success,” said Nick Jones, research vice president at Gartner. “AI will be applied to a wide range of IoT information, including video, still images, speech, network traffic activity and sensor data.”

The technology landscape for AI is complex and will remain so through 2023, with many IT vendors investing heavily in AI, variants of AI coexisting, and new AI-based tolls and services emerging. Despite this complexity, it will be possible to achieve good results with AI in a wide range of IoT situations. As a result, CIOs must build an organization with the tools and skills to exploit AI in their IoT strategy.

More: https://www.itpro.co.uk/data-breaches/32393/attackers-steal-credit-card-details-in-vision-direct-data-breach