Pete Recommends Weekly highlights on cyber security issues, March 20, 2022

Subject: Report: Cybersecurity teams need nearly 100 days to develop threat defenses
Source: VentureBeat

A recent analysis by Immersive Labs of 35,000 cybersecurity team members inside 400 large organizations found that it takes over three months (96 days) on average to develop the knowledge, skills and judgment to defend against breaking threats. One particular breaking threat took, on average, more than six months (204 days) to master, causing concerns for organizations that are forced into swift action.

However, the frequency in which organizations conduct cybersecurity crisis exercises varies significantly across sectors. An analysis of 6,400 crisis response decisions shows that technology and financial services companies prepare the most for cyberattacks, running nine and seven exercises per year respectively. On the other hand, critical national infrastructure organizations prepare the least, with just one exercise per year.

Immersive Labs’ Cyber Workforce Benchmark report analyzed cyber knowledge, skills and judgment from over half a million exercises and simulations run by more than 2,100 organizations in the last 18 months. These were broken down to understand the workforce cyber capabilities of cybersecurity, application security and crisis response teams.

Subject: Find Out How Fast Hackers Could Crack Your Password

The primary takeaway from this research should be length. As long as your password isn’t all numbers and is longer than 14 characters, it will take at least four years for a hacker to access your account. And hey, if you’ve got it in you to create an 18-characer password with numbers, special characters, and upper and lowercase letters, you’ll be able to keep hackers at bay for a cool 438 trillion years.

At this point, though, the average user has more than 100 passwords, so remembering all of them seems like an unreasonable request. Fortunately, tools like password managers are designed to keep your accounts varied while providing you with an easy means of accessing them. Take a look at the password manager table below to get a good idea of what’s out there for you.

Subject: NFTs Don’t Work the Way You Might Think They Do
Source: WIRED

We bust the biggest misconceptions about what “minting” actually means.It’s been impossible to avoid hearing about NFTs in recent months. Hype for the tokens—pitched as proof of ownership of a digital item—has reached a fever pitch, while billions of dollars have poured into the market for them. To some, these non-fungible tokens are the hottest new collectible hobby, to others a powerful investment tool, and still more, they’re the future of the internet.The reality is, as always, more complex. In their current state, NFTs aren’t actually capable of doing much of what they’re often claimed to do. The extremely technical nature of how NFTs, blockchains, and cryptocurrencies work means that it’s easy to simplify the explanation of the tech to the point of being misleading.

Explaining the problems with NFTs is complicated, but we’re going to try to break down the issues as succinctly as we can. We have to tackle this with the understanding that no explanation, no matter how in-depth, can ever be totally comprehensive. With that in mind, there are some misconceptions about NFTs that are worth clearing up.


Subject: Android malware Escobar steals your Google Authenticator MFA codes
Source: Bleeping Computer

The Aberebot Android banking trojan has returned under the name ‘Escobar’ with new features, including stealing Google Authenticator multi-factor authentication codes.The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims’ bank accounts, siphon available balances, and perform unauthorized transactions.

Rebranded as Escobar – Using KELA‘s cyber-intelligence DARKBEAST platform, BleepingComputer found a forum post on a Russian-speaking hacking forum from February 2022 where the Aberebot developer promotes their new version under the name ‘Escobar Bot Android Banking Trojan.’


Subject: Ukraine reportedly adopts Clearview AI to track Russian invaders
Source: ZDNet

On March 13, Reuters reported that the Ministry of Defence of Ukraine had adopted the firm’s facial recognition engine.Clearview CEO Hoan Ton-That offered the US company’s assistance to Kyiv, and according to the news outlet, the AI tech is being used to “potentially vet people of interest at checkpoints, among other uses,” for free.

The startup has not offered the same to Russia, of which President Putin calls the war a “special military operation.”

Clearview offers facial recognition technologies to law enforcement for criminal investigations. The US Patent and Trademark Office (USPTO) awarded the company a patent in January for using publicly-available data — including mugshots, social media profiles, and news sites — to match “similar photos using its proprietary facial recognition algorithm.”

Topic: Security

Subject: Leaks reveal the surprisingly mundane reality of working for a ransomware gang
Source: ZDNet

A choice of office-based, hybrid or remote work, a human resources team with a strict hiring process, performance reviews, career progression and bonuses – it all sounds like the standard set up at any software development team.But these aren’t the working conditions at a software company, but instead at Conti, a major ransomware group responsible for a string of high-profile incidents around the world, including cyber attacks which have disrupted businesses, hospitals, government agencies and more.

Last month, Conti, which many cybersecurity experts believes operate out of Russia, came out in support of the Russian invasion of Ukraine. This annoyed someone who then leaked months of Conti’s internal chat logs, providing inside information on the day-to-day operations of one of the most prolific ransomware operations on the planet.

And while Conti’s actions – hacking into networks, encrypting files and demanding ransom payments of millions for a decryption key – could have a dramatic impact on the organisations that fall victim, the leaks paint a relatively mundane picture of an organisation with coders, testers, system admistrations, HR personnel and other staff.

The researchers were able to identify a range of different job roles across the organisation from the HR team responsible for making new hires, to the malware coders, testers, ‘crypters’ who work on code obfuscation, sysadmins who build the attack infrastructure as well as the gang’s offensive team who aim to turn a breach into a full capture of the targeted network – and the negotiation staff who try to make a deal with the victims.


Topic: Security

Subject: 2021 mobile security: Android more vulnerabilities, iOS more zero-days
Source: Bleeping Compuer’

Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what’s coming in 2022.In general, the focus of malicious actors on mobile platforms has increased compared to previous years, mainly due to the push of the global workforce to remote working.

This focus manifested in more significant malware distribution volumes, phishing and smishing attacks, and more efforts to discover and leverage zero-day exploits.

Zero-day vulnerabilities are publicly disclosed or actively exploited bugs with no fixes available from the vendor or developers. As it is vital to fix zero-day bugs, vendors typically rush to release security updates once they are disclosed.

However, according to Zimperium’s client stats and a survey conducted for the report, only about 42% of people working in BYOD (bring your own device) environments applied high-priority fixes within two days from their release.

Roughly one-third required up to a week, while a significant 20% hadn’t patched their mobile devices before reaching the two-week mark.

Zimperium also analyzed the most popular apps in financial, healthcare, retail, and lifestyle categories on Google Play Store and the Apple App Store. The conclusion is that apps are points of significant security liability for mobile devices.

Subject: FCC seeks comments on internet traffic routing risks
Source: FCW

The Border Gateway Protocol traffic routing system dates back to an era of high trust between networks on the internet but now poses risks.The Federal Communications Commission is seeking comment on vulnerabilities in the border gateway protocol (BGP) used to route internet traffic between networks.
The notice, published on March 11 in the Federal Register, makes note of Russia’s invasion of Ukraine and describes the risk to global communications potentially posed by the use of BGP.”BGP’s initial design, which remains widely deployed today, does not include security features to ensure trust in the information that it is used to exchange,” the FCC states. “BGP was designed at a time when the number of independently managed networks on the internet was low and the trust among them was high.”

The FCC’s Communications Security, Reliability, and Interoperability Council has previously issued recommendations on BGP security, including the use of a specialized public key infrastructure to whitelist ISPs as secure, much the same way site certificates identify websites as safe to web browsers. These recommendations have not been adopted by major, independently managed networks, according to the FCC notice.


Subject: A sustainable look at secure device destruction
Source: GCN

While many agencies routinely destroy decommissioned IT equipment, environmentally friendly options can extend device life and purge non-classified data from solid state drives.Government officials know they need to be more environmentally friendly when disposing of solid-state drives (SSDs), but the No. 1 approach for decommissioning drives remains physical destruction, a new study shows.

The most notable takeaway from “The Price of Destruction,” a recent report by Blancco, which found that 71% of U.S. public sector respondents said their agency has a plan to reduce the environmental impact of destroying information technology equipment, but only 22% of them are actively implementing those plans, said Alan Bentley, the company’s president of global sales.

“There’s a big delta around understanding they need to do it and actually doing anything about it,” Bentley said. “What the difference seems to be is they don’t understand the process.”

Strict data privacy and security laws are one factor driving SSD destruction. The majority of respondents were well informed of data protection laws, the report found, with 69% of U.S. respondents saying they know them in detail. According to the survey, 88% of respondents said they are aware of and know in at least some detail the regulations in National Security Agency/Central Security Service (NSA/CSS) Policy Manual 9-12, which advocates a non-reuse approach for devices that contain classified information.

The National Institute of Standards and Technology’s Special Publication 800-88 Rev. 1 provides nondestructive methodologies for secure data sanitization, according to the report. An example is cryptographic erasure, or sanitizing the cryptographic keys used to encrypt the data.

“If it means you have to rewrite the policy, rewrite the policy. But nobody is going to rewrite the policy that’s been in place for a few years unless someone tells them to,” Bentley said.

[What happens when “the cloud” is home to the data? /pmw1]

Subject: Russian General Killed After Using Unsecured Phone
Source: BBC via Newser

Maj. Gen. Andrei Sukhovetsky was reportedly killed by a sniper on March 3, per the BBC; Maj. Gen. Vitaly Gerasimov was killed near Kharkiv on March 7; and Maj. Gen. Andrey Kolesnikov was killed on March 11. In one case, “the Ukrainians intercepted a general’s call, geolocated it, and attacked his location, killing him and his staff,” US military officials tell the Times, noting many generals are using unsecured phones and radios. Ukraine released audio purportedly of Russian soldiers discussing Gerasimov’s death and complaining of problems with their secure communications network, the BBC reports.

Subject: Tile Adds Anti-Stalking Feature to App, Download It Right Now
Source: Gizmodo

Tile has largely dodged the criticism Apple has received for the privacy concerns its AirTag trackers pose, quietly staying in the background as the tech giant scrambles to release features that could mitigate the risk of stalking. Now Tile is being more proactive, taking similar measures to prevent fingers from pointing in its direction.

Tile is pushing out a “Scan and Secure” feature to its app this week, which will allow users to scan and view any unwanted trackers hiding nearby. The feature is similar to the app that Apple offers to Android users and will arrive as a free addition to the Tile app on both iOS and Android.

The app should, to some extent, prevent its small tracking devices from being used for illegal activity, like stalking or stealing. But since the feature isn’t built into your mobile device, users annoyingly need to do their part by downloading the app and initiating a scan. That applies even to non-Tile customers who might want nothing to do with these trackers. At least you don’t need a Tile account.

Posted in: Blockchain, Business Research, Cybersecurity, Economy, Financial System, Privacy, Social Media