Uber investigating wide-reaching security breach

 

source: axios.com  |  image by Mikhail Nilov for pexels.com

Uber is currently responding to what could be one of the worst breaches in the company’s history — all because of a few text messages.

Why it matters: The hacker who has claimed responsibility for the ongoing Uber breach is believed to have access to the company’s source code, email and other internal systems — leaving employee, contractor and customer data at risk.

Details: A hacker first gained access to Uber’s systems on Thursday after sending a text message to an employee claiming to be an IT person and asking for their login credentials, according to the New York Times, which first reported the breach.

Continue reading “Uber investigating wide-reaching security breach”

TryHackMe: The Story Behind

the UK’s Most Innovative

Cyber SME

source: infosecurity-magazine.com  |  image: pixabay.com

One of the many highlights of this year’s Infosecurity Europe 2022 event (21-23 June 2022) was the annual UK’s Most Innovative Cyber SME competition. The contest, run by the Department for Digital, Culture, Media & Sport (DCMS) and Tech UK in partnership with Infosecurity Europe, showcases the startup community’s enormous contribution to the UK’s booming cybersecurity sector. This is highlighted by the impressive list of previous winners, which include cybersecurity reskilling provider CAPSLOCK (2021), white hacking training platform Hack the Box (2019), communication security firm KETS Quantum Security (2018) and email security specialist Check Recipient (now trading as Tessian) (2017).

 

In the past two competitions, the judges have awarded first prize to companies involved in creating innovative solutions to resolve the much-publicized cyber-skills shortage, and this trend continued in 2022. The newly crowned winner of this award is TryHackMe, a cybersecurity training platform launched in 2018 that focuses on providing gamified lessons to its users. Once the celebrations had concluded, Infosecurity caught up with TryHackMe co-founder Ashu Savani to learn more about the company’s story, journey and future aspirations.

 

Savani described the application process for the Most Innovative Cyber SME competition as “very reflective,” allowing the team to reaffirm its goals following a whirlwind few years. “The application process was quite fun as it solidified our mission and the work we’re doing in our mind,” he explained. “We were very excited to be accepted as it gave us recognition for the work we are doing, which is to make it as easy as possible for anyone to learn cybersecurity, whether you’re a construction worker or a school teacher.”

 

Did he expect TryHackMe to win though? “We weren’t sure we were going to win; we were just really happy that we got through to the final and got a chance to give TryHackMe more exposure,” Savani replied modestly. Win they did though, and the award represented the culmination of many years of hard work, challenges and innovative thinking.

 

The Beginnings

 

The idea for TryHackMe was born after Savani met co-founder Ben Spring during a summer internship at the consultancy Context Information Security. “It was during the internship that we realized there isn’t a lot of cybersecurity learning material,” and most of it was orientated towards people already proficient in security, which, Savani explained, “isn’t very conducive to learning security.”

 

Spring began a side-project that involved building systems on the cloud. He then suggested the idea of adding training material and notes to Savani. “That ended up being the very early prototype of TryHackMe, where you could launch training material with a touch of a button and have some sort of learning focus there,” explained Savani.

 

As the pair developed the prototype, they put the word out on platforms heavily used by the amateur hacking community like Reddit, “and people started using our products.” This was the motivation to keep developing the product, carefully incorporating user feedback. “Fast-forward four years, and we’ve been very fortunate to have a loyal user base still using us. We believe we’re positively contributing to closing the cyber skills gap and we’re excited to continue doing that work,” said Savani.

Overcoming Challenges 

 

As with all startups, there were significant challenges and bumps in the road to overcome in the early years. One of the key difficulties for TryHackMe was acquiring users beyond its base. After attempting a number of different strategies, the company found the most effective approach was holding events that allowed the participants to win prizes by competing in cybersecurity challenges. This included partnering with universities through events called ‘HackBack.’

 

The other major challenge was building out the product “sustainably,” which required hiring the right people to develop and scale the business. “It’s one of those things that’s tough to solve overnight,” reflected Savani. However, they now have “some really amazing people” on board. “We’ve been very fortunate to bring on people who love teaching and have that cybersecurity experience,” he noted, adding: “All our different pockets and departments at TryHackMe have an impact on the work we’re doing on a day-to-day basis.”

 

In terms of the training platform’s evolution, there has been a strong emphasis on gamification, which TryHackMe found most effective in engaging users. “We’re focusing on ensuring the users enjoy the material and stick to what they’re doing.”

 

Savani also revealed the company is now looking to expand its material, providing relevant training content for experienced professionals as well as beginners in the field of cybersecurity, which was previously the primary focus. This includes moving into “more intermediate to advanced topic areas for things like DevSecOps, red teaming and blue teaming.”

 

Long-Term Vision

 

Savani emphasized that while the training content is designed to be fun and engaging, it must have practical real-world benefits for the users. The ultimate vision is “to take a student with a little technical experience all the way to an advanced consultant who understands the complex concepts within defensive security.” Savani added that it is also increasingly working with businesses to train their security teams, “an area we’re looking to grow.”

 

In addition to the quality of the TryHackMe service, Savani acknowledged that the company’s core focus on reducing barriers to entry in cybersecurity was a crucial factor in being crowned Most Innovative Cyber SME at Infosecurity Europe 2022. Lack of diversity and accessible pathways are a major blockage to addressing the cyber skills gap, and TryHackMe is making a conscious effort to provide an opportunity to train in cybersecurity, regardless of background and ability to pay. The firm currently has a pricing scheme of £8-10 ($9.50-12) a month. “No one should be paying lots of money just to discover whether cybersecurity is a feasible career for them,” he added.

 

Looking ahead, the long-term vision for TryHackMe is to continue its mission to provide affordable and engaging training for those looking to develop a career in cybersecurity. This involves constant reflection and evolution, taking on user feedback to continuously improve the platform.

 

Solving the cyber skills shortage is a long-term challenge for the industry and requires innovative ideas and approaches. Often, startups have the most ‘out-of-the-box’ solutions, and TryHackMe has demonstrated this trait over its first few years of operation. TryHackMe’s triumph in this year’s contest, alongside other recent victors, shows that this issue is being taken increasingly seriously in the cybersecurity sector.

TikTok Engaging in Excessive Data Collection

source: infosecurity-magazine.com  |  image: pexels.com

 

TikTok has been engaging in excessive data collection and connecting to mainland China-based infrastructure, Internet 2.0 has claimed in a new white paper.

The latest report, overseen by Internet 2.0’s head security engineer Thomas Perkins, is an analysis of “the source code of TikTok mobile applications Android 25.1.3 as well as IOS 25.1.1”, with Internet 2.0 carrying out static and dynamic testing between 1 July to 12 July 2022 that focused on device and user data collection.

The report identified multiple instances of unwarranted data harvesting, including:

  • Device mapping
  • Hourly monitoring of device location
  • Persistent calendar access
  • Continuous requests for access to contacts
  • Device information

Continue reading “TikTok Engaging in Excessive Data Collection”

Bad news: The cybersecurity skills crisis is about to get even worse

 

source: zdnet.com  |  image:  pixabay.com

 

New research suggests nearly a third of cybersecurity professionals are planning to quit the industry, at a time when companies are struggling to protect their networks from attacks.

 

Nearly a third of the cybersecurity workforce is planning to leave the industry in the near futurenew research suggests, leaving organizations in a troubling position as the threat landscape evolves “at an alarming rate”.

Cybersecurity firm Trellix commissioned a survey of 1,000 cybersecurity professionals globally and found that 30% are planning to change professions within two or more yearsOrganizations are already facing cybersecurity skills shortages, with not enough people having the skills and qualifications required to keep IT systems secure from breaches and other security threats.

Adding more fuel to the fire, organizations face a growing threat from cyber criminals and nation-state hackers, whose attacks are growing “in volume and sophistication”.

Trellix’s survey found that 85% of organizations report that a workforce shortage is impacting their ability to secure their IT systems and networks.

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices

source: thehackernews.com  |  image:  pexels.com

The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K.

The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things (IoT) devices, Android phones, and computers for use as a proxy service.

Botnets, a constantly evolving threat, are networks of hijacked computer devices that are under the control of a single attacking party and are used to facilitate a variety of large-scale cyber intrusions such as distributed denial-of-service (DDoS) attacks, email spam, and cryptojacking.

Continue reading “Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices”

New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor

source: thehackernews.com  |  image: Pixabay.com

Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need.

“The ransomware group propagates very unusual demands in exchange for the decryption key,” researchers from CloudSEK said in a report published last week. “The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations.”

Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections blocking access to sensitive files by making use of the AES encryption algorithm. The malware is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis.

The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activities to be able to obtain the decryption kit.

This includes donating new clothes and blankets to the homeless, taking any five underprivileged children to Domino’s Pizza, Pizza Hut, or KFC for a treat, and offering financial support to patients who need urgent medical attention but don’t have the financial means to do so.

Additionally, the victims are asked to record the activities in the form of screenshots and selfies and post them as evidence on their social media accounts.

“Once all three activities are completed, the victims should also write a note on social media (Facebook or Instagram) on ‘How you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill,'” the researchers said.

There are no known victims of GoodWill and their exact tactics, techniques, and procedures (TTPs) used to facilitate the attacks are unclear as yet.

Also unrecognized is the identity of the threat actor, although an analysis of the email address and network artifacts suggests that the operators are from India and that they speak Hindi.

Further investigation into the ransomware sample has also revealed significant overlaps with another Windows-based strain called HiddenTear, the first ransomware to have been open-sourced as a proof-of-concept (PoC) back in 2015 by a Turkish programmer.

“GoodWill operators may have gained access to this allowing them to create a new ransomware with necessary modifications,” the researchers said.

 

view an example of the ransomware letter here

What is a cyber attack?

source: businessleader.co.uk  |  Image: Pixabay.com

In this guest article, written exclusively as part of Business Leader’s Cyber Security Month, Bleddyn-Aled Wyke, Cyber Operations Executive at PureCyber, outlines what is a cyber attack.

A cyber-attack can take many forms, though one common thread throughout these is the threat actor. Whether the attack is untargeted, such as a phishing campaign against thousands of users hoping a careless one takes the bait, or more targeted, such as a Denial of Service (DoS) style attack against a company site denying normal users access to its services, there is a human presence behind this somewhere who has pushed the marble.

The National Cyber Security Centre (NCSC) presents a four-stage model mapping out the typical steps and processes carried out by threat actors in the process of an attack: Survey, Delivery, Breach, and Affect.

Firstly, the threat actor would look to survey an organisation’s infrastructure, in a bid to obtain as much information as possible. This could be through more technical means, scanning target networks to gain information about IT systems in place, or more physical methods such as social engineering to gain more private information such as internal processes or procedures.

With the knowledge gained here, the threat actor would look to move onto the delivery stage of the attack, where they attempt to put themselves into a position on a network where they can exploit a vulnerability they believe to exist within a target. An example of this would be gaining the format of a company’s e-mail address (e.g. first initial surname@target.com) and using this to send phishing e-mails containing a malicious file or link to employees, using this to either spread malware or steal credentials. It only takes one user to follow through with the file or link to compromise an organisation’s system.

Upon successful delivery of an exploit, the attacker would attempt to further breach the system. Whether this is via stolen credentials allowing them to achieve access to sensitive user or company information, or via the implementation of malware letting them take control of computers or networks, the attacker can either go straight for their target or can look to gain a more established presence.

They can move to have more of an effect, using their established control to gain access to more privileged systems, allowing them to gain more sensitive information, make changes to their benefit, or disrupt businesses. From here the threat actor will look to either leave, attempting to remove any indications of their presence, or set up a more persistent style threat, leaving a back door for them to come and go as they please.

 

Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption

source: wired.com  |  image: nsa.gov

 

 

The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.

The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards. 

“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.

The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today’s computers can’t. But it’s also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked. 

Continue reading “Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption”

CISA issues rare emergency directive as ‘critical’ cyber vulnerabilities emerge

source: federalnewsnetwork.com  |  image: pexels.com

Agencies have until Monday to mitigate vulnerabilities in five products from VMware that permit attackers to have deep access without the need to authenticate.

The Cybersecurity and Infrastructure Security Agency issued a new emergency directive today saying the vulnerabilities in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager put federal networks and systems at immediate risk.

“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly in a release. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization — large and small — to follow the federal government’s lead and take similar steps to safeguard their networks.”

Continue reading “CISA issues rare emergency directive as ‘critical’ cyber vulnerabilities emerge”

Cyber security: Global food supply chain at risk from malicious hackers

source: bbc.com  |  image: pexels.com

Modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning.

It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops.

Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software.

A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked.

The UK government and the FBI have warned that the threat of cyber-attacks is growing.

John Deere said protecting customers, their machines and their data was a “top priority”.

Smart technology is increasingly being used to make farms more efficient and productive – for example, until now the labour-intensive harvesting of delicate food crops such as asparagus has been beyond the reach of machines.