A new year, and we already have loads of cyber news to talk about. In what comes as no surprise, we are still parsing (and chatting about) the effects of the Solar Winds breach. Read on to find out what else is on our minds and making its way across our internal message boards this month.
Democracies need to re-learn the art of deception
This fascinating think piece in The Economist made its way around the office in an email chain, and was thought provoking for everyone. Using examples of military deception from the mid-20th century, it suggests that deception across all fronts should make a big comeback, an argument for the active defense forward posture that we have here at CounterCraft. The article proposes that the best hope for modern deceivers may be to drown their pursuers in noise, forcing them to waste expensive precision weapons on cheap decoys and challenging enemy sensors to pick the wheat from the chaff. “Armies might even seek to exploit what is called “adversarial” artificial intelligence to generate camouflage patterns and designs that confound object-detection algorithms”—a physical version of what we do with our deception technology.
“Deception is close to an artistic enterprise. Even Pablo Picasso claimed credit for the French army’s adoption of camouflage. But it’s been in decline for years. We like this article because it speaks in a broad sense about why this art should be relearned.” — Andrea, Marketing team
Source: The Economist, December 16
MacOS malware evades detection for five years
While macOS users typically enjoy a higher level of security, the latest news shows that no one can let down their guard, no matter their hardware. Recently, a malware operation was exposed that shows that for more than five years, infected macOS users have had their hardware resources hijacked and used to mine cryptocurrency without their knowledge. OSAMiner, the malware culprit, has been at work since 2015, hidden in popular software like League of Legends and Microsoft Office for Mac. Most of the victims are in China and the Asia-Pacific regions. Boobytrapped installers would download and run various run-only Apple scripts, allowing them to retrieve malicious code in stages.
“Even the most conscious professionals can and will make mistakes designing and maintaining a long term security architecture. Systems, and procedures tend to be degraded (or overriden) in time, as security is usually seen as a short-term obstacle to productivity. This incident demonstrates, yet again, that threats can go undetected for years even in platforms that arguably are more secure than others.” – Member of the integration team
Source: ZDNet, January 12
Malwarebytes hacked by those behind Solar Winds
Malwarebytes, a US cybersecurity firm, revealed it has been hacked by the same group that breached IT software company SolarWinds last year. Malwarebytes has no direct relation to the SolarWinds supply chain, but it was notified by Microsoft when an audit of Office 365 and Azure infrastructures showed signs of malicious apps created by the UNC2452/Dark Halo group. A dormant email protection product was exploited, allowing the attackers to gain access to internal company emails.
“This shows that the SolarWinds incident’s real impact is still unknown. We are still finding new affected entities in different sectors, and nobody knows if there is more news to come. Most importantly, the attack followed normal, vetted procedures: updates from a third party, using audited and tested mechanisms. It’s difficult to design a security framework that can take into account every possible point of failure. But we think that deception technologies could play a significant role in an early detection system, as they will engage human actors (remember, all those attacks were not automated) using designed-for-human deception environments. Both the third party provider and the final customers could have diverted actors’ attention long enough to raise some flags before it was too late.” — Member of the integration team
Source: ZDNet, January 19
Sensitive financial info believed to be hacked at Intel
This article indicates that sensitive financial information belonging to Intel, a US computer chipmaker, was obtained by a hacker. The advanced details were about a strong earnings report Intel planned to publish after the close of the market. When it found out the breach had taken place, Intel published its formal earnings announcement, six minutes before the market closed. In that short period of time, the strong earnings made Intel’s shares rise more than 6 per cent.
“This is important because it strengthens our message that threat actors are focused on sensitive company information such as blueprints, financial information, and business plans. Companies need to face this reality and protect themselves accordingly.” — Fernando, Founder
Source: Financial Times, January 22
Ransomware actors threaten to publish Scottish agency docs
A Christmas Eve ransomware attack on the Scottish Environmental Protection Agency yielded nearly 4,000 stolen files, which were recently released by the hackers responsible for the attack. These files include contracts and strategy documents. The attack also affected the agency’s email systems, which are still offline. The agency, however, refuses to give in to the hackers’ demands, which led to the hackers publishing the data publicly. They have gone on to claim the published documents have thousands of views, and the agency remarks it will be a long road back to normal operations, requiring new systems in some cases.
“Ransomware is becoming more and more sophisticated. Adversaries can now cause pain that goes beyond a money problem.” —Fernando, Founder
Source: Threat Post, January 22