19.9.17

Minage en ligne de crypto-monnaies : une voie plus lente mais efficace vers le profit


Depuis plusieurs années, les cybercriminels tirent parti des techniques de “minage” de crypto-monnaies pour engranger des profits. Ils ont généralement recours à des malwares ou à des applications potentiellement indésirables installés sur l’équipement de la victime. Les chercheurs d’ESET ont étudié un cas spécifique de minage de crypto-monnaies qui s’effectue directement au sein du navigateur Internet par le biais de JavaScript.

Parfaitement au courant du fait que la plupart des navigateurs intègrent JavaScript par défaut, les assaillants se sont tout simplement contenté d’insérer un script de minage sur les sites Internet qui enregistrent un trafic important.

Il est plus aisé de toucher un nombre significatif de victimes en infectant les équipements des utilisateurs. Dans le cas présent, les auteurs de l’attaque injectaient des scripts dans des sites Internet avec un trafic important, qui impactaient essentiellement des utilisateurs russes, ukrainiens, biélorusses, moldaves et kazakhes”, explique Matthieu Faou, chercheur spécialisé en malware chez ESET.

Pour miner des  Feathercoin, Litecoin et Monero , les assaillants injectaient des scripts Java malveillants dans des sites Internet de diffusion vidéo en continu et de jeux intra-navigateurs, tout simplement parce que leurs utilisateurs passent davantage de temps sur la même page, ce qui permet à ces scripts de tourner plus longtemps et d’utiliser d’avantage de puissance de traitement.

“Cette méthode de minage est moins efficace dans la mesure où elle a tendance à être de 1,5 à 2 fois plus lente par comparaison avec des processus d’extraction effectués avec des logiciels classiques mais cet inconvénient est contrebalancé par le nombre plus important d’utilisateurs impactés”, ajoute Matthieu Faou.

Certaines instances de réglementation considèrent que se livrer à du minage de crypto-monnaie sur l’équipement d’un utilisateur sans avoir obtenu son consentement équivaut à s’arroger un accès à l’ordinateur. De ce fait, les développeurs de ce genre de services devraient clairement le signaler avant de démarrer le processus de minage, ce qui n’est de toute évidence pas le cas dans un contexte de distribution large empruntant la voie des publicités malveillantes.

Matthieu Faou formule quelques conseils destinés à vous protéger contre ce type de menace :

        Activez la détection d’applications potentiellement non sécurisées et d’applications potentiellement indésirables (PUA en anglais) dans ESET Internet Security/ ESET NOD32 Antivirus / ESET Smart Security Premium. Suivez ce lien pour accéder aux instructions et paramétrer vous-même cette fonction de détection.
        Veillez à garder votre solution de sécurité Internet à jour. Vérifiez ici quelle est la mise à jour la plus récente dans la gamme des produits HOME ESET Windows.
        Installez un bloqueur de pub, tel que uBlock, dans le(s) navigateur(s) que vous utilisez.
        Vous pouvez également installer un bloqueur de script tel que NoScript. Sachez toutefois que le fait d’installer un bloqueur de script dans votre navigateur peut avoir pour effet de désactiver certaines fonctions sur des sites Internet.

Pour plus de détails sur le minage de crypto-monnaies, nous vous invitons à consulter le document d’analyse intitulé “Cryptocurrency web mining: in union there is profit” que vous trouverez sur WeLiveSecurity.com



Nieuw compleet Data Platform versnelt ontwikkeling en uitrol van applicaties




InterSystems IRIS Data Platform®  voor bedrijfskritische, data gestuurde oplossingen van elke omvang

 InterSystems, wereldwijd toonaangevend in informatietechnologie platformen voor applicaties bij zorginstellingen, het bedrijfsleven en de overheid, kondigt InterSystems IRIS  Data Platform® aan. Met een ingebouwde krachtige database is InterSystems IRIS het allereerste data platform met functies voor interoperabiliteit, geschikt voor alle vormen van bedrijfskritische en data-intensieve applicaties, ongeacht of gebruikers deze toepassen voor transactieverwerking of voor analytische doeleinden.

Het platvorm omvat:

·         Een gevanceerde multi-model en schaalbaar gegevensbeheer, geschikt voor een gevarieerde werkbelasting en uiteenlopende datamodellen;
·         Standaard voorzieningen voor interoperabiliteit met andere platformen en applicaties;
·         Een open analytisch platform;
·         Een uitrolmechanisme gericht op zowel cloud, on-premise en hybride omgevingen;
·         Een niet eerder vertoonde combinatie van horizontale en verticale schaalbaarheid, waardoor systemen snel zijn aan te passen aan een veranderende werkbelasting en wisselende datavolumes;
·         Volledige 24/7 wereldwijde technische ondersteuning.

De naam van InterSystems nieuwe platform is afgeleid van de ontwerpprincipes op basis waarvan het bedrijf producten ontwikkelt. IRIS staat voor ”Interoperable, Reliable, Intuitive, Scalable”. Deze vier eigenschappen zijn noodzakelijk om te kunnen inspelen op de snelgroeiende omvang van de data die dagelijks bij ondernemingen binnenstromen.

In een recente  IDC InfoBrief  met een onderzoek geïnitieerd door InterSystems onder de titel Choosing a DBMS to Address the Challenges of the Third Platform,” laat 47 % van de ondervraagde organisaties weten dat data die niet op een gepland moment binnenkomen een negatieve impact hadden op hun bedrijfsprestaties. Die data worden vooral gegenereerd door de ETL processen (extract, transform, load), waarop organisaties vertrouwen voor het overbrengen van data tussen verschillende applicaties en platformen. Door het gelijktijdig uitvoeren van transactieverwerking en analytische processen op één platform, maakt IRIS een infrastructuur met ETL-voorzieningen overbodig. Het platform biedt onmiddellijk inzicht in welke acties nodig zijn om de actuele datastroom op te vangen. Daarbij zorgt het platform met de ingebouwde functionaliteit voor interoperabiliteit voor een naadloze aansluiting op bestaande architecturen, systemen en apparaten. Daarmee levert IRIS een belangrijke bijdrage aan het sneller ontwikkelen en uitrollen van data gestuurde toepassingen.

We ontwikkelden IRIS Data Platform vanuit de gedachte een instrumentarium samen te stellen dat voorziet in toekomstbestendige oplossingen”, aldus Paul Grabscheid, vice president Strategic Planning bij InterSystems. “Met de introductie van IRIS Data Platform zetten we een aanzienlijke stap vooruit in de database industrie en bouwen we voort op InterSystems rijke historie van technische innovaties, gericht op het oplossen van de echte problemen waartegen bedrijven in de praktijk aanlopen.




IRIS is het nieuwste lid van de InterSystems data platform productfamilie met onder meer het multi-model database managementsysteem Caché en het applicatie integratiesysteem Ensemble. Gebruikers van deze producten kunnen, indien gewenst, gemakkelijk en gratis overstappen op het IRIS Data Platform.


“In toenemende mate bestaat bij ondernemingen de behoefte om met één coherente datastroom zowel analyses uit te voeren als transacties te registreren en niet langer afhankelijk te zijn van afzonderlijke databases met ofwel analytische data, ofwel operationele data”, aldus Carl Olofson, vice president research of Data Management Software bij IDC. “InterSystems brengt zijn open architectuur op een hoger niveau met het IRIS Data Platform, waarmee zich bestaande infrastructuren en ’best-of-breed’ technologieën naadloos laten samenvoegen ter ondersteuning van een brede variëteit in applicatiebehoeften en bedrijfsomgevingen.


Het InterSystems IRIS Data Platform is wereldwijd leverbaar vanaf januari 2018.



Meer informatie is te vinden op www.intersystemsbenelux.com

16.9.17

How many people outside the U.S. are affected by the Equifax breach?


[ Update September 15, 2017: Equifax has released more detailed information pertaining to the stolen data from people in the UK. The names, dates of birth, email addresses and telephone numbers of up to 400,000 people in the UK may have been accessed.]
If you’ve been reading news about the recent Equifax breach, you may have noticed that many articles mention briefly that people in the United Kingdom and Canada are also affected. There has been little clarification as to how many people were affected, or what exactly was lost.
The current statement from Equifax is that there was “unauthorized access to limited personal information for certain U.K. and Canadian residents.” Due to this heavy emphasis on customers in the U.S., many of us have not really considered how much or how little this could mean to people in the UK and Canada.
Breach Maths
Certainly, in terms of total numbers and dramatic headlines, 143 million is a lot of victims. This means that 44 percent of all Americans could have been affected. If we assume that this breach primarily affects adults, it could be up to 60 percent of the population over the age of 18.
What we don’t currently know is how many people in the U.K. and Canada were affected. We know that Equifax has data on 820 million consumers worldwide and it operates in 24 countries. Of those 820 million, the company has information on 44 million people in the UK and 26 million in Canada.
If we assume again that this breach primarily affects adults, and if we assume that these numbers are the maximum number of possibly affected consumers in each country, this could mean that up to about 80 percent of adults in both countries may be affected.
While we do know that Equifax has found no evidence of unauthorized activity on their core consumer or commercial credit reporting databases, it’s entirely possible that this breach does not affect the total number of Equifax customers in either country. As much as anything, people are concerned about the lack of certainty.
Protect as if you’ve already been compromised
There is a popular saying in information security circles that says that everyone should protect their data as if they’ve already been compromised. While credit freezes were until recently considered a “drastic measure” – only for people who had already had identity theft-related fraud committed against them – they are now being widely recommended as a basic preventative measure for everyone. Equifax is now waiving fees for anyone wishing to set up this protection on their credit reports.
It seems wise, especially for people in the U.S., U.K. and Canada, to be extra vigilant until more specific information becomes available. Even if it turns out that few people in either country were affected, getting in the habit of double-checking what’s happening with your financial accounts and credit history is never a waste of time or effort.

12.9.17

State sponsored cryptocurrency: Could it ever be a reality?

Companies showcase their products, whether they are physical, virtual or services. Images of Steve Jobs launching an iPhone or Elon Musk announcing the latest Tesla generate media interest and hype. Cybersecurity companies are no different, ESET holds an annual event for journalists and security testers. At the event people discuss the latest research news and find out what’s new in the company and the cybersecurity industry.
This year’s event was held in Tallinn, the Republic of Estonia. A country that has a very unique digital offering; it’s the first country that offers e-Residency. Anyone in the world can apply for a Government issued digital ID that enables the holder freedom to start and run a global business from a trusted EU environment for only €100.
A person can create a company online from anywhere in the world, can get access to business banking, with no local director needed, sign documents digitally, encrypt documents and send them securely, plus they can submit taxes online without ever needing to relocate their global business. To date there have been 23,735 applicants from 138 countries establishing 3,877 companies. Incredibly, the number of people signing up exceeds Estonia’s birth rate.
In the last few weeks, it was reported that Kaspar Korjus, Estonia’s e-Residency Managing Director, announced the concept of adding cryptocurrency, Estcoins. The media excitement that a sovereign state was announcing its intention to create a digital currency resulted in some inaccurate reporting, with the idea that it came from Mr. Korjus rather than from the Estonian Government. As Estonia offers e-residency the concept of a digital cryptocurrency may sound appealing, but what is it?
Understanding cryptocurrency
If you are lucky enough to have some cash, you probably hold it in an account at a bank that provides you the ability to transact, get a balance and has access to a payment network. The financial institution works on a centralized methodology, and is typically accountable to a government regulator. The centralization stops the account holder from double spending, as every transaction is authenticated in one place.
Cryptocurrencies work on a decentralized methodology, there is no sever or centralized place that holds account details and transactions. Imagine 10 friends creating their own digital currency, to make this work every friend will need to know the balance and transactions of all the other friends in real-time. This stops friend #1 transacting with friend #2 and #3 to withdraw the same funds, making #1 overdrawn. When #1 transacts with #2 then all the friends need to be sent the details of the transaction and to confirm they received it, the effect is a distribution of your balance and history.
“Cryptocurrencies work on a decentralized methodology, there is no sever or centralized place that holds account details and transactions.”
To make this scale, such as Bitcoin do, waiting for everyone to confirm would be too difficult so you need to create trusted, but still distributed, confirmers of a transaction. These are called miners, and they have a special encrypted relationship with each other. Imagine 10,000 friends using the currency and 100 of them being miners that have a trusted place in the network to confirm transactions and spread the word to the remaining participants.
With Bitcoin anyone can me a miner if they are willing and able to create a cryptography hub that can talk to the rest of the network. Their reward for doing this is the payment of a transaction fee paid in the digital currency. Now you have a secure network incentivized to confirm transactions and to stop people spending their cash more than once.
If we simplify this, it’s just a big database that multiple entities have copies of and before a transaction can take place they all need to agree it’s able to take place. Bitcoin works on the following principals:
1.     It’s fast and secure, regardless of where you transact, it works on a global network of computers that use strong cryptography.
2.     The actual identity of the account holder is a digital address, there is no link between this and the real-life identity of the account holder.
3.     There are no permissions, anyone can create an account using software without the need to be identified.
4.     Lastly, Bitcoin transactions cannot be reversed, once a transaction has been made the distributed it’s final.
Cryptocurrency and state sponsorship
Is it possible for any government to create a cryptocurrency that would share the same values of the already established, and somewhat, successful cryptocurrencies available today?
The Republic of Estonia is a member of the European Union and part of the Eurozone currency, bringing with it regulation and procedures that may limit the success of any cryptocurrency that is state sponsored. Mario Draghi, the president of the European Central Bank, quickly dismissed the idea and stated the only currency for eurozone countries is the ‘euro’.
The success of Bitcoin is generally based on the lack of regulation, primarily it’s the currency of choice for people that wish to remain anonymous.
However, bad-intentioned people, like creators of ransomware, could use it also as the payment method to unlock infected machines, making them extremely difficult to identify – creating challenges for law enforcement trying to bring them to justice.
Allowing people to anonymously create accounts and transact with each other removes the visibility of tax authorities, financial regulators and law enforcement. Making it unthinkable that any government which is part of a regulated financial community could disregard the processes that have been established to create a safe and trusted financial system.
This is probably just as unthinkable to the cryptocurrency users that they should be regulated and identified in the same way they are with traditional bank accounts.
I would like to hear the opinion of cryptocurrency users and advocates on what the legitimate uses are for the technology driven currency.

11.9.17

Equifax breach: 5 defensive steps to take now


As you may have heard from the copious news coverage (including our own), the credit monitoring bureau Equifax, was hit with a security breach which has given thieves access to the data of 143 million people; this information comes primarily from customers in the US, as well as some in the UK and Canada. The data stolen includes names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses and credit cards.
Normally, our first piece of advice would be for you to go directly to a vendor’s breach information site for further information. But at the time of writing, Equifax is having a number of technical difficulties with existing contact methods, at least partly as a result of unusually high traffic volumes.
Calling Equifax directly seems to be ineffective right now, and the Equifax breach-info site is having a variety of problems which seem to indicate that the rush to provide information may have led to further issues.
The Equifax breach notification site runs on a stock installation of WordPress. This is cause for concern as it appears to have insufficient security for a site that asks people to provide their last name plus six out of nine digits of their Social Security number. If this information was stolen, it would be more than enough fodder for criminals to perpetrate additional fraud.
But this isn’t the only cause for concern: software with phishing-detection functionality – including some Internet browsers and OpenDNS have been blocking access to the site and warning that it was a suspected phishing threat due to irregularities in its functionality. For example, the SSL/TLS certificate doesn’t perform proper revocation checks, which may cause browsers to display an error message. And the domain name is registered to a site that is not clearly labeled as belonging to Equifax.
An increasing number of reports appear to indicate that the information coming out of the website’s checking mechanism may be incomplete or inaccurate. Verbiage on the Equifax site led to significant debate as to whether signing up for free identity protection services would stop users from taking part in class action lawsuits against the company. This has prompted Equifax to clarify that this waiver does not apply to the current incident.
How to protect yourself
Indications are that this breach occurred between mid-May and July 2017, and that it was discovered by Equifax on July 29. As this has potentially affected almost half of all adults in the US, you may be wondering how to identify or mitigate problems caused by this breach. Here are a few steps you can take now:
1.   Check your accounts for suspicious activity
The first, and most important thing you can do is to check the transactions on all your financial accounts and credit history. Keep in mind that there is an overwhelming amount of traffic going to all the major credit reporting agencies right now, so they may be slow or only intermittently available for the next few days. As the breach was only recently reported, it’s likely that more information about the specifics of who was affected and what was stolen will become available in the coming days and weeks.
If you see activity that you do not recognize, it is important that you notify the bank or credit agency immediately.
Keep in mind that the thieves may not use or sell all of the stolen data right away. You will need to be vigilant with your accounts for a while.
2.   Consider a Credit Freeze
While freezing your credit does introduce an obstacle when it comes to allowing someone to access your credit report (such as when you apply for a new bank card, loan, apartment or job), it also makes it more difficult for thieves to create new accounts using your information. Laws differ from one state to another regarding who may request a freeze and how much they will be charged. For most states that do charge, if fraud against you has not yet been committed as the result of a data breach, you may be charged around $10 to place the freeze. It’s important to contact all three credit reporting agencies, including Equifax.
If your information was included in this breach, and you decide against a credit freeze, you may wish to place a fraud alert on your files instead. A fraud alert warns creditors that you may be a victim of identity theft and that they should take additional steps to verify that anyone seeking credit in your name really is you.
3.   File your taxes promptly
While thieves may use stolen information to create fraudulent bank accounts, they may also use it to file fraudulent tax returns. File your taxes as soon as you have the tax information you need and respond promptly to letters sent to you by the IRS. Note that the IRS will never communicate with you via email, so watch out for this type of fraud and don’t open emails purporting to be from the IRS.
4.   Improve your login security
With all the information that is now available to thieves, they may try to combine it with attacks on other online accounts and services. It’s always a good idea to make sure you have strong, unique passwords for each account you use. If you’ve not yet enabled two-factor authentication wherever it’s available to you, now is a great time to make sure you have this in place.
5.   Beware of scams
Criminals are aware that people will be feeling especially anxious about their security and privacy as a result of this incident. This could lead to other scams and has already inspired at least one phishing site passing itself off as an Equifax resource. Some people may, ironically, be more apt to fall for social engineering tactics and phishing schemes that prey on this fear. Never click on links in emails purporting to come from businesses using this angle, especially if they appear suspicious in any way. It’s a good idea, especially after major security events and other crises, to consider any link in an unsolicited email to be potentially malicious. Instead, you should type URLs that you know to be genuine into your browser directly if you need to contact companies.
There are plenty of things you can do to protect yourself without needing to contact Equifax right now. Equifax will contact affected consumers directly by mail, so for now, keep an eye on the news as more information comes to light.

8.9.17

Equifax hack could affect half the population of the US



The credit reporting agency, Equifax, has revealed that they suffered a huge cyberattack that could affect up 143 million Americans.
The hackers gained access to sensitive personal data, including social security numbers, birth dates and addresses of nearly half the population of the US.
The company released a statement on their website saying: “Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.”
Equifax confirmed that the breach occurred on September 7, but has so far refused to disclose why it waited six weeks before disclosing the cyberattack.
In addition to gaining access to personal data, the cybersecurity breach also exposed 209,000 credit card numbers that also includes customers from Canada and the United Kingdom.
Equifax is one of the largest credit reporting agencies in the US and analyze financial data records that cover a wide range of consumers from around the world. They often get this information from credit card companies, banks and lenders. They then use this data to determine a person’s credit score.
In a video posted on their website, Rick Smith, Chairman and CEO of Equifax, said, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes.”
The Atlanta-based company also announced that they will be contacting all those affected by mail and have set up a website, equifaxsecurity2017.com, and a dedicated call center to deal with consumer concerns.
While the numbers possibly affected is staggering, it’s still dwarfed by the data breach suffered by Yahoo when more than 1 billion users’ accounts were breached throughout the world.
In further developments, Bloomberg News reported that three senior executives – Chief Financial Officer John W. Gamble; Joseph M. Loughran III, the president of U.S. information solutions; and Rodolfo O. Ploder, the president of workforce solutions – sold shares worth almost $1.8 million shortly after Equifax discovered the security breach.
The company did confirm that the trio had no knowledge of the incident before they sold their shares.
Equifax shares fell 13% after news of the cyberattack was announced.

6.9.17

Critical security flaw leaves Fortune 100 firms vulnerable

Fortune 100 companies could be open to hackers after a security vulnerability was discovered in widely used server software, security researchers have said.

The discovered weakness would allow hackers to remotely run code on servers that utilize the REST plugin from Apache Struts, and it is reported that all versions since 2008 are affected.

Due to the vulnerability, hackers could easily take control of an affected server that uses the popular Java MVC framework, effectively leaving highly sensitive data at the mercy of would-be cybercriminals.

The issue is estimated to affect 65% of Fortune 100 companies including organizations such as Citigroup, Vodafone, Virgin Atlantic, along with several US governmental websites such as the Internal Revenue Service (IRS) and Department of Motor Vehicles.

According to the researchers the risk is so high because the framework used is to design and build “publicly-accessible web applications.”

One of the security researchers who discovered the vulnerability, Man Yue Mo, outlined the severity of the issue: “Struts is used in several airline booking systems as well as a number of financial institutions who use it in internet banking applications. On top of that, it is incredibly easy for an attacker to exploit this weakness: all you need is a web browser.”

Struts released a full patch on Tuesday that they say will fix the vulnerability and are urging users to upgrade to the latest version – 2.5.13. – immediately. The company has identified the patch as critical with the upgrade able to deal with “Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads.”

The researchers developed an exploit but have not released it in order to give companies using the software time to patch their systems. It is currently not known if any companies have been affected by the security vulnerability.