7.1.16

Should I stay or should I go … to Windows 10?


By Aryeh Goretsky posted 7 Jan 2016 - 02:49PM
It has been almost half a year since Microsoft released Windows 10, and the decision whether or not to migrate computers to this latest release of Microsoft’s flagship operating system is going to be on the minds of administrators for 2016.
The shift from releasing a new version of Windows on the desktop every two to three years to ‘Windows as a Service’ (WaaS) means that Windows 10 will be delivered in continuous releases with branches acting as ‘stepping stones’ to new builds. This model has some security benefits to it, but also potential drawbacks.
I recently presented a webinar titled Windows 10 is here – Are you ready to migrate? on ESET’s BrightTALK channel, looking into not just how Windows 10’s new model of editions, builds and branches work, but also some of the most interesting security features. I also looked at some of the privacy issues surrounding this new version of Windows.
Please note that a free registration is required to view this presentation, as well as others my fellow researchers and I have recorded on a range of security topics. If you’re not up for that, or don’t have an hour to spare, you can download the slide deck from the White Papers section of We Live Security.
I hope you find this webinar helpful. Feel free to leave a message below if you have any questions or comments about the webinar.
Additional articles about Windows 10 can be found here on We Live Security:
And, of course, ESET’s knowledgebase contains the latest information about compatibility with Windows 10.


UK police force hire ‘Britain’s greatest fraudster’ to help tackle cybercrime


Once described as ‘Britain’s greatest online fraudster’, reformed Tony Sales has been hired by West Midlands Police in the UK to help tackle cybercrime. Mr. Sales, who stole over $43 million over a six-year period, started life as a scammer at the age of 13, going onto make a name for himself as a leading figure in Britain’s largest network of ‘online gangsters’.

Since his days as an underground fraudster, Mr. Sales has completely turned his life around. He now helps some of the biggest names in UK banking, retail and insurance to safeguard themselves against online fraud. The turnaround came about after he was put in touch with the UK Home Office while serving a 12-month prison sentence back in 2010. “Only if you see the world through the eyes of a criminal can you anticipate their next move,” the expert recently explained.“Testing and breaking the security of businesses that think they are bulletproof is very rewarding.“
So respected is Mr. Sales’s knowledge on cybercrime, that David Jamieson, crime commissioner for West Midlands Police,
as invited him to give the keynote speech at his annual business summit in Birmingham on January 18th.Mr. Jamieson added: “Senior officers from West Midlands Police who specialize in cybercrime will outline how the force works with the public and private sector to come up with solutions.”Previously, in an interview with the BBC, Mr. Sales highlighted the cyber shortcomings of companies, stating that many often dismiss a data breach as an “acceptable loss”.
Some even choose not to act, despite him having identified obvious weaknesses within their security system. However, by and large, his analysis is acted on, especially by larger enterprises that actively seek his know-how. As he told the broadcaster last year: “I’m given a week to go into a big corporate company … and at the end of the week I go into a board room with a CEO or the head of loss prevention, and we show them what we’ve found throughout our week’s work. “Normally by the end of the presentation, they’re breathless and with their jaw dropped on the table, saying ‘wow, we never saw that’.”
While it is not unprecedented for law enforcement to tap reformed con artists, perhpas most famously in the case of Frank Abagnale, nobody should even consider this as a career path says ESET security researcher Stephen Cobb, who says “Breaking the law is not a smart way to pursue a career in security, it’s a very long shot with a lot of downsides, including prison time.”
According to Cobb, who grew up in the area of England now known as the West Midlands, the decision by commissioner Jamieson to utilize Sales may well serve to improve police response to cybercrine, and every felon who serves their time deserves a second chance. “What is unfortunate,” says Cobb, “is if young people see this as condoning criminal behavior … they don’t realize that the road back from crime to a job as a trusted security professional is either impossible or at best long and painful.”


5.1.16

Shipping industry gets its first set of cybersecurity guidelines

By

posted

Leading shipping organizations have come together to tackle cybercrime by publishing the first set of guidelines designed to help their industry deal with this growing threat.

BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO, as well as other partners, have developed the document in response to new risks that have emerged with technological innovation.
Now that ships are more connected to one another and the web than ever before, the industry has come to appreciate that this also makes their vessels and operational infrastructure a prime target for cyberattacks.

“The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant,” the authors of the paper noted.
“Approaches to cybersecurity will be company and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations.”
“Approaches to cybersecurity will be company and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations.”

The main focus of the paper, therefore, is to ensure key stakeholders in the industry – such as ship owners and operators – are not only able to assess how secure they are, but to implement processes and systems that will protect them from attacks.

A risk-based approach should be initiated “at the senior management level of a company”, the coalition of shipping organizations advises, as opposed to the head of the IT department or a ship security officer taking up this responsibility. Understanding the unique features of this type of threat is not easy, the authors admit, as there is a decided lack of historical evidence, as well as the reporting of cyber-incidents experienced by the shipping industry.

Nevertheless, there is enough information out there that offers insight into, for example, the motives and techniques of certain attackers (such as criminals spurred by financial gain or activists inspired by causing reputational damage).

As such, the shipping industry will not be immune to common aspects of cybercrime like social engineering, ransomware, botnets and phishing.

ESET Finds Connection Between Cyber Espionage and Electricity Outage in Ukraine


Cyberattacks against energy companies in Ukraine in December 2015 are connected to attacks on media and targeted cyber-espionage against Ukrainian government agencies. Analyzing the KillDisk malware used in the attacks, ESET researchers found out that the new variant of this malware contained some additional functionality for sabotaging industrial systems.

On December 23 2015, around 700 thousand people in the Ivano-Frankivsk region in Ukraine, half of the homes there, were left without electricity for several hours. ESET researchers discovered that the power outage – the Ukrainian media outlet TSN was first to report it - was not an isolated incident. Other power distribution companies in Ukraine were targeted by cybercriminals at the same time.
According to ESET researchers, the attackers have been using the BlackEnergy backdoor to plant a KillDisk component onto the targeted computers that would render them unbootable.

The BlackEnergy backdoor trojan is modular and employs various downloadable components to carry out specific tasks. In 2014 it was used in a series of cyber-espionage attacks against high-profile, government-related targets in Ukraine. In the recent attacks against electricity distribution companies, a destructive KillDisk trojan was downloaded and executed on systems previously infected with the BlackEnergy trojan.

The first known link between BlackEnergy and KillDisk was reported by the Ukrainian cybersecurity agency, CERT-UA, in November 2015. In that instance, a number of news media companies were attacked at the time of the 2015 Ukrainian local elections. The report claims that a large number of video materials and various documents have been destroyed as a result of the attack.
The KillDisk variant used in the recent attacks against Ukrainian power distribution companies also contained some additional functionality. In addition to being able to delete system files to make the system unbootable – functionality typical for such destructive trojans – this particular variant contained code specifically intended to sabotage industrial systems.

“Apart from the regular KillDisk functionality, it would also try to terminate processes that may belong to a platform commonly used in Industrial Control Systems,” explains Anton Cherepanov, Malware researcher at ESET. If these processes are found on the target system, the trojan will not only terminate them but also overwrite their corresponding executable file on the hard drive with random data in order to make restoration of the system more difficult. “Our analysis of the destructive KillDisk malware detected in several electricity distribution companies in Ukraine indicates that the same toolset that was successfully used in attacks against the Ukrainian media in November 2015 is also theoretically capable of shutting down critical systems,” concludes Cherepanov.


more about the attack on Ukrainian power distribution companies and the BlackEnergy/KillDisk malware at ESET’s WeLiveSecurity blog.