USBee: how to spy on an isolated system with a USB

By Josep Albors

In recent years we’ve seen increasing numbers of attacks designed to affect systems which are isolated from the network and cannot be attacked using conventional methods. Almost all research into this has been carried out by experts in Israel – that comes as no great surprise since this is a country at the forefront of cybersecurity. The latest – USBee – is no exception.

Techniques for attacking isolated computers

If a system is isolated from the network, not directly connected, or “air gapped”, the chances of it being affected by an IT attack are fairly limited. There’s no real threat from remote attacks (at least not from any executed from more than a few meters away) and in most cases the attacker has to get physically close enough to capture the information.

“Transmission speeds are not fast, but can be sufficient to obtain passwords within a few seconds.”

In recent years we’ve seen the development of data exfiltration techniques using some unconventional methods. A number of researchers have demonstrated how to obtain data from computers that are isolated from the network by using the sound output from the hard drive, processor or fan, for example. USBee, which was developed by researchers in Israel, joins a new variety of these exfiltration techniques, known as “air gap attacks”.

Using USB devices as data transmitters

The way USBee works is relatively simple, but it requires certain conditions in order for it to be effective. The first and most important condition is that it manages to infect the target computer with malware specially designed for such an attack. Bearing in mind that the computer in question will be in an isolated environment, this can be difficult to achieve. That said, there’s always the possibility of getting someone to connect an infected USB device – if we’ve learned anything from Mr. Robot and a certain university study it’s that if someone finds a USB device, they tend to plug it in…

If the attacker achieves the goal of infecting the computer, there’s another important factor which can determine the attack’s success or failure: the cable connecting the device to the computer. Just as some devices use a cable as an antenna for receiving information, USBee uses one to transmit it. That doesn’t mean that using a cable is critical, but it does ensure that the stolen information can be sent over a wider range.

“LIKE A LOT OF ISOLATED SYSTEM ATTACKS, ITS EFFECTIVENESS IS LIMITED TO SPECIFIC SITUATIONS.”

Not all USB devices can be used to carry out this attack: some camera models, for instance, are useless as they do not receive any data flow from the computer. But these exceptions aside, USBee can work with any USB device that meets the specifications of USB 2.0.

When the malware successfully executes itself on the target computer and detects that there’s a USB device which can be used to transmit the information the attacker wants to steal, it starts sending the device a sequence of zeros. This causes the device to transmit sound at detectable frequencies between 240 and 480 Mhz.

These transmissions can be captured by a nearby receiver which – while it cannot be far away – can be positioned in an adjacent room so the attacker can avoid arousing suspicion. While the transmission speed isn’t very fast (approximately 80 bytes per second), it can be sufficient to obtain confidential information like passwords within a few seconds.

Furthermore, one of the benefits of the USBee attack is that there’s no need to modify the hardware used. Neither the USB device acting as the transmitter, nor the receiver antenna need to be modified, making this kind of attack very cheap to carry out.

As you might expect, the name “USBee” was inspired by bees. Why? Because they fly through the air carrying pollen from one place to another. In this case, though, the package being delivered is information.

A good countermeasure against this and other attacks based on USB drives are security solutions, which allow users to block USB drives and only accept those that the system administrators previously authorized.

Conclusion: USBee is an attack that can be effective in very specific situations

Like the vast majority of attacks designed with isolated systems in their sights, USBee’s effectiveness is limited to very specific environments and situations. It would be difficult for an attack such as this to be carried out on a mass scale. However, for certain operations carried out by some governments and security agencies, or indeed any form of espionage, it could be a valuable technique.

And for that reason, we should see USBee for what it really is: yet another demonstration of how a system doesn’t need to be connected to a network to become the target of an attack. Other techniques that have been around for some time have proved their effectiveness, but in many cases they are nothing more than experiments to get IT security devotees excited.

http://www.welivesecurity.com/2016/09/26/usbee-spy-isolated-system-usb/?utm_source=newsletter&utm_medium=email&utm_campaign=wls-newsletter-300916

Growth of cybercrime is ‘ruthless’

By Narinder Purba

Cybercrime has established itself as a permanent fixture in 21st century life, with the number of incidents and victims continuing to rise with dogged determination.

This is according to a new report from Europol, which stated that this “relentless growth” is being fuelled by an increase in the number of cybercriminals and the highly profitable opportunities they are looking to exploit.

Its 2016 Internet Organised Crime Threat Index said that cybercrime is so bad in some EU countries, that it “may have surpassed traditional crime in terms of reporting”.

Writing in the foreword to the paper, Rob Wainwright, director of Europol, commented that this recent assessment of cybercrime confirms that it remains a “real and significant threat”.

Also commenting on the findings, Steven Wilson, head of Europol’s European Cybercrime Centre (EC3), added: “2016 has seen the further evolution of established cybercrime trends.

“The threat from ransomware has continued to grow and has now expanded into sectors such as healthcare. Europol has also seen the development of malware targeting the ATM network, impacting cash services worldwide.”

The report also highlighted some notable threats that individuals and organizations should be aware of.

This includes cybercrime-as-a-service, which is a more ‘entrepreneurial’ way of organizing cyber-related criminal activities; and ransomware, a trend that is “unlikely to change for the foreseeable future”.

Earlier this year, the 2016 Black Hat Attendee Survey reported that most security professionals are more concerned than ever of the threat of cybercrime, and that they are feeling this pressure.

“Perhaps the most important conclusion we can draw from the survey is that the pressures on security professionals are not letting up,” the authors noted.

“In fact, they are intensifying. In nearly every question and category, Black Hat attendees indicated that their environments are more at risk this year than they were last year.”

http://www.welivesecurity.com/2016/09/28/growth-cybercrime-ruthless/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

ESET obtient le meilleur score lors du test VBSpam pour le cinquième fois consécutive

ESET Mail Securitry atteint 99,999%  en détection de spam et zéro faux positifs lors du dernier test VBSpam de Virus Bulletin

Le 28 septembre 2016 - ESET Mail Security for Microsoft Exchange Server a gagné le dernier test de filtration de spam (spam filtering test), effectué par Virus Bulletin le grand spécialiste des tests de sécurité,  en atteignant un taux de 99,999%  sans produire un seul faux positif. En récompense, ESET s’est vu attribuer la certification VBSpam+, la cinquième consécutive, confirmant sa position de leader du marché en protection anti spam.

«La filtration du spam demande un réglage fin des mécanismes de sécurité afin de trouver le juste équilibre entre ce qui doit être bloqué et classé comme spam et ce qui peut passer pour du mail légitime. Nous sommes heureux que nos efforts pour protéger nos clients ont porté leurs fruits, » déclare Marc Mutelet, CEO de MGK Technologies, distributeur exclusif des produits ESET sur la Belgique et le Luxembourg.

Les tests utilisés par Virus bulletin pour la comparaison VBSpam imitent les filtres de spam utilisés dans les environnements d’entreprise. C’est la combinaison de deux flux réels de spam représentant des boîtes courrier du monde entier ainsi qu’un flux réel de mails légitimes internationaux.

Visitez www.eset.com  pour en savoir plus sur le portefeuille de produits ESET.

Talend gaat platinum partnerschap aan met Sogeti VS

Samenwerking met Capgemini-dochter combineert innovatieve integratietechnologie met veelomvattende IT-diensten om bedrijven datagedreven te maken

Talend (NASDAQ: TLND), een vooraanstaand leverancier van cloud- en big data integratiesoftware, kondigt vandaag aan, dat het een platinum partnerschap aangaat met Sogeti VS, een volledige dochteronderneming van de Capgemini Group en vooraanstaand aanbieder van IT-diensten. De samenwerking combineert de innovatieve data-integratietechnologie van Talend met de uitvoerige dienstenkennis en het klantgerichte model van Sogeti. Dit resulteert in veelomvattende en op maat gemaakte integratie-oplossingen die het mogelijk maken voor klanten uit menige industrietak om bedrijfsinformatie effectiever in te zetten. De nieuwe relatie met Sogeti borduurt voort op de samenwerking tussen Talend en Capgemini die al bijna tien jaar bestaat.

De samenwerking is onderdeel van het Talend Systems Integrator Partner Program, dat is ingericht om bij te dragen aan oplossingen voor de complexe integratievraagstukken waarmee bedrijven van welke omvang dan ook te maken hebben. Als platinum partner gaat Sogeti zijn klanten ondersteunen bij het beter benutten en implementeren van Talends oplossingen om de bedrijfsprestaties te verbeteren, inzichten te vergroten, en om hen een beter begrip van hun klanten te geven als basis voor een betere verstandhouding.

“Het partnerschap met Sogeti biedt zijn adviseurs de mogelijkheid diepgaande kennis op te doen van onze oplossingen, opdat hun klanten veel sneller resultaten boeken met hun data-integratie projecten”, zegt Rolf Heimes, senior director Alliances bij Talend. “We zijn blij dat we de relatie met de Capgemini Group kunnen verdiepen en kunnen optrekken met Sogeti om onze mogelijkheid te vergroten meer bedrijven van dienst te zijn die alles uit hun data willen halen.”

Met meer dan 45 jaar ervaring biedt Sogeti een uitgebreide reeks aan diensten, waaronder Business Intelligence & Analytics, clouddiensten, digitale transformative, product levenscyclus beheer, software-ontwikkeling & -integratie, en testen. Talend heeft Sogeti VS als platinum partner gekozen op grond van diens bewezen successen en stevige ervaring met het toepassen van de modernste technologieën, inclusief big data platformen en clouddiensten.

“In het huidige IT-landschap zoeken bedrijven voortdurend naar mogelijkheden om de meest recente technologieën toe te passen om een voorsprong te halen en te behouden op de concurrent”, zegt Patrick Keyser, vice president bij Sogeti VS. “Door de kracht van Talends oplossingen te combineren met de kennis van Sogeti over bedrijfsbeheer en informatieverwerking, kunnen we onze klanten op maat gemaakte oplossingen bieden die innovatie en efficiëntie binnen hun ondernemingen versterken. We kijken ernaar uit om onze relatie met Talend te verstevigen.”

Het Talend Systems Integrator Partner Program beloont system integrators die zich specialiseren in de producten van Talend met aanvullende verkoop- en marketingdiensten, technische training en ondersteuning, en productlicensies. Via het nieuwe partnerschap biedt Talend aan Sogeti:

·         Training met de optie om in eigen tempo, on-demand en/of publieke trainingklassen te volgen;

·         Go-to-Market Strategie om Sogeti-adviseurs te leren hoe zij Talends producten kunnen verkopen; ook krijgen zij aanvullende verkoop- en marketingkennis;

·         Consulting Services via Live Experts die antwoorden kunnen geven op specifieke productvragen, evenals persoonlijke, 1-op-1 begeleiding;

·         Gezamelijke Opportuniteiten Ontwikkeling en vergaande relaties met kanaalvertegenwoordigers opdat beide bedrijven het maximale kunnen halen uit de samenwerking.

Wie meer wil weten over het portfolio van Talends cloud en big data integratie-oplossingen, of wie wil weten hoe je lid kunt worden van het Talend Systems Integrator Partner Network, kan terecht op www.talend.com of de Talend Partners SI Partner pagina.

Over Sogeti VS
Sogeti VS, een volledige dochteronderneming van Capgemini, is actief in meer dan twintig steden in de VS. Het bedrijfsmodel van Sogeti biedt zijn klanten lokale verantwoordelijkheid en uitgebreide, flexibele toepassingsmogelijkheden. Sogeti is een leider bij het helpen van klanten om praktische IT-oplossingen voor beter
bedrijfsbeheer te ontwikkelen, implementeren en beheren. Met meer dan 45 jaar ervaring biedt Sogeti een uitgebreide reeks aan diensten, waaronder Business Intelligence & Analytics, clouddiensten, digitale transformative, product levenscyclus beheer, software-ontwikkeling & -integratie, en testen. Meer informatie op www.us.sogeti.com

What Pippa Middleton can teach us about iCloud security

By Graham Cluley

This weekend it emerged that Pippa Middleton was the latest in a long line of celebrities to have her online accounts broken into by criminals, and private photographs stolen.

As The Daily Mail reports, a man who had allegedly broken into Pippa Middleton’s iCloud account was offering 3,000 private photographs of the 33-year-old socialite including snaps of her at a wedding dress fitting, and naked photographs of her fiancé James Matthews.

Included in the haul, according to media reports, were private images of Pippa Middleton’s sister, and her sister’s children, George and Charlotte.

Things become more serious when you remember that Pippa Middleton’s sister is Kate Middleton, officially known as the Duchess of Cambridge, and wife of Prince William.

Fortunately even the British tabloid media appears to have baulked at the idea of publishing the stolen photographs, and it was no surprise to hear that police have made an arrest.

What is important to understand is that this, and many of the previous celebrity “hacks” that we have heard about in the past, did not probably occur because of some underlying security vulnerability in Apple’s iCloud system.

Instead, my hunch is that Pippa Middleton’s account was not following best security practices and had not properly secured her account.

My recommendation is that all iCloud users enable two-factor authentication on their accounts to increase the security on their Apple ID.

That way, even if your password is guessed (because you chose something obvious), grabbed (through perhaps a phishing attack or keylogging malware) or given away (maybe you made the mistake of reusing the same password on multiple websites), the hacker won’t be able to break into your account without also having access to your smartphone.

Here is how Apple describes the additional security measure of two-factor authentication:

With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information—your password and the six-digit verification code that’s automatically displayed on your trusted devices. By entering the code, you’re verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you’ll be prompted to enter your password and the verification code that’s automatically displayed on your iPhone.

Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.

Whenever you place sensitive information in the cloud you need to consider the worst case scenarios of what could happen if an unauthorised party was to gain access to the account. For the most sensitive information it might make sense to encrypt the data before you upload it to the internet, so even if your account is compromised all that the hackers will be able to do is download gobbledygook.

However, for some users in some scenarios, encrypting information before it is placed in the likes of iCloud may be a step too far. There is, however, no good reason why you wouldn’t additionally protect your accounts with two-step verification or multi-factor authentication when a service makes it available to you.

It makes sense for your web email accounts, your file-sharing accounts and your social media accounts.

So, what are you waiting for?

 http://www.welivesecurity.com/2016/09/26/pippa-middleton-can-teach-us-icloud-security/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29