Op de VB2020 conferentie, belicht ESET cyberspionage in Oost-Europa en financiële criminaliteit in Latijns-Amerika

ESET, eerste Europese uitgever van beveiligingsoplossingen, zal zijn onderzoek 2020 belichten op de VB2020-conferentie (Virus Bulletin 2020). Dit jaar zal deze internationale conferentie online plaatsvinden, gedurende drie dagen, van 30 september tot en met 2 oktober. ESET-onderzoekers zullen vier presentaties geven en deelnemen aan een panel van experten. Twee presentaties over belangrijke nog niet gepubliceerde onderzoekingen, zijn: de ontdekking van kennisuitwisseling tussen financiële cybercriminelen in Latijns-Amerika en een nog niet bekendgemaakte cyberspionage-operatie gericht op verschillende regeringen uit Oost-Europa, de Balkan en Rusland. Dit jaar is de conferentie gratis mits registratie vooraf (registration required).

De eerste presentatie over Latijns-Amerikaanse financiële cybercriminelen als concurrenten op het gebied van tactieken, technieken en procedures, (Latin American financial cybercriminals as competitors in tactics, techniques and procedures), wordt gegeven door Jakub Souček en Martin Jirkal, van het ESET R&D-centrum in Praag. Het delen van kennis onder cybercriminelen is niet ongebruikelijk, maar het zien van zoveel voorbeelden in regio-specifieke malwarefamilies met dezelfde focus trok de aandacht van de ESET-onderzoekers. Deze presentatie heeft plaats op 1 oktober van 19: 45 tot 20: 15 CEST.

De tweede presentatie behandelt een ontdekking, eerder dit jaar, door ESET-onderzoekers: een voorheen niet bekendgemaakte cyberspionage-operatie gericht op verschillende regeringen uit Oost-Europa, de Balkan en Rusland. De presentatie, "XDSpy: het stelen van overheidsgeheimen sinds 2011" (XDSpy: Stealing government secrets since 2011), wordt gegeven door Matthieu Faou en Francis Labelle, onderzoekers van ESET Montreal, op 2 oktober van 20: 15 tot 20: 45 uur CEST.

De laatste live online presentatie, gebaseerd op een recente ESET-whitepaper (recent ESET white paper), wordt gegeven door onderzoekster Zuzana Hromcova op 2 oktober van 21: 00 tot 21.30 uur CEST. De presentatie "InvisiMole: eersteklas persistentie met tweederangs exploits" (InvisiMole: First-class persistence through second-class exploits), gaat over de verrassend effeciënte strategie van de InvisiMole-groep om detectie met behulp van oude exploits te omzeilen.

 De vierde presentatie “Ramsay: A cyber-espionage toolkit tailored for air-gapped networks” (Ramsay: een cyberspionagetoolkit op maat gemaakt voor netwerken met openingen) werd opgenomen door Ignacio Sanmillan. Dit onderzoek (This research) werd voor het eerst gepubliceerd in mei 2020.

Righard Zwienenberg, ESET Senior Research Fellow, zal deelnemen aan een opgenomen paneldiscussie over Flattening the Curve of Cyber-Risks  in de Threat Intelligence Practitioners Summit-track.

 Op elk moment kunnen de livestream-presentaties gevolgd, herbekeken of gepauzeerd. worden

Bezoek voor meer informatie de website VB2020 localhost en WeLiveSecurity.com, waar het nieuwe onderzoek zal gepubliceerd worden. Volg zeker ook ESET research on Twitter voor de nieuwste berichten.

 

179 arrested in massive dark web bust

The sting is said to be the US Government’s largest operation targeting crime in the internet’s seedy underbelly

 Amer Owaida

 Law enforcement agencies from around the globe have swooped down on dozens of purveyors of illegal goods on the dark web. No fewer than 179 vendors of illicit goods have been handcuffed in an operation dubbed DisrupTor, which comprised several separate but complementary operations and was the result of a collective effort mostly by North American and European authorities.

Europe’s law enforcement agency, Europol, lauded the success of the raids in a press release, with Edvard Šileris, the director of its European Cybercrime Centre, saying: “Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”

As noted by the United States’ Department of Justice, DisrupTor comes on the heels of two similar busts from the recent past. In March 2019, a global operation dubbed SaboTor resulted in the arrests of 61 suspected peddlers of illegal goods on the dark web. Two months later, another successful sting brought the takedown of Wall Street Market – the second-largest dark web online market dealing with the sale of illicit wares.

RELATED READING: Europol sets up EU‑wide team to fight dark web crime

The quantitative intelligence that DisrupTor yielded allowed investigators to identify suspects behind the accounts used to conduct illegal business. Which led to 179 sellers of illicit wares ending up in custody across Europe and the US, and the seizure of thousands of illegal goods including over US$6.5 million comprising both cash and cryptocurrencies as well as some 500 kilograms worth of addictive substances and drugs, and weapons.

US Attorney General Jeffrey Rosen touted the significance of the operation: “Criminals selling fentanyl on the Darknet should pay attention to Operation DisrupTor. The arrest of 179 of them in seven countries—with the seizure of their drug supplies and their money as well—shows that there will be no safe haven for drug dealing in cyberspace.”

While the investigations are still ongoing and law enforcement officers are busy identifying further suspects, arrests have been made in multiple countries. The United States leads the pack with 121 arrests, with Germany following suit on 42. The Netherlands nabbed eight suspects, while the United Kingdom detained four, Austria has apprehended three and Sweden captured one person.

Earlier this year, European law enforcement agencies were also able to crack an encrypted chat network, which ultimately led to the arrest of over 800 suspected criminals.

 

New tool helps companies assess why employees click on phishing emails

NIST’s tool can help organizations improve the testing of their employees’ phish-spotting prowess

 Amer Owaida

Researchers at the US National Institute of Standards and Technology (NIST) have devised a new method that could be used to accurately assess why employees click on certain phishing emails. The tool, dubbed Phish Scale, uses real data to evaluate the complexity and quality of phishing attacks to help organizations comprehend where their (human) vulnerabilities lie.

 

Here’s a quick refresher: in its simplest form, phishing is an unsolicited email or any other form of electronic communication where cybercriminals impersonate a trusted organization and attempt to pilfer your data. Information such as access credentials can be then abused for further attacks or sold on the dark web and used to commit fraud or identity theft.

 

Therefore, any company or organization that takes its cybersecurity seriously conducts regular phishing training exercises to see if its employees can distinguish between real and phishing emails. These trainings aim to increase employee vigilance as well as teach them to spot signs of phishing attacks masquerading as legitimate emails, which in turn, prevents them from getting hooked and protects their organizations from monetary and reputational damage.

 

RELATED READING: Would you get hooked by a phishing scam? Test yourself

 

These exercises are usually overseen by Chief Information Security Officers (CISOs), who evaluate the success or failure of these exercises based on click rates – how often employees click on a phishing email. However, the results are not emblematic of the whole problem.

 

“The Phish Scale is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect,” said NIST researcher Michelle Steves in the press release announcing the new tool.

Phish Scale looks at two main elements when assessing how difficult it is to detect a potential phishing email. The first variable the tool evaluates is ‘phishing email cues’ – observable signs, such as spelling mistakes, using personal email addresses rather than work emails, or using time-pressuring techniques.

 

Meanwhile, the second ‘alignment of the email’s context to the user’ leverages a rating system to evaluate if the context is relevant to the target – the more relevant it is, the harder it becomes to identify it as a phishing email. Based on a combination of these factors, Phishing Scale categorizes the difficulty of spotting the phish into three categories: least, moderate, and very difficult.

 

These can provide valuable insight into the phishing attacks themselves, as well as help ascertain why people are more or less likely to click on these emails.

 

RELATED READING: This test will tell you how likely you are to fall for fraud

 

Phish Scale aims to provide CISOs with a better comprehension of their click-rate data, so they don’t solely rely on the number output. “A low click rate for a particular phishing email can have several causes: The phishing training emails are too easy or do not provide relevant context to the user, or the phishing email is similar to a previous exercise. Data like this can create a false sense of security if click rates are analysed on their own without understanding the phishing email’s difficulty,” NIST said.

 

While all data that was fed to the Phish Scale has originated from NIST, the institute hopes to test the tool on other organizations and companies to see if it performs up to standard. For further information on the tool and research behind it, you can delve into the article, Categorizing human phishing difficulty: a Phish Scale, published by the researchers Michelle Steves, Kristen Greene, and Mary Theofanos.

 

Zoom met la 2FA à la disposition de tous ses utilisateurs

 

Zoom prend désormais en charge les appels téléphoniques, les messages texte et les applications d'authentification pour l'authentification à deux facteurs.

 

Amer Owaida

Zoom déploie la prise en charge de l’authentification à deux facteurs (2FA) dans ses applications web, de bureau et mobiles, permettant aux utilisateurs de doubler la sécurité de leurs comptes grâce à une couche de protection supplémentaire.

Rappelons que l’authentification multifactorielle (2FA) exige des utilisateurs qu’ils relèvent des défis d’authentification qui nécessitent des réponses de deux facteurs différents. Il existe trois facteurs d’authentification classiques qui sont couramment utilisés : quelque chose que vous connaissez comme un mot de passe ou un code PIN, quelque chose que vous avez comme des clés physiques ou des applications d’authentification, et quelque chose que vous êtes, cela inclut la biométrie comme les empreintes digitales ou les scanners rétiniens.

La plateforme de vidéoconférence a annoncé la nouvelle fonction de sécurité dans un article de blog en précisant  « L’authentification à deux facteurs (2FA) améliorée de Zoom permet aux administrateurs et aux organisations de protéger plus facilement leurs utilisateurs et de prévenir les failles de sécurité directement depuis notre propre plateforme. » Dans une déclaration fournie  The Verge, la société a confirmé qu’elle mettait cette fonctionnalité à la disposition de tous ses utilisateurs, y compris ceux qui utilisent son plan gratuit.

Zoom a également décrit la manière dont les utilisateurs peuvent s’authentifier lors de la connexion à leur compte : « Avec la 2FA de Zoom, les utilisateurs ont la possibilité d’utiliser des applications d’authentification qui prennent en charge le protocole TOTP (Time-Based One-Time Password) (telles que Google Authenticator, Microsoft Authenticator et FreeOTP), ou de demander à Zoom d’envoyer un code par SMS ou par appel téléphonique, comme deuxième facteur du processus d’authentification du compte. »

LECTURE COMPLÉMENTAIRE : Des commissaires à la vie privée demandent des vidéoconférences sécurisées

S’il est préférable d’utiliser les SMS comme forme d’authentification à deux facteurs plutôt que de ne pas en utiliser du tout, il est préférable d’opter pour l’une des applications d’authentification prises en charge, d’autant plus qu’elle rend plus difficile l’accès à votre compte par les cybercriminels, même si vous devenez la cible d’une attaque par échange de cartes SIM.

La société de communication vidéo permet également aux utilisateurs d’utiliser des codes de récupération pour se connecter à leur compte en cas de perte ou de vol de leur appareil. Vous pouvez consulter l’ensemble du processus d’activation de la 2FA ainsi que l’utilisation des codes de récupération sur le centre d’aide de la plateforme.

Avec la pandémie COVID-19 qui a obligé de nombreuses entreprises à passer au travail à distance, Zoom et d’autres services de vidéoconférence et de communication ont connu un regain de popularité. Cependant, l’entreprise a également été sous les feux de la rampe en raison des problèmes de confidentialité et de sécurité qu’elle a rencontrés après que les utilisateurs aient afflué sur sa plateforme en grand nombre. Si vous êtes un utilisateur de Zoom, vous devriez également consulter notre article sur la manière de régler correctement les paramètres de sécurité de Zoom.

 

5 ways cybercriminals can try to extort you!

 

By Amer Owaida

What are some common strategies cybercriminals employ in extortion schemes and how can you mitigate the chances of falling victim to a cyber-shakedown?y

When it comes to coercing people into parting with their money, cybercriminals seem to have an bag of tricks to choose from. There are some tricks, that they favour more than others, one of which is extortion. According to the FBI’s latest Internet Crime Report, US victims of extortion lost some US$107.5 million to these crimes last year.

One thing to keep in mind is that blackmailers won’t just stick to one trick but will employ multiple flavours of extortion to try to force their victims into doing their bidding – be  it paying them a handsome sum or even performing tasks on their behalf.

Ransomware

Ransomware is by far one of the best-known examples of extortion employed by hackers around the globe, with targets ranging from companies, through governments to individuals. The basic premise is that your device will be infested by ransomware using one of the various tactics hackers employ, such as duping you into clicking on a malicious link found in an email or posted on social media or shared with you through a direct instant message.

After the malware makes its way into your device: it will either encrypt your files and won’t allow you to access them, or it will lock you out of your computer altogether, until you pay the ransom. It is also worth mentioning that some ransomware groups have added a new functionality; a form of doxing wherein they traverse your files looking for sensitive information, which they will threaten to release unless you pay them an additional fee.  This could be considered a form of double extortion.

Before wondering whether to pay or not, you should check if a decryption tool has been released for the ransomware strain that has infested your device; also, the answer is: don’t pay. For additional advice on protecting against ransomware attacks, you can check out our  excellent, in-depth article Ransomware: Expert advice on how to keep safe and secure.

Hack and extort

The title is pretty much self-explanatory, but to make things abundantly clear, the extortionist will infiltrate your device or online accounts, go through your files looking for any sensitive or valuable data,and steal it. Although it may echo ransomware in some respects, in this case, the breaking-and-entering of your device is done manually and the cybercriminal will have to invest time and resources into doing so. Well, unless your password was part of a large-scale data breach, in which case the effort put insignificantly drops. The successfully targeted individual then receives an email in which the criminal tries to coerce the intended victim into paying by threatening to expose this data, listing examples for added effect.

To protect yourself, you should consider encrypting your data and adequately securing all your accounts using a strong passphrase, as well as activating two-factor authentication whenever it is available.

Sextortion

Sextortion is exactly what it sounds like: extortion via some kind of threat of exposure of sexual material about the target. Extortionists who take part in sextortion can go about it in several ways. It can start as an apparent romantic dalliance through a dating platform, until the criminal gains their victim’s trust, convincing them to leave the platform for a regular messaging service. This is done to avoid triggering the security mechanisms dating apps use to detect potential scammers. Once off the dating platform, they will try to coax the target into sharing some risqué or intimate photos or even videos, which will then be used to blackmail the victim. Alternatively, hackers can opt for hacking a victim’s computer and hijack their webcam to secretly watch and even take salacious snapshots or voyeuristic videos of them American model and former Miss Teen USA Cassidy Wolf fell victim to such sextortionists.

Sending any kind of risqué photos to anyone is ill-advised. That applies even to someone you trust, since you can’t rule out that their devices or accounts aren’t compromised, and the sensitive photos leaked or that your current level of trust in them might change or is otherwise misplaced. As for mitigating the chances of being hacked, you should keep your devices patched and up-to-date as well as use a reputable security solution.

 

Full article: https://www.welivesecurity.com/2020/09/18/five-cybercriminals-extortion-schemes/?utm_source=newsletter&utm_medium=email&utm_campaign=wls-newsletter-091820

CEO ESET Richard Marko jurylid in Apps 4 Digital Peace-wedstrijd voor innovatieve IT-oplossingen van Cybersecurity Tech Accord & Verenigde Naties (UNODA)

 

Richard Marko, CEO van ESET, een wereldleider op het gebied van cybersecurity, werd gevraagd als jurylid voor de eerste Apps 4 Digital Peace Competition georganiseerd door Cybersecurity Tech Accord, the United Nations Office for Disarmament Affairs (UNODA), en de https://www.un.org/youthenvoy/. Het ontstond ​​als reactie op de dramatische toename van het kwaadwillige gebruik van informatie en technologie door statelijke en niet-statelijke spelers. Gezien de mogelijke bedreigingen voor de internationale vrede en veiligheid, voelden deze organisaties de behoefte om de slimste jonge geesten aan te moedigen om technologische oplossingen te helpen ontwikkelen en zo het gebruik van internet als een domein van conflicten te beperken en de veiligheid en stabiliteit van onze online omgeving te vergroten.

Daar ESET ondertekenaar is van het Cybersecurity Tech Accord, zal Richard Marko deel uitmaken van een panel van vooraanstaande juryleden om nieuwe en ethische denkwijzen van jonge innovators over de hele wereld te stimuleren. De andere leden van het panel zijn Alex Stamos, directeur van Stanford Internet Observatory en voormalig Facebook CISO; Damir "Gaus" Rajnovic, cyberbeveiligingsmanager van Panasonic; Kim Zetter, bekroonde journalist over cyberveiligheid en nationale veiligheidskwesties; Liis Vihul, CEO, Cyber ​​Law International; en Jayathma Wickramanayake, de gezant voor jongeren van de secretaris-generaal van de VN.

Vijf finalisten maken kans op zowel geldprijzen als netwerkmogelijkheden die hun ideeën van de grond zullen helpen. De winnaars zullen worden uitgenodigd op de jaarlijkse bijeenkomst van het Cybersecurity Tech Accord om hun Apps 4 Digital Peace-inzending voor te stellen aan enkele van 's werelds toonaangevende technologiebedrijven die ijveren voor het verbeteren van de online beveiliging van gebruikers overal.

"Het is een voorrecht om in de jury te zitten die de allereerste Apps 4 Digital Peace Competition zal beoordelen", aldus Richard Marko. "Bij ESET zijn we gepassioneerd om, voor iedereen, technologie veiliger te maken. We zijn er trots op de leiders van morgen de mogelijkheid te bieden innovatieve oplossingen te creëren en te ontwikkelen die digitale vrede zullen bevorderen."

"Het verheugt me te zien wat deze slimme, jonge geesten creëren om de vele uitdagingen die de cyberwereld met zich meebrengt, aan te pakken ", zegt Tony Anscombe, Chief Security Evangelist bij ESET. “Onze jonge innovators  zijn de toekomst van cybersecurity. Hun bijdragen zullen helpen bij het ontwikkelen van praktijken in cyberhygiëne, het beschermen van de  infrastructuur en het verantwoord online gedrag bevorderen zodat een positieve impact heeft op onze online wereld. "

De virtuele prijsuitreiking van de ‘Apps 4 Digital Peace Competition’ heeft plaats op maandag 21 september van 10:00 tot 12:00 uur EDT. Klik hier om in te schrijven en de ceremonie te volgen: https://form.jotform.com/202376258059157