Cybersecurity: A Booming Business

September 23, 2020

The United Kingdom has seen record growth for cyber security startups. The record growth in the cybersecurity field is due to the COVID-19 pandemic and the heavy demand on Internet and digital services. Internet and digital services must be protected from potential bad actors stealing individuals’ information or be mischievous during Zoom meetings. Tech Round explains more about cybersecurity’s growth in: “Cybersecurity: The Fastest Growing UK Startup Sector During COVID-19.”

Before the pandemic struck, cybersecurity focused on financial and regulatory risks. Cyber risk management is now a hot ticket for investors. COVID-19 also points to a future where more people will be working remotely, organizations will host their data offsite, and more services will be online:

“Ajay Hayre, Senior Consultant Technology at Robert Walters comments: “Historically IT security has represented only 5% of a company’s IT budget but due to remote working and transition to online or cloud-based solutions, cybersecurity has been thrust to the centre of business continuity plans, having proved its worth in enabling business objectives during lockdown. Not only will every company see the benefit of having this expertise in-house, but they will be looking externally for tools, services and advisors to help guarantee the future-proofing of their business by way of solid and robust cybersecurity provisions.”

What is even more interesting are the venture capitalists behind the investing. The PHA Group breaks down who the “5 Key VCs Backing Cybersecurity Startups” are. According to the LORCA Report 2020, a half billion pounds were fundraised in the first half of 2020 for cybersecurity startups. This is a 940% increase compared to 2019. Venture capitalists also want to invest their money in newer technologies, such as AI, encryption, secure containers, and cloud security. The five companies that invested the most in UK cybersecurity are Ten Eleven Ventures, Energy Impact Partners, Index Ventures, and Crosslink Capital.

Whitney Grace, September 23, 2020

DarkCyber for September 22, 2020, Now Available: Bogus Passports, Chinese Data and Apps, and the Dronut Drone

September 22, 2020

DarkCyber for September 22, 2020, is now available. This week’s program features an update on falsified documents, three stories about China, and a report about the Dronut. You can view the video on YouTube. The video is available via the Beyond Search blog.

Kenny Toth, September 22, 2020

https://youtu.be/AOTJhU4VC9s

Passport Report: Useful Guidance for Governments and Bad Actors?

September 15, 2020

The consulting firm Bearing Point is an interesting outfit. Marketing, of course, is job one. DarkCyber noted “BearingPoint Study Assesses the Digital Maturity of Passport Services in Countries around the Globe.” The document provides the firm’s assessment of government processes related to digital work flows. Not surprisingly, the report finds opportunities for improvement across the 20 countries surveyed.

A passage DarkCyber noted states:

No examined countries currently assessed to be at level five.

Surprising? No, the object of the study is to sell consulting services for online passport application services.

However, the report provides some useful insights for bad actors interested in figuring out what type of false documents to purchase via an illegal channel. That’s right. The report is a compendium of ideas for bad actors; for example:

The study covers twenty countries selected from across Europe and other regions. The countries included in the study are Australia, Austria, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Ireland, the Netherlands, New Zealand, Norway, Romania, Singapore, Sweden, Switzerland, the UK, and the USA. Of the countries included in the study, eleven offered a partial or full online passport application service. Australia, Brazil, Estonia, France, Switzerland, and the USA were assessed at level three in the service maturity assessment. Level three represents a partial online application service in which citizens can submit application details (all data required excluding the passport image) online, in advance of attending an appointment to complete the application. The critical efficiency at this level is minimizing the volume of data inaccuracy associated with paper applications and capturing the data in advance of attending a public office, which leads to a reduction in data errors and also provides a more efficient service. Finland, Ireland, New Zealand, Singapore and the UK were assessed at level four. This represents a passport service that offers citizens an entirely online application process, though some offline interaction may be required. Passport services at this level offer online services for handling problems with the application, for example, resubmitting a photo digitally if the initially submitted photo did not meet specified standards.

The countries with what appear to be business processes in need of digital enhancement are countries like Romania and Sweden. Sweden?

The report could be used as a shopping guide for false documents which may be used to enter a country illegally. On the other hand, the report is designed to help Bearing Point sell consulting services.

Interesting information if the data are accurate.

Stephen E Arnold, September 15, 2020

DarkCyber for September 8, 2020: Innovation, Black Hat SEO, Drovorub, Sparks Snuffed, and Killer Drones

September 8, 2020

DarkCyber Video News for September 8, 2020, is now available. You can view the video on YouTube, Facebook, and the DarkCyber blog.

The program covers five stories:

First, the Apple-Fortnite dispute has created some new opportunities for bad actors and their customers. The market for stolen Fortnite accounts is robust. Accounts are for sale on the Dark Web and the Regular Web. Some resellers are allegedly generating six figures per month by selling hapless gamers’ accounts.

Second, you can learn how to erode relevance and make a page jump higher in the Google search results lists. Pay $50 and you get information to set up an Amazon or eBay store with little or no investment. No inventory has to be purchased, stored, and shipped. Sound like magic?

Third, the FBI and NSA have published a free analysis of Drovorub malware. If you are responsible for a Linux server, requesting a free copy of the publication may save you time, money, and loss of important data.

Fourth, a team of international law enforcement professionals shut down the Sparks video piracy operation. The impact of the shut down hits pirate sites and torrents. Three of the alleged operators have been identified. Two are under arrest, and the third is fleeing Interpol.

Finally, in this program’s drone report, DarkCyber explains how drug lords are using consumer drones in a novel and deadly way. Consumer-grade drones are fitted with explosives and a detonator. Each drone comes with a radio control unit and a remote trigger for the explosive’s on drone detonator. The purpose is to fly the drone near a target and set off the explosive. To ensure a kill, each of the weaponized drones carries a container of steel ball bearings to ensure the mission is accomplished.

DarkCyber is a production of Stephen E Arnold and the DarkCyber research team.

Kenny Toth, September 8, 2020

The Possibilities of GPT-3 from OpenAI Are Being Explored

August 27, 2020

Unsurprisingly, hackers have taken notice of the possibilities presented by OpenAI’s text-generating software. WibestBroker News reports, “Fake Blog Posts Land at the Top of Hacker News.” The post was generated by college student Liam Porr, who found it easy to generate content with OpenAI’s latest iteration, GPT-3, that could fool readers into thinking it had been crafted by a person. Writer John Marley describes the software:

“GPT-3, like all deep learning systems, looks for patterns in data. To simplify, the program has been trained on a huge corpus of text mined for statistical regularities. These regularities are unknown to humans. Between the different nodes in GPT-3’s neural network, they are stored as billions of weighted connections. There’s no human input involved in this process. Without any guidance, the program looks and finds patterns.”

Rather than being unleashed upon the public at large, the software has been released to select researchers in a private beta. Marley continues:

“Porr is a computer science student at the University of California, Berkeley. He was able to find a PhD student who already had access to the API. The student agreed to work with him on the experiment. Porr wrote a script that gave GPT-3 a headline and intro for the blog post. It generated some versions of the post, and Porr chose one for the blog. He copy-pasted from GPT-3’s version with very little editing. The post went viral in a matter of a few hours and had more than 26,000 visitors. Porr wrote that only one person reached out to ask if the post was AI-generated. Albeit, several commenters did guess GPT-3 was the author. But, the community down voted those comments, Porr says.”

Little did the down-voters know. Poor reports he applied for his own access to the tool, but it has yet to be granted. Perhaps OpenAI is not too pleased with his post, he suggests. We wonder whether this blogger received any backlash from the software’s creators.

Cynthia Murrell, August 27, 2020

Insider Threats: Yep, a Problem for Cyber Security Systems

August 20, 2020

The number of cyber threat, security, alerting, and pentesting services is interesting. Cyber security investments have helped cultivate an amazing number of companies. DarkCyber’s research team has a difficult time keeping up with startups, new studies about threats, and systems which are allegedly one step ahead of bad actors. Against this context, two news stories caught our attention. It is too soon to determine if these reports are spot on, but each is interesting.

The first report appeared in Time Magazine’s story “Former CIA Officer Charged With Giving China Classified Information.” China is in the news, and this article reveals that China is or was inside two US government agencies. The story is about what insiders can do when they gather information and pass it to hostile third parties. The problem with insiders is that detecting improper behavior is difficult. There are cyber security firms which assert that their systems can detect these individuals’ actions. If the Time article is accurate, perhaps the US government should avail itself of such a system. Oh, right. The US government has invested in such systems. Time Magazine, at least in my opinion, did not explore what cyber security steps were in place. Maybe a follow up article will address this topic?

The second news item concerns a loss of health related personally identifiable information. The data breach is described in “Medical Data of Auto Accident Victims Exposed Online.” The security misstep allowed a bad actor to abscond with 2.5 million health records. The company responsible for the data loss is a firm engaged in artificial intelligence. The article explains that a PII health record can fetch hundreds of dollars when sold on “the Dark Web.” There is scant information about the security systems in place at this firm. That information strikes me as important.

Several questions come to mind:

  • What cyber security systems were in place and operating when these breaches took place?
  • Why did these systems fail?
  • Are security procedures out of step with what bad actors are actually doing?
  • What systemic issues exist to create what appear to be quite serious lapses?

DarkCyber does not have answers to these questions. DarkCyber is becoming increasingly less confident in richly funded, over-hyped, and ever fancier smart security systems. Maybe these whizzy new solutions just don’t work?

Stephen E Arnold, August 20, 2020

Data Loss: An Interesting Number

August 19, 2020

Over 27 Billion Records Exposed in the First Half of 2020” contains some interesting assertions. One which caught my attention was:

Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.

The write up quotes an expert from Risk Based Security as saying:

“The striking differences between 2020 and prior years brings up many questions,” says Inga Goddijn, executive vice president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”

I am curious as well. Interpol’s August 2020 “Cybercrime: Covid-19 Impact” suggests that cybercrime is chugging along quite nicely.

DarkCyber’s question is:

With hundreds of cyber security firms offering everything from real time AI monitors to old fashioned and expensive humans, bad actors appear to be increasingly successful. How is that Garmin cyber security system working now? Any Amazon S3 buckets compromised recently? Is Self-Key’s statement that “the first quarter of 2020 has been one of the worst in data breach history with over 8 billion records exposed” accurate?

The numbers may be interesting but the question is, “Why are state-of-the-art, artificially intelligence cyber security systems performing in a way that suggests bad actors are experiencing a surfeit of target opportunities?

Stephen E Arnold, August 19, 2020

Quantexa: Awash in Cash

August 13, 2020

As the COVID-19 pandemic continues to spread, crime has not stopped. Instead of illegal activities taking place in person, bad actors have moved their activities online. Cybersecurity experts discovered that the pandemic has also made bad actors more desperate and are willing to take more risks online. Inventiva explains with the rise of risky cyber crimes, cybersecurity companies are seeing huge investments such as: “Quantexa Raises $64.7M To Bring Big Data Intelligence To Risk Analysis And Investigations.”

Quantexa is a UK-based company that designed a Contextual Decision Intelligence. Machine learning platform that analyzes data points to track criminal activity and build better profiles of companies’ customer base. Quantexa recently raised $64.7 million in Series C fundraising. The funds will be used to develop further tools for cybersecurity and expand Quantexa into other continents.

Quantexa has done work for banks and other businesses in the financial industry. The company hopes the fundraising infusion will set them up with work in the government/public sector and insurance companies.

Quantexa founder and CEO Vishal Marria said he created the company, because he encountered many challenges with investigations while he was an Ernst & Young executive director. He noticed that when potential bad actors were investigated, only small pieces of information were used. Marria thought of a better way, so he designed AL algorithms and used big data to find the bigger picture:

“As an example, typically, an investigation needs to do significantly more than just track the activity of one individual or one shell company, and you need to seek out the most unlikely connections between a number of actions in order to build up an accurate picture. When you think about it, trying to identify, track, shut down and catch a large money launderer (a typical use case for Quantexa’s software) is a classic big data problem.”

This sector of cybersecurity continues to grow and similar companies to Quantexa are also fundraising with investors.

Pieces of information always point to a larger puzzle. It begs the question how bad actors were caught in the past.

Whitney Grace, August 13, 2020

TikTok: Exploiting, Exploited, or Exploiter?

August 12, 2020

I read “TikTok Tracked Users’ Data with a Tactic Google Banned.” [Note: You will have to pay to view this article. Hey, The Murdoch outfit has to have a flow of money to offset its losses from some interesting properties, right?]

The write up reveals that TikTok, the baffler for those over 50, tricked users. Those lucky consumers of 30 second videos allegedly had one of their mobile devices ID numbers sucked into the happy outfit’s data maw. Those ID numbers — unlike the other codes in mobile devices — cannot be changed. (At least, that’s the theory.)

What can one do with a permanent ID number? Let us count some of the things:

  1. Track a user
  2. Track a user
  3. Track a user
  4. Obtain information to pressure a susceptible person into taking an action otherwise not considered by that person?

I think that covers the use cases.

The write up states with non-phone tap seriousness, a business practice of one of the Murdoch progeny:

The identifiers collected by TikTok, called MAC address, are most commonly used for advertising purposes.

Whoa, Nellie. This here is real journalism. A MAC address is shorthand for “media access control.” I think of the MAC address as a number tattooed on a person’s forehead. Sure, it can be removed… mostly. But once a user watches 30-second videos and chases around for “real” information on a network, that unique number can be used to hook together otherwise disparate items of information. The MAC is similar to one of those hash codes which allow fast access to data in a relational structure or maybe an interest graph. One can answer the question, “What are the sites with this MAC address in log files?” The answer can be helpful to some individuals.

There are some issues bubbling beneath the nice surface of the Murdoch article; for example:

  1. Why did Google prohibit access to a MAC address, yet leave a method to access the MAC address available to those in the know? (Those in the know include certain specialized services support US government agencies, ByteDance, and just maybe Google. You know Google. That is the outfit which wants to create a global seismic system using every Android device who owner gives permission to monitor earthquakes. Yep, is that permission really needed? Ho, ho, ho.)
  2. What vendors are providing MAC address correlations across mobile app content and advertising data? The WSJ is chasing some small fish who have visited these secret data chambers, but are there larger, more richly robust outfits in the game? (Yikes, that’s actually going to take more effort than calling a university professor who runs a company about advertising as a side gig. Effort? Yes, not too popular among some “real” Murdoch reporters.)
  3. What are the use cases for interest graphs based on MAC address data? In this week’s DarkCyber video available on Facebook at this link, you can learn about one interesting application: Targeting an individual who is susceptible to outside influence to take an action that individual otherwise would not take. Sounds impossible, no? Sorry, possible, yes.

To summarize, interesting superficial coverage but deeper research was needed to steer the writing into useful territory and away from the WSJ’s tendency to drift closer to News of the World-type information. Bad TikTok, okay. Bad Google? Hmmmm.

Stephen E Arnold, August 12, 2020

Spear Fishing: The Key to the Garmin Ransomware Attack

August 11, 2020

DarkCyber is not too keen on widely disseminated explanations of criminal procedures. “How to’s” may provide the equivalent of a jail house education to some. The article “Crypto-Ransomware in Action: A Closer Look at the WastedLocker Hijack of Garmin” explains the attack on the an outfit specializing geo-technology. Think GPS in consumer gizmos, aircraft, and vehicle. The write up quotes Kaspersky, a security outfit with some interesting allegations clinging to its shirt tails, as noting:

“This incident only highlights that there is a growing trend of targeted crypto-ransomware attacks against large corporations—in contrast to the more widespread and popular ransomware campaigns of the past, like WannaCry and NotPetya. While there are fewer victims, these targeted attacks are typically more sophisticated and destructive. And there is no evidence to suggest that they will decline in the near future. Therefore, it’s critical that organizations stay on alert and take steps to protect themselves.” [Fedor Sinitsyn, security expert at Kaspersky]

Additional details on the attack are available in the technical analysis on the Kaspersky Web site at this link. The write up includes screenshots and code samples. The details include this statement:

It uses a “classic” AES+RSA cryptographic scheme which is strong and properly implemented, and therefore the files encrypted by this sample cannot be decrypted without the threat actors’ private RSA key. The Garmin incident is the next in a series of targeted attacks on large organizations involving crypto-ransomware. Unfortunately, there is no reason to believe that this trend will decline in the near future.

DarkCyber agrees. Jail house learning?

Stephen E Arnold, August 11, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta