Data Loss: An Interesting Number
August 19, 2020
“Over 27 Billion Records Exposed in the First Half of 2020” contains some interesting assertions. One which caught my attention was:
Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.
The write up quotes an expert from Risk Based Security as saying:
“The striking differences between 2020 and prior years brings up many questions,” says Inga Goddijn, executive vice president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”
I am curious as well. Interpol’s August 2020 “Cybercrime: Covid-19 Impact” suggests that cybercrime is chugging along quite nicely.
DarkCyber’s question is:
With hundreds of cyber security firms offering everything from real time AI monitors to old fashioned and expensive humans, bad actors appear to be increasingly successful. How is that Garmin cyber security system working now? Any Amazon S3 buckets compromised recently? Is Self-Key’s statement that “the first quarter of 2020 has been one of the worst in data breach history with over 8 billion records exposed” accurate?
The numbers may be interesting but the question is, “Why are state-of-the-art, artificially intelligence cyber security systems performing in a way that suggests bad actors are experiencing a surfeit of target opportunities?
Stephen E Arnold, August 19, 2020
Quantexa: Awash in Cash
August 13, 2020
As the COVID-19 pandemic continues to spread, crime has not stopped. Instead of illegal activities taking place in person, bad actors have moved their activities online. Cybersecurity experts discovered that the pandemic has also made bad actors more desperate and are willing to take more risks online. Inventiva explains with the rise of risky cyber crimes, cybersecurity companies are seeing huge investments such as: “Quantexa Raises $64.7M To Bring Big Data Intelligence To Risk Analysis And Investigations.”
Quantexa is a UK-based company that designed a Contextual Decision Intelligence. Machine learning platform that analyzes data points to track criminal activity and build better profiles of companies’ customer base. Quantexa recently raised $64.7 million in Series C fundraising. The funds will be used to develop further tools for cybersecurity and expand Quantexa into other continents.
Quantexa has done work for banks and other businesses in the financial industry. The company hopes the fundraising infusion will set them up with work in the government/public sector and insurance companies.
Quantexa founder and CEO Vishal Marria said he created the company, because he encountered many challenges with investigations while he was an Ernst & Young executive director. He noticed that when potential bad actors were investigated, only small pieces of information were used. Marria thought of a better way, so he designed AL algorithms and used big data to find the bigger picture:
“As an example, typically, an investigation needs to do significantly more than just track the activity of one individual or one shell company, and you need to seek out the most unlikely connections between a number of actions in order to build up an accurate picture. When you think about it, trying to identify, track, shut down and catch a large money launderer (a typical use case for Quantexa’s software) is a classic big data problem.”
This sector of cybersecurity continues to grow and similar companies to Quantexa are also fundraising with investors.
Pieces of information always point to a larger puzzle. It begs the question how bad actors were caught in the past.
Whitney Grace, August 13, 2020
TikTok: Exploiting, Exploited, or Exploiter?
August 12, 2020
I read “TikTok Tracked Users’ Data with a Tactic Google Banned.” [Note: You will have to pay to view this article. Hey, The Murdoch outfit has to have a flow of money to offset its losses from some interesting properties, right?]
The write up reveals that TikTok, the baffler for those over 50, tricked users. Those lucky consumers of 30 second videos allegedly had one of their mobile devices ID numbers sucked into the happy outfit’s data maw. Those ID numbers — unlike the other codes in mobile devices — cannot be changed. (At least, that’s the theory.)
What can one do with a permanent ID number? Let us count some of the things:
- Track a user
- Track a user
- Track a user
- Obtain information to pressure a susceptible person into taking an action otherwise not considered by that person?
I think that covers the use cases.
The write up states with non-phone tap seriousness, a business practice of one of the Murdoch progeny:
The identifiers collected by TikTok, called MAC address, are most commonly used for advertising purposes.
Whoa, Nellie. This here is real journalism. A MAC address is shorthand for “media access control.” I think of the MAC address as a number tattooed on a person’s forehead. Sure, it can be removed… mostly. But once a user watches 30-second videos and chases around for “real” information on a network, that unique number can be used to hook together otherwise disparate items of information. The MAC is similar to one of those hash codes which allow fast access to data in a relational structure or maybe an interest graph. One can answer the question, “What are the sites with this MAC address in log files?” The answer can be helpful to some individuals.
There are some issues bubbling beneath the nice surface of the Murdoch article; for example:
- Why did Google prohibit access to a MAC address, yet leave a method to access the MAC address available to those in the know? (Those in the know include certain specialized services support US government agencies, ByteDance, and just maybe Google. You know Google. That is the outfit which wants to create a global seismic system using every Android device who owner gives permission to monitor earthquakes. Yep, is that permission really needed? Ho, ho, ho.)
- What vendors are providing MAC address correlations across mobile app content and advertising data? The WSJ is chasing some small fish who have visited these secret data chambers, but are there larger, more richly robust outfits in the game? (Yikes, that’s actually going to take more effort than calling a university professor who runs a company about advertising as a side gig. Effort? Yes, not too popular among some “real” Murdoch reporters.)
- What are the use cases for interest graphs based on MAC address data? In this week’s DarkCyber video available on Facebook at this link, you can learn about one interesting application: Targeting an individual who is susceptible to outside influence to take an action that individual otherwise would not take. Sounds impossible, no? Sorry, possible, yes.
To summarize, interesting superficial coverage but deeper research was needed to steer the writing into useful territory and away from the WSJ’s tendency to drift closer to News of the World-type information. Bad TikTok, okay. Bad Google? Hmmmm.
Stephen E Arnold, August 12, 2020
Spear Fishing: The Key to the Garmin Ransomware Attack
August 11, 2020
DarkCyber is not too keen on widely disseminated explanations of criminal procedures. “How to’s” may provide the equivalent of a jail house education to some. The article “Crypto-Ransomware in Action: A Closer Look at the WastedLocker Hijack of Garmin” explains the attack on the an outfit specializing geo-technology. Think GPS in consumer gizmos, aircraft, and vehicle. The write up quotes Kaspersky, a security outfit with some interesting allegations clinging to its shirt tails, as noting:
“This incident only highlights that there is a growing trend of targeted crypto-ransomware attacks against large corporations—in contrast to the more widespread and popular ransomware campaigns of the past, like WannaCry and NotPetya. While there are fewer victims, these targeted attacks are typically more sophisticated and destructive. And there is no evidence to suggest that they will decline in the near future. Therefore, it’s critical that organizations stay on alert and take steps to protect themselves.” [Fedor Sinitsyn, security expert at Kaspersky]
Additional details on the attack are available in the technical analysis on the Kaspersky Web site at this link. The write up includes screenshots and code samples. The details include this statement:
It uses a “classic” AES+RSA cryptographic scheme which is strong and properly implemented, and therefore the files encrypted by this sample cannot be decrypted without the threat actors’ private RSA key. The Garmin incident is the next in a series of targeted attacks on large organizations involving crypto-ransomware. Unfortunately, there is no reason to believe that this trend will decline in the near future.
DarkCyber agrees. Jail house learning?
Stephen E Arnold, August 11, 2020
Me Too, Me Too: Password Matching
August 7, 2020
Digital Shadows, founded in 2011, offered its Searchlight service. Terbium Labs, founded in 2013, offers its Matchlight services. Enzoic, founded in 2016, offered its password matching service. Scattered along the information highway are other cyber security firms offering variations on looking for compromised information on the Regular Web, the Dark Web, and in any other online source which the crawlers can reach. I mention these companies and their similar matching services because DarkCyber spotted “LogMeIn Introduces New Lastpass Security Dashboard and Dark Web Monitoring, Delivering a Complete Command Center for Managing Digital Security.” The write up states:
In addition to displaying weak and reused passwords, the new Security Dashboard now gives all LastPass users, regardless of tier, a full picture of their online security, providing complete control over their digital life and peace of mind that accounts are protected.
What’s interesting is that the capability to perform this type of LastPass check has been around for many years. Progress. People seeing the “light”? Some bad actors simply brute force passwords because many individuals prefer passwords from this list. The fact that strong passwords are not widely used contributes to bad actors’ success.
Stephen E Arnold, August 7, 2020
European Union: Yes, Russia Warrants Some Attention
August 4, 2020
With so many smart people wrestling with the Google and cage fighting with England, I was surprised to read “EU, in First Ever Cyber Sanctions, Hits Russian Intelligence.” The allegedly accurate write up states:
Four members of Russia’s GRU military intelligence agency were singled out. The EU accuses them of trying to hack the wifi network of the Netherlands-based Organization for the Prohibition of Chemical Weapons, which has probed the use of chemical weapons in Syria. The 2018 attack was foiled by Dutch authorities.
In addition, two individuals described as “Chinese nationals” found themselves in the sanction target area.
There are several ways to look at this action. First, the Google is a bigger deal than the EU’s friend to the East. Second, the Brexit fishing rights thing distracted EU officials from mere intelligence and trans-national security matters. Third, maybe someone realized that cyber espionage and cyber attacks are something to think about. A couple of years or more seems pretty snappy compared to other EU projects.
Stephen E Arnold, August 3, 2020
IBM Discloses Iranian Hacking: Was Watson on the Job?
July 30, 2020
We spotted an interesting nugget of information in “Iran-Linked Hackers Mistakenly Leak Videos of Their Operations in Action: Report.”
The story reveals that:
IBM’s X-Force security team acquired about five hours of video footage of hacking operations by APT35, a hacking group linked to the Iranian government…
Where did the video originate? The answer: Iran.
The IBM researchers got a hold of the footage due to “a misconfiguration of security settings on a virtual private cloud server they’d observed in previous APT35 activity,” the report said, adding that the files were uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The APT35 hackers recorded their operations to demonstrate to junior team members how to handle hacked accounts, according to the report. The videos show the hackers how to download the contents of compromised Gmail and Yahoo Mail accounts.
The report does not mention Watson. Interesting.
Stephen E Arnold, July 29, 2020
Digital Shadows: Cyber Monitoring Inside
July 29, 2020
DarkCyber has pointed out in this blog and in the DarkCyber video news programs that cyber security generates hyperbole. Funding sources pump in cash. Companies buy not one cyber security system; big and mid-sized outfits buy news ones with each change of security professionals.
Why?
Most of the cyber security systems focus on what happened in the past. However, bad actors — some well funded by low profile operators — focus on the here and now.
Not surprisingly, competing claims, pricing plays, and fearful prospects keep the wheel spinning.
“Digital Shadows Announces Integration with Atlassian Jira” indicates that the stealthy Digital Shadows has moved inside an issue tracking and project tracking platform. Presumably the “SearchLight Inside” deal will deliver better security to Jira users. Will this tie up boost Atlassian stock?
DarkCyber assumes that other Dark Web and cyber threat indexing services will pursue similar “inside” deals.
The real test comes when licensees of these “inside” cyber threat solutions demonstrate they can avoid Garmin- and Twitter-type security breaches.
Stephen E Arnold, July 29, 2020
DarkCyber for July 28, 2020, Now Available
July 28, 2020
The July 28, 2020, DarkCyber is now available. You can view the program on YouTube or on Vimeo.
DarkCyber reports about online, cyber crime, and lesser known Internet services. The July 28, 2020, program includes six stories. First, DarkCyber explains how the miniaturized surveillance device suitable for mounting on an insect moves its camera. With further miniaturization, a new type of drone swarm becomes practical. Second, DarkCyber explains that the value of a stolen personal financial instrument costs little. The vendors guarantee 80 percent success rate on their stolen personally identifiable information or fullz. Third, SIM card limits are in place in South Africa. Will such restrictions on the number of mobile SIM cards spread to other countries or are the limits already in place, just not understood. Fourth, Coinbase bought a bitcoin deanonymization company. Then Coinbase licensed the technology to the US Secret Service. Twitter denizens were not amused. Fifth, Microsoft released a road map to a specific type of malware. Then two years later the story was picked up, further disseminating what amounts to a how to. DarkCyber explains where to download the original document. The final story presents DarkCyber’s view of the management lapses which made the Twitter hack a reality. Adult management is now imperative at the social media company doing its best to create challenges for those who value civil discourse and an intact social fabric.
The delay between our June 9, 2020, video about artificial intelligence composing “real” music and today’s program is easy to explain. Stephen E Arnold, the 76 year old wobbling through life, had the DarkCyber and Beyond Search team working on his three presentations at the US National Cyber Crime Conference. These programs are available via the NCC contact point in the Massachusetts’ Attorney General Office.
The three lectures were:
- Amazon policeware, which we pre-recorded in the DarkCyber format
- A live lecture about investigative software
- A live lecture about Dark Web trends in 2020.
Based on data available to the DarkCyber team, the septuagenarian reached about 500 of the 2000 attendees. Go figure.
Kenny Toth, July 28, 2020
The Cloud Becomes the New PC, So the Cloud Becomes the Go To Attack Vector
July 24, 2020
Cloud providers are not Chatty Cathies when it comes to some of their customers’ more interesting activities. Take malware, for example. Bad actors can use cloud services for a number of activities, including a temporary way station when deploying malware, delivering bogus or spoofed Web sites as part of a social engineering play, or just launching phishing emails. Major cloud providers are sprawling operations, and management tools are still in their infancy. In fact, management software for cloud operators are in a cat-and-mouse race. Something happens, and the cloud provider responds.
“Hackers Found Using Google Cloud to Hide Phishing Attacks” provides some information about the Google and its struggles to put on a happy face for prospects and regulators while some Googlers are reading books about dealing with stressful work.
The article reports:
Researchers at cybersecurity firm Check Point on Tuesday cited an instance when hackers used advanced features on Google Cloud Platform to host phishing pages and hide them. Some of the warning signs that users generally look out for in a phishing attack include suspicious-looking domains, or websites without a HTTPS certificate. However, by using well-known public cloud services such as Google Cloud or Microsoft Azure to host their phishing pages, the attackers can overcome this obstacle and disguise their malicious intent, improving their chances of ensnaring even security-savvy victims…
What’s the fix?
Obviously vendors of cloud management software, hawkers of smart cyber security systems, and bright young PhD track cyber specialists have ideas.
The reality may be that for now, there is no solution. Exposed Amazon S3 buckets, Google based endeavors, and Microsoft (no, we cannot update Windows 10 without crashing some machines) Azure vectors are here to stay.
Perhaps one should tweet this message? Oh, right, Twitter was compromised. Yeah.
Stephen E Arnold, July 24, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
