CYBR650

Week 12

IT Threats Over Time

Most things change over time and threats are no exception. The International Organization for Standardization (ISO) definition of IT risk is; the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization. What were cyber threats several years ago have been mitigated by the software companies with security updates. Cyber criminals will adapt their approach as each threat is closed. They will find new ways to attack as technology changes.

Company policy changes over time, this can change the types of threats a company can go through. ARCON Techsolutions stated “Moreover, business requirements, vulnerabilities and threats can change over the time. Thus continuous governance is a must.” (Arconnet) If a company changes its policies or business directions could cause a whole new series of threats. For instance a company starts deploying mobile applications to market their products could open them up to a whole new type of threats they had never thought of before.

There are other threats that businesses have had to adapt to over time. Public opinion can present a greater threat than many physical threats ever could. A data breach has caused some companies to go out of business or lose millions in sales. If the public sees a company in a negative way their sales drop, so they have to anticipate public opinion. Companies have public affair department that will respond to public opinion threats and have mitigation plans in place for what they think are most probable.

Reference

Arconnet. (n.d.). IT Risk Management – What’s the catch, what to watch. Retrieved from Arcon: https://arconnet.com/Whitepapers/IT-risk-management.pdf

.

CYBR650

Week 10

Let’s Encrypt Issues Fraudulent “PayPal Certificates

Let’s Encrypt is a company that offers free Certificate Authority (CA) certificates allowing websites the ability to use Transport Layer Security (TLS) to protect users from eaves dropping thus protecting their in transit data. The company was launched in December 2015 and was out of Beta testing in April 2016. Almost 15,000 fraudulent PayPal certificate were issue by Let’s Encrypt by November 2016, most used for Phishing attacks.

According to Ionut Arghire from Security Week magazine “Even before being launched, Let’s Encrypt fueled fears that it could be abused by cybercriminals for their nefarious purposes. What’s more, the CA claims that it is not its job to stop malicious sites from using its certificates, meaning that phishers can use its certificates without fearing they might be banned” (Arghire, 2017) With the easy access to the certificates fake PayPal CA’s are increasing monthly. It’s estimated that 2,530 were issued in December 2016, 3,995 in January 2017 and 5,101 in February 2017.

The number sound very alarming but according to Vincent Lynch an encryption expert “Phishing sites usually have a very short lifespan, mainly because they tend to be flagged and blocked rather fast, which explains why cybercriminals tend to register as many of them as possible. Making them look as legitimate as possible also helps these sites stay alive for longer. The various initiatives encouraging HTTPS are likely to appeal to phishers as well. There are a number of performance benefits (such as HTTP/2) only available to sites using HTTPS. In addition, sites using valid SSL certificates are given trusted UI indicators by browsers (the padlock icon in all browsers, the “Secure” label in Chrome) which make a phishing site look more legitimate,” (Arghire, 2017)

References

Arghire, I. (2017, Mar 27). Let's Encrypt Issues 15,000 Fraudulent "PayPal" Certificates Used for Cybercrime. Retrieved from Security Week: http://www.securityweek.com/lets-encrypt-issues-15000-fraudulent-paypal-certificates-used-cybercrime

CYBR650

Week 9

OAuth Rules Are Strengthened By Google To Combat Phishing Attacks

Gmail users were attacked during the week of May 1, 2017. Google blocks millions of phishing attacks each day, but the latest incident showed googles system isn’t fool proof. The attack successfully tricked Gmail users into granting access to their contacts to a fake third party tool called Google Doc’s. Once the attacker was successful they were able to resend the phishing attack to everyone in the victims contact list. The phishing email seemed to come from a trusted person and claimed to have a link the sender wanted to share via a link to Google Docs.

Google was able to spot the attack and block it fairly quickly, but the attacker used OAuth which prevented the victim from being able to protect themselves even by changing their password. The only countermeasure was to remove permissions from the offending app was able to fix the issue. Google stated “We’re committed to keeping your Google Account safe, and have layers of defense in place to guard against sophisticated attacks of all types, from anti-hijacking systems detecting unusual behavior, to machine learning models that block malicious content, to protection measures in Chrome and through Safe Browsing that guard against visiting suspicious sites” (Arghire, 2017)

Google has announced it is updating its policies on OAuth application to help prevent this type of attack from happening in the future. They are also updating their anti-spam system and increasing their monitoring of suspicious sites. According to Google, “less than 0.1% of Gmail users were impacted by last week’s “Google Docs” incident, but, as Talos’ Sean Baird and Nick Biasini point out, this proof-of-concept did reveal that a convincing Google phish via OAuth is possible.” (Arghire, 2017)

References

Arghire, I. (2017, May 09). Google Tightens OAuth Rules to Combat Phishing. Retrieved from Security Week: http://www.securityweek.com/google-tightens-oauth-rules-combat-phishing

CYBR650

Week 8

SS7 vulnerabilities used to steal money from bank accounts

Cyber hackers have found a vulnerability in the SS7 protocol allowing them to steal money from bank accounts.  SS7 which stands for Signal System 7 is a protocol used in telephony telecommunications worldwide. It provides most of the world the ability to make call from different networks. It was developed in the mid 1970’s and does not provide any protections or requires any authentication making it easy for third parties to connect to the SS7 network.

German newspaper Süddeutsche Zeitung reported on Wednesday May 3, 2017 hackers had used a vulnerability in SS7 to get around the two-factor authentication (2FA) and were able to complete unauthorized wire transfers. The attackers most likely used phishing techniques to gain access to bank account information. According to Eduard Kovacs from Security Week magazine “and then launched an SS7 attack to obtain the mobile transaction authentication number (mTAN) sent by the bank via SMS. mTANs are one-time passwords used by banks to confirm financial transactions… According to Süddeutsche Zeitung, the attackers forwarded the SMS messages containing the mTAN to a number they controlled, allowing them to complete the wire transfers they had initiated from victims’ accounts.” (Kovacs, 2017)

References

Kovacs, E. (2017, May 4). Hackers Exploit SS7 Flaws to Loot Bank Accounts. Retrieved from Security Week: http://www.securityweek.com/hackers-exploit-ss7-flaws-loot-bank-accounts