New ransomware attacks target NAS storage devices

RANSOMWARE AL NASRansomware attacks targeting network-attached storage devices (NAS) have exponentially increased in recent months.

NAS systems, available for business purposes and home setup, are devices connected to a network to provide centralised storage capacity and backup data.

The number of ransomware strains targeting NAS and backup storage devices is growing, with users as yet still unprepared for the threat.

Ransomware has many different guises. The malware variant is popular with cybercriminals who use it to attack businesses, critical services – including hospitals and utilities – and individuals.

Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to the locked content.

There’s no guarantee that paying will result in decryption, but many will do so rather than lose their files; and when critical systems such as those at government bodies or healthcare providers are locked, there’s additional pressure to return to normal operations as quickly as possible.

The average consumer will often come across ransomware deployed through phishing campaigns and fraudulent messages or bundled within illegitimate or compromised software. However, researchers say that network-attached storage devices (NAS) are now also under direct threat from malware operators.

The devices may be accessed directly through a network or may have a web interface. The problem is that user authentication can sometimes be bypassed due to integrated software in NAS systems that have vulnerabilities.

To begin an attack chain, operators will first scan a range of IP addresses to locate internet-accessible NAS devices. Next, they will attempt to exploit its vulnerabilities and, if successful, deploy Trojans and begin encrypting the data of all the devices connected to the NAS unit.

Researchers cite WannaCry as the most popular type of ransomware used by cybercriminals, followed by Phny and Gandcrypt.

https://www.ooda.com/

_____

Aquest apunt en català / Esta entrada en español / Post en français

Online scams increase by 275% in the run-up to Christmas

FRAUD ALERTWith the end-of-year 2019 Black Friday and Cyber Monday sales behind us, the company Adobe Digital Insights analyses the, yet again, record-breaking numbers of online transactions. North American consumers alone spent 7.5 billion dollars online on Black Friday. The figures for Cyber Monday are even higher, accounting for nearly 30 billion dollars of consumer spending.

Yet, amidst all the Christmas-shopping enthusiasm, some of the deals seem too good to be true. An email promotion, for example, was offering 80% discounts on designer sunglasses. An offer like that can be hard to refuse, and purchase required just a simple click on the link. But it was all just a scam. The email address, the website, the links; they were all fake. And that’s just one of many. This type of fraud is now so commonplace that experts advise against clicking on any links promoted by emails altogether.

In a new report, published on the 26th of November 2019, investigators from leading cybersecurity firm Check Point warned of the growing risk of cybercrime during the Christmas period and concluded that changes must be made to the way we shop online.

According to their research, November 2018 saw a significant increase in phishing emails. A year later, the situation is notably worse. When Check Point compiled their report in mid-November 2019, even prior to the peak shopping dates of Black Friday and Cyber Monday, the amount of e-commerce related phishing websites had more than doubled, by up to 233%. A week after the Christmas holidays, that figure had increased to 275%. It should be pointed out that 2018 saw a tremendous increase in phishing emails during the Christmas period, but in 2019, there were almost three times as many.

The total 2019 Christmas shopping spending for the United States amounted to 144 billion dollars, a 14% increase on the 2018 figure. And this sizeable spend took place between the end of November and the Christmas holidays. Of this figure, some 30 billion dollars were spent on Cyber Monday. And this is why Cyber Monday presents an almost unmissable opportunity for cybercriminals.

Investigators warn of how easy it is to disguise scams in bogus emails, text messages and social media posts. In this context, adds Check Point, it’s incredibly easy to obtain credit card details or take payment through PayPal without ever sending the supposedly purchased goods. The first step is to lure consumers by creating a domain that plausibly impersonates a legitimate shopping site. Many appear to be secure HTTPS addresses, and they load a long URL with legitimate text.

Some fraudulent campaigns are sent out to thousands of potential consumers through infected computers which act like bots, sending emails from diverse global locations to evade spam filters. Investigators noted that during the last six months of 2019 alone, more than 1,700 domains which look similar to the official Amazon website were registered.

Relevant links:

https://www.ooda.com/

_____

Aquest apunt en català / Esta entrada en español / Post en français

Latest cybercrime threats, trends, and strategies

cibercrim.png2In October 2019, more than 400 experts from law enforcement, the private sector, and academia gathered at Europol’s headquarters in The Hague, to discuss “Law enforcement in a connected future”.

The 7th Europol-INTERPOL Cybercrime Conference looked at ways of efficiently combining the expertise, resources, and insights of law enforcement, the private sector, and the academic world to make the internet a safer environment, especially in a society which is becoming increasingly dependent on digital capabilities.

Key themes discussed included:

The benefits and challenges of Artificial Intelligence for the police; the potential impact of 5G technology; cross-border access to electronic evidence; obstacles to international cooperation in cybercrime investigations; the importance of cyber capacity building; cryptocurrency trends and challenges; the use of open-source intelligence and privacy considerations.

The meetings highlighted the fact that cybercriminals are becoming increasingly audacious, moving their focus to more widespread and elaborate attacks on more substantial and more profitable targets, with ominous potential for causing more damage.

This year’s conference saw 100 organisations and more than 70 different law-enforcement agencies participate in solution-orientated debates on how to collectively tackle the practical challenges at hand.

The conclusions emphasised the need for even closer cooperation in the areas of:

  • Business email compromise (BEC): while BEC continues to evolve, it continues to cause economic damage, taking advantage of segregated corporate structures and internal gaps in payment verification processes.
  • The dark web: as the dark web evolves, it becomes a threat in its own right and not just a platform for the sale of illegal products such as drugs, firearms, or compromised data.
  • Research and development: technology is developing at an ever-increasing pace, creating new challenges and opportunities for law enforcement. This is compounded by the data-volume challenge, legal challenges, and a constantly expanding threat surface.
  • Innovation: The incorporation of innovation, as part of an effective response to crime, is not exclusively a matter for the private sector.

The conference made clear that the world of cybercrime is agile and adapting, connecting and cooperating in ways we could never have imagined just a few years ago. Law enforcement must, therefore, adapt to this ever-changing criminal environment to protect society in the cyber domain.

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

Threats to the cybersecurity of the 5G network

Among today’s many technological advancements, 5G (fifth-generation wireless network) is among the ones that will have the most impact on citizens. It offers two significant improvements in data transmission: more volume and more speed. These enhancements to the current network could have a significant effect on both the public and private sectors.

The issue of cybersecurity is one of the challenges facing 5G deployment, and the European Union wants its institutions to be instrumental in dealing with the problem. In March 2019, the European Council and the European Commission presented a series of recommendations outlining the steps and measures to be taken, both at a national and European level, to achieve the necessary high levels of 5G cybersecurity throughout the European Union.

One of the European-level measures was the issue of the Threat Landscape Report to assist member states with their national risk assessments. In October 2019, this was complemented by the publication of the EU coordinated risk assessment of the cybersecurity of 5G networks report. The report was compiled from information provided by Member States and from ENISA (the European Union Agency for Cybersecurity). Its risk assessment outlines the principal threats and threat actors, the assets that could be at risk from those threats, vulnerabilities, risk scenarios, and a set of existing security measures that could be used as a baseline for mitigating those risks and threats.

With regard to principal threats, the scenarios which pose the greatest danger are:

  • Local or global 5G network disruption affecting the availability of the network;
  • Spying of traffic or data in the 5G network infrastructure with implications for confidentiality;
  • The modification or re-routing of traffic or data in the 5G network infrastructure, which could affect the integrity or confidentiality of communications; and
  • The destruction or alteration of other digital infrastructures or information systems through the 5G network, which could affect the integrity or availability of services.

These threats, which already exist for the current network, become more significant with 5G because it increases their potential intensity and impact.

Among the conclusions drawn in the document, four are highlighted:

  • The technological changes introduced by 5G will bring about enhanced functionality at the edge of the network, a less centralised architecture, and an increase in the use of software as part of the 5G equipment. These factors will increase the overall attack surface and the number of potential entry points for attackers.
  • The new technological features of 5G will lead mobile network operators to rely more on third-party suppliers, which, in turn, will increase the number of system attack paths.
  • Any dependency on a single supplier increases the exposure to and consequences of potential supply incidences.
  • 5G networks will play an important role in the supply chain of critical network applications. This will impact the confidentiality, privacy, integrity, and availability of those networks, becoming one of the major national-security concerns and most significant security challenges from an EU perspective.

It should be noted that the Catalan Government has made the deployment of 5G technology a priority for the country, and already has the infrastructure to run usage tests like the one undertaken by TV3 when broadcasting the National Day of Catalonia on the 11th of September 2019.

https://europa.eu/rapid/press-release_IP-19-1832_en.htm

_____

Aquest apunt en català / Esta entrada en español / Post en français

Constant arrivals of non-accompanied minors (MENA) in the European Union

An emerging reality over recent years throughout Europe is the arrival of foreign minors (MENA). These are foreign minors under the age of eighteen who are nationals of a non-EU state who arrive in European territory without a responsible adult or who abandon them once they are here.

According to UNICEF, the countries with most arrivals of these youths in 2017 were: Italy (15,779), Spain (2,426) and Greece (1,458), and it is estimated that the total number of arrivals in European Union countries was 20,000 non-accompanied foreign minors.

The reason for this increase cannot be explained by one factor alone, as there is a synergy of factors that come into play when a minor ventures into a foreign country in an irregular way. The situations that tend to occur may be: an armed conflict in the country of origin, the hope of a better life, to help their families, because of the poverty they are subjected to in their country of origin, because of the discrimination they suffer, because they are victims of people trafficking or several other reasons.

Because of this increase in destitute youths, the European Union developed the following directives and regulations:

  1. The directive regarding conditions of reception:it aims to guarantee better reception and more harmonised conditions all over the Union. It ensures that applicants have access to housing, food, clothes, healthcare, education and access to employment with certain conditions.
  2. The Directive regarding asylum conditions: it establishes common procedures for all EU member states to concede and withdraw international protection.
  3. The classification Directive: this establishes criteria to classify the status of the refugee, for subsidiary protection and defines the rights conceded to beneficiaries of these conditions. This directive allows member states to apply or maintain more favourable standards than those established in their provisions.
  4. The Asylum, Migration and Integration Fund (AMIF):  was constituted for the 2014-2020 period. It promotes the efficient management of migratory flows and the implementation, the reinforcement and development of a common Union focus on asylum and immigration.

The Dublin Regulation establishes that the member state is responsible for examining the asylum application. It guarantees quick access to asylum procedures and the in-depth examination of an application for a clearly determined particular state member.

Moreover, there still exists the action plan of the European Union regarding non-accompanied foreigners (2010-2014), an instrument of the European Commission that tries to establish the bases for action by establishing as a first priority the best interest of the minor.

The afore-mentioned regulations are neither homogeneous nor binding, meaning that they are neither specific nor obligatory to any state member of the European Union, as they involve recommendations that may or may not be complied with.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The threats posed by 3D impressions

Additive manufacturing (AM), otherwise known as 3D impression, is a kind of emerging technology with a security-related implication both locally and internationally.

According to RAND Corporations this type of invention would involve a threat in the near future in security issues, as in, for example, the proliferation of weapons and economic insecurity. These are some examples of how these impressions can threaten our security:

  • Hackers can infiltrate the databases of large intelligence networks to steal weapon blueprints with all the associated implications. They can also interfere with real blueprints to cause defects to the product. As a result, there would be cybernetic sabotage with consequences affecting the physical world. To combat this, a computerised algorithm is being developed to detect any deviation during the impression process of the end product.
  • This could result in new criminals and new threats. In the United States a new weapon has already been created, the so-called Rapid Additively Manufactured Ballistics Ordenanceo RAMBO, which fires grenades already made with a 3D impression. Analysts fear that terrorist groups could get hold of these types of technology and apply them to drones and explosives. With such resources, organisation and enough time attackers can get a 3D impresser, put it in a safe place and begin to manufacture all kinds of weapons. Moreover, it will be much more difficult to track down terrorist groups. However, according to RAND investigators, the weapons are not the only threat, as there is also the production and distribution of drugs, perceived as personalised chemical impressions.
  • There may be new game rules in international relations. This would be the case of economic sanctions and embargos, which would be less effective, meaning that, if a state can print whatever it wants, the objective of the sanction is somewhat useless.“ 3D impressions could indirectly support the existence of states like North Korea, which would not suffer sanctions imposed by the international community”- RAND investigators.

In any case, 3D impressions not only pose a threat, as their creation also has positive effects. For example, 3D impressions can cover real needs in ways unknown to us until now. There is the case of an earthquake in a town in Nepal, where the natural disaster destroyed a pipeline supplying the town with water. A 3D impression made it possible to reconstruct it and the extent of the disaster was reduced.

Sources of interest:

https://www.rand.org/pubs/perspectives/PE283.html

https://www.rand.org/blog/articles/2018/05/four-ways-3d-printing-may-threaten-security.html

https://www.vox.com/2018/7/31/17634558/3d-printed-guns-trump-cody-wilson-defcad

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

The security challenges facing the Internet of Things

Our world is now hyper connected. Current estimations are that there are about 10 thousand million devices with access to Internet and that, at the very least, the number of users will double by 2020. Apart from the numerous advantages and opportunities, an emerging capacity for connected devices to have an impact on the physical world has also been created, with a new series of vulnerabilities and possibilities to be exploited by criminals.

To address these vulnerabilities, addressing them effectively and understanding the great potential on offer, ENISA and Europol gathered together almost 300 experts from the private sector, from the security community and law application community and from the Community Security Incident Response Team(CSIRT) and from the academic world.

Conclusions from the meetings to be stressed are:

  • Security should not be an afterthought when designing systems, and the systems of Internet of Things–IoT– are no exception.
  • Implementing such security needn’t be complicated.
  • Police forces have to be prepared to go beyond responding in defence and incidence via the possibility of investigating and pursuing criminals that abuse the use of connected devices.
  • It is necessary to speak to digital forensic experts concerning IoT and the importance of the protection of data and privacy, bearing in mind their importance and the different categories of data gathered by the IoT.
  • The IoT has great potential and offers great opportunities to improve our way to interact with each other.
  • In 2019 and beyond, it is necessary to promote holistic, pragmatic, practical and economically viable security solutions, and it is necessary to bear in mind the whole ecosystem of IoT.

The IoT has many advantages at a policing level as a new tool to fight against crime. The police are already using connected devices like intelligent cameras for big events and to combat theft, fire alarm sensors to monitor when and with what frequency they are used, etc. It is important that the application of the law also invests in the security of devices connected to the IoT, to protect the privacy of the citizens they are working for.

Crime scenes are changing because of IoT: the data of doors, cameras, thermostats, fridges, etc. can provide vital and crucial evidence. The forensic techniques and training necessary will have to be used to protect this data. The big data gathered by IoT devices, for example, for facial recognition of camera images after an important incident will become an integral part of a crime investigation, but this also requires the necessary means to protect the privacy of the public.

https://notesdeseguretat.blog.gencat.cat/2017/11/27/internet-of-things-when-electrical-appliances-become-the-object-of-cyber-attacks/

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

Golden visa: a money laundering tool?

The prerequisites to gain a country’s nationality or a residence permit are not the same everywhere. Within Europe, examples range from Austria to Ireland. The first, one of the most restrictive in terms of granting nationality, where even being born there is no guarantee, unless one of the progenitors is Austrian. To gain nationality of the second country, however, simply having lived in the country for five years or if one of your progenitors is Irish (even if you were born elsewhere) is enough.

With money, however, these prerequisites are waived. Since the beginning of the second decade of 2000, most European countries have established a new way of acquiring nationality: via high-level investment such as buying luxury property, investing in a national development fund, government bonds or buying shares in a national company. This phenomenon is known as a Golden Visa programme.

goldenvisaCurrently, in Europe there are 4 countries that permit the acquisition of a passport with golden visas: Austria, Bulgaria, Cyprus and Malta, and 13 where a residence permit can be acquired with the same method: Bulgaria, Cyprus, France, Greece, Latvia, Ireland, Luxemburg, Malta, the Netherlands, Spain, the United Kingdom and, until last July, Hungary. The volume of investment required is determined by each country and ranges from 250,000 Euros in Greece to the 10 million Euros required in some cases in Austria. In Spain, the amount required is a minimum of 500,000 Euros in the case of purchasing property and 2 million if government bonds are acquired.

On 10 October 2018, Transparency International published the study European Getaway: Inside the Murky World of Golden Visas, where the European Union warns of the risks in terms of corruption due to Golden Visas and how they can become a threat to the Union’s integrity, as not all countries thoroughly monitor the source of the money involved. The study reveals that foreign investors, especially from Russia, China and Ukraine, are using Golden Visas as a tool to launder money in Europe.

Regarding European host countries, the ones granting most visas are Spain, Hungary, Latvia, Portugal and the United Kingdom, with over 10,000 applications accepted by each. These countries, however, have not published the names of new residents. The only countries that make them public, of all the 13 that offer a visa or passport, are Malta and Austria.

The publication reveals that there a range of factors that question the suitability of using this method as a way to attract foreign investment in exchange for a visa or passport:

  • First of all, the fact that one particular state is benefiting economically from a European asset, not a national one, as is agreed by what are known as the four freedoms: free circulation of goods, services, people and capital within the European Union countries.
  • In 2017, The Guardian revealed cases of corruption scandals involving Russian multimillionaires who had acquired a Cypriot passport and, therefore, European citizenship thanks to the Golden Visa programme.
  • Europe acts as an escape valve if those possessing a visa have legal problems in their country of origin.

Transparency International denounces the lack of operational integrity on the part of governments when following processes prior to granting visas and the lack of a common regulation in all Union countries, as the product on offer is common and has an impact on all countries.

Therefore, the study concludes with a series of recommendations for the Union to take action and for countries that offer visas and passports using this method. Among others, it recommends establishing common processes and strengthening mechanisms to determine the origin of the money invested, and fight against fraud and the laundering of capital, and how to adopt infringement procedures against state members that offer Golden Visas without respecting the common principles and objectives of the Union.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Video surveillance in Newark (EEUU): the arrival of Big Brother?

The Citizen Virtual Patrol is a programme that aims to involve the general public in surveillance work. The wish of the authorities is for the general public to report crimes they see and collaborate with police investigations.

The programme began in April 2018 with the installation of 62 video surveillance cameras that anyone can see in real time as long as they subscribe via social networks.

The areas monitored by cameras are places where there is a lot of people movement and all these areas have access to the Citizen Virtual Patrol warning. In June over 1,600 people had already subscribed to the website to be able to see the city of Newark’s cameras online.

Relations between the police force and the public in the city of Newark are not devoid of conflict and the police hope that this project can help to improve police-citizen relations.   Police abuse in Newark is not reported according to an investigation initiated in 2011 by the federal authorities. Also, there are more identifications, arrests and searches involving minorities as opposed to whites and, in many cases, without any justification whatsoever.

About 100 additional cameras are expected to complement the initial 62. In addition, the creation of an APP is expected so that videos can be seen via Smart phones. Indeed, police chiefs are already discussing requests for cameras from community members in areas that still do not have video surveillance.

The project has not been slow in sparking controversy and there are human-rights defending people and organisations that openly criticise “big brother” where members of the community are required to keep an eye on each other. This surveillance could, according to critics, help actual offenders and thieves as they will know where people are when they want to offend or steal.

Links

https://www.nytimes.com/2018/06/09/nyregion/newark-surveillance-cameras-police.html

https://cvp.newarkpublicsafety.org/login?redirect=%2F

_____

Aquest apunt en català / Esta entrada en español / Post en français

Fake news, a new challenge

At present Internet gives us access to an immense world of information that we are constantly exposed to. Information is incessantly appearing on digital platforms, notably including social networks and instant messaging. With such constant traffic of information, many users spread fake news [1].

False news aims to air either false or partially false information. This can be produced on the basis of false content with no relation to a real incident, based on distorted real content to change the meaning, or with information taken from satirical websites or based on the construction of false news that goes on to be spread as real.

Reported cases

Just before the presidential elections in the United States 2016, a fake news item was put out to undermine the image of the democrat candidate according to which, supposedly, Wikileaks confirmed that Hillary Clinton was responsible for the sale of weapons to the terrorist group Islamic State. This fact, which took place one month before the elections were held, amounted to a serious blow for the democrat party and influenced the country’s public opinion.

In Spain, false news like the news about the return of obligatory military service caused uproar among network users, who took a stand against this measure. The news, later denied via ‘Maldito Bulo’ [2], for example, kept the general public feeling unsure, an insecurity that quickly spread across information platforms.

Similarly, there is a significant presence of fake news involving gender issues. The Catalan Audiovisual Council issued the report13/2018 in March, which presented a study of fake news spread on the network about gender issues and analysed a range of news items. Some of these were: ‘Iceland’s government will pay men who marry an Icelandic woman’, ‘Oxford University will give women more time to do their examinations’ or ‘Saudi scientists conform that woman is a mammal but not human’. The report concludes that false news items construct arguments that generate the idea that women are inferior, rhetoric contrary to gender policies and elements that undermine movements for gender equality.

Possible pretensions of fake news

Fake news, which takes prominence in different contexts like politics or economics, among others, insist on the modus vivendi, the population’s opinions and decisions, and, as they have a high level of virality, contents are spread and consumed instantly, anywhere, via a connection to Internet. If they can affect election results, counter certain policies or create uncertainty among the population, how can fake news have an impact on security? Would it be convenient to access the state legislative agenda or would it be better to create a manual of global good practices to educate citizens about the consumption of truthful and verified information? These are the new settings brought about by the new Internet era, globalisation and emerging technologies, which are evolving faster and faster both in terms of quantity and quality.

[1] Fake news: Completely or partly false information presented as news by different types of platforms.

[2] MalditoBulo: part of a journalist project maldita.es aimed at giving readers tools to enable them to distinguish fake news.

_____

Aquest apunt en català / Esta entrada en español / Post en français