From Advanced Threats

Tax Season – A Second Holiday Season for Cyber Criminals

Share Button

Tax Season is upon us, which is basically a second holiday season for cybercriminals, for two reasons. Read more

Multiple Banks Hit with SWIFT Attacks Like One That Hit Bangladesh Central Bank

Share Button

The financial world was shaken in the last few weeks. It came to light that hackers breached systems of Bangladesh Bank, and attempted to steal $951 Read more

RSA Conference 2016

RSA Conference 2016 Recap — Part II

Share Button

Though nothing will drive them away
We can beat them, just for one day
We can be Heroes, just for one day

Heroes, 1977
Brian Eno, David Bowie

Listening to the legendary David Bowie singing Heroes while everybody leaves the room will be the last, enduring impression of RSAC 2016. I’d like to think that, coming from a company that has a lot to do with cryptography, where even chance has to be carefully factored in. It is not a random choice, but probably the slightly obfuscated summary of this conference. While the good guys cannot make the bad guys desist, we can beat them, forever and ever.

To win the battle with the bad guys, a new job title is born – the hunter. A hunter is capable of reading the matrix, detecting in the mass of data collected the telltale signs of an attack or an infection. Then she deploys digital traps and countermeasures to stop the adversary, analyzes the malicious code injected, studies the attack patterns and identifies the resources used for the attack and, eventually, tracks down the attacker. Finally, she launches a deadly counterstrike. Phishing and malware-laden websites are taken down. Command and control machines are seized (?). Cybercriminals are arrested. Pretty epic, isn’t it?

Even the hunter, however, could soon become obsolete. We are on the verge of the Rise of the Hacking Machines! No, it is not a cyberpunk novel. It is the title for Konstantinos Karagiannis’s (CTO Security Consulting, BT Americas) intervention. Today, AIs are successfully competing with the best humans at most intellectual games. Techniques, like the ones developed by Google DeepMind for AlphaGo, may be applied to security, intelligently scanning network and software for vulnerabilities. And, why not, for performing intelligent attacks? Or responding to such attacks?

What we see today in the cybersecurity landscape is, according to Johannes Ullrich, director of SANS’ Internet Storm Center, is a shift in cybercriminal targets. First, all personal and financial data apparently has already been stolen. Just sum up the numbers from the last, major breaches. Therefore the value of this data is very limited. As a reaction, cybercriminals are differentiating their business. Enter ransomware. And ransom-motivated DDOS.

Second, the OS vendors are starting to do a better job of avoiding unwanted software running on endpoint machines. Cybercriminals are therefore infecting the building blocks (libraries) and tools (IDEs and compilers) used by legitimate developers to reach the machines of their victims. Or they are hacking developer’s workstations to inject malicious content directly in the source code, as in the case of Juniper Networks.

Finally, IoT devices are starting to become commonplace, and with their limited embedded security, can be used as attack vectors. A myriad of uncontrolled and uncontrollable little computing devices that can be put to nefarious use.

The situation is difficult, challenging, and exciting, more than ever

RSA Conference 2016

RSA Conference 2016 – Impressions Part I

Share Button

Almost 20 years later I’m in San Francisco again, immersed in the artificial atmosphere of the Moscone Center at RSA Conference 2016.

For the first day I’ve chosen a set of introductory talks, the Security Basic track, to get the feeling of it and start from the beginning. The first speaker confirms it is the right choice.

I take a quick look at the audience before the speaker begins. The majority of participants are young people, as I expected, but there are also many grey heads. I’m not alone after all. A few women are scattered throughout the packed auditorium, one in seven, more or less. We still have a diversity problem in our profession, unfortunately.

The main takeaway from the first two days of the conference is that our sector is on the verge of a paradigm shift: from prevention to detection and neutralization. The security industry has finally realized that it is virtually impossible to stop a determined attacker. After all, the attacker is attacking a single point, the defenders are defending a multi-dimensional surface. At the same time, new technology, mainly A.I. and big data analytics, provide the opportunity to build intelligence into the system–so it can learn what the normal status should be and how to detect and react to new, previously unforeseen threats. Hadi Nahari calls it dynamic security.

For example, you can have networks that understand they are under a DDOS attack and automatically, or semi-automatically, deploy mitigation procedures at the appropriate machines to contain the threat. Or systems that, detecting suspicious behavior from another machine, remove the trust they previously had on that specific network resource.

From this perspective the cybersecurity subsystem in a network will appear a lot similar to the immune system of a living, biological being. It will also be a hybrid system, where fully automated procedures support the work of human beings making the most complex decisions. At least until the human work is understood well enough to be replaced by a machine learning algorithm.

The second strong impression is that the industry and the US government, while still mercilessly fighting each other, are looking for a concerted exit from the post-Snowden era.

Finally, the last impression is how easy it is to subvert even the most stable and apparently secure systems. Stephen Sims hacked Skype simply putting an aptly named dll in an appropriate directory. The vulnerability used has been fixed by Microsoft in the February update. David Dewey brute forced the CVV of a real credit card and registered the card on Apple Pay. And this closed the circle. Complete prevention is an impossible task. To prevail, the good guys have to deploy detection and mitigation systems.

The quest for cybersecurity is far from over. The good news is that innovative companies who dare to think differently, will undoubtedly break established paradigms and change the game forever.

EMV Implementation

More Vulnerable? Microsoft to End Support for Windows XP in UK ATM Machines

Share Button

Last month, Microsoft ended support for embedded Windows XP in ATMs. This Windows XP operating system is still used in the majority of ATMs that deliver cash to customers around the world. Read more

democratization of malware

The Democratization of Malware

Share Button

The printing press was one of the earliest steps towards democratization of knowledge, allowing the acquisition and spread of knowledge among the masses, and not just the privileged elite. Read more

FFIEC Issues Ransomware Alert

Sharp Rise in Ransomware Attacks – FFIEC Issues Alert

Share Button

As I discussed in a recent blog post, the U.S. Federal Financial Institutions Examination Council (FFIEC) issued an alert in early November around Read more

weakest link against fraud

What is the Weakest Link in Your Fight Against Fraud?

Share Button

The more things change, the more they stay the same. This age-old adage can certainly be applied to the realm of IT security where hackers continuously evolve their techniques to compromise their targets. Read more

DMARC Gmail

What You Need to Know About Google’s Move to Strict DMARC Implementation

Share Button

Starting in June 2016, any DMARC-capable receivers will be instructed by Google to reject any emails that do not properly authenticate.
Read more

Fraud Landscape in Mexico

The Electronic Fraud Landscape in Mexico’s Financial Sector

Share Button

Electronic banking and payment systems are on the rise in Mexico and other Latin-American countries, with statistics showing significant growth of these channels. According to our recent study, Read more