Subscribe to:

Subscribe to :: TheGuruReview.net ::

Lloyd’s Of London Sounds The Alarm On Impacts Of Cyber Attacks

July 18, 2017 by  
Filed under Around The Net

A major, global cyber attack could lead to an average of $53 billion of economic losses, a figure on par with a catastrophic natural disaster such as U.S. Superstorm Sandy in 2012, Lloyd’s of London said in a report on Monday.

The report, co-written with risk-modeling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems run by businesses worldwide.

Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance. A lack of historical data on which insurers can base assumptions is a key challenge.

“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Lloyd’s of London Chief Executive Inga Beale told Reuters.

Economic costs in the hypothetical cloud provider attack dwarf the $8 billion global cost of the “WannaCry” ransomware attack in May, which spread to more than 100 countries, according to Cyence.

Economic costs typically include business interruptions and computer repairs.

The Lloyd’s report follows a U.S. government warning to industrial firms about a hacking campaign targeting the nuclear and energy sectors.

In June, an attack of a virus dubbed “NotPetya” spread from infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupted activity at ports, law firms and factories.

“NotPetya” caused $850 million in economic costs, Cyence said.

In the hypothetical cloud service attack in the Lloyd’s-Cyence scenario, hackers inserted malicious code into a cloud provider’s software that was designed to trigger system crashes among users a year later.

By then, the malware would have spread among the provider’s customers, from financial services companies to hotels, causing all to lose income and incur other expenses.

Average economic losses caused by such a disruption could range from $4.6 billion to $53 billion for large to extreme events. But actual losses could be as high as $121 billion, the report said.

As much as $45 billion of that sum may not be covered by cyber policies due to companies underinsuring, the report said.

Average losses for a scenario involving a hacking of operating systems ranged from $9.7 billion to $28.7 billion.

Lloyd’s has a 20 percent to 25 percent share of the $2.5 billion cyber insurance market, Beale said in June.

Will NotPetya Victim Get The Files Vack

July 12, 2017 by  
Filed under Computing

The so-called ‘NotPetya’ ransomware, which was first identified in Ukraine and quickly spread worldwide, is reportedly designed to destroy data with the ransomware element intended as little more than a cover.

Security software company Kaspersky has warned that there is “little hope for victims to recover their data” if they fall victim to the ransomware bastard because the installation ID displayed in the ransomware note, sent with the ransom so that the appropriate decryption key can be sent back, is entirely randomly generated.

As a result, victims that pay the estimated £300 ransom in Bitcoin won’t be able to get their files back.

“We have analysed the high-level code of the encryption routine and we have figured Kaspersky Company in a statement.

“To decrypt a victim’s disk threat actors need the installation ID. In previous versions of ‘similar’ ransomware, like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. 

“ExPetr [Kaspersky’s name for the malware] does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data.”

Kaspersky’s warning comes as a number of security software and services companies publish their initial analyses of the NotPetya/ExPetr malware – all coming to similar conclusions.

Kaspersky itself claims that around 2,000 organisations have fallen victim to it so far, with firms in Russia and Ukraine worst affected, although Norwegian shipping company Maesk also fell victim. The company also confirmed the use of two US National Security Agency (NSA) exploits, exposed by the Shadow Brokers group, called EternalBlue and EternalRomance, which have helped automatically propagate the malware.

People and organisations with their Windows operating systems patched up-to-date and running equally up-to-date antivirus software ought to be protected, Kaspersky added.

However, organisations that aren’t properly patched can see the malware use flaws in Microsoft’s SMB networking protocol, via the EternalBlue exploit, to infect multiple machines.

According to Kasperksy, researchers Anton Ivanov and Orkhan Mamedov, the “installation key” supposedly presented to users in the NotPetya ransom note is simply a random string.

“That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim and, as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID,” they warned.

That means, even paying the ransom won’t result in a decryption key being sent. “This reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive,” they added.

Likewise, Matt Suiche, founder of cloud security company Comae Technologies, agreed. “The ransomware was a lure for the media. This variant of Petya is a disguised wiper,” he warned. 

He added: “The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative.

“Ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) – a wiper would simply destroy and exclude possibilities of restoration.”

The key presented in the ransomware note, he also confirmed, is “fake and randomly generated”.

He added that the ransomware element was probably intended to distract attention from the idea that a nation-state attacker of some sort was behind it, citing the Shamoon malware in 2012, while the attacker simply repacked existing ransomware. 

Not everyone is convinced that the NotPetya malware is state sponsored, however, with software engineer and malware analyst @hasherezade on Twitter suggesting that the author of the original Petya might be behind it. ‘

Courtesy-TheInq

Ransomware-as-a-Service Now Targeting Macs

June 22, 2017 by  
Filed under Computing

Security researchers have found the first evidence of ransomware-as-a-service (RaaS) affecting Apple machines, dubbed ‘MacRansom.’

Fortinet’s security research team, FortiGuard Labs, uncovered the tool, which uses a web portal hosted in a TOR network (an anonymous network that bounces the signal around a relay of volunteer computers, to conceal the source); an increasingly-popular form of attack. The variant is not readily available through the portal, and instead, buyers must contact the author(s) directly to build the ransomware.

MacRansom uses a basic delivery vector, in that the owner of the machine must agree to run a programme from an unidentified developer before the infection takes place, or have it physically installed from an external drive. If they do so, the ransomware will check two things: if it is being run in a non-Mac environment, and if it is being debugged. If either condition is not met, it will terminate.

The next step is to create a launch point (the file name purposefully mimics a legitimate file). The ransomware will run on every start up and encrypts on a specified trigger time. When that time comes, the ransomware begins to encrypt files on the computer – in what FortiGuard notes is a slightly unusual but still effective method. A maximum of 128 files will be locked.

FortiGuard was looking for any RSA-crypto routines; however, like the delivery vector, the ransomware itself is not very sophisticated and instead uses a symmetric encryption with a hardcoded key. Two sets of keys are used: ReadmeKey (0x3127DE5F0F9BA796), which decrypts the ransom notes and instructions, and TargetFileKey (0x39A622DDB50B49E9), which performs the encrypt/decrypt on the user’s files.

TargetFileKey is altered with a random number generator: the encrypted files cannot be decrypted once the malware has terminated, in other words. It also has no function to communicate with the command and control server, so there is no readily-available copy of the key to use. While recovery of the TargetFileKey is still technically possible using a brute force attack, FortiGuard is ‘sceptical’ of the author’s claim to be able to decrypt the hijacked files.

Users are instructed to contact a specific email address and send some of their encrypted files, which will be decrypted as proof. The author asks for 0.25 Bitcoin (about £540) to unlock all of the files.

Ransomware is still not common on Mac computers, and most found there today is significantly less advanced than that targeting Windows. However, MacRansom can still capably encrypt files.

FortiGuard believes that MacRansom is being developed by copycats, as it contains code and ideas that appear to have been taken from previous ransomware targeting OS X.

Courtesy-TheInq

Spread Of ‘WannaCry’ Ransomware Halted For Now

May 15, 2017 by  
Filed under Computing

Friday’s unprecedented ransomware attack may have temporarily halted spreading to new machines thanks to a “kill switch” that a security researcher has activated.

The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.

The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.

However, the ransomware also contains a kill switch that may have backfired on its developers, according to security researchers.

Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.

A security researcher who goes by the name MalwareTech found that he could activate the kill switch by registering the web domain and posting a page on it.

MalwareTech’s original intention was to track the ransomware’s spread through the domain it was contacting. “It came to light that a side effect of us registering the domain stopped the spread of the infection,” he said in an email.

Security firm Malwarebytes and Cisco’s Talos security group reported the same findings and said new ransomware infections appear to have slowed since the kill switch was activated.

However, Malwarebytes researcher Jerome Segura said it’s too early to tell whether the kill switch will stop the Wana Decryptor attack for good. He warned that other versions of the same ransomware strain may be out there that have fixed the kill-switch problem or are configured to contact another web domain.

Unfortunately, computers already infected with Wana Decryptor will remain infected, he said.

Friday’s ransomware attack first spread through a massive email phishing campaign. At least some of those emails appeared to be messages from a bank about a money transfer, according to Cisco’s Talos group.

Victims who opened the attachment in the email were served with the ransomware, which takes over the computer, security researchers said.

The Wana Decryptor itself is no different from other typical ransomware strains. Once it infects the PC, it’ll encrypt all the files on the machine, and then demand the victim pay a ransom to free them.

But unlike other ransomware, Wana Decryptor has been built to spread quickly. It does so by incorporating a hacking tool that security researchers suspect came from the NSA and was leaked online last month.

European Union Anticipates More E-commerce Anti-trust Violation Investigations

May 11, 2017 by  
Filed under Around The Net

The European Union plans to initiate more antitrust investigations into e-commerce companies after a two-year inquiry uncovered practices that restrict competition, the European Commission said on Wednesday.

In its report following the initial inquiry, the European Commission said there was an increased use of contractual restrictions to control product distribution, which could be in breach of EU antitrust rules.

“Certain practices by companies in e-commerce markets may restrict competition by unduly limiting how products are distributed throughout the EU,” Competition Commissioner Margrethe Vestager said in a statement.

The e-commerce sector inquiry is part of the European Commission’s campaign to overhaul the bloc’s digital market in a bid to boost growth and catch up with the United States and Asia.

“The insight gained from the sector inquiry will enable the Commission to target EU antitrust enforcement in European e-commerce markets, which will include opening further antitrust investigations,” the Commission said.

The EU executive also found that manufacturers increasingly use selective distribution systems where products can only be sold by pre-authorized sellers, giving them more control over distribution and price.

The report showed that almost 60 percent of digital content providers have agreed with the copyright holders for music, films and TV shows, for example, to geoblock, namely restricting consumers’ access to products and services based on where they are located.

Some licensing practices may also make it more difficult for new online business models and services to emerge, the Commission said.

EU antitrust scrutiny of the pharmaceutical, energy and financial services industries over the past decade prompted investigations into companies in all three sectors.

Are Macs Virus Free

April 19, 2017 by  
Filed under Computing

The myth that Macs are somehow more secure than other operating systems appears to be a myth according to a Threat Report by McAfee Labs.

Attacks on Macs have risen by 744 percent in 2016 and there are more than 460,000 malware samples on Mac machines found. Although this is not a particularly high number you have to acknowledge that this is one security company and on a single machine.

It appears that after years of leaving Macs alone, virus writers are suddenly taking an interest in knocking them over and the security by obscurity measures, along with faith-based defences are not working.

The Tame Apple Press has rushed to say that “despite the dramatic increase in macOS malware attacks, Mac owners need not be too alarmed”.

One newspaper even said that the attacks were just irritating and not like the “true malware attacks” that Windows users have to suffer.

Most of the attacks were just adware which automatically generates and displays advertising material, including banners or pop-ups, whenever a user is online, the Tame Apple Press  tried to reassure Apple fanboys.

Last summer, Mac owners were warned about a new malware dubbed Backdoor.MAC.Elanor – a nasty piece of code that infects the OS X operating system and gives hackers complete access to the files on the computer.

Courtesy-Fud

Study Reveals Cyber Attacks Have Cost Company Shareholders Billions

April 13, 2017 by  
Filed under Computing

Cyber security breaches diminish businesses share prices permanently, with financials the worst hit, a study issued by IT consultant CGI and Oxford Economics has revealed.

Severe cyber security breaches, such as those having legal or regulatory consequences, involve the loss of hundreds of thousands of records and hurt the firm’s brand, caused share prices to fall on average 1.8 percent on a permanent basis, the analysis of 65 companies affected since 2013 globally has found.

Investors in a typical FTSE 100 firm would be worse off by an average of £120 million after such a breach, the report said. Overall the cost to shareholders of these 65 companies would be in excess of 42 billion pounds ($52.40 billion).

CGI’s analysis compared each company’s share price against a cohort of similar companies to isolate the impact of cyber breaches from other market movements, during incidents detailed in a breach index compiled by Dutch security firm Gemalto.

Two-thirds of firms had their share price adversely impacted after suffering a cyber breach. Financial firms were the worst affected, followed closely by communications firms.

“Financial services experience the greatest burden in terms of impact, reflecting the high levels of regulation, the importance of customer confidence and the potential for financial fraud to be a facet of the breach,” the report said.

hose least affected were retail, hospitality and travel companies.

Hacking attacks and other cyber security breaches have impacted companies across the world in recent years, from retailer Target in the United States in 2013 to British communications firm TalkTalk in 2015.

Dallas Emergency Sirens Set Off By Hacker

April 11, 2017 by  
Filed under Around The Net

A computer hack triggered all the emergency sirens in Dallas for about 90 minutes overnight in one of the largest known breaches of a siren warning system, officials in the Texas city said on Saturday.

Dallas’ 156 sirens, normally used to warn of tornadoes and other dangerous weather, were triggered at 11:42 p.m. CDT on Friday. The wailing did not end until 1:17 a.m. CDT on Saturday when engineers manually shut down the sirens’ radio system and repeaters, city Emergency Management Director Rocky Vaz said.

“At this point, we can tell you with a good deal of confidence that this was somebody outside of our system that got in there and activated our sirens,” he told reporters.

The breach in the city of 1.6 million people was believed to have originated in the area, city spokeswoman Sana Syed said in an emailed statement.

Vaz cited industry experts as saying the hack was among the largest ever to affect emergency sirens, with most breaches triggering one or two. “This is a very, very rare event,” he said.

Engineers are working to restart the system and should have it restored by late on Sunday, he said. Until the sirens are running, Dallas will rely on local media, emergency 911 phone calls, and a federal radio alert system, Vaz said.

The hack is being investigated by system engineers and the Federal Communications Commission has been contacted, but police have not been involved, he said.

The sirens went through 15 cycles of a 90-second activation before they were shut down, he said.

 

Research Shows Cobol Is Not As Hacker-proof As Initially Thought

March 20, 2017 by  
Filed under Computing

New research is dispelling the idea that legacy systems — such as Cobol and Fortran — are more secure because hackers are unfamiliar with the technology.

New research found that these outdated systems, which may not be encrypted or even documented, were more susceptible to threats.

By analyzing publicly available federal spending and security breach data, the researchers found that a 1% increase in the share of new IT development spending is associated with a 5% decrease in security breaches.

“In other words, federal agencies that spend more in maintenance of legacy systems experience more frequent security incidents, a result that contradicts a widespread notion that legacy systems are more secure,” the paper found. The research paper was written by Min-Seok Pang, an assistant professor of management information systems at Temple University, and Huseyin Tanriverdi, an associate professor in the Information, Risk and Operations Department at the University of Texas at Austin.

“Maybe the conventional wisdom that legacy systems are secure could be right,” said Pang, in an interview. But the integration of these systems “make the whole enterprise architecture too complex, too messy” and less secure, he said.

Federal agencies have seen a rapid increase in security incidents, the paper points out, citing federal data assembled by the Government Accountability Office. From 2006 through 2014, the number of reported security incidents increased by more than 1,100 percent, or from 5,503 to 67,168. An incident can cover a range of activities, such as a denial of service, successfully executed malicious code, and breaches that give intruders access.

One of the largest federal system breaches occurred in 2015, when hackers gained access to some 18 million records at the Office of Personnel Management.

Tony Scott, the former federal CIO under President Barack Obama, told lawmakers at a hearing last year that nearly three quarters of IT budgets are spent maintaining legacy systems.

“These systems often pose significant security risks, such as the inability to utilize current security best practices, including data encryption and multi-factor authentication, which make them particularly vulnerable to malicious cyber activity,” Scott said.

The U.S., overall, has more than 3,400 IT professionals employed to maintain legacy programming languages, a U.S. House committee was told after the OPM breach.

If the federal government doesn’t modernize its systems, Pang said it may see more large breaches similar to the OPM hack.

In the absence of modernization, Pang said that effective IT governance “mitigates security risks of the legacy systems.” It also recommended moving systems to the cloud.

Pang said the government needs to pass the Modernizing Government Technology Act. That legislation, which was approved by the House last year, would have boosted IT spending by about $9 billion from 2017 to 2021 had it reached the president’s desk.

Yahoo Agrees To Verizon’s Discounted Acquisition Deal

February 23, 2017 by  
Filed under Around The Net

Verizon Communications Inc reconfirmed plans to acquire Yahoo Inc’s  core business for $4.48 billion, lowering its original offer by $350 million in the wake of two massive cyber attacks at the internet company.

The closing of the deal, which was first announced in July, had been delayed as the companies assessed the fallout from two data breaches that Yahoo disclosed last year. The No. 1 U.S. wireless carrier had been trying to persuade Yahoo to amend the terms of the agreement following the attacks.

Verizon and Yahoo signed the deal on Sunday evening after weeks of talks that included calls with Yahoo CEO Marissa Mayer and a meeting between Verizon CEO Lowell McAdam and Yahoo director Tom McInerney in New York earlier this month to agree on the amount of the price reduction, a person involved in the talks said.

The two sides had an agreement in principle about a week earlier that included a liability sharing agreement, something that Verizon decided early on that it needed to reach a deal.

Verizon conducted brand studies and found that Yahoo’s reputation was holding up after the hacks, the person said. The company decided to proceed in part because it continued to believe that the deal made strategic sense and that users were loyal and engaged.

The companies said on Tuesday they expect the deal to close in the second quarter. The data breach may delay some integration of Yahoo with Verizon after the closing, the person said.

The deal brings to Verizon Yahoo’s more than 1 billion users and a wealth of data it can use to offer more targeted advertising. Verizon will combine Yahoo’s advertising technology tools as well as its search, email and messenger assets with its AOL unit, purchased for $4.4 billion in 2015.

Verizon’s shares rose 0.3 percent to $49.33 in afternoon trading, while Yahoo’s shares were up 0.8 percent at $45.48.

Under the amended terms, Yahoo and Verizon will split cash liabilities related to some government investigations and third-party litigation related to the breaches.

Yahoo, however, will continue to be responsible for liabilities from shareholder lawsuits and SEC investigations.

Yahoo said in December that data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.

This followed the company’s disclosure in September that at least 500 million accounts were affected in another breach in 2014.

Verizon Reportedly Gets Discount On Yahoo Acquisition

February 17, 2017 by  
Filed under Around The Net

Verizon Communications Inc  is close to an updated deal to purchase Yahoo Inc’s core internet business for $250 million to $350 million less than the original agreed price of $4.83 billion, according to a source briefed on the matter.

Since last year, Verizon had been trying to persuade Yahoo to amend the terms of the acquisition agreement to reflect the economic damage from two cyber attacks. A source told Reuters that the deal, which could come as soon as this week, will entail Verizon and Yahoo sharing the liability from potential lawsuits related to the data breaches.

Another person familiar with the situation said the price cut was likely to be around $250 million, a figure that Bloomberg reported earlier on Wednesday.

A representative from Verizon declined to comment. Yahoo did not immediately respond to requests for comment.

“Maybe this isn’t quite as much of a discount as initially thought, but it’s at least something,” said Dave Heger, senior equity analyst at Edward Jones.

Verizon hopes to combine Yahoo’s search, email and messenger assets, as well as advertising technology tools, with its AOL unit, which Verizon bought in 2015 for $4.4 billion. Verizon has been looking to mobile video and advertising for new sources of revenue outside an oversaturated wireless market.

But Sunnyvale, California-based Yahoo has been under scrutiny by federal investigators and lawmakers since disclosing the largest known data breach in history in December, months after disclosing a separate hack.

The U.S. Securities and Exchange Commission has launched a probe into whether Yahoo should have disclosed the breaches, which occurred in 2013 and 2014, sooner, according to a report in the Wall Street Journal last month.

On Wednesday, Yahoo sent a warning to users whose accounts may have been accessed by intruders between 2015 and 2016, as part of a data security issue related to the breach it disclosed in December. A person familiar with the matter said notifications have gone out to a mostly final list of users.

People More Concerned About Privacy, Study Reveals

January 31, 2017 by  
Filed under Around The Net

A recent IDC survey has revealed 84% of U.S. consumers are concerned about the privacy of their personal information, with 70% saying their concern is greater today than it was a few years ago.

These concerns of consumers should also alarm businesses: Consumers are willing to switch to another bank, medical center or retailer if they feel their personal information is threatened, the survey found.

“Consumers can exact punishment for data breaches or mishandled data by changing buyer behavior or shifting loyalty,” said Sean Pike, an analyst at IDC, in a statement. The survey, released last week, polled 2,500 U.S. consumers about their privacy concerns across four verticals: Financial services, healthcare, retail and government.

Younger consumers, aged 18 to 35, were more concerned for their privacy than older consumers, aged 36 to 50, the survey found. The younger age group also had a 56% likelihood of switching business providers based on an impending hacker threat, compared to 53% for the older group. Meanwhile, women were more likely to switch than men, by a difference of 8 percentage points, for an impending hacker threat.

If a breach affected them directly, 78% of all consumers said they would switch to another business from the one where the breach occurred.

IDC said that with retail businesses, many consumers are not aware of the amount or kinds of information that retailers collect. Such information can include the items a shopper has bought and at what time of day, and even how long a customer lingers in a store.

The survey found that shoppers increasingly are willing to evaluate a store’s track record for protecting personal information. “It is in a retailer’s best interest to define what information they are tracking firmly and clearly, and to provide consumers methods to manage those preferences,” IDC’s report said. “Retailers who do not take consumer data protection seriously may find that they permanently lose customers to competitors that offer more transparency and manageability of their Personally Identifiable Information.”

For the healthcare sector, IDC’s survey found that increasing numbers of ransomware attacks will impact consumer confidence for a particular provider. New guidance under HIPAA (the health Insurance Portability and Accountability Act) notes that ransomware attacks like those at Hollywood Presbyterian Medical Center and Kansas Heart Hospital are considered security incidents that could lead to finding a breach of federal Protected Health Information.

Verizon’s Acquisition Of Yahoo Delayed

January 25, 2017 by  
Filed under Around The Net

Verizon’s planned purchase of Yahoo will take longer than expected and won’t hapen until this year’s second quarter, the internet company has announced.

The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.

Although Yahoo continues to work to close the acquisition, there’s still work required to meet closing the deal’s closing conditions, the company said in an earnings statement, without elaborating.

Verizon has suggested that the data breaches, and the resulting blow to Yahoo’s reputation, might cause it to halt or renegotiate the deal.

In September, Yahoo said a “state-sponsored actor” had stolen details from at least 500 million user accounts in late 2014. As if that weren’t enough, the company reported another breach in December, this one dating back to August 2013 and involving 1 billion user accounts.

Both breaches were detected months after Verizon announced last July that it would buy the ailing internet company. Reportedly, Yahoo is facing an investigation from the U.S. Securities and Exchange Commission over whether the breaches should have been reported to investors earlier.

The breaches may have shaken confidence in Yahoo’s internet business. But the company has since taken measures, such as password resets, to secure user accounts.

Nevertheless, some user accounts are still vulnerable. On Monday, Yahoo said 90 percent of its daily active users were protected from the breach. That leaves another 10 percent potentially exposed.

Among the information stolen in the breaches were names, email addresses, telephone numbers, hashed passwords and security questions and answers meant to protect the accounts.

Yahoo Under Scrutiny By SEC Over Hacking

January 24, 2017 by  
Filed under Around The Net

The U.S. Securities and Exchange Commission is investigating a previously disclosed data breach at Yahoo Inc, the company published in a recent filing.

Yahoo said in a November 2016 quarterly filing that it was “cooperating with federal, state and foreign” agencies, including the SEC, that were seeking information and documents about a “security incident and related matters.”

The SEC is investigating whether two massive data breaches at Yahoo should have been reported sooner to investors, the Wall Street Journal reported on Sunday, citing people familiar with the matter.

 An SEC spokesman declined to comment. A Yahoo spokesman directed Reuters to the company’s November filing.

Yahoo has faced pointed questions about exactly when it knew about a 2014 cyber attack it announced in September that exposed the email credentials of half a billion accounts.

In December, Yahoo said it had uncovered yet another massive cyber attack, saying data from more than 1 billion user accounts was compromised in August 2013.

The SEC issued requests for documents in December, as it probes whether the technology company’s disclosures about the cyber attacks complied with civil securities laws, the people said, according to the Journal.

Securities industry rules require companies to disclose cyber breaches to investors. Although the SEC has long-standing guidance on when publicly traded companies should report hacking incidents, companies that have experienced known breaches often omit those details in regulatory filings, according to a 2012 Reuters investigation.(reut.rs/2dblx5S)

Democratic U.S. Senator Mark Warner asked the SEC in September to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the 2014 hacking attack.

The disclosures from Yahoo about both breaches came after the company agreed to sell its main business to Verizon Communications Inc in July, triggering questions about whether the deal would still be viable and, if so, at what price.

Security Experts Warn Of New Spora Ransomware

January 13, 2017 by  
Filed under Computing

Security experts have uncovered a new ransomware program dubbed Spora that can perform strong offline file encryption and brings several ‘innovations’ to the ransom payment model.

The malware has targeted Russian-speaking users so far, but its authors have also created an English version of their decryption portal, suggesting they will likely expand their attacks to other countries soon.

Spora stands out because it can encrypt files without having to contact a command-and-control (CnC) server and does so in a way that still allows every victim to have a unique decryption key.

Traditional ransomware programs generate an AES (Advanced Encryption Standard) key for every encrypted file and then encrypts these keys with an RSA public key generated by a CnC server.

 Public key cryptography like RSA relies on key pairs made up of a public key and a private key. Whatever file is encrypted with one public key can only be decrypted with its corresponding private key.
Most ransomware programs contact a command-and-control server after they’re installed on a computer and request the generation of an RSA key pair. The public key is downloaded to the computer, but the private key never leaves the server and remains in the attackers’ possession. This is the key that victims pay to get access to.

The problem with reaching out to a server on the internet after installation of ransomware is that it creates a weak link for attackers. For example, if the server is known by security companies and is blocked by a firewall, the encryption process doesn’t start.

Some ransomware programs can perform so-called offline encryption, but they use the same RSA public key that’s hard-coded into the malware for all victims. The downside with this approach for attackers is that a decryptor tool given to one victim will work for all victims because they share the same private key as well.

The Spora creators have solved this problem, according to researchers from security firm Emsisoft who analyzed the program’s encryption routine.

The malware does contain a hard-coded RSA public key, but this is used to encrypt a unique AES key that is locally generated for every victim. This AES key is then used to encrypt the private key from a public-private RSA key pair that’s also locally generated and unique for every victim. Finally, the victim’s public RSA key is used to encrypt the AES keys that are used to encrypt individual files.

In other words, the Spora creators have added a second round of AES and RSA encryption to what other ransomware programs have been doing until now.

So far, researchers have seen Spora distributed via rogue email attachments that pose as invoices from an accounting software program popular in Russia and other Russian-speaking countries. The attachments are in the form of .HTA (HTML Application) files that contain malicious JavaScript code.

Next Page »