FBI Sheds New Light On Ransomware Tactics

According to a recent FBI alert marked “TLP: AMBER,” businesses should be on high alert for ransomware attacks.

The alert reads, in part, as follows:

Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.

The actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections and stolen login credentials.”

The alert also states that the attackers behind these two ransomware strains often wield Cobalt Strike tools, including Cobalt beacons to gain remote access.

Once the attackers gain a toehold inside a target network, they’ll carefully explore and map the target network, seeking out the most sensitive information including proprietary company data, payment card information and other customer details and the like.

The goal here is to identify the highest value information that can be exfiltrated to the command and control server for sale on the black market. Finally, when all of the most valuable information has been siphoned from the network, the hackers will trigger the ransomware itself, which they’ll use to gain an additional payment, extorting the affected organization.

The FBI also reports that hacking operations carried out by nation-states often deploy ransomware to make it appear that the attack is the work of traditional cybercriminals, throwing forensic investigators off of their trail.

The process of network mapping and exfiltrating valuable data can take weeks or even months, depending on the size of the network. So, organizations may be infected long before the visible signs of the attack become evident. Given that, it’s more important than ever to have robust security system in place. You should have remote backups taken at regular intervals and a rapid response plan in place in the event of a breach.

Used with permission from Article Aggregator

Data Breaches Continue With Three New High Profile Cases

As 2019 draws to a close, we can say definitively that the year has been another record-breaking one where data breaches are concerned. Hackers around the world have been busy in recent weeks, with a trio of high-profile breaches making headlines.

In late November, one of China’s largest manufacturers of smartphones (OnePlus) reported that an unauthorized third-party accessed their user data.

According to a company spokesman, “only a limited number” of customers were impacted and no payment information was accessed. Although the hackers did make off with customer names, addresses, phone numbers and physical addresses.

To this point, OnePlus has not released the exact number of compromised records. Their best estimates put it as a breach comparably sized to the one that the company suffered in January, which impacted some 40,000 users.

On November 28th 2019, Palo Alto Networks suffered a breach. It included personal information belonging to both current and former employees, and happened when an unnamed third-party gained unauthorized access to their network. In this case, the compromised data included employee names, dates of birth, and social security numbers. It gave the hackers more than enough information to steal the identities of the employees whose information was compromised.

Also in November of this year, Desjardins Group, which is Canada’s largest federation of credit unions, announced that they had been breached. It resulted in the compromise of personal data belonging to some 4.2 million of its members, which included social insurance numbers, physical addresses and the banking habits of compromised members.

These, of course, are just the latest in an unending stream of breaches in 2019. If things remain on their current trajectory, we can expect that 2020 will be yet another record breaking year. Buckle up, it’s going to be a bumpy ride.

Used with permission from Article Aggregator

Cashless Shopping Could Get Easier In the Future

For decades, futurists have been promising a cashless society and all the convenience that comes with it. So far though, the technology we have available hasn’t lived up to the promise.

Sure, we’re moving inexorably in the direction of a cashless society, but we’re doing so at a snail’s pace. We’re moving in such tiny increments that it sometimes seems that the day will never arrive.

Fortunately, that’s changing, at least if Amazon has anything to say about it. Recently, the US Patent and Trademark Office published a patent application from Amazon detailing a touchless scanning system. If the company moves forward with the development of the technology described in the patent application, the future could see Amazon customers to pay at the checkout counter simply by swiping their hand.

In the here and now, visitors to ‘Amazon Go Cashierless Stores’ need to scan an app to get in and check out, but that could change markedly in the years ahead.

Granted, filing a patent application and actually creating a viable technology around it are two very different things. However, if this technology makes it into the real world, it stands to change the face of shopping forever.

According to the application filed, Amazon’s vision for the technology would be the development of “a scanner device that is used to obtain raw images of a user’s palm that is within a field of view of the scanner…the first set of images depict external characteristics, such as lines and creases in the user’s palm while the second set of images depict internal anatomical structures, such as veins, bones, soft tissue, or other structures beneath the epidermis of the skin.”

Based on the early read, the technology sounds as ambitious as it is amazing. However, Amazon has pulled off larger miracles than this. We admire the vision and look forward to seeing how things develop from here.

Used with permission from Article Aggregator