fbpx
Apple Presentation, Apple Security Protections Can Easily Be Bypassed, Liquid Video Technologies, Greenville South Carolina

Apple Security Protections Are Easily Bypassed

Apple MacOS Security Protections Can Easily Bypassed with ‘Synthetic’ Clicks, Researcher Finds

A security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps — or malware — from accessing a user’s private data, webcam or microphone without their explicit permission.

The privacy protections, recently expanded in macOS Mojave, were meant to make it more difficult for malicious apps to get access to a user’s private information — like their contacts, calendar, location and messages — unless the user clicks ‘allow’ on a popup box. The protections are also meant to prevent apps from switching on a Mac’s webcam and microphone without consent. Apple’s Craig Federighi touted the security features as “one of the reasons people choose Apple” at last year’s WWDC developer conference.

But the protections weren’t very good. Those ‘allow’ boxes can be subverted with a maliciously manufactured click.

It was previously possible to create artificial or “synthetic” clicks by using macOS’ in-built automation feature AppleScript, or by using mouse keys, which let users — and malware — control the mouse cursor using the numeric pad on the keyboard. After fixing these bugs in previous macOS versions, Apple’s current defense is to block all synthetic clicks, requiring the user to physically click on a button.

But Patrick Wardle, a former NSA hacker who’s now chief research officer at Digita Security, said he’s found another way to bypass these protections with relative ease.

Wardle, who revealed the zero-day flaw at his conference Objective By The Sea in Monaco on Sunday, said the bug stems from an undocumented whitelist of approved macOS apps that are allowed to create synthetic clicks to prevent them from breaking.

Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.

“The only thing Apple is doing is validating that the application is signed by who they think it is,” he said. Because macOS wasn’t checking to see if the application had been modified or manipulated, a manipulated version of a whitelisted app could be exploited to trigger a synthetic click.

One of those approved apps is VLC, a popular and highly customizable open-source video player that allows plugins and other extensions. Wardle said it was possible to use VLC as a delivery vehicle for a malicious plugin to create a synthetic click on a consent prompt without the user’s permission.

“For VLC, I just dropped in a new plugin, VLC loads it, and because VLC loads plugins, my malicious plugin can generate a synthetic click — which is fully allowed because the system sees its VLC but doesn’t validate that the bundle to make sure it hasn’t been tampered with,” he explained

“And so my synthetic events is able to click and access the users location, webcam, microphone,” he said.

Wardle describe the vulnerability as a “second stage” attack because the bug already requires an attacker — or malware — to have access to the computer. But it’s exactly these kinds of situations where malware on a computer tries to click through on a consent box that Apple is trying to prevent, Wardle said.

He said he informed Apple of the bug last week but the tech giant has yet to release a patch. “This isn’t a remote attack so I don’t think this puts a large number of Mac users immediately at risk,” he said.

An Apple spokesperson did not return a request for comment.

It’s not the first time Wardle has warned Apple of a bug with synthetic clicks. He reported related bugs in 20152017 and 2018. He said it was “clear” that Apple doesn’t take these bugs seriously.

“In this case, literally no-one looked at this code from a security point of view,” he said.

“We have this undocumented whitelisting feature that is paramount to all these new privacy and security features, because if you can generate synthetic events you can generically thwart them of them trivially,” he said.

“It’s important to get this right,” he said.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Gmail Screenshot, Google is using Gmail to Track Your Purchases, Liquid Video Technologies, Greenville South Carolina

Google is using Gmail to Track Purchases

Google is using Your Gmail Account to Track Your Purchases

Do you think your email on Gmail is private? If so, you may want to think again, as your Gmail messages are being scanned by Google for purchases, which are then displayed in your Google account.

This week, a user posted on Reddit about how they discovered that their Google Account’s Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay.

When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more.  Like the Reddit user, I do not use Google Pay.

Purchases Page
Purchases Page

The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information.

When BleepingComputer contacted Google about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads.

“To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page. We’re always working to help people understand and manage their data.”

While they may not be using this information to serve you ads, are they using it for something else? Google has not given us a definitive answer on this question.

Deleting purchase data is a pain

While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so.

Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page.

Remove Purchase

With my Purchases having data going as far back as 2013 and showing approximately 300 purchases, it would be a big pain to manually delete each and every one.  Even worse, another account that I use for most of my purchasing has thousands of orders, which would take forever to clean up.

When searching for a way to stop Google from pulling purchases out of my Gmail emails, I could not find a setting that would allow me to do so.

CNBC who also covered this story this week, was also unable to find a setting that stopped Gmail from scanning emails and extracting purchase information.

G Suite customers appear to be spared

I use different email accounts depending on the particular purpose and one of these email accounts is through Google’s G Suite service.

When I checked the Purchases page for my G Suite account, I noticed that the page was empty even though it is commonly used to make online purchases. I also asked another person who uses G Suite and they too confirmed their page was empty.

While two people is not a large sample by any means, it could indicate that this data extraction is not occurring for G Suite accounts. I also could not find any settings in the G Suite Admin console that allows me configure these settings.

We have already asked Google if G Suite is excluded from this data extraction, but have not heard back as of yet.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Scientists Identified a Way to Improve Network Security, Liquid Video Technologies, Greenville South Carolina

Scientists Identified a Way to Improve Network Security

Scientists May Have Identified a New Way to Improve Network Security

With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it.

Researchers at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

Many cybersecurity systems use distributed network intrusion detection that allows a small number of highly trained analysts to monitor several networks at the same time, reducing cost through economies of scale and more efficiently leveraging limited cybersecurity expertise; however, this approach requires data be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers said.

Because of this, most distributed network intrusion detection systems only send alerts or summaries of activities back to the security analyst. With only summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.

In research presented at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics March 12-15, 2019, scientists wanted to identify how to compress network traffic as much as possible without losing the ability to detect and investigate malicious activity.

Reducing the amount of traffic transmitted to the central analysis systems

Working on the theory that malicious network activity would manifest its maliciousness early, the researchers developed a tool that would stop transmitting traffic after a given number of messages had been transmitted. The resulting compressed network traffic was analyzed and compared to the analysis performed on the original network traffic.

As suspected, researchers found cyber attacks often do manifest maliciousness early in the transmission process. When the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.

“This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system,” said Sidney Smith, an ARL researcher and the study’s lead author. “Ultimately, this strategy could be used to increase the reliability and security of Army networks.”

For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.

“The future of intrusion detection is in machine learning and other artificial intelligence techniques,” Smith said. “However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research technique will allow the data most likely to be malicious to be gathered for further analysis.”

Article Provided By: HelpNetSecurity

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Thailand Passes Controversial Cybersecurity Law, Liquid Video Technologies, Greenville South Carolina

Thailand Passes Controversial Cybersecurity Law

Thailand passes controversial cybersecurity law that could enable government surveillance

Thailand’s government passed a controversial cybersecurity bill today that has been criticized for vagueness and the potential to enable sweeping access to internet user data.

The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed the country’s parliament with 133 positives votes and no rejections, although there were 16 absentees.

There are concerns around a number of clauses, chiefly the potential for the government — which came to power via a military coup in 2014 — to search and seize data and equipment in cases that are deemed issues of national emergency. That could enable internet traffic monitoring and access to private data, including communications, without a court order.

The balance of power beyond enforcement has also been questioned. Critics have highlighted the role of the National Cybersecurity Committee, which is headed by the prime minister and holds considerable weight in carrying out the law. The Committee has been called upon to include representation from the industry and civic groups to give it greater oversight and balance.

Added together, there’s a fear that the law could be weaponized by the government to silence critics. Thailand already has powerful lese majeste laws, which make it illegal to criticize the monarchy and have been used to jail citizens for comments left on social media and websites. The country has also censored websites in the past, including the Daily Mail and, for a nearly six-month period in 2007, YouTube.

“The Asia Internet Coalition is deeply disappointed that Thailand’s National Assembly has voted in favor of a Cybersecurity Law that overemphasizes a loosely-defined national security agenda, instead of its intended objective of guarding against cyber risks,” read a statement from Jeff Paine, managing director of Asia Internet Coalition — an alliance of international tech firms that include Facebook, Google and Apple.

“Protecting online security is a top priority; however, the Law’s ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight. This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data,” Paine added.

Reaction to the law has seen a hashtag (#พรบไซเบอร์) trend on Twitter in Thailand, while other groups have spoken out on the potential implications.

Thailand isn’t alone in introducing controversial internet laws. New regulations, passed last summercame into force in near-neighbor Vietnam on January 1 and sparked similar concerns around free speech online.

That Vietnamese law broadly forbids internet users from organizing with, or training, others for anti-state purposes, spreading false information and undermining the nation-state’s achievements or solidarity. It also requires foreign internet companies to operate a local office and store user information on Vietnamese soil. That’s something neither Google nor Facebook  has complied with, despite the Vietnamese government’s recent claim that the former is investigating a local office launch.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

New Privacy Features for Mozilla Firefox, Liquid Video Technologies, Greenville South Carolina

New Privacy Features for Mozilla Firefox

New Privacy Features for Mozilla Firefox, Lockwise Is Live

Mozilla announced new features and changes today that aim to increase the privacy of Firefox users by blocking trackers and offering updates to various Firefox security and privacy services.

These changes include enabling Firefox Enhanced Tracking Protection by default for new users, the official launch of their Firefox Lockwise password management service, an updated Firefox Container addon, and a dashboard for the Firefox Monitor data breach service.

These changes are covered in detail below.

Blocking tracking cookies by default

Mozilla has announced that new Firefox users will now block third-party tracking cookies by default.

When users install Firefox for the first time, the browser will be configured to use the Standard setting for the Content Blocking feature. This setting previously only blocked trackers in Private mode, but has now been changed to also automatically block third-party tracking cookies in normal browsing sessions.

Standard Content Blocking setting
Standard Content Blocking setting

There is one caveat to this default blocking. If you look at the image above, you can see that Firefox “allows some trackers so websites function properly”. This means that trackers on some sites are being allowed if blocking them would break the site and gives the site more time to resolve these issues.

For existing Firefox users, you can enable the blocking of third-party cookies by utilizing the Custom Content Blocking setting and selecting to block Trackers and Third-party trackers under the Cookies setting.

Custom Content Blocking Settings
Custom Content Blocking Settings

Mozilla plans on rolling out this default blocking to existing Firefox users in the near future.

Lockwise Desktop officially launches

In the past, Mozilla offered the LockBox iOS and Android apps, which allowed mobile users to log into their Mozilla account and see login credentials saved from Firefox Desktop.

In May, BleepingComputer broke the news that Mozilla was rebranding their LockBox password management service under a new name called Lockwise. As part of this rebranding, Mozilla was also releasing a Firefox Lockwise for Desktop addon that acts as the cornerstone for the Mozilla password management service.

As of today, this addon is now officially released and can be downloaded from the Firefox Lockwise site.

When installed, the Firefox Lockwise addon converts Firefox’s Login and Passwords panel into a full featured password management service where users can view all of their saved login credentials, create new entries, and edit existing ones.

Firefox Lockwise for Desktop
Firefox Lockwise for Desktop

As long as syncing is enabled, all devices that are logged into the same Mozilla account will now be able to access the saved credentials stored in Firefox Lockwise.

This service, though, still needs improvement as mobile users can currently only view login credentials saved from Firefox Desktop and new credentials cannot be created within the Firefox Lockwise mobile apps.

Firefox Lockwise for iOS
Firefox Lockwise for iOS

If Firefox plans on creating premium offerings from this service, which they are currently considering, they need to update their Lockwise apps in order to allow users to create and save new login credentials. Only then can they compete with other password management services.

Firefox Container

Mozilla has also launched an updated Facebook Container addon that will now block Facebook buttons used on sites that you visit.

When sites utilize Facebook scripts to show Like or Share buttons, Facebook can use these scripts to track you when on the site and between sites. The updated Facebook Container addon will block these buttons so that they are no longer able to track you as shown below.

Blocked Facebook button
Blocked Facebook button on Amazon

Firefox Monitor gets a new dashboard

Finally, Mozilla is launching a new dashboard for their Firefox Monitor data breach notification service.

“Today we’re launching a central dashboard to help you track and manage multiple email addresses, whether it’s your personal email accounts or ones for professional use.”

This new centralized dashboard will allow you to quickly view the email addresses being monitor, the data breaches that have exposed your information, and the passwords that have been exposed across all breaches.

Firefox Monitor Dashboard
Firefox Monitor Dashboard

With this dashboard, Firefox Monitor is beginning to grow into a service that feels more complete rather than thrown together as an value added service for their customers.

It also shows how they continue to increase the service offerings in order to eventually offer premium options as a way to generate revenue.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop, Liquid Video Technologies, Greenville South Carolina

Windows 10 Apps Hit by Malicious Ads

Windows 10 Apps Hit by Malicious Ads that Blockers Won’t Stop

Windows 10 users in Germany are reporting that while using their computer, their default browser would suddenly open to malicious and scam advertisements. These advertisements are being shown by malvertising campaigns on the Microsoft Advertising network that are being displayed in ad supported apps.

As a way to monetize free apps, Microsoft offers Windows 10 app developers the ability to use their Microsoft Advertising SDK to display ads in their apps.  For example. Microsoft News and Microsoft Jigsaw utilize Microsoft Advertising to display ads.

German Ads in Microsoft News and Microsoft Jigsaw
German Ads in Microsoft News and Microsoft Jigsaw

Over the weekend, there were numerous reports of Windows 10 users in Germany having their browser open suddenly to sites pushing tech support scams, sweepstakes, surveys, and win a prize wheels. These advertisements would open suddenly while they were using apps like Microsoft News, Microsoft Jigsaw, and other Microsoft Advertising supported apps.

For example, the advertisement below was shown to one user and pretends to be a system scan stating that the computer is infected. If a user goes through the screens, the scam page will ultimately prompt them to download an unwanted system cleaner program.

Tech Support Scam shown by malvertising campaign
Tech Support Scam shown by malvertising campaign

These ads are being caused by scammers purchasing ad campaigns in the Microsoft Advertising network that use JavaScript to automatically launch scam sites in a new window. As these advertisements are being shown in an ad-supported app, Windows 10 will instead launch the new page in the default browser.

Just like a similar malvertising campaign that targeted French users of Microsoft apps in April, this German campaign appears to only be targeting users on residential IP addresses. For example, if you use a VPN to gain access to a German IP address, the malvertising ads will not show.

Ad blockers will not help

As these ads are being displayed because of ad-supported apps,  any ad blockers you have installed in your browsers will not prevent the pages from loading.

This is because the scripts that are normally blocked by ad blockers are being executed in the app and Windows 10 is just launching a web page in your browser.

Instead users will have to rely on security software or built-in browser filtering services such as SmartScreen and Safe Browsing to block known malicious web sites.

ESET blocking a malicious web site
ESET blocking a malicious web site

Another option is to install a HOSTS file that blocks all connections to known advertising networks and malicious sites.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cybercrime Groups Continue to Flourish on Facebook, Liquid Video Technologies, Greenville South Carolina

Cybercrime Groups Flourish on Facebook

You might be surprised what you can buy on Facebook, if you know where to look. Researchers with Cisco’s Talos security research team have uncovered a wave of Facebook groups dedicated to making money from a variety of illicit and otherwise sketchy online behaviors, including phishing schemes, trading hacked credentials and spamming. The 74 groups researchers detected boasted a cumulative 385,000 members.

Remarkably, the groups weren’t even really trying to conceal their activities. For example, Talos found posts openly selling credit card numbers with three-digit CVV codes, some with accompanying photos of the card’s owner. According to the research group:

The majority of these groups use fairly obvious group names, including “Spam Professional,” “Spammer & Hacker Professional,” and “Facebook hack (Phishing).” Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members.

Beyond the sale of stolen credentials, Talos documented users selling shell accounts for governments and organizations, promoting their expertise in moving large sums of money and offering to create fake passports and other identifying documents.

The new research isn’t the first time that Facebook users have been busted for dealing in cybercrime. In 2018, Brian Krebs reported 120 groups with a cumulative 300,000-plus members engaged in similar activities, including phishing schemes, spamming, botnets and on-demand DDoS attacks.

As Talos researchers explain in their blog post, “Months later, though the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs.”

“While some groups were removed immediately, other groups only had specific posts removed,” Talos researcher Jaeson Schultz wrote. “Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing.”

Cybercrime groups are yet another example of the game of enforcement whack-a-mole that Facebook continues to play on its massive platform. At the social network’s scale — and without the company dedicating sufficient resources to more comprehensive detection methods — it’s difficult for Facebook to track the kinds of illicit or potentially harmful behaviors that flourish in unmonitored corners of its sprawling platform.

“These groups violated our policies against spam and financial fraud and we removed them,” a Facebook spokesperson told TechCrunch. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Local Governments are a Hot Target for Cyberattacks, Liquid Video Technologies, Greenville South Carolina

Governments are Targets for Cyberattacks

Why local governments are a hot target for cyberattacks

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here’s why they are vulnerable and what they can do to reduce the threat.

Over the course of the past few weeks, a seemingly stepped-up wave of malware and ransomware infections has struck a number of municipalities across the U.S.

  • On April 10, the city of Greenville, North Carolina, had to disconnect most city-owned computers from the Internet due to what officials said was a RobinHood ransomware infection, a duplicitous piece of malware that pretends to raise awareness and funds for the people of Yemen.
  • On April 13, Imperial County, California was hit with Ryuk ransomware, which is designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments’ phone lines.
  • On the same day Imperial County was infected, the city of Stuart, Florida, was hit by Ryuk ransomware, forcing system shut-downs affecting payroll, utilities and other vital functions, including police and fire departments.
  • On April 18, an unspecified piece of malware, likely ransomware, crippled the city’s computer networking in Augusta, Maine.
  • On April 21, the municipally owned airport in Cleveland, Ohio, Cleveland Hopkins International airport, was struck by still-unspecified malware, causing the airport’s flight and baggage information boards to go dark, an outage that lasted at least five days.

Despite what appears to be a recent spurt in municipal ransomware attacks, these infections are nothing new to the nation’s cities. The most high-profile municipal ransomware attack took place over a year ago in March 2018 when the city of Atlanta was crippled by SamSam ransomware. According to Wired magazine, the city of Atlanta ended up spending $2.6 million to respond to that attack, roughly 52 times the amount of the $50,000 or so in ransom demanded by the attackers.

Cyberattacks on municipalities harder to hide

Still, the recent spate of attacks raises the question: Are municipal ransomware infections on the rise? According to some municipal cybersecurity experts, cities have long grappling with malware and ransomware attacks at the same rate as private sector organizations, but are just now becoming more public about it.

“Most of these cities have had issues just like businesses have for years,” Gary Hayslip, former CISO for the City of San Diego, California, and now CISO for security firm Webroot, says. “It’s just more of them are being public about it because governments are requiring it now more.”

It’s increasingly difficult to hide city ransomware infections, particularly given that responding to them often requires funds from municipal coffers. “Typically, you end up having to pull out your cyber insurance and you’ve got to get Mandiant or somebody that you have on call to come on over and help you clean up and then hopefully get your data back,” says Hayslip. “So, you’re not going to keep that kind of stuff quiet.”

Internet-delivered city services present more opportunities for attackers

Cities are getting deeper and deeper into IP-based activities to deliver services as efficiently as possible, giving attackers more opportunity to engage in malicious behavior. “I would say there are a couple of big pressures that I think are relevant to most industries, but state and local governments are also exposed to it. First and foremost is the rapid expansion and availability of technology capabilities,” says Chris Kennedy, former government cybersecurity veteran and currently CISO of cybersecurity firm AttackIQ.

Attackers are also getting more savvy. “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Data stored in city systems an attractive target

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers. “If you think long-range. state and local governments offer a wealth of information about citizen activity. You can imagine how cyber criminals would want to take advantage of that collection of information for identity theft and things like that,” says Kennedy.

“Most people don’t realize cities have massive amounts of data. It’s amazing the different types of data that they have. I mean it’s just phenomenal. They have everything from permits to people paying their water bills to parking tickets to whatever. People are investing in bonds,” says Hayslip, adding that cities also accept credit cards. “U.S. cities are very, very similar to large multinational businesses.”

Financial constraints put a squeeze on security

Unlike large multinational businesses, however, cities, particularly small cities or towns, face financial constraints that limit just how much they can spend on protecting themselves from breaches, malware infections and other kinds of attacks. “It can be an overwhelming problem if you’re not adequately staffed,” Kennedy says. “When you’re resource-constrained a lot of the operating falls to contractors” and “how well you manage those contractors is often difficult.”

On top of that, cities struggle to keep pace with technology refresh cycles, which are growing shorter each year. “Today the typical refresh cycle is about 18 months and most cities aren’t ready for it. A lot of the larger cities still have mainframes.” Hayslip says. “In a business you can do rip and replace. You can go ahead and say we’re going to be down and we’re going to stand up a parallel data center and we’re going to flip over and rip out all this old stuff and then go on about our business. That’s very hard to do when you have citizens that are riding on the services that you provide and don’t like to have their services interrupted.”

State and local governments need federal cybersecurity assistance

While municipal governments struggle with increased attacks, constrained resources and outdated equipment, there are few easy solutions to the unique problems they face. Hayslip thinks the federal government has a role to play in helping cities with funding shortages. “These municipal governments and state governments are tied to massive amounts of federal networks. They’re all interrelated and tied to each other,” he says.

“There should be a pool available to state and local governments” to provide small governments funds to addresses at least the basics of cybersecurity, such as updated software, firewalls and other cyber hygiene-related needs. “It would reduce the risk on the supply chain side among the municipal, state and federal networks,” according to Hayslip.

Cities that are fortunate enough to have dedicated security staff, which Hayslip says begins when the municipality reaches 300 employees, can also benefit from participating in formal and informal information-sharing efforts. Among the formal options available to cities are the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), which is focused on state, local, tribal and territorial government cybersecurity, as well as resources available from the Department of Homeland Security.

Local governments should share security data

When it comes to local governments, sharing information informally can be as helpful as the more formal efforts. When Hayslip was CISO of San Diego, he had a loose group of peers from other jurisdictions in the area and nine times out of ten when one of them was dealing with a sustained attack, the others were, too. Cybercriminals like to “get the most bang for their buck so they’ll attack a region” where local governments are likely to be interconnected, he says.

On the whole cities appear to be dealing adequately with the ransomware and other malware infections that come their way. “Some of them are really taking it seriously and they’re building. Not just the city of San Diego but Los Angeles is doing very well. The city of Denver is doing very well.” Even the city of Atlanta is a good example of a municipality that might now be ahead of the curve. “I think they they’ve learned their lessons and they’re putting it together,” Hayslip says.

Article Provided By: CSO

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Women Sorts Books in Public Library, Cyberattack, Liquid Video Technologies

Cyberattack hits Augusta

Cyberattack hits Augusta municipal operations; City Center closed

Officials say a nasty, intentionally deployed virus shut down public safety computers and made the city’s entire network unusable, but the phone system and public safety radio system were not affected.

AUGUSTA — A malicious computer virus that targeted — and squarely hit — the city early Thursday morning forced the closure of Augusta City Center.

The virus froze the city’s computer network and rapidly spread to laptops and other devices.

Augusta City Center, on July 12, 2016. Kennebec Journal photo by Joe Phelan

Officials said Thursday afternoon they had located the virus are working on a fix, and no data was taken in the apparent cyberattack. Once they confirm the virus has been removed from the network and all devices associated with it, they plan to restore the city’s servers and get the system up and running again.

Because so many municipal functions there rely on computers — and restoring servers and fixing the damage done is expected to be a cumbersome process — Augusta City Center will remain closed until at least Monday, while the network and servers are restored.

Fred Kahl, director of the information technology department for both the city and schools, said a piece of malicious software somehow got into the city’s computer network, spread rapidly and damaged servers. He said it appears it was a targeted attack. But he also said no data, such as personal information about residents, was taken in the incident.

“Nothing got out, no names or anything like that. It just became inaccessible,” Kahl said late Thursday afternoon about data stored on city servers.”Nothing went anywhere, guaranteed.”

The virus, which officials said was inflicted upon the city’s servers intentionally, also shut down computers used by public safety dispatchers — but not the city’s phone system or the public safety radio system used by dispatchers and police, fire and ambulance staff members in the field to communicate. Dispatchers, who don’t have access to their usual computer-aided dispatching system, tracked calls and the activity and whereabouts of police officers, firefighters and ambulance crews manually.

“It’s not a threat to public safety,” Ralph St. Pierre, finance director and assistant city manager, said Thursday morning from the closed city center. “Dispatch is still answering. The phones are still working.”

What isn’t working is anything that relies on the computer network at Augusta City Center, including municipal financial systems, billing, automobile excise tax records, assessor’s records or general assistance.

All those systems became inaccessible when the city’s network was hit by a virus around 3:20 a.m. Thursday, which froze up the network.

“All our servers are locked up,” St. Pierre said. “This was a particularly bad (virus). This one exploded, it got all the data, all the servers, they froze rock solid, and you can’t pierce it. It’s pretty widespread and impactful.”

He clarified that while the city’s servers and data have been frozen and are inaccessible, it is not believed city data has been breached.

“It was not a breaching of the data. It was a locking down of the data,” St. Pierre said. “This was intentional.”

Professor Henry Felch, program coordinator of the University of Maine at Augusta’s cybersecurity program, which he said is the largest such program in the state, speculated it could have been an inside job, perhaps by a disgruntled current or former employee or someone else with knowledge of and access to the city network.

“If someone did want to do something to bring Augusta to a screeching halt for a couple of days, it could be an act of revenge, or it could be someone is making a statement,” Felch said. “Usually a virus is more widespread than just one locality, if the goal is to infect a lot of computers. This sounds like it was directed toward Augusta. It was a very targeted attack.”

He said the city should involve state police, because what occurred appears to be a crime. He said it appeared the malicious software was intended more to destroy data than to capture data.

St. Pierre said the city’s data is intact, and all its backup systems are fine, meaning the city can start restoring servers. He said restoration work will include contacting software providers so they can reinstall their software. He said it could take until as late as Tuesday to have the network up and running and reopen city center.

Kahl said officials know when the attack was initiated, around 3:20 a.m. Thursday, but he believes the city might never know with 100 percent certainty how the software got into city servers.

He said the city did not pay a ransom payment, as some Maine municipalities and even the Lincoln County Sheriff’s Office have done previously, to have the software removed.

City Manager William Bridgeo said city information technology staff members all were working on the problem, and an outside software consulting firm from Portland also had specialists working on the problem in Augusta.

St. Pierre said officials stopped the virus before it spread to School Department files or servers, which are connected to the same network, and they have been shut off from the network to protect them. He said the city’s email server is at the school department and is still up and running, so city staff members with smartphones can still respond to email.

To make sure all devices that might have been infected with the virus were cleared of it, about 15 Augusta police workers, most of them officers, underwent about a half-hour of training from Kahl and then set out to check every city facility — or anywhere else an infected laptop or other device might be — to see if they had the virus on them. The 10 or so devices that were infected were taken to Kahl’s office so the virus could be removed.

A sign tells patrons about computer system problems on Thursday at Lithgow Public Library in Augusta. Kennebec Journal photo by Joe Phelan

City Center, where nearly all functions rely to some extent on computer access, is expected to remain closed at least through Friday. Other city facilities never closed and are expected to remain open. St. Pierre said Hatch Hill was open and manually billing customers, the library was open, and the Buker Community Center — including youth programming there — was open and running but couldn’t take new registrations, and public works employees were working.

The Augusta Civic Center also was affected by the virus, since its computers are integrated into the city network, but officials said they were still able to access its ticket-selling firm and could sell tickets to events for cash, but not credit cards, on Thursday.

At Lithgow Public Library, the virus’ effect was — in some ways — to send the library back to its past, one based around books, not computers. Its computers were down and unable to access the internet, but people still could read books there. And, according to Julie Olson, assistant director and adult services librarian, they still could check out books and other materials. The public library’s usual circulation system was down, but they were able to use a backup system.

“For our patrons, the biggest impact was we don’t have internet,” Olson said. “We’ve got no computer access at all, they’re all connected to the city’s server, so we can’t access anything. But you can check out books, return books and renew books. We just can’t do the other parts.”

Bridgeo said the city buys “cyber liability” insurance through Maine Municipal Association, and as part of that, about a month ago it had an assessment done of the security of the city’s network. He said he just read a report on the findings of that assessment about a week ago and found that Augusta “got pretty high grades for how we stand.”

Felch said municipalities could be tempting targets for cyberattacks because of all the data they have, or because some of them have control over water treatment systems and other crucial resources. He said the best thing municipalities can do is emphasize training and awareness among staff on how to avoid allowing cyberattacks to be successful. But he said if the malicious software came from inside, via someone with access to the network, there might be nothing the city could do.

He said the city might want to look at its network defenses to see if such attacks could be detected faster.

Felch said the state needs to provide resources to help municipalities fend off cyberattacks.

“What happened to Augusta could probably happen to other municipalities around here, because it’s easy to do and it’s easy to get something started,” he said. “Maine has a lot of smaller municipalities, which makes it a target for someone who may want to practice, and hone the skills they might need to attack a larger city in the future. I think state government needs to do more to help these small municipalities be able to provide protection.”

Augusta police Chief Jared Mills agreed the cyberattack does not pose a threat to public safety. He said the only real effect was not being able to enter information directly into a computer. He said dispatchers were recording things manually and clerks were working to help dispatchers with that task.

Mills said there is “no threat to public safety. This is exactly how we completed reports when I started 20 years ago. Everything was handwritten and our response time then was the same as it is today.”

Felch, an Augusta resident who was turned away Thursday from City Center when he went there to get a new permit to use the Hatch Hill landfill, though at the time he didn’t know why, said students and faculty of UMA’s cybersecurity program would be willing to help Augusta and other municipalities protect themselves.

Article Provided By: centralmaine

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Security, Phishing Scam, Security Data Breach, IT Support, Liquid Video Technologies, Greenville , South Carolina

New Phishing scam called ‘The Hotlist’

New Phishing scam called ‘The Hotlist’ now targets the Instagram users

  • The new Phishing scam operates in a similar manner as the recent ‘The Nasty List’ scam.
  • The Phishing scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram.

A new phishing scam called ‘The Hotlist’ has been found targeting Instagram users lately. This new scam operates in a similar manner as the recent ‘The Nasty List’ scam.

How does it work – The scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram. The message reads something like, “I just saw a few of your photos on the @The_HotList_95 and they are already upvoted to #26!”.

Once the recipients visit the message sender’s account, then they are displayed with a post that says ‘Everyone Is On Here Look’ and includes a description along with a link that reads ‘Check what position you’re in!’.

If users click on the link, then they are taken to a fake Instagram login page that is used by scammers to steal login credentials. The link typically ends with .me domain, Bleeping Computer reported.

What are the impacts – The Phishing scam is being used to steal Instagram account details of users. Once the scammers grab the login credentials, they can use them later to send further phishing messages to other Instagram users.

How to stay safe – Users can avoid falling victim to such Instagram phishing scams by:

  • Not entering their login credentials if they are on a page that does not belong to the Instagram website;
  • Verifying the profile of the sender/source before sharing any personal information;
  • Ignoring message from an unknown source that asks you to share sensitive details as it can be a phishing scam.

Article Provided By: CYWARE

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3 5