The past week has seen a range of activity in the world of cybersecurity with cyber-attacks taking place, anti-phishing solutions being deployed, and a whole lot of other things happening. Below, there is a curated list of all significant headlines that you need to know about, to be at par with the progress in the cybersecurity world:
Huawei Suspected Of Hiring Suspicious Personnel
Recent research and scrutiny of the CVs of the staff employed by Huawei show that they have hired people who have been or continue to be associated with China’s military and intelligence bodies. Naturally, this revelation raises doubts in the minds of governments, who are analyzing claims that Huawei poses a national security risk and even makes individual nations ponder upon the probability of Huawei installing ‘backdoors’ in its telecommunications networking equipment that would enable the Chinese government to access user data. While one CV revealed double timing of a person at Huawei and a military university, as a teacher and researcher through which, the Chinese People’s Liberation Army hired the person, another CV revealed that a person who worked at Huawei was a representative of a government entity, which is responsible for espionage and counterintelligence.
What does Huawei say?
Though the evidence seems substantial, Huawei denies all charges put on it by Christopher Balding, an associate professor at Fulbright University Vietnam, and London-based conservative think tank Henry Jackson Society – the person behind the study on Huawei. Huawei announced that it could not verify the CVs pointed out by Balding and said that employees need to provide documentation proving they have ended their relationships with the military or the government before they get on board with Huawei.
Larry Sanger Stands For A Decentralized Internet
The co-founder of Wikipedia – Larry Sanger recently expressed his disappointment with the controlling nature of tech giants, mainly social media platforms like Facebook and Twitter, and said that they do not take enough measures to ensure the security and privacy of the users, although they claim to do the same.
He urges that vast digital empires need to be replaced by decentralized networks of independent individuals and managed to get about 2,400 signatures in his declaration till the morning of 5th July 2019. Sanger, however, isn’t the first person to object to the authority of tech giants, Tim Berners-Lee, the founder of the World Wide Web, too recently made an argument saying that companies need to be more sincere towards the protection of privacy and interest of users.
The reaction of tech giants
Mark Zuckerberg – the CEO of Facebook responded by disclosing the new vision he has in mind for Facebook – that of incorporating measures like encrypted messaging. On the other hand, Twitter did not break its silence on the matter.
Sanger doubts whether Zuckerberg shall implement what he plans, and feels that the regulations of the government and other regulators barely have any effect on the tech giants and instead help them avoid the prospective competition from newcomers. He feels that a decentralized internet is the ultimate solution to all these problems as a decentralized and freer internet is what led to the creation of the ‘internet’ in the first place!
Passport Data Selling Fast In The Dark Market
Research conducted by the cybersecurity intelligence company, Flashpoint, reveals that passport data are sold in three major formats in the dark market and their prices differ accordingly:
- Digital scans: They sell for $5 to $65.
- Templates for creating a finished passport: They sell for $29 to $89.
- Actual physical passport: They sell for up to $5000.
With such high values being given, passport data breach becomes a lucrative business for attackers. A total of 5 million passport numbers were breached from the Marriott hotel chain last year, and this remains a matter of concern for those who became victims of this data loss.
What are the implications?
Most countries have rigorous rounds of checking incorporated in their airports to ensure minimal cases of people with forged identities and fake passports, getting into foreign countries or territories. However, there still are some countries which don’t scan passport barcodes or microchips, and as a result of this, people with low-cost phony passport gain access to the country.
The costs of getting professionally forged or lower-cost versions of the passport can be around $1,000 to $2,000 respectively on the dark web. These fake passports are not just used for identity theft but can also be used for other types of identity theft, like entry a sporting event, business, government office or school, etc.
The silver lining
However, the good thing about the Marriott data breach is that only passport numbers and other manually entered data of customers had been lost, which isn’t enough to get through any country. A whole lot of information apart from the passport number such as name, date of issue, date of expiry, and sometimes the scan bar at the bottom of the passport is essential to get through.
A penalty of $123 Million imposed on Marriott for data breach
The Information Commissioner’s Office (ICO) on 9th July 2019, Tuesday, issued a penalty of $123 million (£99 million) on Marriott International for its 2018 data breach of over 383 million guest records. This news comes a day after ICO fined British Airways for its own 2018 data breach, with $230 Million.
These huge penalties only portray the grave importance that customer privacy and security holds for ICO and other watchdogs under the aegis of the General Data Protection Regulation (GDPR).
What happened at Marriott?
The data breach that occurred at Marriott in 2018, leading to a loss of customer data of about 383 million people, was a result of lack of adequate anti phishing security measures in their merger and acquisition of Starwood properties in 2015. GDPR made it clear that organizations were required to be accountable for the personal data that they hold, and that it was a case of lack of due diligence on the part of Marriott.
It is reported that the hackers gained access to Starwood’s network back in 2014 before Marriott had acquired it and it was only on Sept. 8, 2018, that Marriott discovered about the breach.
Which data was compromised?
In the breach customer data such as their name, mailing address, phone number, e-mail address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival, and departure information, reservation date, and communication preferences, etc. were lost. Understanding and acknowledging the enormous losses caused to its customers, Marriott has agreed to pay the imposed penalty.
Sea Turtle Group Attacks Greece’s Top-Level Domain Registrar
Institute of Computer Science for the Foundation for Research and Technology (ICS-Forth) – the organization that manages Greece’s high-level domain country codes of .gr and .el, admitted to being a victim of the state-sponsored hackers’ breach in the e-mails it sent to its domain owners, on April 19.
As per a Cisco Talos report, the hackers behind this breach are the same daring group of attackers whose actions only heighten when suspected or caught – the Sea Turtle group.
What does Sea Turtle do?
Sea Turtle group has a unique way of giving shape to its breaches. It gains access into accounts at domain registrars and managed DNS providers, and modifies a company’s DNS settings, instead of targeting victims directly. Since companies barely watch out for changes made to DNS settings, hackers get full liberty to redirect traffic meant for a company’s legitimate apps or webmail services, to clone servers created by them, where they carry out man-in-the-middle attacks and intercept login credentials.
While the domain names for which hackers changed DNS settings remain inaccessible, Talos reported that hackers maintained access for another five days’ post which, ICS-Forth publicly disclosed the incident.
ICS-Forth wasn’t the only victim of Sea Turtle operation; the group has also targeted countries such as Sudan, Switzerland, and the US. These targets had their DNS settings modified by the group and were mostly government organizations, energy companies, think tanks, international non-governmental organizations, etc.
Apple disables a feature in Zoom, because of a security flaw
A major security flaw was identified in the web conferencing software maker Zoom’s software that can turn on a person’s webcam, without their knowledge or consent, and can re-install itself if deleted. Upon knowing about this flaw, Apple sent out a quiet security update to Mac computer users, which removed this dangerous feature from Zoom, that could quickly connect people to conference calls.
What is the glitch in Zoom?
- A web server is installed by Zoom’s software, on user’s computers, that quickly launches its software upon the click of a link by users.
- Not only that, but it can also re-install Zoom’s software if the user has removed it.
- Zoom authorities claim that it’s a flaw that previously went unnoticed, but they’re glad that their collaboration with Apple has helped them update and resolve the web server issue.
- As for their next action regarding the flaw in their web server, they plan to disable it on Mac devices to ensure that security and privacy of users are upheld.
Facebook’s Cryptocurrency Receives Dubious Responses
Facebook recently announced the creation of its new cryptocurrency – Libra which shall be managed by a governing body called the Libra Association, through a wallet named Calibra. Presently working alongside 27 launch partners such as PayPal, Visa, Uber, Coinbase, Lyft, Mastercard, Vodafone, eBay, Spotify, etc., Facebook envisions having 100 members in the Libra Association by 2020. However, its efficiency and credibility have been questioned by the US Federal Reserve System, along with many other lawmakers, politicians, and others across the globe.
The crypto coin Libra is all set to be launched in the first half of next year, but the Federal Reserve System and a separate panel called the Financial Stability Oversight Council, are meeting to discuss Libra alongside global policymakers. Since the announcement of its initiation, Libra has received quite a few skeptic remarks.
Remarks on Libra:
- Bruno Le Maire – France’s Finance Minister, said Libra should work fine if limited to transactions alone but that Facebook shouldn’t be allowed to create a “sovereign currency.”
- Over more than 30 groups including the Economic Policy Institute and US PIRG have asked Congress and the regulators to impose a moratorium on Libra, till they answer all questions raised.
- Among other nations, India too is in the list of countries avoiding cryptocurrencies and has said that it is considering not allowing Libra trades at all.
The US Allows Licensed Sale With Huawei, As Part Of Trade Talks
In line with the US-China trade talks held last month, the US has allowed its companies to sell equipment to Huawei, once they get licenses and are sure that there is no threat to national security. But it has been informed by Trump’s economic adviser – Larry Kudlow that the licensing requirements would only be relaxed for a limited period and would stop if the trade talks between the nations don’t progress smoothly. The US has taken these measures because it seeks phishing prevention and a safe online world for its citizens.
New Ransomware “eCh0raix” Hits Systems In The US
A new ransomware “eCh0raix” has been spotted by researchers at Anomali, which targets users of QNAP Systems’ network-attached storage (NAS) devices. The malware infectors gain access to the devices of users, either by brute-forcing weak credentials or by exploiting known vulnerabilities in them.
Features of eCh0raix:
- The malware eCh0raix has been designed for targeted attacks and not merely for mass distribution.
- Hard-coded encryption keys that Anomali analyzed have unique decryption keys associated with them, making a decryptor work only for one victim at a time.
- The malware eCH0raix runs barely any risk of being detected, and this was evident even in the samples that Anomali analyzed. The malware was identified only by two or three anti-malware tools on VirusTotal.
There are over 19,000 publicly facing QNAP devices in the US presently, and it’s not yet known how many of these devices are deployed in enterprise organizations.
Which devices have been targeted?
The malware targets NAS devices which have little protection and are used to store important files and backups, especially in enterprise settings. This fact makes NAS devices a lucrative target for ransomware attacks.
US Navy Takes The Unique Initiative To Increase Interest In AI
Amidst all the news of cyber attacks and penalties of companies or criminals, the US Navy attracts attention by its newly launched competition that seeks to find machine learning and artificial intelligence solutions for real-world cybersecurity challenges.
They called this innovative challenge the “Artificial Intelligence Applications to Autonomous Cybersecurity Challenge (AI ATAC)” which shall award a sum of $100,000 to the first position holder and another $50,000 for the second position holders.
Details of the competition:
- The competition will be open for all citizens and permanent residents irrespective of whether they are defense contractors, researchers, students, or just technology-curious private citizens.
- The sponsors for the competition are Naval Information Warfare Systems Command (NAVWAR) and Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I).
- The competition shall be open to entries till Sept. 30, and the winners will be announced in December. Participants will need to submit an endpoint security solution as well as a white paper.