Category Archives: Internet Security
The agency that may be able to thwart ransomware – POLITICO
Profit motives are a powerful incentive for criminals hackers who roam the internet locking up victims data and demanding a ransom for releasing it: In June, just one scheme a cyberattack that crippled the worlds largest meat processing company yielded an $11 million bounty for a Russia-based hacker gang. But those flows of dirty money also place the gangs squarely in the IRS bailiwick.
A lot of other agencies do more of the technical investigation of the actual [hacking] infrastructure, said Jarod Koopman, acting head of the IRS recently combined cybercrime and digital forensics team, acknowledging that his agency is just one part of a governmentwide anti-hacking effort that includes entities such as the FBI and the Department of Homeland Security. Our wheelhouse is that financial tracing.
The IRS role in hacker probes has also gone beyond ransomware. After the U.S. became aware in late 2020 of a wide-ranging cyberespionage campaign blamed on Russias Foreign Intelligence Service, the IRS used its cryptocurrency tracing tools to learn more about the intruders who had broken into at least nine federal agencies and 100 private companies.
But ransomware has emerged as an especially bedeviling threat to governments and businesses worldwide, after years of attacks have targeted victims including police departments, water utilities and the National Rifle Association. One challenge to investigating such crimes is the fact that the perpetrators overwhelmingly demand payment in cryptocurrency because of its supposed untraceability.
The IRS criminal investigations are the tip of the spear when it comes to crypto investigations, said Ari Redbord, a former senior official in the Treasury Departments terrorism and financial intelligence office.
The IRS has two main avenues for hindering ransomware: It could theoretically track the cryptocurrency payments through companies and other victims tax returns, and it can investigate the underground movement of cryptocurrencies between victims and ransomware gangs.
Congress helped the first scenario a bit when passing last years bipartisan infrastructure package, which expanded the tax codes definition of broker to include cryptocurrency exchanges like Coinbase. These brokers, typically people who buy and sell stocks on someones behalf, will eventually have to report annually the names and addresses of their customers whenever they file tax returns after trading or selling crypto providing a level of transparency into the average crypto owners transactions that doesnt exist now.
We do see a growing level of crypto literacy, sophistication and agility across these federal agencies thats reassuring.
Gurvais Grigg
Its a step in the right direction for cybersecurity policy experts who have pushed the IRS and Congress to require companies to disclose high-dollar cryptocurrency payments, arguing it could provide additional insight into when a ransom payment is made.
As a first step, you have to know the universe of what were doing here, said Michael Daniel, president of the Cyber Threat Alliance and a former National Security Council cyber adviser during the Obama administration. Obviously youll never get 100 percent reporting, but you can get a very good statistically accurate picture of whats happening in the economy.
But tax reporting has severe limits. In most instances, the new reporting rules focus on the entity receiving the funds, which in this case would be the Russian ransomware criminals who arent subject to U.S. tax laws or known for obeying government mandates.
The IRS has had better luck tracking down ransomware gangs through the second option: digging into ransomware gangs cryptocurrency transactions or advising the FBI and DHS on how to do it.
At the IRS, Koopman said the agency relies on two types of tools for cryptocurrency investigations: so-called clustering algorithms that gauge the likelihood that two digital wallets are connected to one another, and open-source intelligence, including public records such as wallet addresses, domain name registrations, email addresses and court documents.
Often the agency works with companies like Chainalysis that have proprietary technologies that make linking one Bitcoin wallet to another a lot faster. One example Koopman pointed to is a tool that collects all the public-not-public data about people into one place to make homing in on possible suspects much easier.
The IRS isnt a silver bullet on its own, though. Redbord, who is also a former assistant U.S. attorney, said federal prosecutors often have a choice in which agency they go to with cybercrime tips: the FBI, Homeland Security or the IRS.
The differences among the three are somewhat limited because they all use the same cryptocurrency tracing tools and open-source investigative tactics. We all work very closely, so its all of us bringing our expertise to the table, Koopman said.
However, both the FBI and the Homeland Security Departments investigative unit, known as HSI, are more equipped than the IRS to focus on the technicalities of a ransomware attack, such as how the hackers broke in and what ransomware strain they deployed. Tapping the IRS to focus on the cryptocurrency side of an investigation helps law enforcement keep up with cybercriminals agility and constantly changing online locations.
There is a perception that [the agencies] all dont get along and that they never work cases jointly, Redbord said. But if you look at the big crypto investigations, they involve IRS [criminal investigations], HSI and FBI, and what we would do is create a dream team of agents across the interagency to drive together.
The FBI brings its range of investigatory experience, tools and funding. DHS investigations unit, which sits within Immigrations and Customs Enforcement, often has one key ingredient needed to start an investigation: the digital wallet addresses found through any electronics seizures at the border. And the IRS brings the financial nitty-gritty and somewhat nerdy know-how.
That detailed financial crime knowledge allows the IRS to crack cryptocurrency cases at a pace like no other, Redbord said.
In many regards, the IRS cyber criminal investigations unit has a startup mentality. It was created in 2014, making it much younger than the more established cyber investigations offices at the FBI and DHS.
The IRS played only supporting roles in cybercrime cases until 2019, when it led an investigation that resulted in a Justice Department takedown of a South Korean child pornography ring and its dark-web site, Welcome to Video. Visitors to the site had to pay in bitcoin to watch videos, and by tracing the flow of the cryptocurrency payments, the IRS was able to close the case in eight months.
Its really one of the first times youve got a case that isnt solely focused on server logs or some kind of special high tech, said IRS agent Chris Janczewski, who led the probe. It was just a lot of following the money.
When Janczewski started investigating Welcome to Video, the only lead he had was the location of the website itself. Koopman likens the scenario to what investigators usually see at the beginning of a ransomware investigation: You have the technology aspect of the attacks, the footprint of what occurred and then you have the transactional flow, Koopman said about ransomware cases. Thats it.
But there are a few limits to following the money in cybercrime, said Gurvais Grigg, global public sector chief technology officer at Chainalysis. Cybercriminals are agile and quick to cover their tracks, and law enforcement officers could lose their chance to track them while waiting for higher-ups approval to start an investigation.
On the other hand, we do see a growing level of crypto literacy, sophistication and agility across these federal agencies thats reassuring, said Grigg, who is also a former FBI investigator.
International probes face other roadblocks: The most notorious ransomware actors live in Russia, which is usually unlikely to cooperate with U.S. law enforcement. The one exception: Russias arrest last month of a hacker accused of being behind last years Colonial Pipeline attack.
But Janczewski said the IRS has experience tackling those hurdles, noting a couple of cases in which his team found transactions en route, digitally, to China or Russia as they crossed through U.S. allied countries.
When it comes to international investigations, especially if you want them to be timely, its all based on relationships, Janczewski said.
The IRS parent, the Treasury Department, is also likely to take on a growing role in the ransomware fight. In September, the department announced sanctions against Suex, a crypto exchange operating in Russia, saying 40 percent of its transactions involved ransomware and other illicit online activities. At the time, Treasury indicated that this could be the first of several actions against similar exchanges.
Congress is also on the move.
In September, Sen. Maggie Hassan (D-N.H.) introduced legislation, S. 2864, that would direct the Treasury Department to tell Congress how other nations are mining, using and regulating cryptocurrencies. Several lawmakers have introduced proposals to mandate reporting of ransom payments within two to three days, depending on the bill, to DHS a step that would provide more insight into how many ransomware attacks U.S. businesses are facing, as well as hackers financial information. And Hassan is already in conversations with the IRS about the best way to help them address cryptos use in cybercrime.
In a letter released earlier this month, IRS Commissioner Charles Rettig requested $21 million to support cyber, crypto and other highly technical investigations. He also suggested that Congress tweak current crypto reporting rules so the IRS can more easily share the information with its investigative partners at Treasurys Financial Crimes Enforcement Network and other agencies.
This could all come in handy as the Biden administration continues to toss anything it can at the burgeoning ransomware problem.
When you look at the strategy that you would need to put together to combat ransomware, youre going to need a large number of different departments and agencies across the federal government, said Daniel, of the Cyber Threat Alliance. It has so many different aspects to it.
Read more here:
The agency that may be able to thwart ransomware - POLITICO
Government consults on legal direction to restrict Huawei in UK telecoms networks – GOV.UK
A consultation has been launched with telecoms firms on proposed legal instruments to control the use of Huawei in UK networks.
UK telecoms providers have already begun to remove Huawei from the UKs 5G networks following the governments announcement in July 2020. As the next step in this process, the government is now required by the new Telecommunications (Security) Act to consult with industry on the proposed measures which would bring these controls on Huawei onto a legal footing.
In November the Act became law - giving the government the legal mechanism to restrict the use of high risk vendor equipment in public networks where deemed necessary and proportionate in the interests of national security. The new powers will ensure UK mobile networks remain safe and secure as 5G becomes progressively more embedded in our national infrastructure, industries and daily lives.
The legal instruments the government is consulting on are known as a designated vendor direction, which contains requirements that public telecoms providers would need to follow regarding use of Huawei equipment and services; and a designation notice which categorises Huawei as a high-risk vendor.
The consultation will last for four weeks and is only open to public communications providers which would receive the direction, and Huawei, as the proposed designated vendor.
The direction, subject to the consultation, legally requires telecoms operators to:
Digital Secretary Nadine Dorries said:
The government is committed to ensuring the security and resilience of our phone and internet networks. Last year we brought in new laws to protect UK infrastructure from high-risk vendors and issue tough sanctions on providers which fall short of our high security standards. This consultation marks the next step in removing the risks posed by Huawei.
In July 2020 the government announced it would hold a technical consultation with full fibre operators regarding their use of Huawei equipment.
Following the conclusion of that technical consultation, the government worked with the National Cyber Security Centre to analyse responses. As a result, the proposed direction includes a ban on the installation of sanctions-affected equipment in full fibre networks, effective from the issuing of the designated vendor direction for Huawei.
The government considers that preventing any future installation of this equipment addresses the national security risk posed by Huawei in full fibre networks, but it will consider views from consultees before reaching a final decision.
This is not expected to impact the roll out of faster broadband. The telecoms industry remains committed to the governments target of bringing gigabit broadband to at least 85 per cent of the UK by 2025.
The NCSC has been consulted throughout the drafting of the consultation documents and the government has given due consideration to the NCSCs advice.
Link:
Government consults on legal direction to restrict Huawei in UK telecoms networks - GOV.UK
ISP Virgin Media UK Further Discounts Broadband and Phone – ISPreview.co.uk
Monday, February 21st, 2022 (7:17 am) - Score 1,392
UK ISP Virgin Media (VMO2) has this morning sweetened the existing discounts on their ultrafast broadband and phone bundles, which knocks a few extra pounds off the previous offer. Packages now start at just 25 per month for a speed of 108Mbps (10Mbps upload) with free setup (usually 35) and included weekend calls.
New customers can expect to receive an included wireless router, 18-month minimum contract term, unlimited usage, access to Virgins UK network of WiFi hotspots, internet security / parental controls and email. Sadly, the latest discounts do not extend to the operators top gigabit speed package(s).
The discounts, which look like they may only last for three days, also extend to Virgin Medias VOLT bundles with O2s mobile plans (were only going to list the broadband and phone options below). Just watch out for those hefty post-contract prices.
108Mbps (10Mbps) Fibre Broadband & PhonePRICE: 25 per month for 18 months (51 thereafter)
213Mbps (20Mbps) Fibre Broadband & PhonePRICE: 31 per month for 18 months (57 thereafter)
362Mbps (36Mbps) Fibre Broadband & PhonePRICE: 37 per month for 18 months (63 thereafter)
516Mbps (36Mbps) Fibre Broadband & PhonePRICE: 43 per month for 18 months (69 thereafter)
1130Mbps (52Mbps) Fibre Broadband & PhonePRICE: 64 per month for 18 months
Javascript must be enabled to post (most browsers do this automatically)
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.
NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Read the original here:
ISP Virgin Media UK Further Discounts Broadband and Phone - ISPreview.co.uk
What the Duck? Why an EU Proposal to Require "QWACs" Will Hurt Internet Security – EFF
It's become easier over the years for websites to improve their security, thanks to tools that allow more people to automate and easily set-up secure measures for web applications and the services they provide. A proposed amendment to Article 45 in the EUs Digital Identity Framework (eIDAS) would roll back these gains by requiring outdated ideas for security and authentication of websites. The amendment states that web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user-friendly manner. The amendment proposal emphasizes a specific type of documentation, Qualified Web Authentication Certificates, or QWACs, to accomplish this goal. The problem is that, simply put, the approach the amendment suggests has already been debunked as an effective way to convey security to users.
QWACs use guidelines similar to Extended Validation (EV) certificates. Both are digital certificates issued to domain owners with an added process that establishes an identity check on the domain owner. This approach has been proven ineffective over the years.
For a short while, browsers made a point of showing EV certificates to the user, displaying the certificate details in green. They assumed that this clear marker would indicate more security for users. However, nefarious parties ended up obtaining EV Certificates and hosting phishing sites. This highlights that HTTPSsupported by certificatesestablishes a secure connection between you and that website, but does not guarantee the website itself is storing or using the information you may submit to it ethically. Nor is it an assurance that a company's business practices are sound. That is what consumer protection laws are for.
Because emphasizing these certificates proved ineffective in helping user security, Chrome and Firefox in 2019 decided to no longer emphasize EV Certified websites in the URL bar. Safari stopped in late 2018. However, EV certificates are significantly more expensive and some Certificate Authorities (CAs) that sell them still inaccurately suggest that browsers emphasize EV certificates in their sales pitch for these products. Requiring that QWACs be displayed in the same fashion is just further pursuing the illusion that displaying identity information to the user will be worth the effort.
Requiring browsers to trust these certificates by EU government-mandated CAs, could impact users outside the EU as well. Rather than improve security as intended, this would likely force the adoption of a security-hindering feature into the internet experiences of users within and outside the EU. People could be susceptible to poor response of security incidents with EU-mandated CAs, breach of privacy, or malware targeting.
Its even been ludicrously suggested by Entrust (a CA) that any website that doesnt use QWACs or EV certificates be flagged by the browser with a warning to the user when they submit data. Such a warning would make no sense, because standard Domain Validation (DV) certificates provide the same security for data in transit as EV does.
Trust Services Forum - CA Day 2021
Transport Layer Security (TLS) is the backbone to secure your connection to a website. When this occurs, it is called HTTPS. Think of it as HTTP(S)ecure.
Browsers have worked for years to show people that their connection is secure without confusing them. This proposal would undo much of that user education by potentially unleashing a flood of warnings for sites that were actually adequately secured with DV certificates.
This amendment also makes problematic assumptions about how much consumers know about the identity of companies. Large corporations like Unilever own many products and brands, for example, and consumers may not realize that. Some well known brands, like Volvo automobiles, are owned by companies with seemingly unrelated names. Its also not impossible for two companies that offer completely different products to share a name; the marketing term brand twins describes this. Examples include Delta Airlines and Delta Faucet, or Apple Records and tech giant Apple, Inc.
Researcher Ian Carroll filed the necessary paperwork to incorporate a business called Stripe Inc
For these reasons, it is nearly impossible for a QWAC to achieve its stated goal of making the entity that owns a domain easily apparent to the people visiting a websiteespecially across the globe. QWACs also put up a weak defense against the simplest and most effective forms of hacking: social engineering. The very peoplescammers, phishers, etc.who are allegedly hindered with an EV or QWAC certificate, have and will find a way around them, because the validation process is still led by humans. Also, we shouldnt endorse the dangerous premise that only the right people in other words, those who can afford itshould have encrypted services.
This proposal to bind TLS to a legal identity across all domains that qualify is not achievable or scalable. QWACs will not readily solve this issue on the modern web or with mobile applications either; even with their slight technical differences from EV. Mozilla and other vendors (Apple, Google, Microsoft, Opera, and Vivaldi) have made sufficient suggestions for eIDAS to validate identity without binding identity to the TLS deployment process itself or using TLS Certificates at all. The push to use QWACs to achieve this goal is a detrimental framework that would discourage affordable and more efficient TLS.
Interoperability across borders is a great ideal to have, but the mandate to emphasize QWACs in the browser ironically hinders interoperability. The eIDAS Article 45 proposal attempts to guarantee the legal and safe identity of the website ownerbut that is not the problem TLS was built to solve.
Standard Domain Validated certificates by CAs have achieved the level of security that website visitors need globally. Tools like Certbot and the free CA Lets Encrypt have contributed to making TLS deployment and automation more widespread and accessible. Today, domain owners can utilize automated hosting services for services between businesses and with their own customers that alleviate traffic-handling and optimizing costs. Mandating QWAC emphasis threatens to set us back. Domain owners will likely have to use self-managed certificate options to maintain their web security. That would increase inequality across the internet. A large company can acquire the infrastructure to do this; They may even achieve partial automation, as has happened with EV certificates. However, smaller companies and individuals may not be able to acquire these tools as easily. Requiring all domain owners to have the technical expertise and the monetary resources to self-manage their certificates sets TLS deployment back 6 years, by raising the difficulty and barriers to complying with the eIDAS regulation.
This is all very reminiscent of a time when TLS deployment was more difficult, costly, and time consuming. This amendment to emphasize QWACs in the browser frames free security as bad security. In this case, that is neither truthful nor useful to internet users everywhere.
This post was updated on 2/9/22 to correct the involvement of the joint position paper linked in this post: https://blog.mozilla.org/netpolicy/files/2020/10/2020-10-01-eIDAS-Open-Public-Consultation-EU-Commission-.pdf
See the rest here:
What the Duck? Why an EU Proposal to Require "QWACs" Will Hurt Internet Security - EFF
Avast’s Online Protection and Secure Browser Products Win Latest Anti-Phishing Comparison Test – PRNewswire
AV-Comparatives' study, which ran from 13 January to 28 January 2022, tested all browser and antivirus products in parallel, exposing each to 250 valid and independently-selected phishing URLs, and 250 clean URLs for false alarm detection. The phishing protection provided by the AV products was tested on Windows 10 using Google Chrome 97.0 with Google Safebrowsing disabled. The browser extensions of the AVs were installed and enabled, and the competing browsers were tested without an antivirus program running. At the time of testing, all products were updated to their latest software versions.
"For many years, Avast's threat detection engine has been a standout performer achieving excellent results in the Malware Protection, Advanced Threat Protection and Real-World Protection Tests," said Andreas Clementi, Founder and CEO of AV-Comparatives. "Recently, Avast has excelled in the anti-phishing category, which is bad news for opportunistic cybercriminals who often depend on the high success rates of phishing attacks as a means of generating greater return on investment."
In 2021, our threat detection engine has identified and blocked nearly four million unique phishing URLs each month on average," said Siggi Stefnisson, Head of Threat Labs, at Avast. "Phishing is one of the most common threats for both businesses and consumers, often because it's easier to exploit the human condition through urgency, fear or pressure than it is to hack a system. Phishing attacks, particularly those which are targeted and personalized, and phishing URLs have become so widespread, hard to identify as malicious and successful in achieving their goals of theft, fraud and corporate espionage, that it's of paramount importance we maintain an industry-leading detection rate to apply to our products and services so our customers remain safe and secure online."
*This report was commissioned by Avast, however, AV-Comparatives' anti-phishing test of all products was carried out impartially and under identical conditions. The phishing sites were selected independently by AV-Comparatives without instruction, influence, dispute or review from Avast or any of the tested parties.
A complete breakdown of the antivirus and browsers products tested are listed below:
Antivirus Products:Avast Free Antivirus 21.11, Avast One Essential 21.11, Avira Free Antivirus 15.0, Bitdefender Internet Security 26.0, ESET Internet Security 21.3, Malwarebytes Premium 4.5, McAfee Total Protection 16.0, Microsoft Defender 4.18 (with Defender browser plugin for Chrome), NortonLifeLock Norton 360 22.21.
Browsers:Avast Secure Browser 97.0, Google Chrome 97.0 (with Safebrowsing), Microsoft Edge 97.0, Mozilla Firefox 96.0, Opera 82.0.
About Avast:Avast (LSE:AVST), a FTSE 100 company, is a global leader in digital security and privacy, headquartered in Prague, Czech Republic. With over 435 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company's threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of Coalition Against Stalkerware, No More Ransom, and the Internet Watch Foundation. Visit:www.avast.com.
Keep in touch with Avast:
Media Contact:[emailprotected]
SOURCE Avast Software, Inc.
See more here:
Avast's Online Protection and Secure Browser Products Win Latest Anti-Phishing Comparison Test - PRNewswire
Industrial Internet of Things Raises New Security Implications – Journal of Petroleum Technology
Industry implementation of the industrial Internet of Things (IIoT) for oil and gas operations will result in a significant alteration of the existing operations technology/information technology (OT/IT) digital architecture, causing a change in cyber-physical security because of new and additional cybersecurity vulnerabilities.
The conventional defense strategies for cybersecurity are based primarily on traditional IT network security designs and practices, such as assuring data integrity and protecting the confidentiality of data and intellectual property. The primary threat to oil and gas operations, however, comes from the growth in attacks designed and directed at OT systems, which can result in significant negative operational events. In recent years, this has spurred the development of expanded OT defense strategies and the technical hardening of industrial control systems.
The U.S. Department of Homeland Security has recorded the annual cyber incidents relating to different sectors (Fig. 1). The results indicate that the energy sector (including petroleum) is one of the primary potential attack targets.
Source: U.S. Department of Homeland Security
Changes in digital technologies and architectures arising from the implementation of the IIoT in oil and gas operations have brought intrinsic changes in the security landscape. The goal of this paper is to aid oilfield security planning and design processes through improved recognition of the cyber-physical security effects arising from the implementation of IIoT architectures and technologies into field OT domains.
The paper identifies and compares the current oilfield OT logical structures with the designs emerging through the IIoT implementations. The analysis includes extensive review of developing standards, such as those proposed by Industrial Internet Consortium, and ongoing published experiences to find the primary points of transition.
The security risks stemming from IIoT implementation appear to raise significant concerns with regard to potentially severe cybersecurity outcomes, which could materially affect the integrity and safety of oilfield operations. The study concentrated on the cybersecurity threats that could pose negative physical and operational conditions resulting from loss of visibility or loss of control of the operational processes in field facilities.
Extensive literature reviews were the basis for identifying the implications of cybersecurity risks in the ongoing stages of integrating the IIoT into the field. The reviews identified the modified strategies for cyber-physical systems, including potential threats and countermeasurements for the field IIoT model. These proposed strategies, however, still miss a fundamental denominator: The assessments generally ignore that it is the fundamental nature of IIoT structure itself that creates cyber-security vulnerabilities.
To investigate further, the authors performed a contrasting analysis based on specific case studies of field IIoT devices such as the pumpoff controller and OT architectures. The following three foundational threat implications emerged on the transformation of IIoT architecture into the oil field:
The cornerstone of the distinctive IIoT attributes illustrated in the paper contributes to the potential loss of control, leading to the potential for serious damages to operational outcomes in the field.
Download the complete paper from SPEs Health, Safety, Environment, and Sustainability Technical Discipline page for free until 23 February.
Find paper SPE 200858 on OnePetro here.
See the article here:
Industrial Internet of Things Raises New Security Implications - Journal of Petroleum Technology
Pandemic helps heartless romance fraudsters infect the internet – The Guardian
Fraudsters who engage in romance scams are becoming increasingly brazen about how they operate and are willing to spend five months building up a relationship with their victims, according to a security expert.
In some cases, criminals will even have video calls with victims, luring them into a false sense of security that they are involved with someone who is genuinely interested in them.
The number of romance scams, where people hand over money to someone they believe they are in a relationship with, doubled during the pandemic with the average victim losing 6,100, according to figures from TSB. Women are twice as likely to be victims as men.
Jake Moore, a cyber-security adviser at internet security firm ESET, says fraudsters can spend four to five months in establishing a fake relationship before carrying out the crime. During this time, they will often be working on several victims.
Theyre very good at remembering all the stories that lead along that journey [ending in] an elaborate scam as to why they want the money, he says.
These scams can be as simple as a person claiming their car has broken down on the way to visit and that they need money to repair it, he explains. In another instance reported by TSB, a soldier claimed he needed funds to get home from a foreign posting.
Victims, who TSB says are an average age of 47, have been increasingly targeted through social media and dating apps.
There have been warnings to consumers to beware of scams before Valentines Day .
Many scammers used restrictions on movement during the pandemic as an excuse not to meet up with victims. Refusing to meet in real-life, or face to face for a video call, are both things that should ring alarm bells.
However, Moore says that criminals are now taking more risks and making face-to-face video calls where they are fully visible.
There are male and female fraudsters who put in video calls every night, really creating this perfect story as to how this relationship unfolds.
He advises daters to change the times of the calls and to be spontaneous about when they happen, as this could upset a fraudsters timetable.
If they are controlling and saying its got to be this time then that could be a red flag, he says.
Katherine Hart from the Chartered Trading Standards Institute, which represents trading standards officers, says the pandemic increased peoples reliance on indirect communications through phones.
Theres the thinking that theyre protected by a computer screen to a certain extent, and will easily, and quite readily, pass on a lot of personal information via text or emails, she says.
Unfortunately, quite often we only find out about these things when somebody has actually intervened, whether that be a bank or a family member, or the victim has caused themselves such mental anguish there is a referral from social services.
In some instances, criminals will scan the death announcements and target lonely widowers in the following months with the promise of companionship, she says.
Action Fraud reported instances of romance fraud were up 40% in the year to April last year with almost 74m being lost.
Read more:
Pandemic helps heartless romance fraudsters infect the internet - The Guardian
Internet security company issue warning over sextortion scam doing the rounds in Irish… – The Irish Sun
AN internet security company have issued a warning about a 'sextortion' scam doing the rounds in Irish.
ESET, an online security company that offers anti-virus and firewalls, is urging people not to interact with the bogus email.
2
2
The scam email, which is written to the sender in Irish, comes from a South Korean address.
The scammer claims that they have a video of the sender watching pornography and threatens to make the footage public.
They then asks for 1,200 in bitcoin to make the footage go away.
The terrifying letter warns: "Final warning! All your data was copied. The login was successful.
"Greetings. Your system is compromised by the Trojan virus. It entered your device through the adult portals you visit.
"Some racy videos have malicious code that acts after being posted. All data has already been copied to my servers.
Most read in The Irish Sun
"I have full control over the device you have access to on the Internet.
"I can see your screen, use your microphone and camera. You wont notice it accordingly. Ive already done a screen recording."
They then ask for 1,200 in bitcoin at which point they say they will remove the virus from the person's device.
ESET said it is important to note that most sextortion letters are bluffs and the sender does not have the footage they are claiming.
They said: "It is important to note that most of these sextortion letters are bluffs and the sender doesnt actually have anything.
"These mails are just spammed out to millions of email addresses in hope someone will bite."
They urged the public not to respond to such emails and instead flag them as spam and warn their friends not to fall for it.
They added: "However in some cases the extortionists do have something and offer proof, they should be reported toAnGardaSochnas Cyber Crime Bureau."
Donald Trump Would Have Been Executed Over Server Access Claims, Son Says – Newsweek
Eric Trump has suggested that his father would have been subjected to "capital punishment" if he was found to have gained access to the servers of the Barack Obama administration, while discussing the recent allegations highlighted by John Durham.
Speaking to Fox News' Sean Hannity, the son of the former president questioned why the media was not making a bigger deal of the claims made by Durham, the special counsel appointed to investigate the FBI's investigation into Russian interference in the 2016 election, in court filings submitted on Friday.
Durham alleged that a tech executive for company Neustar had accessed White House servers in order to look at internet traffic from Trump Tower and the White House to uncover "derogatory" information about the former president.
"At what point is it acceptable to break into the servers at the White House? That's the most cherished building in this country that has the most top secrets, everything in this country that runs our government," Eric Trump told Hannity.
"And it's okay just to break into servers? Why, Because you're a Democrat? Can you imagine if my father broke into servers in the Obama administration? It would be capital punishment, Sean."
Eric Trump was referencing the documents filed by Durham that allege that the person named in the legal filings as "Tech Executive-1"believed to be Rodney Joffeused his domain name system (DNS) to find out which computers and servers the White House servers were accessing while looking into supposed links between the Trump Organization and Alfa Bank of Russia.
The details were listed by Durham as part of a case brought against Michael Sussmann, a cybersecurity lawyer with links to the Clinton campaign who has been charged with making a false statement to the FBI during a 2016 meeting where he shared information about the Trump Organization and the Russian bank. Sussmann has pleaded not guilty to the allegations.
The filings suggest that Sussmann had obtained that information that a Russian-made smartphone, YotaPhone, had been used from networks serving the White House and Trump Tower from Joffe, a client of his.
"Tech Executive-1's employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP [Executive Office of the President] as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP's DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump," the filing stated.
Fox News had reported the claims as Clinton's presidential campaign paying a technology company to "infiltrate" servers tied to Trump, despite the word "infiltrate" not appearing in the motion.
Trump took the allegations as validation for his cries that the Obama administration had been spying on him during his time in office, even though the claim is now against the Clinton campaign, and that the Russian interference probe was nothing more than a "hoax."
Trump also appeared to suggest that members of Clinton's campaign staff should have been executed over the allegations.
"The latest pleading from Special Counsel Robert [sic] Durham provides indisputable evidence that my campaign and presidency were spied on by operatives paid by the Hillary Clinton Campaign in an effort to develop a completely fabricated connection to Russia," Trump said in a February 12 statement.
"In a stronger period of time in our country, this crime would have been punishable by death."
In a Monday statement, Trump speculated that "all hell would break loose and the electric chair would immediately come out of retirement" if the roles were reversed and he got "caught illegally spying"a claim that was echoed by his son Eric on Fox News.
Ohio congressman Jim Jordan also appeared to back Trump's calls for Clinton's aides to face the death sentence over the allegations, telling Fox and Friends that the former president was "right on target" with his remark.
In a statement to The Washington Post, a spokesman for Joffe said: "Contrary to the allegations in this recent filing, Mr. Joffe is an apolitical Internet security expert with decades of service to the U.S. Government who has never worked for a political party, and who legally provided access to DNS data obtained from a private client that separately was providing DNS services to the Executive Office of the President (EOP)."
The statement added that Joffe's contract meant he had lawful access to analyze DNS data in order to identify and analyze security breaches or threats.
Read more:
Donald Trump Would Have Been Executed Over Server Access Claims, Son Says - Newsweek
Right of Boom Live Blog: MSP Security Conference Takeaways – MSSP Alert
by Joe Panettieri Feb 10, 2022
Andrew Morgan, founder, Cyber Nation & CyberCall
The Right of Boom security conference for MSPs is under way in Tampa, Florida. Both MSSP Alert and ChannelE2E are on-hand to cover the event. Keep checking this blog for ongoing updates from the event, which is hosted by Andrew Morgan founder of The Cyber Nation and host of The CyberCall.
Heres what weve heard from the event so far:
1. Can Your MSP Really Survive a Cyberattack? We raised and explored that topic ahead of the event. Among our areas of concern: What percentage of MSPs are really qualified to offer MDR (Managed Detection and Response), and how many of those MDR-focused service providers actually offer credible response capabilities? Well be seeking answers at the event.
Beau Bullock, Black Hills Information Security
2. Top 10 Cloud Security Risks MSPs and MSSPs Need to Mitigate: This topic surfaced during a pre-conference workshop led by Beau Bullock of Black Hills Information Security.
3. MSP Ecosystem Embraces Physical and Virtual CISOs: Full-time chief information security officers, virtual CISOs and associated technology startups are popping up across the MSP software industry leading a multi-year journey that is starting to deliver improved MSP industry security and enhanced risk mitigation. Its a safe bet the vCISO trend as well as actual CISOs including Dattos Ryan Weeks will be on hand at the conference.
Wes Spencer
4. Laggards In This Journey Get Left Behind: Thats the key takeaway from Wes Spencer, who called on the MSP sector to move together, continue to shift right and make sure no MSP gets left behind in the cyber journey especially as MSPs begin to master detection and extend their focus to effective right.
5. Wes Spencer Joins Rewst: Details about Spencer joining Rewst are here from ChannelE2E. Rewst is a Robotic Process Automation (RPA) software startup focused on MSPs.
Jon Murchison, CEO, Blackpoint Cyber
6. MSP Security Progress: In the past three years, the MSP industry has made 10 years of progress, Morgan asserted. I agree.
7. Blackpoint Cyber CEO Jon Murchison: Most of the initial targeting involves RDP being open to the Internet, an unpatched firewall or phishing. Youd be surprised how many Exchange Servers remain unpatched. Also, be careful of rogue RMM (remote monitoring and management) installs and related free trials that may not be secure, he noted.
Phyllis Lee, Center for Internet Security
8. DMZs Are Dead: Move to the Zero Trust Model for a proper path forward, Murchison said.
9. Get to Know the Center for Internet Security: A key name to know is Phyllis Lee, senior director for controls at the Center for Internet Security. Lee pointed out that MSPs need to really understand effective cyber hygiene to maintain a proper posture, and be aware of where you data is going, records you care about and the fact that your network ends at your employees and partners fingertips. Also, read up on the Microsoft 365 security guidance from CIS, Murchison said.
John Hammond, Huntress
Jennifer VanderWier, F1 Solutions
10. The Year of Supply Chain Vulnerabilities and Mass Exploitation: Here, guest speakers John Hammond of Huntress and Jennifer VanderWier of F1 Solutions emphasized that MSPs have to look beyond their RMM to really analyze the security of every toolset the test/adopt. In F1 Solutions case, the MSP created a standardized list of security questions that team members ask their tool vendors. And in many cases, F1 Solutions will ask multiple sources at a software company about their cyber posture to see if all the statements match.
11. Ten Security Vendors MSPs Should Ask Their Software Suppliers: Thank you to VanderWier and Hammond for the list.
Sounil Yu
12. The Irony of Automation: A great paper, recommended by keynote speaker Sounil Yu, CISO & head of research at JupiterOne.
13. Resources from Sounil Yu: Thank you to Kyle Jackson, senior program manager at ConnectWise, for that high-value link.
14. The Cyber Defense Matrix: The grid is below. For more info, check out Sounil Yus website. The site is required reading for MSPs and MSSPs. The grid is all about helping organizations to map and improve their security controls.
14. The Cyber Defense Matrix Where MSPs and MSSPs fit:Whats the difference between an MSP and an MSSP? Generally speaking, I often say that MSPs are in the shallow-end of the security pool and also offer general purpose IT support. MSSPs are in the deep-end of the security pool and focus purely on security. Thats my spin. But Yu gets even more granular by mapping out MSP and MSSP capabilities in the Cyber Defense Matrix. Note: Yus mapping is meant to be a general perspective rather than any type of official, firm guide for the services that MSPs and MSSPs generally offer. Heres the mapping:
15. Additional News Updates: Keep checking this blog for more updates. And if youd like to meet or say hi at the conference, then send me an email ([emailprotected]).
Read more:
Right of Boom Live Blog: MSP Security Conference Takeaways - MSSP Alert