Mobile Security

Web-borne threats are not exclusive to wired network systems, and mobile security is an element often ignored by organizations and mobile users alike. With the increased use of mobile devices in the workplace, mobile security is an issue that should feature uppermost in the consciousness of IT security professionals.

Mobile security is not just an issue for employers and employees. Visitors using an organization´s WiFi network to stay connected should also be subject to an acceptable use policy to ensure that they do not visit websites that may result in malware being downloaded onto a WiFi router – and subsequently onto every device that connects with the WiFi router.

Stay up-to-date with the latest news about mobile security and mitigate the risk of malware infecting users´ devices by implementing a WiFI Internet filter. A WiFi Internet filter can do much more than enhance online security. It has been seen to enhance productivity in the workplace, increase custom and even introduce new marketing opportunities for organizations in the retail sector.

Rovnix Malware Being Used to Attack Japanese Banks

Security researchers at IBM’s X-Force have identified a worrying new Rovnix malware strain that is being used in a spate of cyberattacks on Japanese banks.

Rovnix malware is nothing new. It has been around for a couple of years but it is now ranking as one of the top ten most popular malware strains to be used for attacks on financial institutions. It may not be used nearly as often as Dyre, Neverquest, Dridex, Zeus or Gozi, – the top 5 malware currently being used by cybercriminals – but it is particularly nasty and is highly persistent. Worse still, the new strain of the malware is only recognized by 7% of anti-virus software vendors.

New Rovnix Malware Strain Is Particularly Worrying for Japan’s Banks

The latest wave of attacks on Japanese banks signal a major departure from the usual attacks being conducted by cybercriminal gangs in Europe. Previously, they have concentrated on attacking European banks and Japan has been left well alone. That is no longer the case. In fact, IBM’s X-Force has described the latest wave of attacks as “an onslaught.” The criminal gang behind the latest Rovnix malware attack has already targeted 14 Japanese banks since the start of December last year.

The language barrier has prevented cybercriminal gangs from targeting Japans banks in the past, but they have now got around the problem and have developed their campaign in Japanese. Each campaign has been tailored for each of the banks under attack.

As with campaigns conducted in Europe, the primary means of malware delivery is spam email. A spam message contains a zip file with a fairly innocuous waybill detailing the delivery of a parcel from a courier company. Opening the attachment and viewing the waybill will result in a downloader being launched that will load Rovnix malware onto a device.

Highly Sophisticated Rovnix Malware Defeats Two-Factor Authentication

One of the most worrying features of Rovnix malware is its elaborate web injection mechanism which mimics the banks web pages. When an end user visits the bank’s webpage the malware injects Javascript and shows the user modified sections of the banks webpage. Login credentials are stolen, but crucially, so is the second password which enables a transaction to be conducted.

More worrying is some users are being prompted to download an app to their mobile phone. Doing that will result in their SMS messages being compromised. When the bank sends an authorization code to the mobile device, the cybercriminals will use that code to authorize a fraudulent transfer, defeating the two-factor authentication used by the bank.

Rovnix malware tends to be used to target one country at a time, but that may not necessarily always be the case. It can be quickly and easily adapted to attack any country’s banks. Rovnix malware is highly sophisticated and can be tailored to attack different institutions and evade detection. Even before the malware is installed, it can scan a device and determine which security protections are installed. It then uses a wide range of mechanisms to evade detection.

Hackable Bug Found In World’s Most Secure Smartphone

What is arguably the world’s most secure Smartphone may not be quite as secure as users have been led to believe. A hackable bug has been discovered that allows Silent Circle’s Blackphone 1 to be hijacked.

On its release, Silent Circle’s Blackphone was billed as being the first Smartphone designed with privacy at the core of its design. The phone looks like any other Smartphone and functions just like an Android device. However, it runs on Silent OS, a custom-designed Android OS that to all intents and purposes closes all possible backdoors. At least, that was the plan. It turns out that not all backdoors have actually been closed.

Backdoor Exists in World’s Most Secure Smartphone

Researchers at SentinalOne have discovered that one backdoor exists that allows the ultra-secure Smartphone to be hijacked by hackers. While the user will believe their phone calls and text messages are perfectly secure, a hacker could be listening in to calls and monitoring the numbers that are being dialed or received. The security flaw would also allow an attacker to read text messages sent or received, change caller ID settings, mute the modem speaker, kill the modem, silently check numbers, make calls via the phone, or force conference calls with other individuals.

A person attempting to call the user of a hijacked Blackphone could have that phone call directed to the attacker without the Blackphone user being aware that the call is taking place.

The Blackphone security vulnerability is not in the software, but is a security flaw in the device’s inbuilt modem. The modem contains an open socket which potentially allows a hacker to run radio commands. The open port could potentially have been used by the developers of the phone for debugging functions, yet the internal port was not secured before its release. A simple oversight maybe, but one which potentially leaves the phone wide open to attack by hackers.

The vulnerability could potentially be exploited via a malicious app, or it is conceivable that the owner of the phone could be targeted with a phishing campaign and convinced to run malicious code.

Researchers do not believe that the vulnerability has been exploited in the wild, and a software update has now been issued to address the vulnerability. All users must update to 1.1.13 RC3 or above to secure their device. Now that the vulnerability has been disclosed the update is critical.

A bug in a Smartphone is to be expected, but for one to exist in what is supposedly one of the world’s most secure Smartphone is something of a worry. Furthermore, this is not the only Blackphone bug discovered. Last year a Blackphone security vulnerability was uncovered in its secure messaging application. The memory corruption vulnerability could be exploited remotely by a hacker and used to gain the privileges of the messaging application. This would enable the attacker to decrypt the Blackphone’s encrypted messages, read contact information, run code, or write to external storage.

2016 Security Threats: Where Your Next Attack May Come From

2014 was a bad year for IT security professionals, and thanks to some large scale cyberattacks, 2015 was not much better. However, what does 2016 have in store? What will be the biggest 2016 security threats? Some predictions for the coming year are listed below:

2016 Security Threats: What does the coming year have in store?

What is abundantly clear is that 2016 security threats will increase in number. The cyberattack surface is growing with more devices and device types to attack than ever before. Cybersecurity budgets may have been increased for 2016, but funding has not been increased by nearly enough for many IT departments. Tackling the biggest 2016 security threats will be a big ask, and vulnerabilities will remain that can be exploited.

Phishing will continue to be an effective attack option

Enterprise cybersecurity defenses are becoming more sophisticated, passwords are becoming more secure, and two-factor authentication is becoming the norm. It is certainly now harder for cybercriminals to successfully attack many companies. Unfortunately end users are still a major weak point that cybercriminals will continue to exploit. Many major cyberattacks in 2015 had their roots in phishing attacks and the attacks are expected to continue in 2016.

Unless staff members receive training on how to identify phishing emails and spot malicious websites, they are likely to fall for phishing scams. Major data breaches are likely to be discovered in 2016 that have been made possible due to phishing schemes.

IoT device hacks a growing cause for concern

If you thought that the hacking of IoT devices was something to be dealt with next year or later, you may find you will end up regretting not securing your devices sooner. It may not be time to worry about your refrigerator being hacked, but as was demonstrated quite clearly in 2015, IoT hacks are not a future problem. They are a clear and present danger. Valasek’s and Miller’s successful hacking of a Jeep Cherokee proved that. Medical devices are also high up the list of potential targets, and could be used as an easy entry point into healthcare networks. Hacks of IoT devices are likely to start in earnest in 2016.

Difficult-to-Detect attacks will increase

Traditional malware will continue to pose a major threat to consumers and businesses, but difficult-to-detect attacks are on the increase. Memory-resident and other fileless malware attacks will increase in prevalence in 2016. As security software gets better at identifying malicious software, cybercriminals will take advantage of security vulnerabilities in BIOS, firmware, and drivers. These attacks are difficult to detect, but are fortunately also difficult to execute. Until memory scanning technology is implemented by the majority of organizations, these attacks are likely to proliferate.

Apple Devices to be targeted

As Apple’s market share increases, attacking Apple devices will become more profitable. With Apple now having a 13.5 percent share of global smartphone sales and 7.5 percent of the desktop market, the devices are likely to be attacked with increasing regularity.

While the devices were previously considered to be secure, new iOS and OS X malware has been discovered. That malware doesn’t just pose a risk for users of jail-broken devices. In 2015, XcodeGhost found its way into the Apple App Store, and this is unlikely to be the last malware to target the Apple devices. Further Masque attacks can also be expected in 2016. Apple device owners may have a rude awakening in 2016 if they remain complacent about security.

Card-Not-Present (CNP) Fraud to Increase

Thanks to the introduction of new payment technologies, it is becoming harder for criminals to conduct point-of-sale attacks, but the data stored by retailers is still not well protected. Cyberattacks on retailers will concentrate on obtaining data for digital fraud, and an increase in card-not-present (CNP) fraud can be expected. In the EU, CNP fraud rose by 21% last year and faster growth is expected in 2016.

Healthcare industry will continue to be targeted

At the end of 2014, many security experts predicted that 2015 would be a rough year for the healthcare industry, but few could have imagined how rough it would get and how quickly cyberattacks would occur. It didn’t take long. Within two months, two healthcare hacking incidents were reported that made previous data breaches look tiny by comparison. The attack on Premera BlueCross exposed a whopping 11 million healthcare records, but even that was tiny compared to the 78.8 million records exposed in the hack of Anthem Inc. Over 113 million healthcare records were exposed or stolen in 2015.

In 2016, the healthcare industry is likely to continue to be targeted by hackers. The data they store is of high value and security defenses are still relatively poor.

iOS Malware Boom Expected in 2016

The rise in popularity of Macs, Macbooks, and iPhones has seen even more consumers make the switch from desktops and Android phones. As the number of Apple users grows, so too will the threat from malware. While previously thought of as totally secure, Apple devices have now been attacked and those attacks are likely to continue. Some security experts are now predicting an OS X and iOS malware boom in 2016, as hackers and cybercriminals attempt to tap into Apples user base.

Hackers have previously concentrated on Windows due to the sheer number of users using the operating system. It is more profitable to attack a system that virtually everyone uses rather than a system used by relatively few individuals.

Apple devices are more secure than their Windows-based counterparts, although in recent months a number of chinks have been found in Apples armor. Hackers are expected to take advantage with increasing frequency over the course of the next 12 months.

One of the ways that cybercriminals have started to attack apple users is via malicious apps that have been sneaked into the Apple App store. The Masque attack in 2014 replaced legitimate apps with nasty versions, and other methods have been developed that have allowed hackers to sneak malicious programs onto user’s devices.

First iOS Malware Discovered in the Wild in 2015

iOS malware may be less common than malware designed to attack Windows, but we have already seen a major increase in malicious programs designed to attack Apple devices. OS X malware has increased nine-fold over the course of the past year according to Symantec, and in October the first iOS malware – YiSpecter – that was capable of attacking non-jailbroken devices was discovered. This iOS malware implements malicious functionalities in iOS and is capable of downloading, installing, and launching malicious apps, displaying adverts, and uploading user data to remote servers. The iOS malware attack mostly affected users in Taiwan and China, but attacks such as this are expected to take place worldwide in 2016.

A fix for this iOS malware was rapidly issued by Apple, and the latest versions of the operating system is now immune to YiSpecter attacks. However, this is just the first of a number of new iOS malware that can be expected over the next few months.

Apple Pay is also expected to be targeted in 2016. The payment system was unveiled in 2014 amid claims that it was immune from attack and could not be used to commit fraud, yet only a few months later it was discovered that Apple Pay was being used to commit fraud. Accounts could be used with stolen credit card numbers and purchases made using iPhones.

Apple users are still less likely to be targeted by hackers than Windows users, but the devices are far from immune from attack. As more users make the switch to Apple and its market share increases, hackers are likely to respond and start targeting Apple software with increasing regularity and iOS malware will increase.

Apple Malware Infections Double in a Year

Hackers are concentrating on developing mobile malware that targets Android devices, but Apple malware infections are increasing. Furthermore, security researchers are predicting Apple malware infections will grow steadily over the course of the next 12 months.

Apple malware infections are on the increase

Over the course of the past 12 months the number of Apple malware infections have doubled, and the problem is only likely to get worse for users of iOS devices according to security researchers.

Last year, researchers at Symantec discovered between 10,000 and 70,000 new Apple malware infections every month. This year there has been a 7-fold increase in malicious software infections affecting Apple OS X computers up until the end of September. Symantec has already discovered 400,363 Macs that have been infected with malware.

The researchers did point out that only 10 new types of Apple-infecting malware have been discovered so far this year, with the bulk of the OS X malware infections involving “grayware”. These are not purposely designed malicious software programs, rather apps that are capable of serving malicious adverts or tracking user behavior.

New malicious software that targets iOS is increasing, but only 7 new types of malware have been discovered by Symantec so far this year. That should be compared with the 9,839 new mobile malware variants that have been discovered to be targeting target Android devices.

There is a growing malware problem, but Apple remains the safest mobile platform

Users of Apple devices have had it easy for many years. Hackers have developed malware capable of infecting Apple devices, but there are far bigger gains to be had from developing malware that targets Windows and Android devices. The majority of iOS malware can also only infect devices that have been jailbroken, so most users remain relatively safe.

Apple’s share of the mobile device market is relatively small, and while the number of units expected to be shipped in the next 5 years is expected to grow, so too will the number of Android devices. IDC has predicted there will be a 2.2% drop in Apple’s market share over the course of the next 5 years, although with  237 million to 274.5 million Apple devices expected to be shipped, there will be plenty of devices for hackers to attack. In fact, in 2015, Apple device ownership is expected to grow by 23% according to IDC.

No need to panic just yet, but there is cause for concern

It is not yet time to panic, but there is growing concern over the number of Apple malware infections that are now being discovered. The majority of new mobile device malware now being discovered targets Android devices, and Apple remains the safest choice. What is clear is iOS and OS X are no longer as safe as they were once believed to be, and users of Apple devices should not become complacent.

Infections are possible and any user of a jailbroken Apple device who fails to take precautions against malicious software could well live to regret that decision.

3 PC Rise in Corporate Malware Attacks in 2015, Say Kaspersky

According to research conducted by Internet security firm Kaspersky Lab, corporate malware attacks have increased by 3% year-on-year. In 2015, 58% of companies had been attacked with malware on at least one occasion and the motivation for conducting corporate malware attacks are numerous. Not all attackers are demanding a ransom.

Reasons for corporate malware attacks

In many cases, corporate malware attacks are conducted for financial reasons – but not always. There has been an increase in hacktivism and attacks on business competitors. According to research conducted by Kaspersky/B2B International, 28% of suspects in cyberattacks were believed to be attempting to simply disrupt a company’s operations.

Corporate malware attacks by competitors are believed to be increasing and in many cases the attackers are known. This is certainly the case for DDoS attacks. 48% of companies claimed to know the source of DDoS attacks they had suffered and 12% believed that the source was a specific competitor. 11% of attacks were conducted by political activists, while government backed groups accounted for 5% of attacks.

The mode of attack on corporate targets differs from attacks on consumers according to Kaspersky Lab.

There has been an increase in exploitation of legitimate software programs, with office programs used to attack companies three times as often as attacks on consumer targets. Internet-based attacks were commonly conducted on business customers. 29% of businesses claimed to have been exposed to Internet threats, while 41% of businesses were attacked via portable storage devices. Attacks on mobile devices have also increased as criminals have realized the ease at which the devices can be compromised and the wealth of data that are stored on the devices.

Cryptolocker infections double in 2015

Cryptolocker ransomware infections have increased substantially in recent months. There have been twice as many infections in 2015 as were recorded in 2014. According to Kaspersky, over 50,000 corporate devices were locked by Cryptolocker in 2015. Corporate customers have been given little alternative but to pay ransoms to get their data unlocked. Unfortunately, even when a ransom was paid, security keys were not always provided or did not work.

DDoS attacks being commissioned by business competitors

Attacks conducted for financial gain are still the most common, especially in the Telecom and manufacturing industry. Survey respondents from both industries claimed that ransoms were demanded in 27% of DDoS cyberattacks. Overall, 17% of attacks involved the disruption of services until a ransom was paid. In 18% of cases, DDoS attacks were conducted to distract IT security professionals while hackers went to work on other systems, as was the case with the recent attack on Internet and mobile phone service provider, TalkTalk. Companies appear to be increasingly attempting to gain a competitive edge by paying for hackers to disrupt the operations of their competitors.

2015: The year of the PoS attack!

2015 has also been a year of attacks on Point of Sale terminals. Retailers have been targeted by hackers trying to gain access to PoS data, oftentimes by installing malware capable of recording data from transactions. Kaspersky Lab managed to block more than 11,500 PoS hacks in 2015. 70% of hacks of PoS terminals involved malicious software that had only been developed this year. These attacks are likely to increase over the course of the next 12 months.

New Critical Android Vulnerability Discovered

A new critical Android vulnerability has been discovered that could potentially allow Android Smartphones to be hijacked by hackers without any user interaction required. The vulnerability affects Chrome JavaScript v8 – and not just older devices but the latest models now being released. Even the Nexus 6, one of the most advanced and secure Android phones, contains the vulnerability.

Hackers could potentially use the exploit to install apps on the device without any user interaction. The apps could be given permissions to access all communications made through the device. The new critical Android vulnerability was demonstrated at the recent Tokyo PacSec conference. Full details of the exploit have been shared with Google and a patch is currently being developed to plug the security hole.

This is just one more critical Android vulnerability to be discovered, and it will not be the last. Fortunately, this time the security hole was found by a security expert rather than a hacker.

Fake ID critical android vulnerability still exists on many Smartphones

Last year, researchers at Bluebox Security discovered another critical vulnerability which affects all Android Smartphones running KitKat (version 2.1 to 4.4). The critical Android vulnerability affects millions of devices,

The vulnerability, named Fake ID, potentially allows hackers to develop apps that can exploit a flaw in the way the devices deal with security certificates. The vulnerability can be used to gain privileges granted to other applications – even those with high levels of privileges such as Google Wallet.

Fortunately, to exploit this critical Android vulnerability, hackers would need to convince the user to download a malicious app to their device, which would be difficult if the user only used Google Play Store to obtain new apps.

However, StageFright – a critical Android vulnerability discovered this summer – is potentially much more serious. The bug enables a hacker to remotely execute code on an Android phone and escalate privileges. StageFright allows a hacker to attack an Android device via a video sent by MMS text message. The attack is possible via the libStageFright mechanism.

Android phones running Google Hangouts would potentially be vulnerable and could be exploited without the user’s knowledge as the app processes video automatically before the message is viewed by the user.

Due to how patches are rolled out, Smartphones could still be vulnerable to both Fake ID and StageFright, even though patches have now been released.

When a new critical security vulnerability is discovered, a patch is rapidly developed to plug the security hole. Even when a patch is issued, it can take some time before it is rolled out and installed on each device. The speed depends on the carrier. Patches are rolled out quickly in some cases – Google Nexus and LG for example – but slower with other brands such as Samsung and HTC.

Often updates to the operating system are packaged together with manufacturer updates and are not rolled out immediately. Sometimes they are not rolled out at all, leaving some phones particularly vulnerable to attack.

A recent study conducted by the University of Cambridge showed that 87% of Smartphones contain at least one critical Android vulnerability, and many contain more than one.

Reducing Security Risk from Android Devices

BYOD has grown in popularity in recent years, and many employers are now allowing employees to bring their own mobile devices to work. While not all allow the use of personal laptops, employees are commonly allowed to use their Smartphones at work, and even use them to connect to their employer’s network.

Any employer operating BYOD, should carefully consider which devices are allowed to connect to the corporate network. Some Smartphones are safer than others and will involve much lower network security risk. Allow devices to connect that can be easily compromised, and they could be used as a platform to launch an attack on the network.

Apple Malware Attack Affects 225,000 Device Owners

Apple device security is particularly robust, yet the company’s operating systems are far from impregnable as a recent Apple malware attack has shown. Apple device users have recently been targeted by hackers believed to be operating out of China. The Apple malware attack has so far resulted in the credentials of approximately 225,000 iPhone users being obtained by the hackers.

KeyRaider Responsible for Apple Malware Attack

The malware in question has been named KeyRaider. Fortunately, only device owners who have jailbroken their iPhones are at risk of infection. Jailbreaking an iPhone will allow banned apps to be installed on the devices, but the process also introduces a vulnerability that can be exploited by hackers. KeyRaider attacks devices that have been jailbroken using Cydia: The most popular jailbreaking tool for Apple devices.

Device GUID as well as Apple account user names and passwords have successfully been stolen by KeyRaider. The malware can steal user credentials, Apple purchasing information, private keys, and Apple push notification certificates.

Once infected, user credentials are uploaded to a command and control server, and those data are made accessible to other individuals. The information can be used to purchase apps for Apple devices without the user being charged, instead the charges for the purchases are applied to infected users’ accounts.

To date it has been estimated that as many as 20,000 individuals have downloaded software that allows them to obtain Apple apps for free at the expense of other Apple device users. In some cases, users’ devices have been locked and attackers have demanded ransoms to be paid to unlock the infected iPhones and iPads.

The Apple malware attack was discovered by Palo Alto Networks and China’s WeipTech, although services have now been developed that are capable of detecting devices that have been infected with the malware.

iOS App Store applications being infected with malware

Palo Alto Networks has also recently issued a warning over IOS App Store applications that have been infected with malware. To date, 39 different apps have been discovered to have been infected, placing users of non-jailbroken Apple devices at risk of compromising their iPhones and iPads. Hackers were able to copy and alter Xcode development tools used by iOS app developers, and have been able to infect genuine applications by injecting malicious code.

It is not just relatively obscure apps that have been infected. WeChat is used by hundreds of millions of Apple device owners, and the app was one of those infected with malicious code. That said, the developers of the app, Tencent, have investigated the issue have reported that the malware has not been able to steal user credentials.

The malware infections are understood to be used to steal iCloud login credentials and Chinese security researchers have discovered close to 350 different mobile apps that have been injected with malicious code. Those apps include some of the most popular Apple apps being downloaded in China, such as Didi Kuaidi.

Some of the Chinese App Store apps discovered to have been compromised

hacked iPhone apps

The recent Apple malware attacks have come as a surprise to many security researchers and users who considered Apple devices to be perfectly safe. While Apple is without any shadow of a doubt the safest mobile platform, owners of the devices should not consider iOS to be 100% safe.

Benefits of Teaching Hacking Techniques

This article explores the benefits of teaching hacking techniques. Why on earth would I want to do that you may ask? Isn’t that the same as telling someone how to rob a bank? Well, it is, but teaching hacking techniques does have a lot of benefits. For a start, it is essential if you want to be able to defend a network from an attack by a skilled black hat. You must be able to think like a hacker in order to protect a network from one, but you need a real hacker to tell you if your network has been properly secured.

Teaching hacking techniques is like training a new army of hackers!

Let’s take a look at the three “types of hacker”. First there is the black hat hacker (boo, hiss). This rather nasty individual is intent on causing havoc with their malicious ways. They want to destroy, disrupt, and rob.

According to Robert Moore (2005), a black hat hacker is someone who “violates computer security for little reason beyond maliciousness or for personal gain.”

Then there is the white hat hacker. A white hat hacker uses his or her skills for good (hooray!) They are computer security experts who want to protect computer systems from attack.

Then there is the gray hat hacker. This individual is somewhere between the black and white. They are often called ethical hackers, and these are the individuals that perform penetration testing (pentesting). These individuals behave exactly like a black hat would, minus the maliciousness. Their goal is to find vulnerabilities and exploit them to show whether it can be done. They must gain access and be able to cause havoc. To do that they must be as good as a black hat hacker.

There is not much difference between an ethical hacker and a black hat hacker. In fact, on black hat forums you will not only find articles aimed at improving the skills of black hat hackers, but also articles aimed at gray hats and white hats. For example, two articles below have recently been posted on a black hat hacking website:

  1. “Harnessing GP²Us – Building Better Browser Based Botnets”
  2. “Hybrid Defense: How to Protect Yourself From Polymorphic 0-days”

The benefits of teaching hacking techniques

You can’t become a hacker from reading a few articles on the internet. Sure you can learn a thing or two, but before you can call yourself a hacker you must be able to demonstrate that you can actually put your knowledge into practice. The best hackers, of all colors, are those who have spent countless hours poking around inside computer systems and studying networks and network devices first hand.

In fact, if you want to be an ethical hacker you must have the skills of a black hat hacker. You will need to be taught, you will need to study, and you will need to practice. Teaching hacking techniques will actually help to build up an army of hackers that can use their skills for good.

If you want to get into pentesting you will need to work hard. Typically, you will need to have passed A+ certification, Network+, Security+, and obtained CCNA, CISSP or TICSA certification. You will need to have worked in tech support and information security. You will need hands on experience. Then, and only then, will you be able to become a Certified Ethical Hacker (CEH).

Of course, it is important that you then only every use your skills for good, even though you would be capable of using those skills for nefarious financial gain or to cause malicious harm.

The danger of teaching hacking techniques

Teaching hacking techniques has potential to create a whole army of hackers that could cause considerable harm, yet without people who have the same abilities as black hat hackers, how would it be possible to properly conduct penetration testing?

According to a recent Bloomberg article, gray hats “break into computer networks and digital devices to find holes before the bad guys do”. They are heroes. Take Barnaby Jack for example. He showed how it is possible to hack ATM machines and get them to churn out cash. His insights resulted in banks enhancing their security measures to make sure that criminals could not take advantage of the same security flaws.

Sure it is important to learn defensive strategies to protect systems from attack, but if you really want to beat bad guys at their game, teaching the hacking techniques used by the bad guys is essential. It is vital that gray hats are taught hacking from an offensive perspective as well as a defensive one!

New US Cybersecurity Legislation to Be Proposed

President Barack Obama is set to propose new US cybersecurity legislation this week in an effort to tackle the growing problem of cybercrime. Recent high profile hacks on government organizations have caused considerable embarrassment and there is growing concern that the US government is losing the war on cybercrime and that it can do little to prevent attacks from foreign-government backed hacking groups.

New US cybersecurity legislation will increase the government’s power to prosecute cybercriminals

New US cybersecurity legislation is seen as the answer to the government’s inability to prevent cyberattacks. Further intel is required, new powers needed to pursue criminals, and also to take action over criminal activity that takes place outside its borders.

Currently private companies are unwilling to share cyberthreat intel with the government, and improved collaboration and intel sharing with the private sector is seen as critical in the fight against cybercrime.

The proposed US cybersecurity legislation would make it much easier for the courts to take action to shut down criminal botnets and would discourage the sale of spyware. It will also expand the current Racketeering Influenced and Corrupt Organizations Act. This would give the government greater power to prosecute individuals engaged in cybercriminal activity, such as the selling or renting of botnets. It would also increase the government’s power to prosecute for the selling of government information outside US geographical boundaries.

The new US cybersecurity legislation is being pushed through in the wake of a particularly embarrassing hack of the U.S. Central Command’s Twitter account. Hackers managed to gain access to the Twitter account and post pro-ISIS content. Action was already being planned following a host of major cybersecurity incidents such as the attack on Sony, which has been attributed to a hacking team backed by North Korea. The Twitter hack was last straw for many, and will be used to help push through the new legislative package.

In the words of President Obama, the attacks “show how much more work we need to do, both public and private sector, to strengthen our cybersecurity.”

US cybersecurity legislation to offer private companies targeted liability protection

Private companies will be forced to share their cyberthreat intelligence with the government, although they will receive “targeted liability protection.” Even president Obama admitted to not knowing exactly what that meant.

The problem with sharing intelligence data is the threat of subsequent lawsuits. The liability protection is supposed to relieve any fears of legal action for the disclosure of information, although private companies may require more convincing.

Under the current proposals, private companies would be permitted to remove information about individuals before sharing data. Previous attempts to introduce new US cybersecurity legislation have failed due to the unwillingness of private companies to leave themselves wide open to litigation.

Part of the new legislative package is likely to include a new data breach notification law that would require all organizations to report hacking incidents to the government as well as requiring them to provide further information about cybersecurity breaches and data theft to consumers.

While few would argue that new US cybersecurity legislation is required, many privacy proponents are uncomfortable with the wording being used in the proposed legislative package, which they claim is intentionally vague.