Should Cyber Vigilantism become Legal?

That’s essentially what proponents of the Active Cyber Defense Certainty Act (ACDC) also known as the “hack back” bill believe should happen.

As discussed in a post on cpomagazine, bipartisan support for ACDC is growing within Congress and discussions are centering around how much latitude corporations should have when “hacking back” against their attackers.

Moving Beyond Active Defense

At present, an existing law the Computer Fraud and Abuse Act specifically spells out that companies cannot engage in any form of digital vigilantism if they feel they have been the victims of a cyber-attack. This includes even relatively passive activities such as the use of “beacons” to track and monitor the hackers who have broken into their systems. To a growing number of people this current law seems outdated in today’s world and akin to bringing a knife to a gun fight.

Empower and Level the Playing Field

What the advocates of ACDC propose is untying the hands of corporations. They hope that by allowing the use beacons and more corporations will facilitate the:

  • Tracking of criminal activity
  • Attribution of criminal activity
  • Monitoring of future activity and
  • Ultimately developing means to disrupt that activity.

Safeguards would accompany these increased hack back powers and include requiring the involvement of law enforcement and limiting the hack back initiatives to “qualified defenders”.

Questions and Concerns

As the saying goes “the road to hell is paved with good intentions” meaning it is often difficult to foresee the negative consequences of what appear to be positive actions. Many fear that ACDC may be one of these paving stones.

Here are some examples to consider

What would keep one competitor from “framing” another for an intrusion as a means to justify attacking them?

Who will be deemed a “qualified defender” and what would keep them from drumming up business by creating attacks themselves?

How will the victim know with absolute certainty that the identity of their attacker is correct and not a patsy created by the attacker?

What happens when a US corporation identifies the attacker as a hostile nation-state? Whose responsibility will it be to “hack back”?

Start your Active Defense Today with Konsultek

At Konsultek we build custom security solutions that detect, monitor and defend against outside attacks. While we can’t “hack back”, we can understand the attackers activities, adapt and improve defenses in real-time.

If your organization is not taking advantage of the latest security technologies or if you wonder just how robust your security is, we can help.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Hackers Moving into Virtual Reality

Virtual Reality just got a little more real according to information shared by security researchers Alex Radocea and Philp Petterson. This week they showed the crowd at the Recon cybersecurity show in Montreal how it is possible to hack virtual reality worlds. So much for VR being a safe place to play!

 

3 Worlds 3 Hacks

Attendees were treated to demonstrations of hacking VR Chat, Steam VR and open source VR system High Fidelity. Once hacked and infiltrated the researchers showed how it is possible to take complete control of the victim’s world, listening to what the victim is saying and altering the things they see.

From Virtual to Reality

What’s more troubling is the apparent ease with which the virtually hacked worlds could be used to attack the victim’s “real” world. On the VR Chat and Steam VR platforms, victims were invited to a fake chat room. Once the chatroom was entered an exploit infected the victims’ machines. Then in “real” virus fashion the exploited machine invited the victim’s contacts to the chatroom so they too could be infected and so on and so on.

Not the First Time, Nor the Last

Earlier this year researchers at the University of New Haven pointed out vulnerabilities in Bigscreen VR. In their demonstration, the researchers were able to hack users “virtual living rooms” and:

  • Turn on user microphones and listen to private conversations
  • Join any VR room including private rooms
  • Create a replicating worm that infects users as soon as they enter a room with other VR users
  • View user computer screens in real time
  • Send messages on a user’s behalf
  • Download and run programs – including malware – onto user computers
  • Join users in VR while remaining invisible. This novel attack was termed as a Man-In-The-Room (MITR) attack
  • Phish users into downloading fake VR drivers.

Security for your Reality

At Konsultek we build customized security solutions for organizations of all sizes and in all markets. Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

So, if you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Buyer Beware – Ransomware Recovery Firms are Charging You to Pay the Ransom!

In a story earlier this week ProPublica.com added a British firm, Red Mosquito Data Recovery, to its list of self-proclaimed ransomware data recovery experts whose premium priced “unlocking expertise” was nothing more than paying the ransom!

In a May 15, 2019 post ProPublica.com published an exhaustive investigative expose’ on two of the largest US based ransomware recovery firms Proven Data and Monstercloud. What investigative journalists Renee Dudley and Jeff Kao discovered was that the sophisticated “trade secret” approach to ransomware unlocking and recovery the firms advertised and promised to clients didn’t really exist.

Desperate People Looking for a Professional Solution

Ransomware is no joke. Just ask Atlanta, Baltimore or any of the thousands of other victims. But beyond the obvious operational shutdown ramifications, dealing with those holding your data ransom is not something that most people are particularly comfortable with or skilled at. And that is exactly what makes the “professional” and “ethical” solutions promised by firms such as Proven Data and Monstercloud so attractive to ransomware victims.

The Latest Technology = Charging You to Pay the Ransom

According to ProPublica.com both firms had a pretty simple and profitable business model. Offer to restore client files using the “latest technology” at a price substantially above what the ransomware criminals were asking and then unbeknownst to the victim, get the very same decryption key by paying the ransom (often at a lower negotiated price) and in the process pocketing the difference! Proven Data paid so many SamSam ransoms on behalf of unwitting clients that the authors of the SamSam ransomware would actually recommend that victims work with Proven Data!

The Honest Open Approach

For many people the service provided by Proven Data and Monstercloud is a valuable one and one worth paying for despite the hazy truth to their approach. Other firms such as Coveware realize this and openly help clients restore their operations by navigating the murky waters of ransom decryption including the bitcoin payment, interacting with the attackers and assisting with the decryption.

“Ransomware Payment Mills Prey on the Emotion of a Ransomware Attack.” “Although it might not be illegal to obfuscate how encrypted data is recovered, it is certainly dishonest and predatory.” — Bill Siegel, CEO Coveware

Real Security Solutions Not Smoke and Mirrors

At Konsultek we provide real, customized security solutions for organizations of all sizes and across all industries. We believe the best way to recover from ransomware is to avoid it in the first place by combining security technologies to prevent, detect and respond to threats. To learn more about our solutions please call us or hit our contact form.

Malware Becomes Art

On May 28, 2019 malware officially became art! That’s when the auction closed and a SamsungNC10 laptop containing 6 historically significant viruses was purchased for $1,345,000!

The Persistence of Chaos

The piece, commissioned by cybersecurity firm Deep Instinct, is titled “The Persistence of Chaos” and was created by the artist Guo O Dong.

Speaking to The Verge the artist explained this about his work:

“We have this fantasy that things that happen in computers can’t actually affect us, but this is absurd,” says Guo. “Weaponized viruses that affect power grids or public infrastructure can cause direct harm.”

6 Active Viruses

In total, the six different pieces of malware installed on the SamsungNC10 have been credited with causing approximately $95 billion worth damages around the globe. The laptop is air gapped and therefore ostensibly harmless (though we have shown here that air gapping does not necessarily equate to isolation) and contains active versions of ILOVEYOU, MyDoom, SoBig, WannaCry, DarkTequila, and BlackEnergy.

Coming to a Museum Near You?

While at first the idea of a laptop containing viruses being art might seem ludicrous we have to look no further than the Art Institute of Chicago to see that weaponry has been considered art for hundreds if not thousands of years. And, in the wrong hands with the right intent these viruses and those viruses still to come are indeed weapons. Perhaps even weapons of mass destruction.

Konsultek Knows Security

Viruses are now art. That doesn’t mean they are any less devastating to organizations and their networks. That’s where we come in. Consider us the helpful docent that can help you navigate and understand the black arts of cybersecurity. Give us a call or hit us up on our contact form to learn how our customized security solutions protect organizations of all sizes across all industries.

“Walk This Way” to Better Security

I can already hear and see the next Apple iPhone video in my head. Steven Tyler and Aerosmith pumping in the background as a hip looking model struts down the street with her fully authenticated iPhone15 tucked in her back pocket.

Forget Fingerprints!

Did you know that fingerprints are on the way out and how you interact with your phone, including how you walk with it is emerging as the next generation of biometric security? According to an article in the Economist the field of “behavioral biometrics” is promising a more secure future for humanity and their devices.

“That is why a new approach, behavioural biometrics, is gaining ground. It relies on the wealth of measurements made by today’s devices. These include data from accelerometers and gyroscopic sensors that reveal how people hold their phones when using them, how they carry them and even the way they walk. Touchscreens, keyboards and mice can be monitored to show the distinctive ways in which someone’s fingers and hands move. Sensors can detect whether a phone has been set down on a hard surface such as a table or dropped lightly on a soft one such as a bed. If the hour is appropriate, this action could be used to assume when a user has retired for the night. These traits can then be used to determine whether someone attempting to make a transaction is likely to be the device’s habitual user.”

The Gait Gateway

UnifyID, a Silicon Valley behavioral biometric firm, uses data from smartphones to create what they call a “unique motion fingerprint”. Their software sorts gaits into approximately 50,000 unique patterns that are based upon information as to how the user’s feet strike the ground, the length of their stride, cadence and the spring in their step. When combined with other data such as touchscreen interaction and user location a high degree of confidence emerges that the device user is the device owner.

Device Security vs. Big Brother?

This level of personalized security obviously requires tracking virtually your every movement 24X7. So I guess the question becomes how much of your personal privacy are you willing to share with 3rd parties in order to potentially keep your privacy more secure? Furthermore, what happens when all of your shared personal data gets hacked and flows out into the dark web? Interesting times ahead for sure!

Cybersecurity is Top of Mind for Delta Airlines CEO

You would think that when asked “what keeps you up at night” the CEO of Delta, the world’s second largest airline might say something like fuel cost, reliability, safety or productivity. But surprisingly, that is not at all what Delta CEO Ed Bastian said when interviewed a few weeks back by Marketplace’s Kai Ryssdal.

The whole interview is interesting and Mr. Bastian is clearly the bright visionary you would hope would be at the helm of a global leader like Delta so the 5 minute interview is certainly worth the time.

Still, if you are pressed for time you can fast forward to 2:55 and hear the surprising answer.

Ed Bastian is Focused on Cybersecurity. Are You?
If you aren’t, can we politely suggest we talk? Over the past few years we’ve learned “C” levels are very concerned about cyber security and have found a common theme talking with business leadership in other industries as well. Many in business leadership don’t understand what their IT department is trying to say regarding new projects and what exactly is it doing for their organization. Here at Konsultek we live and breathe cybersecurity. We develop custom solutions for organizations of all sizes, across all markets, to address these concerns. We work with business leadership so there’s a clear understanding as to what needs to be done to achieve an acceptable risk level. As businesses become much more dependent on data to grow their customer bases, gain new markets, and increase profitability, the need for a solid cyber security foundation is more important now than ever. If you’re unsure as to whether or not your organization is vulnerable to cyber-threats we would be happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/. This assessment is designed to give business leadership a clear understanding and direction they need to grow their business.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Your Sensitive Data is Likely Exposed Online and These Folks are Trying to Find It

Some are hobbyists. Some are professionals. Some like the thrill. Some are trying to get new business. The good news? All of them want your data to be protected.

According to a recently published story on CNET a loose collective of unsecured database hunters spends their time trying to find sensitive data that was mistakenly left public. Once found the database owners are notified so that they can secure the data and notify the affected individuals of the possible breach.

“The data-hunting community is both eclectic and global. Some of its members are professional security experts, others are hobbyists. Some are advanced programmers, others can’t write a line of code. They’re in Ukraine, Israel, Australia, the US and just about any country you name. They share a common purpose: spurring database owners to lock down your info.”

Hitting the Jackpot

Thanks to the efforts of these white-hat treasure seekers unsecured databases are being found and secured virtually every day. Notable examples of their jackpot discoveries include databases containing the details of 80 million US households, 540 million Facebook users, and patients at a recovery addiction treatment center.

And yet, there are some (many?) database owners who either don’t care, are unwilling or are seemingly unable to secure their databases even after being notified multiple times. And this “hobby” of finding unsecured databases isn’t new. I came across a particularly troubling story from January 10, 2017 of a plastic surgery center and spa whose medical records including nude photos labeled with patient names were found out in the wild. The practice was contacted multiple times through multiple channels and only a truly serendipitous phone call finally got the job done. Read about it here.

Are your Databases Secure?

Would you like to find out? If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

U.S. Power Grid Documents First Ever Cyber Disruption

We’ve talked critical infrastructure vulnerabilities quite a bit on this blog through the years but until today, our conversations have been confined to hypotheticals.

First Ever Cyber Disruption

According to an interview conducted May 4, 2019 on NPR the United States first cyber power grid disruption has been reported to the Department of Energy.

The disruption took place in March of this year in a geographic area reported broadly as “Utah, Wyoming and California – Southern California”.

No loss of power or service interruptions were reported in association with the “disruption” and the event was categorized as a “loss of visibility”. Essentially, operators were unable to see what was going on on the grid during the event.

Targeted DDOS

While specifics are short at this time, the root cause of the event has been attributed to a targeted DDOS attack directed at the network.

While in general DDOS attacks are fairly rudimentary tools in the hacking toolbox this particular DDOS showed signs that the hackers were familiar with the network and were able to exploit a flaw particular to it.

“In this case, the denial of service exploited a particular vulnerability, so it was a little bit more targeted than that. The hacker or hackers knew what they were doing and were able to actually find a particular flaw in this network equipment and send a certain type of packet or string of data to really make it stop working.”

How Vulnerable is the Grid?

That is the million dollar question. The U.S. power grid is a massively complicated and interconnected beast with connections to utilities large and small, sophisticated and philistine. The potential for infiltration and disruption has been documented and now proven, albeit in a rather minor way.

How Vulnerable is your network?

In a recent poll by eSecurityPlanet.com about 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Hacker Discovers Vulnerability that Allows Him to Kill Car Engines

Interconnectivity and the Internet of Things hold the promise of a simpler, higher quality life. At least that’s the narrative that’s spun about smart appliances, medical devices and of course smart cars.

While there is undoubtedly some truth to the virtues of this interconnectedness there are also going to be pitfalls, mainly an increase in the number of vulnerabilities.

Cracking Tracking

In a story on motherboard.vice.com a hacker who goes by the name L&M shared his story of how he was able to hack into thousands of GPS tracker accounts on not one, but two different platforms. It turns out it wasn’t all that difficult thanks to some lazy coding that gave every new user account the same breathtakingly obvious default password 123456!

Armed with this knowledge L&M was able to scrape a “treasure trove” of customer data:

According to a sample of user data L&M shared with Motherboard, the hacker has scraped a treasure trove of information from ProTrack and iTrack customers, including: name and model of the GPS tracking devices they use, the devices’ unique ID numbers (technically known as an IMEI number); usernames, real names, phone numbers, email addresses, and physical addresses. (According to L&M, he was not able to get all of this information for all users; for some users he was only able to get some of the above information.)

Killing Engines

Cracking GPS apps and stealing thousands of customer’s information, geez, no big deal when one compares it to some of the shockingly large hospital and healthcare provider breaches of late, right? But here is where it gets far more interesting. These apps have features that allow the customers to remotely turn off their engines if the car is traveling at less than 12mph. Guess what? L&M claims that while he never did it, he certainly could if he wanted to. Traffic jams and gridlock on demand anyone?!

Securing Your network and the IoT

At Konsultek we build better security solutions from the ground up using the most advanced technologies available.

How secure is your network?

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Coping with the Cybersecurity Talent Shortage

Image Source: foxbusiness.com

According to Fox Business the start of 2019 the cybersecurity worker shortage hit 3 million and there are no signs of this shortage going away anytime soon.

What’s a Company to Do?

With talent in such short supply many companies are faced with what seems like an unresolvable dilemma. On one hand they realize that without knowledgeable, experienced security staff they are leaving themselves more vulnerable. On the other hand, talent if it can even be found will come at a hefty price tag and is unlikely to stick around if a better offer presents itself as it surely will.

Managed Services is the Answer

What if you could outsource the problem altogether and get access to world-class security talent without the headaches of hiring and retention? Well you can and at Konsultek we’ve developed an entire suite of managed services that help you secure your network without having to secure talent.

A Sweet Suite of Services

Our off-the-shelf managed services include:

  • Cyber Threat Intelligence
  • Device Management
  • Infrastructure and Life Cycle Management
  • Managed Help Desk
  • Managed Messaging Service
  • Network Access Control
  • Network Visibility and Monitoring
  • Siem & Log Management
  • Vulnerability Management.

Have a security need you don’t see covered? No problem. Give us a call to discuss your particular needs. Relax! Chances are we’ll be able to develop a customized managed security suite just for you.

© Copyright 2018 Konsultek