LATEST BLOG POSTS
Operation “Space Race”: reaching the stars through professional Social Networks
At the beginning of May 2020, Telsy analyzed some social-engineering based attacks against individuals operating in the aerospace and avionics sector performed through the popular professional social network LinkedIn. According to our visibility, the targeted organizations are currently operating within the Italian territory and the targeted individuals are subjects of high professional profile in the aerospace research sector. Adversary used a real-looking LinkedIn virtual identity impersonating an HR (Human Resource) recruiter of a satellite imagery company with which it contacted the targets via internal private messages, inviting them to download an attachment containing information about a fake job vacation. Based on code similarities of analyzed pieces of malware, Telsy asserts, with a medium degree of confidence, that the reported event is to be linked with the threat actor known by community as Muddywater (aka Static Kitten, aka Mercury). For questions, concerns or more information regarding the reported event, it’s possibile to refer to the email address firstname.lastname@example.org Download the full PDF report by clicking on the icon below: In addition, it’s possible to refer to our GitHub repository for text format Indicators of Compromise
Cybersecurity’s weakest link: the human factor
The latest studies are further confirming a fact that, although already known, is still too often ignored: the human factor is the greatest source of risk for companies’ IT security. In this period, in which the pandemic has dramatically increased the use of smart working, finding a solution to this problem must become a top priority. The main risk for companies In a recent survey, the Proofpoint company and the “Let’s System” community questioned the CISOs (Chief Information Security Officers) of 138 Italian companies, asking what were currently the worst threats for companies: according to 85% of them, the greatest risk is posed by phishing and social engineering attacks targeting employees. Essentially, the main targets of cyber-attacks are no longer the infrastructures, now more difficult to compromise, but the employees. In recent years, a large number of companies have had to deal with identity violations and compromises of business emails (BEC, Business Email Compromise). These are attacks that, in addition to the financial impact, can have devastating consequences for the reputation of the companies involved. The problem with these social engineering attacks is that they are constantly evolving and increasingly sophisticated; in fact, cybercriminals are always ready to change their methods by taking advantage of global and regional events to launch extremely targeted attack campaigns that are difficult to recognize for anyone that is not properly trained on these types of threats. The problem of smart working This aspect was made even more evident during the outbreak of the Covid-19 pandemic, which was exploited in every way to launch “fearware” attacks, used to exploit fears related to the current health emergency situation in order to induce people to open phishing e-mails or messages. Furthermore, the pandemic has caused a rapid and forced use of smart working for many companies, many of which are absolutely unprepared in terms of security. Most likely, a large number of employees will continue to work often from home or in environments other than the office, using PCs and mobile devices, sometimes even personal ones, which connect to both the corporate network and the Internet, managing backups, passwords and updates. All this has produced an exponential widening of the security perimeter, now much more difficult to control and much more exposed to infiltration attempts. Training: the first solution While waiting for new cybersecurity technologies linked to the implementation of Artificial Intelligence and Machine Learning systems to make many processes that are now exposed to the risk of human error more secure, a quickly applicable solution must be found. Fortunately, this solution already exists and consists primarily of training and raising awareness of employees in the field of IT security. In fact, if now the burden of protecting the company falls directly on anyone who has access to data and credentials of the company IT systems, it is clear that all employees must be adequately trained on the correct behaviors to be adopted to avoid the greatest risks and thus increase the security of the entire perimeter. In addition, corporate security strategies will also need to be redefined, given that the current scenario requires CISOs to manage security even remotely, facing partly unprecedented threats. The security measures must therefore evolve, alongside and integrating with the tools offered by areas not strictly related to the IT environment, as a prevention tactic. The resilience of most of the manufacturing companies worldwide depends on the effectiveness of these processes, but we must start acting immediately if we want to avert the worst effects of the cyber-pandemic that is now beginning.
Cloud, Edge Computing and the future of cybersecurity
Cloud Computing is today a fully consolidated and still expanding reality, but the exponential development of IoT and 5G technology is increasingly attracting attention to Edge computing, a new distributed computing model designed to bring data processing to as close as possible to where the latter was produced. The debate on which is the best system to adopt, especially with regards to IT security, is still heated, given that both systems have advantages and disadvantages according to the different applications. The advantages and vulnerabilities of the Cloud Cloud computing undoubtedly has several advantages, since it is a flexible and inexpensive system that has also already been proven by years of use for the supply and use of numerous services via the internet. Services ranging from those of online cloud storage such as Dropbox, to streaming video on platforms such as Netflix. The essential feature that all these services have in common is centralization, in fact every time a request is sent, it is sent to the cloud provider, which processes it and then sends the desired content to the user. The main problem of the cloud, especially with regard to businesses, is related to the fact that corporate services and data are in fact entrusted to third parties, being exposed to a higher level of risk, both in terms of security and privacy. According to the Cloud Security Alliance association, the top three threats to cloud systems are unsafe API interfaces, data loss or theft and hardware failure, which account for 29%, 25% and 10% of all cloud security issues, respectively. Furthermore, the widespread use of virtualization in the implementation of the cloud infrastructure creates other security problems, because virtualization alters the relationship between the operating system and the underlying hardware, introducing an additional level that must be managed and protected correctly. Despite its limitations, Cloud Computing will continue to be used in the coming years, but many experts are confident that the implementation of some new technologies, including 5G above all, will lead to a gradual transition to new computational models. The 5G revolution The telecommunications sector is experiencing a moment of rapid transformation, thanks to the convergence of a series of technological innovations, including that of 5G, which will certainly play a central role because numerous other technologies depend on it. Without going into technical details, what is known for sure is that 5G technology will not only increase the speed of transmission and reception of data, but will also allow the simultaneous connection of a large number of devices, also providing a higher spectral system efficiency , which will allow one to increase the data volume per unit of area. All these characteristics are absolutely fundamental for the definitive diffusion of the Internet of Things (IoT) and of all the technologies that underlie the development of the “Smart city” and industry 4.0. Several 5G applications go perfectly with some Cloud Computing properties, such as support for ubiquitous connectivity and elasticity, but the development and diffusion of IoT technologies are introducing new requirements, including geographic distribution, low latency and support of mobility, which current Cloud systems cannot fully satisfy. Edge Computing innovation The solution to these problems could be the new model that has been developed in recent years: Edge Computing. As the name suggests, it is a radically different system compared to the cloud, because it is based precisely on the decentralization of data processing procedures, carried out precisely on the “margins” of the network. This fact has significant advantages in terms of processing latency, reduction of data traffic and greater resilience in case of connection interruption. These qualities therefore make Edge Computing particularly suitable for the implementation of IoT devices interconnected through the 5G infrastructure. From the cybersecurity point of view, the Edge has several advantages, which mainly depend precisely on the fact that the data is processed locally, eliminating the risks deriving from the series of data transfers, very often encrypted, which are inevitable when using regular cloud solutions. With Edge computing, calculations take place at the IoT device or perimeter server level and the only transfer is that of the final result to the user. However, this new model creates new types of problems, which should not be underestimated. The main risk is due to the lack of a global reference perimeter. In fact, since the edge data centers do not depend on a centralized system, all the relevant assets of the network infrastructure are controlled by different actors who must cooperate with each other and consequently each element of the infrastructure can be subject to attack at any time. Conclusions The Edge model is not yet widespread and although many analysts believe that in the long term it will almost completely replace the cloud infrastructure, it will first be necessary to develop security protocols that allow one to mitigate the new types of threats to which data could be exposed.
Twitter attack: the three lessons to learn
The recent cyber-attack that hit Twitter has created a lot of media sensation, especially because it is the first time that one of the great global social media platforms has been compromised in such a vast and blatant way. Beyond the economic and image damage produced by the attack, this event must push us to make some broader considerations, starting from the implications for cybersecurity and privacy, up to the role that certain social networks have now assumed in the sphere of social and political life. The dynamics of the attack On July 15, 2020, between 8:00 PM and 10:00 PM UTC, several Twitter accounts of celebrities, each with millions of followers, were compromised by a cyber-attack aimed at soliciting a monetary scam. Essentially, the attackers asked users, through the official profiles of these celebrities, to send bitcoins to a specific wallet, with the promise that the money sent would then be returned and doubled. The scam was carried out using high-profile accounts to reach millions of people simultaneously. The first tweet of this type was sent from Elon Musk‘s Twitter account and then from those of other relevant people such as Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Michael Bloomberg, Warren Buffett, Floyd Mayweather, Kim Kardashian and companies like Apple and Uber. Twitter believes that 130 accounts were compromised and that only 45 of them were later used to tweet. More than 12 bitcoins, the equivalent of over $ 110,000, have been sent to one of the addresses involved. The social network intervened after a few hours, blocking the compromised accounts and deleting all the fraudulent tweets. Twitter later confirmed the incident, calling it “a coordinated social engineering attack by people who targeted some of our employees with access to internal systems and tools.” Which explains how the attackers managed to use the platform’s administrative systems to edit accounts and publish tweets directly. The importance of the human factor The first of the three lessons that can be learned from this story concerns what has always been considered the Achilles’ heel of every computer security system: the human factor. In fact, it is obvious that even the most advanced cybersecurity structure in the world becomes useless if the real people who must guarantee its integrity make a mistake or, even worse, decide to violate it in accordance with external entities. Although all of this was already widely known, the Twitter case brought back the discussion on how to prevent this type of accident. The main problem is that these are highly unpredictable events, precisely because they are caused by people’s free actions and not by the malfunction of some software. Mainly for this reason, many experts suggest relying increasingly on certain new technologies, such as artificial intelligence and machine learning systems, not only to prevent external threats, but also to monitor the behavior of internal employees. Others, however, propose more stringent limitations and controls for access to administrative systems, but barring new revolutionary innovations, it is likely that the human factor will continue to be a serious problem also in the near future. The vulnerability of our personal data The second aspect that must be considered is that relating to privacy and the risk of exposure of one’s personal data. In fact, many have become accustomed to assuming social networks are totally safe environments for communicating and sharing photos and information, so as to lose any prudence in their use. But if someone has managed to access the personal profiles of people like Bill Gates and Elon Musk, it is clear that nobody can consider himself truly safe. For this reason, it is essential to invest in the development and diffusion of a culture of information security, which above all underlines the great risks that can be run in transmitting private information via social networks. Greater awareness of these issues would significantly contribute to limiting the number of accidents, also because reducing the vulnerability to certain types of attacks that exploit social engineering, such as phishing, would precisely mitigate the incidence of the human factor. The problem of the link between politics and social media The third, and perhaps more serious, element on which it is necessary to reflect concerns the ever-closer link between politics and social platforms. If for years there has been talk of “fake news” and the political influence of anonymous groups of hacker-activists, this attack puts democratic society before new disturbing scenarios. Several analysts, including those from the Washington Post, immediately stressed the potentially catastrophic consequences of a possible attack of this type during the election campaign period or at the time of the elections. The chaos generated by the dissemination of false information and the consequent blocking of accounts could influence the outcome of a vote in certain ways, threatening the functioning of democratic society in the digital age. Conclusions These are just some of the main aspects that this story has brought to the spotlight, but it is clear that an attack of this magnitude will continue to produce debates and confrontations, which is good, because only a general awareness of the risks and threats within cyberspace will help prevent even more disastrous events in the future.