Martijn Lammerts
My own digital place with a little of everything

Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G

11 June 2018

Already a vital part of the critical infrastructure of the internet, satellites are set to take on a more significant role with the emergence of 5G cellular network technology and the continuing expansion of the internet of things (IoT). While terrestrial networks handle peak load well, disaster handling and critical infrastructure scenarios are served well by satellites, which are unaffected by most ground-based events. Ensuring the security of satellites, therefore, acquires even greater importance and warrants more initiatives to that end.

The post Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G appeared first on .

Continue reading...

Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G

11 June 2018

Already a vital part of the critical infrastructure of the internet, satellites are set to take on a more significant role with the emergence of 5G cellular network technology and the continuing expansion of the internet of things (IoT). While terrestrial networks handle peak load well, disaster handling and critical infrastructure scenarios are served well by satellites, which are unaffected by most ground-based events. Ensuring the security of satellites, therefore, acquires even greater importance and warrants more initiatives to that end.

The post Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G appeared first on .

Continue reading...

New KillDisk Variant Hits Latin American Financial Organizations Again

7 June 2018

In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.

Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk. This kind of notification is common in systems affected by MBR-wiping threats and not in other malware types such as ransomware, which some people initially believed to be the culprit. Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.

The post New KillDisk Variant Hits Latin American Financial Organizations Again appeared first on .

Continue reading...

Using Insights From DefPloreX-NG to Thwart Web Defacement Attacks

7 June 2018

The ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS) is an avenue for cybersecurity research breakthroughs, techniques, and tools. At the ACM ASIACCS 2018 in Incheon, South Korea, we presented our research using DefPloreX-NG, a tool for identifying and tracking web defacement campaigns using historical and live data. “DefPloreX-NG” is a play on the phrase “defacement explorer.” The appended “NG” acronym means “Next Generation,” signifying improvements from the previous version of the tool. DefPloreX-NG is equipped with an enhanced machine learning algorithm and new visualization templates to give security analysts and other professionals a better understanding of web defacement campaigns.

The post Using Insights From DefPloreX-NG to Thwart Web Defacement Attacks appeared first on .

Continue reading...

Post-Tax Season Spam Campaign Delivers URSNIF to North American Taxpayers

6 June 2018

Although many tax scams purely rely on social engineering, other campaigns make use of more sophisticated tools and techniques. We found and analyzed one such campaign delivering the notorious banking trojan known as URSNIF to North American targets.

The post Post-Tax Season Spam Campaign Delivers URSNIF to North American Taxpayers appeared first on .

Continue reading...

Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

31 May 2018

An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page. Sometime around February to March last year, however, we saw Rig’s Seamless campaign adding another layer or gate before the actual landing page.

Along with updates in code, we also observed Rig integrating a cryptocurrency-mining malware as its final payload. Based on the latest activities we’ve observed from Rig, they’re now also exploiting CVE-2018-8174, a remote code execution vulnerability patched in May and reported to be actively exploited. The exploit also appears to be from a recently disclosed proof of concept. The security flaw affects systems running Windows 7 and later operating systems, and the exploit works through Internet Explorer (IE) and Microsoft Office documents that use the vulnerable script engine.

The post Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner appeared first on .

Continue reading...

Emerging 5G Technology Could Compromise SIM Card-Dependent IoT Devices on Massive Scale

31 May 2018

Already, current cellular network technologies such as 3G and 4G allow fast wireless communication. But the next evolution, 5G, is set to afford even faster connections along with greater reliability. Touted as the next generation of mobile internet connectivity, 5G will offer speeds of the order of several gigabits per second (Gbps), with average download rates expected to be about 1 Gbps. While its improvements over previous generations will doubtless be most apparent in smartphones and other widely used internet-enabled mobile devices, 5G is also likely to benefit the internet of things (IoT) since it can very well provide the infrastructure the IoT needs to carry and transfer massive amounts of data.

The post Emerging 5G Technology Could Compromise SIM Card-Dependent IoT Devices on Massive Scale appeared first on .

Continue reading...

Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits

29 May 2018

Using our IoT Smart Checker, a tool that scans networks for potential security risks, we looked into home and other small network environments and the vulnerabilities that connected devices usually encounter. Our findings homed in on known vulnerabilities, IoT botnets with top vulnerability detections, and devices that are affected.
From April 1 to May 15, we observed that 30 percent of home networks had at least one vulnerability detection. A detection would mean that we found at least one connected device being accessed through a vulnerability in the network. Our scanning covered different operating systems (OSs), including Linux, Mac, Windows, Android, iOS, and other software development kit (SDK) platforms.

The post Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits appeared first on .

Continue reading...