Computer Security


Pasted Graphic 6

These webpages are a collection of computer security information, articles, etc., from the very practical to the quite academic.

Dictionaries and Jargon


Wikipedia has a Jargon File which tries to follow how slang usage, etc. evolved from 1975 through to 2003
The Original Hacker’s Dictionary” (dates from around 1988) and “The Jargon File” (dates from 1991), and “The New Hacker’s Dictionary” is from 2002
The Motherboard e-Glossary of Cyber Terms and Hacking Lingo (dates from 2016)
The Hacker Dictionary looks up-to-date
And there is Hackterms, a crowdsourced dictionary of coding terms.

There are a number of 'official' sources that try to maintain an up-to-date list of terms, expressions, etc.
The US
National Institute of Standards and Technology hosts the Computer Security Resource Center which has an online glossary of computer security terms. In the UK the National Cyber Security Centre also has on online glossary. There are several publications of terminology, abbreviations and acronyms, the most notable being the "Glossary of Key Information Security Terms" from NIST and "A Dictionary of Information Security Terms, Abbreviations and Acronyms" from IT Governance UK.

Warning - people need to change what they are checking in the location bar


Everyone say's “Check the location bar in your browser to make sure you are on the correct website before signing in. That will avoid phishing attacks that steal your username and password". Often people say that there is something like ‘accounts.google.com‘ in the location bar, so it must be good.

This
phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. A quick look at the browser location bar sees ‘data:text/html…..’ as part of a very long string of text. If you widen out the location bar it looks like this:

Location Bar

There is a lot of whitespace, but on the far right there is the beginning of what is a very large chunk of text. This is actually a file that opens in a new tab and creates a completely functional fake Gmail login page which is designed to collect user credentials and send them to the attacker.

On the far left of the browser location bar, instead of ‘https’ we see ‘data:text/html’, followed by the usual ‘
https://accounts.google.com….’. People do not pay close attention and ignore the ‘data:text/html’ preamble, assuming the URL is safe.

When signing in to any service, check the browser location bar and verify the protocol, then verify the hostname. It should look something like this:

Browser Location

Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the 'padlock' symbol. Take special note of the green colour and 'padlock' symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and think about what you just clicked on to get to that sign-in page.

If in doubt use
virustotal (an excellent free Google service) to analyses suspicious files and URL’s.

People should also consider enabling two factor authentication if it is available on every service that they use. Here is the full article. Just run a Google search on “how to cash in on phishing”, and you will get a long list of the latest type of attacks.

In a study on malware statistics for 2013-2015 indicated that 431 million new malware variants were added to the pre-existing pool of malware strains. Check out this 2017 article for more information.

This article looks at malware that targets ATM’s. This White Paper looks at attacks aimed at the travel and entertainment sector, i.e. spoofing client devices or identities. But don’t forget that even today people are still being scammed by fake anti-virus offers.

Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a “free security scan,” especially when faced with a pop-up, an email, or an ad that claims “malicious software” has already been found on your machine.

Avoid, this type of message is a come-on for a rip-off.


News, Threat Detection and Response


Cyber Threat Source Descriptions and Alerts from US-CERT
NIST has a Computer Security Resource Center
CCDCOE is the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia

virustotal is an excellent free Google service that analyses suspicious files and URL’s

Microsoft has a Threat Research & Response Blog on their 'Microsoft Secure', and they also have a Safety & Security Center

Securelist is run by Kaspersky Lab., as is Threat Post and the Targeted Cyberattacks Logbook
Hacking Threat is a commercial online source of security news
FireEye has a useful set of resources including blogs and even some free software
Krebs on Security is a reputable blog by an ex-Washington Post journalist
Recorded Future is a commercial security company that also provides a blog, a free daily newsletter, and other resources
Security Week is a free information magazine covering malware, cybercrime, etc.
DarkReading is an information resource covering everything from breaches to analytics
InfoRisk Today has a resource centre covering things such as ransomware and GDPR
Symantec is a well known provider of security tools
HackRead is an information resources for topics such a cyber crime and privacy
WeLiveSecurity provides news, views and insights to the security community

Digital Shadows had a blog and some White Papers
SentinelOne has a resource page with White Papers, Case Studies, Videos & Demos, Reports, eGuides, etc.

Heimdal Security has a whole range of guides and links to topics ranging from concepts through to tools and threats.

And if you need to start to think about computer security, why not take the
Network and Information Security Quiz.


If you thought you knew it all, think again...

Key Domestic Computer Security Topics in 2018


In 2018 Cyber crime is the 2nd most reported type of crime in the world, and in the UK it represents more than 50% of all reported crime. Attackers reside within a network for an average of 146 days before being detected. Usually attackers enter using compromised usernames and passwords. Again in the UK, 70% of all financial fraud was through remote purchases using stolen personal and credit card data. One estimate put credit card fraud worldwide at $190 billion a year.

Identity theft is, and will remain, a major problem. In the U.S. for 2017 more social security numbers were stolen than credit card numbers, and the amount stolen through complex identity fraud was estimated at nearly $17 billion. With the introduction of chip cards, criminals shifted their focus to new account fraud, i.e. opening a new bank or credit card account with the victims name (the amount stolen per account was on average $450). In the U.S. nearly 17 million people were victims of identity fraud. However tax-related fraud and credit card fraud still remain the most important. Check out this guide to find out what to do to protect yourself against identity theft.

So-called
data breaches sounds very technical, but it hides the reality that it's your and my email addresses (and occasionally more sensitive personal data) that are 'lost' or stolen. With this brilliant visualisation we can see just how big the problem has become, just recently 6 million user accounts on Instagram, 37 million customer records with Panera Bread, 150 million user accounts with passwords from MyFitnessPal, 143 million accounts from Equifax, and 412 million users accounts with passwords for Friend Finder Network.

And as we enter 2018
ransomware became a $1 billion industry, and we tend to forget that Financial Trojans were some of the first pieces of malware to be monetised, and they still account for more losses than ransomware. This is just one part of a kind of shadow economy that has emerged where data can be bought and sold on the Dark Web and large botnets, ransomware-as-a-service and DDoS-as-a-service are available for rent or as franchises.

Two new problems, entitled
Spectre and Meltdown, were detected as flaws in microprocessors. Firstly they are flaws, and secondly they have not been any exploits of the flaws so far. Thirdly they are hardware flaws and therefore can't be fixed by the usual software patches. This could be the start of a new trend where hackers start to focus more on firmware and hardware, who knows.

Key Domestic Computer Security Topics in 2017


2017 was certainly characterised by 1,000's of
computer being infected simply because users had not updated to the latest operating systems, nor had they kept up-to-date with security patches. More than 1.3 million computers running Windows were infected with the WannaCry ransomware despite Microsoft having issued a security update more than a month before the exploit was leaked.

Even if you follow all the rules there are still potential problems. For example
CCleaner, a popular Windows utility, was found to include malware designed to steal personal data from infected machines. And there was a specific version just to attack Cisco, Sony and HTC. This was followed by the revelation that some HP laptops had a key logger hidden in the audio driver. The driver was supposed to alert when a particular key was hit, but the driver was actually capturing all the keystrokes, i.e. passwords, user names, etc. And then we learned that there was a backdoor in WhatsApp's end-to-end encryption. Two notable 'academic' developments were the announcement that encrypted data transiting a Wi-Fi network could be read (under quite strict pre-conditions) using the Krack exploit, and that printers could be used to launch malware attacks. On a more practical level US voting machines were breached in under 90 minutes by experts in a competition in Las Vegas. Apple discovered a security flaw that granted admin access on High Sierra without needing the password. And to close the year experts found that it was possible to connect with Bluetooth devices without user permission or even pairing the devices.

Ransomware, phishing and data breaches remained major problems. There were more than 5,000 publicly acknowledged data breaches in 2017 exposing more than 7.8 billion records. But black market prices have dropped for personal and financial data, so the focus moved to medical insurance records. A study in 2016 found that there had already been more than 1,500 data breaches involving medical data. It has been estimated that cyber attacks will cost U.S. hospitals more than $300 billion over the next 5 years, and that 1 in every 13 patients will have their data compromised.

Key Domestic Computer Security Topics in 2016


In 2016 ransomware was a major concern, with more than 600 million attacks on large and small businesses. The average ransom demand was between $600 and $700, and even the FBI suggested that it was easier to pay that to try to fight it. The year saw a variety of new ransomware strains appear. Ransomware usually was spread via phishing scams and exploit kit attacks, but self-propagating cryptoworms have now appeared. Jigsaw was a new strain offering it victims only 24 hours to pay the $150 ransom fee. After the deadline it started to delete files every hour, and increasing hour upon hour. It deleted all the remaining files if the ransom was not paid within 72 hours. This type of ransomware was particularly sadistic since most forms only encrypt the files to make them inaccessible, so there is always a chance that decryption keys will become available at a later date.
A new business model for ransomware appeared, namely
affiliate programs where the profits are shared between the affiliate and the ransomware developer. The ransomware Chimera actually invited its victims to join their affiliate program. Cerber is known to have netted the author nearly $1 million per year independently of their own attack campaigns. The key here is the threat will grow bigger and faster because the user base is no longer limited to the developer.

In Jan. 2016 there was an
article on traffic-cash.xyz, a referrer spam (or 'ghost spamming'). Many websites use Google Analytics. This scam mixes data into a websites Google Analytics account. It then appears that someone has visited the website from traffic-cash.xyz, however this is not the case. This is just one type of referrer spam URL’s. They offer a new way to monetise the website, but in fact they want to collect personal data, and sign the website up to propellerads.com, and referrer spam URL. This kind of data can ruin a website’s analytical data, by mixing in useless data on audience, acquisitions, user behaviour, etc. In addition they use referrer spam to promote their own website, and to boost their own rank on Google search results (by creating backlinks). This is done by logging requests into the website’s access log, which is then crawled by Google’s indexing bots.

Through 2016 there was a major increase in phishing attacks on Gmail accounts. The user received an email sent to their Gmail account. The email often came from someone they knew who's account had already been hacked. It also often included something that looks like an image of an attachment they recognised from the sender. Clicking on the image, they expecting Gmail to give them a preview of the attachment. Instead, a new tab opened up with a cloned password text box, and they were prompted to sign in again. People would glance at the location bar and see 'accounts.google.com' in there somewhere. So they signed in on what looked like a functional sign-in page. Once they have completed the fake sign-in, their account was compromised. The attackers could then log in to the account and use one of the persons actual attachments, along with one of their actual subject lines, and then sends it to people in the contact list.