Tag Archives: Huawei

Security News for the Week Ending August 23, 2019

Remember That Vague Client Alert Earlier This Week?

For those of you who are clients, you received an out of cycle client alert on Tuesday (they usually come out on Wednesday) providing a copy of the Homeland Security Alert on the Sodinokibi ransomware going after Managed Service Providers or MSPs.   It now appears that the attack on Texas towns (see below) is based on an attack on the MSP hosting the systems of those municipalities.  Assuming that is true (The state of Texas is being very vague on the whole situation), that could explain why DHS issued the alert at this time.  To reiterate the recommendation in the alert – make sure that your MSPs’ security programs are up to the task.  In the case of Texas, one town has announced that the attacker wants that town to pay $2.5 million in ransom.  Source: Bleeping Computer.

20 Texas Towns Hit by Ransomware.  Wait 23.  Wait …..

Cities and towns across the country have been hit by a wave of ransomware attacks, but of course, everything is bigger in TEXAS.

While the press release is very short on details, the Governor has called out the Texas Military Department (that is the combination of the Army National Guard, the Air National Guard and the Texas State Guard, which is an organized militia as defined in the Constitution) along with the experts at Texas A&M University (The Aggies have a world class cybersecurity capability) to help the cities impacted deal with the situation.  While Colorado was the first state to activate the National Guard to help with a cyber attack, Texas is now the third (after Louisiana) in what may become a trend. Source: KUT, Austin’s Public Radio Station. 

IRS Notifies Thousands of Cryptocurrency Traders of Back Taxes and Penalties

Not wanting to leave money – even digital money – on the table, the IRS has sent out letters to thousands of cryptocurrency traders who did not report the trades on their tax returns assessing them  taxes and penalties along with the threat of possible criminal prosecution.  Not a big surprise, but if you thought you could escape the tax man…  Of course, if you are trading peer to peer, then it is 100% unlikely that the tax man will ever find you.  Source: CNBC.

 

Huawei Goes Into Full Battle Mode

Huawei CEO Ren Zhengfei sent a memo to the company that says, in light of the US bans, that it was time for the company to go into full battle mode, making references to the military bible, The Art of War.

As President Trump effectively admitted, the ban on Huawei has only a little to do with national security and all to do with his trade war, by continuing to suspend the ban – which is affecting US companies bottom lines and user’s security.

In the mean time, Huawei says that it will build 60,000 5G base stations this year and 1.5 million next year – all without any US components.  Since other countries continue to buy Huawei equipment and US rural cell carriers say that that it will cost them more than a billion dollars to replace Huawei equipment which they do not have – meaning that they will dramatically slow 5G deployments.

Currently the US is lagging in 5G deployment and despite the President’s wishes that this is not so, this is not likely to change any time soon.  Read the details of this dance here.

 

Plan for End of Life of Software Support

End-of-life in software and hardware means no more security fixes and given the number of fixes we see every month, using software and hardware that is no longer supported is not a good plan.  No more patches does not mean no more flaws – just no more fixes for those flaws.  Hackers count on that fact.  Here is what is coming up to the end of life soon:

Python 2 on January 1, 2020 (about 4 months)

Windows 7 on January 14, 2020 (also about 4 months)

Windows Server 2008 and 2008 R2 also on January 14, 2020 (4 months).  As an incentive to get you to migrate to Azure, if you migrate your Windows 2008 servers to Azure before January 14th (and therefore pay Microsoft monthly cash), they will support Server 2008/2008 R2 for three more years.

For states with cybersecurity and privacy laws that say that you have to take reasonable measures to protect your data, it will be hard to defend in court, if you have to, that using unsupported software is taking reasonable measures.

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending July 26, 2019

Equifax Agrees to Pay UP TO $700 Million to Settle Breach Lawsuits

First – the settlement hasn’t been agreed to by the court yet, so this is all speculation.

Of the $700 million pot, at least $300 million is set aside to pay damages to consumers.  Another $100 million plus is to pay for credit monitoring.

There are lots of details.  For the most part, unless you can prove damages and prove that those damages were caused by the Equifax breach and not some other breach, you probably will not get paid much.  You can get paid up to $250 if you file a claim and without proof.  Everything past that requires proof.   With 150 million victims and a $300 million pot, that averages to $2 a person.

BUT there is one thing you should do and that is get the free credit monitoring.    Go to EQUIFAXBREACHSETTLEMENT.COM and wait until it says that the court has approved it.  Note this is not a site owned by Equifax and given what a mess they are, this is good.  Read more details here.

The Next NSA Hacker Gets 9 Years

Harold Martin, the NSA contractor (employed by Booz, like Edward Snowden) was sentenced to 9 years for stealing 50 terabytes of data over the course of his 22 year NSA career.  The leak is something like 5 times the size of the Snowden leak.  He didn’t sell it;  he just liked data.  He had so much he had to store in in sheds in his back yard.  Many of the documents were clearly marked SECRET AND TOP SECRET.

The fact that he was able to steal hundreds of thousands of documentss doesn’t say much for NSA security, which is sad.  Source: Nextgov.

Huawei – Bad – Not Bad – Bad?!

President Trump said that Huawei is a national security threat and needs to be banned and then he said that maybe we can trade that threat for a better deal with China on trade.

Now it is coming out that Huawei helped North Korea build out their current wireless network.  The equipment was shipped into North Korea by Chinese state owned Panda International.  This has been going on since 2006 at least.  Huawei is likely continuing to provide technical support to North Korea.

This seems like a national security threat and not a bargaining chip for the President to toss in to get a trade deal that he wants, but what do I know.  Source: Fox News.

 

AG  Barr Says He Wants Encryption Back Door And Why do You Need Privacy – Just Suck it Up.

Attorney General William Barr said this week that if tech companies don’t provide a back door into consumer encryption,  they will pass a law forcing it.  And while this will allow hackers and Chinese spies to compromise US systems, it is worthwhile.

He said that they might wait for some terrorist event that kills lots of people and blame it on encryption (whether that is true or not).

He did seem to exclude “custom” encryption used by large business enterprises, whoever that might include.

Barr said that bad guys are using crypto to commit crimes what the police can’t investigate.  If that were true we would expect that crime would be going up.  If it is a really bad problem, it would be going way up.

Only problem is that the statistics say crime is going down.

You may remember that Juniper added such a back door, likely at the request of the NSA and it worked great until word got out about it and hackers had a field day.

This conversation is not over.  Source: The Register.

 

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending July 5, 2019

This is What Spies Do

It has come out that western (read one or more of the five eyes countries) inserted malware into Yandex (Russia’s equivalent of Google) in order to steal administrative credentials.  The purpose was, apparently, to read emails of interest to the western spies.  We need to understand that we do it to them and they do it to us, but the idea is to make it hard for them and easy for us.  Source: Reuters.

Firms That Claim to be Able to Reverse Ransomware Sometimes Lie

Another so called “Data Recovery” firms that claim to be able to recover from ransomware just pay the ransom and mark the cost up.  The most recent firm to be outed is Red Mosquito Data Recovery was outed when they were the target of the sting.  The researcher played the role of both the victim and the ransomer and discovered what Red Mosquito was doing.  Remember that if you do pay the ransom, you still need to rebuild your systems from the ground up because you do not know what time bombs or back doors the ransomer left behind.   Source: Propublica,

Trump Changes His Mind – Huawei Not a National Security Threat?

After Tweeting for months that Huawei is a national security threat; that their equipment needs to be banned in the US and abroad and that existing equipment needs to be removed — to it is okay if we sell Huawei parts.  This happened the day after he met with Xi at the G20 and it is reported Xi told him that the trade war would continue until the ban was removed.  While not removed, it is a hole wide enough to drive a tractor trailer through.  Source: The Register.

One Terabyte of Police Bodycam Video Available on the Dark Web

In another example of companies not requiring vendors to have adequate cybersecurity programs in place, researchers found a terabyte (that is 1,000,000,000,000 bytes) of police bodycam video from Miami and other cities available on the dark web.  It is likely this video has been copied and sold.  Miami PD is not talking.  Probably a good time for the police to plead the Fifth.  The problem is linked back to 5 IT vendors who did not protect the data.   Either police departments did not care (worst cast) or do proper due diligence (best case).  I hope they have a bunch of insurance because you know that there will be lawsuits.  At some point people will figure out that even though vendor cyber due diligence is hard, getting sued and defending yourself is even harder.  Source: The Register.

If China Can’t Buy Memory Chips From the US, it will Get into the Memory Biz and Compete Against Us

In the trade wars are hard department, the Chinese just convinced the Godfather of Japan’s DRAM business to come to China and head up a company that plans to build its own memory chips.  This is likely the result of the current trade war.

If successful, the result will be that western memory chip makers will lose all of their sales to China, but more importantly, China might flood the market with cheap memory chips, damaging the worldwide multi-billion dollar memory business.  Source: The Register.

Microsoft to Require CSPs to Use Multi-Factor Auth

In light of the recent leak of details on Cloud Hopper, Microsoft is becoming very visible and requiring their O.365 resellers to use multi-factor authentication in order to reduce the risk that they represent to the ecosystem.  This is a proactive effort on their part – likely – as  they have not been publicly named as a cloud hopper victim, but they certainly are a target.  Source: Brian Krebs.

 

Presidential Alerts Spoofable

Okay, no jokes about our current President’s love of twitter.

Researchers at the University of Colorado (CU) have demonstrated how easy it is to spoof the Presidential alerts – assuming you even get them (you may remember they tested the system last year and lots of people, including me, didn’t get the test).

In this case, the CU researchers say that 4 low power base stations could target every person in a football stadium of say 50,000, causing mass panic.    While it might be hard to get these briefcase size devices inside a football stadium, it would be pretty easy to get it into soft targets like office buildings or shopping centers and depending on the message (Ex: Inbound nukes from China; will detonate here in 10 minutes), could cause mass panic.  Source: BBC

Facebooktwitterredditlinkedinmailby feather

White House Acting Budget Chief Wants to Delay Huawei Ban

 

O P I N I O N

Acting budget director Russel Vought is seeking to delay the ban of Huawei for another two years (or for a total of four years after the ban was enacted).

If they are a risk to national security, is it okay to compromise national security for two more years?

Apparently so – or is it that they are not really a risk to national security and this is just an effort to get China to the bargaining table?  We don’t know.

What we do know is that Vought is saying that the ban would cause a “dramatic reduction” in companies that supply the government.  Obviously, if the government can’t get parts or systems that they need, that is a risk all by itself.

More bizarrely, the budget office says that not banning Huawei for four  years as suggested wouldn’t go against the policy of Huawei not being allowed to do business in the US.  So doing business for four years doesn’t go against the policy of not being allowed to do business in the US?  I am having a hard time grasping that government double speak.

The ban would also apply to companies getting federal grants or loans.  This includes rural telephone companies.  Banning Huawei would mean that these rural telephone companies would no longer be able to deploy 5G cell systems – maybe forever unless the government comes back with billions in more loans or grants to cover the extra cost of using another vendor.  France just announced that replacing Huawei – which they have NOT agreed to do – with another vendor would cost them 52 BILLION Euros.  The United States is bigger and more complicated than France, so likely someone will need to cough up hundreds of billions of dollars to replace Huawei equipment.

Alternatively, Americans, especially in rural America (like me who lives 20 miles from downtown Denver), who already have cell service on par with countries like Nigeria (really!) will continue to have crappy cell and Internet service.

Maybe that is okay.  I know my Internet is 1/10th the speed of my brother’s home Internet connection in Europe at twice the price –  a factor of 20 difference.  In fact, legally, my Internet service cannot even be called broadband because it is too slow.

It does seem that if we really think Huawei is a security problem, then we need to ban them now and not in four years as planned and continue to have crappy Internet and cell service.  That will put our businesses, consumers and students at greater risk of becoming second class to other countries, but that is the price we may have to pay.  It may motivate people to think outside the box and come up with breakthrough solutions.

The good news is that our slow, crappy Internet and cell service makes it harder to hack us, so maybe there is a silver lining.  Source: CNet.

 

 

Facebooktwitterredditlinkedinmailby feather

Security News For The Week Ending May 3, 2019

U.S. Trains UAE Spies to Spy on Americans

Reuters has written an expose on how the State Department granted a U.S. Company an ITAR license to train UAE spies on hacking.  The plan, which got out of control, what to constraint the UAE spies, but once they were trained, they fired their U.S. trainers and started spying on royalty around the Middle East and even Americans in the U.S.  The FBI has been investigating since 2016, with no charges.

The challenge is that if we said no to training them, they would likely go to the Chinese.  If we indict them, they are less likely to be our friends and instead work with the Russians and Chinese. It is a bit of a lose-lose situation.

Read the Reuters article here and listen to Stewart Baker (formerly of the NSA and DHS)  interview the journalists (the second half of this podcast) here.

 

Over 500% Increase in Ransomware Attacks Against Businesses

In contrast to the FBI stats from the other day,  Malwarebytes Q1 2019 report paints a different picture.  The FBI stats only reflect what is reported to them, while Malwarebytes stats reports what their endpoint protection software is actually seeing, whether reported or not.

While they show that consumer detections were down by 24% year over year, business detections were up 235%, indicating that attackers are going after business targets – where the data is juicier and they might pay to get it back.

In the commercial world, different than the consumer world, ransomware is up 189% since Q4 2018 and 508% since Q1 2018.  This means that businesses are definitely being targeted.

One thing that is not clear from the report, but likely this includes both successful and failed ransomware attacks since this is an endpoint security product collecting the data.  Source: Bleeping Computer.

Scott County Schools Suffers $3.7 Million Business EMail Compromise Loss

In case you were wondering how that $1.3 BILLION Business Email Compromise number happens – A small school district in Kentucky got suckered into paying a social engineer $3.7 million instead of paying the correct vendor.  Sounds like they need some training and I bet they get some –  after the horse and their money is out of the barn.  Source: KnowBe4.

 

Supply Chain Risk is a Major Problem

Germany based CityComp, who has clients such as SAP, BT and Oracle, was hacked earlier this month.  The hacker asked for $5,000 which was not paid.  The hacker claims to have over 500 gig of data in 312,000 files.  Which is set to be released.  Because a vendor was hacked.  In part because their client’s vendor cyber risk management program did not impart the seriousness of cybersecurity.  Supply chain risk is a critical problem which is not being adequately handled.  Read the details at The Register.

 

Google Adds New Option to Auto-Delete Some History

Google says that they will begin rolling out a couple of changes with respect to privacy.  Although they are small changes, any change in this direction is a good thing.

Google will allow you to specify how long they should keep your app activity and location data, but there are only three options – until you delete it, for 18 months or for 3 months.

You could before and still can turn it off completely, but that makes certain Google functions less useful in some people’s view.

Ultimately a small, but good, move.  Source: The Hacker News.

 

Global Security Officials Meet to Hammer Out 5G Security

The United States and security officials 30 European Union and NATO countries as well as Japan, Australia and Germany are meeting in Prague to figure out how to combat security threats in 5G cell networks.  China and Russia were not invited!

The plan is to set up certain security conditions that Huawei and other Chinese vendors would likely not be able to meet.  Stay tuned for more details.  Go for it fellas.  They may have just played the Chinese.  Source: Reuters.

 

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending April 19, 2019

Microsoft Pulls Patches AGAIN After Some Computers Become Super Secure

Users of Sophos and Avast, especially those running Windows 7 or Windows 8 – but not Windows 10 – got their computers bricked after this month’s update.  Microsoft has had multiple update failures over the last 6 months, causing admins to wait a week or two before installing patches.  In general, this is probably an acceptable risk.  In this case, users had to boot the computer in safe mode, disable their AV, reboot and uninstall the patch.  Then they can re-enable the AV software.  A bit of a pain for companies with a lot of PCs.  Microsoft has now blocked the patch if it sees a problem machine.

NOTE:  If you need a reason to update to Windows 10, Microsoft is releasing an update to back out these failed updates automatically, but, of course, only in Windows 10.

Source: The Register.

Facebook is, Apparently, in the Black Market Business

For many people, who do not love Facebook, they would have said this even before this revelation, but now it is official.

Facebook really does not have the ability to police billions of accounts.  You just can’t get there from here.

This time, researchers at Cisco’s Talos group found 74 groups selling criminal wares, very publicly, on Facebook.  Everything from stolen credit cards to spamming tools.

The groups, which had close to 400,000 members have been removed.  No doubt, immediately replaced with new ones.  Source: Info Security Magazine.

Genesee County Michigan Joins Many Other Municipalities in Falling to Ransomware

Genesee County was hit by a ransomware attack last week.  Initially, they said no biggie, they would be back the next day.  A week later, they are still wrestling with it, although, it appears, they have a lot of services back online and seem to be making progress towards the rest.

While they are keeping mum about the details, it certainly appears that they had a good backup and disaster recovery strategy, unlike a lot of cities and towns (remember Atlanta last year?)   Source: SC Magazine.

 

China Is Following in US Lead – US Upset

Huawei Marine Networks is currently constructing or improving nearly 100 submarine cables.

Similar to the Hauwei 5G controversy, western intelligence is concerned that they might eavesdrop on the data since just one cable with multiple fibers might carry 100 gigabits of traffic or more –  a very nice prize.

Until recently, the United States and its friends in the Five Eyes countries have had somewhat of a monopoly in spying on Internet traffic.

Now China and other not so friendly countries have the ability also and want in on the action.  The United States would prefer to keep the capability to itself.

Since the U.S. has repeatedly preferred a less secure Internet to make it easier for it to spy on others (consider the NSA’s successful efforts to modify encryption standards to make them easier to crack as has been revealed over the last few years as just  one example).  Now that others have the ability to spy on us as well, the lack of security works both ways.  According to Bruce Schneier, the U.S. is going to have to make a decision – a secure Internet which is harder for everyone to hack or a weak Internet which is easy for our adversaries to crack.  Source: Bruce Schneier.

Hacker Publishes Personal Information on Thousands of Law Enforcement Agents

Hackers believed to be based in Ukraine claim to have hacked more than 1,000  sites and have published the personal information (names, phone numbers and street addresses)  of about 4,000 federal agents such as the FBI Academy grads.

When a reporter asked if the hacker was concerned that putting this information out would put federal agents at risk, he responded “Probably, yes”.  The hacker also demonstrated being able to deface an FBI Academy Alumni Site.  His motivation, he said, is money.

The hacker claims to have data on over 1 million  people and is working on formatting it to sell.

The FBI Academy Alumni Association only said that it was investigating.  Techcrunch is NOT publishing the name of the hacker’s website.  Source: Tech Crunch.

 

Expensive IoT Hack

Car2Go, recently renamed Share Now, has suspended its service in Chicago out of “an abundance of caution”.

That caution comes from the fact that 100 of their cars were stolen and some of them used in crimes.  Half of the cars were Mercedes.

Some people have been arrested and a few cars have been recovered.

If we assume that the average cost of one of these vehicles is $50,000 then the loss of 100 cars and the brand damage from news reports like “Robbing a bank?  Steal a Cars2Go to make your getaway” or whatever, is significant.  While the hard cost could be covered by insurance, likely the bigger issue is that they don’t understand how the Car2Go app was hacked to allow the thieves to steal a large number of expensive luxury cars.  They likely won’t restart the service until they figure that out.

One more time, Internet of Things security is a challenge (I assume that you use the app to unlock and start the car).  In this case, they probably spent a bit on security, but apparently not enough.

This is one case where APPLICATION PENETRATION TESTING and RED TEAM EXERCISES become very important.  Luckily the hackers weren’t terrorists and didn’t use the cars to kill people.  That would have been a real challenge to do damage control over.

We need to work diligently on IoT security before it becomes more than a financial issue.  Source: NY Daily News.

Facebooktwitterredditlinkedinmailby feather