The security researchers have identified a malware named SpyDealer, which affects Android smartphones running Android versions between 4.4 KitKat and 2.2 Froyo. SpyDealer abuses a popular rooting app to gain root permissions. After that, the malware gets the power to exfiltrate private data from more than 40 apps, including Facebook, WhatsApp, etc.
Drone hackers in the UK are busy at work exploiting the application security shortcomings of a major manufacturer to circumvent restrictions, including flight elevation limits. DJI says it has pushed out a firmware update to nip the problem in the bud, but one expert The Register spoke to maintains that hacking is still possible.
In the past two weeks, two further healthcare organizations have announced that they have experienced ransomware attacks that potentially resulted in the protected health information of patients being accessed by cybercriminals. A combined 11,843 patient records were exposed in the two attacks.
Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels.
Threat intelligence sharing will define the cyber security industry by 2020, as an effective method to combat the cyber attackers
cyber attacker determined to breach a business’s IT defences will do whatever they can to succeed. They’ll come at them with sophisticated malware and a detailed knowledge of your business, trying to bypass security measures by sneaking in via an infected email attachment, malicious web link, compromised website or USB stick opened by an unsuspecting employee.
They may lie dormant in a business’s systems for months, but one day they will strike, unleashing cyber-espionage tools designed to seek out and steal your most precious and confidential information. Whether any of this effort gets them anywhere is another question.
Companies now realise that securing every endpoint, network and system is still critical, but is unlikely to be enough on its own. Certainly not against an advanced, targeted attacker. Welcome to the brave new world of anti-targeted attack solutions and threat deception.
The approach of deceiving opponents into thinking you’re something or somewhere you’re not is one of the oldest military tricks in the books. Lures and decoys have been used in conflicts throughout history to distract, delay or confuse the enemy, often with great success.
Cyber attackers have embraced this approach – for example, by planting ‘false flags’ in their malware code to muddy the waters of attribution and point the finger of blame at other attack groups or even countries.
Feel the fear and do it anyway
Organisations sometimes don’t realise they, or their partners and contractors, have been compromised until days or even months after it has happened; unaware that attackers are inside their network helping themselves to their intellectual property, financial records, confidential communications, encrypted information, contacts and more. Putting an end to such potential damage requires new technologies, but also a new mind-set about IT security: don’t fear the invasion, prepare for it.
Divert, distract, delay
Threat deception strategy can be implemented on many levels, with false or misleading components installed on various levels like networks, endpoints, applications, documents, or even records in databases. None of them should get in the way of day-to-day operational needs.
Or, if the attackers make it as far as the data – either without detection or detected-but-contained, and under surveillance – they could find themselves capturing a tagged decoy document where they expect the confidential goodies to be, such as on a computer belonging to the CEO. They have no way of telling the difference.
Tracking the trackers
The key is to understand your network, and the systems or data of greatest potential interest to an attacker. Then set your traps in these areas. As soon as the attacker strikes, the alarm is triggered and their cover is blown. They can then be contained or, using other deceptive techniques, sent off on a wild goose chase where they can do no harm, but their actions can be tracked and analysed.
Know your enemy – your enemy knows you
Knowledge is power. As the stakes between cyber attackers and their targets continue to rise over the coming years, the value of such knowledge will only increase. Cyber security in 2020 will be marked by more subtle, intelligence-led tactics, complemented by human insight and analysis. Threat deception, either on its own or as part of a multi-layered anti-targeted attack process, will be an integral part of this.