In part 1 of this blog series, we explored how to use delayed response and diversion as hack back tactics against attackers. Here, we up the game and explore some additional creative deception techniques. Potemkin Apps Back in 1787, the Empress Catherine II of Russia was touring the newly acquired Crimea via a barge trip…
Read MoreFigure 14: Statistics of the Monero mining payment address belonging to the attacker The attacker has earned 8.76 Monero coins by now,4 with a current price of 110.79 USD per a Monero coin,5 which totals to 970.52 USD. According to the information provided on the mining server website, this operation began around June 1.…
Read MoreIn July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of…
Read MoreIf you think everything’s gone cyber now, just wait. “Digital transformation” is shifting all aspects of modern life — think automated grocery stores, driverless cars and trucks, even our social lives — and it all brings new forms of risk. Consequently, security is becoming one of the top fields in the world. But it’s not…
Read MoreBackSwap is new banking malware recently discovered by Eset1 and later analyzed by CERT Polska.2 Unlike previous banking trojans, which typically either intercept requests and redirect users to fake banking websites or inject malicious code from command and control (C&C) servers to manipulate browser processes, BackSwap keeps its campaign locally. The JavaScript is hardcoded and…
Read MoreIn August 2018 when we presented our research on the extreme vulnerability of many emergency services vehicles due to their use of onboard cellular gateways, we hoped to get the attention of people who could help change things. After all, when you tell the world you’ve been able to easily track police cruisers, in real-time,…
Read MoreEvery CISO dreams of the unhackable computer. A common method of bullet-proofing a system is to disconnect it from the outside world.1 No Internet. No wireless. No modem. Then you surround the computer with guards and gates. This is called an air-gapped system and it is supposedly hack-proof. In reality, it’s not. In 2010, the…
Read MoreOne of the missteps I found was that, by default, the Tor node would accept and relay BitTorrent traffic. My American ISP detected the BitTorrent traffic exiting my node and started sending me emails, and, I suspect, interfering with my network traffic (though I didn’t prove that beyond a suspicion). Fortunately, the Tor Project…
Read More
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. The crackdown has begun with 13 individuals and their close families (i.e., spouses and children) linked to commercial spyware operations. Taken pursuant to Section 212 (a)(3)(C) of the…
Read MoreCertificate revocation is an important, if ill understood, part of enterprise security. In this three-part blog series, I’ll explore why we need it, how you do it, and strategies for maximizing the benefits you get for it. Certificates Everywhere The use of digital certificates is growing exponentially. In particular, the move to a fully encrypted…
Read More