New Hampshire Ranked The Least Developed State In The US In Terms of Cyber Security Practices

So, I bring up this research here today for no other reason than the fact that I live in New Hampshire and ironically, am struggling to operate a cyber security business here. Regardless, earlier today I stumbled upon the results of a new study carried out by researchers at Wakefield and Webroot Security, breaking down security habits/practices across the United States. What they uncovered was certainly interesting, to say the least.

For example, according to the data, researchers discovered that the top five safest states across the US in terms of cybersecurity were Mississippi, Louisiana, California, Alaska, and Connecticut – in that order. Consequentially, on the other side of the spectrum, the top 5 least safest states in terms of cybersecurity were found to be Kentucky, Idaho, Ohio, North Dakota, and New Hampshire. As you can imagine, this news was particularly interesting/depressing to me, especially given my situation.

Other Results from The Study:

5% of Americans back up their files or file systems.
62% of Americans only use free versions of anti-virus software.
63% of Americans use the same password across all of their online accounts.
64% of Americans don’t secure their social media accounts.
80% of Americans have never even heard of the term “Malware” before – let alone understand it.
– Somehow, despite all of these stats, 90% of Americans say they believe they are practicing proper proper cyber security strategies.

Download Study: https://protect-us.mimecast.com/s/afaOCo2vOqfr2VrJqF1E7kb?domain=www-cdn.webroot.com

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/05/Wakefield_Research_Analysis_of_Results_for_Webroot_Risk_Poll_Survey_002.pdf”%5D

Investigative Report: How Mass Surveillance Works Inside China

(HRW) – Chinese authorities are using a mobile app to carry out illegal mass surveillance and arbitrary detention of Muslims in China’s western Xinjiang region. The Human Rights Watch report, “China’s Algorithms of Repression’: Reverse Engineering a Xinjiang Police Mass Surveillance App,” presents new evidence about the surveillance state in Xinjiang, where the government has subjected 13 million Turkic Muslims to heightened repression as part of its “Strike Hard Campaign against Violent Terrorism.

Between January 2018 and February 2019, Human Rights Watch was able to reverse engineer the mobile app that officials use to connect to the Integrated Joint Operations Platform (IJOP), the Xinjiang policing program that aggregates data about people and flags those deemed potentially threatening. By examining the design of the app, which at the time was publicly available, Human Rights Watch revealed specifically the kinds of behaviors and people this mass surveillance system targets.

Download Full Report: https://www.hrw.org/sites/default/files/report_pdf/china0519_web3.pdf

Our research shows, for the first time, that Xinjiang police are using illegally gathered information about people’s completely lawful behavior – and using it against them,” said Maya Wang, senior China researcher at Human Rights Watch. “The Chinese government is monitoring every aspect of people’s lives in Xinjiang, picking out those it mistrusts, and subjecting them to extra scrutiny.

Human Rights Watch published screenshots from the IJOP app, in the original Chinese and translated into English. The app’s source code also reveals that the police platform targets 36 types of people for data collection. Those include people who have stopped using smart phones, those who fail to “socialize with neighbors,” and those who “collected money or materials for mosques with enthusiasm.

The IJOP platform tracks everyone in Xinjiang. It monitors people’s movements by tracing their phones, vehicles, and ID cards. It keeps track of people’s use of electricity and gas stations. Human Rights Watch found that the system and some of the region’s checkpoints work together to form a series of invisible or virtual fences. People’s freedom of movement is restricted to varying degrees depending on the level of threat authorities perceive they pose, determined by factors programmed into the system.

A former Xinjiang resident told Human Rights Watch a week after he was released from arbitrary detention: “I was entering a mall, and an orange alarm went off.” The police came and took him to a police station. “I said to them, ‘I was in a detention center and you guys released me because I was innocent.’… The police told me, ‘Just don’t go to any public places.’… I said, ‘What do I do now? Just stay home?’ He said, ‘Yes, that’s better than this, right?

The authorities have programmed the IJOP so that it treats many ordinary and lawful activities as indicators of suspicious behavior. Some of the investigations involve checking people’s phones for any one of the 51 internet tools that are considered suspicious, including WhatsApp, Viber, Telegram, and Virtual Private Networks (VPNs), Human Rights Watch found. The IJOP system also monitors people’s relationships, identifying as suspicious traveling with anyone on a police watch list, for example, or anyone related to someone who has recently obtained a new phone number.

Based on these broad and dubious criteria, the system generates lists of people to be evaluated by officials for detention. Official documents state individuals “who ought to be taken, should be taken,” suggesting the goal is to maximize detentions for people found to be “untrustworthy.” Those people are then interrogated without basic protections. They have no right to legal counsel, and some are tortured or otherwise mistreated, for which they have no effective redress.

The IJOP system was developed by China Electronics Technology Group Corporation (CETC), a major state-owned military contractor in China. The IJOP app was developed by Hebei Far East Communication System Engineering Company (HBFEC), a company that, at the time of the app’s development, was fully owned by CETC.

Under the Strike Hard Campaign, Xinjiang authorities have also collected biometrics, including DNA samples, fingerprints, iris scans, and blood types of all residents in the region ages 12 to 65. The authorities require residents to give voice samples when they apply for passports. All of this data is being entered into centralized, searchable government databases. While Xinjiang’s systems are particularly intrusive, their basic designs are similar to those the police are planning and implementing throughout China.

The Chinese government should immediately shut down the IJOP platform and delete all the data that it has collected from individuals in Xinjiang, Human Rights Watch said. Concerned foreign governments should impose targeted sanctions, such as under the US Global Magnitsky Act, including visa bans and asset freezes, against the Xinjiang Party Secretary, Chen Quanguo, and other senior officials linked to abuses in the Strike Hard Campaign. They should also impose appropriate export control mechanisms to prevent the Chinese government from obtaining technologies used to violate basic rights. United Nations member countries should push for an international fact-finding mission to assess the situation in Xinjiang and report to the UN Human Rights Council.

Full 78 Page Research Presentation:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/05/china0519_web3.pdf”%5D


This article was originally published by Human Rights Watch on May 2nd 2019. It was republished, with permission, using a Creative Commons BY-NC-ND 3.0 US License, in accordance with the Terms & Conditions of Human Rights Watch | Formatting edits, Teets, Videos and pdf added/embedded by Rogue Media Labs

Hackers Take Down +1 Million Websites, Deface Them with Message Reading “Jerusalem Is The Capitol of Palestine”

According to multiple sources, this past weekend, April 2nd 2019, unknown hackers launched a massive attack against the Hebrew based website known as Nagich, a web hosting platform utilized by more than 1 millions businesses/users across the Middle East – including Partner, 012 Mobile and Golan Telecom, Hapoalim Bank, Clinique, Estee Lauder, McDonalds, Subaru, Fiverr and Coca-Cola. For a period of time greater than 1 hour, hackers were able to poison Nagich‘s Domain Name Servers (DNS) and intercept/re-route all traffic flowing through them. In doing so, every visitor to a website hosted by Nagich, of which there are literally over 1 million, were re-directed to blank websites reading “Palestine is the Capital of Jerusalem.

Analyzing the attack a little further, it appears as though it wasn’t the hackers primary intent just to hijack, deface and re-route internet traffic in the region. Rather, it appears to be a failed attempt to deliver ransomware to every person unfortunate enough to have visited a site hosted by Nagich during the time of the attack. Once again, considering that the Nagich hosts over 1 million domains, the ransomware attacks could have theoretically compromised untold millions of people in just 1-2 hours time, which would have made it one of the single largest ransomware attacks in history.

For example, for a period of 1-2 hours, every visitor of a website hosted by Nagich was exposed to an auto-loading piece of malware crafted via JavaScript, attempting to deliver the following payload…

Malware Payload: hxxp://185.163.47.134/flashplayer_install.exe
Analysis of Ransomware: https://www.hybrid-analysis.com/sample/d7e118a3753a132fbedd262fdf4809a76ce121f758eb6c829d9c5de1ffab5a3b?environmentId=100

In statements to Noticia de Israel, according to Nagich, “the hackers entered the company’s DNS [Domain Name System] records and changed the number indicating Nagich’s domain name to redirect Nagich’s traffic to its own malicious server. And since all the companies that use Nagich used the same Javascript access code, all the pages of the clients’ websites that were not sufficiently protected were exposed.” However, at this moment in time there are no reports that anyone successfully downloaded the ransomware file, and despite the defacement of greater than 1 million websites via a singular attack, Israeli authorities are doing their best to spin the hack as a “failed attack.

Don’t get it twisted however, a defacement of +1 million websites in a single night is certainly world class. Moreover, given the US’s DNS hijacking during January and this most recent DNS attack of Israel in March, I’m going to go out on a limb and state that DNS poisoning attacks are only going to become more and more prevalent as we move forward throughout 2019 and beyond. You have been warned.

CERT South Korea Leaks New C&C Tool for Korean Android Stealer

Earlier today the source code behind a new C&C extractor for Android devices was leaked online by “JayK,” a Community Emergency Response Team (CERT) employee out of south Korea. The malware is said to be a tool for Korean Android Stealer, authored by Jacob Soo, which has the ability to extract asset files from C&C streams – including resources such as models, textures, sounds and music.

Briefly explained by “0x20k” aka urharmful of Ghost Squad Hackers, the tool essentially works by:

Image may contain: text

Leaked Source Code by JayK: https://ghostbin.com/paste/ojuoh

No automatic alt text available.

Image may contain: text

 

Kaspersky Lab Releases Security Bulletin 2018 – Cyber Year In Review

This week Kaspersky Lab released their annual report entitled “Kaspersky Security Bulletin 2018,” outlining several key statistics faced by the company and its users throughout the course of 2018. While the statistics provided below only reflect those experience by the company, considering the fact that Kaspersky is considered by many, including myself, to be the worlds most secure software/anti-virus provider, their report does paint a unique and interesting depiction of today’s cyber landscape, as well as how it is slowly evolving or changing over time.

Key Findings/Statistics:

  • 92.1% of all attacks on Kaspersky users originated out of just 10 base countries.
  • Kaspersky Lab software deflected/prevented approximately 1,876,998,691 cyber attacks in the calendar year 2018.
  • 30.01% of all computers installed with Kaspersky software faced at least 1 malware-class cyber attack in 2018.
  • Kaspersky Lab detected 554,159,621 malicious URL’s in 2018.
  • Malicious URL’s were the worlds primary source of malware delivery in 2018, followed by Trojan.Script.Generic
  • 765,538 computers were targeted by various “encryptors,” such as ransomware in 2018.
  • Kaspersky detected 39,842 changes to crypto-related ransomware source codes and discovered 11 new malware families throughout the course of 2018.
  • There were over 220,000 attempted ransomware attacks against international corporations alone in 2018.
  • In order, Bangladesh, Ethiopia, Uzbekistan, Nepal and Vietnam were the 5 most heavily targeted countries by encryptors/ransomware in 2018.
  • Kaspersky Lab software blocked approximately 830,135 banking trojans in 2018.
  • In order, Germany, Cameroon and South Korea faced more banking malware attacks than any other countries on Earth in 2018.
  • Kaspersky Lab anti-virus detected 21,643,946 unique malicious objects in 2018.
  • There has been a 336% increase in Microsoft Office exploits from 2017 to 2018.
  • 54.69% of all web-attacks were delivered via Microsoft Office, 19.79% were delivered via web browsers and 17.92% via Android Applications.
  • The United States of America was far and away the worlds primary source of web-based attacks in 2018, with 45.65% of all web attacks/threat actors originating out of the country. This was followed by the Netherlands 17.53%, Germany 11.7%, France 7.54% and Russia 3.41% 
  • Adware campaigns were detected on 53% of all computers worldwide.
  • Based on their analysis, no countries are at greater risk of online infection in the future than Algeria, Belarus, Venezuela, Kazakhstan and Moldova.
  • Vietnam, Afghanistan, Uzbekistan, Laos and Mongolio are the 5 countries at greatest risk from local infections in 2018; infections targeting computer hardware.

Read Full Report:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/12/KSB_statistics_2018_eng_final.pdf”%5D