If you are NOT using BitRater X-Ray or other tools to block PowerShell etc, a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an old campaign named MuddyWater will be a big threat.
We expect that other areas will be the target very soon?!? We can only assume that there is a connection between these new attacks and the old MuddyWater campaign. It means that the attackers are not merely interested in a one-off campaign but will likely continue to perform cyberespionage activities against their targeted countries and industries.
Read more about the old muddywater here: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
A true air gap means the machine or network is physically isolated from the internet, and data can only pass to it via a USB flash drive, other removable media or a firewire connecting two computers directly. But many companies insist that a network or system is sufficiently air-gapped even if it is only separated from other computers or networks by a software firewall. Such firewalls can be breached if the code has security holes or if the firewalls are configured insecurely.
From history, evidence has shown that air-gapped systems can also be attacked through radio waves. Researchers in Israel showed how they could siphon data from an air-gapped machine using radio frequency signals and a nearby mobile phone. The proof-of-concept hack involves radio signals generated and transmitted by an infected machine’s video card, which are used to send passwords and other data over the air to the FM radio receiver in a mobile phone.
The method is more than just a concept, according to wired.com in 2014, an agency has reportedly been using a more sophisticated version of this technique for years to siphon data from air-gapped machines. Using an hardware implant called the Cottonmouth-I, (it’s a Universal Serial Bus (USB) hardware implant which will provide a wireless bridge into a target network as well as the ability to load exploit software onto target PCs), which comes with a tiny embedded transceiver, the agency can extract data from targeted systems via RF signals and transmit it to a briefcase-sized relay station up to eight miles away*
That’s a pretty large air gap to jump. This, and the use of attacks via USB flash drives, effectively mean that no air-gapped system is beyond the reach of attackers!
This is why it is extremally important to protect endpoints like laptops, desktops and servers against unwanted processes (from malware or infected/designed USB sticks) from the start. With BitRater X-Ray correctly installed and configured is it possible to use computer systems and USB sticks as they are designed to be used without worrying about this kind of security breach.
Our CEO Ebbe B. Petersen gives a speech at the Organisation of Danish Water Supplies conference in Aars, Denmark about protecting critical infrastructure sectors against cyber threats.
►► Read about latest FBI warning of attacks on government entities, multiple critical infrastructure sectors (energy, nuclear, water, aviation and more) and other critical manufacturing sectors and commercial facilities: https://lnkd.in/duCpAWk
A new more advanced CEO fraud is now a problem. Key employees in high-tech Norwegian companies have activated automatic forwarding of their e-mail. The e-mails are forwarded to e-mail accounts that are unknown to the businesses. In some cases, this has occurred for up to seven months. The majority of companies use Microsoft Office 365 and the forwarding rule has been set up for an “Inbox Rule” in the email accounts.
The fraudsters use the email accounts to send emails as either:
- Real invoices with changed account number.
- A message to end the account number on a previously received invoice.
- False invoices.
The attacker uses the victim’s real email account. As the fraudsters do not fake the sender, this indicates that the account is compromised. In total, this means that fraud appears to be MORE professional than ‘ordinary’ CEO fraud.
Along with staying ahead of the cyber security world, we’re making some small visual changes to our website reflecting changes in our ever dynamic overall product and brand Watch this space for a new look BitRater website!
Most importantly, we have launched our latest product update – version 17.2
Summary of main updates:
- Whitelisting policies can now be controlled individually
- A ”Default” button resets all settings to BitRater standard
- ”Use Certificate Whitelisting” is a new feature, where you can use Certificates to determine if an unknown file should be able to execute. The Certificate Whitelist is maintained in the BitRater Cloud
- New features: ”Block Powershell” and ”Block Windows Script Host”Whitelist can be managed both on the Server and the Client
- File synchronising history is a new feature you have ability to see the last 10 computers that have synchronized a certain file
- Updating of communication servers is now threaded. Meaning, multiple communication servers are being updated simultaneously instead of sequentially. Resulting in much faster synchronisation.
- Communications Servers: No longer stopping client synchronisation while updating.
- A complete overview of all clients that have logged on to the server. If this was a while ago, it will show with a red cross.
WHAT TO EXPECT NEXT?
Most importantly, we have updated the GUI design on both the Client and Management Server.
Summary of main updates in the new 2018 version:
- Easy and quick overview of notifications.
- New Management Server policy view.
- New Management Server dashboard.
- New and simple deployment tool.
- Quick overview of the security status such as known malware stopped, unknown process stopped, connected endpoints, expected endpoints and anomaly warnings and more.
We are so proud to sponsor this conference in Denmark and special thanks to his Royal H.K.H. Prince Joachim for doing the opening speech.
Opening session by H.R.H. Prince Joachim
Discussion with H.E. Mogens Lykketoft, form. President of the United Nations General Assembly and H.E. Uffe Ellemann-Jensen, form. Minister for Foreign Affairs of Denmark
The defence agreement and the security policy situation
The conference will highlight the security policy situation and the Danish defense agreement, including Denmark’s contribution to NATO’s Ballistic Missile Defense as well as the threat from Russia and Isis.
The security policy situation has changed
We are facing a more challenging security policy situation since the fall of the Berlin Wall. What no one thought was likely for 3-4 years ago is today reality. The security policy situation is determining the content of the defense agreement 2018-2023. What assignments is Danish defense expected to solve in the future and what should it be prepared for?
The conference will therefore highlight:
- The present security policy situation
- What tasks is Danish defense expected to solve?
- How will the future Danish defense be organised?
Ebbe B. Petersen our CEO will soon be ready to speak at this year’s Information security conference for the financial sector in Doha. If you have some real bad malicious malware, then come to our stand with Vauban. We will again this year show how we block even the most evil and unknown malware from executing! On a Sunday you may ask?
Yes this is how things are working here in Qatar.