European Cybersecurity Strategy: Telefónica´s support

Florence Broderick    14 July, 2016

Telefónica welcomes two relevant milestones that have taken place in Brussels during the last days in order to foster the European cybersecurity strategy to avoid incidents that can undermine consumer confidence and cause major economic damage to European business and the economy at large.  Cybersecurity and the fight against cybercrime has turned into one of the political priorities for the ICT sector in the EU and Telefónica is ready to play its part.
   
On July 6th, the European Parliament Plenary voted on the Directive on Network and Information Security following the adoption by Council in last May.

The NIS Directive is the first EU wide legislation on cybersecurity ever and culminates a long process of negotiations between Parliament, Council and European Commission.

Once the Directive enters into force (on the twentieth day after it´s been published in the EU Official Journal in August) Member States will have 21 months to transpose it into their national laws.

For the first time, NIS Directive creates a legislative framework that will also apply to some digital services, leveling the playing field and establishing harmonized requirements regardless of whether the providers of these services are based in the EU.

The three pillars of the Directive aim at:

  • developing of national capabilities
  • cooperating among national Authorities
  • establishing specific security obligations and notification requirements for operators of “essential services” (traditional critical infrastructures) and providers of “digital services” (such as Cloud providers, online market places and search engines)

One day before the NIS Directive was voted by the European Parliament, on July 5th, the Commission  adopted a Cybersecurity Package composed by a decision establishing a contractual Public-Private Partnership on Cybersecurity expected to trigger €1.8 billion of investment by 2020 and a Communication on a Competitive and Innovative Cybersecurity Industry, setting the basis for a “industrial policy” on Cybersecurity.

The cPPP is basically a contract between the Commission and the European Industry with a commitment to co-finance specific lines of research. Pedro Pablo Pérez, ElevenPaths’ CEO and Telefónica Global Security Managing Director, has been appointed as member of Board of Directors and also Partnership Board of European Cybersecurity Organization (ECSO), the association that will implement the cPPP. 

Telefónica is the only telco operator that has been selected to occupy this relevant position. This reinforces our commitment to enhance Digital Confidence of customers, citizens and businesses, in line with Telefónica’s positioning in Public Policy and our willingness to engage with the Commission in realizing the vision for a secure and trusted online environment in Europe.

The main goals of the Cybersecurity cPPP are:

  • to improve industrial CyberSecurity capacities and digital autonomy of the EU, by promoting trust and security in digital services and networks in response to global cyber threats, while respecting EU values (Fundamental Right to Privacy)
  • to stimulate developments of EU industrial and technological resources to overcome
    • existing gaps in EU technology and online services
    • existing barriers for the achievement of a real Digital Single Market for Cybersecurity products and services
  • with the ultimate goal of contributing to a strong European Cybersecurity Industry

As we can see, there is a firm commitment manifested, now it´s time to move from words to deeds because nowadays the digital world goes much faster than the physical. There is no time to waste.

» The original post is based on Telefonica’s Public Publicy Blog and written by Andrea Fabra
“European Cybersecurity Strategy: Telefonica’s support”

Another month, another new rooting malware family for Android

Florence Broderick    11 July, 2016
Several months ago there was a media explosion about Android-rooting malware on Google Play. Those families were discovered by Cheetah Mobile Security Research Lab, Check Point, Lookout, FireEye, and Trend Micro and variously named NGE MOBI/Xinyinhe, Brain Test, Ghost Push, Shedun or Kemoge. In a previous report, we tried to connect the dots and concluded that there was a good chance each malware was developed by the same group which evolved its techniques dating back to 2014.

Now, it’s happening again: There are numerous reports in the media about HummingBad, Hummer, and Shedun Reloaded. Do them belong to the same malware family? It all depends which lab is doing the analysis. Three different families or not?

HummingBad

In February, Check Point alerted the market about HummingBad. It followed the same “rules” established by the Brain Test family, which means it introduces a rootkit on the phone, is almost impossible to remove, and installs fraudulent apps automatically. But it was stunningly more sophisticated. It was installed by drive-by-downloads, its content was encrypted, and it used several redundancy methods to ensure infection (including automatic and, if not possible, social engineering). Some of the infrastructure used as a C&C was hxxp://manage.hummerlauncher.com domain, hxxp://cdn.sh-jxzx.com/z/u/apk, hxxp://fget.guangbom.com and hxxp://d2b7xycc4g1w1e.cloudfront.net. And it gets worse. In early July, Check Point researchers attributed HummingBad to a “legitimate” advertising company called Yingmob, responsible as well for the iOS malware called Yispecter that took advantage of its enterprise certificate to install itself and was discovered in late 2015. 

Hummer

Also in July, Cheetah Mobile wrote about a malware it called Hummer, a new threat different from GhostPush (its own name for Shedun, Kemoge, BrainTest, etc). Although Cheetah Mobile does not explicitly says so, Hummer is HummingBad, as we can easily confirm with Tacyt because, for example, it uses the same infrastructure and rooting file called right_core.apk, which is sometimes embedded and sometimes downloaded.

A HummingBad/Hummer sample with some of the singular URLs used

Shedun?

Lookout thinks differently. They claim HummingBad, or Hummer, is the same as Shedun, discovered in November 2015. It maintains Shedun is closely related to the BrainTest/GhostPush family, but it only describes the HummingBad malware as “not new” without any further technical details.

So, is this HummingBad/Shedun an evolution from the same cybercriminal group we connected in our previous report, or does it come from a different group? Let’s take a look.

Our analysis

HummingBad, or Hummer, comes from a “legitimate” adware company called Yingmob which, for a while, had its “Hummer Launcher” app on Google Play. Google eventually removed the app in May 2015.

Hummer Launcher signed with the same certificate as some HummingBad samples

As we determined using Tacyt, even the aggressive payloads are signed with the same certificate.

From our previous report in October, we saw some very specific behaviors that associated all the malware families. For example, the use of a few particular domains and the presence of some files inside the APK like “sys_channel.ng”.

One of the particular domains shared by several samples analyzed in October

One of the particular file names shared by several samples analyzed in October

Our analyst team used Tacyt to conclude that there is strong evidence suggesting a relationship between several different reports from different security companies, and confirmed that some of the aggressive apps discovered were on Google Play in early 2015. The evidences suggested that these supposed different families of malware, may be just the same Chinese cybercriminals (because of using the infrastructure, domains, topics, files, etc.) evolving the same idea about serving aggressive ads, rooting the devices, sending commands and installing new packages.

We came to this conclusion because of several similarities that relate the families: domains, dates, permissions, names, certificates, resources, etc. The Chinese group started their activities maybe in late 2014, using the OPDA “brand” and trying to introduce malware on Google Play as well as legitimate apps. Later, they evolved new techniques, from Xinyinhe adware, which seems to be just a variant of Ghost Push, Brain Test to Kemoge, all technically related in some way.

What about HummingBad? 

Checking HummingBad’s singularities we determined that it uses a completely different infrastructure with little in common with our previous findings, even though it follows the same philosophy of rooting the device and silently installing apps. We can find no evidence about certificates, files, or any other hint that helped us to tie both families together as we did before. Of course, we may have not found them. For example, HummingBad uses mainly these domains: guangbom.com, hummerlauncher.com, hmapi.com, cscs100.com… They are not shared with previous Chinese families, except hmapi.com, which seems common place for adware and malware. All apps containing this particular domain on Google Play are eventually removed

hmapi.com shared between several different aggresive adware or malware samples eventually removed

As another example, HummingBad uses right_core.apk as a payload, which is either downloaded or embedded.

Searching for samples using a specific file downloaded or embedded

With HummingBad we can only go back to early 2015 with “legitimate” adware samples. With the BrainTest family we can go back to 2014.

Signing date for all the samples we have labeled by our analysts as HummingBad

Another point of interest is that it appears that Brain Test was not very interested in tracking their ads with UMENG (the popular Chinese platform), while HummingBad seems to use UMENG in many more samples. The keys do not match in any case.

Comparing keys between families

Philosophy matches but the code, infrastructure, and “history” do not

Shedun and HummingBad seem to operate from the roots of “legitimate” Chinese companies (OPDA and Yingmob), and they may be related in other ways, but the owners, resources and developers appear different. So we can conclude a couple of insights:

  • HummingBad is Hummer, but it does not seem to be Shedun/GhostPush/Brain Test itself.
  • This is important, because it would mean cybercriminals are learning from each other. It is not just the same group evolving its own product. That is a scary since they will most likely improve technically to gain market share when they have “competitors”. 

Attribution is always a risky exercise for every researcher (including us), but we believe HummingBad is not an evolution but is instead another new, dangerous rooting malware that was developed alongside previous malwares (just as there are different ransomware or banking Trojan families with the exact same philosophy). And we also think this malware it here to claim its market share and stay for a while.

Eleven Paths Talks: WordPress in Paranoid Mode

Florence Broderick    28 June, 2016
 

 

El próximo Jueves 30 de Junio nuestro compañero Pablo González impartirá una charla en la que se verá una prueba de concepto realizada en Eleven Paths. Pablo está en la parte de ideas rápidas y pruebas de concepto dentro del área de innovación. En algunas ocasiones también denominan ideas locas que son probadas rápidamente. WordPress in Paranoid Mode nació así, una idea en la que trabajaron Chema Alonso y Pablo González. WordPress in Paranoid Mode es un código que permite fortificar al motor de base de datos, a través de un 2FA como Latch, que se encuentra detrás de la aplicación WordPress. De este modo cuando alguien manipule tráfico o queries o exista una vulnerabilidad de SQL Injection no se podrá modificar, borrar o insertar datos, por lo que protegemos la integridad y la disponibilidad de la información.  No debéis perderos esta interesante talk impartida por Pablo. También os recomendamos el listado de charlas que nuestros compañeros CSA han ido impartiendo en Eleven Paths.

La duración de la charla de Pablo será de unos 30 minutos, divididos entre 20 y 25 minutos de exposición y de 5 a 10 minutos de preguntas y respuestas. El horario de la charla serán las 15.30  (hora España). La charla estará disponible al termina ésta en nuestro canal de YouTube. La ponencia se llevará a cabo por Hangout. La sesión se impartirá en castellano.
 
 
Os esperamos este Jueves. Si quieres saber más acerca del tema, no dudes en pasarte por nuestra Community, dónde nuestros compañeros hablan sobre éste y otros temas de interés en el mundo de la Seguridad. Puedes mirar el calendario de talks para ver las que aún quedan por celebrarse. Recuerda, tienes una cita el próximo 30 de Junio en horario de 15.30 (hora España). Para registrarte debes usar el siguiente formulario de ElevenPaths Talks.


Using Smart Chatbots as an IoT interface

Cascajo Sastre María    23 June, 2016

IoT devices are expected to reach 20.8 billion in number by 2020, and most of the data they produce is best accessed while users are mobile.

There are a number of reasons why Smart Chatbots and IoT fit together so naturally:

– Smart Chatbots understand natural language. If you want to create a triggered rule for an IoT smart device to activate an action, such as “turn off the lights when there are no household cell phones in the house”, then all you have to do is request it in everyday language, even with the usual slang, typos, and synonyms. AI Natural Language Processing algorithms will unpack the intent and pass instructions to IoT gateway for processing. And as the AI learns, it becomes increasingly powerful.

– Smart Chatbots offer a de-parameterised interface. You will never need to specify all parameters systematically and in one go. If you forget to specify ‘seconds’ or ‘minutes’ when you set your log updates for your wearable health band or smartshoe, the system will either make an assumption – or just ask you.

– You don’t have to learn how different IoT apps work. Not only can you query IoT networks of devices using everyday language, you don’t have to remember any command structure, interface sequence, or even remember all the info you need to perform the intent. Using a Chatbot means you don’t need to download separate apps either because these are immediately and centrally accessible through existing chat clients.

– Smart Chatbots can refine IoT user requests for subsequent interactions and control. If your connected car sends you an alert that it’s low on oil, you can directly respond with “what type of oil?” or even “I’m in a rush, is it still safe to drive?” This reduces information abstraction problems seen in conventional interface designs. Following Elon Musk’s (recently announced) iWatch plans, why not send your Tesla off for a service at a convenient time by responding with a respective Chatbot message? Other examples might include domestic matters such as smart metering, when a user is alerted about their monthly consumption and needs to ask questions about their individual device consumption or control smart devices. Or one might ask, “I’m working from home on Monday so keep the heating on”. Similarly, in smart retail, questions such as “Can you tell me whether the red trousers I tried on earlier are ethically made, and if so, can you deliver them” would seem a natural use of Smart Chatbots informed by IoT information.

From a developer’s perspective, there are significant advantages to creating Smart Chatbots over conventional smartphone apps for an IoT interface: Smart Chatbots don’t require separate native apps for different mobile platforms and versions. SaaS Chatbots run through any messaging interface with minimum integration.

https://www.youtube.com/watch?v=IWSd14X39TI

This also means:

1. Smart Chatbots don’t require specialist developers for each native mobile smartphone platform.

2. Smart Chatbots don’t require the overhead of app updates nor maintenance of older versions of the app at the back-end, across different OS versions and for each mobile platform.

The potential for IoT is eye-opening, especially when you consider that the same SaaS Chatbot stack will operate on any messaging platform, whether mobile, in-app, or via web chat. The real power however, lies in the sheer versatility of Smart Chatbots and in the pleasant and natural experience enjoyed by the end-user.

At action.ai we’ve been exploring the use of Smart Chatbots. This is a more recent technology trend that resonates extremely powerfully in the current IoT field (not to be confused with rules-based Chatbots, which are a distinct step backwards). With Facebook Messenger now reaching 900 Million Active Users per Month, and 2 Billion users on messenger platforms worldwide, we believe Smart Chatbots provide an effective and highly innovative IoT interface solution.

Leave a Comment on Using Smart Chatbots as an IoT interface
Cascajo Sastre María
Cascajo Sastre María

Born in Valladolid but always lived in Irún. I have a degree in Journalism and two Masters: one in Journalism in Television and another in Marketing and Digital Advertising. I have touched different branches before taking root in Telefónica, where I work since 2015. Currently workig in the Mkt & Comms department of Telefónica IoT. My little pleasures of life: play music at full volume on the car and chocolate. My motto: "Maybe not every day is good, but there is always something good every day".

Internet of People. A primer on people tracking IoT technology

Cascajo Sastre María    15 June, 2016

Billions of connected things. We hear it all the time. But what does this actually mean? What are those things? Are they only devices? No they are not. We can also manage human assets through technology.

Privacy issues always arise when the location of a person is being used. Tracking people cannot be mixed with snooping into people’s private lives. There are many use cases where tracking the whereabouts of a person brings ease of mind, or solves a shortcoming where no satisfactory solutions previously existed. Here are some of the clearest use cases for people tracking:

  • Workers that operate in hazardous environments: miners, oil & gas workers, firefighters, mountain & forest patrol rangers, alpine rescue teams, etc.
  • Being aware of location of our children: during routes to school, during school hours, on their way home, etc.
  • Patients with limited mobility, babies, elder population, and patients with special needs: offers the ability to monitor and assist patients both within medical premises or offer telecare at the patient’s home
  • Mobile Personal Emergency Response Systems (mPERS): to issue immediate alerts to law enforcement agents if a situation of personal danger arises
  • Medical premises: location of doctors and nurses within hospitals
  • Penitentiary facilities: inmate control, law enforcement agents, etc.
  • Dangerous sports assistance: endurance events, skiers, surf, hiking, rallies, etc.
  • Mobile workforce: delivery workers, salespeople, construction workers, security services, etc.

Besides these uses we already explored others in two previous posts where, we covered indoor location and smart retail trends that guide users within large premises (airports, stadiums, trade show, etc.) and enhances their shopping experience.

Any massive event opens the possibility for new uses thanks to personal tracking: music festivals or sports events (like races and marathons) for instance.

What technology do we use to track a person’s location?

There is no simple answer to this question or at least there is not one single answer to this question. Current technology allows to pinpoint location with a 1m accuracy. There are passive elements and active ones. The Spanish technological firm tracktio specializes in this field and acknowledges RTLS (Real Time Location Systems) as a mix of different radio frequency technologies: from beacons, or RFID/BLE sensors embedded in wearables, to general purpose technologies such as WiFi or Bluetooth LE in the elements we already have with us on a daily basis such as smartphones or smartwatches.

The low cost of sensors, their reduced size, and the possibility of turning them into wearables (stitching them into garments, embedding them in wristbands or other personal items, attaching them, etc.) makes it seamless to connect people in just a few seconds to a RTLS.

Leave a Comment on Internet of People. A primer on people tracking IoT technology
Cascajo Sastre María
Cascajo Sastre María

Born in Valladolid but always lived in Irún. I have a degree in Journalism and two Masters: one in Journalism in Television and another in Marketing and Digital Advertising. I have touched different branches before taking root in Telefónica, where I work since 2015. Currently workig in the Mkt & Comms department of Telefónica IoT. My little pleasures of life: play music at full volume on the car and chocolate. My motto: "Maybe not every day is good, but there is always something good every day".

ElevenPaths and Fortinet form an alliance to offer managed security services

Florence Broderick    15 June, 2016

Agreement Extends 15 Year Relationship to Deliver Seamless and Adaptive Security from IoT to Cloud Networks

SUNNYVALE, Calif., June 15, 2016. – Telefonica (NYSE: VIV), one of the world’s leading providers of communications services and solutions, and Fortinet® (NASDAQ: FTNT), a global leader in high-performance cyber security solutions, today announced a strategic alliance agreement that will add Fortinet’s Security Fabric architecture into Telefonica’s portfolio of managed security services.

  • The agreement underscores Fortinet as a strategic security infrastructure partner to deliver solutions integrated with some of Telefonica’s key managed security services, which include, the CleanPipes service, ElevenPath’s Faast persistent pentesting and virtual patching solution, and ElevenPath’s Metashield Protector service.
  • Fortinet is the security infrastructure provider used for all Telefonica’s CleanPipes deployments worldwide today and will continue to be a part of the evolution of the service architecture.
  • Telefonica customers will benefit from the combination of Telefonica’s strategic security services and Fortinet’s Security Fabric, which delivers pervasive and adaptive cybersecurity from IoT to the cloud.

Security Without Compromise Designed to Provide Peace of Mind for Customers
Increasing awareness of the cybersecurity risks facing businesses, a security talent challenge, and growing compliance enforcement are prompting businesses of all sizes to migrate risk out of their IT departments and into the hands of professionals.

While technology trends like IoT and cloud computing are blurring the edges of the network today, Fortinet’s Security Fabric, combined with ElevenPaths’ products and security services from Telefonica enables customers to benefit from a scalable, broad threat protection solution without compromising agility or performance. Telefonica customers can leverage highly advanced hardware and software, enabling direct communication between security solutions for a unified and rapid response to threats. In addition, the Fortinet Security Fabric, powered by the FortiASIC content processor and FortiOS security operating system enables customers to implement internal segmentation and other innovative security strategies to deliver comprehensive threat protection across the expanding attack surface.

Telefonica’s comprehensive security approach leverages the services and technology that have gained them recognition as a security solutions thought leader. In-house innovations are combined with strategic partnerships to deliver a complete managed information security offering. This allows customers to achieve business-critical security objectives while keeping operating costs predictable and helping busy IT teams stay ahead of security issues.

Supporting Quotes:
Patrice Perche, senior executive vice president, Worldwide Sales and Support, Fortinet
“We have worked together with Telefonica for nearly 15 years. This successful partnership is the result of our shared goal – to provide the security technologies customers need to protect and grow their businesses. As Telefonica expands their coverage areas, network service offerings, and customer base, they need a security partner to help them still maintain high performance at scale without business disruption. Their extensive experience in security and communication networks, expert workforce and development of intelligence-driven managed security services means their customers are in safe hands.”

Pedro Pablo Pérez, ElevenPaths’ CEO and Telefonica Global Security Managing Director
“Our customers face a shortage in security talent today as well as stringent regulations and compliance requirements. This is compounded by an ever-changing cyber threat landscape. In order to succeed, they are turning to partners to help them implement the processes and technology required. A critical differentiation that Telefonica and Fortinet provide to customers is adaptive and intelligent security technology. Fortinet’s Security Fabric combined with Telefonica’s ElevenPaths products provides a cohesive, intelligent security offering that sees and protects distributed environments, which means they can build and enforce seamless and consistent security policy on local and cloud networks, or across advanced architectures.”

» Download Press Release

More information at
www.elevenpaths.com

The Internet of Water

Cascajo Sastre María    9 June, 2016

Internet of Things is growing at a faster pace than ever before. Its size is expected to quadruple over the next four years. The place where most of this growth is taking place is within Smart Cities.

We have already covered in detail three core services that improve the wellbeing of citizens in Smart Cities. After talking about Smart ParkingSmart Lighting and Smart Waste Management, we will cover the last of the four key areas Smart Cities are addressing through the use of IoT solutions: Smart Water.

Industrialization and infrastructure improvements in Western Countries, made water so accessible it turned into a cheap commodity. The sharp demographic pressure increased water dependence making prices soar, at an astonishing speed surpassing the cost increase of other resources. This situation has turned the water bill into one of the biggest bills for city halls. Any successful effort to cut water expenses will have a huge impact on the city’s economy.

The other factor that weighs in is the growing global water stress. With nearly 70% of the world’s population living in cities, half of the population is expected to live in water-stressed areas by 2025. The IoT allows for a precise control over water resources data, thus allowing an efficient and optimized management.

Irrigation water for public parks is one of the biggest demands in modern cities. Telefónica estimates that a proper water management strategy can save cities as much as 20% of the cost. These saving alone, ease the investment required to install sensors and modify water management and supply systems.

There are many applications of Smart Water management in Smart Cities:

  • Water leakage detection throughout the city waterworks (the improvement that adds most value)
  • Watering management through sensors and programming devices
  • Potable water monitoring
  • Quality control of pools and water reserves (from city fountains to swimming pools)
  • River Flooding / Sea Level control where applicable

As we explained in the Whitepaper on the digital transformation of cities [IN SPANISH], local authorities must establish clear criteria on how to save water and energy. This will ensure that city gardening is sustainable, thanks to smart irrigation systems, networks of sensors and weather stations. Centralizing this management achieves various improvements:

  • Acquire real time knowledge on consumption of water for gardening purposes and adapt to changing weather conditions (e.g. not water if it rains)
  • Adapt watering to that state and type of the vegetation
  • Minimize response time in the case of leakages or other waterworks events
  • Facilitate the use of low energy, low consumption equipment

Leave a Comment on The Internet of Water
Cascajo Sastre María
Cascajo Sastre María

Born in Valladolid but always lived in Irún. I have a degree in Journalism and two Masters: one in Journalism in Television and another in Marketing and Digital Advertising. I have touched different branches before taking root in Telefónica, where I work since 2015. Currently workig in the Mkt & Comms department of Telefónica IoT. My little pleasures of life: play music at full volume on the car and chocolate. My motto: "Maybe not every day is good, but there is always something good every day".

Cybersecurity Shot_Myspace Information Leakage

Florence Broderick    8 June, 2016

Here comes Cybersecurity Shot, a research report on current cases related to databases leaked online that includes leakage prevention recommendations.

Every week in May and June we will be publishing the real cases. You can’t miss it!

Here comes a brief summary of this week’s case:

Myspace Case
Investigation report “Myspace information leakage”

On May 26, 2016 a sale of 360 million user accounts, leaked from Myspace in late 2008 and early 2009, was announced. The data went to a market, accessible through the Tor network with the initial price of 6 BTC at the time of the sale (about 3000 USD). The database contains email addresses, user names and hashed passwords.

Learn from our intelligence analysts when the intrusion took place and whether your credentials could be among those affected.

» Download the Myspace data leakage case

Don’t lose out our next report:
» AEDyR Case

More information at:
Elevenpaths.com

Data Loss Detection: El caso de Panamá Paper y cómo proteger tus propios “papeles”

Florence Broderick    7 June, 2016
En todas las organizaciones manejamos documentos que si llegaran a estar disponibles públicamente dañarían a nuestro negocio: datos de carácter personal, listas de clientes o proveedores, información de nuevos productos, información financiera, planes de inversión o desinversión, propiedad intelectual etc.

En el caso de los Papeles de Panamá, la mayor fuga de información en la historia que afectó a una empresa de servicios jurídicos y empresariales en Panamá llamada Mossack Fonseca, vimos un ejemplo claro del impacto que puede tener una fuga. Se trata de una base de datos de tamaño de 2,6TB con 11,5 millones de documentos donde después de su análisis se vio que aparecían 140 políticos de más de 50 países y compañías offshore en 21 paraísos fiscales. Entre los afectados hubo jefes de estado, ministros y sus socios. El sector financiero representa un 7% del PIB de Panamá así que el daño en la confianza puede incluso afectar el propio país.

A día de hoy no se conoce ni quien provocó la fuga ni el método utilizado para obtener el acceso y realizar la filtración. La información fue entregada al periódico alemán Süddeutsche Zeitung utilizando mecanismos de comunicación encriptados para garantizar el anonimato de las personas detrás de la misma. Mossack Fonsceca declaró que hubo un ataque tipo spear phishing (añadir referencia a definición) a través de su servidor de email sin especificar más.

No obstante, algunos expertos en seguridad han manifestado algunas dudas sobre si quizá hubo combinación de otros métodos o incluso la complicidad de un insider dada la complejidad de realizar una filtración de tal tamaño de información de forma remota y sin ser detectado por los sistemas de seguridad de la empresa.

No obstante, el caso de Panamá no es un caso único. Es solo la punta de un Iceberg de fugas de información que generalmente no ven la luz del día. Muchas no llegan nunca a ser publicadas o, peor aún, ni conocidas por sus víctimas. Según nuestros analistas en el primer cuatrimestre del 2016 hubo al menos 330millones de registros filtrados.

Esta información se encuentra escondida en otro Iceberg. El de la web visible y la web oculta. Al contrario que los Papeles de Panamá, la información filtrada en la mayoría de los casos no ve la luz del día en la web pública sino se queda en sistemas de terceros no accesibles por cualquiera, en foros privados de hackers, o mercados negros en redes anónimas como es la red Tor.

Los últimos años hemos aprendido todos que la Ciberseguridad no puede basarse solamente en defensas. Cualquier organización tiene que asumir que será vulnerada y por tanto deber ser resiliente: poder detectar rápido cualquier problema y poder responder con agilidad y efectividad para minimizar el impacto.

Lo mismo aplica en el caso de las fugas. Los sistemas de prevención de fugas de información (DLP o Data Loss Prevention) ayudan en reducir este riesgo, pero no lo eliminan. Nace por tanto un concepto diferente, el de Detección de Fugas de Información (DLD o Data Leak Detection). El DLD consiste en tener la capacidad de acceder a todos estos lugares públicos y ocultos para recuperar información filtrada de nuestra empresa, información que igual ni sabemos que fue robada y retirarla antes que se convierta en un problema.

DLD requiere una combinación de tecnología y de expertos para poder llegar a los sitios underground y procesar altos volúmenes de información con el fin de encontrar información sensible para una organización.

Dentro de nuestro servicio de CyberThreats estamos continuamente haciendo este trabajo, para poder avisar a nuestro clientes los antes posibles de documentos sensibles que están a disposición de terceros: credenciales robadas, tarjetas de crédito, facturas, planes de marketing , diseños de producto y cualquier otro “papel” que importa al negocio de nuestros clientes.

Para más información sobre cómo evitar su propio caso de Papeles de Panamá consulte url del servicio.

*También te puede interesar:
Nuevo informe sobre “las grandes fugas de información del primer cuatrimestre de 2016″
Nuevo informe: Ciberamenazas financieras Q4 2015

Más información en
elevenpaths.com

Cybersecurity Shot_LinkedIn information leakage

Florence Broderick    31 May, 2016

Here comes Cybersecurity Shot, a research report on current cases related to databases leaked online that includes leakage prevention recommendations.

Every week in May and June we will be publishing the real cases. You can’t miss it!

Here comes a brief summary of this week’s case:

Case LinkedIn
Investigation research “LinkedIn information leakage”

On May 17th a database with more than 167 million of alleged leaked LinkedIn credentials, recognized by the company in its personal email to the users on May 25th, was published.

Learn from our intelligence analysts about the suspect, the deep web market where the leaked data went on sale, and how cybercriminals exploit such situations to resell passwords in smaller bulks.

» Download the LinkedIn data leakage case

Don’t miss the next information leakeage:
» Case AEDyR

More information at
Elevenpaths.com