What is the path for a company after a security audit? It is increasingly common for companies of all sizes to decide to carry out such analyses, but what steps should be taken afterwards?
In this new chapter of our podcast, we take a look at these and many other questions that arise in companies involving ethical hacking and pentesting with our CSA Deepak Daswani.
Discover more episodes of ElevenPaths Radio English:
As Christmas approaches this year, we have all been gifted the great news that the Pfizer/BioNTech vaccine has shown to be both safe and effective in creating an immune response to COVID-19. Recently it has been approved for use both in the United States and the United Kingdom, with selected high risk British citizens becoming the first in the world to access the vaccine during early December.
In this post we briefly explain how Artificial Intelligence (AI) and Machine Learning technologies continue to play an increasingly important role in the development of vaccines.
Vaccines create an immune response by exposing the patient to inactive, harmless virus particles known as proteins. Once the human body has been exposed to a virus, in an inactive form, it will develop antibodies. It is these antibodies which protect cells from becoming infected and, ultimately, prevent the patient from getting sick. Once these antibodies have been triggered once, the same immune response will be triggered every time the patient is exposed to the virus, allowing the patient to become immune.
When described in brief, the process of formulating a vaccine seems straight forward; simply identify the virus, extract inactive proteins that generate the immune response and you have a vaccine! Unfortunately, the reality is far more complicated. For an immune response to be activated, specific parts of the virus have to be exposed to antibodies. The challenge therefore is being able to identify these specific parts and understand their properties. Once these properties have been identified, scientists can extract the correct viral proteins that will trigger the best immune response.
AI is becoming an increasingly useful tool in this process. As the COVID-19 pandemic started to grip the world back in January 2020, researches from the University of Stanford started to use Machine Learning solutions to identify proteins to include in a potential vaccine. Firstly, proteins of the SARS-CoV-2 virus were profiled, this is the virus which triggers COVID-19. Once the protein data had been collected, it was compared with data collected by researchers over many years on typical viral properties which trigger the antibodies to recognise common properties.
Once this data has been collected on a large scale, scientists are able to predict which viral proteins will trigger an immune response. This process would have taken far longer without the use of this technology and many of the insights gathered could not have been spotted by the human eye. This technology allowed researchers to pass accurate insights and predictions to vaccine developers dynamically and quickly, allowing pharmaceutical companies to expedite the development of their vaccines without compromising on quality and safety.
This technology is currently limited by the lack of data to refer to. As AI & Machine Learning tools are increasingly used in vaccine development, more data will be collected, and scientists will have a deeper understanding of the viral protein properties which generate the best immune response.
Vaccine development is an extremely complex and intricate process. Although the technology is still in its early days, Machine Learning tools have already contributed to the successful development of vaccines. As we continue to use Machine Learning in vaccine development, the availability and quality of the data on which it relies will improve. As the data becomes increasingly insightful, Machine Learning tools will become increasingly useful in vaccine development.
To keep up to date with LUCA visit our website, subscribe to LUCA Data Speaks or follow us on Twitter, LinkedIn or YouTube .
On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of the fixed vulnerabilities are critical, 48 are of significant severity and two are of moderate risk. Among the total number of patches published, 22 updates stand out which refer to remote code execution (RCE) failures, affecting products such as Exchange Server or SharePoint, among others. Among the CERs, the one affecting Hyper-V (CVE-2020-17095) is noteworthy, as it is exploitable through a malicious SMB package and could compromise the security of virtual machines created with the application.
More information: https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec
The National Security Agency (NSA) has issued a cyber security advisory detailing how Russian threat agents may have exploited a command injection vulnerability in VMware products (CVE-2020-4006), thereby gaining access to protected data and affecting systems. Exploiting this vulnerability requires the attacker to have access to the device’s management interface, which would allow him to forge credentials by sending apparently authentic requests with SAML (Security Assetion Markup Language) and thus gain access to protected data. Vulnerable products include VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. The NSA recommends that NSS, DoD and DIB system administrators apply the patch issued by the supplier as soon as possible. If an immediate patch is not possible, system administrators should apply the following mitigations: detection of indicators in the activity logs, deactivation of the configuration service, correct configuration of authentication measures on servers and services, as well as configuration of unique and strong passwords.
More details: https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195976_20.PDF
EMA, the European regulatory body in charge of approving vaccines against COVID-19, has announced that it has fallen victim to a cyber-attack and has begun an investigation to clarify the violation of its systems. In this sense, the companies BioNTech and Pfizer have confirmed the detection of unauthorized access to confidential documentation related to the vaccine they have developed. The pharmaceutical company Sinopharm International Corporation, whose vaccine for COVID-19 is currently in phase three of the clinical analyses, has also been impersonated for the distribution of a new version of the Zebrocy malware, written in Go. This malware has been linked primarily to government institutions and commercial organizations involved in foreign affairs. In recent months, we have been seeing pharmaceutical companies developing vaccines against COVID-19 being compromised by state-backed up threat agents (Fancy Bear APT28, Lazarus Group or Cerium, among others). Most of these attacks begin with phishing campaigns with malicious files attached, aimed at collecting credentials and then compromising the systems of these companies.
All the information: https://www.ema.europa.eu/en/news/cyberattack-european-medicines-agency
On December 8, the operators of Conti ransomware made public on its blog in the Dark Web the compromise of the financial sector company Total System Services (TSYS), publishing 15% of the information stolen. The company has confirmed that they stopped the attack as soon as they became aware of it, determining that no interruptions in the payment service would have been generated and that cards data would not have been extracted. Fabian Wosar, CEO of the IT security company Emsisoft, says that Conti operators only post the information on their blog when, having urged the victim to make the payment, the victim refuses. It is estimated that the group of cybercriminals behind the Conti compromise could be the same ones that operate Ryuk, who were linked by the cybersecurity company CrowdStrike to the WIZARD SPIDER group from Russia.
More information: https://krebsonsecurity.com/2020/12/payment-processing-giant-tsys-ransomware-incident-immaterial-to-company/
Quantum cryptography does not exist. What everyone understands when the term “quantum cryptography” is mentioned is actually the quantum key distribution (QKD). And this is precisely what I want to talk to you about today: what it is and why some of the world’s largest intelligence agencies have pointed out that it is far from solving our confidentiality problems.
Quantum key distribution aims to solve all the problems of Vernam’s encryption: create random keys as long as the message to be encrypted without any attacker being able to intercept them. Let’s see how.
You will remember from the physics lessons at school that light is an electromagnetic radiation composed of a jet of photons. These photons travel vibrating with a certain intensity, wavelength and one or many directions of polarization. If you are a photography enthusiast, you will have heard of polarising filters. Their function is to eliminate all but one of the directions of oscillation of light, as explained in the following figure:
Now you enter the physics laboratory and send out one by one photons which may be polarised in one of four different directions: vertically (|), horizontally (–), diagonally to the left (\) or diagonally to the right (/). These four polarisations form two orthogonal bases: on the one hand, | and –, which we will call the base (+); and, on the other, / and \, which we will call (×).
Your photon receiver uses a filter, for example, vertical (|). It is clear that vertically polarised photons will pass as they are, while horizontally polarised photons, and therefore perpendicular to the filter, will not pass.
Surprisingly, half of the diagonally polarised ones will pass through the filter vertically and will be reoriented vertically! Therefore, if a photon is sent and passes through the filter, it cannot be known whether it was vertically or diagonally polarised. Similarly, if it does not pass, it cannot be confirmed to be horizontally or diagonally polarised. In both cases, a diagonally polarised photon may or may not pass with equal probability.
We already have the strands to build a quantum key distribution system, but without computers or quantum algorithms. Remember: quantum cryptography does not exist
Suppose Alice and Bob want to agree on a random encryption key as long as the message, n bits long. First, they need to agree on a convention to represent the ones and zeros of the key using the polarisation directions of the photons, for example:
| State/Base | + | x |
| 0 | _ | \ |
| 1 | | | / |
In 1984 Charles Bennet and Gilles Brassard designed the following method to get the totally random n bits key to the recipient without the need for other distribution channels:
And how can an intruder be detected? Alice and Bob randomly select half the bits of the key obtained and publicly compare them. If they match, then they know that there has been no mistake. They discard those bits and assume that the rest of the bits obtained are valid, which means that a final key of n/4 bits length has been agreed. If a considerable part does not match, then either there were too many random transmission errors, or an attacker intercepted the photons and measured them on his own. In either case, the whole sequence is discarded, and it must be started again. As it has been observed, if the message is n bits long, it will have to be generated and sent on average 4n interlaced photons.
And couldn’t an attacker measure a photon and send it back without it being noticed? Impossible! According to the non-cloning theorem, an identical copy of an arbitrary unknown quantum state cannot be created. If the attacker measures the state of a photon, it will no longer be a quantum object, but a classical object of a defined state. If he sends it back once it has been measured, the receiver will correctly measure the value of that state only 50% of the times. Thanks to the key matching mechanism above described, the presence of an attacker on the channel can be detected. In the quantum world, you cannot observe without leaving a trace.
You have already seen in a very, very simplified way how (inappropriately named) quantum cryptography works. Unfortunately, it is often advertised as the panacea of cryptography: “the secure encryption that the laws of physics make unbreakable” or “the encryption that hackers could never break”.
Yes, yes, with the equations in hand, everything looks very nice and easy. The problem is that these equations must jump from the board to the Real World™. And here, ladies and gentlemen, is where the problems begin. Recently, some of the largest intelligence agencies in the world have expressed their doubts about QKD and discouraged its use. Let’s see why.
In the US, for example, the NSA identified the following practical drawbacks:
And if you think the NSA has gone bonkers, read what they think in the UK:
For most of the Real World™ communications systems, post-quantum cryptography (PQC) will provide an antidote to quantum computing that is more effective and efficient than QKD. While it is still early for most organisations to start deploying PQC, there is one thing everyone should do: facilitate the transition of their cryptographic infrastructure to one that is agile, i.e. one that allows algorithms, key lengths, etc. to be changed in a relatively easy way. When the algorithm and lengths are wired into the code, the cost and complexity of change in the event of an incident can be overwhelming.
In short, if you want to invest in cryptography, forget about quantum and start being crypto-agile. Whether computers arrive or not, if you are crypto-agile you will be prepared for classic problems, quantum problems and whichever is thrown at you.
Putting together Quantum Technology, Blockchain and the Internet of Things in one title seems like a formula for generating clicks. However, this is what we have done at Telefónica: demonstrate the viability and value of interconnecting the three technologies. To do this, we participated in the Q-Secure Net project funded by EIT Digital. Its overall objective is to provide quantum communications with QKD (Quantum Key Distribution). As a demonstrator of the solution, we integrated a QKD use case in TrustOS, our Blockchain managed service. We use QKD to secure the traffic between an IoT device and TrustOS by registerig telemetry in Blockchain.
But before we get our hands dirty, let’s go over the challenges we faced. Let’s start reviewing the concept of QKD.
Basically, QKD uses quantum properties to exchange secret cryptographic keys between two points. We can make the same sequence of random numbers appear simultaneously in two separate places. Processing that sequence results in a completely random key. Then those keys are used to encrypt the messages that communicate through an insecure channel. We therefore make that channel inviolable. Security is based on a fundamental characteristic of quantum mechanics: it is impossible to observe a quantum system without disturbing it. Therefore, both ends of the communication are guaranteed that no one has disturbed the information they receive. If someone did, they would leave a trace and the recipients would dismiss the “contaminated” information until they reconstructed the information with “clean” information.
In this way, QKD allows two users to exchange a secure key even in the presence of an observer. The exchange takes place through an optical channel that connects both points. Precisely the fiber optic coverage is one of the assets of the Telefonica network.
To build a secure and reliable IoT solution, we must start by ensuring the integrity and identity of the device. That is, on one hand, we must verify that nobody has manipulated the HW or SW (integrity). On the other hand, I must be sure of the device I am communicating with (identity) and authenticate it without any doubt.
Another feature to take into account is the confidentiality of communications. That is, no malicious observer who receives or accesses the communications should decipher their content.
For each of these problems there are more or less sophisticated solutions in the industry. Most of them involve combinations of secure HW elements and cryptographic techniques. However, most devices present restrictions in terms of processing capacity or cost. These restrictions make some of the solutions technically or economically unfeasible. Especially if they involve computationally expensive cryptographic operations, such as encryption or temporary key generation, which require a lot of time.
But even with powerful enough devices, there is the problem of creating, distributing and managing the secret keys on the device. Manufacturers must ensure that no one unauthorized can access the keys throughout the manufacturing and distribution chain. It is important to keep in mind that different and unique keys need to be provisioned in a particular device. Once stored on the device, they cannot be accessed either.
The most common scenario involves installing certificates on the device and having a public key infrastructure. Integrity in the devices is guaranteed by secure boot sectors verifying the validity of the SW signature. The device uses its certificate to sign communications and prove its identity. The confidentiality and integrity of communication is usually guaranteed end-to-end using TLS-type network protocols. These protocols depend in part on combining multiple symmetric and asymmetric key algorithms.
Therefore, it seems reasonable to use symmetric keys to ensure information security at the application level. It would be simpler and more efficient than managing public key infrastructure. However, managing symmetric keys is more problematic, as they must be distributed and stored at both ends. Using QKD to obtain these symmetric keys improves their integrity by eliminating the need to distribute them previously.
We really think that these two technologies are fed back when we use them together in a business process. Data registered in blockchain is immutable. The closer to the source that generates the data, the more reliable the information will be. So, IoT devices recording the information from the sensors they manage directly in blockchain seems to be a good match. But for this data to be actually reliable we must guarantee that it was not altered before it was recorded in the
blockchain. That is, like any other server with which the device connects, we need a secure communications channel.
The classic way to do this is with TLS protocols, which means that the device must have a certificate installed. Instead, we can use an insecure channel and encrypt the information with a sufficiently secure symmetric key. But in either case, the challenges associated with managing secret keys are already there.
Fundamentally, QKD allows to eliminate the risk of exposure of private keys in the manufacturing process. There is also no need to report the keys to the other end with which we are going to communicate. In this case the blockchain nodes. The symmetric key generated by QKD is completely random. In addition, it is generated simultaneously at both ends of the communication. The fundamentals of quantum mechanics and the distribution through the optical channel guarantee a “spy” resistant communication (evedroper). In addition, the key is the same size as the message and is used only once to encrypt that message. This encryption technique is known as one-time-pad (OTP). If the key is completely random (as with QKD), it has been mathematically proven that OTP encryption is unbreakable. Therefore, the symmetric key obtained from QKD is more secure, since:
Today, quantum devices in general are expensive and inaccessible for mass use cases. However, QKD technology is evolving at a fast and steady pace. For example, CV-QKD (Continuously Variable Digital Quantum) makes use of commercial optical communication technologies and components. It also allows quantum channels to coexist with classics on the same optical fiber. In 2018, we already announced a pilot experience using CV-QKD and SDN (Software Defined Networking) in commercial optical networks. Beyond the pilot, today it is being integrated at a pan-European level through the openQKD project. As the technology advances, the prices of the devices will decrease and they will be miniaturized more and more. In fact, in projects such as CIVIQ, work is being done to embed them as accessories connected to the ports of generic equipment.
Meanwhile, work continues extending the distances that devices connected with an optical fiber can be separated. Not only directly, but also by adding relays or trusted nodes (a Chinese network reaches 2000 km via satellite QKD). This type of experience will allow us to apply the technology in increasingly complex network topologies. For example, we also use QKD to guarantee consensus in a blockchain network instead of using costly and inefficient protocols such as Proof Of Work. All of them are real cases where quantum technology solves problems more efficiently than other technologies.
In the Q-Secure Net demonstrator, both an IoT device and TrustOS are connected to a QKD device. When the device wants to start a communication, it contacts TrustOS through a classic channel. Both simultaneously retrieve the symmetric key generated by the QKD devices. They then use it to encrypt the telemetry information of the connected sensors they send through the channel.
TrustOS receives the encrypted information which it decrypts with the same key. If the decrypted message is correct, it allows TrustOS to verify the identity of the device. As part of the information sent, the device also includes some kind of verification code. This code is an attribute chosen by the device to verify its integrity. For example, a boot sector digest or a firmware signature. In successive messages, TrustOS stores this code in Blockchain, making it immutable. If it does not change between calls we can assume that the device is reliable. Finally, TrustOS initiates a transaction to record the information sent in blockchain.
As we said above, in most cases, IOT devices are very simple. So, simplifying the key management makes sense but not so much to include complex and large equipment as QKD equipment. Even when they could be connected to a PC port.
However, many IoT solution architectures include hubs or equipment with a similar function. These are common in factories, warehouses or hospitals deployed at the edge of the network with Edge Computing architectures. They work as aggregators of the connectivity of the simplest devices and also run some logic. As part of that logic, this concentrator aggregates the connections with the IoT platform or third party servers. These devices can execute advanced algorithms (think big data, AI, etc.) that the device would be unable to execute. Thanks to them it is possible to process information in real time and send orders to the device to act accordingly.
It is not unreasonable to think about adding a QKD device to these hubs. Its mission would be to manage the keys for all the devices connected to it. In this way, we would make the use of QKD in this type of solution viable.
We should not be obsessed with achieving completely secure communication channels. Nor are we going to use QKD at all costs. What we are demonstrating is that QKD is already a viable alternative to guarantee the security and integrity of communications. In cases like Blockchain, where we already use technology to add guarantees to a process, the fit is natural. Any technology that adds additional confidence in the end-to-end solution provides value. And QKD, in this case, does.
Reality tells us that this type of architecture fits perfectly in critical infrastructures. We think of hospitals, power or communication plants, military equipment, etc. These infrastructures require optimum security to protect the integrity, confidentiality and authenticity of the information. This data is already being collected with IoT devices. Nowadays they allow to make operations more efficient or to increase the control of processes. In these cases, the extra reliability of QKD is a plus to be taken into account. And that plus we can already enjoy with the technology available today.
Carlos Alcaide Pastrana, Fernando de la Iglesia Medina, Antonio Pastor Perales and José Luis Núñez Díaz have contributed to this post.
To keep up to date with Telefónica’s Internet of Things area, visit our web site or follow us on Twitter, LinkedIn and YouTube
TrickBot botnet operators have added a new capability that allows them to interact with the BIOS or UEFI firmware of an infected computer. This new TrickBot module would increase the persistence of malware and make TrickBot survive even reinstallations of operating systems. Other applications of this new module would be to remotely block a device at the firmware level, avoid security controls such as BitLocker, configure tracking attacks by exploiting Intel CSME vulnerabilities or reverse updates that patch CPU vulnerabilities, among others. So far, the TrickBot module would only be checking the SPI driver to verify whether the BIOS write protection is enabled or not and has not been seen to be modifying the firmware itself. However, the malware already contains code to read, write and delete firmware, suggesting that its creators plan to use it in certain future scenarios.
More details: https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/
Operators of Conti ransomware claim to have compromised Advantech, one of the world’s largest manufacturers of chips for industrial environments (IIoT) and would be demanding a $14 million ransom to decrypt the affected systems and stop the leakage of stolen internal data. On November 26th, the group began publishing part of this internal data on its Deep Web site, with a 3.03GB file that corresponds to the 2% of the data they claim to possess. The Conti operators also claim that they have backdoors implemented in the company’s network that they will eliminate once the ransom is paid. Advantech has made no public statement about this attack so far.
All the info: https://www.bleepingcomputer.com/news/security/iiot-chip-maker-advantech-hit-by-ransomware-125-million-ransom/
A threat agent has put passwords to access email accounts of senior executives on sale at a well-known underground forum. The credentials give access to Office 365 and Microsoft and their prices range from $100 to $1,500, depending on the size of the company and the user’s charge. Among the accounts marketed are those of CEOs, CFOs, presidents, vice presidents and other similarly qualified managers. A cyber security researcher, who prefers to remain anonymous, has confirmed the validity of the data offered for sale by acquiring several credentials belonging to the CFO of a European retail company and the CEO of a US software company. The origin of the credentials is not known with certainty, but it is possible that they could come from data recovered from AZorult infections, as the same threat agent had previously expressed an interest in accessing this type of information.
ESET security researchers have discovered a new malware with infostealer and backdoor capabilities linked to the Russian-speaking cyber espionage group APT Turla. The malware is actually a set of tools called “Crutch” that can elude security measures by abusing legitimate platforms, including the Dropbox file sharing service, to hide behind normal network traffic. This malware, used from 2015 to early 2020, was reportedly designed to exfiltrate confidential documents and other files to different Dropbox accounts controlled by Turla operators. Moreover, Crutch seems to be deployed not as a backdoor entry but after the attackers have already compromised the network of their victims. Researchers claim to have found this malware on the network of a Foreign Ministry in an EU country, suggesting that Crutch is being used for very specific purposes.
All the info: https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
Zyxel’s security teams have confirmed the finding of a critical vulnerability affecting their firewall and VPN access point solutions that would allow threat agents to run remote code on the victim’s system. Identified as CVE-2020-25014, this is a buffer overflow flaw that can lead to memory corruption problems by sending a specially designed Http packet. The vulnerability has been assigned a criticality of 8.5/10 based on CVSSv3. Experts consider it to be highly exploitable, although further details are unknown. All Zyxel products affected by the bug are compatible with Facebook’s WiFi feature. The bugs have been fixed in the V4.39 versions of the ZLD firmware and in the V6.10 and later versions of the Unified and Standalone series.
More: https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml
As we approach Christmas 2020, the success of various COVID-19 vaccines across the world is beginning to fill us all with a new-found sense of optimism, that, in the near future, we may return to the skies on our way to somewhere warm and tropical.
In this spirit of optimism, in today’s post we explore how artificial intelligence (AI) is continuing to change the way in which airlines operate around the world. From aircraft maintenance to helping optimise airline revenue, AI is becoming an increasingly important ‘secret weapon’ for airline success in an extremely competitive and notoriously unprofitable industry.
During 2019, in a pre-pandemic world, the airline industry generated a whopping $2.7$ trillion (USD) in revennue, this equates to 3.6% of the worlds GDP (gross domestic product). The negative economic impact of COVID-19 on the industry has been severe, grounding fleets around the world.
This new economic pressure placed on airlines will undoubtedly become a driving force of change within the industry. Airlines will look to restructure, cut costs and become more efficient in order to regain profitability and satisfy shareholders as soon as possible. This pressure will undoubtedly expedite processes of technological innovation within the industry as more airlines adopt AI and IoT technologies to become more efficient .
Understanding demand patterns in different markets is one the main challenges confronting airlines. Successful airlines plan new routes around a profound understanding of market potential, how many people actually want to fly the route, the popularity of different travel classes and the likely seasonal demand fluctuations.
In achieving this, AI offers important insights. Aviation Rank , a Predict-Hq solution, uses algorithms to link flight data with historical demand patterns and frequent customer searches to offer airlines a concrete insight into new, potentially lucrative market opportunities.
Aside from the obvious positive social consequence of reducing aircraft fuel consumption, fuel is also an extremely expensive commodity for airlines. in 2019, fuel accounted for 29% of Airline operation costs.
Sky Breath an AI driven solution by Open Skies, aims to reduce airline emissions by 5% without any aircraft modification. How? Through the use of Big Data algorithms that combine environmental factors such as weather conditions and load factor with historical flight data and aircraft characteristics to produce an accurate prediction of fuel requirements for each individual flight .
Once the airline knows how much they will need to spend on fuel, they are able to plan routes according to demand and cancel those which become economically inviable.
This solution has already been adopted by 44 airlines including major players such as Air France.
Aircraft maintenance is also an extremely important yet expensive burden on the balance sheets of airlines around the world. According to IATA airlines spend an estimated $69Bn on aircraft maintenance every year, or around 9%of total operational costs. The proposition of a more targeted maintenance programme without compromising on passenger safety would offer airlines a serious financial break.
AI is helping airlines adopt a more proactive and preventative approach to aircraft maintenance. Instead of organising maintenance timetables on annual or biannual basis, airlines will soon be able to target specific aircraft failures. This is thanks to the use of IoT powered connected onboard sensors that monitor and predict potential failures, allowing airlines to gain real time and accurate insights as to state and maintenance requirements of each aircraft.
American tech firm, Spark Cognition is leading the way in this technology, designing a bespoke solution for the airline industry that is set to change the way in which airlines arrange the maintenance schedule of their fleet.
Strategically planning fleet maintenance schedules around demand and capacity will allow airlines to maximise revenue. After all, a plane has to be flying to generate income!
The future of the commercial aviation industry is bright. Yes, COVID-19 has taken a severe financial toll on the industry, but people will undoubtedly return to skies in a post-pandemic world, and when they do, airlines will be more agile and efficient than before. For those airlines which make it through the pandemic, AI and IoT technology will continue to drive down those all important operational costs at a time when the industry needs cost saving strategies like never before!
To keep up to date with Telefónica’s Internet of Things area, visit our web site or follow us on Twitter, LinkedIn and YouTube
We recently found out that Spain sent 1,353 government requests for access to Facebook user data in the first half of 2020. Thanks to Facebook’s transparency report for the first half of 2020, we discovered that government requests for user data have risen from 140,875 to 173,592 worldwide. A few weeks ago, Apple published its report for the second half of 2019, which also shows what was requested in Spain and in other countries.
Sometimes governments need to rely on large corporations to do their job. When a threat involves knowing the identity or having access to the data of a potential attacker or a victim in danger, the digital information stored by these companies can be vital to the investigation and to preventing a disaster. We have prepared some graphs to try to identify through this publication (which only contains number tables), what governments are most concerned about.
This table represents the device requests. For example, when law enforcement agencies act on behalf of customers from whom the device has been stolen or lost. It also receives requests related to fraud investigations, typically requesting details of Apple customers associated with Apple devices or connections to Apple services. From an IMEI to a serial number.
In yellow those requested and in green those granted. Spain requested information on more than 2600 devices of which just over 2100 were granted. All in 1491 requests. In Germany, the problem of theft abounds to justify these requests. In the USA, repair-related fraud.
For example, when law enforcement act on behalf of customers who require assistance related to fraudulent credit card or gift card activity that has been used to purchase Apple products.
Japan leads, followed by Germany and the United States. Normally, it is the USA the one that demands the most, although this second half of the year it has come in third place. Japan has shot up. In Spain they are almost all related to iTunes card fraud or credit card fraud.
Requests are made to Apple regarding accounts that may have been used in violation of the law and Apple’s terms of use. These are iCloud or iTunes accounts and their name, address and even content in the cloud (backup, photos, contacts…)
This is perhaps the most intrusive measure, in which Apple provides real private content. Usually China and the United States are the ones that request the most data, but this time Brazil cuts in. Apple has the power to refuse if it considers any failure in form or substance. It should be noted that Apple, in addition to providing the data, may provide “metadata” not directly related to the data, and this does not count as a “satisfied” request although it also includes providing information. Spain requested 73, of which 51 were granted.
Under the U.S. Electronic Communications Privacy Act (ECPA), Apple may be required to provide Private Account Information if, in an emergency, it believes that doing so may avoid a danger to life or serious harm to individuals.
Interestingly, here the UK wins with over 400 accounts, followed by the United States. The rest of the countries make only dozens of requests, almost always satisfied. Spain, none. Does the UK care more about emergencies and limit itself to requesting data when that is the case?
It usually involves apps that allegedly violate the law.
China continues to be the country that requests the withdrawal of most apps. Almost all related to pornography, illegal content and operating without a government license. The 18 requested in Austria and the 2 in Russia were related to illegal gambling. Of the 33 requested by Vietnam, none was withdrawn, related to gambling.
Researchers at Group-IB security company have issued a statement claiming to have found activity linking the Qbot banking trojan (also known as QakBot, Pinkslipbot or Quakbot) to the distribution of Egregor ransomware. Qbot operators reportedly decided to migrate their operation (formerly associated with other ransomware families such as ProLock) to join Egregor, thus seeking a greater number of victims. In the three months of activity since the creation of the ransomware in September 2020, Egregor has managed to compromise a total of 69 companies, mainly in the manufacturing (28.9%) and retail (14.5%) sectors, being one of the most active families since Maze closed its operations last month. Also, since Emotet decided to retake the distribution of TrickBot in September, Qbot operators have had to distribute without its help, through their own phishing campaigns that attach malicious Microsoft Excel documents.
Security researchers at Digital Defense have discovered a major security flaw in cPanel, a popular software package used by web hosting companies to manage their clients’ websites. The flaw discovered could allow attackers to elude two-factor authentication(2FA) for cPanel accounts using brute force attacks, with a temporary cost of just a few minutes. Digital Defense has privately reported the flaw to the cPanel team and according to their security advisory, the 2FA authentication flaw would have been fixed in cPanel & WebHost Manager (WHM) 11.92.0.2, 11.90.0.17, and 11.86.0.32 software. Users should not disable the 2FA feature for their cPanel accounts due to this bug but should request that their web hosting providers update their cPanel installation to the latest version.
More details: https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/
The agent behind Trickbot has launched the 100version of the malware, which includes new features to avoid detection. Among the new features, Trickbot can now inject its malicious DLL directly from memory into the legitimate Windows executable “wermgr.exe”. Additionally, Trickbot operators have launched a new recognition tool, called Lightbot, used to search the network for high-value targets. The most recent malspam campaign carried out by the group aims to distribute this tool. The content of the mails used as a pretext are similar to those responsible for spreading BazarLoader. They pretend to come from human resources or legal departments, refer to customer complaints or contract terminations and include an attachment containing a javascript file running Lightbot’s Powershell script. The tool is intended to perform a superficial recognition to determine the value of the victim. Among the information collected is the computer name, hardware information, username, Windows version, Windows domain driver list, Windows PDC, IP addresses, DNS, network card type, and a list of installed programs.
Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any user is a potential victim, but if, in addition, they can get others to distribute their malicious code without knowing it, we are talking about an invaluable gain for criminals.
Therefore, they have realised that infiltrating malicious code into packages that developers use to generate their projects is a very effective way of spreading it to as many victims as possible, as well as benefiting from anonymity.
In this way, every time a developer, anywhere in the world, uses the corrupt package that was leaked inside the library in any kind of code, he will distribute the malicious segment and making the traceability will be almost impossible, since there are libraries that have been downloaded millions of times.
In the last year several samples of this practice have been found using mainly NPM library packages and Python library packages. Criminals used different techniques to hide their actions and bypass the controls in these libraries, let’s see which ones
Although the techniques are diverse, we are going to focus on those that, after their detection, could be shown that they had been available in the libraries for a long time:
The clearest example of this method was presented in the PyPi library of Python where two malicious packages were detected that used name mutations for their propagation, as in the case of jeIlyfish with jellyfish. This name mutation was intended to obtain the SSH authentication keys on the different servers or computers where any development using this package was installed
These packages were available for over a year in the PyPi library, where they were downloaded more than a hundred thousand times, which gives the attacker a wide impact and dispersion in terms of possible targets, as this code may still be used in some business or home developments that are not properly maintained or monitored.
These two basic examples show that criminals are always looking to deploy their malicious code using various mechanisms, demonstrating that they can put at risk any user with or without computer or information management knowledge.
This also confirms that it is vital that development companies look for mechanisms to detect these strategies, complying with methodologies that guarantee safe development in order to minimise that this type of threat is exploited and endangers users.
As for the companies behind this type of development language, internal and community efforts are being made to detect these threats in the shortest possible time. An example of these alliances is the OSSF (Open Source Security Foundation), of which we are an active part, that seeks to develop tools and communication with the aim of improving the security of the developments and that the computer development companies have references or elements to validate the life cycle of their developments.
