Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
ElevenPaths New Capabilities for the Future of Cybersecurity: Security Innovation Days 2020 (Day 2) Second day of the Security Innovation Days 2020, focusing on the new capabilities we have acquired as a cybersecurity company from Telefónica Tech. A few weeks ago, we announced...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths The Framing Effect: you make your choices depending on how information is presented You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have...
ElevenPaths #CyberSecurityPulse: Changing stereotypes in the security sector Ripples of outrage spread across the cybersecurity industry last week after women in red evening gowns were seen promoting a product at the Infosecurity Europe 2018 conference. The event’s...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
Gonzalo Álvarez Marañón China Leads the Race Towards an Attack-Proof Quantum Internet We are one step closer to reaching the Holy Grail of cryptography. Discover the details in this article.
Pay When You Get Infected by Ransomware? Many Shades of GreySergio De Los Santos 26 October, 2020 The Internet is full of articles explaining why ransomware should not be paid. And they are probably right, but if you don’t make a difference between the type of ransomware and who is affected, the reasons given may not make as much sense. It is therefore necessary to explain the circumstances of the person concerned in order to understand why payment should not be made and, above all, to understand the situation well in order to make the right decisions. Two Types of Ransowmare The first thing is to come clean about the fact that there are two types of ransomware. The first appeared massively around 2012, as a natural evolution of “police virus” malware and affected the average user. Since 2017, it has not disappeared, but its incidence has fallen considerably. They were attacks on unsuspecting random victims who asked for large amounts that could be dealt with by an individual. This type of ‘domestic’ attack has perhaps a more direct response: it should not be paid unless there is a good reason to do so. No one guarantees that the files will be returned (an amusing example is this anecdote in which, despite not having actually infected anything, the attacker still insisted that he should be paid). Nor does anyone guarantee that the victim will be extorted again. And most of the time, it is more than likely that the user can continue to live without his many files, data, etc. But… what if your business, livelihood, clients and future depend on recovering that data? Then the answer turns more complicated. When The Attack Is Professional Since this is not the time to blame the victim (he has enough already) because his backup was also encrypted, did not work, or simply did not have any. In a professional ransomware attack everything is more complex, we are talking about campaigns that could have involved months of work and study from the attacker, with the sole objective of entering the entrails of the network (sometimes enormous) and, at the right moment, taking control and encrypting everything. By then it is too late. The whole system is encrypted and sometimes it takes months to check not only that the system has been recovered but also that the attackers cannot get in again. Here, every day thousands and thousands of euros are lost because of the frustrating impossibility of running the business. The situation is much more critical and serious, and that is why the attackers are asking for millions of euros for the rescue. In that moment a negotiation begins, because when there is so much at stake, not paying is not something that is dismissed immediately. Just as in real life when kidnapping happens, payment is an option that is always considered. But it is always the last option. In fact, it is an option that may end up being officially illegal. In July 2019, the US mayors’ confederation at its annual meeting recommended not to pay. If you pay, you encourage them to keep attacking, they said. In that case, the statement did not go beyond a purely “moral” position, as it was not binding. Then it went further, two proposals by two senators (one Democrat and one Republican) contemplated in January 2020 that it would be forbidden to spend public money on these bailouts. The Republican senator also proposed the creation of a fund to help organisations improve their cybersecurity. It keeps going further. The Office of Foreign Assets Control (OFAC) now reports that “companies that facilitate ransomware payments to cybercriminals on behalf of victims, including financial institutions, insurance companies and companies involved in forensic analysis and incident response, not only encourage future ransomware payment claims, but also risk violating OFAC regulations”. The aim would be to fine both, those who pay, the intermediaries and those who receive the money (if they can be identified). More Figures Than You Can Imagine Actually, the recommendation is that instead of paying, one should collaborate with the law and order forces and not involve “cover” intermediaries on the grounds of already committing something illegal and criminalized. The reason? Many more affected than we think are paying, to the point that the payment process itself has become a business. The ransomware business has become industrialised both from the point of view of the attackers (very elaborate techniques, very professional treatment…) and from the point of view of the victims, who are already using intermediaries and other figures as insurers to deal with the crisis. When business continuity is critical, the companies affected set up various channels. Of course, the technical recovery attempt, damage assessment, etc. But other “diplomatic” channels are also initiated, which may include contact with the attackers and other companies. With the attackers, you bargain and negotiate, establishing a line of dialogue as if it were any other type of transaction. Extortionists may even offer useful advice after the victim has gone through the checkout line. And like any negotiation, it can be delegated. In the light of this murky business of extortion, intermediaries who offer “consulting” services have emerged dealing with the negotiation and the payment of the ransom. In this industrialized scenario, payment usually does guarantee recovery. Even going further, insurers can act as intermediaries. These businesses may find it more rewarding to pay the attackers than the affected party for the damage suffered, depending on what their insurance covers. In short, a complex web where not everything is so clear when we talk about figures and above all very distant from the domestic environment where the guidelines are usually clearer. The new laws in the United States seek to strangle the extortionists by preventing their business from being lucrative… but this measure may not be enough because many times the continuity of legitimate businesses is more important. Survival… not at any price, but at the one imposed (unfortunately) by criminals. Cybersecurity Weekly Briefing October 17-23Approaching Cybersecurity in Industry 4.0: The Age of Connected Machines
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...