Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Criminal Networks – FBI takes down encrypted Phantom Secure network

The FBI has announced that the International Criminal Communication Service called Phantom Secure has just been dismantled as documented below:

International organized crime and drug trafficking groups were dealt a blow by the takedown of an encrypted communication service they used to plan and commit their crimes, the FBI and its international partners announced yesterday.

Canada-based Phantom Secure was a criminal enterprise that provided secure communications to high-level drug traffickers and other criminal organization leaders. The group purchased smartphones, removed all of the typical functionality—calling, texting, Internet, and GPS—and installed an encrypted e-mail system, so the phones could only communicate with each other. If a customer was arrested, Phantom Secure destroyed the data on that phone, which is obstruction of justice under U.S. law. In an attempt to thwart law enforcement efforts, the company required new customers to have a reference from an existing user.

Given the limited functionality of the phones and the fact that they only operate within a closed network of criminals, all of Phantom Secure’s customers are believed to be involved in serious criminal activity. Most of Phantom Secure’s 10,000 to 20,000 users are the top-level leaders of nefarious transnational criminal organizations in the U.S. and several other countries, and the products were marketed as impervious to decryption or wiretapping.

Video Streaming – PC Magazine ranks best services for 2018

Many home users are cutting the cord from standard cable services or satellite TV stations. PC Magazine ranks best Video Streaming services for 2018,2817,2489103,00.asp

The Best Alternatives to Cable Streaming services started as an add-on to DVD and digital download offerings with a trickle of second-run movies and TV shows. They were supplements to the programs you watched on their first (and second) runs on cable TV. But speedier internet connections, an abundance of dedicated streaming video devices, and an explosion of mobile video has allowed services like Netflix and Amazon to bulk up their streaming libraries, invest millions in original content, and give traditional pay TV providers a run for their money. These services have grown up from their days as cable TV adjuncts; they’re now full-fledged cable replacements for cord cutters

Microsoft Security Updates – MARCH 2018

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

CISCO TALOS — Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabilities impact Internet Explorer, Edge, Exchange, Scripting Engine, Windows Shell and more.  Talos believes one of these is notable and should be called out.

CVE-2018-0883 – Windows Shell Remote Code Execution Vulnerability — A remote code execution vulnerability has been identified in Windows Shell. This vulnerability could be exploited by an attacker convincing a user to open a specially crafted file via email, messaging, or other means. An attacker exploiting this vulnerability could execute arbitrary code in context of the current user.

Facebook – LITE version for basic needs launches in USA

Facebook’s new LITE version was designed for basic needs on slow networks.  While originally targeted for emerging nations, this is now available in USA, Canada, and other developed nations.

Back in 2015, Facebook realized that if it wanted to grow a user base in emerging markets, it needed to offer an experience that worked on slower mobile networks. The solution was Facebook Lite, an app that is smaller, so quicker to install, works on older versions of mobile operating systems, uses less data, loads more quickly, and functions across all types of network.

As Facebook Lite was aimed at emerging markets, that’s where it has remained while expanding its availability to over 100 countries. However, as Reuters reports, Facebook Lite is coming home. The social network has realized it’s not just developing countries that have slow connections, developed countries do too.

The Lite app should be available today for users in the US, Canada, Australia, United Kingdom, France, Germany, Ireland, and New Zealand  Facebook Lite joins the existing stripped down Messenger Lite app, which is also aimed at older devices and those who don’t have access to a fast connection.

Even if you enjoy a very fast and reliable connection, these Lite apps are desirable. If they load faster on lower-end hardware, they’ll fly on high-end hardware. And who wouldn’t enjoy having less data used to access the social network? Facebook Lite is worth a try if you use the main Facebook app regularly. You may never go back.

Malware – CRIMEB4NK uses older Internet Relay Chat vector

Fortunately, CRIMEB4NK has programming errors which prohibit this IRC based bot from infecting systems remotely. And even though the IRC vector is somewhat antiquated, this SANS Internet Storm Center article shares awareness that threats abound everywhere.

Yesterday, I got my hands on the source code of an IRC bot written in Perl. Yes, IRC (“Internet Relay Chat”) is still alive! If the chat protocol is less used today to handle communications between malware and their C2 servers, it remains an easy way to interact with malicious bots that provide interesting services to attackers. I had a quick look at the source code (poorly written) and found some interesting information:

* The Perl script was developed in a Windows environment (C:\Perl64\lib\perl.exe)
* Comments and some variable names are written in Italian
* Many typo errors
* The source has many unused blocks of code.

Honestly, the bot was simply NOT working out of the box. I had to fix many issues in the code to have an “almost” working version. To conclude, the bot was not working in its current state and looked quite old but it demonstrates that attackers are always developing tools to automate their actions

DDoS attacks – GitHub encounters very large 1.35T bps attack

GitHub may have experienced one of the largest-ever distributed denial of service (DDoS) attacks.  The first portion of the attack against the developer platform peaked at 1.35Tbps. This would make it the biggest DDoS attack recorded so far. Until now, the biggest clocked in at around 1.1Tbps.  They quickly responded & stopped the attack within a few minutes of discovery.

On Wednesday, February 28, 2018 was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users. To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts we’ve taken to drive availability, and how we aim to improve response and mitigation moving forward.

Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).

WordPress – 30 percent web usage as of March 2018

WordPress is a leading web development technology, now used in 30 percent of websites as of March 2018 

WordPress now powers 30% of websites

WordPress now powers 30 percent of the web, according to data from web technology survey firm W3Techs. This represents a 5 percentage point increase in nearly two and a half years, after WordPress hit the 25 percent mark in November 2015.

It’s worth noting here that this figure relates to the entire Web, regardless of whether a website uses a content management system (CMS) or not. If we’re looking at market share, WordPress actually claims 60.2 percent, up from 58.7 percent in November 2015. By comparison, its nearest CMS rival, Joomla, has seen its usage jump from 2.8 percent to 3.1 percent, while Drupal is up from 2.1 percent to 2.2 percent.

Amazon – Starting to Photograph Home Deliveries

Amazon “Logistics Photo on Delivery” service allows customers to see a photo of where their delivery has been left. This allows greater documentation for purposes in preventing false fraudulent reports of theft — or if theft is actually realized by recipient greater evidence is present

The convenience of having something delivered to your door for free within two days is a big part of why Amazon is so popular. But we can’t always be at home to receive those deliveries, and not all of us are happy to let Amazon inside. Inevitably, packages end up getting left somewhere outside for customers to find. Amazon realized it could improve that system by snapping a photo.

For Amazon, having photo evidence of a delivery results in a couple of positives. The first is proof a delivery was actually made, meaning if a customer complains their package is missing, it was taken after delivery was complete. The second is a better experience for customers. Not only do they know when a delivery is made, but they can see exactly where it is.  If this sounds a little too creepy, Amazon allows you to opt out of the feature. The delivery person may still take the picture, but you’ll never see it.

Phishing Attacks – SANS ISC shares techniques to find these MAR-2018

Phishing Attacks are fake emails/websites that point to highly realistic websites to capture sensitive data by fooling users in playing on emotions like fear, greed, etc.

Phishing campaigns remain a common way to infect computers. Every day, I’m receiving plenty of malicious documents pretending to be sent from banks, suppliers, major Internet actors, etc. All those emails and their payloads are indexed and this morning I decided to have a quick look at them just by the name of the malicious files. Basically, there are two approaches used by attackers:

* They randomize the file names by adding a trailing random string (ex: aaf_438445.pdf) or the complete filename.

* They make the filename “juicy” to entice the user to open it by using common words.

This is the second approach that looks interesting. I extracted all the IOC of type ‘filename’ from my MISP. The raw export contained 4692 filenames (4247 unique). I also exported all payloads from my archive (574.879 unique files). I extracted interesting strings based on:

* words
* common brands
* abbreviations

Leadership – Management Self-Assessment valuable quarterly process during 2018

The John Maxwell leadership training center shares an excellent article on use of Skill Assessment Tools for team members to discover their talents:

I challenge you to take some time this quarter to give the following self-assessment questions some serious, focused thought. The first four are meant to be reflective on the seasons in your past, while the final four are geared toward your future.

1. What have I accomplished? — This is a positive exercise, so let’s start with a positive question. This inquiry should get to the root of what is working in your career. It also gives you an opportunity to reflect.

2. What have I learned? — Having some time to step back from both achievements and failures Is key to holistic understanding. Giving yourself this kind of space can open your eyes to what you truly learned along the way.

3. Who did I lead? — The mark of an influencer is not in the number of followers, but rather in the number of leaders he or she has produced. Think leader replication.

4. What held me back? — Chances are you fell short on achieving all of your goals last year, last quarter or even last week. That’s OK. But let’s look closely at what caused these diminished returns.

5. Do I still love what I do? — There are certainly parts of the job that I don’t like. Our ability to be effective is directly tied to our ability to be passionate about what we’re doing.

6. Am I willing to pay the price again? — John says, “Everything worthwhile in life is uphill all the way.” We must figure out if the journey is worth the ascent.

7. What are my priorities? — The key to overcoming this barrier is by choosing your priorities. If you have too many priorities, then you have no priorities. Ask yourself this question to identify, assess and ignore these damaging diversions.

8. What habit change will aid me most? — We all know that there are some habits that hinder our progress as intentional leaders. The first step to overcoming these habits is realizing they exist and being self-aware enough to identify them as impediments.

9. What is my focus word? — Choose a word that defines what you’re hoping to achieve, and then take this word into battle with you every single day. Great words to consider include, “intentional,” “influence” or “collaborate.”