Information Technology

Your internet privacy is invaluable, but keeping it safe and protected can cost you as little as a cup of coffee. A VPN, or virtual private network, is essential to have. Whether you own an online business or casually browse the web, it keeps your activities and information anonymous and contained. With Black Friday looming, Atlas VPN, one of ZDNet’s picks for best cheap VPN services, is looking to get ahead of the storm with a month-long offer you won’t want to pass on.

36 months + 3 months free, $1.39 a month

atlasVPN

From now until November 30, you can subscribe to Atlas VPN for just $1.39 a month. The catch? This is a three-year subscription and you’ll be paying the discounted total upfront ($50.04). Still, we think the offer is very reasonable and of great value — especially with the additional three months bundled in for free. Included with the three-year plan are all the standard Atlas VPN fix-ins, like app support on Windows and MacOS, access to over 700 servers worldwide — a fair number at this price point, and data leak protection, among others. It may also bring you some peace of mind knowing that Atlas VPN recently completed an independent security audit and offers a 30-day refund guarantee policy.

ZDNet Recommends More

There’s been a surge in mobile phishing attacks targeting the energy sector as cyber attackers attempt to break into networks used to provide services including electricity and gas. The energy industry is highly critical, providing people with vital services required for everyday use. That role makes it a prime target for cyber criminals.

ZDNet Recommends

That risk was demonstrated earlier this year when the Colonial Pipeline was hit with a ransomware attack, leading to the gasoline shortages across the Eastern United States. Colonial ended up paying cyber criminals almost $5m dollars for a decryption key to restore the network.SEE: A winning strategy for cybersecurity (ZDNet special report)    And it’s not just cyber criminals who have an interest in hacking into the networks of energy providers; they’re also a top target for nation state-backed hacking groups for whom breaching a network could be a path towards causing significant disruption.The desire to break into these networks has resulted in a sharp rise in phishing attacks against the energy sector, specifically cyberattacks targeting mobile devices, warns a report by cybersecurity researchers at Lookout.According to the paper, there’s been a 161% increase in mobile phishing attacks targeting the energy sector since the second half of last year. Attacks targeting energy organisations account for 17% of all mobile attacks globally – making it the most targeted sector, ahead of finance, government, pharmaceuticals, and manufacturing.

“The energy industry is directly related to the wellbeing and safety of citizens, globally,” Stephen Banda, senior manager of security solutions at Lookout, told ZDNet.Remote working has increased considerably during the past 18 months. And while the rise in mobile working has allowed businesses to continue operating, the increase in the use of personal devices and remote working has also boosted security risks – according to Lookout, 41% of mobile devices in the energy industry aren’t managed by employers. That situation could put users at risk from cyberattacks including phishing and malware that could be used to help gain access to wider networks. The aim of the attackers is to steal usernames and passwords that could be used to gain access to cloud services and other parts of the network. SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets betterTailoring phishing emails towards mobile devices can make them more difficult to spot because the smaller screen provides fewer opportunities to double check that links in messages are legitimate, while smartphones and tablets might not be secured as comprehensively as laptops and desktop PCs, providing attackers with a useful means of attempting to compromise networks.”Threat actors know that mobile devices aren’t usually secured in the same way as computers. For this reason, mobile phishing has become one of the primary ways threat actors get into corporate infrastructure,” said Banda.”By launching phishing attacks that mimic the context that the recipient expects, attackers are able to direct a user to a fake webpage that mimics a familiar application login page. Without thinking, the user provides credentials and data has been stolen,” he added.It’s likely that cyber criminals will continue to target mobile devices as organisations adopt hybrid-working practices – so researchers emphasise the importance of smartphones and tablets being part of the overall cybersecurity strategy, by ensuring that the operating systems they run on are up to date and that they’re using software to help protect against phishing, malware and other cyberattacks.”The majority of attacks start with phishing, and mobile presents a multitude of attack pathways. An anti-phishing solution must block any communication from known phishing sites on mobile devices — including SMS, apps, social platforms and email,” said Banda.MORE ON CYBERSECURITY More

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

The Toronto Transit Commission (TTC) — which runs the city’s public transportation system — reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization’s email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ransomware attack after its IT staff “detected unusual network activity and began investigating.””Impact was minimal until midday Friday, October 29, when hackers broadened their strike on network servers. The incident did not cause significant service disruptions, and there is no risk to employee or customers safety,” the TTC said. Impacted services include the TTC’s Vision system, which is used for operators to communicate with Transit Control. Next vehicle information on platform screens, through trip-planning apps and on the TTC website, were unavailable and online wheel trans bookings were also unavailable. It is unclear which ransomware group attacked Toronto’s system on Friday.”The full extent of the attack is being looked into, and the TTC is working with law enforcement and cybersecurity experts on this matter. The City of Toronto’s IT services department has been consulted,” the TTC said in a statement. The Record noted that this is the third ransomware attack on a major Canadian city’s metro system in the last year. Montreal’s system was hit in October 2020, and Vancouver’s was attacked in December 2020.

San Francisco, Sacramento, Fort Worth, Philadelphia and Ann Arbor have all seen ransomware attacks on their transportation systems over the last five years, and New York City’s MTA was hit with a cyberattack in April. A ransomware attack shut down ferry services in Cape Cod, Martha’s Vineyard and Nantucket in June.Despite the recent attacks, lawmakers in the US are continuing to fight cybersecurity regulations handed down by the Department of Homeland Security, the Transportation Security Administration and CISA.In a new letter to Department of Homeland Security inspector general Joseph Cuffari sent last Thursday, US Senators Rob Portman, Michael Rounds and James Lankford slammed the cybersecurity regulations again, calling them “unnecessarily burdensome requirements that shift resources away from responding to cyberattacks to regulatory compliance.”The TSA and DHS pushed the new regulations this summer because companies involved in critical industries like transportation and gasoline routinely flouted voluntary cybersecurity rules and inspections. Colonial Pipeline, which was hit with a ransomware attack in May that left millions without gasoline for about a week, repeatedly pushed back cybersecurity reviews before it was attacked. But now, the government agencies are facing backlash from these companies, cybersecurity experts and Republican leaders in the Senate, all of whom believe more time should have been spent working with those involved in cybersecurity before the new rules were handed down. “We have received reports that TSA and CISA failed to give adequate consideration to feedback from stakeholders and subject matter experts who work in these fields and that the requirements are too inflexible,” the senators wrote in their letter.”We are concerned that the recently issued security directives appear to depart from TSA’s historically collaborative relationship with industry experts.”They go on to ask that DHS review each new regulation and provide explanations and legal justifications for all of the cybersecurity rules. They demanded a response in 120 days. While some have questioned the partisan nature of the demands, many cybersecurity experts have also raised concerns about the rules from a technical standpoint, noting that they could have been more focused if TSA had worked with experts more closely.   More

Google has kicked off a special three-month bug bounty targeting flaws in the Linux kernel with triple the rewards for security researchers.The new bounty, announced this week, looks to harden the Linux kernel in specific edge cases. It’s offering up to $31,337 (Leet) to security researchers who can exploit privilege escalation in Google’s lab environment with a patched vulnerability; and $50,337 for anyone who can finds a previously undisclosed or zero-day flaw, or for discovering a new exploit technique. 

ZDNet Recommends

“We are constantly investing in the security of the Linux Kernel because much of the internet, and Google – from the devices in our pockets, to the services running on Kubernetes in the cloud – depend on the security of it,” said Eduardo Vela from the Google Bug Hunters Team.SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets betterThe Linux kernel — hatched as a hobby by Linus Torvalds in Helsinki 30 years ago — now powers most of the top websites and internet infrastructure, from AWS to Microsoft Azure, Google, Facebook and Wikipedia.   Google’s base rewards for each publicly patched vulnerability is $31,337, capped at one exploit per vulnerability. However, the reward can go up to $50,337 if the bug was otherwise unpatched in the Linux kernel (a zero-day); or if the exploit uses a new attack or technique in Google’s view.”We hope the new rewards will encourage the security community to explore new Kernel exploitation techniques to achieve privilege escalation and drive quicker fixes for these vulnerabilities,” Vela said.

He adds that “the easiest exploitation primitives are not available in our lab environment due to the hardening done on Container-Optimized OS.” This is a Chromium-based OS for Google Compute Engine virtual machines that’s built to run on Docker containers. However, since this three month bounty complements Android’s VRP rewards, exploits that work on Android could also be eligible for up to $250,000 (that’s in addition to this program).The Google environment has some specific requirements that were demonstrated by Google security engineer, Andy Nguyen, who found the 15-year-old BleedingTooth bug (CVE-2021-22555) in Linux’s Bluetooth stack. SEE: Cloud security in 2021: A business guide to essential tools and best practicesThat bug was a heap out-of-bounds write vulnerability in Linux Netfilter that could bypass all modern security mitigations, achieve kernel code execution, and could break the Kubernetes pod isolation of the kCTF (capture the flag) cluster used for security competitions. Nguyen details his work in a writeup on GitHub. Vela recommends that participants also include a patch if they want extra cash via its Patch Reward Program.Given the nature of open-source software development, Google notes that it doesn’t want to receive details about unpatched vulnerabilities before they’ve been publicly disclosed and patched. Researchers need to provide exploit code and the algorithm used to calculate the identifier. It would, however, like to receive a rough description of the exploit strategy.  More

Organisations need to have better plans in place to prevent cyberattacks – but they should be more transparent about when they do fall victim to hackers in order to prevent others from meeting the same fate, according to the former head of the US National Security Agency (NSA). As director of the NSA and Commander of US Cyber Command from 2014 to 2018, Admiral Michael S Rogers oversaw cybersecurity during a period of time when the threat of cyberattacks from criminals and foreign government-backed hacking operations grew significantly.

ZDNet Recommends

And while companies can act individually to improve their own cybersecurity, Rogers believes that – for the best possible benefit – companies need to share strategies, techniques and best practices for defending against common cyber threats, particularly when attackers seem to be able to deploy the same techniques again and again to go after different targets.SEE: A winning strategy for cybersecurity (ZDNet special report)”One thing that really frustrates me – and I used to say this when I was in government with the senior leadership of our nation – I wanted that the pain of one should lead to the benefit of many,” said Rogers, now an operating partner at Team8, a cybersecurity venture group, in an interview with ZDNet Security Update.”Why do the same techniques keep working over and over and over again? We’re talking years – the same techniques literally used for years. One of my takeaways was because we don’t talk or acknowledge this activity. Most companies do not want to publicly acknowledge a cyber penetration,” he said.It’s still uncommon for organisations that are hit by cyberattacks to go into detail about what happened, such as by explaining how cyber criminals were able to enter their network or what needed to be done to secure it after an attack.

That means that there isn’t the opportunity for other companies to learn useful information about the incident that they can then use to prevent attacks. That’s something Rogers says has to change – and he believes there’s already a successful model to follow in the collaborative nature of how the aviation industry investigates incidents.”In the US, we use a structure that says any time there is an aviation accident, the government steps in and there is a formal investigation,” he said. “We determine the causes and the mitigating factors, we publish them and then we say, given that, what changes do we need to make?”It’s an indicator of the effectiveness of that methodology, they tend not to continue to recur, the same cause repeatedly over time, because we’re able to address problems” Rogers continued”That is not the case in cyber, so I’d like us to learn from some others,” he said.

By learning from the mistakes of others, organisations can be provided with the information and guidance necessary to make their networks more resistant and more resilient to attacks. Because ultimately, if carrying out successful campaigns is more difficult for cyber criminals, they’re going to find it harder to make money.SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets better”We’ve got to become much more resilient and able to continue to operate, because if we can continue to operate it buys us more time and, quite frankly, it also reduces disposition on the part of many companies to pay a ransom,” said Rogers.”If we make this less lucrative for criminals, you won’t see as much criminal activity,” he added.For Rogers, the challenge now is for organisations to focus not just on keeping malicious intruders from gaining access to their network, but also on having plans in place to ensure they are able to continue operating in some capacity, even if hackers have breached the network.”Cybersecurity needs to include, not only cyber defence, but we need to spend a whole lot more time thinking about cyber resilience. So if, despite my best efforts, an adversary is going to be able to penetrate my network structure, what are the tools, what are the methodologies, what are the capabilities, what can I do to try to maximize my ability to continue to operate?” he said.MORE ON CYBERSECURITY More

A cryptocurrency project based on Squid Game has allegedly pulled an exit scam, with millions of dollars stolen from investors. 

Popular trends, whether they are meme coins, desired products, or popular television shows — including the Netflix Squid Game series — can all be hijacked by criminals who want to jump on the bandwagon and take advantage of consumer interest. The same can be said for the Squid Game cryptocurrency scheme, a project which promised investors a pay-to-play online game based on the television series, in which contestants were made to play lethal games for prize money.  It should be noted that the Squid Game cryptocurrency project is not associated with the television series, Netflix, or its creators.  The online game was set to launch in November and would cost SQUID tokens to play. However, less than two weeks after the SQUID token was launched — having reached a peak of over $2,850 — the coin has now completely crashed by over 99.99% and is currently worth $0.003028. On November 1, investors who had previously enjoyed seeing the coin rise in value from $0.01 to levels far beyond its original price on PancakeSwap found out they were unable to sell their tokens.  According to CoinMarketCap, an “anti-dumping mechanism that was imposed by the project’s developers meant they could not sell.”

Investors were unable to move their tokens and then the development team went silent. As of now, the project’s website, squidgame.cash, is inaccessible and Twitter now displays a warning on the SQUID Twitter account, citing “unusual activity” as a reason for its temporary suspension.  This is known as a rug pull or an exit scam, in which investor funds are moved elsewhere and developers vanish — often leading to a coin’s value to tank and to become worthless. In a Telegram channel linked to the project, an administrator said: “Someone is trying to hack our project these days. Not only the Twitter account @GoGoSquidGame but also our smart contract. We are trying to protect it but the price is still abnormal. Squid Game Dev does not want to continue running the project as we are depressed from the scammers and is overwhelmed with stress.” Gizmodo estimates that investor losses have reached $3.3 million, In other Squid Game news, TA575 threat actors have been linked to a campaign exploiting the popularity of the television show to spread Dridex malware.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Cybercriminals are offering initial access for networks belonging to key players in global supply chains, researchers warn.

On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. Global supply chains have faced serious upheaval since the start of the COVID-19 pandemic. The problems go beyond chip shortages — lockdowns and closures have caused backlogs worldwide, and as we slowly emerge from the pandemic, demand for everything from food to electronics remains high.  This may be why organizations that provide the backbone of cargo transport and good deliveries have captured the interest of cybercriminals including ransomware operators.  Access is normally obtained through vulnerabilities in Remote Desktop Protocol (RDP), virtual private networks (VPN), Citrix, SonicWall, misconfigurations, and brute-force attacks, as well as credential theft.  While already in a volatile and precarious position — especially as we head into winter — “a cybersecurity crisis at one of these logistics and shipping companies could have a calamitous impact on the global consumer economy,” according to the researchers. With this in mind, Intel 471 examined Dark Web listings over the past few months to see how prevalent IAB listings relating to the global supply chain are.

There are several cases of note from both well-known IABs and newcomers. In July, two traders claimed to have secured access to a Japanese shipping firm’s networks, alongside working, stolen account credentials. This offer was included in a wider dump of roughly 50 organizations.  In August, a trader and associate of the Conti ransomware group said they had infiltrated networks belonging to a US transport and trucking software supplier, as well as a commodity transport giant.  According to the cybersecurity firm, this actor had previously given Conti access to a botnet including a virtual network computing (VNC) function, allowing them “to download and execute a Cobalt Strike beacon on infected machines, so group members in charge of breaching computer networks received access directly via a Cobalt Strike beacon session.” A posting published in September by an IAB linked to the FiveHands ransomware group offered access to “hundreds” of companies, including a logistics company in the United Kingdom, whereas in other postings on cybercriminal forums, access to a shipping firm in Bangladesh — secured through a PulseSecure VPN security flaw — local admin rights in a US freight organization, and a pack of credentials including account access for a logistics company in Malaysia were also on offer.  “The logistics industry is constantly targeted, and the ramifications of a cyberattack can have a crippling ripple effect on the global economy [..] It’s extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behavior to stop attacks from these criminals,” the researchers say. “Proactively addressing vulnerabilities in times of high alert avoids further stress on already constrained business operations.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Facebook parent company Meta has granted the Kazakhstan government direct access to its content reporting system, as part of a joint agreement to work on removing content that is deemed harmful on social network platforms like Facebook and Instagram. In a joint statement, the Ministry of Information and Social Development of the Republic of Kazakhstan and the social media giant said the agreement, which is the first of its kind in Central Asia, would help increase the efficiency and effectiveness to counter the spread of illegal content. Giving the Kazakhstan government access to its content reporting system will allow the government to report content that may violate Facebook’s global content policy and local content laws in Kazakhstan, Facebook said.Under the agreement, both parties will also set up regular communication, including having an authorised representative from Facebook’s regional office work with the Ministry on various policy issues. “Facebook is delighted to work with the government of Kazakhstan together, particularly in the aspect of online safety for children,” Facebook regional public policy director George Chen said in a statement. “To make the first step for our long-term cooperation with the government, we are delighted to provide the ‘content reporting system’ to the government of Kazakhstan, which we hope can help the government to deal with harmful content in a more efficient and effective manner. The Facebook team will also continue to provide training to Kazakhstan to keep its cyberspace safe.” According to the pair, in preparation for giving the ministry access to its content reporting system, Facebook provided training for the ministry’s specialists last month on how to use the content reporting system, as well as Facebook’s content policy and community standards.

Aidos Sarym, one of the deputies who introduced a Bill into the Kazakhstan parliament in September to protect children from cyberbullying, described the agreement as a “win-win” situation. “During these negotiations, everyone came to consensus. It’s basically a classic win-win situation where our citizens will get more effective opportunities to protect their rights, and companies to grow their business,” he wrote on his Facebook page. “At the same time, we were and will be consistent. We are ready to remove the toughest wording and together with the government to develop and introduce formulas that will work will not infringe on user interests or the interests of tech companies themselves.” Just last week, Facebook whistleblower Frances Haugen warned the UK Parliament about social media platforms that use opaque algorithms to spread harmful content should be reined in. She said these algorithms could trigger a growing number of violent events, such as the attacks on the US Capitol Building that occurred last January.Haugen was speaking in London as part of an investigation into the draft Online Safety Bill that was put forward by the UK government earlier this year. This Bill proposes to force companies to protect their users from harmful content ranging from revenge porn to disinformation, through hate speech and racist abuse.    Parliamentarians were taking evidence from Haugen because it was recently revealed that she was the whistleblower behind bombshell leaked internal documents from Facebook.  Now known as the Facebook Files, the leaks were published by The Wall Street Journal and explored a variety of topics, including the use of different content moderation policies for high-profile users, the spread of misinformation, and the impact of Instagram on teenagers’ mental health. The disclosures became a catalyst for a US Senate inquiry into Facebook’s operations. Related Coverage More