This is the 50th episode of the Shared Security Weekly Blaze for January 7th 2019 with your host, Tom Eston. In this week’s episode: Newspaper Ransomware Attack, How Facebook Tracks You on Android, and USB-Type-C Authentication
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Several large newspapers in the US, owned by media giant Tribune Publishing, started off 2019 by having to respond to a massive ransomware attack that caused major printing and delivery problems. Newspapers affected included the Chicago Tribune, Baltimore Sun, the Los Angeles Times as well as several other Tribune Publishing affiliates. The attack, which started on December 29th, targeted critical news production systems and other infrastructure responsible for the newspaper printing process. According to the Los Angeles Times, the attack appears to be carried out by a foreign state or other such organization and some sources with knowledge of the attack have said that the malware appears to be a form of “Ryuk” Ransomware which is typically very targeted and has been around since last August where one particular form of Ryuk was found to have collected about $640,000 worth of Bitcoin from victims.
Of course, some are quick to blame the Russians due the .ryk naming convention found on the encrypted files that the malware left behind and because most attacks these days seem easy to attribute back to Russia. However, past origins of Ryuk ransomware may actually have its history tied to North Korea where was determined from a research report last year which reviled that some of the Ryuk source code was actually copied from the Hermes ransomware that was used by the Lazarus Group. The Lazarus Group just happens to be a nation state espionage team previously associated with North Korea. As we all know, attribution is hard. Source code of ransomware can be copied and easily reused by others. The best response for most organizations that are hit with ransomware, like in this most recent example, is to ensure you know how to respond to an attack like this as being hacked for most organizations will most likely happen sometime in the future.
Organizations’ internal networks are overly permissive and can’t distinguish trusted from untrusted applications. Attackers abuse this condition to move laterally through networks, bypassing address-based controls to spread malware. Edgewise abstracts security policies away from traditional network controls that rely on IP addresses, ports, and protocols and instead ties controls directly to applications and their data paths.
Edgewise allows organizations to analyze the network attack surface and segment workloads based on the software and how it’s communicating. Edgewise monitors applications and protects data paths using zero trust segmentation.
Visit edgewise.net to get your free month of visibility.
In a talk given by UK-based Privacy International at the 35th Chaos Communication Congress hacking conference last week shows that many popular Android applications are sending tracking information to Facebook without you even having a Facebook account. The research focused on 34 Android applications that have between 10 and 500 million users. By decrypting and analyzing all third-party trackers the apps were using, the researchers found that 23 of these apps were sending data to Facebook such as if the app was opened or closed, device information, language and time zone settings, and the user’s Google advertising ID which can allow companies like Facebook to conduct profile matching. The talk also pointed out that what Facebook is doing is also in common with what other companies like Google, Amazon and Twitter are doing, which offer analytics services for application developers. Other points from the talk include criticism of Facebook for only enforcing the collection of user information through contractual and legal means and that Facebook’s current opt-out cookie policy had no effect on the data the researchers have questioned. Facebook responded to the talk by noting that their upcoming “Clear History” feature, which was one of the developments from the Cambridge Analytica scandal, would be a way for users to remove this data sent by third-party apps.
This is just the latest in a long string of seemingly endless data breaches and mishandling of personal data from Facebook. Now that it’s 2019, will we will see more data mishandling issues and breaches from Facebook? Or, have they given themselves a New Year’s resolution to finally make changes to help protect our private information.
The non-profit USB Implementers Forum, also known as USB-IF, have announced a new program to support the a new optional security specification called USB Type-C Authentication. This new specification defines cryptographic-based authentication for USB Type-C chargers and devices. This will allow systems to confirm the authenticity of a USB device or charger and will even be able to allow devices to only work with manufacture certified chargers. What this means for you is that this improvement to USB Type-C can reduce the risk of malicious charging stations, make it harder for law enforcement or others to copy data off of a mobile device, or prevent embedded malware installed on USB hardware from exploiting your device. No dates or other details were given in the announcement but it’s good to see some progress being made on the security of USB, which is now the most common way we interface other hardware with our PC’s, mobile phones and other devices. Perhaps now it’s starting to make more sense why more and more manufactures, like Apple, are ditching the old style USB 2 and 3 and moving towards USB Type-C.
That’s all for this week’s show. Be sure to follow the Shared Security Podcast on Facebook, Twitter and Instagram for the latest news and commentary. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on your favorite podcast listening app such as Apple Podcasts or watch and subscribe on our YouTube channel. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.
