Home Tags Bad Guys

Tag: Bad Guys

Google rater fired after speaking to Ars about work conditions

After public revelations, workers report chaos, layoffs, and at least one firing.

Meet Chris Vickery, the internet’s data breach hunter

His job is simple: find leaked and exposed data before the bad guys do.

FBI allays some critics with first use of new mass-hacking warrant

Judge authorized order allowing US to change data in thousands of infected devices.

How secure is your supply chain?

Today’s global supply chains carry risks that run the gamut from pirates off the coast of East Africa to bad guys tampering with goods in transit.

And international supply chains also put companies at risk of violating legislation and policies mandating corporate social responsibility. How can you company make responsible decisions for your supply chain under these conditions?To read this article in full or to leave a comment, please click here(Insider Story)

Setting Up Security as a Business: 3 Best Practices for Security...

Security leaders need to show they provide more than stop-the-bad guys services. Here's how.

SailPoint tackling unstructured data vulnerabilities for Australian organisations

As one obstacle is contained and another emerges, a new attack vector area gaining traction with the bad guys is unstructured data, SailPoint co-founder Kevin Cunningham has said.

Ghost In The Shell film might be the most disappointing live-action...

This average action film looks so much worse through the lens of its original form.

Top 8 Reasons You Don’t Want to Miss SAS 2017

If you've never been to SAS, ask around. You really are missing out on the best security conference in the industry – and event where the best connections are made, high-quality discoveries are shared in a fun, casual atmosphere.

Halo Wars 2 single-player review: Meet local units in your area

An anticlimactic fall ends an otherwise tense tightrope spacewalk.

First trailer for Netflix’s Iron Fist series is oddly bland

So far it's not breaking out of the mold like Jessica Jones and Luke Cage did.

Massive Twitter Botnet Dormant Since 2013

A sizable and dormant Twitter botnet has been uncovered by two researchers from the University College London, who expressed concern about the possible risks should the botmaster decide to waken the accounts under his control. Research student Juan Echeverria Guzman and his supervisor and senior lecturer at the college Shi Zhou told Threatpost that the 350,000 bots in the Star Wars botnet could be used to spread spam or malicious links, and also, more in line with today’s social media climate, start phony trending topics, attempt to influence public opinion, or start campaigns that purport a false sense of agreement among Twitter users. Compounding the issue is a larger botnet of more than a half-million bots that the researchers have uncovered since their initial research.

That research, the two academics said, will be shared in a future paper.
In the meantime, the Star Wars botnet dataset is available for study; the researchers said the data is tens of times larger than any public collection on Twitter bots. The researchers also said they have not shared their data with Twitter yet because they are waiting for their current research to be approved in a scientific journal. “We would also like to give researchers a chance to get the dataset by themselves before they are gone, this is why we have not reported to Twitter directly, but we will as soon as the paper gets accepted,” Echeverria Guzman said. A request to Twitter for comment was not returned in time for publication. The researchers said the botnet was created in 2013 and has remained hidden since then with relatively little activity.

The mundane pace at which the bots tweeted seemed automated and intentional, the researchers said. Most of the content are benign quotes from Star Wars novels and do not include URLs, giving the tweets the appearance of real human language as a means of side-stepping bot detection services.

The user profiles behind the bots also used tactics that would not trigger alerts, such as having real profile pictures. “All the accounts were created in a short window of time, less than two months.

They all behave in exactly the same way, quoting Star Wars novels including the same hashtags (and adding random hashtags to the quote),” Echeverria Guzman said. “All of their tweets are marked as coming from ‘Windows Phone,’ which means that they are likely to be controlled by the API instead of the Twitter site.

For reference, that source accounts for less than 0.1% of tweets normally.” The clincher, however, connecting the hundreds of thousands of bots to the same network comes in the geographic distribution of the host accounts.

Tweets were tagged with geographic locations which, when mapped, fall within neat rectangles plotted over North America and Europe.

The tweets are distributed within the rectangles, even in uninhabited areas.

The researchers describe the plotting in the paper: “These rectangles have sharp corners and straight borders that are parallel to the latitude and longitude lines. We conjectured that the figure shows two overlapping distributions. One is the distribution of tweets by real users, which is coincident with population distribution.

The other is the distribution of tweets with faked locations by Twitter bots, where the fake locations are randomly chosen in the two rectangles – perhaps as an effort to pretend that the tweets are created in the two continents where Twitter is most popular.” Echeverria Guzman said the split between the two rectangles is exactly 50 percent and the tweets are uniform throughout the rectangle. “All of this is almost impossible to have originated from normal users,” he said. The researchers point out previous work demonstrating how Twitter bots have been able to abuse Twitter’s streaming API.

Bots, the researchers said in their paper, are programmed to time tweets so that they are included in the streaming API as much as 82 percent of the time versus the expected 1 percent. “If and when these bots are activated, they can do all of the threats as listed above—but on a large scale with a sudden effect,” Zhou said. “For example it is known that the Streaming API is susceptible to tampering by bots.

The size of the Star Wars botnet is clearly enough to contaminate the Twitter API and the Twitter environment itself, particularly if focused on a single topic. “In other words, it is scary to know there are bad guys and see the terrible things that they have been doing; yet it is much more scary to know there are a lot of bad guys around, but we have no idea what they are up to.” The researchers said they hope others download and analyze the available data.

They’ve also created a Twitter account, @thatisabot, and website, where bots can be reported.

New Security Software Traps Ransomware in a Honey Pot

NEWS ANALYSIS: Ransomware is a significant problem for small and medium-size business.

But now there’s a new military-grade means of fighting back. You already know how ransomware works. Malware gets loaded on to a computer, and quietly encrypts everything of use. When it’s done, you see a message displayed on your screen demanding payment in Bitcoins, and you’re told that if you don’t pay up, you’ll never get your data back.For many companies, the only choice is to pay up, but that has two complications.

First, it costs you a lot of money.
Second, it labels you as being willing to pay the ransom, which means you can expect more ransomware attacks.However, successfully fighting off ransomware is tough. Ransomware varieties rapidly evolve and change almost daily.

The chances of your antivirus or your antimalware catching it aren’t very good.Since ransomware is spread through a variety of vectors, you can’t depend on some of the more traditional methods such as screening email or social network feeds to reliably bock attacks.

Even large companies with good security practices sometimes get stung by ransomware. But there is an anti-ransomware system for SMBs that was developed from an enterprise system that's already in place in the field.
It's called RansomFree, from security company Cybereason. Cybereason was organized by a group of former military intelligence officers using skills they acquired fighting the worst of bad guys.

This explains why they refer to their products as military-grade prevention.

The company uses techniques developed by the military to detect, deceive and kill ransomware.The company has been active in the enterprise security space for some time and its products have been widely adopted there.

But the software doesn’t lend itself to most SMB users because of the expense and the expertise required to use it.
So Cybereason’s developers created a version that small companies and individuals can implement and they are giving it away for free.Right now, RansomFree only works on Windows computers.

But once it’s installed, it does three things.

First it can detect the ransomware malware when it arrives on a computer if it has a signature it recognizes.

But because of ransomware families rapidly evolve, it also watches the activity of the ransomware looking for attempts to encrypt files.

Finally it deceives the ransomware into thinking its working, when in reality all that it’s doing is operating in a secure honey pot of a container.A honey pot is a simulated environment that looks normal to the malware, but which exists only as a place for the malware to execute, while the anti-ransomware software studies it. Once it’s done with that, the ransomware attack is stopped in its tracks and the malware is killed.