Home Tags Hong Kong

Tag: Hong Kong

Honeypots and the Internet of Things

According to Gartner, there are currently over 6 billion IoT devices on the planet. Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cybercriminals. As of May 2017, Kaspersky Lab’s collections included several thousand different malware samples for IoT devices, about half of which were detected in 2017.

Kim Dotcom can’t get back millions worth of assets US seized,...

Because Dotcom is a fugitive, he canrsquo;t challenge asset forfeiture, feds say.

What Interests Children Online

As part of this report, we analyze the collected data in our quest for the answer to the question of what interests the current generation of children online.

DDOS attacks in Q1 2017

Although the first quarter of 2017 was rather quiet compared to the previous reporting period, there were a few interesting developments.

Despite the growing popularity of IoT botnets, Windows-based bots accounted for 59.81% of all attacks. Meanwhile, complex attacks that can only be repelled with sophisticated protection mechanisms are becoming more frequent.

How many NSA spy hubs are scooping up your Internet data?...

Not that knowing NSA's sigint locations will actually help you much...

Prysmian scores another world record in Telecom Networks

Highest capacity underwater optical cable deployed in Hong Kong to provide new data centre broadband connectionMilan, March 15, 2017 - Prysmian Group, world leader in the energy and telecom cable systems industry, scores another world record after deli...

In-the-wild exploits ramp up against high-impact sites using Apache Struts

Hackers are still exploiting the bug to install malware on high-impact sites.

The fastest man in electric racing talks cars, tracks, and the...

We interview DS Virgin Racing's Sam Bird ahead of this weekend's race in Argentina.

Hong Kong Securities Firms Warned Of Cyberattacks

Hong Kong's Securities and Futures Commission announces DDoS attacks on brokers and warns firms of future threats.

China announces mass shutdown of VPNs that bypass Great Firewall

Ryan McLaughlinreader comments 53 Share this story China’s Ministry of Industry and Information Technology yesterday announced a major crackdown on VPN (virtual private network) services that encrypt Internet traffic and let residents access websites blocked by the country's so-called Great Firewall. The ministry "said that all special cable and VPN services on the mainland needed to obtain prior government approval—a move making most VPN service providers in the country of 730 million Internet users illegal," reported the South China Morning Post, a major newspaper in Hong Kong. China's announcement said the country's Internet service market "has signs of disordered development that requires urgent regulation and governance" and that the crackdown is needed to “strengthen cyberspace information security management," according to the Post. The government said its crackdown would begin immediately and run until March 31, 2018. Numerous Internet users in China rely on VPNs to access sites blocked or censored by the government's Great Firewall, such as Google, YouTube, Facebook, Twitter, Tumblr, Dropbox, The Pirate Bay, The New York Times, The Wall Street Journal, and many others. Apple recently pulled New York Times apps from its Chinese App Store to comply with Chinese regulations. China's tightening of its already strict Internet censorship may be preparation for this autumn's 19th National Congress of the Communist Party of China, at which new party leadership will be elected. Besides the VPN crackdown, China on Saturday shut down "two websites run by a liberal Chinese think tank" and 15 other websites, the Post reported.

Threat Attribution: Misunderstood & Abused

Despite its many pitfalls, threat attribution remains an important part of any incident response plan. Here's why. Threat attribution is the process of identifying actors behind an attack, their sponsors, and their motivations.
It typically involves forensic analysis to find evidence, also known as indicators of compromise (IOCs), and derive intelligence from them. Obviously, a lack of evidence or too little of it will make attribution much more difficult, even speculative.

But the opposite is just as true, and one should not assume that an abundance of IOCs will translate into an easy path to attribution. Let’s take a simple fictional example to illustrate: François is the chief information security officer (CISO) at a large US electric company that has just suffered a breach.

François’ IT department has found a malicious rootkit on a server which, after careful examination, shows that it was compiled on a system that supported pinyin characters. In addition, the intrusion detection system (IDS) logs show that the attacker may have been using an IP address located in China to exfiltrate data.

The egress communications show connections to a server in Hong Kong that took place over a weekend with several archives containing blueprints for a new billion-dollar project getting leaked. The logical conclusion might be that François’ company was compromised by Chinese hackers stealing industrial secrets.

After all, strong evidence points in that direction and the motives make perfect sense, given many documented precedents. This is one of the issues with attribution in that evidence can be crafted in such a way that it points to a likely attacker, in order to hide the real perpetrator’s identity.

To continue with our example, the attacker was in fact another US company and direct competitor.

The rootkit was bought on an underground forum and the server used to exfiltrate data was vulnerable to a SQL injection, and had been taken over by the actual threat actor as a relay point. Another common problem leading to erroneous attribution is when the wrong IOCs have been collected or when they come with little context. How can leaders make a sound decision with flawed or limited information? Failing to properly attribute a threat to the right adversary can have moderate to more serious consequences.

Chasing down the wrong perpetrator can result in wasted resources, not to mention being blinded to the more pressing danger. But threat attribution is also a geopolitical tool where flawed IOCs can come in handy to make assumptions and have an acceptable motive to apply economic sanctions.

Alternatively, it can also be convenient to refute strong IOCs and a clear threat actor under the pretext that attribution is a useless exercise. Despite its numerous pitfalls, threat attribution remains an important part of any incident response plan.

The famous “know your enemy” quote from the ancient Chinese general Sun Tzu, is often cited when it comes to computer security to illustrate that defending against the unknown can be challenging.
IOCs can help us bridge that gap by telling us if attackers are simply opportunistic or are the ones you did not expect. More Insights

U.S. Charges Three Chinese Hackers With Profiting From Stolen M&A Info

Three Chinese men were charged by federal prosecutors with hacking the networks of major merger and acquisition firms for information, which they used to make profitable stock trades. U.S. federal prosecutors charged three Chinese nationals with hacking the networks of U.S.-based international law firms and using information from those firms to conduct insider trading, making more than $4 million from the scheme, according to a statement by the U.S.

Attorney’s Office.The three men targeted at least seven firms which advised companies involved in acquiring, or being acquired by, other companies, according to a statement released by Preet Bharara, the U.S.

Attorney for the Southern District of New York.After successfully compromising two law firms, the group then allegedly bought shares in companies that were about to be acquired or which planned to acquire the other firms.

They then sold the shares after the M&A deals were announced.“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals,” he said in the statement. The FBI and the U.S.

Attorney’s office worked with the Securities and Exchange Commission, the Office of International Affairs and Hong Kong law enforcement to investigate the group. One of the accused, Iat Hong, a resident of Macau, was arrested by local authorities on Dec. 25 and is awaiting extradition proceedings. The attacks, which occurred in 2014 and 2015, targeted the email accounts and data of law-firm partners, aiming to gain sensitive information about the acquisitions.In one case, the group allegedly compromised a law firm that was advising a company contemplating purchasing Intermune, a U.S.-based drug maker.

After stealing 40 gigabytes of data from the law firm, the three men began purchasing Intermune shares.

After the company announced it would be purchased by Roche AG on Aug. 25, 2014, the men sold the 18,000 shares for a profit of $380,000, according to the U.S.

Attorney’s statement.In a similar attack, the men also allegedly learned of Intel’s intent to acquire Altera, making a profit of $1.4 million on the resulting stock transaction.

The trio also made $841,000 after learning that Pitney Bowes intended to buy BorderFree, an e-commerce company.The attackers took similar measures in two other transactions, prosecutors claim.
In addition, they targeted at least five other law firms and two robotics companies—in the latter case, stealing confidential and proprietary information.The two other accused men, Chin Hung and Bo Zheng, are residents of Macau and Changsha, China, respectively.