The 16th International Conference on

Applied Cryptography and Network

Security – ACNS 2018

Location: Leuven, Belgium

Date: July 2-4, 2018

https://www.basecybersecurity.com/cyber-

security-events-infosec-conferences-it-

security-trainings-europe-2018-

calendar/the-16th-international-conference-

on-applied-cryptography-and-network-

security/

ACNS is an annual conference focusing on current developments that attempt to advance the areas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works as well as developments in industrial and technical frontiers. The conference is organised by the Computer Security and Industrial Cryptography (COSIC) group at KU Leuven. eCrime & Artificial Intelligence Forum

Location: London, UK

Date: July 5, 2018

http://akjassociates.com/event/aiforum/

The e-Crime AI Forum will cover the key

subjects for its audience of professionals

tasked with safeguarding digital assets and

sensitive data. There will be real-life case

studies, strategic talks and technical break-

out sessions to help end-users understand

how these new technologies can be cost-

effectively deployed in real-life business

situations.

SteelCon

Location: London, UK

Date: July 7-8, 2018

https://www.basecybersecurity.com/cyber-

security-events-infosec-conferences-it-

security-trainings-europe-2018-

calendar/steelcon-2018/

SteelCon is a hacker conference organised

for anyone who is interested in how things

Enough memory?

If we talk about large archives in the past, surely the Library of Alessandria is representative of this domain, like the Google archive; the library was built around the III century BC during the reign of Tolomeo II. From what we know, in the library there was a team of grammarians and philologists with the task of annotating and correcting the texts of the various works. Of each work were then written critical editions also kept within the Library. It is estimated that the preserved parchment rolls were around 490,000. We are, therefore, talking about the largest and most extensive library in the ancient world and the main center of Hellenistic culture. Archive of great value but destroyed several times in the period 48 A.C and 642 D.C In this case, the deletion of data is due not to data leakage, but accidental events or piloted, such as the fire following the expedition of Julius Caesar in 48 BC, in which Seneca speaks of over 40,000 books went destroyed. Phenomena that have been repeated in history cancelling part of our analog memory. Today in the digital world we are faced with similar issues. The Internet Archive, a non-profit project, is already something similar at the Library of Alexandria. Here there are over 300 billion images from the network and cataloged. The founders of this project believe that the memory of the network is not resilient and that important pieces of our history may be lost. If we analyze some numbers, we realize that Big Data has reached a considerable dimension. Every minute on Snapchat, last year, 500,000 photos were sent, and the Google engine managed something like 3 million searches.

Twitter, the social network of 280 characters, generates 12 million petabytes every day. Knowing the capabilities that we have of producing memory is easy to calculate that, with these trends, storage areas may be scarce. I would say that already today, each of us has already abandoned the use of CD and DVD using the services in the cloud to store their data. Moreover, many users that were relying on CD had discovered that they were not able to recover their data and lost them. In this context, in addition to the problem of the production capacity of memory, in order to reach levels of availability compatible with the size of Big Data, there is also the theme of how to differentiate data. What should be stored and what can be considered rubbish, where to store, how to protect our memory and history. This is the responsibility on which we need to raise awareness toward organizations, governments in order to create a cultural heritage rather than an amnesia we might risk suffering in the near future. In the digital world, data can be erased with just one click, and viruses or computer attacks could eliminate entire parts of our history and knowledge. Today what remains of the codes of Leonardo da Vinci or the code of Hammurabi are preserved and consultable. The same should happen for the algorithms that are changing our dynamics, life and that are no longer carved in stone. Enjoy your reading Nicola Sotira General Manager GCSEC

events

editorial

2018 June

Mobile Financial Malware 2017: international threat report by Davide Fania – XTN

Protecting your digital assets against cyber attacks by Marco Essomba – iCyber-Security Group Poker and Security by Leron Zinatullin – author of The Psychology of Information Security.

The international threat report is intended to describe the typical behaviour of Android malware, in particular within a financial context. To

access the full document please scan the QRCode below.

Developers of mobile banking/payments malware are the first to use new technologies and are always looking for ways to bypass security mechanisms implemented in mobile operating systems.

The full report is composed of four sections as follows:

Section 1 describes the context of a mobile malware attack. A huge amount of mobile malware has been developed in the last years. This is caused by two factors. In the first place, the mobile app development context is technologically less mature, especially considering the security prospective. Secondly, users have less insight into the implications of their actions when they use a mobile device. A very meaningful quote that best describes this aspect in a few words, is:

“For those who target personal bank accounts, mobile malware is cheaper and safer to use than banking trojans.”

With the purpose of addressing the importance of mobile security, Figure 1 shows the ever-growing number of Mobile devices across the world, that in 2016, has even surpassed Desktops in terms of connections to the Internet. Enforcing security on mobile devices has never been so crucial: what we've seen so far is only the beginning.

Figure 1: Snapshot of worldwide Internet usage through October 2016 (source: StatCounter).

work, how things can be broken and how

they can be fixed. The organisers aim to

deliver something for everyone with a wide

range of talks, workshops, challenges and

good old fashioned social networking.

4th Global Summit and Expo on Multimedia & Artificial Intelligence

Location: Rome, Italy

Date: July 19-21, 2018

https://multimedia.global-summit.com/

4th Global Summit and Expo on Multimedia

& Artificial Intelligence is a leading

conference for international community of

academic experts, scholars and business

people in the field of Multimedia & Artificial

Intelligence Technologies.

Multimedia 2018 conference serves as a

multi-disciplinary gathering for the

discussion and exchange of information on

the research, development, and applications

on all topics related to Multimedia & AI.

Attackers Spy and Steal from Financial Firms

https://www.infosecurity-

magazine.com/news/attackers-spy-and-

steal-from/

In an attempt to steal sensitive data, cyber-criminals have been targeting financial firms by building hidden tunnels in order to break into networks. According to a report released today by Vectra, these attack behaviors are the same as those that led to the 2017 Equifax breach. According to a new report, 2018 Spotlight

Report on Financial Services, attackers are

able to gain remote access through the use of

command-and-control (C&C). In the data

analyzed, attackers had established nearly 30

web shells accessible from approximately 35

different public IP addresses, which allowed

them to exfiltrate data while going undetected.

Banks must use technology to stay

compliant and profitable

https://www.itproportal.com/features/banks-

must-use-technology-to-stay-compliant-

and-profitable/

Banking and financial services are undoubtedly among the most heavily regulated sectors to work in -and for good reason. Companies in these sectors frequently handle the data of millions of consumers, not to mention businesses and even governments. From the new Second Payment Services Directive (PSD2) and the even newer EU General Data Protection Regulation (GDPR), to the Financial Services and Markets Act 2000 (FSMA) and the Payment Card Industry Data Security Standard (PCI DSS) there are many rules…

Mobile Financial Malware 2017: international threat report by Davide Fania – XTN

in this issue

news

Section 2 describes how attackers inject malicious applications or

code in users’ devices. The typical goal of attackers is obtaining payment credentials, that could be used later on to commit fraud, or accessing private user data.

Summarizing, a mobile attack consists of three main phases: injection, backdoor installation, data exfiltration.

o The malware injection phase aims at bringing a

malicious application or piece of code to the execution

environment in which the attack will be performed.

o The backdoor installation phase aims at opening a

unidirectional or bidirectional connection towards a backend

owned by the attacker. Its purpose is to set up a persistent

communication channel between the infected device and the

malicious agent.

o The exfiltration phase purpose is to access sensitive

information and forward them through the communication

channel established in the previous phase.

“Attackers typically aim at compromising confidential user

information with the purpose of executing final attacks on

other channels.

In order to access private user data, an attacker exploits

users' trust in known sources and users’ risk misperception in

performing sensitive actions on mobile devices”.

This approach is used in the injection phase, for example by means

of trojans and/or in the data exfiltration phase. Figure 2 shows an

example of a bankbot malware sample, Jewel Star Classic

distributed through the Google PlayStore. This trojan, created by

injecting a malicious payload in a legitimate code, aimed at spoofing

the identity of Jewels Star, a quite famous game, according to

statistics, with 50 to 100 thousand of legitimate installations. This

way, attackers were able to induce users at downloading and

installing it. At this point, the injection phase is completed.

Figure 2: The malicious version of Jewel Star in the PlayStore.

Section 3 describes how financial malware typically works and

provides an overview of the current malware landscape. An extensive analysis of a relevant amount of financial malware samples identifies the six typical behaviours of malware, the malware families and their geographical distribution. Financial cybercriminals are always looking for new ways to exploit users and extract money from them. In these last years, a huge amount of financial malware has been developed which has led to a variety of malware families. However, the most widespread trends are gaining

Threat modeling: What’s all the buzz about? https://www.helpnetsecurity.com/2018/06/21/threat-modeling/ Keen observers will have noted an uptick in activity around threat modeling within the information security community recently with new tools being released and strategies and methodologies being discussed on social media; culminating in a week-long threat modeling track at the Open Security Summit (formally OWASP Summit). What is threat modeling? In order to answer this question I will refer to the recently updated OWASP application threat modeling page: Threat modelling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. WannaCry is back! (Psych. It's just phisher folk doing what they do) https://www.theregister.co.uk/2018/06/21/wannacry_is_back_except_its_not/ An unusually large wave of phishing emails was spewed out this morning, with recipients warned that all their devices had been infected by WannaCry. Action Fraud UK has said it has already received over 200 reports of the phishy email this morning, while beleaguered IT support contractors – seemingly mostly based in the UK – were asking users to delete, refrain from clicking links and carry on with their lives. Still others were, um, urging clients to install extra security software... Teen phone monitoring app leaked thousands of user passwords

https://www.difesaesicurezza.com/en/cyber-en/here-it-is-zacinlo-a-malware-that-is-operating-in-stealth-since-6-years/

There is a malware on Windows 10 that

operated for 6 years covertly. It’s dubbed

Zacinlo and it has been discovered by

Bitdefender cyber security experts. This rare

strain of malware typically operates by

silently rendering webpages in the

background in hidden windows to simulate

clicks and keyboard interactions, or can

replace ads naturally loaded in an open web

browser with its own ads to collect revenue.

The malicious code is armed with a

sophisticated array of features to ensure it

remains undetected, featuring an adware

cleanup routine to remove any potential

rivals.

It can also uninstall or delete services based

on instructions it receives from the command

and control infrastructure, to which it

routinely sends information about its

environment, including what form of anti-

malware services may be installed, and

which applications are running on startup.

administration privileges and tricking users through overlays. A very representative family that is showing such behaviour and is currently attacking a variety of organizations is Red Alert24.

In addition to its behaviour, another interesting part is the overlay attack mechanism which differs from older families both in terms of implementation and in targets management. In fact, targets are stored onto the attacker's server and are not sent back to the mobile malware, making the life of an analyst much harder. Cybercriminals are constantly looking for ways to bypass Android’s new protection mechanisms, often using basic, but valid techniques.

Section 4 describes the solution against the ever-growing threat of financial malware,that is a behavioural-based detection mechanism named malware engine. Conventional antivirus programmes that are available in the market often still base their detection on signatures, even if these are more punctual in detection, this type of approach presents many drawbacks and is generally unable to detect unknown malware. In the mobile context, which is drastically dynamic, this is a huge problem.

To verify if a new file is malicious can be complex and time consuming. In many cases the malware has already evolved by then. The delay in identifying new forms of malware makes corporations and consumers vulnerable to serious damage. For this reason, our engine based on behavioural analysis involves machine learning mechanisms and advanced algorithms, modelled and implemented as a result of long-term business intelligence tasks.

The advantages for analysts using this kind of solution can be explained with the following quote:

“Malware detection is only the first step. It provides information about the related family along with the detected

behaviours, allows an analyst to understand the possible impacts on a final client and then trigger the most suitable

mitigation”.

Scan to access the full document or click here

3,000+ mobile apps leaking data from unsecured Firebase databases https://www.helpnetsecurity.com/2018/06/20/unsecured-firebase-databases/

Appthority security researchers discovered the HospitalGown vulnerability in 2017 which leads to data exposures, not due to any code in the app, but to the app developers’ failure to properly secure backend data stores (hence the name). The new Firebase variant exposes large amounts of mobile app-related data stored in unsecured Firebase databases. Exposed data from includes personally identifiable information (PII), private health information (PHI), plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and registration numbers, and more data leaking from vulnerable apps. Modern Cybersecurity Demands a Different Corporate Minds https://www.darkreading.com/vulnerabilities---threats/modern-cybersecurity-demands-a-different-corporate-mindset-/a/d-id/1332013?utm_content=bufferce9b6&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Today, all organizations are digital by default. However, it has never been more difficult for organizations to map the digital environment in which they operate, or their interactions with it. Every organization's technology infrastructure is both custom-made and increasingly complex, spanning networks that consist of tools and technologies that may be on-premises or in the cloud — or, quite commonly, a combination of both. Yet there is no reward without risk. Digital business inherently means utilizing new technology, connecting devices and operating platforms, embracing different ways of working, building large-scale data silos, and so on. The convergence of Internet of Things networks with what were once separate and self-contained — and therefore more manageable — systems represents a fundamental change. Will blockchain power the next generation of data security? https://www.helpnetsecurity.com/2018/06/18/blockchain-next-generation-data-security/ Cryptomania is dominating conversations from Silicon Valley to Wall Street. But ‘cryptocurrency’ is only one implementation of the underlying technology innovation that has the ability to transform the way future technology products are designed and built. Of course, that technology is blockchain, the decentralized digital ledger that makes Bitcoin and other cryptocurrencies possible.

You have been hacked! Those are four words that no organization wants to hear - ever. The reality is that all organisations are vulnerable to cyber criminals activities. According to a recent article by Kelly Sheridan (Dark Reading), the Cybercrime Economy Generates $1.5 Trillion a Year!T hat’s a mind blowing figure. In this article, I share some thoughts as to why the current mechanisms of fighting back against cyber attacks are not working. Read on. Cybercrime pays There are many reasons why cyber criminals appear to be winning the fight and reaping the rewards. For one, it is clear that cybercrime pays and most of those criminal organisations now run like legitimate businesses with organized operations, strategies, support, and profits reinvested into research and development efforts. Those criminal organisations are not much different to security software vendors that are continuously looking for issues and provide updates to patch vulnerabil ities and security flaws. It’s an always on race.

Lack of a fully integrated security ecosystem Cybersecurity Ventures listed 500 of the world’s hottest and most innovative cybersecurity companies to watch in 2017. From Adaptive Security Platforms, Email Security products, to Anti-Virus & Malware Protection, the list is huge. Which one should you use and for what purpose? Will your chosen product integrate well with other security vendors? How do those products compare? There are a lot of considerations that

each organisation have to take into account. From the total cost of ownership of the product, ease of use, quality of service, support, etc. In any case, 500 security vendors is a huge menu to select from. Network & Security Managers have the challenging task of assessing multiple vendors and selecting the product and services that match their organisation’s needs. Not an easy task in a very crowded and noisy cyber security market place. Security analysts have been predicting for a while that the entire cyber security industry is ripe for consolidation. The same thing happened in other sectors like manufacturing, systems management, enterprise applications, and telecommunications. So it makes sense that the cyber security industry will go through the sa me process. More integration, more consolidation, less security vendors Fundamentally, software will continue to have vulnerabilities that can be exploited by malicious attackers for their own gains. As software developers get more adept at secure coding, it is expected that vulnerabilities will steadily diminish but cannot be avoided altogether. Machines are very good at boring and repetitive tasks but lack context and insights. Humans are very good at contextualising and finding solutions in creative ways but lack the repetitive stamina to conduct boring tasks consistently. As machines carry more and more automated security analysis to look for vulnerabilities in various systems, both humans and machines must work together. Fully Integrated & Coordinated Cyber Defence Infrastructure Organisations will need to find better ways to integrate their entire cyber security infrastructure and ecosystem in order to respond better and faster to cyber attacks. Like criminal organisations, companies that are serious about cyber security will have to use a defence-in-depth strategies that include a fully integrated security infrastructure that is working as one effective defence system. They should combine traditional network defence mechanisms such as firewalls, intrusion detection systems, endpoint protection, web application firewalls, etc. with external threat intelligence methods, and adaptive threats response, in order to stay one step ahead of cyber criminals Conclusion The cyber security industry is ripe for consolidation. Too many security vendors. Too many products. What is required is a fully integrated approach to cyber security, where humans and machines work as one, in an self -automated and coordinated manner in order to fight back effectively against the relentless and ever growing cyber threats.

Protecting your digital assets against cyber attacks by Marco Essomba

Good poker players are known to perform well under pressure. They play their cards based on rigorous probability analysis and impact assessment. Sounds very much like the sort of skills a security professional might benefit from when managing information security risks. What can security professionals learn from a game of cards? It turns out, quite a bit. Skilled poker players are very good at making educated guesses about opponents’ cards and predicting their next moves. Security professionals are also required to be on the forefront of emerging threats and discovered vulnerabilities to see what the attackers’ next move might be. At the beginning of a traditional Texas hold’em poker match, players are only dealt two cards (a hand). Based on this limited information, they have to try to evaluate the odds of winning and act accordingly. Players can either decide to stay in the game – in this case they have to pay a fee which contributes to the overall pot – or give up (fold). Security professionals also usually make decisions under a high degree of uncertainty. There are many ways they can treat risk: they can mitigate it by implementing necessary controls, avoid, transfer or accept it. Costs of such decisions vary as well. Not all cards, however, are worth playing. Similarly, not all security countermeasures should be implemented. Sometimes it is more effective to fold your cards and accept the risk rather than pay for an expensive control. When the odds are right a security professional can start a project to implement a security change to increase the security posture of a company. When the game progresses and the first round of betting is over, the players are presented with a new piece of information. The poker term flop is used for the three additional cards that the dealer places on the table. These cards can be used to create a winning combination with each player’s hand. When the cards are revealed, the player has the opportunity to re-assess the situation and make a decision. This is exactly the way in which the changing market conditions or business requirements provide an instant to re-evaluate the business case for implementing a security countermeasure.

There is nothing wrong with terminating a security project. If a poker player had a strong hand in the beginning, but the flop shows that there is no point in continuing, it means that conditions have changed. Maybe engaging key stakeholders revealed that a certain risk is not that critical and the implementation costs might be too high. Feel free to pass. It is much better to cancel a security project rather than end up with a solution that is ineffective and costly. H owever, if poker players are sure that they are right, they have to be ready to defend their hand. In terms of security, it might mean

convincing the board of the importance of the countermeasure based on the rigorous cost-benefit analysis. Security professionals can still lose the game and the company might get breached, but at least they did everything in their power to proactively mitigate that. It doesn’t matter if poker players win or lose a particular hand as long as they make sound decisions that bring desired long-term results. Even the best poker player can’t win every hand. Similarly, security professionals can’t mitigate every security risk and implement all the possible countermeasures. To stay in the game, it is important to develop and follow a security strategy that will help to protect against ever-evolving threats in a cost-effective way.

Poker and Security by Leron Zinatullin

GCSEC - Global Cyber Security Center Viale Europa, 175 - 00144 Rome - Italy

http://www.gcsec.org