Daily Archives: January 7, 2020

#cybersecurity | #hackerspace | Tricky Phish Angles for Persistence, Not Passwords

Source: National Cyber Security – Produced By Gregory Evans

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.

Before delving into the details, it’s important to note two things. First, while the most recent versions of this stealthy phish targeted corporate users of Microsoft’s Office 365 service, the same approach could be leveraged to ensnare users of many other cloud providers. Second, this attack is not exactly new: In 2017, for instance, phishers used a similar technique to plunder accounts at Google’s Gmail service.

Still, this phishing tactic is worth highlighting because recent examples of it received relatively little press coverage. Also, the resulting compromise is quite persistent and sidesteps two-factor authentication, and thus it seems likely we will see this approach exploited more frequently in the future.

In early December, security experts at Phishlabs detailed a sophisticated phishing scheme targeting Office 365 users that used a malicious link which took people who clicked to an official Office 365 login page — login.microsoftonline.com. Anyone suspicious about the link would have seen nothing immediately amiss in their browser’s address bar, and could quite easily verify that the link indeed took them to Microsoft’s real login page:

This phishing link asks users to log in at Microsoft’s real Office 365 portal (login.microsoftonline.com).

Only by copying and pasting the link or by scrolling far to the right in the URL bar can we detect that something isn’t quite right:

https://securityboulevard.com/

Notice this section of the URL (obscured off-page and visible only by scrolling to the right quite a bit) attempts to grant a malicious app hosted at officesuited.com full access to read the victim’s email and files stored at Microsoft’s Office 365 service.

As we can see from the URL in the image directly above, the link tells Microsoft to forward the authorization token produced by a successful login to the domain officesuited[.]com. From there, the user will be presented with a prompt that says an app is requesting permissions to read your email, contacts, OneNote notebooks, access your files, read/write to your mailbox settings, sign you in, read your profile, and maintain access to that data.

https://securityboulevard.com/

Image: Phishlabs

According to Phishlabs, the app that generates this request was created using information apparently stolen from a legitimate organization. The domain hosting the malicious app pictured above — officemtr[.]com — is different from the one I saw in late December, but it was hosted at the same Internet address as officesuited[.]com and likely signed using the same legitimate company’s credentials.

Phishlabs says the attackers are exploiting a feature of Outlook known as “add-ins,” which are applications built by third-party developers that can be installed either from a file or URL from the Office store.

“By default, any user can apply add-ins to their outlook application,” wrote Phishlabs’ Michael Tyler. “Additionally, Microsoft allows Office 365 add-ins and apps to be installed via side loading without going through the Office Store, and thereby avoiding any review process.”

In an interview with KrebsOnSecurity, Tyler said he views this attack method more like malware than traditional phishing, which tries to trick someone into giving their password to the scammers.

“The difference here is instead of handing off credentials to someone, they are allowing an outside application to start interacting with their Office 365 environment directly,” he said.

Many readers at this point may be thinking that they would hesitate before approving such powerful permissions as those requested by this malicious application. But Tyler said this assumes the user somehow understands that there is a malicious third-party involved in the transaction.

“We can look at the reason phishing is still around, and it’s because people are making decisions they shouldn’t be making or shouldn’t be able to make,” he said. “Even employees who are trained on security are trained to make sure it’s a legitimate site before entering their credentials. Well, in this attack the site is legitimate, and at that point their guard is down. I look at this and think, would I be more likely to type my password into a box or more likely to click a button that says ‘okay’?”

The scary part about this attack is that once a user grants the malicious app permissions to read their files and emails, the attackers can maintain access to the account even after the user changes his password. What’s more, Tyler said the malicious app they tested was not visible as an add-in at the individual user level; only system administrators responsible for managing user accounts could see that the app had been approved.

Furthermore, even if an organization requires multi-factor authentication at sign-in, recall that this phish’s login process takes place on Microsoft’s own Web site. That means having two-factor enabled for an account would do nothing to prevent a malicious app that has already been approved by the user from accessing their emails or files.

Once given permission to access the user’s email and files, the app will retain that access until one of two things happen: Microsoft discovers and disables the malicious app, or an administrator on the victim user’s domain removes the program from the user’s account.

Expecting swift action from Microsoft might not be ideal: From my testing, Microsoft appears to have disabled the malicious app being served from officesuited[.]com sometime around Dec. 19 — roughly one week after it went live.

In a statement provided to KrebsOnSecurity, Microsoft Senior Director Jeff Jones said the company continues to monitor for potential new variations of this malicious activity and will take action to disable applications as they are identified.

“The technique described relies on a sophisticated phishing campaign that invites users to permit a malicious Azure Active Directory Application,” Jones said. “We’ve notified impacted customers and worked with them to help remediate their environments.”

Microsoft’s instructions for detecting and removing illicit consent grants in Office 365 are here. Microsoft says administrators can enable a setting that blocks users from installing third-party apps into Office 365, but it calls this a “drastic step” that “isn’t strongly recommended as it severely impairs your users’ ability to be productive with third-party applications.”

Phishlabs’ Tyler said he disagrees with Microsoft here, and encourages Office 365 administrators to block users from installing apps altogether — or at the very least restrict them to apps from the official Microsoft store.

Apart from that, he said, it’s important for Office 365 administrators to periodically look for suspicious apps installed on their Office 365 environment.

“If an organization were to fall prey to this, your traditional methods of eradicating things involve activating two-factor authentication, clearing the user’s sessions, and so on, but that won’t do anything here,” he said. “It’s important that response teams know about this tactic so they can look for problems. If you can’t or don’t want to do that, at least make sure you have security logging turned on so it’s generating an alert when people are introducing new software into your infrastructure.”

*** This is a Security Bloggers Network syndicated blog from Krebs on Security authored by BrianKrebs. Read the original post at: https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/

Source link

The post #cybersecurity | #hackerspace |<p> Tricky Phish Angles for Persistence, Not Passwords <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | Insurance Journal’s Top 10 Cyber Risk Stories of 2019

Source: National Cyber Security – Produced By Gregory Evans

Cyber risks were cited as the top concern among businesses of all sizes in 2019, according to a Travelers report released in October.

Of the 1,200 business leaders who participated in an insurer-sponsored survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%).

The Travelers Companies, which has been commissioning the Travelers Risk Index since 2014, said 2019 was the first year in its survey’s history that cyber has been the top concern among businesses of all sizes.

As concerns about cyber threats have grown, a higher percentage of businesses reported taking proactive measures to safeguard against cyber risks. The steps taken by respondents included purchasing a cyber insurance policy – 51% of survey participants reported purchasing cyber insurance, up from 39% in 2018.

However, a sizable number of businesses reported they had not implemented such preventive best practices. Tim Francis, enterprise cyber lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper insurance coverage.”

Hart Research conducted the national online survey of 1,200 business decision-makers for Travelers from July 8-19, 2019, and a report of the survey’s findings ranked among Insurance Journal’s top cyber risk news for 2019.

Check out Insurance Journal’s top 10 cyber risk stories for 2019 based on reader metrics below:

1. Iran Increases Cyber Attacks on U.S. Gov’t, Infrastructure: Cyber Security Firms

Readers were interested in an Associated Press report in June that Iran has increased its offensive cyber attacks against the U.S. government and critical infrastructure as tensions have grown between the two nations, according to cyber-security firms.

Hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including oil and gas, sending waves of spear-phishing emails, representatives of cyber-security companies CrowdStrike and FireEye, which regularly track such activity, told the AP.

The AP reported that tensions have escalated since the U.S. withdrew from the 2015 nuclear deal with Iran in 2018 and began a policy of “maximum pressure.” The National Security Agency would not address Iranian cyber actions specifically, but said in a statement to The Associated Press on June 21 that “there have been serious issues with malicious Iranian cyber actions in the past.”

“In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyber space and ensure appropriate defenses are in place,” the NSA said.

2. Norsk Hydro Cyber Attack Cost It Nearly $52M in First Quarter

Norsk Hydro said the March cyber attack that paralyzed its computer networks would cost the aluminum maker up to 450 million Norwegian crowns ($52 million) in the first quarter of 2019, Reuters reported in April.

The Oslo-based firm, one of the world’s largest producers of the light-weight metal, was forced to halt some production on March 19 and switch other units to manual operation after hackers blocked its systems.

The Norwegian National Security Authority, the state agency in charge of cyber security, said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware, which encrypts computer files and demands payment to unlock them, according to the Reuters report.

3. Capital One Breach Clouds Technology Strategy; Puts $400M Cyber Insurance in Play

After a hacker got into the cloud, siphoning off sensitive information for more than 100 million of Capital One’s customers, Bloomberg reported in August that the third-largest U.S. credit-card lender was thrust into the center of a massive data breach.

According to U.S. prosecutors, a hacker began tapping into a vast trove of information from Amazon.com Inc. servers the bank was using. The breach has called into question the lender’s strategy for reducing technology costs while taking advantage of the cloud’s rapid scalability and burgeoning array of applications, Bloomberg reported.

Capital One’s shares dropped as much as 7.9% after the breach, its biggest intraday decline in almost four years, the Bloomberg report added.

4. ‘Sextortion’ Is Emerging Cyber Risk for Businesses, Warns Beazley

Reports of a new form of online bribery where cyber criminals attempt to extort cryptocurrency by claiming to have potentially embarrassing evidence of people using adult websites on work computers topped Insurance Journal’s most popular cyber risk news of 2019.

According to a report issued by Beazley Breach Response (BBR) Services in February, so-called “sextortion” is adding to the tide of cyber-related incidents hitting businesses. The report explained that the crime begins with an email from someone claiming to have accessed the recipient’s work computer. The sender says they have tracked the addresses of pornographic websites the recipient has viewed and to have simultaneously recorded footage of their activity while watching these sites using their webcam.

There is no sign yet that the targets of sextortion are anything other than hoaxes targeting random individuals, and it often turns out that no data has been compromised, said Beazley in the report.

“Don’t panic, delete the email, and perform a thorough scan of your computer using a recognised anti-virus solution,” recommended Helen Nuttall, international breach response manager at Beazley. “If the email comes from your business email domain, alert your IT department, who should take steps to lock down the domain.”

5. CIA Says China, Russia Pose Biggest Cyber Attack Threats to U.S.

Russia and China pose the biggest espionage and cyber attack threats to the United States and are more aligned than they have been in decades, Reuters reported at the beginning of the year that the leader of the U.S. intelligence community told U.S. senators.

While the two countries seek to expand their global reach, Director of National Intelligence Dan Coats said, some American allies are pulling away from Washington in reaction to changing U.S. policies on security and trade, the Reuters report said.

“China, Russia, Iran, and North Korea increasingly use cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure,” Coats said.

6. FBI Warns on Rise in Sophisticated Cyber Crimes

In 2015, $220 million was lost to wire fraud in the United States. In 2019, losses were projected to surpass $1.5 billion, according to WFG National Title Insurance Co., the Associated Press reported in November.

The AP report stated that in the past, attempts to trick people were often clumsy, FBI agents told journalists in November. Now they can be sophisticated. If people are asked via email to transfer money under a deadline, they should not rush and instead call a known number of the person the email is purportedly from and confirm the request, the agents said.

“The emails have gotten well-crafted and quite detailed. They’re highly tailored to that particular victim,” said Gabriel Gundersen, an FBI supervisory special agent with the Oregon Cyber Task Force. “It’s a social engineering piece, where they’re coercing a victim to do something based on an artificial agenda or an artificial timeline.”

7. The Cost of Cyber Attacks to U.S. Economy

Malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016, the White House said in February.

The estimate comes in a Council of Economic Advisers report on the impact of cyber attacks on U.S. government and industry, as reported in Bloomberg. The report details the range of threats that U.S. entities face from actors, including corporations and countries such as Russia, China, Iran and North Korea.

“Cyber threats are ever-evolving and may come from sophisticated adversaries,” the CEA said in its report. “Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate.”

8. Financial, Reputational Costs of Cyber Attacks Can Ruin Small, Medium Firms: Chubb

The average price tag for a business to recover after a cyber attack is $400,000, which can be fatal for small-and-medium-sized enterprises (SMEs), according to a February report published by Chubb. This hefty cost of repairing the business and its reputation is exacerbated by the frequency of cyber attacks, which are reaching 4,000 per day since Jan. 1, 2016, said Chubb, quoting FBI statistics. Despite these statistics, many SMEs may not believe they are at risk, Chubb warned.

“Cyber attacks against SMEs often go unreported by the media, so these quite-frequent crimes tend to fly under the radar, and smaller companies may subsequently fail to understand the true extent of the risk,” said the report titled “Cyber Attack Inevitability: The Threat Small & Midsize Businesses Cannot Ignore.”

9. Businesses Believe Cyber Insurance Covers More Than It Does: Survey

Seven in 10 senior financial executives at the world’s largest companies believe their insurer would cover most or all of the losses their company would incur in a cyber attack. Many of the losses they foresee, however, are rarely covered by insurance.

In a study released in July of more than 100 chief financial officers (CFOs) and other senior financial executives, commissioned by commercial property insurer FM Global, 45 percent said they expected their insurer will cover “most” related losses from a cyber security event, and 26 percent said they expected their carrier will cover “all” related losses.

But, according to FM Global, most of the effects these financial executives expect to experience in a substantial cyber security event aren’t typically covered by insurance policies.

10. Cybersecurity Awareness Month: Time to Close the Cyber Coverage Gaps

As October of 2019 served as Cybersecurity Awareness Month, Insurance Journal reported it may be time for businesses – especially small- or mid-sized firms – to assess their understanding of current cyber risks and whether they’re adequately covered by a cyber insurance policy.

In fact, a Willis Towers Watson report on cyber insurance trends to watch in 2019 stated that mid-sized companies, which it defines as organizations with annual revenue of less than $1 billion, will continue to drive market growth in the cyber insurance space as they realize the threat and potential financial consequences of a cyber attack.

“Midsize companies can be prime targets for cyber attacks because they often lack the resources and protocols of larger firms to defend against them,” wrote Joe DePaul, National Cyber/E&O Practice leader for North America at Willis Towers Watson and author of the report. “For others, the menacing headlines alone are enough to drive them off the sideline and into the buying market.”

A new year is now underway and with it could come new cyber risks and trends, so be sure to check out Insurance Journal’s Research and Trends page for additional resources and information on all things cyber. Happy new year, and thanks for subscribing to Insuring Cyber.

Source link

The post #nationalcybersecuritymonth | Insurance Journal’s Top 10 Cyber Risk Stories of 2019 appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | Zeek is Like a Box of LEGO Bricks for Network Security [Q&A with Dr. Ali Hadi]

Source: National Cyber Security – Produced By Gregory Evans

By day, Dr. Ali Hadi is a professor that teaches cybersecurity courses as Champlain College in Burlington, Vermont. At night, he researches various aspects of cybersecurity. It was his research and conference presentations around network security and the Zeek framework that caught our attention. So, we reached out to him and asked him to participate in our guest Q&A series with thought leaders in cybersecurity – and he graciously agreed.

 

1) What attracted you to the field of cybersecurity and how did you get started?

 

AH: Let me answer in reverse order. What got me started was my first unofficial job when the Chernobyl Virus (aka CIH) hit many computers around the world. At that time, I was asked to help a local computer repair shop to do data-recovery for their clients. I saw how a small piece of software was able to do all that damage to computers, which was surprising and amazing to me at the same time. This led to my passion for cybersecurity!

 

So, I believe it is a passion more than attraction. It’s why I’m driven by the famous Sherlock Holmes quote: “Education never ends, Watson. It is a series of lessons, with the greatest for the last.” I still believe there are so many things that I need to learn.

 

2) You earned your Ph.D. in network security and have continued to research the area. In your assessment what are the top challenges in network security today?

 

AH: Yes, everything is lying within those bytes traveling from one device to another. I would say the challenges are divided into three categories:

 

  1. The sheer volume of data.

Imagine the amount of traffic you would collect from one device if we just captured it for a one-hour session, with a user doing normal activity (browsing the internet, sending emails, texting, etc.). Now, how much data would we be dealing with if collected it [from all users] on an enterprise, corporate, or government network? What if we look at the amount of data traveling through an ISP? It’s huge!

 

  1. Diversity of protocols being used.If we go back to when the internet started and ask ourselves “how many protocols were used at that time?”, we might be surprised that they were not so many. I do not have a number, but I’m definitely sure they are far less than what we have today. There are so many different protocols out there and who knows how they are being used.Also, think of the organizations that are developing their own custom protocols to satisfy their own needs. Your system will be dealing with this type of network traffic – and it really needs to know a lot in order to help you with answers.

 

  1. Encrypted traffic.

 

This [lack of visibility] is a challenge that exists everywhere, not just on the network layer, but even on computers or any other devices where encrypted data might be stored or used for transmission.

 

3) What recommendations do you have to network security teams for overcoming those challenges?

 

AH: There is no silver bullet, but I can say the best way to reduce the threat window, is to understand your environment as much as possible.

 

The problem is that it is more easily said than actually done. I do not mean just counting systems and what they are used for, the number of users, or the policies and controls applied – nor about information which could be found through inventories, monitoring devices and other systems – but about truly understanding what all of those things are doing on your network.

 

A simple example would be to find answers to questions such as: Based on your policy, why is userX on hostX with a connection to hostY using protocolX at timeX for durationX? More to that (not necessarily in this order):

  • Does our policy permit the activity between hostX and hostY?
  • Does our policy permit userX to access hostY?
  • Does our policy permit such a protocol between these two hosts?
  • Does our policy permit the time of communication?
  • Does our policy permit such a connection for that period or time?

 

We need to figure out if this type of activity is normal or abnormal. This is just one simple example within a complicated answer.

 

4) We’ve noticed you are fairly active in the Zeek community. For those network security professionals that aren’t familiar with Zeek, how would you describe what Zeek is and how it can benefit their organization?

 

AH: I would say, Zeek is like a box of LEGO® bricks, it comes with a manual to assemble the pieces into a specific object and then play with it. But the creators did not limit you to that object. It is up to the player to change what the final object looks like. There are so many options for which you can use those LEGO bricks – it is not limited to the manual that comes with it.

 

That manual is only to give you an idea of the things you can create, so imagination is your only limitation. You could use it in so many ways and create so many objects out of it. Therefore, “use the manual and you’ll get what comes out-of-the-box, use your imagination and the options become limitless!”.

 

Just to give an idea and share some examples. I’ve used Zeek like others for network security monitoring, network forensics, and research. But I’ve also used Zeek to build different systems where Zeek was a major component in those systems.

 

There are two examples that I can share: One was to use Zeek for part of a data leakage detection system, where Zeek was responsible for filtering, logging and extracting documents traveling outside the network. After that, those documents are sent to a system where the contents of the file would be examined and then flagged, based on whether there is data being leaked or not. The other example was using Zeek to build different statistics on all the domains and websites being visited on a client’s network.

 

You might be able to purchase similar tools that could help do both of these tasks, but they will cost you. In addition, those solutions might not be tailored to your current and future needs.

 

With Zeek, you can update those systems easily if, for example, we need to check different types of files as opposed to just documents. You can even do statistics on other types of communications not just domains and web-related traffic.

 

5) There’s a lot of chatter in the security community about the scarcity of talent. As a professor training the next generation of security professionals, what is your perspective on the issue? Is it real? If so, what can organizations do to attract (or develop) talent?

 

AH: Unfortunately, with the number of “things” using networks nowadays and the increasing number of cyberattacks, there is definitely a need for more talent.

 

Organizations should do two things:

 

  1. Support communities and schools teaching cybersecurity skills both financially and collaboratively. This will help enhance their programs and do more research, which all falls back to organizations getting better talent.
  2. Provide internships for students and entry-level jobs for graduates to learn in a true environment. Stop asking for “N-years” of experience; where will they gain that if you close your door and others do the same? They could be more beneficial to your organization if you got to see their mistakes and then trained them to overcome such mistakes.

 

6) Do you have any advice for aspiring cybersecurity professionals as they pursue their careers?

 

AH: Don’t be afraid of asking questions, doing experiments, failing, or not doing things correct the first time. Everyone out there that you believe is an expert, went through this cycle. No one came out of the box an expert and finally, no one knows everything.

 

7) Lightning round with fun questions! Please answer in just a word or phrase:

  • One security publication you read and recommend is…(AH) Reflections on Trusting Trust by Ken Thompson.
  • One security expert, you recommend following is…(AH) Adam: @Hexacorn
  • If a CISO just received 10% more budget, you would advise him or her to spend it on…(AH)
  • If you weren’t working in cybersecurity, you’d be…(AH) It’s funny, but to be honest, I would be a martial artist.

 

* * *

Thank you, Dr. Hadi, for entertaining this interview. Readers can find more from him, including research and publications, on his website. He’s also active on LinkedIn and Twitter.


If you enjoyed this post, you might also like:

Zeek IDS [formerly known as Bro] is One of the Most Powerful Cybersecurity Tools You’ve Never Heard Of

*** This is a Security Bloggers Network syndicated blog from Bricata authored by Bricata. Read the original post at: https://bricata.com/blog/zeek-network-security-hadi/

Source link

The post #cybersecurity | #hackerspace |<p> Zeek is Like a Box of LEGO Bricks for Network Security [Q&A with Dr. Ali Hadi] <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#hacking | Chinese hackers bypass two-factor authentication | Information Age

Source: National Cyber Security – Produced By Gregory Evans

A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report.

The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to the Chinese government that has been on the radar for nearly 10 years.

The report tracks the attacks of the group over the last two years and details the method behind them.

According to the researchers, the group typically targets web servers as the initial point of entry into a network, with a particular focus on enterprise application platform JBoss.

The hackers use vulnerabilities to gain access to the victim’s servers, and then install web shells to spread laterally through the internal systems.

The hackers then look for administrator accounts to gain further access.

Little has been known about the movements of APT20 since 2017, with the group able to stay under the radar thanks to the use of legitimate tools already installed on the hacked devices, rather than their own custom-built malware, the Fox-IT report said.

Most alarmingly, the report found that the hacking group has been able to bypass two-factor authentication, a common security precaution requiring users to enter a code sent to a separate device in order to access an account.

While two-factor authentication has been bypassed using a complicated phishing method, Fox-IT said that APT20 has done so using a new method that doesn’t require a user to be duped by a fake email.

While the researchers couldn’t be sure of the exact method used, they did provide a theory on how APT20 may have gained access to a VPN that was protected with two-factor authentication.

This could have been done by the hackers stealing an RSA SecurID software token, and then using this to generate the two-factor authentication codes.

This method isn’t supposed to be possible though, with the protection requiring access to a different physical device.

“As it turns out, the actor does not actually need to go through the trouble of obtaining the victim’s system specific value, because this specific value is only checked when importing the SecurID Token Seed and has no relation to the seed used to generate actual 2-factor tokens,” Fox-IT said in the report.

“This means the actor can actually simply patch the check which verifies if the imported soft token was generated for this system and does not need to bother with stealing the system specific value at all.

“In short, all the actor has to do to make use of the 2-factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.”

Two-factor authentication is seen as a pillar of online security, providing a way to double-check the identity of a user before allowing access. It is typically used across online banking, email, and social media.

The use of two-factor authentication is highly recommended by the Australian government and is included in the “essential eight” strategies by the Australian Cyber Security Centre to prevent malware delivery.

The Fox-IT report found that APT20 is likely operating under the instruction of the Chinese government.

“Fox-IT assesses with high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes,” it said.

It identified victims in 10 countries across a range of sectors, including aviation, healthcare, finance, insurance and energy.

Source link

The post #hacking | Chinese hackers bypass two-factor authentication | Information Age appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof