Latest Posts:
TheTechAgents
Tag

service

Browsing
Internet

US Marshals Service breached by ransomware attack By Techagents

Despite a decline in ransomware attacks since last year, the US Marshals Service revealed on Monday that it suffered a “major” breach of its computer network on February 17 that involved a ransomware component.

Several recent cyber security reports suggest that ransomware is becoming less profitable for cyber criminals as more victims refuse to pay their attackers. But the wave of ongoing hack attacks continues to target businesses and government organizations.

US Marshals Service spokesman Drew Wade said in comments to news outlets on Monday, February 27, that the agency received a ransomware demand and a data exfiltration incident that affected the agency’s stand-alone computer system.

According to Wade, the attack affected information related to sensitive law enforcement details, returns from legal processes, and administrative information. However, the ransomware failed to affect the Witness Protection program as the service disconnected the computer from the network.

The attack also obtained personally identifiable information relating to the subjects of the USMS investigation, third parties, and some USMS employees. The breach touched records about the target of an ongoing investigation, employee personal data and internal processes.

“The data exfiltration attack against the US Marshals Service serves as a sobering reminder of the far-reaching and devastating effects that cyberattacks can have on our most important institutions,” said Dmitry Nemirovsky, co-founder and COO of decentralized encryption key management firm Atacama. Can.” told TechNewsWorld.

“The theft of US Marshals confidential data could compromise ongoing investigations, put the lives of law enforcement officers at risk and undermine public confidence in our justice system,” he added.

engage damage control

The Marshall Service, a federal agency responsible for tracking and apprehending fugitives wanted by law enforcement, is also part of the US Department of Justice. In addition to its work with fugitives, the service provides security at federal courthouses across the country, among other duties.

Government officials have not yet identified the possible culprits in the cyberattack. But Marshall’s service personnel have reportedly devised a solution for keeping up with their internal activities and pursuit of fugitives.

The US Marshals breach announcement comes a week after the FBI said it had “contained” a security incident on its network. This is the latest successful intrusion into government records amid ongoing hacking attempts at various levels of government and public institutions over the past several months.


For example, the DOJ infiltrated and disrupted the Hive ransomware cluster in late January. According to news accounts, the group targeted more than 1,500 victims in more than 80 countries, extorting hundreds of millions of dollars in ransom payments.

“We must be vigilant in our efforts to defend against these attacks and protect sensitive information to prevent it from being exposed,” Nemirovsky offered. “Implementing proactive, comprehensive data protection measures to protect all confidential, sensitive and personally identifiable information should not be an afterthought.”

target unclear

US government officials have been tight-lipped on the details of the cyber breach dynamics. Aside from confirming that a ransomware component is involved, insiders have not said whether the service has received threats to reveal the breached information or demands for payment. It is also unknown at this point whether the attack involved encrypting files on the servers.

“In today’s digital age, protecting sensitive files at the micro level is not just an option; This is a necessity, ”said Nemirovsky.

Informally, some cyber security workers suggested that ransomware threats are sometimes included as a ploy to disguise other attack objectives. How the attackers managed to circumvent network security measures added to the list of unanswered questions.

need higher scrutiny

While we don’t yet know whether these threat actors were able to evade the US Marshals Service, the ramifications could be significant, warned Darren Guccione, CEO and co-founder of Keeper Security.

Guccione told TechNewsWorld, “Based on the information we have, the stolen information has the potential to compromise ongoing investigations including witnesses and informants, put USMS employees at risk, and disrupt time-sensitive operations.” does.”

Another important effect, he said, is the effect on public trust and confidence in the US Marshals Service.

lesson may not be learned

According to Brian Cunningham, advisory council member at Theon Technology, this very serious breach clearly demonstrates again that even the most vigilant organizations are not immune from ransomware and other sophisticated attacks.


“As a victim of the Chinese hack of US OPM security clearance files, it appears our government – ​​or at least the USMS – has clearly not learned from its prior mistakes. It appears that this data may not even be encrypted, he told TechNewsWorld.

Cunningham is certain that the story will only get worse as the investigation into the incident progresses. He suggested that almost all data-exfill/ransomware attacks are the result of poor training and security awareness, which is particularly disappointing in US law enforcement agencies.

That said, this is not surprising as humans are fallible, and attacks are becoming ever more sophisticated. This reinforces the imperative of developing quantum-resistant encryption and better security awareness training and enforcement. Someone here is accountable. Need to stay.

Read More
By
Internet

New AI-powered service turns portraits into talking heads By Techagents

A new service powered by artificial intelligence that can turn portraits into talking heads was announced by D-ID on Monday.

Called Creative Reality Studio, the self-service application can convert a facial image into video, complete with speech.

The service is aimed at professional content creators – learning and development units, human resources departments, marketers, advertisers and sales teams – but anyone can try out the technique on the D-ID website.

Creative Reality Studio
Video by John P. Mello Jr.

The platform reduces the cost and hassle of creating corporate video content and provides an unlimited variety of presenters – versus limited avatars – that include users’ own photos or any images that the company has the right to use, according to the company. Gained notoriety when its technology was used in an app called Deep Nostalgia. The software was introduced as a way to animate old pictures.

The company said the technology enables customers and users to choose a presenter’s identity, including their ethnicity, gender, age and even their language, accent and tone. “It provides greater representation and diversity, creating a stronger sense of inclusion and belonging, which drives further engagement and interaction with the businesses that use it,” it said in a news release.

Matthew Kershaw, D-ID Marketing Vice President, told TechNewsWorld, “The use cases include empowering professional content creators to seamlessly integrate video into the digital space and presentations with specialized PowerPoint plug-ins, the use of customized corporate video narrators.” Generating more engaging content.

impressive services

The quality of these services is impressive, and continues to get better, maintained Daniel Castro, vice president of the Information Technology and Innovation Foundation, a research and public policy organization in Washington DC.

“The service isn’t at a level where it’s completely replacing a presenter, but there’s no reason not to expect it to be there relatively soon,” he told TechNewsWorld.

D-ID explained that the use of video by businesses has increased dramatically and more of them are integrating it into their training, communication and marketing strategies.

Accelerating this trend, it continued, are the rapidly evolving worlds of avatars and the metaverse, both of which demand a more creative, immersive and interactive content approach from digital creators. Production budgeting, however, can be prohibitively expensive and requires significant allocation of time and talent.

“The service is an evolution of the avatars and emoji people use today, but can be used in lengthy discussions or presentations,” said Ross Rubin, principal analyst at Reticle Research, a consumer technology consulting firm in New York City.

“The idea is to save time, especially if you were going to read a script,” he told TechNewsWorld. “It can be more engaging to an audience than simply watching audio or slides.”

democratizing AI

D-ID CEO and co-founder Gil Perry noted in a news release that the company’s technology, which is limited to the enterprise, has been used to create 100 million videos.

“Now that we are offering our self-service Creative Reality platform, the potential is enormous,” he continued. “It enables both large enterprises, small companies and freelancers to create personalized videos for multiple purposes on a large scale.”

Kershaw said D-ID’s technology will further democratize creativity. “I say ‘forward’ because technology has really been democratizing the arts for decades,” he said.

“From the installation of synthesizers, samplers and sequencers in music to Photoshop and Illustrator in photography and illustration, and premiere and desktop editing in film production and motion graphics, the ability to create high-quality productions outside of specialist high-end studios It’s been happening since the 1980s,” he said. “This is the latest episode of that long-running series.”

“This is certainly a step forward towards democratizing AI,” agreed Aviva Litton, a security and privacy analyst at Gartner. “It has great use cases in education, healthcare and retail,” she told TechNewsWorld. “It’s a better way to communicate with people. We’re becoming a more visual society. Nobody has time to read anything.”

deepfake concerns

With growing concern over the use of “deepfakes” to spread misinformation and take social engineering to new heights, there is always the potential for misuse of new synthetic media solutions such as D-ID.

“As with any technology, it can be used for the ill by our bad actors, but our platform is aimed at legitimate businesses that would have no interest in that kind of use,” Kershaw said.

“Plus,” he continued, “we’re not deepfakes. We don’t put someone else’s face on someone else’s body, and we’re not trying to tell anyone something they didn’t say.”

“Within D-ID’s platform, we have put in place a number of security measures to ensure that our technology is not used in this manner,” he said. “We do not repeat the voices of celebrities or those without permission from any person.”

The company also filters abusive and racist comments, and prohibits the platform from being used to make political videos.

“D-ID is putting railings on their platforms, but we all know that railings are never perfect,” Litton said.

“It is a good tool to spread misinformation because these social media sites are not ready for deepfakes,” she said. “Even if social media sites are good at detecting deepfakes, they will never be enough. It’s like spam. Spam always gets through. It will happen too, but the consequences There will be worse.”

need for origin

Detecting deepfakes is a losing proposition in the long run, Litton said. Even today, detection algorithms typically cannot detect more than 70% of deep fakes.

He added that determined adversaries will keep pace with deepfake detection using generative adversarial networks so that the detection rate is eventually reduced to 50%.

She predicts that in 2023, 20% of successful account takeover attacks will use deepfakes to turn over sensitive data to socially engineered users or transfer funds to criminal accounts.

“Many safeguards need to be implemented industry-wide, which is why we are also working with industry bodies and regulators to implement legal safeguards that will make the industry more secure and reliable in general ,” said Kershaw. “We think that having an industry-wide system for watermarking content invisibly through the use of steganography, in particular, would get rid of almost all potential issues.”

“You will be able to see a section of media and click a button to see where it came from and what’s in it,” he said. “Transparency is the solution.”

“There are many ways to deal with counterfeiting, but the most important is to know the origin and authenticity of the media,” Castro said.

Read More
By
Internet

EvilProxy phishing service is a threat to the security of MFA accounts By Techagents

A new phishing-as-a-service offering on the dark web poses a threat to online accounts protected by multi-factor authentication, according to a blog posted Monday by an endpoint security company.

Called EvilProxy, the service allows threat actors to launch phishing campaigns, with the ability to largely bypass MFAs without the need to hack upstream services, the Resecurity researchers noted in the blog. .

The service uses methods supported by APT and cyber espionage groups to compromise accounts protected by MFA. According to the researchers, such attacks have been discovered against Google and Microsoft customers whose accounts have MFA enabled via SMS text messages or application tokens.

Phishing links produced by EvilProxy lead to cloned web pages that have been compromised by accounts associated with multiple services, including Apple iCloud, Facebook, GoDaddy, GitHub, Dropbox, Instagram, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex. has been prepared to do.

Threat actors using EvilProxy to gain access to their repositories are targeting software developers and IT engineers with the ultimate goal of hacking “downstream” targets, the researchers wrote.

He explained that these tactics allow cybercriminals to capitalize on end users who believe they are downloading software packages from secure resources and do not expect them to be compromised.

faster, faster, better

“This incident poses a threat to software supply chains because it targets developers by giving the service’s cybercriminal customers the ability to launch campaigns against GitHub, PyPI and NPM,” said Avid Gershon, leader of the security research team at Checkmarks. Said, an application security company, in Tel Aviv, Israel.

“Just two weeks ago,” he told TechNewsWorld, “we saw the first phishing attack against PyPI contributors, and now we see the service take it a few steps further by making these attacks accessible to less tech operators and adding capability. To bypass the MFA.”

Checkmarx’s head of supply chain security Tzachi Zorenstein said the nature of supply chain attacks increases the reach and impact of cyber attacks.

“Abusing the open-source ecosystem represents an easy way for attackers to increase the effectiveness of their attacks,” he told TechNewsWorld. “We believe this is the beginning of a trend that will increase in the coming months.”

A phishing-as-a-service platform can also increase attacker effectiveness. “Since PhaS can operate at scale, it enables adversaries to be more efficient at stealing and defrauding identities,” said Resecurity CEO Jean Yu.

“Old-fashioned phishing campaigns require money and resources, which can be overwhelming for one person,” he told TechNewsWorld. “Fas is just faster, faster, better.”

“It’s something that’s very unique,” he said. “It’s very rare to produce a phishing service on this scale.”

well packed

Many illegal services, hacking and malicious intent are solution products, explained Alon Nachmani, field CISO at AppviewX, a certificate lifecycle management and network automation company in New York City.

“By using a PhaS solution malicious actors have less overhead and less to spring an attack,” he told TechNewsWorld.

“Quite honestly,” he continued, “I’m surprised it took so long to become a thing. There are so many marketplaces where you can buy ransomware software and link it to your wallet. Once deployed , you can collect the ransom. The only difference here is that it is completely hosted for the attacker.”

While phishing is often considered a low effort activity in the hacking world, it still requires some work, said Monia Deng, director of product marketing at Bolster, a provider of automated digital risk protection in Los Altos, Calif. You’ll need it to do things like stand up to a phishing site, create emails, automate managers, and nowadays, steal 2FA credentials on top of primary credentials, she explained.

“With Faas,” she continued, “everything is neatly packaged on a subscription basis for criminals who do not require any hacking or even social engineering experience. It Opens the ground for many more threat actors who want to exploit organizations for their own gain.”

bad actors, great software

Security researchers explained that payment for EvilProxy is conducted manually through an operator on Telegram. Once the subscription funds are received, they will be credited to the account in the customer portal hosted on TOR. The kit is available for $400 per month.

EvilProxy’s portal has many tutorials and interactive videos on using the service and configuration tips. “To be clear,” the researchers wrote, “the bad actors did a great job in terms of service usability, and configuration of new campaigns, traffic flow, and data collection.”

“This attack just shows the maturity of the bad actor community,” said George Gerchow, CSO and senior vice president of IT at Sumo Logic, an analytics company focused on security, operations and business information in Redwood City, Calif.

“They are packing these kits nicely with detailed documentation and videos to make it easier,” he told TechNewsWorld.

The service uses a “reverse proxy” principle, the researchers noted. It works like this: Bad actors lead victims to a phishing page, use a reverse proxy to get all the legitimate content the user expects to see, and sniff their traffic through the proxy.

“This attack highlights how low the barrier of entry is for unsophisticated actors,” said Heather Iannucci, a CTI analyst at Tanium, creator of an endpoint management and security platform in Kirkland, Wash.

“With EvilProxy, a proxy server sits between the legitimate platform’s server and the phishing page, which steals the victim’s session cookie,” she told TechNewsWorld. “This can then be used by the threat actor to login to a legitimate site as a user without an MFA.”

“Defending against EvilProxy is a challenge because it combines cheating a victim and MFA bypass,” Yu said. “The real compromise is invisible to the victim. Everything sounds good, but it’s not.”

still in effect

Nachmany warned that users should be concerned about the effectiveness of MFAs that use text messaging or application tokens. “Fas is designed to use them, and this is a trend that will grow in our market,” he said.

“The use of certificates as an additional factor is what I expect to see an increase in use soon,” he said.

While users should be careful when using an MFA, it is still an effective mitigation against phishing, said Patrick Harr, CEO of SlashNext, a network security company in Pleasanton, Calif.

“It increases the difficulty of leveraging compromised credentials to disband an organization, but it is not foolproof,” he said. “If a link leads the user to a counterfeit replica of a legitimate site—which is nearly impossible to identify as not legitimate—the user may be the victim of an adversary-in-the-middle attack, such as this one by EvilProxy.” is used to .”

Read More
By