SUSPICIOUS OBSERVERS NEWS > Bird Disaster Mystery, Sunspots Growing Fast | Jun.26.2021

Goldman Thinks Trump Organization Will Likely Go Bankrupt If Indicted

"We All Need To Be Ready" - Elon Musk GREATEST WARNING (2021)

Elizabeth Warren Goes In-Depth On Need To Include Childcare In Infrastructure

CREATE A PROBLEM MAKE MONEY: Ransomware funds more Ransomware

Usually not disclosed until after the fact: Hypothetical situation posed in an article by Elizabeth Lopattoon policy taken from The Verge

(Illustration by Alex Castro and Grayson Blackmon)

Ransom notes

Ransomware funds more ransomware, so how do we stop it?

By Elizabeth Lopatto@mslopatto Jun 24, 2021, 8:00am EDT

". . .Let’s begin with the obvious, uncontested fact: the number of ransomware attacks is going up because companies are paying the ransoms.

The number of ransomware attacks is going up because companies are paying the ransoms

The Colonial Pipeline hack is a case in point. The company spent $4.3 million to unlock its computers. Ransomware is just extortion, after all. As the DarkSide collective put it in their weirdly corporate apology for shutting down Colonial Pipeline, “Our goal is to make money.” Major cybercrime gang Evil Corp — great branding btw — reportedly likes sick Lambos. Stopping ransomware is simple in that way: all you have to do is cut off the cash.

The question is how, and none of the choices are very good.

You could require the immediate disclosure of ransoms. You could ban paying ransoms outright. You could ban cryptocurrency, which is how most ransoms are paid. You could increase regulation around cryptocurrency and perhaps ban certain kinds of exchanges or transactions. You could try being better friends with Vladimir Putin, in the hopes that he might sacrifice some threat actors. Your Department of Defense has also probably come up with some separate terrible ideas, which I am frightened even to contemplate.

Every choice here hurts, at least in the short term. But let’s go through them. . .

Immediate disclosure of ransom payments

Legislators have been trying to get ransom disclosures done already, without much success. That’s probably because the public disclosure of a hack damages a company’s reputation. So right now, we actually don’t know the true extent of the ransomware problem because a lot of companies keep hacks quiet. . .

Ban ransom payments

Right now, it is legal to pay ransom: it’s even tax-deductible, and the money often comes from a company’s cyber insurer. Banning ransoms in the US would cut off the cash supply for the criminals — probably getting them to change their focus to other countries. . .

Ban cryptocurrency

Cryptocurrency’s role in the ransomware ecosystem has led some to call for banning cryptocurrency altogether. Others have suggested regulating cryptocurrency mining as money transmitters to make it more difficult to process ransom transactions. “I think it’s time for a whole-of-government ‘regulate it to death’ strategy, based on existing regulation,” says Nicholas Weaver, a computer security specialist at the International Computer Science Institute in Berkeley, California, in an email. This would also be a painful route to take — not only would it blow up people’s cryptocurrency investments, but it would nuke entire companies based on cryptocurrency, such as Coinbase. . .

Stronger cryptocurrency regulation

At some point, criminals need to move out of cryptocurrency and back into traditional currency since that’s generally how one pays for Lamborghinis. Within the borders of the US, cryptocurrency is already regulated; reputable exchanges comply with know-your-customer laws aimed at preventing money laundering, for instance. . .

International diplomacy and coordination

You could combat ransomware through international cooperation — after all, many hackers’ names and locations are known. They’re just not extraditable. But because hackers don’t target certain Eastern Bloc countries, those countries do not view ransomware as a serious problem, says Adam Meyers, Crowdstrike’s senior vice president of intelligence. “These people are paying taxes,” Meyers says. “I think there’s people protecting them.” . .

Well?

So where does that leave you, the president? Nowhere good. But you’re going to have to put on your decision aviators because the hacks are increasing. Even cyber insurers can fall prey to ransomware. Cyber insurer CNA was hacked in March and paid a ransom of $40 million. The Asia division of cyber insurer Axa was hacked in May.

“We called 2020 the year of ransomware, and I’m wondering if I have to call 2021 the year of ransomware, too,” says Kim Grauer, director of research at Chainalysis. “We’re basically on track to surpass 2020.”

The trends she’s seen include asks for bigger ransoms and an increase in the average payments going to known ransomware wallets. And scarily, there’s more money being moved between ransomware strains and illicit service providers, says Grauer. Business is good, and the hackers are reinvesting.

 

 

HHH

Why USA Brought Nazis to America After World War 2

Vulnerable AF: Well-Meaning or Not // Got "A Patch" for That????

Another fix and another day (maybe two)

A well-meaning feature leaves millions of Dell PCs vulnerable

Firmware security tool flaws affect as many as 30m desktops, laptops, and tablets.

Lily Hay Newman, wired.com -

Ars Technica | 6/26/2021, 4:15 AM                    

Researchers have known for years about security issues with the foundational computer code known as firmware. It's often riddled with vulnerabilities, it's difficult to update with patches, and it's increasingly the target of real-world attacks. Now a well-intentioned mechanism to easily update the firmware of Dell computers is itself vulnerable as the result of four rudimentary bugs. And these vulnerabilities could be exploited to gain full access to target devices.

The new findings from researchers at the security firm Eclypsium affect 128 recent models of Dell computers, including desktops, laptops, and tablets. The researchers estimate that the vulnerabilities expose 30 million devices in total, and the exploits even work in models that incorporate Microsoft's Secured-core PC protections—a system specifically built to reduce firmware vulnerability.

Dell is releasing patches for the flaws today.

 

1 “These vulnerabilities are on easy mode to exploit. It’s essentially like traveling back in time—it’s almost like the ’90s again,” says Jesse Michael, principal analyst at Eclypsium. “The industry has achieved all this maturity of security features in application and operating system-level code, but they're not following best practices in new firmware security features.”

The vulnerabilities show up in a Dell feature called BIOSConnect, which allows users to easily, and even automatically, download firmware updates. BIOSConnect is part of a broader Dell update and remote operating system management feature called SupportAssist, which has had its own share of potentially problematic vulnerabilities. Update mechanisms are valuable targets for attackers, because they can be tainted to distribute malware. . .

The Eclypsium researchers caution, though, that this is one update you may not want to download automatically. Since BIOSConnect itself is the vulnerable mechanism, the safest way to get the updates is to navigate to Dell's Drivers and Downloads website and manually download and install the updates from there. For the average user, though, the best approach is to simply update your Dell however you can, as quickly as possible.

“We’re seeing these bugs that are relatively simple like logic flaws show up in the new space of firmware security,” Eclypsium's Michael says. “You’re trusting that this house has been built in a secure way, but it’s actually sitting on a sandy foundation."

After running through a number of nightmare attack scenarios from firmware insecurity, Michael takes a breath. “Sorry,” he says. "I can rant about this a lot.”

This story originally appeared on wired.com.

=========================================================================

2

NFC flaws let researchers hack an ATM by waving a phone

Flaws in card-reader technology can wreak havoc with point-of-sale systems and more.

Andy Greenberg, wired.com -

Ars Technica | 6/25/2021, 1:52 PM

"For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has found a collection of bugs that allow him to hack ATMs—along with a wide variety of point-of-sale terminals—in a new way: with a wave of his phone over a contactless credit card reader.

Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader—rather than swipe or insert it—to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe.

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems' firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash—though that "jackpotting" hack only works in combination with additional bugs he says he has found in the ATMs' software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.

"You can modify the firmware and change the price to one dollar, for instance, even when the screen shows that you're paying 50 dollars. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here," says Rodriguez of the point-of-sale attacks he discovered. "If you chain the attack and also send a special payload to an ATM's computer, you can jackpot the ATM—like cash out, just by tapping your phone."
III