Hackers stole over $500,000 from Enigma cryptocurrency investors

Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.

The Enigma cryptocurrency hack

The attack unfolded on Monday (August 21), but the company noticed that something was happening the day before, and posted a warning on Twitter:

Despite all that, the attackers managed to compromise the company’s Web site, Slack channel, and mailing lists.

They proceeded to set up a fake page announcing a token presale and put their own digital wallet address as the destination for the payments, then sent out (via email) and published (on Slack) an invitation to investors to buy tokens:

Enigma cryptocurrency hack

As noted before, would-be investors who believed the invitations to be legitimate started buying and sending funds to the attackers’ address. Most of the money has already been retrieved.

It didn’t take that long for the Enigma team to retake control of all compromised accounts and the Web site, but the damage was done. They confirmed that no company funds, wallet addresses, user passwords, not private keys were stolen, and that their Twitter, Facebook, Telegram accounts, as well as the Enigma blog, were not hacked.

In an email sent out to the Enigma community, the team said that they “will work hard to make things right for all those hurt in this scam attempt,” and announced new security measures that give an idea of how the hackers managed to pull off the attack (poor/reused passwords, no two-factor authentication):

In a discussion on Reddit about the incident, one commenter suggested that the attackers used login data compromised in a previous, separate hack to hijack Enigma CEO Guy Zyskind’s account, and used that access to modify the Web site and send out the announcement via email and Slack.

from Help Net Security – News http://bit.ly/2wtdHQK

Learning from success: Brian Honan’s infosec journey

When Brian Honan started his information security consultancy thirteen years ago, most of his conversations were with those in charge of IT and/or IT security within an organization. The focus of these discussions was usually on the technical aspects of security, while the policy and governance side was seen as a compliance headache.

Brian Honan

“At the time, you were lucky if you managed to speak to anyone at the CXO level, unless it was the CFO trying to get you to give a discount,” he told Help Net Security.

“But now that many businesses realize how dependent they are on IT and the Internet, they understand that security is a business issue that they need to manage accordingly. Hence, most of our conversations with clients are now with their senior management team, their audit committees, and/or their boards, as they look for us to guide them in how to manage this significant risk to their business.”

An “accidental” career in information security

Like many industry veterans who are near his age, Honan fell into information security more out of chance than by following a pre-determined career path.

He started his working life as a clerk in an insurance company, where an opportunity arose in the IT department for someone to support a WANG mini system and those new things called PCs and Local Area Networks. Over time, as PCs took a more prominent role in the organization, his role evolved into ensuring the reliability and security of the computer networks.

Then a virus struck the company’s systems, and the challenge of dealing with that first outbreak piqued his interest in the security field.

“I was extremely lucky to have worked with some fantastic people, who willingly shared with me the experience and expertise they gathered by spending decades securing mainframe systems. I applied the lessons they learned to the brave new personal computing world and, naturally, had to develop ways to keep the evolving information technology secure.”

Striking out on his own

Founding BH Consulting and keeping it rolling was a rollercoaster ride: the nervousness of the first solo steps, the excitement of the first engagements and cheques, the disappointment of not winning over potential clients, the humdrum side of running a business.

But the company survived – both those early roller coaster years and the financial crisis that hit Ireland hard in 2008 – and thrived. It currently numbers ten full time employees (eight of them are infosec specialists), three part-time infosec professionals, five associates working on client projects – and they are still on the lookout for more junior and senior consultants.

“When I started BH Consulting a mentor said to me: ‘Brian, to be successful you need to find a niche in the market, but you also need to make sure that there is a market in that niche’,” he explained the logic behind the company’s evolution.

“I’d like to think that over the years BH Consulting has built a reputation as a partner that can be trusted to deliver to the clients’ requirements, whether they are small firms or enterprise clients. We often get to see the business challenges they face or are about to face and, after identifying their areas of concern, we look at how we can help alleviate those concerns. If enough clients have the same type of challenges, we see if we can develop a service to address that challenge so that we can offer it to all our clients.”

Life as a CEO

Trust is also the one thing that a CEO in the cybersecurity field can’t do without, Honan noted.

You need to be able to trust the information you rely on, the systems you depend on to protect that information, and the people you work with. Building that trust takes time, and once achieved, maintaining it requires continuous work.

Another important lesson he has learned is that one should always be willing to learn and listen to others.

“There are so many people in our industry who are willing to help others improve their knowledge and that is what makes working in this field so enjoyable. So don’t be afraid to reach out to others to ask for help, don’t be afraid to offer your insights and expertise to others so they can learn,” he urged.

He has also found blogging, attending and speaking at conferences, and Twitter to be great ways to learn more, expand his network, and help spread the ethos of BH Consulting and how they like to work.

“My biggest goal as we grow is to maintain our reputation for quality and trust, and to ensure that BH Consulting remains a place that people enjoy working in. I firmly believe that if you invest in your staff and look after them, then they in turn will look after your customers. Without skilled, motivated, and happy staff we won’t have happy clients, so my goal is to continue to build on the great team that we have.”

The information security industry

The big draw of information security is that work is never boring. It can be frustrating, thankless, it can even sometimes seem hopeless, but it is never boring: technology is evolving, new risks are introduced, and challenges are never-ending.

“Working in the information security field also enables you, in a small but significant way, to improve the lives of others,” Honan pointed out.

“Every system we secure, every virus we block, every attack we prevent, every user we teach to stay safe online, every policy maker we educate on how to better protect our society – these are all ways we make the Internet and the world a better place for others.”

This wish to help others lead Honan to found IRISS, Ireland’s first Computer Emergency Response Team, in 2008. He also became a Special Advisor on Internet Security to Europol’s European Cybercrime Centre (EC3) in 2013.

Despite all his years in the information security field, he managed to remain an optimist. But there is one thing about which he has grown cynical: new, flashy technologies and silver bullet solutions.

“Experience has shown, over and over again, that it’s not attack sophistication that gets attackers in, but the fact that the basic defences are not implemented properly. So, our approach with our clients is to focus on the basics and get them right. Once that’s out of the way, we look at what gaps they have and identify what solutions may help plug those gaps.”

from Help Net Security – News http://bit.ly/2x8lqAW

Disturbing lack of cyber attack awareness among directors

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new government research and a ‘cyber health check’.

cyber attack awareness among directors

One in ten FTSE 350 companies said they operate without a response plan for a cyber incident, and 31 percent of boards receive comprehensive cyber risk information.

There has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53 percent up from 33 percent) and more than half of businesses having a clear understanding of the impact of a cyber attack (57 percent up from 49 percent).

“Having some of the brightest business minds in your organisation may translate to short-term wins now, but the high-profile directors without any basic training on how to deal with cyber attacks could send a company’s stock falling in the future. With no immediate threat of another financial crisis, the main threat to SMEs and large businesses now presents itself in the form of a cyber attack that could cripple databases, steal sensitive information and extract money. Companies ought to be aware of how to deal with such an incident should it occur, putting in the necessary training from high-level director right down to intern – this is important when you consider that the majority of cyber incidents occur through human error,” said Rob Wilkinson, Corporate Security Specialist at Smoothwall.

Charities and cybersecurity

Separate new research looking at the cyber security of charities has also been published. It found charities are just as susceptible to cyber attacks as businesses, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities. Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.

Where charities recognised the importance of cyber security, this was often due to holding personal data on donors or service users, or having trustees and staff with private sector experience of the issue. Charities also recognised those responsible for cyber security need new skills and general awareness among staff needs to raise.

cyber attack awareness among directors

Barriers to improvement for charities

“Charities must remember that, in addition to the social good they strive towards, they also have a duty of care to protect the personal information of their donors. Charities will not be spared from new data protections rules under GDPR, and some may be unable to weather the storm should they fail to meet their obligations. With widespread IT and security outsourcing to cloud-based services and third-party providers, many charities may be introducing significant supply chain risk and punching holes in an already meagre security posture. Strong data management, security policies and investment in the latest threat detection and response technologies must be top of the agenda,” said Matt Walmsley, EMEA director of Vectra.

Data Protection Bill

The Government will soon be introducing its new Data Protection Bill to Parliament. With this coming into effect next May, implementing the General Data Protection Regulation (GDPR), the report for the first time included questions about data protection.

The new data protection law will strengthen the rights of individuals and provide them with more control over how their personal data is being used.

The report found:

  • Awareness of GDPR was good, with almost all firms (97 per cent) aware of the new regulation
  • Almost three quarters (71 per cent) of firms said they were somewhat prepared to meet the GDPR requirements, with only 6 per cent being fully prepared
  • Just 13 per cent said GDPR was regularly considered by their board
  • 45 per cent of Boards say they are most concerned with meeting GDPR requirements relating to an individual’s right to personal data deletion.

from Help Net Security – News http://bit.ly/2x887k0

Network forensics tool NetworkMiner 2.2 released

NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic. It collects data about hosts on the network rather than to collect data regarding the traffic on the network.

NetworkMiner forensics tool

In NetworkMiner 2.2, the PCAP parsing speed has more than doubled and even more details are now extracted from analyzed packet capture files.

User interface improvements

The keyword filter available in the Files, Messages, Sessions, DNS and Parameters tabs has been improved so that the rows now can be filtered on a single column of choice by selecting the desired column in a drop-down list. There is also an “Any column” option, which can be used to search for the keyword in all columns.

The Messages tab now allows the filter keyword to be matched against the text in the message body as well as email headers when the “Any column” option is selected.

Time stamps are now instead shown using the yyyy-MM-dd HH:mm:ss format with time zone explicitly stated.

Protocol parsers

The latest version comes with an RDP parser, which is primarily used in order to extract usernames from RDP cookies and show them on the Credentials tab. Version 2.2 also comes with better extraction of SMB1 and SMB2 details, such as NTLM SSP usernames.

NetworkMiner moved to .NET Framework 4.0. This move doesn’t require any special measures to be taken for most Microsoft Windows users since the 4.0 Framework is typically already installed on these machines. If you’re running NetworkMiner in Linux, you might wanna check out an updated blog post on how to install NetworkMiner in Linux.

The developers have also added an automatic check for new versions of NetworkMiner, which runs every time the tool is started.

from Help Net Security – News http://bit.ly/2vUarfM

Cybersecurity Firm root9B’s Assets Up for Sale

Cybersecurity Firm root9B’s Assets Up for Sale

Move to foreclose comes after company defaulted on repayment terms for over $10.7 millions in loans it owes creditors.

Colorado Springs, Colo-based, root9B Holdings, a publicly traded security company (RTNB) led by several former US Department of Defense cybersecurity officials, appears to be on the verge of going out of business.

Creditors seeking to collect on the nearly $10.7 million the company owes them are scheduled to auction off almost all of root9B Holdings’ assets and properties on August 31. The proposed foreclosure action comes after root9B defaulted on the borrowing terms of its secured debt, the company said in a statement released Friday.

Root8B Holdings is continuing to work with creditors and other potential investors to raise the capital needed to pay off the debt. But there is no assurance that the company will be able to raise the money in time, said Joseph Grano, root9B Holdings’ non-executive chairman of board, former CEO and an individual investor in the secured debt.

“We are disappointed with the foreclosure notice,” said Grano, who was chairman of the Homeland Security Advisory Council between 2002 and 2005.

In a Form 8-K filed with the Securities and Exchange Commission (SEC) last week, root9B Holdings said it will try and obtain a waiver from its creditors so it can have additional time to “seek other forms of liquidity and explore restructuring alternatives.”

One of those potential alternatives includes working with the Chertoff Group, an advisory firm founded by former DHS Secretary Michael Chertoff. In the event such efforts fail, the creditors will seize and sell substantially all of root9B’s assets, the SEC filing noted. Such a development would render the company’s stock potentially worthless, root9B warned investors.

Already, the company’s stock has dropped from $4.09 on August 9to $1.26 August 21. Even that is double the 60 cents or so to which it dropped last Thursday after news first emerged of the company’s financial problems. Last Friday, trading in the stock was so volatile that five-minute halts on trading were imposed a total of 16 times.

The security company bills itself as a provider of a wide range of cybersecurity services including vulnerability assessment, penetration testing, cyber forensics and evidence collecting, SCADA security operations, and compliance testing. It claims customers from within the Fortune 100 list as well as those in the small- to midsized business sectors.

Its board of advisors includes heavyweights like former NYSE chairman and CEO Richard Grasso, former director of US Secret Service Lewis Merletti, former CIA director General Michael Hayden, and Judge William Webster, former FBI director.

Prior to root9B Holdings’ announcement of the pending foreclosure, Cybersecurity Ventures had ranked root9B as the hottest and most innovative cybersecurity company for 2017 – ahead of others like Palo Alto Networks and Raytheon Cyber. So far, Cybersecurity Ventures has picked root9B as the cybersecurity industry’s hottest and most innovative company six quarters in row.

For the first quarter of 2017 ended March 31, root9B Holdings announced an operating loss of $3.8 million on revenues of $2.7 million. The company’s net revenues for 2016, was around $10 million from over $11 million in the year before. The company reported loss from continuing operations of over $18 million last year compared to a loss of $8 million in 2015. At the end of last year, root9B employed about 80 employees.

Over the past year or so, the company has been divesting itself of other businesses including those in the control engineering and energy businesses to focus entirely on cybersecurity.

In 2015, several investors sued the company for making false and misleading claims about its cybersecurity offerings and its performance. That class action lawsuit was later dismissed with prejudice in 2016. Technology blog Seeking Alpha once described the company as a “worthless reverse-merger” with a miniscule and imploding cyber business.

Related Content:


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2imFKLF

How To Avoid Legal Trouble When Protecting Client Data

INsecurity – For the Defenders of Enterprise Security

A Dark Reading Conference
While “red team” conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the “blue team” will be the focus.

from Dark Reading – All Stories http://ubm.io/2vY1DDY

Facebook Awards $100K to Researchers for Credential Spearphishing Detection Method

A group of researchers recently identified a real-time way to detect credential spearphishing attacks in enterprise settings. The discovery net the researchers $100,000 last week from Facebook, which awards money as part of its annual Internet Defense Prize partnership with USENIX Association.

The researchers—Grant Ho, University of California, Berkeley; Aashish Sharma, Lawrence Berkeley National Laboratory; Mobin Javed, University of California, Berkeley; Vern Paxson, University of California, Berkeley and International Computer Science Institute; and David Wagner, University of California, Berkeley—presented a paper, “Detecting Credential Spearphishing Attacks in Enterprise Settings,” (.PDF) last week at the 26th USENIX Security Symposium, in Vancouver, British Columbia.

At the crux of the researchers’ detection method is something they call an anomaly scoring technique for ranking alerts.

The technique, Directed Anomaly Scoring (DAS), operates in a non-parametric fashion, cherrypicking what Ho and company call the most suspicious events from an unlabeled dataset. The technique ranks events by how dubious they appear.

“Once all events have been ranked, DAS simply selects the N most suspicious (highest-ranked) events, where N is the security team’s alert budget,” the researchers write in the paper.

The researchers claim a standard detection method would take nine times as many alerts as theirs to detect the same number of attacks, and that in an experiment they carried out, it detected all but two attacks and even fingered out two previously unknown phishing attack vectors.

The researchers took an anonymized dataset containing 370 million emails from UC Berkeley’s Lawrence Berkeley National Laboratory (LBNL) to test the scoring algorithm. The facility, a Department of Energy (DOE) Office of Science lab managed by University of California, didn’t receive any malicious attachments during the four-year experiment but did receive a number of credential spearphishing attempts.

Credential spearphishing attacks are far less expensive and easier to pull off than attachment-driven exploits. The attacks usually rely on a tricking a user into clicking through a deceptive email to an attacker’s site and entering credentials.

The technique detected six known spearphishing attacks that succeeded and nine that failed. What makes the detector truly remarkable is its false positive rate, 0.004 percent. The number of incoming emails to an enterprise can obviously fluctuate; the researchers say the median number of emails received per day is 263,086. At that false positive rate however the detector can generate 10 or fewer alerts per day 80 percent of the time, Ho and company claim.

The technique is quick too; the researchers say an analyst could investigate a month’s worth of alerts in just 15 minutes. That breaks down to under a minute a day spent by an analyst going over one day’s alerts.

“Ultimately, our detector’s ability to identify both known and novel attacks, and the low volume and burden of alerts it imposes, suggests that our approach provides a practical path towards detecting credential spearphishing attacks,” the researchers wrote.

LBNL was so impressed with the detector it decided to implement and deploy the tool fulltime.

Facebook, which believes the technique could help better protect people from getting hit by social engineering attacks, saw merit in the research as well.

Nektarios Leontiadis, a research scientist with the social network, said late last week the fact the research could help reduce information leaks in the future. Key to winning the prize money was the researchers’ breakdown the method’s false positives.

“The authors acknowledge and account for the cost of false positives in their detection methodology. This is significant because it factors into the overhead cost and response time for incident response teams,” Leontiadis said Thursday.

Facebook, for four years running, has awarded the Internet Defense Prize to researchers for defensive work that prevents vulnerabilities and mitigates attacks.

In 2014 it awarded researchers who came up with a static analysis tool to identify second-order vulnerabilities. In 2015 researchers who identified a series of C++ security issues won the prize. Last year Facebook awarded $100,000 to researchers who came up with a new way to bolster post-quantum security for TLS. The research, which ultimately made its way into Chrome and Tor, was based on bridging the gap between a key exchange protocol (Ring-LWE) and OpenSSL.

from Threatpost – English – Global – thr… http://bit.ly/2vSKwF7