Showing items from Posts

Deepfake: Unearthing the Status Quo

Prologue It’s two o’clock in the morning and you wake up to your phone ringing. You, torn from sleep, reach out and pick up. Your boss is on the other end. He is currently somewhere across the globe and must have forgotten that time differences exist. His voice is filled with a subtle amount of panic and you, still dizzy, understand only half of his words. He demands that you get him some important client information before his next meeting, which is starting in two minutes. He says that he forgot his work laptop in his hotel room and you should send the information to his personal email instead. Would you, half asleep, send the files to him or would you question the legitimacy of the call? Most of us would probably execute such requests, not thinking about the call being faked. The bad news is that the technology for such deception exists and such scenes will probably only get more common in the near future.

Continue Reading

3 Ransomware Precursors Laid Bare in a Cyber Truth or Dare

Recently, with my vulnerability researcher hat on, I was thrilled to get confirmation that three serious security vulnerabilities had been used as initial access vectors in ransomware attacks. Of course I was not gleeful or happy that this had happened to the victims, far from it, but what excited me was that I happened to know an antidote for these particular attacks and many like them. Neither was my elation due to the fact that each of the vulnerabilities is on the CISA Known Exploited Vulnerabilities Catalog (KEV), which Jussi Eronen brought up in his earlier post on exposure assessment. What pushed my buttons, was that post mortem analyses of three ransomware attacks had revealed the root cause for each incident to be the exploitation of a publicly exposed known vulnerability. In other words, the incident responders had discovered the smoking guns, plural. To put it bluntly, each incident could have been avoided had the service not been directly exposed to the Internet in the first place.

Continue Reading

Theft-as-a-Service on Ethereum

Predatory trading is a growing threat in both traditional and cryptocurrency exchanges. Some aspects of these behaviors have been popularized in the news, such as in the recent downfall of FTX and its CEO Sam Bankman-Fried. These however, only tell part of the story of fraud and theft that regularly occur within the most popular cryptocurrencies. Under less public scrutiny has been the unethical monetary extraction, which is occurring trade-by-trade in cryptocurrencies, and the ad-hoc solutions designed to ameliorate their negative consequences. One such solution, the Flashbots project was created to address the negative externalities associated with some types of predatory trading in cryptocurrency exchanges, specifically, frontrunning on Ethereum. With a market cap of nearly 150 billion USD, Ethereum is the second-most valuable cryptocurrency in the world. In Q3 2022, Ethereum saw over 16 million active users. Anyone can make an account in Ethereum for free using a well-known procedure not much more complicated than generating a public key pair.

Continue Reading