CISOs Anticipate Surge in Cyber Attacks Next Three Years

An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security.

The report, “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,” names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. more

2024 TSCM Trend Analysis

TSCM Equipment Market Size, Share, Competitive Landscape and Trend Analysis Report by Type, by Product and by Industry Vertical: Global Opportunity Analysis and Industry Forecast, 2023-2032

Excerpt: "For instance, Murray Associates, an independent security consulting firm specializing in counterespionage consulting and information security for 40 years, provides TSCM and eavesdropping detection using real-time RF spectrum analysis, which is an advanced TSCM technology. 

In addition, Murray Associates, recently was the first non-government TSCM organization to offer advanced TSCM technology. The firm launched non-linear junction detection (NLJD) that can locate spy cams and other bugging devices even while they are turned off or out of power.

These factors result in innovation of highly discreet and capable modern surveillance technologies that are able to evade methods of traditional TSCM to meet new, emerging technical threats. The advanced TSCM equipment market is expected to grow at the highest CAGR." more

Study: Are Smartphones Really Eavesdropping on our Conversations?

It’s a common fear- are smartphones listening and using our private conversations to sell advertising? New research shows many believe this is true.

The study, from Tidio, asked over 1000 people (48.6% males, 49.8% females, and 1.6% declaring as non-binary) about their opinions and experiences, and the results are surprising. more

Verizon’s 2020 Cyber Espionage Report

Verizon’s 2020 Cyber Espionage Report, the result of a total of 14 years of research into global data breaches and threat actor activity, has come up with some illuminating observations about long-term patterns of cyber spying. 

Among the major highlights are that criminal organizations and disgruntled former employees play a trivial role in overall attempts, that the public sector is the preferred target of attackers and that desktops and laptops are far more likely to be breached than phones...

Though there is some market for corporate secrets in the criminal underworld, the research shows that these figures make up a small amount of overall cyber espionage incidents: about 4% are from organized crime, and about 2% are from former employees. An overwhelming 85% come from state-affiliated groups, with an additional 8% from nation-states. more

Work From Home (WFH) Risks Assessed

The work-from-home (WFH) arrangement appeared to be the safest way for employees and businesses to continue operating during the pandemic, but it also exposes companies to heightened cyber security risks, studies showed...

There is also a perception that getting home security controls or measures or support from their companies is getting expensive...

The study showed that 43 percent of breach victims were small businesses, and 34 percent of data breached involved internal actors. The same survey showed that 15 percent of companies found millions of files open to every employee. ...The study showed that 71 percent of breaches were financially motivated and 25 percent is due to espionage. more

GPS Trackers, Hidden Cameras on the Rise During Pandemic

Domestic violence offenders are increasingly using GPS trackers and surveillance cameras to monitor their victims, with support workers saying technology-based abuse has escalated during the pandemic... 

The report, co-authored by researchers from WESNET, Curtin University and the University of New England, surveyed 442 support workers from around the country who specialise in helping victims of family and sexual violence...

In 2020, nearly one in three frontline workers said they saw victims tracked with GPS apps or devices "all the time". Five years ago, only 8 per cent of workers saw that type of abuse that often.

Surveillance camera misuse was seen "all the time" or "often" by 42 per cent of support workers in 2020, up from 16 per cent in 2015. more

Learn how to detect covert cameras.

NSA Publishes: Survey of Videoconferencing Apps

Selecting and Safely Using Collaboration Services for Telework
During a global pandemic or other crisis contingency scenarios, many United States Government (USG) personnel must operate from home while continuing to perform critical national functions and support continuity of government services. With limited access to government furnished equipment (GFE) such as laptops and secure smartphones, the use of (not typically approved) commercial collaboration services on personal devices for limited government official use becomes necessary and unavoidable. survey

Trend Micro Reveals Security Worries for 2020

In 2020, tried-and-tested cyber crimes – such as extortion, obfuscation and phishing – will remain, but new risks will inevitably emerge.

Full 5G implementations will introduce new security threats and the increased migration to the cloud will see more organizations facing risks from their cloud and supply chain.

In addition, the sheer number of connected assets and infrastructures will open doors to threats, and fake images, videos, or audio will be used to manipulate enterprise business procedures.

This is according to a new report from security firm Trend Micro, titled: “The New Norm: Trend Micro Security Predictions for 2020.”

...of special interest to our clients...

IOT devices used for espionage, extortion.

Machine learning and AI will be abused to listen in on connected devices like smart TVs and speakers to snoop on personal and business conversations, which can then provide material for extortion or corporate espionage. more

Holy Crap: IT Folks Fear the Internet Connected Toilet

IT security professionals are nervous people.

This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...

The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...

Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.

Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.

I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more

How often are spycams found in short-term rental properties?

From the IPX1031 Insight Blog

Click to enlarge.

50% of Email Users Deserve the Problems They Create

Security experts often talk about the importance of educating people
about the risks of "phishing" e-mails containing links to malicious websites. But sometimes, even awareness isn't enough.  

A study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages—even though most of them claimed to be aware of the risks. more

Does dropping malicious USB sticks really work?

Of course it does.
Common sense.  
I warned about this years ago. 
Now, we have empirical evidence!



Research presented this week at BlackHat by Elie Bursztein of Google’s anti-abuse research team shows that the danger is alarmingly real:

• …we dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus and measured who plugged in the drives. And Oh boy how effective that was! Of the drives we dropped, 98% were picked up and for 45% of the drives, someone not only plugged in the drive but also clicked on files.

It seems folks just can’t resist picking up a USB stick that they see lying around – Bursztein says that it only took six minutes for the first device that he “lost” to be picked up.One would like to imagine that people are less likely to plug in a USB drive if it is clearly labelled with the owner’s contact details, and that appears to be borne out by the statistics.
On each type of drive, files consistent with the USB stick’s appearance were added. So, “private” files were added to USB sticks that were unlabelled or were attached to keys or a return label, “business” files to sticks marked confidential, etc.

However, in reality each of the files was actually an HTML file containing an embedded image hosted on the researcher’s server. In this way they were able to track when files were accessed. more

Brand-Name Wireless Keyboards Open to Silent Eavesdropping

Wireless keyboards from popular hardware vendors are wide open to silent interception at long distances, researchers have found, without users being aware that attackers can see everything they type.

Bastille Research said the keyboards transmit keystrokes across unencrypted radio signals in the 2.4 GHz band, unlike high-end and Bluetooth protocol keyboards, which transmit data in an encrypted format, making it more difficult for attackers to intercept the scrambled keystrokes.

It means attackers armed with cheap eavesdropping devices can silently intercept what users type at distances of 50 to 100 metres away.

Such interception could reveal users' passwords, credit card numbers, security question replies and other personally sensitive information, Bastille said. Users would have no indication that the traffic between the keyboard and the host computer was intercepted.

Furthermore, attackers could inject keystrokes of their own into the signals, and type directly onto users' computers. Again, the attack would be unnoticeable to users in most cases.

Bastille tested eight keyboards from well-known vendors... more

Longtime Security Scrapbook readers may remember my warnings about this beginning in 2007...
https://spybusters.blogspot.com/2007/12/wireless-keyboard-interception.html  
https://spybusters.blogspot.com/2007/12/program-discovers-at-risk-wireless.html
https://spybusters.blogspot.com/2009/01/old-news-still-scary-bugged-keyboards.html

Survey: Do Swiss Spy?

The survey, conducted by a research company on behalf of comparis.ch, asked more than 1,000 people across Switzerland their views on spying and being spied on. 

Some 22 percent admitted to keeping an eye on their neighbours using binoculars, cameras and cameraphones, or through the spyhole of their front door.

The most popular reason for spying was to check out a neighbour’s plants (28 percent), followed by how they renovate their home (24 percent), and the way in which they behave with their children (18 percent) and partner (13 percent).

Those that do the most spying are in the 15-29 age bracket, while those aged between 60-74 are the least bothered by what their neighbours are up to.

The survey also asked respondents if they felt observed, with 48 percent of young people saying they do, against a national average of 40 percent. more

Ranking Chart of Mobile Devices Perceived as Most Secure

According to a Tech Pro Research survey, Apple is viewed by tech decision-makers as the most secure mobile device option. Samsung is threatening Apple's lead, and Microsoft ranks well on tablets thanks to the Surface. more

Click to enlarge.

Snooping on Mobile Phones: Prevalence and Trends

Abstract: Personal mobile devices keep private information which people other than the owner may try to access.

Thus far, it has been unclear how common it is for people to snoop on one another’s devices. Through an anonymity-preserving survey experiment, we quantify the pervasiveness of snooping attacks, defined as "looking through someone else’s phone without their permission."

We estimated the 1-year prevalence to be 31% in an online participant pool. Weighted to the U.S. population, the data indicates that 1 in 5 adults snooped on at least one other person’s phone, just in the year before the survey was conducted.

We found snooping attacks to be especially prevalent among young people, and among those who are themselves smartphone users. In a follow-up study, we found that, among smartphone users, depth of adoption, like age, also predicts the probability of engaging in snooping attacks.

In particular, the more people use their devices for personal purposes, the more likely they are to snoop on others, possibly because they become aware of the sensitive information that is kept, and how to access it. These findings suggest that, all else remaining equal, the prevalence of snooping attacks may grow, as more people adopt smartphones, and motivate further effort into improving defenses. more

How Business Espionage Really Works (Hint, it ain't just computers.)

The Dirty Dozen

1. Trespassing on the property of a competitor.
2. Secretly observing the activities or properties of others.
3. Using electronic eavesdropping equipment.
4. Learning trade secrets by hiring people who work for a competitor.
5. Hiring a spy to get specific information from an other company.
6. Planting an undercover operative on someone else’s payroll.
7. Stealing documents or property (includes electronic documents).
8. Conducting phone negotiations for a license, franchise, or distributorship in order to gain inside information.
9. Gaining information by staging a phony market research study or similar interview project.
10. Bribing. Most forms of bribery are unethical, including those disguised as “gifts”.
11. Blackmailing.
12. Extorting. 

From: Best Practice Guidelines in Business Espionage Controls & Countermeasures
  

Survey: Corporate Espionage Rated as a Top Risk - Assessments Become Common

A large number of companies feel the existing security standards, legal, regulatory and compliance frameworks in the industry were not adequate to support corporate security requirements, a survey by PwC India and American Society for Industrial Security (ASIS) said.

The survey revealed that cybercrime and corporate espionage have been rated as two of the most serious threats to organizations in the coming years.

More than half the respondents felt precautionary and preventive measures taken is still not adequate...

The survey also highlighted that about 73 per cent of the respondents felt that the number of security incidents had increased in the past two years and would continue over the next two years.

While five years back physical security assessment was rare and uncommon, today almost 46 per cent of the organizations surveyed conduct a physical security risk assessment once a year, whereas 17 per cent do it monthly. more

Spying Using Phone Call Records – Study Says It's Easy

Stanford University researchers used call records to uncover heart problems, marijuana habits of volunteers. 

Phone metadata doesn’t reveal what people say, but such records of calls and text messages can help spy agencies, businesses or hackers discover private information about someone’s relationships, shopping interests and even health problems, according to a study published on Monday.

The research published in the journal Proceedings of the National Academy of Sciences showed that scans of call records help create detailed maps of not just the person being investigated, but also the lives of contacts in their phone history. Metadata is the term used for the receipt of a call or a text message included in the history of a phone, and these records are often maintained by a telecom service provider.

"Once a participant was labeled as in a relationship, we found that identifying the participant’s partner was trivial,” according to the researchers. “Our results suggest that, even without human review, a business or agency could draw sensitive inferences from a significant share of telephone records.” more

Proof Almost 50% of People are Computer Security Morons

In what’s perhaps the most enthralling episode of the hacker drama Mr. Robot, one of F-Society’s hackers drops a bunch of USB sticks in the parking lot of a prison in the hopes somebody will pick one up and plug it into their work computer, giving the hackers a foothold in the network. Of course, eventually, one of the prison employees takes the bait.

Using booby-trapped USB flash drives is a classic hacker technique. But how effective is it really? A group of researchers at the University of Illinois decided to find out, dropping 297 USB sticks on the school’s Urbana-Champaign campus last year.

As it turns out, it really works. In a new study, the researchers estimate that at least 48 percent of people will pick up a random USB stick, plug it into their computers, and open files contained in them. Moreover, practically all of the drives (98 percent) were picked up or moved from their original drop location. Very few people said they were concerned about their security. Sixty-eight percent of people said they took no precautions... more