CyberSecurity Pulse 2016-07-21

CyberSecurity Pulse 2016-07-21

“Meet with Triumph and Disaster, and treat those two impostors just the same.”
Rudyard Kipling

Analyst Insight

The Vague Boundaries of International Information Sharing

The Second Circuit Court of Appeals in New York ruled last week that the United States government cannot force tech companies to give the FBI or other federal authorities access to their non-US customers' data stored on servers located in other countries.

CyberSecurity Pulse 2016-07-21 The decision was Microsoft's appeal of a warrant originally issued by the US Justice Department in 2014. The search warrant demanded the emails of a Microsoft customer suspected in an international drug trafficking case. Microsoft provided all the data belonging to the suspect that was stored inside the US borders, but the company refused to comply with the warrant when the DoJ asked it to hand over the data the company maintained on servers located in Ireland. However, the government prosecutors argued that Microsoft must comply as long as the data was hosted by a US-based company.

This topic is linked to a problem already addressed in 2012 in the Tallinn Manual boosted by the NATO Cooperative Cyber Defence Centre of Excellence. In its first section, the experts developed to what extent the States are capable of exercising the soverignty, jurisdiction and control regarding this field. In fact, Rule 1 in the manual explicitly limits the sovereignty stating that "a state may exercise control over cyber infrastructure and activities within its sovereign territory". Meanwhile, Rule 2 also defines the areas in which a State can exercise its jurisdiction, generally limiting them to "persons engaged in cyber activities on its territory" and "cyber infrastructure located on its territory" too.

Having established these limits properly is a must so as to understand the legal problems derived from the information shared between different organizations that own technological assets in several countries. The complexity of this issue may lead to improvised jurisprudential frameworks that are still in an immature stage and whose consequences are shedding more shadows than lights at the moment.

Top Stories

Ransomware Demands an Average of 679 USD per Ransom in 2016

CyberSecurity Pulse 2016-07-21A report released by the security firm Symantec about ransomware trends has shown a significant peak in the price of the ransom demanded by this type of malware. Since the beginning of 2016, the average demanded ransom is demanding 679 USD, more than doubling the average figures recovered in 2015. Although the majority of the victims (the 57% according to Symantec) are consumers, the events identified in this report are also showing a "slow but steady increase" in the ransomware attacks targeting organizations instead of individuals.

» More information at Symantec

One of the Main Contributors to Tor Project Is Exiting in August

CyberSecurity Pulse 2016-07-21Lucky Green, one of the main supporters of the Tor Project since its conception, has announced his exit from the project because of recent events which have not been clarified. Green was one of the first five contributors to the network and his implication has been extended to the control of a number of Fast Tor Nodes as well as the Tonga node which has a significant role in the network maintenance. His exit, anonunced six weeks before the deadline, will lead to the shutdown of each and every node under his control as welll as their associated cryptographic keys on August 31st 2016, a circumstance that implies that Tor developers will be required to deal with a new significant setback for the project in the following weeks.

» More information at The Hacker News

Rest of the Week´s News

Fake Pokémon Go App Infects Phones with Screenlocker

Researchers from Eset have reported at least three malicious apps in the Google-hosted marketplace related to Pokémon Go. One of them, titled Pokemon Go Ultimate, posed the biggest threat because it deliberately locks the screen of devices immediately after being installed. In many cases, restarting an infected phone isn't enough to unlock the screen.

» More information at Ars Technica UK

Delilah, the First Insider Threat Trojan

According to Gartner analyst Avivah Litan, a malware sample dubbed Delilah, has earned the title of the first insider threat Trojan since it allows its operators to capture sensitive and compromising footage of victims. This material is being used afterwards to extort the victim or to convince them to carry out actions that would harm their employer.

» More information at ZDNet

Abusing 2FA to Steal Money from Instagram, Google and Microsoft

Social media bug bounty hunter, Arne Swinnen, has revealed a number of flaws in the big player’s 2 Factor Authentication (2FA) methods that could enable a malicious user to obtain large sums of money from their phone-based verification services. An attacker could abuse the security system with the purchase of a premium telephone number which would then be called by the authentication system on login.

» More information at Security Affairs

Further Reading

Right Sector Hackers Attempt to Blackmail Polish Government

» More information at SC Magazine UK

Business Websites Hijacked to Deliver Ransomware

» More information at Ars Technica UK

Ubuntu Forums Breach: User Passwords Not Compromised

» More information at Ubuntu