News RGPD...

News RGPD

  • True Protection or False Promise? The Ultimate ITDR Shortlisting Guide
    par OSINT without Borders le 13 juillet 2024 à 16h43

    Jul 10, 2024The Hacker NewsEndpoint Security / Identity Security It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The lateral movement uses compromised credentials for malicious access – a critical blind spot that existing XDR, network, and SIEM solutions fail to block. Identity Threat Detection and Response (ITDR) has emerged in the last couple of years to close this gap. This article breaks down the top five ITDR capabilities and provides the key questions to ask your ITDR vendor. Only a definitive ‘YES’ to these questions can ensure that the solution you evaluate can indeed deliver its identity security promise. Coverage For All Users, Resources, and Access Methods Why is it important? Partial protection is as good as no protection at all. If identity is the name of the game, then the ITDR protection should range across all user accounts, on-prem and cloud resources, and no less importantly – all access methods. What questions to ask: Does the ITDR also cover non-human identities, such as Active Directory (AD) service accounts? Can the ITDR analyze the full authentication trail of users, across on-prem resources, cloud workloads and SaaS apps? Would the ITDR detect malicious access over command line access tools such as PsExec or PowerShell? Real-Time (Or As Close As You Can Get) Why is it important? In-threat detection speed matters. In many cases, it could be the difference between spotting and mitigating a threat at an early stage or investigating a full-size active breach. To deliver that, the ITDR should apply its analysis on authentications and access attempts as close to their occurrence as possible. What questions to ask: Does the ITDR solution integrate directly with on-prem and cloud Identity Providers to analyze authentications as they happen? Does the ITDR query the IDP to detect changes in account configuration (for example OU, permissions, associated SPN, etc.)? Multi-Dimensional Anomaly Detection Why is it important? No detection method is immune to false positives. The best way to increase accuracy is to search for multiple different types of anomalies. While each by itself might occur during legitimate user activity, the mutual occurrence of several would increase the likelihood that an actual attack was detected. What questions to ask: Can the ITDR solution detect anomalies in the authentication protocol (for example, hash usage, ticket placement, weaker encryption, etc.)? Does the ITDR solution profile users’ standard behavior to detect access to resources that were never accessed before? Does the ITDR solution analyze access patterns that are associated with lateral movement (for example, accessing multiple destinations in a short period of time, moving from machine A to machine B and subsequently from B to C, etc.)? Need an ITDR solution to secure the identity attack surface of your on-prem and cloud environments? Learn how Silverfort ITDR works and request a demo to see how we can address your specific needs. Chain Detection with MFA and Access Block Why is it important? Accurate detection of threats is the starting point, not the end of the race. As we’ve mentioned above, time and accuracy are the key to efficient protection. Just like an EDR that terminates a malicious process, or an SSE that blocks malicious traffic, the ability to trigger automated blocking of malicious access attempts is imperative. While the ITDR itself cannot do that, it should be able to communicate with other identity security controls to achieve this goal. What questions to ask: Can the ITDR follow up detection of suspicious access by triggering a step-up verification from an MFA solution? Can the ITDR follow up on the detection of suspicious access by instructing the Identity Provider to block access altogether? Integrate with XDR, SIEM, and SOAR Why is it important? Threat protection is achieved by the conjoint operation of multiple products. These products might specialize on a certain facet of malicious activity, aggregate signals to a cohesive contextual view, or orchestrate a response playbook. On top of the capabilities that we’ve listed above, ITDR should also integrate seamlessly with the security stack already in place, preferably in an automated manner as possible. What questions to ask: Can the ITDR solution send the XDR user risk signals and import risk signals on processes and machines? Does the ITDR share its security findings with the SIEM in place? Can the ITDR’s detection of malicious user access trigger SOAR playbook on the user and the resources it’s logged in to? Silverfort ITDR Silverfort’s ITDR is part of a consolidated identity security platform that includes, among other capabilities, MFA, privileged access security, service account protection, and authentication firewalls. Built on native integration with AD, Entra ID, Okta, ADFS, and Ping Federate, Silverfort ITDR analyzes every authentication and access attempt in the hybrid environment and applies multiple, intersecting risk analysis methods to detect malicious user activity and trigger real-time identity security controls. Learn more on Silverfort ITDR here or schedule a demo with one of our experts. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post.

  • Running the Gauntlet
    par Shinobi le 13 juillet 2024 à 13h17

    This article is featured in Bitcoin Magazine’s “The Halving Issue”. Click here to get your Annual Bitcoin Magazine Subscription.Halvings are always looked at as seminal events, a demarking of the end of one era and the beginning of a new one. In the same way that Americans come out of the woodwork to clamor over the new set of presidential candidates in the election cycle, Bitcoiners come flooding out to celebrate the successes of the past block reward epoch and look forward to the possible successes of the next. I would argue that this halving, it is imperative to do the exact opposite of that in regards to the mining ecosystem. We should be deeply concerned with the potential of what can go very wrong in this next epoch, and how parts of the mining ecosystem can fail in ways that present a systemic risk to the Bitcoin ecosystem.Bitcoin post ETF approval is finally lunging forward in terms of developing integrations with the legacy financial system, and while this is definitely something that will contribute to deeper market liquidity and likely positive price movement, it is also something that will come with the heavy cost of providing fuel and food to an external influence on Bitcoin that will need to be resisted and fought every step of the way in order to maintain the important characteristics of Bitcoin. Decentralization, censorship resistance, the ability to offer people a truly sovereign money that is within their control. The integration of bitcoin backed products into the legacy financial system is going to draw the scrutiny of regulators and legislators like we have never seen before. The floodgates are now open in terms of people being able to freely allocate their funds to bitcoin exposure (I say this specifically because they have only price exposure and not ownership). This presents the potential for a massive migration of funds from other asset classes into bitcoin, which would have serious implications for the performance of those other asset classes depending on the size of that reallocation. This is exactly the type of situation in which the government typically makes significant regulatory changes in reaction to a fundamental change to the structure of market dynamics. Regulators are going to come for every layer of the mining stack, as that is what the rest of the network and protocol is dependent on. Click the image above to subscribe! Mining PoolsMining pools are the lowest hanging fruit for regulators to go after. Pools are an economically necessary aspect of the mining industry. Without pools, two things would be wildly different for everyone mining. First, any miner not of sufficient size would have highly irregular income. Without pools to well, pool miners' resources together and proportionately share the income from the block reward regardless of who actually found the block, miners’ income would be highly unpredictable and a stretch of bad luck in not finding blocks could literally bankrupt an operation. Without this added predictability to income, the mining ecosystem would be a very different landscape with a radically different risk profile for participants. Second, in a world of nothing but solo miners, there would practically speaking be a minimum percent of the network hashrate any given miner would need to make up in order to have any chance of running a viable business. If you are 1% of the network, you have decent odds of hitting at least a block or two a day. If your percentage of network hashrate drops much smaller than that, the irregularity of payouts can get drastic. With energy bills to pay at the end of every billing cycle, that is not a tenable situation for miners. A utility company won’t care that you “just had an unlucky month.” Where Does The Money Go? Miners pooling resources for more predictable payouts, for better or worse, is an ingrained part of the ecosystem that operations depend on in order to run a predictable business. This means that as long as they exist, centralized mining pools will present an easy low hanging target for government regulators. Mining pools are inescapably custodians, whenever a miner in a pool finds a block the coinbase reward does not pay out to that miner (with some recent exceptions such as Ocean), it pays those bitcoin out to the mining pool. This pool custodies funds on behalf of the actual miners until they choose to withdraw. Regulators worldwide require compliance for businesses that custody funds on behalf of other people, they simply haven’t caught up to the reality that is a critical function of mining pools. This is in fact exactly why Ocean launched with a model paying out their miners directly in the coinbase reward, so they could function in a way that does not involve custodying of other peoples’ funds. It is inevitable that pools begin getting overt pressure from regulators to comply with requirements of custodial entities. The only option at that point will be for pools to comply, or attempt to replicate the model Ocean is operating with in order to remove the need for compliance. This comes with its own challenges, namely scalability. As I said earlier in regards to a world where only solo mining was possible, that would create a minimum viable size for a mining operation just in terms of regularity of payout in order to pay the bills. A naive on-chain only payout system directly in the coinbase transaction creates similar issues. Miners must have a certain minimum size or they will not earn a large enough proportional share of a block reward to make economic sense to pay out directly on-chain. That scalability issue of miner payouts needs to be solved or we find ourselves in a world where we still run into possibly troublesome limitations if we manage to escape regulatory influence at this level. There are a few possible paths that could be taken to address this issue. Braidpool attempts to solve it by using large Schnorr multisig addresses requiring a majority of miners to sign off on properly distributing the rewards. CTV offers two ways it could assist, from just committing to eventual payouts to individual miners that could be cut through optimistically with multisig, or enable coordination free mining pooling through a scheme originally proposed by Jeremy Rubin. Jeremy’s scheme essentially looks backwards at past blocks within some threshold of being recent, and when you find a block shares the reward with the coinbase address of those past blocks. If any of those miners doesn’t share theirs accordingly when they find their next block, you stop sharing with them. The idea is to reconstruct the benefits of a conventional pool purely through incentives that mutually benefit all involved while requiring no central coordination. Regardless of how it actually is solved, it is a problem that needs solving. Without a solution, a core part of the mining ecosystem is inevitably going to be subjected to a large swath of regulations. Major mining pools like Antpool and Foundry - almost 50% of the network mines with them - already require KYC procedures to be followed to mine with their pool. As long as custodying of funds is involved in pool operations, this is likely to become a legally mandated requirement in the near future. Who Let That Get In There? One of the core functions of miners in general is processing transactions in blocks, this is how the network is able to function as a payments system. Miners, or rather these days mining pools, construct the actual block template and decide which transactions to include in the block they are currently working on. This puts mining pools in a precarious position as far as regulations are concerned with processing financial transactions. There are arguments on both sides as far as liability is concerned with what transactions miners do or do not include in their blocks, but it is a fact that the government is putting their attention on exactly that question of liability. Carole House, former director of cybersecurity and secure digital innovation at the White House, recently brought up exactly the question of miners’ liability to abide by the OFAC Sanction’s list at a House Financial Service Committee hearing in February. In addressing the committee she argued specifically that the question of criminal activity occurring on the Bitcoin network can be addressed at the protocol level rather than simply applying regulations and enforcement actions solely at the level of custodial businesses. Her argument was that miners have an existing obligation under current regulations and laws to exclude transactions to or from OFAC sanctioned addresses in their block templates. This argument is going to be made much more heavy handedly, and the reality is that this is going to be a very tough fight to avoid. Mining pools, and individual miners, factually have the ability to decide whether or not to include a transaction in their block. This is inarguably true. If this ability is legally interpreted as being a party to or facilitator of a transaction, then they do have the legal obligation to exclude any transactions involving OFAC sanctioned addresses from their blocks. The only arguments that can be made against this either essentially fall under arguments that propagating Bitcoin related information is free speech, or that the requirements to comply with these regulations create an undue economic burden on miners. I am not a lawyer, but something tells me the latter argument of “we can’t make enough money to be profitable without accepting transaction fees from criminals and terrorists” would not be viewed favorably by a court, even in a world where those transactions constituted such a large percent of miners potential revenue that it would be a serious consideration. That leaves the free speech argument. Mining pools would have to essentially make the argument that they are an “interactive computer service” under Section 230. Section 230 was designed to provide a liability exemption for platform operators functioning on the internet, due to the practical concerns of them being able to properly moderate or remove illegal content consistently due to the nature of how these platforms work. It specifically exempts platform operators and other users from any legal liability that could result from the actions of another user of the platform. In order to actually make this argument and have it stand, it would have to be successfully argued in court that a bitcoin transaction itself is simply speech. That is a very tall order, and I say that as someone who thinks there is a very solid case to be made there. The argument would have to be made that whenever someone is using Bitcoin directly at the protocol level, i.e. crafting and broadcasting their own bitcoin transactions instead of using a custodian, that their engagement with the network and protocol is an exercise of free speech. If this argument cannot be successfully made, then Bitcoin’s censorship resistance ultimately depends on less than 51% of the hashrate being subjected to a jurisdiction’s regulations requiring such censorship be undertaken by the miners themselves. The United States currently hosts close to 40% of the hashrate in the world, with almost 30% being hosted in the state of Texas alone. If that share of hashrate in the United States grew to exceed 51%, it would enable American miners subject to such restrictions to enforce that globally by orphaning blocks from foreign miners that included sanctioned transactions. Dealing with this issue either depends on mining remaining competitive and distributed enough that no one jurisdiction ever exceeds that danger threshold, or successfully making and winning the case that Bitcoin transactions are an exercise of free speech. The only alternative to those two options is to outright resist and hope that a jurisdiction with such a hashrate majority is incapable of enforcing censorship requirements. And that is not even considering the potential for multiple jurisdictions cooperating to enforce such requirements in coordination with each other. Hashrate On The GroundMining pools present a low hanging fruit to go after in terms of regulatory compliance and enforcement, but ultimately the thing underlying that is the actual hardware operators on the ground. Any regulatory action taken against pools isn’t going to end there, the express purpose of it in the first place is to go after the actual hardware owner operators. Mining pools are simply a convenient first step along that road with a relatively low cost for compelled compliance and enforcement actions. Public Company ShacklesPublic mining companies have proliferated this last cycle wildly. This has opened a massive can of worms in terms of systemic risks and problems. First and foremost, these mining operations are now accountable to their investors with the potential for legal avenues to override operational decisions under the auspices of shareholders interest. On its own this isn’t inherently bad, it’s in fact a potential mechanism ensuring their prioritizing of profit maximization, which is an absolute necessity in a cut through competitive industry such as Bitcoin; but this dynamic exists in an environment where they are held to much higher scrutiny from regulators. By virtue of being publicly traded, a public company is allowed little if any ambiguity, they have no real privacy in internal operations, anything material about the business must ultimately be made public for existing and prospective investors. One such example is SOX Compliance requirements. These are reporting and audit requirements established under the Sarbanes-Oxley Act in 2002 in direct response to major accounting fraud scandals at the time such as Enron and WorldCom. The Act placed a much heavier burden on public companies, and delineated specific separation of concerns between the internal company accounting process and the auditing process, which is now legally required to meet specific standards of independence from the company in question. It also requires more in depth financial disclosures, including assets off the company balance sheet and corporate officers’ stock transactions. All of these public companies and their information are right in the open for instant compliance verification and enforcement in the event of new regulatory requirements. Nothing is ambiguous, nothing is unknown or uncertain, there is no camouflage or possibility of flying under the radar. The legal structures involved in a publicly traded company making non-compliance not an option.Information CollectionThe government is looking to collect any information they can get their hands on regarding actual mining operations. This is indisputably demonstrated by the recently attempted Department of Energy EIA Emergency Survey that was rescinded after a court case in Waco, Texas brought against the EIA by Riot Platforms and the Texas Blockchain Council. That was assuredly not the end of the matter. They want information on privately owned operations as much as public companies where it is already easily accessible. The EIA demanded information on every commercial mining facility in the United States. They wanted GPS coordinates, the available power in their purchasing agreement with utilities, the utility company they bought power from, the amount of power actually drawn, and the amount of hashrate they had. This trend is not going to stop here. The larger this network grows in economic terms, the more politically relevant it becomes. The more politically relevant it becomes, the more regulations politicians will want to pass. Regulations require information and deliberation. Even without specific surveys targeted at collecting information directly from miners, agencies have an amazing set of data sitting there waiting at utility companies for them. Energy providers learn quite a lot about consumers of large amounts of power just in the course of making purchase agreements with them. In the event courts or legal processes do not allow them to demand information directly from miners, especially privately owned ones, there are paths to acquiring this information indirectly. In the most extreme cases, it is possible to actively probe for information. Multiple methods have been developed in the last few years to analyze data around electrical pull from end consumers on the grid. Some use deep learning, others analyze the actual modulation of the electrical current. These methods can be used to detect the presence of Bitcoin miners by analyzing power flow upstream from them on the grid. In the absolute worst case scenario, governments will easily be able to detect any mining operation connected to the power grid by looking at net amounts of energy consumption or the modulation of the actual current itself by the grid connected consumer. If the NSA can establish surveillance closets with Internet Service Providers in the normal course of operations, why not power companies as well?On a physical level, things are going to go heavily in the favor of governments and regulators. As long as you are connected to the grid, there will be no escaping them. Off The GridGetting off the grid is the only even remote hope of staying off the government’s radar as a miner. Without the connection to the grid, there is no real time electrical feed to analyze, not as invasive if any data collection as a necessary byproduct of having a purchase agreement with a utility company. It’s the only place any meaningful privacy or stealth can be achieved. Off grid energy is not easy to come by at scale though. Anyone can install a solar panel on their roof, but that doesn’t output much energy measured in terms of hashrate. It might power a handful of machines, but even with large numbers of people engaging in such small scale operations it won’t in aggregate be able to compete with larger scale operations. If you hunt around you might be able to find some decommissioned hydroelectric power stations somewhere, but that requires a lot of capital if even allowed legally, and is not something you can accomplish without getting yourself on the radar.Natural gas wells are the only real possibility of scaling an off-grid operation. I say possibility because it is not a guaranteed path to mining off the government’s radar. Oil and gas wells are still subject to regulations and data collection on their own, but the relative distribution of mineral rights offers the possibility of creating many more degrees of separation between regulators and the actual mining operator. There are people all over with a well on their property who will just sell you the gas without the invasive collection of information required on the grid. You might even find some abandoned and capped wells out there if you know where to look. But even this is a game of cat and mouse. Gas flare mining isn’t some tightly kept secret, everyone knows it occurs. That information is out there and collectible if governments decide to put in the effort and resources to collect it. In the most extreme scenario, numerous governments worldwide have satellites that track methane emissions from well sites and general areas all over the world. For everything that miners can do to stay under the radar, if governments want to spend the resources they can find them anyway. Ultimately this aspect of the equation, the physical hardware on the ground, will likely never be able to escape regulatory ire to any sizable extent. This problem ultimately can’t be solved with technology. It comes down to successful legal challenges of regulations, without which miners will be subject to the regulations of their host jurisdictions. If miners do not arbitrage this risk by spreading themselves diversely across many jurisdictions that do not cooperate with each other, then this represents a systemic threat to the whole system. Who Brought The Chips?Mining has two absolute requirements as a business, two things that an operation definitively cannot exist without: energy and mining hardware. You can’t have mining hardware without ASIC chips. Energy is an abundantly distributed resource, available all over the planet from numerous diverse sources. ASIC chips are not so distributed. There are only a handful of places in the world that they can be sourced, with even fewer places they can be produced, and ultimately dependent on an even more centralized supply chain root. ASICs do not grow on trees, and the production process is not likely to become any more distributed than it is right now any time in the near future. Economic CentralizationWhen it comes to asic manufacturers, there’s only really a handful of competitive ones. Bitmain, MicroBT, Canaan, and Innosilicon. There are other companies, but they are a tiny sliver of the marketplace and mostly small Chinese companies. These are essentially your options if you want to get your hands on mining hardware to start an operation. The market for chips is one of the most centralized, if not the most centralized aspect of the mining ecosystem. It gets even worse when it comes to the actual production process. TSMC in Taiwan is pretty much the cutting edge of chip fabrication in the world. They are always the first to market with the latest nm production technology, and function as the backbone of global semiconductor manufacturing at the bleeding edge. BITMAIN is the only Bitcoin mining company they will do business with. There is currently no possibility for other manufacturers to make use of TSMC production capabilities. That essentially means that Intel in the US and Samsung in South Korea are the only options at scale for ASIC production. No other major companies can service an ASIC manufacturer at scale. This is an ultimate chokepoint at the very root of the mining industry that is as heavily centralized as it can possibly be. It’s essentially in practice a duopoly, with Intel as of now giving up on ASIC production after their first attempt at a manufacturing run did not live up to their expectations in terms of performance. You have TSMC, monopolized by BITMAIN, and then Samsung. The economics of semiconductor manufacturing require a massive capital investment, billions of dollars, to construct a new production facility. They are not something you can just spin up overnight, and not something anyone can just jump into the market for and start competing. The barriers to entry are massive, in terms of economic cost as well as technical specialization. This issue, much like the ability to hide an operation from the government, is something that in the end is inescapable. Politics, Leverage, and ArrakisThe industry gets even worse when you appreciate the degree of centralization at the very root of the manufacturing process: the production of the machines that produce the chips. For this part of the supply chain there is only one game in town, ASML Holding in the Netherlands. They are the only manufacturer world wide that can provide the machinery to produce cutting edge semiconductors at the bleeding edge of nm width. This gets very political very quickly at this point. Under the pressure of the US, ASML does not export certain equipment to mainland China because semiconductor production technology is treated as a national security issue. The United States spent billions of dollars under the Trump administration to incentivize TSMC to build a manufacturing facility in Arizona in the US, specifically because of the massive supply shocks to the semiconductor industry during 2020 in the midst of coronavirus lockdowns. It is not outside the realm of possibility, maybe even inevitable, that such geopolitical treatment of the semiconductor industry in general becomes a norm tailored more narrowly on the production or sale of Bitcoin mining equipment specifically. If bitcoin does what we think it could optimistically do this decade in terms of price appreciation, if it does actually grow to the point of becoming a factor in the macroeconomic picture that cannot be ignored, then the production, sale, and operation of mining equipment is going to become a national security priority for every nation in the world. All we can really do, unless you have tens of billions of dollars sitting around to throw at building a chip manufacturing facility, after somehow getting the necessary machinery sourced from ASML with a multi-year lead time, in a jurisdiction where the government cannot interfere with your ability to produce and export mining machines, is hope that the incentive balance of geopolitical dynamics far beyond Bitcoin itself in scope play out in a way that leads to sufficient distribution of that manufacturing capacity. In the novel Dune, spice was the center of the universe. It was the thing without which interstellar travel was impossible. Spice was harvested on the planet Arrakis, and whoever controlled the spice controlled the human race. Taiwan is our Arakkis, and semiconductors are our spice. Since the computer was invented it has integrated deeper and deeper into the foundations of human society, to the point that nothing can function without them. It is a geopolitical issue as important as oil. Bitcoin is on a crash course to insert itself right into the heart of that geopolitical element. Time For The Kick In The HeadBitcoin doesn’t exist in a vacuum. It isn’t some academic thought experiment, or a computer simulation where the variables directing the outcome can be fine tuned exactly how we want them to be with trivial effort. It exists in the real world, with real people, and the realities that result from real people interacting with each other. Everyone is caught up in celebration and staring at the market price increasing because of the ETF approvals, patting themselves on the back that we’ve won. It’s all over, there’s nothing left to do but kick back and enjoy the predetermined outcome where we become fabulously wealthy and the entire world bends to Bitcoin’s will. That’s not how this works.Bitcoin exists in this world, as something operating within human society. In the form of mining, it has an actual physical footprint in the real world that it is dependent upon, without which it cannot exist or function. That physical infrastructure must be defended. It must be distributed and redundant enough that attacks on parts of it cannot disrupt the whole. Government has funded itself and exists because of their control and monopoly over the ability to print money. Without deficit spending it could never have grown to the insane size it is today, it would never have attained the power and influence to interfere in all of our lives to the degree it does today. With that power being distributed all over the world, to anywhere there is energy and ASICs available, do you think they will do nothing? Knowing there is a physical component that the entire network is dependent on the function, do you think they will not attack it? Try to capture it? We are just now entering the phase of “then they fight us.” This is not going to be a walk in the park, and it’s not something that this ecosystem should get complacent about. We get one chance to run the gauntlet, and if we fuck it up, we fuck it up. This article is featured in Bitcoin Magazine’s “The Halving Issue”. Click here to get your Annual Bitcoin Magazine Subscription.

  • Running the Gauntlet
    par Shinobi le 13 juillet 2024 à 13h17

    This article is featured in Bitcoin Magazine’s “The Halving Issue”. Click here to get your Annual Bitcoin Magazine Subscription.Halvings are always looked at as seminal events, a demarking of the end of one era and the beginning of a new one. In the same way that Americans come out of the woodwork to clamor over the new set of presidential candidates in the election cycle, Bitcoiners come flooding out to celebrate the successes of the past block reward epoch and look forward to the possible successes of the next. I would argue that this halving, it is imperative to do the exact opposite of that in regards to the mining ecosystem. We should be deeply concerned with the potential of what can go very wrong in this next epoch, and how parts of the mining ecosystem can fail in ways that present a systemic risk to the Bitcoin ecosystem.Bitcoin post ETF approval is finally lunging forward in terms of developing integrations with the legacy financial system, and while this is definitely something that will contribute to deeper market liquidity and likely positive price movement, it is also something that will come with the heavy cost of providing fuel and food to an external influence on Bitcoin that will need to be resisted and fought every step of the way in order to maintain the important characteristics of Bitcoin. Decentralization, censorship resistance, the ability to offer people a truly sovereign money that is within their control. The integration of bitcoin backed products into the legacy financial system is going to draw the scrutiny of regulators and legislators like we have never seen before. The floodgates are now open in terms of people being able to freely allocate their funds to bitcoin exposure (I say this specifically because they have only price exposure and not ownership). This presents the potential for a massive migration of funds from other asset classes into bitcoin, which would have serious implications for the performance of those other asset classes depending on the size of that reallocation. This is exactly the type of situation in which the government typically makes significant regulatory changes in reaction to a fundamental change to the structure of market dynamics. Regulators are going to come for every layer of the mining stack, as that is what the rest of the network and protocol is dependent on. Click the image above to subscribe! Mining PoolsMining pools are the lowest hanging fruit for regulators to go after. Pools are an economically necessary aspect of the mining industry. Without pools, two things would be wildly different for everyone mining. First, any miner not of sufficient size would have highly irregular income. Without pools to well, pool miners' resources together and proportionately share the income from the block reward regardless of who actually found the block, miners’ income would be highly unpredictable and a stretch of bad luck in not finding blocks could literally bankrupt an operation. Without this added predictability to income, the mining ecosystem would be a very different landscape with a radically different risk profile for participants. Second, in a world of nothing but solo miners, there would practically speaking be a minimum percent of the network hashrate any given miner would need to make up in order to have any chance of running a viable business. If you are 1% of the network, you have decent odds of hitting at least a block or two a day. If your percentage of network hashrate drops much smaller than that, the irregularity of payouts can get drastic. With energy bills to pay at the end of every billing cycle, that is not a tenable situation for miners. A utility company won’t care that you “just had an unlucky month.” Where Does The Money Go? Miners pooling resources for more predictable payouts, for better or worse, is an ingrained part of the ecosystem that operations depend on in order to run a predictable business. This means that as long as they exist, centralized mining pools will present an easy low hanging target for government regulators. Mining pools are inescapably custodians, whenever a miner in a pool finds a block the coinbase reward does not pay out to that miner (with some recent exceptions such as Ocean), it pays those bitcoin out to the mining pool. This pool custodies funds on behalf of the actual miners until they choose to withdraw. Regulators worldwide require compliance for businesses that custody funds on behalf of other people, they simply haven’t caught up to the reality that is a critical function of mining pools. This is in fact exactly why Ocean launched with a model paying out their miners directly in the coinbase reward, so they could function in a way that does not involve custodying of other peoples’ funds. It is inevitable that pools begin getting overt pressure from regulators to comply with requirements of custodial entities. The only option at that point will be for pools to comply, or attempt to replicate the model Ocean is operating with in order to remove the need for compliance. This comes with its own challenges, namely scalability. As I said earlier in regards to a world where only solo mining was possible, that would create a minimum viable size for a mining operation just in terms of regularity of payout in order to pay the bills. A naive on-chain only payout system directly in the coinbase transaction creates similar issues. Miners must have a certain minimum size or they will not earn a large enough proportional share of a block reward to make economic sense to pay out directly on-chain. That scalability issue of miner payouts needs to be solved or we find ourselves in a world where we still run into possibly troublesome limitations if we manage to escape regulatory influence at this level. There are a few possible paths that could be taken to address this issue. Braidpool attempts to solve it by using large Schnorr multisig addresses requiring a majority of miners to sign off on properly distributing the rewards. CTV offers two ways it could assist, from just committing to eventual payouts to individual miners that could be cut through optimistically with multisig, or enable coordination free mining pooling through a scheme originally proposed by Jeremy Rubin. Jeremy’s scheme essentially looks backwards at past blocks within some threshold of being recent, and when you find a block shares the reward with the coinbase address of those past blocks. If any of those miners doesn’t share theirs accordingly when they find their next block, you stop sharing with them. The idea is to reconstruct the benefits of a conventional pool purely through incentives that mutually benefit all involved while requiring no central coordination. Regardless of how it actually is solved, it is a problem that needs solving. Without a solution, a core part of the mining ecosystem is inevitably going to be subjected to a large swath of regulations. Major mining pools like Antpool and Foundry - almost 50% of the network mines with them - already require KYC procedures to be followed to mine with their pool. As long as custodying of funds is involved in pool operations, this is likely to become a legally mandated requirement in the near future. Who Let That Get In There? One of the core functions of miners in general is processing transactions in blocks, this is how the network is able to function as a payments system. Miners, or rather these days mining pools, construct the actual block template and decide which transactions to include in the block they are currently working on. This puts mining pools in a precarious position as far as regulations are concerned with processing financial transactions. There are arguments on both sides as far as liability is concerned with what transactions miners do or do not include in their blocks, but it is a fact that the government is putting their attention on exactly that question of liability. Carole House, former director of cybersecurity and secure digital innovation at the White House, recently brought up exactly the question of miners’ liability to abide by the OFAC Sanction’s list at a House Financial Service Committee hearing in February. In addressing the committee she argued specifically that the question of criminal activity occurring on the Bitcoin network can be addressed at the protocol level rather than simply applying regulations and enforcement actions solely at the level of custodial businesses. Her argument was that miners have an existing obligation under current regulations and laws to exclude transactions to or from OFAC sanctioned addresses in their block templates. This argument is going to be made much more heavy handedly, and the reality is that this is going to be a very tough fight to avoid. Mining pools, and individual miners, factually have the ability to decide whether or not to include a transaction in their block. This is inarguably true. If this ability is legally interpreted as being a party to or facilitator of a transaction, then they do have the legal obligation to exclude any transactions involving OFAC sanctioned addresses from their blocks. The only arguments that can be made against this either essentially fall under arguments that propagating Bitcoin related information is free speech, or that the requirements to comply with these regulations create an undue economic burden on miners. I am not a lawyer, but something tells me the latter argument of “we can’t make enough money to be profitable without accepting transaction fees from criminals and terrorists” would not be viewed favorably by a court, even in a world where those transactions constituted such a large percent of miners potential revenue that it would be a serious consideration. That leaves the free speech argument. Mining pools would have to essentially make the argument that they are an “interactive computer service” under Section 230. Section 230 was designed to provide a liability exemption for platform operators functioning on the internet, due to the practical concerns of them being able to properly moderate or remove illegal content consistently due to the nature of how these platforms work. It specifically exempts platform operators and other users from any legal liability that could result from the actions of another user of the platform. In order to actually make this argument and have it stand, it would have to be successfully argued in court that a bitcoin transaction itself is simply speech. That is a very tall order, and I say that as someone who thinks there is a very solid case to be made there. The argument would have to be made that whenever someone is using Bitcoin directly at the protocol level, i.e. crafting and broadcasting their own bitcoin transactions instead of using a custodian, that their engagement with the network and protocol is an exercise of free speech. If this argument cannot be successfully made, then Bitcoin’s censorship resistance ultimately depends on less than 51% of the hashrate being subjected to a jurisdiction’s regulations requiring such censorship be undertaken by the miners themselves. The United States currently hosts close to 40% of the hashrate in the world, with almost 30% being hosted in the state of Texas alone. If that share of hashrate in the United States grew to exceed 51%, it would enable American miners subject to such restrictions to enforce that globally by orphaning blocks from foreign miners that included sanctioned transactions. Dealing with this issue either depends on mining remaining competitive and distributed enough that no one jurisdiction ever exceeds that danger threshold, or successfully making and winning the case that Bitcoin transactions are an exercise of free speech. The only alternative to those two options is to outright resist and hope that a jurisdiction with such a hashrate majority is incapable of enforcing censorship requirements. And that is not even considering the potential for multiple jurisdictions cooperating to enforce such requirements in coordination with each other. Hashrate On The GroundMining pools present a low hanging fruit to go after in terms of regulatory compliance and enforcement, but ultimately the thing underlying that is the actual hardware operators on the ground. Any regulatory action taken against pools isn’t going to end there, the express purpose of it in the first place is to go after the actual hardware owner operators. Mining pools are simply a convenient first step along that road with a relatively low cost for compelled compliance and enforcement actions. Public Company ShacklesPublic mining companies have proliferated this last cycle wildly. This has opened a massive can of worms in terms of systemic risks and problems. First and foremost, these mining operations are now accountable to their investors with the potential for legal avenues to override operational decisions under the auspices of shareholders interest. On its own this isn’t inherently bad, it’s in fact a potential mechanism ensuring their prioritizing of profit maximization, which is an absolute necessity in a cut through competitive industry such as Bitcoin; but this dynamic exists in an environment where they are held to much higher scrutiny from regulators. By virtue of being publicly traded, a public company is allowed little if any ambiguity, they have no real privacy in internal operations, anything material about the business must ultimately be made public for existing and prospective investors. One such example is SOX Compliance requirements. These are reporting and audit requirements established under the Sarbanes-Oxley Act in 2002 in direct response to major accounting fraud scandals at the time such as Enron and WorldCom. The Act placed a much heavier burden on public companies, and delineated specific separation of concerns between the internal company accounting process and the auditing process, which is now legally required to meet specific standards of independence from the company in question. It also requires more in depth financial disclosures, including assets off the company balance sheet and corporate officers’ stock transactions. All of these public companies and their information are right in the open for instant compliance verification and enforcement in the event of new regulatory requirements. Nothing is ambiguous, nothing is unknown or uncertain, there is no camouflage or possibility of flying under the radar. The legal structures involved in a publicly traded company making non-compliance not an option.Information CollectionThe government is looking to collect any information they can get their hands on regarding actual mining operations. This is indisputably demonstrated by the recently attempted Department of Energy EIA Emergency Survey that was rescinded after a court case in Waco, Texas brought against the EIA by Riot Platforms and the Texas Blockchain Council. That was assuredly not the end of the matter. They want information on privately owned operations as much as public companies where it is already easily accessible. The EIA demanded information on every commercial mining facility in the United States. They wanted GPS coordinates, the available power in their purchasing agreement with utilities, the utility company they bought power from, the amount of power actually drawn, and the amount of hashrate they had. This trend is not going to stop here. The larger this network grows in economic terms, the more politically relevant it becomes. The more politically relevant it becomes, the more regulations politicians will want to pass. Regulations require information and deliberation. Even without specific surveys targeted at collecting information directly from miners, agencies have an amazing set of data sitting there waiting at utility companies for them. Energy providers learn quite a lot about consumers of large amounts of power just in the course of making purchase agreements with them. In the event courts or legal processes do not allow them to demand information directly from miners, especially privately owned ones, there are paths to acquiring this information indirectly. In the most extreme cases, it is possible to actively probe for information. Multiple methods have been developed in the last few years to analyze data around electrical pull from end consumers on the grid. Some use deep learning, others analyze the actual modulation of the electrical current. These methods can be used to detect the presence of Bitcoin miners by analyzing power flow upstream from them on the grid. In the absolute worst case scenario, governments will easily be able to detect any mining operation connected to the power grid by looking at net amounts of energy consumption or the modulation of the actual current itself by the grid connected consumer. If the NSA can establish surveillance closets with Internet Service Providers in the normal course of operations, why not power companies as well?On a physical level, things are going to go heavily in the favor of governments and regulators. As long as you are connected to the grid, there will be no escaping them. Off The GridGetting off the grid is the only even remote hope of staying off the government’s radar as a miner. Without the connection to the grid, there is no real time electrical feed to analyze, not as invasive if any data collection as a necessary byproduct of having a purchase agreement with a utility company. It’s the only place any meaningful privacy or stealth can be achieved. Off grid energy is not easy to come by at scale though. Anyone can install a solar panel on their roof, but that doesn’t output much energy measured in terms of hashrate. It might power a handful of machines, but even with large numbers of people engaging in such small scale operations it won’t in aggregate be able to compete with larger scale operations. If you hunt around you might be able to find some decommissioned hydroelectric power stations somewhere, but that requires a lot of capital if even allowed legally, and is not something you can accomplish without getting yourself on the radar.Natural gas wells are the only real possibility of scaling an off-grid operation. I say possibility because it is not a guaranteed path to mining off the government’s radar. Oil and gas wells are still subject to regulations and data collection on their own, but the relative distribution of mineral rights offers the possibility of creating many more degrees of separation between regulators and the actual mining operator. There are people all over with a well on their property who will just sell you the gas without the invasive collection of information required on the grid. You might even find some abandoned and capped wells out there if you know where to look. But even this is a game of cat and mouse. Gas flare mining isn’t some tightly kept secret, everyone knows it occurs. That information is out there and collectible if governments decide to put in the effort and resources to collect it. In the most extreme scenario, numerous governments worldwide have satellites that track methane emissions from well sites and general areas all over the world. For everything that miners can do to stay under the radar, if governments want to spend the resources they can find them anyway. Ultimately this aspect of the equation, the physical hardware on the ground, will likely never be able to escape regulatory ire to any sizable extent. This problem ultimately can’t be solved with technology. It comes down to successful legal challenges of regulations, without which miners will be subject to the regulations of their host jurisdictions. If miners do not arbitrage this risk by spreading themselves diversely across many jurisdictions that do not cooperate with each other, then this represents a systemic threat to the whole system. Who Brought The Chips?Mining has two absolute requirements as a business, two things that an operation definitively cannot exist without: energy and mining hardware. You can’t have mining hardware without ASIC chips. Energy is an abundantly distributed resource, available all over the planet from numerous diverse sources. ASIC chips are not so distributed. There are only a handful of places in the world that they can be sourced, with even fewer places they can be produced, and ultimately dependent on an even more centralized supply chain root. ASICs do not grow on trees, and the production process is not likely to become any more distributed than it is right now any time in the near future. Economic CentralizationWhen it comes to asic manufacturers, there’s only really a handful of competitive ones. Bitmain, MicroBT, Canaan, and Innosilicon. There are other companies, but they are a tiny sliver of the marketplace and mostly small Chinese companies. These are essentially your options if you want to get your hands on mining hardware to start an operation. The market for chips is one of the most centralized, if not the most centralized aspect of the mining ecosystem. It gets even worse when it comes to the actual production process. TSMC in Taiwan is pretty much the cutting edge of chip fabrication in the world. They are always the first to market with the latest nm production technology, and function as the backbone of global semiconductor manufacturing at the bleeding edge. BITMAIN is the only Bitcoin mining company they will do business with. There is currently no possibility for other manufacturers to make use of TSMC production capabilities. That essentially means that Intel in the US and Samsung in South Korea are the only options at scale for ASIC production. No other major companies can service an ASIC manufacturer at scale. This is an ultimate chokepoint at the very root of the mining industry that is as heavily centralized as it can possibly be. It’s essentially in practice a duopoly, with Intel as of now giving up on ASIC production after their first attempt at a manufacturing run did not live up to their expectations in terms of performance. You have TSMC, monopolized by BITMAIN, and then Samsung. The economics of semiconductor manufacturing require a massive capital investment, billions of dollars, to construct a new production facility. They are not something you can just spin up overnight, and not something anyone can just jump into the market for and start competing. The barriers to entry are massive, in terms of economic cost as well as technical specialization. This issue, much like the ability to hide an operation from the government, is something that in the end is inescapable. Politics, Leverage, and ArrakisThe industry gets even worse when you appreciate the degree of centralization at the very root of the manufacturing process: the production of the machines that produce the chips. For this part of the supply chain there is only one game in town, ASML Holding in the Netherlands. They are the only manufacturer world wide that can provide the machinery to produce cutting edge semiconductors at the bleeding edge of nm width. This gets very political very quickly at this point. Under the pressure of the US, ASML does not export certain equipment to mainland China because semiconductor production technology is treated as a national security issue. The United States spent billions of dollars under the Trump administration to incentivize TSMC to build a manufacturing facility in Arizona in the US, specifically because of the massive supply shocks to the semiconductor industry during 2020 in the midst of coronavirus lockdowns. It is not outside the realm of possibility, maybe even inevitable, that such geopolitical treatment of the semiconductor industry in general becomes a norm tailored more narrowly on the production or sale of Bitcoin mining equipment specifically. If bitcoin does what we think it could optimistically do this decade in terms of price appreciation, if it does actually grow to the point of becoming a factor in the macroeconomic picture that cannot be ignored, then the production, sale, and operation of mining equipment is going to become a national security priority for every nation in the world. All we can really do, unless you have tens of billions of dollars sitting around to throw at building a chip manufacturing facility, after somehow getting the necessary machinery sourced from ASML with a multi-year lead time, in a jurisdiction where the government cannot interfere with your ability to produce and export mining machines, is hope that the incentive balance of geopolitical dynamics far beyond Bitcoin itself in scope play out in a way that leads to sufficient distribution of that manufacturing capacity. In the novel Dune, spice was the center of the universe. It was the thing without which interstellar travel was impossible. Spice was harvested on the planet Arrakis, and whoever controlled the spice controlled the human race. Taiwan is our Arakkis, and semiconductors are our spice. Since the computer was invented it has integrated deeper and deeper into the foundations of human society, to the point that nothing can function without them. It is a geopolitical issue as important as oil. Bitcoin is on a crash course to insert itself right into the heart of that geopolitical element. Time For The Kick In The HeadBitcoin doesn’t exist in a vacuum. It isn’t some academic thought experiment, or a computer simulation where the variables directing the outcome can be fine tuned exactly how we want them to be with trivial effort. It exists in the real world, with real people, and the realities that result from real people interacting with each other. Everyone is caught up in celebration and staring at the market price increasing because of the ETF approvals, patting themselves on the back that we’ve won. It’s all over, there’s nothing left to do but kick back and enjoy the predetermined outcome where we become fabulously wealthy and the entire world bends to Bitcoin’s will. That’s not how this works.Bitcoin exists in this world, as something operating within human society. In the form of mining, it has an actual physical footprint in the real world that it is dependent upon, without which it cannot exist or function. That physical infrastructure must be defended. It must be distributed and redundant enough that attacks on parts of it cannot disrupt the whole. Government has funded itself and exists because of their control and monopoly over the ability to print money. Without deficit spending it could never have grown to the insane size it is today, it would never have attained the power and influence to interfere in all of our lives to the degree it does today. With that power being distributed all over the world, to anywhere there is energy and ASICs available, do you think they will do nothing? Knowing there is a physical component that the entire network is dependent on the function, do you think they will not attack it? Try to capture it? We are just now entering the phase of “then they fight us.” This is not going to be a walk in the park, and it’s not something that this ecosystem should get complacent about. We get one chance to run the gauntlet, and if we fuck it up, we fuck it up. This article is featured in Bitcoin Magazine’s “The Halving Issue”. Click here to get your Annual Bitcoin Magazine Subscription.

  • ClickFix Technique Used To Deploy DarkGate And Lumma Stealer
    par OSINT without Borders le 13 juillet 2024 à 5h39

    Researchers have uncovered a malware delivery method dubbed “ClickFix,” which exploits user trust through compromised websites to deliver DakGate and Lumma Stealer malware variants. The ClickFix technique uses social engineering to trick users into executing malicious scripts, potentially leading to severe system compromise of affected systems. These sites redirect visitors to domains hosting fake popup windows, which instruct users to paste a script into a PowerShell terminal. ClickFix Social Engineering Infection Chain After visitors are redirected from seemingly-legitimate sites, instructions are displayed to deceive them into pasting various base64-encoded commands into a PowerShell terminal. Researchers from McAfee Labs stated that these commands are designed to download and execute malware, from remote attacker-controlled C2 servers. Prevalence over past three months (Source: mcafee.com) The ClickFix social engineering technique showcases a highly effective and technical method for malware deployment. Once the malware is active on the system, the malware typically includes steps to evade security detections such as clearing clipboard contents and running processes on minimized windows, maintain persistence on victim’s systems, and stealing users’ personal data to send to a command and control (C2) server. The researchers have detailed the use of the ClickFix technique by the DarkGate and Lumma Stealer malware: DarkGateDarkGate is a malware family that relies on the ClickFix technique. The DarkGate malware is distributed through phishing emails that contain HTML attachments masqueraded as MS Office Word document files. After a user accesses the attachment, the HTML file displays a “How to fix” button, that upon clicking displays base64-encoded commands which hide malicious PowerShell instructions. Source: mcafee.com Upon running, the PowerShell commands downloads and executes an additional HTA file that contains additional malicious payloads. Once infected, the malware is capable of exfiltrating sensitive information and providing unauthorized remote access to threat actors. Lumma Stealer Source: mcafee.com While the Lumma Stealer is distributed through similar use of the ClickFix technique, visitors are usually greeted directly with a webpage displaying error message such as supposed browser problems, and are apparently provided instructions to ‘fix’ the issue. These instructions trick users to similarly enter base64-encoded commands into a PowerShell terminal that run the Lumma Stealer malware upon execution. This allows the stealer to bypass traditional security measures while compromising affected systems. Mitigations and Remediations To protect against the ClickFix technique and malware such as DarkGate and Lumma stealer, the researchers have shared the following recommendations: Regular training to inform potential victims about about social engineering tactics or phishing campaigns. Use of antivirus software on system endpoints. Implementation of a robust email or website filtering system to block suspicious phishing mails, malicious attachments or malicious websites. Deployment of firewalls and intrusion detection/prevention systems (IDS/IPS) to block against  malicious traffic on networks. Network segmentation to prevent the spread of malware within organizations. Monitoring of network logs and traffic Enforcement of the principle of least privilege (PoLP). Implementation of security policies or monitoring over clipboard content, particularly in sensitive environments. Implementation of multi-factor authentication (MFA). Update operating systems, software, and applications to the latest available patched versions. Encrypt stored data or data in transmission from potential unauthorized access. Regular and secure back up of important data Related

  • Why Ignoring Third-Party Risks Can Wreck Your Business?
    par /u/ProofandTrust le 12 juillet 2024 à 23h01

    Hey folks, I want to share a bit about something super important in business that often gets overlooked—managing risks with third parties. You know, those suppliers, vendors, or partners you share your info with? Not assessing the risks they bring can really come back to bite you. Picture this: You’re sharing sensitive information with a new supplier. If they aren’t secure, your data might end up in the wrong hands. Remember the Target data breach? Hackers got in through a vendor, and it cost Target millions. Or think about your supply chain. If one of your suppliers fails, your whole operation could come to a halt. The pandemic showed us how fragile supply chains can be. Businesses without a good risk management plan faced huge disruptions. And then there’s compliance. If a vendor mishandles data, you could be fined big time for not following regulations like GDPR. You’re on the hook, even if it’s their mistake. So, how do you avoid these pitfalls? Do your homework on anyone you work with. Make sure your contracts cover all the bases, like data protection and what happens if things go wrong. Keep an eye on these relationships regularly. Bottom line: Don’t ignore third-party risks. They can cost you big time, both in money and reputation. Stay vigilant and protect your business. Take care and stay smart! submitted by /u/ProofandTrust [link] [comments]

  • Apple ouvre enfin son service Pay à la concurrence en Europe
    par Jonny Evans, Computerworld (adapté par Dominique Filippone) le 12 juillet 2024 à 13h51

    Alors qu'Apple est confronté à une poussée de vagues réglementaires (RGPD, DMA, DSA...), son service Pay va permettre aux solutions (...)

  • Entrée en vigueur du règlement européen sur l'IA : les premières questions-réponses de la CNIL
    par CNIL le 12 juillet 2024 à 13h45

    Depuis un an, la CNIL a lancé son plan d'action pour promouvoir une IA respectueuse des droits des personnes sur leurs données et sécuriser les entreprises innovant en la matière dans leur application du RGPD. À l'occasion de la publication du règlement IA au JOUE, la CNIL répond à vos questions sur ce nouveau texte. Le règlement européen sur l'IA (ou AI Act) vient d'être publié au Journal officiel de l'Union européenne (JOUE) et entrera progressivement en application à partir du 1er aout 2024. Qui est concerné ? Qu'est-ce qui distingue le règlement IA du RGPD et en quoi se complètent-ils ? Présentation du règlement IA Qu'est-ce que prévoit le règlement IA (ou AI Act) ? Qui contrôlera l'application du RIA dans l'UE et en France ? Comment la CNIL va-t-elle prendre en compte le RIA ? Quand le RIA entre-t-il en application ? Comment s'articulent le RGPD et le RIA ? Le RIA remplace-t-il les exigences du RGPD ? RIA / RGPD : comment savoir quel(s) règlement(s) s'applique(nt) à moi ? Comment le RIA impacte-t-il le RGPD ? Transparence et documentation : comment articuler ces exigences du RIA avec celles du RGPD ? Pour résumer : quelles différences entre les exigences du RIA et le RGPD ? Pour approfondir Le règlement IA Tous les contenus de la CNIL sur l'intelligence artificielle

  • mSpy Data Breach: Millions of Customers’ Data Exposed
    par Divya le 12 juillet 2024 à 11h42

    mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing the sensitive information of millions of its customers. The breach, which Brainstack, mSpy’s parent company, has not publicly acknowledged, has raised serious concerns about spyware applications’ security and ethical implications. The Extent of the Breach mSpy Customers’ Locations The breach, first disclosed by Switzerland-based hacker Maia Arson Crimew, involved over 100 gigabytes of Zendesk records. These records contained millions of individual customer service tickets, email addresses, and the contents of those emails. Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files Techcrunch data revealed that mSpy’s customers are spread globally, with significant clusters in Europe, India, Japan, South America, the United Kingdom, and the United States. Troy Hunt, who runs the data breach notification site Have I Been Pwned, obtained a copy of the leaked dataset. He added about 2.4 million unique email addresses of mSpy customers to his site’s catalog of past data breaches. Hunt confirmed the accuracy of the leaked data by contacting several subscribers who verified the information. Implications for Privacy and Security The mSpy data breach is the latest in several incidents involving phone spyware operations. This breach underscores the inherent risks associated with spyware applications, which are often marketed for parental control but can be misused for unauthorized surveillance. The leaked data included customer information and details of unwitting victims targeted by mSpy users. Dataset analysis revealed that some journalists had contacted mSpy following a previous breach in 2018. Additionally, U.S. law enforcement agents had filed or sought to file subpoenas and legal demands with mSpy. In one instance, a mSpy representative provided billing and address information about a customer to an FBI agent investigating a kidnapping and homicide case. The emails in the leaked data show that mSpy’s operators were aware of the spyware’s misuse. After being discovered, some customers inquired about removing mSpy from their partner’s phone. The dataset also raised questions about U.S. government officials and agencies, police departments, and the judiciary using mSpy, with some instances lacking transparent legal processes. Brainstack’s Role and Response Brainstack, the Ukrainian tech company behind mSpy, has remained largely hidden. Despite its significant customer base, Brainstack has not publicly acknowledged the breach. The leaked Zendesk data exposed Brainstack’s involvement in mSpy’s operations, revealing records of employees using false names to respond to customer tickets. When contacted by TechCrunch, Brainstack employees confirmed their names as found in the leaked records but declined to discuss their work. Brainstack’s chief executive, Volodymyr Sitnikov, and senior executive, Kateryna Yurchuk, did not respond to multiple emails requesting comment. A Brainstack representative, who did not provide their name, declined to answer questions but did not dispute the reporting. Zendesk, the platform used by mSpy for customer support, stated that they had no evidence of a compromise of their platform. However, they did not clarify whether mSpy’s use of Zendesk violated their terms of service. The mSpy data breach has exposed the vulnerabilities and ethical concerns surrounding spyware applications. With millions of customers’ data compromised, the incident highlights the need for stricter regulations and oversight of spyware operations. As authorities and watchdogs continue to investigate, the breach is a stark reminder of the potential dangers of surveillance technology. "Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo The post mSpy Data Breach: Millions of Customers’ Data Exposed appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

  • Hackers Using ClickFix Social Engineering Tactics to Deploy Malware
    par Divya le 12 juillet 2024 à 9h40

    Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery, dubbed the “ClickFix” infection chain. This novel attack strategy leverages advanced social engineering techniques to manipulate unsuspecting users into executing malicious scripts, leading to severe security breaches. This article delves into the intricacies of the ClickFix method, its implications, and the steps users can take to protect themselves. Prevalence for the last three months The ClickFix Infection Chain The ClickFix infection chain begins with users being lured to visit seemingly legitimate but compromised websites. These websites are meticulously crafted to appear genuine, significantly increasing the likelihood of user compliance. Upon visiting these sites, victims are redirected to domains hosting fake popup windows. These popups instruct users to paste a script into a PowerShell terminal, a command-line shell used for task automation and configuration management. Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files Once the script is pasted and executed in the PowerShell terminal, the malware can infiltrate the victim’s system. This can lead to data theft, system compromise, or further propagation of the malware. The sophistication of this method lies in its ability to exploit the trust users place in seemingly authentic websites and prompts. Malware Families Leveraging ClickFix Two notable malware families, Lumma Stealer and DarkGate, have been observed leveraging the ClickFix technique. Lumma Stealer is known for its ability to extract sensitive information, including passwords, credit card details, and other personal data, from infected systems. DarkGate, on the other hand, is a more advanced threat that steals sensitive information, provides remote access, and establishes persistent backdoors in compromised systems. DarkGate employs advanced evasion tactics, making it difficult to detect and remove. It can spread within networks, posing a significant cybersecurity threat. Combining these malware families with the ClickFix technique represents a formidable challenge for cybersecurity professionals. The Role of Phishing Emails McAfee Labs obtained a phishing email from their spamtrap containing an HTML attachment masquerading as a Word document. Phishing emails play a crucial role in the ClickFix infection chain. The HTML file displayed an error prompt designed to deceive users into taking actions that could lead to the download and execution of malicious software. Email with Attachment The phishing email tactic is particularly effective because it exploits the user’s familiarity with common file types and error messages. By presenting a seemingly legitimate problem and offering a solution, the attackers increase the likelihood that users will follow the instructions and inadvertently execute the malicious script. Technical Analysis Upon examining the code within the HTML attachment, researchers discovered several base64-encoded content blocks. These blocks contained the malicious script users were instructed to paste into their PowerShell terminal. The script, once executed, initiates the malware download and installation process. Displays extension problem issue This method of encoding and disguising the malicious script is a testament to the attackers’ sophistication. By hiding the true nature of the script within encoded blocks, they make it more challenging for automated security systems to detect and block the threat. HTML contains Base64-encoded content in the title tag After decoding the code Protecting Against ClickFix To protect against the ClickFix infection chain and similar threats, users should follow these best practices: Be Cautious with Emails and Attachments: Always verify the sender’s identity before opening any email attachments, especially if they are unexpected or from unknown sources. Avoid Pasting Scripts: Never paste scripts or commands from untrusted sources into your terminal or command prompt. Use Security Software: Ensure your security software is up-to-date and capable of detecting and blocking advanced threats. Educate Yourself and Others: Stay informed about the latest cybersecurity threats and educate others about the risks and best practices for staying safe online. The discovery of the ClickFix infection chain highlights the ever-evolving nature of cyber threats and the importance of vigilance in the digital age. By understanding the tactics used by attackers and taking proactive measures to protect themselves, users can reduce the risk of falling victim to these sophisticated social engineering schemes. As cybersecurity threats continue to grow in complexity, staying informed and cautious is more critical than ever. Indicators of Compromise (IoCs) FileSHA256DarkGateEmailc5545d28faee14ed94d650bda28124743e2d7dacdefc8bf4ec5fc76f61756df3Html0db16db812cb9a43d5946911501ee8c0f1e3249fb6a5e45ae11cef0dddbe4889HTA5c204217d48f2565990dfdf2269c26113bd14c204484d8f466fb873312da80cfPSe9ad648589aa3e15ce61c6a3be4fc98429581be738792ed17a713b4980c9a4a2ZIP8c382d51459b91b7f74b23fbad7dd2e8c818961561603c8f6614edc9bb1637d1AutoIT script7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81Lumma StealerURLtuchinehd[.]comPS07594ba29d456e140a171cba12d8d9a2db8405755b81da063a425b1a8b50d073ZIP6608aeae3695b739311a47c63358d0f9dbe5710bd0073042629f8d9c1df905a8EXEe60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9 "Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo The post Hackers Using ClickFix Social Engineering Tactics to Deploy Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

  • Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed
    par Divya le 12 juillet 2024 à 9h40

    RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has recently been the victim of a cyber attack. The breach, which occurred on April 14, 2024, was discovered on June 10, 2024, and has compromised the personal information of over 2.3 million users, including 13,858 residents of Maine. Ethan Steiger, the Senior Vice President and Chief Information Security Officer at Advance Auto Parts, confirmed the breach in a formal notification submitted to the authorities. The compromised data includes names and other personal identifiers, raising serious concerns about potential identity theft and misuse of personal information. Details of the Breach The breach was identified as an external system breach, commonly known as hacking. The attackers managed to infiltrate the company’s systems and gain unauthorized access to sensitive user information. Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files The breach was not detected until nearly two months later, highlighting the sophisticated nature of the attack and the challenges in identifying such threats promptly. According to the Office of Maine Attorney General reports, Advance Auto Parts immediately mitigated the damage and secured its systems. The company has since notified the affected individuals through written communication, with notifications sent out on July 10, 2024. Affected users are offered identity theft protection services to safeguard their personal information. Advance Auto Parts has implemented several measures to enhance their cybersecurity infrastructure in response to the breach. This includes a thorough review of their security protocols, increased system monitoring, and collaboration with cybersecurity experts to prevent future incidents. Ethan Steiger emphasized the company’s commitment to protecting their customers’ data and ensuring such breaches do not occur again. “We deeply regret the inconvenience and concern this incident may have caused our valued customers. Our team is working tirelessly to address the situation and strengthen our defenses against future threats,” Steiger stated. The company has also notified consumer reporting agencies, as the law requires, to ensure that affected individuals can take necessary precautions. Users are advised to monitor their accounts for suspicious activity and report anomalies to the relevant authorities. The Advance Auto Parts data breach is a stark reminder of the growing threat of cyber attacks and the importance of robust cybersecurity measures. As businesses continue to digitize their operations, the need for advanced security protocols and vigilant monitoring becomes increasingly critical. Customers affected by the breach are encouraged to take advantage of the identity theft protection services offered by Advance Auto Parts and remain vigilant in safeguarding their personal information. "Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo The post Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

A lire également