New Laws for Security in the UK Energy Industry

Due to the rapid development and advancement of technology, laws have had a hard time keeping up with modern practices and problems. Increasingly more industries have started to include some connection to the Internet of Things, thus providing more opportunities for hackers to attack. One such industry is the energy industry. Currently, the UK is in the process of developing laws to ensure a certain amount of security is implemented by energy companies. These laws will require that the energy companies put particular measures in place in order to protect sensitive personal data. One aspect of these laws is that the process for reporting a company’s compliance will be more involved, and require the company to show how they are meeting the requirements, not just say that they are. Consequences of not complying with these regulations will be in the form of fees based on either a flat rate or an amount based off of their global turnover depending on the size of the company.

While this does place more burden on the companies in terms of forcing them to invest in security properly, one aim of these laws is actually beneficial to them. These laws aim to increase public trust in industries using network connections. This past year, the UK has seen a great increase in attacks compared to previous years, which has taken a toll on the confidence the public has in online security. Therefore, this law hopes to help push companies to increase their protection and save them from attacks which will not only lead to stolen customer data but also to a drop in public confidence.

~Rebecca Medina



The Rise of Fileless malware

Over the last two years, there has been an uptick in the amount the malware attacks that are fileless. This means that the malware is designed to not rely on or interacts with the filesystem of the host machine. This is so it is relatively undetectable by file scanning, which is the common way to find malware. This rising trend will change how we deal with these kind of malware threats. One of the changes to combat this threat is to turn to behavior based detection strategies like “script block logging,” which will keep track of code that is executed, for someone to sift through and look for abnormalities.

Experts are predicting that fileless malware attacks will continue to rise as it did from 2016 to 2017 because of its success rate. Fileless attacks are more likely to be successful than file-based attacks by an order of magnitude (literally 10 times more likely), according to the 2017 “State of Endpoint Security Risk” report from Ponemon. The ratio of fileless to file-based attacks grew in 2017 and is forecasted to continue to do grow this year. This goes to show that we need to constantly be adapting to different threats, because we know the hackers will.
– Ryne Krueger


Sanitize your strings, kiddos

Trusting user inputted strings has always been a problem in computing. Users will always find a way to break your application with some kind of weird character. Programmers have found clever ways to get around this, such as preparing SQL statements, escaping unknown characters, or just returning an error when coming across unknown text. However, with the rise of the internet and the availability of tools, hackers have gotten smarter at the way they attack inputs.

In the last month of so, Django found this out in their django.utils.text.Truncator class. This class had two methods, chars() and words() which would attempt to clean input.

Well, for some reason, users wanted a way to clean HTML with these methods, so Django added a html keyword argument to the methods, which would attempt to clean the text as if it were HTML. However, due to a catastrophic backtracking vulnerability in a regular expression in those functions, malicious users could input complicated HTML that would take a long time to process. This would result in a DoS attack on the web server, and bring down services to other users. Uh-oh.

So, looking at the CVE, you can see the security community ranked it a 5, the highest rating. Needless to say, Django quickly patched the issue and launched a hot fix.

The moral of the story is that security vulnerabilities can happen to anyone, and you should know what the framework you are using is doing, instead of just blatantly trusting that it will work. Be aware of security in your everyday life.

— Kyle Kaniecki

Fileless Malware

Malware is constantly evolving to match the level of sophistication that anti-malware programs use to prevent it. This is especially so in the type of malware called fileless malware. This malware is relatively new (first big cases seen in 2014) but becoming more common. Fileless malware tends to avoid the filesystem by operating almost entirely in memory, therefore we have also seen some attacks like this as early as in the 2000’s. It hit a milestone in 2017 of attacks by making up nearly 52% of all malware attacks that year.

This type of malware aims to avoid modifying the filesystem at all. It allows “cybercriminals to skip steps that are needed to deploy malware-based attacks, such as creating payloads with malware to drop onto users’ systems. Instead, attackers use trusted programs native to the operating system and native operating system tools like PowerShell and WMI to exploit in-memory access, as well as Web browsers and Office applications.”

So why does it matter if it avoids modifying the filesystem? That is because a big part of malware protection in anti-malware programs is scanning files to detect infected ones.

How can it be prevented? This is a process called behavioral detection. “Looking for signs associated with malicious PowerShell use (like a PowerShell session executed using an encoded command via the command line), provides security teams with the evidence they need to investigate incidents that could turn out to be instances of malicious PowerShell use.”


-Dylan Arrabito

‘Gray Hat’ Hackers Can Be Good

With the internet becoming available on just about any device one can get their hands on, the incidents of hacking can rapidly increase. Smartphones and computers have been the main devices being hacked by cyberhackers before the internet has quickly become available in other machines and technologies. The vision of the future is seen with flying cars and robots, but these things would have to be connected to the internet to function. If any of these things in the future are connected to the internet, then cyberhackers will have more options of technologies to hack. Devices and machines, like cars, coffee makers, and thermostats were once not apart of the internet and that was a beneficial thing in society. But, vast new forms of technology and electronics that were once around as another form, are now more modern with today’s devices that are connected to the internet. We can easily access our cars, televisions, and thermostats with our cell phones now since they are all connected online. These new ways of interacting with electronics may seem fascinating to many in society but they don’t realize that this only gives hackers more opportunities to hack innocent people and businesses.

In the article, a famous hacker and former cybercriminal, Samy Kamkar, helped demonstrate how easy it is for hackers to gain access to other people’s electronic property, by hacking into a car. First of all, Samy is a “gray hat” hacker, meaning he is a good and bad hacker that hacks into devices to search for its weak vulnerabilities only to share with others his findings so they can patch up those weaknesses. Coming from a cybercriminal to a hacker who helps the world with hacking, just shows how much we might need to rely more on people like Samy. The world is becoming more connected through the internet with normal appliances used by people every day, to being used by hackers as cyberweapons and a new way to gain access to a victim’s wallet. Samy was able to use his own gadgets to hack into a random smart car by duplicating the connection with car’s actual key with Samy’s gadgets to be able to unlock the car. Samy showed that we aren’t taking our security as seriously as we should be. People often have weak passwords that they usually use for more than one of their accounts and devices that create a greater advantage for cyberhackers. I believe the world needs more good “gray hat” hackers like Samy Kamkar that can help teach and show others where there are weak vulnerabilities in smart appliances and devices. The more vulnerabilities that are fixed, the less hacking we will hopefully have in the world.

Image result for gray hat hacker  Related image


-Matt Aiguier