Apple suspects that servers are intercepted and modified during shipping.
Apple has begun designing its own servers partly because of suspicions that hardware is being intercepted before it gets delivered to Apple, according to a report yesterday from The Information.
“Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter,” the report said. “At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there. Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorized snooping via extra chips.”
A ransomware campaign with an unusual method of propagation—infecting servers via unpatched vulnerabilities, then spreading laterally across the local network—experienced a marked spike in activity Monday, according to researchers at Talos. While the m.o. is uncommon for ransomware, the primary target is not: the healthcare industry.
Whereas most ransomware spreads through phishing campaigns, malvertising and exploit kits, this particular malware, dubbed Samas or Samsam, spreads through unpatched vulnerabilities in both JBoss application servers and REGeorg, an open-source framework that creates socks proxies. In other words, users don’t have to perform an action like clicking on a malicious link to download the ransomware; instead, bad actors can trigger SamSam remotely through software flaws.
The adversaries behind this campaign are specifically scanning for and targeting machines containing these vulnerabilities. Consequently, SamSam ransomware campaigns are smaller in scope than conventional CryptoLocker, Locky or TeslaCrypt campaigns, but they also achieve much higher rates of successful infection.
“I think this is really the next evolution of the ransomware game,” said Craig Williams, senior technical leader and security outreach manager at Talos, the research division of Cisco, in an interview with SCMagazine.com.
…Now they just lock up device, hope you pay
Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files.
The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the threat said it was the first of its kind that they had seen in some time.
The success of file-encrypting ransomware such as CryptoLocker, CryptoWall, Locky has rendered earlier system locker malware unfashionable if not obsolete. Ransom lockers can be normally be cleaned by using “rescue discs”, unlike file-scrambling malware strains.
The latest strain represents an advancement of ransom locker malware as it is using Tor to communicate to its command and control servers. The Windows nasty prevents users from booting in safe mode.
“Also, while the attacker got your machine kidnapped, they created a Tor hidden service that allows the attacker to utilise your system for bitcoin payments or other malicious activity,” Kimayong added.
On Thursday morning, I listened to an interview with the CEO of “a big data intelligence company” called Dstillery; it “demystifies consumers’ online footprints” to target them with ads. The CEO told public radio program Marketplace something astounding: his company had sucked up the mobile device ID’s from the phones of Iowa caucus-goers to match them with their online profiles.
“We watched each of the caucus locations for each party and we collected mobile device ID’s,” Dstillery CEO Tom Phillips said. “It’s a combination of data from the phone and data from other digital devices.”
Dstillery found some interesting things about voters. For one, people who loved to grill or work on their lawns overwhelmingly voted for Trump in Iowa, according to Phillips.
What really happened is that Dstillery gets information from people’s phones via ad networks. When you open an app or look at a browser page, there’s a very fast auction that happens where different advertisers bid to get to show you an ad. Their bid is based on how valuable they think you are, and to decide that, your phone sends them information about you, including, in many cases, an identifying code (that they’ve built a profile around) and your location information, down to your latitude and longitude.
Yes, for the vast majority of people, ad networks are doing far more information collection about them than the NSA–but they don’t explicitly link it to their names.
So on the night of the Iowa caucus, Dstillery flagged all the auctions that took place on phones in latitudes and longitudes near caucus locations. It wound up spotting 16,000 devices on caucus night, as those people had granted location privileges to the apps or devices that served them ads. It captured those mobile ID’s and then looked up the characteristics associated with those IDs in order to make observations about the kind of people that went to Republican caucus locations (young parents) versus Democrat caucus locations. It drilled down farther (e.g., ‘people who like NASCAR voted for Trump and Clinton’) by looking at which candidate won at a particular caucus location….
For most ads you see on web browsers and mobile devices, there is an auction among various programmatic advertising firms for the chance to show you an ad. We are one of those buyers, and we are sent a variety of anonymous data, including what kind of phone you have, what app you are using, what operating system version you’re running, and sometimes – crucially for this study – your latitude and longitude (lat/long).
We identified the caucusing locations prior [to] the Iowa caucus and told our system to be on the lookout for devices that report a lat/long at those locations during the caucus.
So when we received an ad bid request that our system recognized as being at one of the caucus sites, our system flagged that request and captured that device ID so we could use it for this.
This is roughly equivalent to exit polling for the smart phone age.
Turn off GPS unless using it, turn on add blockers, and use a VPN.