Tag Archives: successful

WannaMine cryptojacker targets unpatched EternalBlue flaw

New research detailed successful cryptojacking attacks by WannaMine malware after almost one year of warnings about this specific cryptominer and more than a year and a half  of warnings about the EternalBlue exploit.

The Cybereason Nocturnus research team and Amit Serper, head of security research for the Boston-based cybersecurity company, discovered a new outbreak of the WannaMine cryptojacker, which the researchers said gains access to computer systems “through an unpatched [Server Message Block, or SMB] service and gains code execution with high privileges” to spread to more systems.

Serper noted in a blog post that neither WannaMine nor the EternalBlue exploit are new, but they are still taking advantage of those unpatched SMB services, even though Microsoft patched against EternalBlue in March 2017.

“Until organizations patch and update their computers, they’ll continue to see attackers use these exploits for a simple reason: they lead to successful campaigns,” Serper wrote in the blog post. “Part of giving the defenders an advantage means making the attacker’s job more difficult by taking steps to boost an organization’s security. Patching vulnerabilities, especially the ones associated with EternalBlue, falls into this category.”

It is fair to say that any unpatched system with SMB exposed to the internet has been compromised repeatedly and is definitely infected with one or more forms of malware.
Jake Williamsfounder and CEO, Rendition Infosec

The EternalBlue exploit was famously part of the Shadow Brokers dump of National Security Agency cyberweapons in April 2017; less than one month later, the WannaCry ransomware was sweeping the globe and infecting unpatched systems. However, that was only the beginning for EternalBlue.

EternalBlue was added into other ransomware, like GandCrab, to help it spread faster. It was morphed into Petya. And there were constant warnings for IT to patch vulnerable systems.

WannaMine was first spotted in October 2017 by Panda Security. And in January 2018, Sophos warned users that WannaMine was still active and preying on unpatched systems. According to researchers at ESET, the EternalBlue exploit saw a spike in use in April 2018.

Jake Williams, founder and CEO of Rendition Infosec, based in Augusta, Ga., said there are many ways threat actors may use EternalBlue in attacks.

“It is fair to say that any unpatched system with SMB exposed to the internet has been compromised repeatedly and is definitely infected with one or more forms of malware,” Williams wrote via Twitter direct message. “Cryptojackers are certainly one risk for these systems. These systems don’t have much power for crypto-mining (most lack dedicated GPUs), but when compromised en-masse they can generate some profit for the attacker. More concerning in some cases are the use of these systems for malware command and control servers and launching points for other attacks.”

A deep dive on SamSam ransomware

New insights into the notorious SamSam ransomware revealed just how successful the campaign has been since it first appeared in 2016.

According to new research from cybersecurity vendor Sophos Ltd., the SamSam ransomware has generated nearly $6 million in ransom payments from more than 200 organizations. The Sophos report details how the campaign operates differently than most traditional ransomware efforts, and it argues that a single threat actor is likely behind SamSam rather than a group of cybercriminals.

Why does the SamSam ransomware work so well? Why does the threat actor behind the campaign take a more manual approach to targeting and infecting victims? Will other cybercriminals take a page from SamSam’s increasingly sophisticated and effective playbook? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Physical security keys eliminate phishing at Google

Google claims it has completely eliminated successful phishing attacks against its employees through the use of physical security keys and Universal Second Factor.

Google began introducing and evaluating physical security keys in 2014 and by early 2017 all 85,000-plus Google employees were required to use them when accessing company accounts. In the time since, the company told Brian Krebs, no employee has been successfully phished.

A Google spokesperson said the decision to use the Universal Second Factor (U2F) physical security keys instead of software-based one-time-password (OTP) authentication was based on internal testing.

“We believe security keys offer the strongest protections against phishing,” a Google spokesperson wrote via email. “We did a two-year study that showed that OTP-based authentication had an average failure rate of 3%, and with U2F security keys, we experienced zero percent failure.”

Lane Thames, senior security researcher at Tripwire, based in Portland, Ore., said the main reason these software-based apps are less secure is “because attackers can potentially intercept these OTPs remotely.”

“Another issue is the bulk production of OTPs that users can store locally or even print. This is done in order to make the 2FA [two-factor authentication] process a little easier for end users or so end users can save OTPs for later use, if they don’t have access to their phones when the code is needed,” Thames wrote via email. “This is akin to a similar problem where users write passwords and leave them around their workspace.”

However, John Callahan, CTO at Veridium, an identity and access management software vendor based in Quincy, Mass., noted that there are also benefits to users opting for 2FA via smartphone.

“Some people who use a U2F key fear losing it or damaging it. This is where biometrics can play a key role. Methods using biometrics are helping to prevent attacks,” Callahan wrote via email. “Using biometrics with the Google Authenticator app is a secure solution, because a mobile phone is always nearby to authenticate a transaction.”

Moving companies to physical security keys

Physical security keys implementing U2F was the core part of Google’s Advanced Protection Program, which it rolled out as a way for high-risk users to protect their Google accounts. A physical security key, like a YubiKey, can authenticate a user simply by inserting the key into a computer, tapping it against an NFC-capable smartphone or connecting to an iOS device via Bluetooth.

Nadav Avital, threat research manager at Imperva, based in Redwood Shores, Calif., said, “in an ideal world,” more companies would require multifactor authentication (MFA).

In general, physical keys offer better security, because software-based authentication relies on a shared secret between the client and the provider that can be discovered.
Nadav Avitalthreat research manager at Imperva

“In general, physical keys offer better security, because software-based authentication relies on a shared secret between the client and the provider that can be discovered. Unfortunately, most people don’t use [2FA or MFA], neither physical nor software-based, because they don’t understand the implications or because they prefer simplicity over security,” Avital wrote via email. “Clients can suffer from fraud, data theft or identity theft, while the company can suffer from reputation damage, financial damage from potential lawsuits and more.”

Richard Ford, chief scientist at Forcepoint, a cybersecurity company based in Austin, Texas, said worrying about the best way to implement 2FA might be premature, as “we still have oodles of companies still using simple usernames and password.”

“Getting off that simple combo to something more secure provides an immediate plus up for security. Look at your risk profile, and try and peer a little into the future,” Ford said. “Remember, what you plan today won’t be reality for a while, so you want to skate to where the puck is going. With that said, please don’t let perfect be the enemy of good.”

Petitioning the board

Experts noted that not all IT teams will have as easy a time convincing the board to invest in making physical security keys or another form of multifactor authentication a requirement as Google would.

Matthew Gardiner, cybersecurity expert at Mimecast, a web and email security company based in Lexington, Mass., suggested framing the issue in terms of risk reduction.

“It is hard to quantify risk unless you have experienced a recent breach. Using MFA is not a theoretical idea; it is now a security best practice that is incredibly cheap and easy to use from a multitude vendors and cloud service providers,” Gardiner wrote via email. “I can only assume that if organizations are still only using a single-factor of authentication in support of B-to-B or B-to-E applications that they must think they have nothing of value to attackers.”

Ford said it was probably best not to spear phish the board for effect, “no matter how tempting that might be.”

“I would, however, suggest that the Google data itself can be of tremendous value. Boards understand risk in the scope of the business, and I think there’s plenty of data now out there to support the investment in more sophisticated authentication mechanisms,” Ford wrote. “Start with a discussion around Google and their recent successes in this space, and also have a reasoned — and money-based — discussion about the data you have at risk. If you arm the board with the right data points, they will very likely make the right decision.”

Cisco, Samsung finish 5G trial for home, IoT applications

Cisco, Orange and Samsung have completed a successful trial of 5G-delivered home entertainment and smart city applications in Romania.

The three companies said this week they had been testing their fifth-generation (5G) fixed wireless system in Floresti, which is located in the Cluj district of Romania, for about six weeks. The 5G trial involved delivering high-speed broadband to homes and gathering data from sensors and cameras installed on streetlamps.

In the home-service trial, the three vendors delivered enough bandwidth for ultrahigh-definition video and virtual reality gaming. In the smart city 5G trial, the partners used 5G wireless technology to collect temperature and humidity data from sensors and to gather footage from cameras. A Samsung connectivity node established the 5G wireless connection necessary to transmit data from the streetlamp-mounted devices to the core network.

The companies used advanced 5G-enabled antenna technologies — including massive multiple input, multiple output and beamforming — to transmit data at a wireless speed of 1 Gbps at a distance over six-tenths of a mile.

“Thanks to this first successful test of 5G fixed wireless access in the 26 GHz band, Orange has been able to verify several use cases enabled by this technology,” Arnaud Vamparys, senior vice president of microwaves and radio networks at Paris-based Orange, said in a statement.

The technology used in the trial included Samsung’s 5G routers and radio access network, which provides wireless connectivity between a device and the core network. Also used in the test were Cisco gateways and Meraki Z3 Wi-Fi and MV21 cameras.

telecom market

Cisco-Ericsson partnership

Cisco’s work with Samsung is occurring as its 5G partnership with Ericsson has stalled due to financial troubles that have forced Ericsson to restructure its business. Ericsson said last year the companies would not meet the financial goals set when the partnership started in 2015. 

Verizon is another carrier testing the viability of a fixed wireless 5G network. The U.S. carrier is running 5G trials of its system in 11 major metropolitan areas. AT&T, on the other hand, is testing the delivery of mobile 5G over the millimeter wave (mmWave) band in four U.S. cities

MmWave allows for data rates up to 10 Gbps, which comfortably accommodates carriers’ plans for cellular 5G. But before service providers can use the technology, they have to surmount its limitations in signal distance and in traveling through obstacles, like buildings.

AT&T, Orange, Verizon and other carriers are spending billions of dollars to develop 5G wireless networks for business, consumer and internet-of-things applications. Analysts expect service providers to start rolling out commercial 5G networks at the end of this year or in 2019.

Vodafone puts Facebook Voyager through its paces

Vodafone has completed what it described as a successful trial of a Facebook-designed white box transponder, called Voyager. The announcement is the latest example of the carrier’s effort to develop alternatives to proprietary technology.

The telecommunications company said this week the trial demonstrated the viability of running the optical transponder hardware through a software-based networking system. Vodafone tested Facebook Voyager and the related software on a live network in Spain.

The software used with Voyager included a network operating system developed by Cumulus Networks and network orchestration technology from Zeetta Networks. ADVA Optical Networking, a European telecommunications vendor, was one of the architects of the platform.

Open source technology is playing a more significant role in the networks and data centers of carriers that are trying to decrease their dependence on suppliers for innovation. For example, sales of open hardware from the Facebook-founded Open Compute Project are expected to grow 59% annually to $6 billion in 2021, according to research firm IHS Markit, based in London.

Facebook Voyager’s accomplishments

The Vodafone trial showed the Facebook Voyager platform could achieve optical commissioning and optical real-time monitoring at 200 Gbps. Voyager also was able to deliver capacity of 800 Gbps per rack unit over an existing optical infrastructure.

“We wanted to show how Voyager’s variable-rate transceivers can be used to match speeds and modulation formats with actual line conditions,” Santiago Tenorio Sanz, head of network strategy and architecture at U.K.-based Vodafone, said in a blog post. “Thanks to a streamlined network operating system and SDN [software-defined networking] automation, we showed how our live network can set up optical services and keep them running, reduce unnecessary and lengthy customer service interruptions, and improve network utilization.”

In 2016, Facebook’s introduction of Voyager advanced the company’s move into the telecom industry. The platform works with Open Packet DWDM, or dense wavelength division multiplexing, which is Facebook’s combination of packet and DWDM technology to transmit over optical networks.

Facebook contributed Voyager to the Telecom Infra Project (TIP), an industry group dedicated to developing an open source telecom network architecture. Facebook also added its open source wireless access platform, OpenCellular, to TIP.

In January, the growing demand for better open source products led the Linux Foundation to streamline its networking projects by having them share financial resources and staff under a single governing body, called the LF Networking Fund.

HBO Now

The most successful on-demand video streaming services focus on building libraries of quality content. To appeal to wide audiences, these catalogs should include both past classics and compelling original programming. HBO Now, HBO’s on-demand streaming service, features premium on-air originals and an extensive on-demand collection of well-regarded shows and movies. Additionally, HBO Now performs well in our testing and offers an ad-free experience. That said, HBO Now is pricier than its competitors and does not offer HDR or 4K content, nor does it let you download shows for offline viewing. Much like HBO for regular cable, HBO Now works best as an add-on to another service. When it comes to standalone options, we recommend Editors’ Choice Netflix for its larger content library, and Editors’ Choices Hulu and Sling TV, for their live TV components.

Similar Products

What to Watch
Most people won’t have any trouble finding something to watch on HBO Now. For example, subscribers can watch HBO originals such as Game of Thrones, Last Week Tonight with John Oliver, Silicon Valley, and Westworld. You can also choose to take a deep dive into other beloved series such as Deadwood, Girls, Curb Your Enthusiasm, The Sopranos, Sex and the City, Six Feet Under, and The Wire.

Those shows alone might be enough to convince many people to subscribe. That said, many of HBO’s flagship shows are also available on other platforms. In fact, Deadwood, Oz, Six Feet Under, The Sopranos, and The Wire are all available in their entirety on Amazon Video. HBO does not stream any animated series, let alone anime, which may be an important consideration for some. Both Netflix and Hulu offer options in those genres.
Other categories of content available on HBO Now include Comedy, Sports, Documentaries, Collections, and Late Night. Most of these categories feature scattered lists of productions that subscribers are free to peruse, but these are not the main appeal of the service. If sports are your primary interest, take a look at either fuboTV (a sports, news, and entertainment streaming behemoth) or ESPN+ (ESPN’s newest streaming service, which focuses on a selection of live sports and on-demand in-house shows).

HBO also has a collection of recent mainstream movies as well as popular films of years past across a wide range of genres, including action, comedy, drama, family, horror/sci-fi, Latino, romance, and suspense. During my testing, HBO Now highlighted Atomic Blonde, Dunkirk, the complete Harry Potter collection, The Hitman’s Bodyguard, The Lego Ninjago Movie, Logan, War for the Planet of the Apes, and Wonder Woman, for example. In total, scrolling through the alphabetical list of titles revealed a little over 550 movies, which is impressive. I like that these collections include multiple entries in a film series. For example, HBO Now’s collection included three Die Hard movies, three Back to the Future films, and four entries in the Fast and Furious franchise.
Nowadays, HBO Now is most similar to Netflix in that both primarily focus on high-quality originals. It also has parallels with CBS All Access, given that both have extensive back catalogs of high-quality content. Keep in mind that there’s no live component to HBO Now, such as you find with YouTube TV or Philo. As I mentioned, some shows stream simultaneously with the on-air release, including Westworld and Game of Thrones, but this is not the same as the live TV offerings of services like SlingTV or Hulu with Live TV.
Pricing and Platform
HBO Now is pricier than its competitors, at $14.99 per month. Netflix and Hulu both start at $7.99 per month. CBS All Access’ base plan only costs $5.99. Keep in mind that, for Hulu and CBS, those plans include ads in at least some part of the experience, and HBO Now does not. HBO Now is closer in price to Philo ($16 a month) and SlingTV ($20 per month), but both of those include a live TV component.
HBO Now supports an impressive number of platforms. In addition to the web, HBO Now is available on Android, iOS, and Fire OS devices. You can also use the service on the PS4, PS3, Xbox One, and Xbox 360. For smart TV users, HBO works on Amazon Fire TV and Fire TV Stick, Android TV, Apple TV, Google Chromecast, Roku, and compatible Samsung TVs. There’s even an app for Google’s Daydream platform. Keep in mind that HBO Now is a US-only (and some US territories) streaming service, so international audiences will need to turn to other solutions, such as getting the regular HBO channel through a local cable provider. You might be able to spoof your location with a virtual private network, or VPN,, but I recommend testing your network setup with HBO Now’s trial before you pay anything, since many video streaming services don’t play nicely with VPNs.

You can sign up for a 30-day free trial of HBO Now, but this option requires a payment method. Oddly, the website directed me to sign up for the trial from my Android device. HBO does not give a hard limit on how many devices can stream simultaneously, but if you exceed a reasonable number of devices, HBO Now might kick everyone off the service for around 30 minutes and then require everyone to sign back in again. In the past, I have experienced some issues when signing on to multiple platforms with the same account, but I did not encounter any such issues in my testing for this review.
What About HBO Go?
To clarify a frequent point of confusion, HBO Now is HBO’s on-demand streaming service and HBO Go is an extension of its cable offering. To use HBO Go, you need to have an existing cable subscription that includes HBO. Both services offer the same content.
Web Interface
HBO Now’s interface on the desktop is clean and elegant with a black backdrop, white text, large thumbnails, and simple menus. Many of the elements are translucent as well, which reminds me a bit of Windows 10’s Fluent visual design. Performance is also quick; I did not experience any lag when searching for shows or navigating through the various sections. Across the top, you can jump directly to Shows, Movies, or More (Comedy, Sports, Documentaries, Collections, Late Night). You can also search for shows directly via the included search interface.
On the right-hand side of the screen, you can access your account settings or your Watchlist. Settings break down into a couple of different categories, including the basic account info, billing, and notification settings, but it also builds in a parental control panel. Here, you can set the maximum rating allowed for both Movies and TV shows and lock down these preferences with a four-digit PIN. I prefer the way Netflix and Hulu allow you to set up separate account profiles for each user, since it would be a pain to unlock and change this setting for every potential user. For example, if you want to watch Westworld, but do not want your child experiencing Delos Inc.’s particular brand of existential violence, there’s no way to set those preferences per viewer with HBO Now.

The default page highlights featured content in a large top-level slider, and a selection of Quick Hits (video snippets related to shows) appears directly below. Horizontal sliders offer another entry point for content categories otherwise accessible via the menu. This page looks a lot like Netflix’s home page, but I do appreciate that HBO Now’s content sliders are directly related to the menus. All of the individual content categories look similar. You can play content directly from any screen or simply add it to your Watchlist. Clicking on a show brings up a brief description, a section for any related video content (such as sneak peaks or interviews), and general information on the cast and crew. HBO Now does not, however, provide any aggregate rating information from Metacritic or Rotten Tomatoes, nor does it feature any sort of recommendation engine.
The playback interface is simple and effective with the option to enable subtitles. One drawback to the web version of this player is that it requires you to enable Flash, which is disabled by default on most standard browsers, including Chrome, Edge, Firefox, and Safari due to Flash’s frequently targeted security vulnerabilities. Both Netflix and Amazon Video use the HTML5 standard instead. I would also like HBO to implement something similar to Amazon Video’s X-Ray feature, which identifies all actors and actresses in a particular scene, tells you about any music playing, and offers fun facts like continuity errors.
Other Features and Performance
HBO Now does not currently support 4K or HDR content, nor does it allow you to download on-demand episodes for offline viewing. Both Netflix and Amazon Prime Video offer all of these capabilities. Hulu is reportedly adding ad-supported offline viewing to its service, but that feature is not yet live. Neither 4K nor HDR technologies are new at this point, so it’s disappointing that HBO’s ongoing flagship programming does not support these standards. The vast landscapes of Westworld and the industrialized interiors of the Delos Inc. headquarters would look incredible with greater dynamic ranges and sharper textures.
One other difference involves HBO Now’s premier releases (such as Westworld and Game of Thrones), which, as I mentioned, are available for streaming at the same time as on cable. One drawback to this approach (for the consumer) is that you can’t watch entire seasons at a time unless you wait until the season ends. When Netflix or Amazon Prime Video release a season, the whole thing goes live at once.

On the one hand, it’s nice to not feel the pressure to binge an entire season to avoid spoilers, but the downside is that you need to keep subscribing to HBO Now for the entirety of its release schedule. CBS All Access employs a similar strategy with the way it handles the release of Star Trek: Discovery. I don’t foresee either network switching to the content dump strategy any time soon, given their reliance on conventional cable releases. That doesn’t make it any better for the consumers, though.
I tested HBO Now on my PC connected to my home network (200+ Mbps download speeds via Ethernet). During my tests, I streamed episodes of Westworld’s latest season and Six Feet Under, as well as The Fate of the Furious without any lag or performance dips. The one exception to HBO’s lack of ads I saw in my testing was a brief (and skippable) HBO trailer for some of its other programming at the beginning of the stream. For example, the service showed me promos for its new adaptation of Fahrenheit 451.
HBO Now on Mobile
I tested HBO Now on a Nexus 5X running Android 8.1 and didn’t have any issues signing in to the app. The interface maintains the same visual design as its desktop counterpart. Its simple black-and-white visual scheme and large thumbnails look great, but I wish you could resize the thumbnails to fit more content on the page. Hulu’s app has the same problem; the interface is modern and aesthetically pleasing, but it can be a pain to navigate and discover new shows and movies to watch.

I also downloaded HBO Now on an iPhone 8 running iOS 11. The iOS app is visually and functionally identical to its Android counterpart. Despite the prevalence of poor reviews on the App Store, I had no issue signing in or streaming from the app.
The main app page breaks down into two tabs: Featured (the app displays featured show, movies, and collections) and Quick Hits (video featurettes). You can expand the content categories and access settings from the menu in the upper-left corner. I like that almost all of the options from the web are accessible from the mobile app, but am disappointed that I could not manage my subscription from my phone.
I tested the HBO Now app while connected to PCMag’s Wi-Fi network (50 Mbps download). Given that HBO shows tend to be quite long, make sure to connect to Wi-Fi to avoid outrageous cellular data costs. I launched an episode of Last Week Tonight with John Oliver and had no trouble playing back the episode or scrubbing to a new point in the show. In testing, the picture looks sharp and audio sounds crisp.
Pure HBO
HBO Now’s main advantage is its excellent original content, including currently airing shows, (such as Westworld and Game of Thrones) and classics (such as The Wire and Six Feet Under). Furthermore, HBO Now has excellent apps, does not run any ads, and supports a wide range of platforms. However, HBO’s on-demand service lacks the 4K, HDR, and offline viewability you get with Netflix and Amazon Video. HBO Now also costs more than similar services, some of which offer entire HBO series on demand. If watching HBO shows (and especially watching them as they are released) is important to you, you will enjoy HBO Now, but note that HBO Now works best in conjunction with another service. For full-featured alternatives to cable, we recommend Editors’ Choice Netflix for its expansive content library and Editors’ Choices Hulu and SlingTV for live TV consumption.