DNS Is Still the Achilles' Heel of the Internet

Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible
Source: Vulnerabilitys & Threats

Global Elections, Global Problems

The next in a series of pivotal elections in set to take place on June 8th in the United Kingdom, replacing Members of Parliament (MPs) and the Prime Minister. Previous elections in the United States, the Netherlands, and France were marked by an unprecedented number of cyber attacks, releases of private information, and proliferation of fake news that aimed to disrupt and skew public opinions of candidates and their political parties. The candidates of these elections reflect a stark contrast in the current political sphere of globalization versus populist and nationalistic leanings. The hacks thus far have favored populist candidates, which is unsurprising considering their origin.

The Man Behind the (Iron) Curtain
The Russian hacker group attributed to these attacks is known by many names- Pawn Storm, APT28, Fancy Bear, Sofancy, and Stronium. They are reportedly affiliated with the Russian military intelligence agency GRU, or directly to the Russian government itself.

The group’s origins date back to 2004 with attacks on opposition activists in Russia and neighboring countries such as Ukraine. Recent attacks have become increasingly visible, targeting most notably the recent elections in Western countries. Their goal is to steal confidential information from specific targets, spread misinformation, and seed distrust. These mass-coordinated attacks require a significant investment in time and resources, of a kind that’s unlikely  without government backing.

What this means for the U.K. election
The U.K.’s general election would traditionally take place every five years, but Prime Minister Theresa May’s call for a snap election was met with favor by parliament in April. This is a direct contradiction of her earlier promises not to call for a snap election, but the political gamble could result in a larger majority standing within Parliament. This would aid in negotiations for Brexit, which is scheduled to occur in March of 2019. As leader of the Conservative Party Theresa May is projected to win.

Labour Party front-runner Jeremy Corbyn is seen as the candidate most likely to be favored by Fancy Bear. Corbyn has called for better relations and a de-escalation of tensions with Moscow, which would likely entail a de-militarization of the Baltic region. Increased military presence among the U.S., U.K., and Russia has incited each side to further expand their operations, leading to the largest deployment of troops within Poland since the end of the Cold War. Corbyn has been quoted as stating that de-escalation is necessary to prevent a return to Cold War relations between multiple nuclear-armed powers. His opposition has responded that he is likelier to comply with Russian aggression than to stand by NATO allies.

In order to win the election, May, Corbyn, or their opponents would have to reach an overall majority of 326 Members of Parliament (MPs), which is exactly one more than half of them. The Queen then traditionally invites the leader of the party to form the new government, and the party leader to become leader to become the Prime Minister.

The U.K.’s election process itself will prove difficult for Fancy Bear to tamper with- each vote is cast and counted by hand. The U.K. is divided into 650 areas, called constituencies, that vote on the same day across England, Wales, Scotland, and Northern Ireland. The MPs voted in will represent each area within the House of Commons in London. Temporary staff are hired to count the ballots by hand, each constituency famously competing to see who can finish their count finish.

The validity of these votes are determined by Acting Returning Officers (AROs), who are responsible for nominations, distribution of poll cards and ballot papers, conducting of the polls, and counting votes. Should any errors occur, they are legally and financially liable.

The U.K. has assured its citizens that adequate cyber security measures are in place to stop attempts to undermine or sway polls, and that they are prepared for mass-attacks such as those most recently seen on the Macron campaign. Unfortunately, the propagation of false and slanderous news is still likely to occur.

Election Tampering Across the Globe
United States
In the months prior to the 2016 U.S. presidential election, thousands of stolen emails and documents were leaked from the Hillary Clinton campaign and the Democratic National Convention (DNC). The release of negative information regarding a candidate is common practice, but this attack is unique in its volume and possible intent. Hillary Clinton’s campaign blamed Russia not only for the hack but also of deliberately attempting to help Trump win the election. On October 7th of 2016 the Obama administration officially accused the Russian government of releasing sensitive information in an effort “to interfere with the U.S. election process.”

For an in-depth exploration of the events surrounding the 2016 U.S. presidential election, download our whitepaper Election Security in an Information Age.  

The Netherlands
In the Netherlands’ March election, concerns over security were so great that every vote was counted by hand. Interior Minister Ronald Plasterk directly cited Russia as a factor in this decision, along with insecure and outdated counting software.

Prime Minister Mark Rutte defeated anti-Islam and anti-EU candidate Geert Wilders. Many see Rutte’s victory as a dam to the populist wave seen with Brexit and Donald Trump’s election within the U.S.

France’s May 7th election saw the victory of Emmanuel Macron against Marine Le Pen. A former banker and Economy Minister, Macron favors a strong European Union with France at its center. Conversely, Le Pen wished to reinstate stricter borders and lessen immigration, hold a referendum for withdrawing France from the EU, and strengthen ties with Russia. She has openly admitted that her campaign benefitted from Russian finance.

Cyber security firm Trend Micro found evidence that Fancy Bear targeted the campaign of Emmanuel Macron. They created at least four different domains with addresses similar to the official name of his party, En Marche, and his official website, en-marche.fr, in a practice known as typosquatting. The phishing emails included the actual names of campaign staff, making them likelier to succeed in their deception.

Knowing that a targeted attack was inevitable, the Macron campaign engaged in a “cyber-blurring” strategy, whereby fake email accounts were seeded with false documents to slow down hackers.

Fancy Bear has found success previously in creating false domains to launch phishing campaigns which resulted in the United States’ John Podesta and Colin Powell giving away their passwords. This primarily led to a storm of negative publicity for the Clinton campaign.

The French government cyber security agency ANSSI confirmed attacks on the Macron campaign but has not officially named Russia as the culprit. Kremlin spokesman Dmitry Peskov is quoted as stating “We didn’t have and do not have any intention of interfering in the internal affairs of other countries, or in their electoral processes in particular. That there is a hysterical anti-Putin campaign in certain countries abroad is an obvious fact.”

Germany’s parliamentary election will take place September 24th, 2017. The current Chancellor, Angela Merkel, has warned of imminent cyber attacks as the election approaches. Whether or not she is targeted, her recent victory in elections within the state of North Rhine-Westphalia show promise for her re-election.

Should a populist candidate instead claim victory in Germany, it could prove disastrous for the European Union. At the least, it would give the populist movement a strong resurgence within Europe.

What can we expect going forward?
It’s unclear as of yet what effect Fancy Bear’s influence will have on the U.K. election. Disruptive tactics that proved successful in the U.S. election were largely thwarted in France’s election as governments and political parties incorporated more effective cyber strategies. So far we’ve seen large-scale operations focused on credential phishing, which will likely continue. However, as more precautions are taken and more collaboration encouraged, groups like Fancy Bear may have to change their methodology.

Companies involved in media such as Facebook are attempting to do their part to mitigate the spread of fake news, having already suspended 30,000 accounts and launching a News Feed tool to help spot fakes.

Regardless of which tactics they employ, it’s clear that Fancy Bear will continue their efforts to encourage victory for candidates that are pro-Russia and in favor of weakening the European Union. The United Kingdom finds themselves in the unique position of already haven chosen to leave the E.U. with Brexit. What’s at stake in this election is not whether or not to stay, but how abrupt and disruptive that departure will be.

Source: Honeypot Tech

Getting started with soldering

In our newest resource video, Content and Curriculum Manager Laura Sach introduces viewers to the basics of soldering.

Getting started with soldering

Learn the basics of how to solder components together, and the safety precautions you need to take. Find a transcript of this video in our accompanying learning resource: raspberrypi.org/learning/getting-started-with-soldering/

So sit down, grab your Raspberry Pi Zero, and prepare to be schooled in the best (and warned about the worst) practices in the realm of soldering.

Do I have to?!

Yes. Yes, you do.

If you are planning to use a Raspberry Pi Zero or Zero W, or to build something magnificent using wires, buttons, lights, and more, you’ll want to practice your soldering technique. Those of us inexperienced in soldering have been jumping for joy since the release of the Pimoroni solderless header. However, if you want to your project to progress from the ‘prototyping with a breadboard’ stage to a durable final build, soldering is the best option for connecting all its components together.

soldering raspberry pi gif

Hot glue just won’t cut it this time. Sorry.

I promise it’s not hard to do, and the final result will give you a warm feeling of accomplishment…made warmer still if, like me, you burn yourself due to your inability to pay attention to instructions. (Please pay attention to the instructions.)

Soldering 101

As Laura explains in the video, there are two types of solder to choose from for your project: the lead-free kind that requires a slightly higher temperature to melt, and the lead-containing kind that – surprise, surprise – has lead in it. Although you’ll find other types of solder, one of these two is what you want for tinkering.

soldering raspberry pi

The decision…is yours.

In order to heat your solder and apply it to your project, you’ll need either Kryptonian heat vision* or, on this planet at least, a soldering iron. There is a variety of soldering irons available on the market, and as your making skills improve you will probably upgrade. But for now, try not to break the bank and choose an iron that’s within your budget. You may also want to ask around, as someone you know might be able to lend you theirs and help you out with your first soldering attempt.

Safety first!

Make sure you always solder in a well-ventilated area. Before you start, remove any small people, four-legged friends, and other trip hazards from the space and check you have everything you need close at hand.

soldering raspberry pi

The lab at Pi Towers is well ventilated thanks to this handy ventilation pipe…thingy.

And never forget, things get hot when you heat them! Always allow a moment for cooling before you handle your wonderful soldering efforts. I remember the first time I tried soldering a button to a Raspberry Pi and…let’s just say that I still bear the scars incured because I didn’t follow my own safety advice.

Let’s do this!

Now you’re geared up and ready to solder, follow along with Laura and fit a header to your Raspberry Pi Zero! You can also read a complete transcript of the video in our free Getting started with soldering resource.

If you use Laura’s video to help you complete a soldering project, make sure to share your final piece with us via social media using the hashtag #ThanksLauraSach.



*spoiler alert!

The post Getting started with soldering appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.

With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort. Sometimes looking at a Whois record on a domain can rule out a threat (if only it was always that simple!).

Anomali ThreatStream offeres users access to millions of indicators and their associated context. In the latest release of our Splunk ThreatStream App the addition of Threat Actor and Threat Bulletin information aims to simplify security investigations. This post offers an introduction to the new functionality.

See through the noise, know where to focus

The overview pageof the Splunk ThreatStream App provides a great place to start an investigation. I can easily see the critical events that have matched Threatstream Indicators of Comprimise and how serious they are using the confidence and severity rankings assisgned by Threatstream. The app has identified 14 events in my Splunk logs that match known indicators associated with an actor named “Sofacy”. These indicator matches are paticularly interesting as it might indicate the organisation is subjected to a more targetted campaign.

Learn more about actors that are potentially inside your network

Drilling down on the actor “Sofacy” I can see all the known indicators associated to the Actor that have been seen in my environment. Before investigating further, lets first take a look at more information about the Actor in ThreatStream.

In the ThreatStream portal I can see the Sofacy team is an APT group of suspected Russian origin that has been operating since at least 2009. A detailed killchain analysis shows me how they tend to operate, in this case delivery is via malicious files in phising emails that exploit 0-days. I can also see all the indicators asscoiated with the actor Sofacy, campaigns they have been linked to and their Tactics, Techniques and Procedures (TTP’s). Armed with this information I can continue my investigation in Splunk.

Understand where an actor has been inside your network

Knowing that Sofacy uses spearfisiging campaigns to deliver exploits, I start by looking at email matches for this Actor. I can see 3 users in my organisation have reveived numerous emails from known email addresses associated with Sofacy. All 3 malicious email addresses have a high confidence and severity score issued by ThreatStream which alerts me to a more serious threat. I can then drilldown to search through my email logs in Splunk and see the content of messages sent from these addresses.

I am also able to see if any malicious email attachments have been observed in my network, suggesting they have been opened. In fact, I can see 3 machines in my organisation that have a file hash that matches a known malware file hash associated with Sofacy phising emails. Upon further inspection in Splunk I can see these machines are owned by the users who recieved emails from the know malicious email addresses.

Using all of this data I can then decide upon the next steps to take; perhaps contiuing to investigate futher, quarentining these machines from the wider network, or blocking the destinations the malware is communicating with.

Get started with ThreatStream today

Within minutes I have been able to:

  • Identify a potential Threat Actor in my network
  • Quickly research the Threat Actor including their behaviour and motives
  • Understand the risk the Threat Actor poses
  • Assess where the Threat Actor has been inside my network

And this is the start of what’s possible. To learn more about how you can integrate Threat Intelligence with your SIEM head over to: https://www.anomali.com/platform/threatstream.

Source: Honeypot Tech