My takeaways from last week – Nov 1, 2021

There is not boring week! By far, the most interesting news of the week for me is the Facebook renaming into Meta. But some other interesting topics caught my eyes in the past week. SEO (or SEO Poisonings in this case) becomes a tactic leveraged to deliver malware. The good old VPN is still good, but, not as secure as you might think. And finally, if you can talk to your car consider getting an “antivirus” for it.

I saw a funny meme on LinkedIn the other day: Instead of fixing the Facebook security issues, Zuckerberg changed the name. This change has some marketing reasoning behind, but it’s a far longer shot! It is actually a genius move has potentially a huge economic and social impact. Facebook is a very good case study for what an organization can achieve and I covered another angle of the story (Facebookland) in a previous post.

I think the metaverse will be massive not so much because gaming and VR will be big, but because gaming and VR will be the only avenue to thrive for the bottom 80% of people on the planet. This isn’t about virtual reality, it’s about alternative reality. As in—the alternative people will flock to when regular reality becomes unbearable.

Search Engine Optimization (SEO) is today an important tactic to get visibility for a business. And so is for a malware delivery business too. Cyber-attackers copying regular business models is not something new but this particular tactic is warring. You wouldn’t expect that on the top of your Google search results will be compromised websites that is delivering malware. But that’s what the objective of SEO poisoning is.

Attacks involving SEO poisoning — where adversaries artificially increase the search engine ranking of websites hosting their malware to lure potential victims — are on the rise… In search engine optimization (SEO) poisoning attacks, adversaries first compromise legitimate websites and then inject specific keywords into the website that users might commonly search for via their preferred search engine. The goal in injecting the keywords is to ensure that the compromised website surfaces near or on top of search engine results when a user searches for something using the keywords.

Although most of the resources that I use during my daily activities are available directly from cloud (with 2-factor authentication please!), at this very moment I am also connected to the corporate network through VPN to access some specific services. Remote working made VPN services a critical resources for most businesses. Though the virtual private networks are considered secure (by default?!) they have their weaknesses. This might sound a little paranoid but before you use any device or deploy any service, consider the implications! Valid generally, for managing the available attack surface this is particularly relevant.

While VPN-focused attacks may not have skyrocketed [during pandemic], their evolving sophistication was evident in attacks on Pulse Secure VPN devices in April. Mandiant incident responders were helping after an intrusion and couldn’t determine how attackers gained a foothold in the victim’s network. They did their usual forensics, swept the networks, and eventually discovered the activity came from Pulse Secure VPNs. While this wasn’t the first time VPNs had been misused by attackers, the response team also found the intruder had exploited a zero-day vulnerability (CVE-2021-22893) to compromise the fully patched VPN and then pivot into target networks.

While we all enjoy the benefits of our smarter and smarter cars, I’m not sure we are all quite aware of the fact that they are becoming proper computers, coincidently equipped with wheels. And that is not small when looking from security perspective. As the cars are getting increasingly more connected (like remotely streaming from Tesla’s onboard cameras?!) that opens the door for new varieties of threats limited only the skills and imagination of attackers. Not that the manufacturers are not doing anything about that but, as usually, the bad guys are simply quite a few and are not lacking resources.

Auto OEMs are running to provide their customers with a lot of new capabilities, and these are new surfaces for hackers and attack vectors. That surface area is just going to grow, because it is no longer just a car — it’s a software platform on wheels.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s