Tag Archive for: Outlook

2023 Outlook: Allied Views on Security, Defence, NATO


In 2023, NATO continued to monitor Allied citizens’ perceptions on defence and security. Findings show significant agreement that NATO membership makes foreign attack less likely (61 per cent, consistent with 2022), and support for increased defence spending has risen by five percentage points (40 per cent in 2023; 35 per cent in 2022). A majority of Allied respondents agree with their country continuing to provide support to Ukraine (63 per cent).

NATO Annual Tracking Research 2023 - Cover

About the study

Coverage: 31 NATO Allies plus Sweden: general population over 18 years of age. When this survey was conducted, Sweden was not a NATO member. Data from Sweden are not included in the calculation of the NATO total.

Sample size: In all countries polled online, a sample of at least 1,000 respondents per country was achieved. In countries surveyed by telephone, at least 500 individuals per country were interviewed. In total, 30,925 interviews were conducted.

Methodology: Online interviews, with quotas applied on gender, age and region. In Albania and Montenegro, interviews were conducted via telephone and random sampling.

All data have been weighted according to the latest population statistics.

Total data are calculated based on population distribution in the 31 Allied countries. Data from Sweden are not included in the calculation of the NATO total. When this survey was conducted, Sweden was a NATO Invitee. It became a NATO Ally on X March 2024.

Fieldwork period: 1 November – 6 December 2023.

Margin of error: The survey uses non-probability sampling. The indicative margin of error is ± 3%.

Trend data: 2022 data are based on interviews conducted among 30,993 interviews in the 30 NATO member countries between 7 and 29 November 2022. 2021 data are based on interviews conducted by Kantar among 28,909 adults in the 30 NATO member countries between 12 November and 2 December.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.

Source…

Another Cyberattack on Critical Infrastructure and the Outlook on Cyberwarfare


CyberAv3ngers, an Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated group, claimed credit for a Nov. 25 cyberattack on the Municipal Water Authority of Aliquippa in Pennsylvania. The threat group hacked a system with Israeli-owned parts at one of the water authority’s booster stations. The booster station was able to shut down the impacted system, which monitors water pressure, and switch to manual operations.

This cyberattack is one example among many of how critical infrastructure entities are being targeted by nation state and hacktivist threat actors. What was the impact of this CyberAv3ngers hack, and how will threat actors continue to pursue cyberwarfare?

The CyberAv3ngers Attack

CyberAv3ngers hacked a system known as Unitronics. During the attack, the following message appeared on the screen at the booster station:  “You Have Been Hacked. Down With Israel, Every Equipment ‘Made In Israel’ Is CyberAv3ngers Legal Target.”

The Cybersecurity and Infrastructure and Security Agency (CISA) released a cybersecurity advisory on IRGC-affiliated actors’ exploitation of programmable logic controllers (PLCs) in multiple sectors. Unitronics PLCs are commonly used in water and wastewater systems, according to the advisory. PLCs operate with a human machine interface (HMI). “A human can walk over and touch a keypad and tell it what to do. Empty this tank or fill this tank or pump this water to this location. And those things can be controlled remotely,” Adam Meyers, senior vice president of counter adversary operations at cybersecurity technology company CrowdStrike, explains.

Related:Massive Okta Breach: What CISOs Should Know

Meyers expects that the threat actors were likely scanning for a particular type of hardware. They were likely able to compromise the PLCs at the water authority booster station because they were exposed to the internet and using a default password, according to the CISA advisory. The station was able to switch to a manual system, and the water supply was not impacted.

CrowdStrike has been tracking CyberAv3ngers since July 2020. The group has claimed a number of breaches of critical infrastructure organizations. Some claims are unverified and…

Source…

New research highlights difficulty of preventing Outlook security exploits


Haifei Li, a principal vulnerability researcher at Check Point Software Technologies Ltd., examines the universe of Microsoft Outlook exploits in a new blog post this week that has lessons for users and security managers alike.

Li divides this collection into three parts: embedded malicious hyperlinks, malware-laced attachments and more specialized attack vectors. Li has investigated many of these cases personally. Li used the most recent versions of a Windows Outlook client and Exchange servers.

Outlook exploits — given its widespread use — continue to grab headlines, even some of the older ones that haven’t been diligently patched or where new variations come into play. This is the case for a recently uncovered case this past week in Bleeping Computer where Russian state-sponsored attackers leveraged a flaw patched in March.

The first category – malicious hyperlinks – forms the foundation of all phishing emails, not to mention other vectors such as SMS text messages. “For this attack vector, the attacker basically uses emails as a bridge to perform web-based attacks, whether they are social-engineering-based phishing attacks, browser exploits, or even highly technical browser zero-day exploits,” Li wrote. That means a user simply has to click on the link to launch a web browser, which is where the exploit actually begins.

The second category of attachments is also very familiar to users, and the success of the exploit depends on whether a user clicks once or more times on the attached file. Outlook does mark some files as unsafe or risky file types and Microsoft offers several suggestions on how to process them more securely.

Li describes several scenarios, depending on what file type is attached, its origins and various security features that Microsoft has to prevent malware infections. Li has a very thorough collection of use cases, differentiating among previewing the file and just clicking on it to run the associated application directly. This is the meat of Li’s post and can be useful for security managers to review and understand the various modalities.

The third category is where things get interesting. These types of attacks can happen when a…

Source…

Microsoft Details How Chinese Hackers Acquired Signing Key for Outlook Breach


Microsoft says it’s uncovered the mystery to how suspected Chinese hackers acquired a digital signing key to pull off July’s Outlook breach that ensnared several US government agencies. 

According to Microsoft, the key was accidentally leaked when the company computer holding it crashed in April 2021. During the error, the machine generated a crash dump report, which failed to redact the key from the file due to a software bug. 

Microsoft added that company computers that hold such signing keys are “highly isolated,” and have been stripped of various internet services, such as email and video conferencing. However, the crash dump report ended up opening a hole in the security. The unredacted file was automatically passed to a Microsoft computer devoted to debugging, which also happened to be connected to the internet. 

This paved a way for the Chinese hackers to loot the digital key when they compromised a Microsoft engineer’s corporate account, although it remains unclear how this occurred.

“This account had access to the debugging environment containing the crash dump which incorrectly contained the key,” the company said in Wednesday’s report. “Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.”

Stealing the key then allowed the suspected Chinese hackers to forge the authentication tokens to access customer emails on Microsoft’s Outlook service. That said, the signing key was originally designed for consumer Microsoft accounts—not the enterprise Outlook accounts that the hackers targeted. 

The problem is that Microsoft neglected to update a software library to automatically validate key signing signatures between consumer and enterprise accounts. “Developers in the mail system incorrectly assumed libraries performed complete validation and did not add the required issuer/scope validation,” Microsoft said. “Thus, the mail system would accept a request for enterprise email using a security token signed with the consumer key.” 

Microsoft issued the report as the company has come under criticism for failing to…

Source…