AIG Launches New Cyber Threat Analysis Service to Understand Cyber Risks

American International Group Inc., an American multinational insurance company, has launched a new system for cyber threat analysis.

The system scores companies on the degree to which a cyber attack may affect their business and the potential costs involved. It compares the company’s risk of having a breach to the safeguards it has in place.

Tracy Grella, AIG’s Global Head of Cyber Risk Insurance, in an interview said, “AIG’s underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors.”

With mounting cyber threat to businesses, this system hopes to provide a way to measure the risk involved in a business so that cyber coverage in insurance may be taken into consideration.

This comes after AIG in October said that they will review all coverage types to check for cyber risk and give insurers a clear picture about cyber coverage and estimated financial exposure. They will also create a cyber-risk report for the customers with the analysis scores for understanding and comparing.

Along with this, AIG also announced their partnership with cybersecurity companies CrowdStrike Inc and Darktrace, on Tuesday, to launch CyberMatics, a service that verifies information AIG receives from customers’ cybersecurity tools.

Darktrace Chief Executive, Nicole Eagan, said, “The service uses artificial intelligence, or the ability of machines to carry out tasks normally associated with human intelligence, to look inside an insured company’s network for strengths and vulnerabilities.”

Tracy Grella said that while companies are not required to use the service, those who do may be able to negotiate more favourable policy terms.

Trump apporves ban on use of Kaspersky Lab's anti-virus software

President Donald Trump has finally signed into a legislation that bans the use of a Russia based anti-virus software, Kaspersky Lab,  within the U.S federal agencies.

For past months Kaspersky has tried to mend their relationship with the US and has failed to clear its links with, Russian Intelligence agency, Kremlin.

"The case against Kaspersky is well-documented and deeply concerning. This law is long overdue," said Democratic Senator Jeanne Shaheen.

The anti-virus firm has been accused of allowing its anti-virus software to be used by Russian intelligence to exfiltrate information from the PCs of US government officials.

According to the New York Times report, Israel had informed United States about the Russian hackers using anti-virus software to break into NSA's computers to steal secrets.  After this, UK's cybersecurity authorities have also warned its country's agencies against using Kaspersky.

However, Kaspersky Lab has denied all the allegations.

Kaspersky's co-founder Eugene Kaspersky said: "Internet balkanisation benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don't work like they should.

"We need to re-establish trust in relationships between companies, governments and citizens. That's why we're launching this Global Transparency Initiative: we want to show how we're completely open and transparent.

Mailsploit: Email that permits sender spoofing

Pretending to be somebody you're not in an email has never been very sufficiently hard – all thanks to phishing, that endless scourge of web security. In any case, now one researcher recently, has uncovered another gathering of bugs in an email program that by and large strip away even the current, defective protections against email impersonation, enabling anybody to imperceptibly spoof a message with no allude at all to the recipient.

 On Tuesday, Sabri Haddouche, a developer and a bug hunter revealed a noteworthy new email spoofing strategy. Named Mailsploit, the strategy use bugs in email clients and enables hackers to dispatch imperceptible email spoofing attack, including well know clients like Microsoft outlook 2016, apple mail, Yahoo! Mail and many more.

Mailsploit has the capacity to effectively go through email servers and circumvent the already established spoofing protection like DMARC and other spam filters. This implies that if the server is configured to utilize DMARC or Domain Keys Identified Mail (DKIM) it will regard a message as genuine, regardless of whether it ought to be spam-binned. Through a demo that Haddouche has made accessible on his site depicting the Mailsploit attack gives anybody the access to send messages from whichever address they desire;, or some other made up the email address that may trap somebody into surrendering their private information and details. Mailsploit now though has made it possible that no amount of scrutiny in the email client can help uncover the fakery.

 Where is DMARC?

 Domain-based Message Authentication, reporting and conformance, which blocks spoofed emails via painstakingly sifting through those whose headers pretend to originate from an unexpected source in comparison to the server that sent them. This authentication system has progressively been embraced by different administrators throughout the years.

 In any case, Mailspoilt's tricks defeat DMARC by misusing how email servers handle content information uniquely in contrast to desktop and portable or mobile working systems. By creating email headers to exploit the imperfect execution of a 25-year-old framework for coding ASCII characters in email headers known as RFC-1342, and the peculiarity of how Windows, Android, iOS, and macOS handle content, Haddouche has demonstrated that he can surely trap email servers into interpreting the email headers in one way, while email client programs read them in a totally different way.

 The interwoven fixes 

Haddouche says he contacted the majority of the influenced firm’s months prior to caution them about the vulnerabilities he's found. Yahoo! Mail, Protonmail and Hushmail have effectively settled their bugs, while firms like Apple and Microsoft are as yet dealing with it. In any case, Mozilla and Opera both have informed him that they don't plan to settle their Mailspolit bugs as they appear of being simply server-side issues.

 Haddouche further added that email providers and firewalls can likewise be set to filter this attack regardless of whether email clients stay helpless against it. Beyond the particular bugs that Mailspolit features, Haddouche's research focuses on a more principal issue with email authentication, as security add-ons for email like DMARC were intended to stop spam, not focused on spoofing.

Nevertheless, Haddouche recommends the users to stay tuned for more security updates to email clients to fix the Mailsploit bugs. As meanwhile, it's always insightful to treat emails with caution.

iOS exploit could allow hackers to jailbreak iPhones

Google security researcher Ian Beer, who works for the Project Zero team, last week details about an iOS 11 exploit called "tfp0," which he believes could be the basis for a future jailbreak of all Apple devices running iOS 11.1.2 or below, though he only personally tested iPhone 7, iPhone 6s, and a sixth-generation iPod touch.

The revelation made on Twitter left the infosec community inflamed and curious.

On Monday (11 December), Beer Beer published details of an 'async_wake' exploit, the proof of concept and tweeted that he tested out the exploit on iPhone 7, iPhone 6s and iPod touch 6G, adding that "adding more support should be easy".

As detailed in Project Zero's bug repository, the issue Beer found relates to a memory flaw in IOSurface, a kernel extension.

It appears what Beer has released isn't a full jailbreak but enough to allow security researchers to bypass software restrictions imposed by Apple and test a newish version of iOS.

iOS 11.1.2 is no longer the current version of iOS as Apple released iOS 11.2 on December 2, but Apple is still signing iOS 11.1.2 at this time. Apple will likely stop signing the older update in the near future, and its end could come sooner now that further information on the tfp0 exploit has been released.

iOS exploits are rare and the iPhone is still considered to be one of the hardest consumer devices to hack and/or jailbreak. This makes Beer's exploit all the more valuable. In the past, researchers have been known to sell iOS exploits for significant amounts of cash. Companies such as Zerodium, that sell such exploits, has previously offered up to $1.5 million bounties to hackers who could find iOS zero-day vulnerabilities.

Jailbreaking iOS devices have dwindled in popularity in recent years, which has led two major Cydia repositories to close. Both ModMy and ZodTTD/MacCiti, which provided apps, themes, tweaks, and more for jailbroken iOS devices, shut down in November. For the time being, iOS 11 continues to be the only major version of iOS that has not been jailbroken.

Hacking group steals £7.5m from US, UK, Russian banks

A Russian-speaking hacking group has managed to steal nearly $10m (£7.5m) from more than 20 companies in Russia, the UK, and the US in the past two years.

 According to a report by cybersecurity firm Group-IB, the group, MoneyTaker has primarily targeted card processing systems by removing overdraft limits on debit cards and took money from cash machines.

“This is a sophisticated group of hackers,” Dmitry Volkov, head of Group-IB, tells Newsweek. “MoneyTaker managed to gain access to isolated segments of critical banking systems using tools, tactics, and trace elimination techniques that enabled them to go unnoticed for a long period of time.”

The investigation was done by the  Group-IB with the help of both Europol and the Russian government.

The reports suggest that the documents could be used by the hackers to attack in future.

 “MoneyTaker continues to pose a threat,” Volkov says. “Given their propensity to change target-region after a series of successful attacks, and taking into consideration their interest in Latin American-focused systems, we predict this may be a future target for the group.”

The majority of the victims were small community banks based in the U.S, and the average cost of a successful attack was estimated to be $500,000.

"The success of replacement is due to the fact that at this stage the payment order has not yet been signed, which will occur after payment details are replaced," the researchers say. "In addition to hiding the tracks, the concealment module again substitutes the fraudulent payment details in a debt advice after the transaction back to the original ones."

"This means that the payment order is sent and accepted for execution with the fraudulent payment details, and the responses come as if the payment details were the initial ones," Group-IB added. "This gives cybercriminals extra time to mule funds before the theft is detected."

The researching group has handed over details of the attacks to law enforcement.

Malicious advertising menace in social media!

A surging motivated political confabulation and speculations in the social networking sites simply suggest a trend of unabetted malicious advertisement these days. These are, beyond doubt, paid political advertisements which gather momentum in the most visited social networking sites on the planet. Take the example of Facebook where scores of swindlers are picking up the first buck targeting the polarized people in the USA.

Experts in this field also agree that the undeclared political ads are most watched among the people who can use it for both good and bad purposes. That’s the unscrupulous mechanism to entire the Facebook viewers. Provocation is another key here if one goes former President Barack Obama, Ivanka Trump, Sean Hannity, Kellyanne Conway et al.

Catchy headlines come next to lure the Facebook goers who discover a lot just at the click of the mouse where even a lesser known web portal has a striking resemblance to Fox News. The visitors who are keen to go with this must have credit card information for an access to payment which stands more or less $100 a month.

This is a tiny example of the political ads where Facebook lacks a mechanism to regulate these paid political elements in the form of a message which is no less misleading and malicious. Long before these are uploaded to the social networking sites, the users in the line up allow more such scams to take place. The sites, mostly, get registered within the 30 days ahead of the users who start sending political ads. The new websites are shady since the fraudsters don’t open the portals beforehand.

The picture is emerging as clear as broad daylight the more the days slated for the midterm polls are nearing. Cons start operating with new tools of information techniques.

Facebook officials are in the know that they need to stop these dubious advertisements. But it's not simple and easy to regulate the deceptive ads. Some of them have been struck off while some others in the pipeline. Experts here said malicious advertisement can’t be stopped overnight. This is applicable to other social networking sites apart from Facebook.

Android ransomware kits are on rise

The popular Android operating system powers more than two billion devices and cybercriminals have their fingers on the pulse, with an uptick in Android ransomware kits appearing in underground markets.

Also Sophos, a global leader in network and endpoint security, recently announced its SophosLabs 2018 Malware Forecast in which it stated that while ransomware predominately attacked Windows systems in the last six months, Android, Linux and MacOS platforms were not immune.

This report recaps ransomware and other cybersecurity trends based on data collected from Sophos customer computers worldwide from April 1 to October 3.
Android ransomware kits are selling at a premium and are expected to grow in volume and price, according to the report.

“Ransomware has become platform-agnostic. Ransomware mostly targets Windows computers, but this year, SophosLabs saw an increased amount of crypto-attacks on different devices and operating systems used by our customers worldwide,” said Dorka Palotay, SophosLabs security researcher and contributor to the ransomware analysis in the SophosLabs 2018 Malware Forecast.

More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price that is 20 times higher than the $10 median price of Windows ransomware kits, said Carbon Black’s Param Singh. And at the high-end, Carbon Black this year found 1,683 Android ransomware kits out of a total of 5,050 that cost anywhere from $250 to $850.

Earlier this year, for example, cybercriminals launched DoubleLocker ransomware for Android devices to not only lock up their data but also change their pin. One cybercriminal wanted $854 for the Locker Android ransomware kit, according to Carbon Black.

The report also tracks ransomware growth patterns, indicating that WannaCry, unleashed in May 2017, was the number one ransomware intercepted from customer computers, dethroning longtime ransomware leader Cerber, which first appeared in early 2016. WannaCry accounted for 45.3 percent of all ransomware tracked through SophosLabs with Cerber accounting for 44.2 percent.

WhatsApp for Business: Standalone App Set for Release

It seems like WhatsApp is finally ready to launch its new standalone app for businesses to interact separately on their platform. In an FAQ on its website, it detailed how WhatsApp for Business is going to work and its features. 

The interface of the app remains the same, but the features afforded to businesses differ from the original messaging app. 

To communicate with customers using this new messaging app, businesses will first have to register using their business number, separate from their normal WhatsApp messenger number. Once they are registered, they will have a ‘business account’ which will be marked by a gray question mark symbol beside their name showing that the business has neither been confirmed or verified by WhatsApp.

Once a business confirms their business number, they become a ‘confirmed account’ and a gray tick appears next to their name. A green check-mark means it is a ‘verified account’ used by a business that is authentic and verified by WhatsApp. 

The new app is already live in Play Store but is yet to be released to general public. 

Back in September, WhatsApp announced that it was experimenting and beta-testing ‘WhatsApp Business’ with few pilot-testers. Users may remember communicating with brands like BookMyShow, MakeMyTrip, or Goibibo using the messaging app.

Kshitija Agrawal

Kaspersky Lab is closing its Washington DC office

Russian cybersecurity firm Kaspersky has had a rough season stateside amid claims the company’s software scans for and steals documents of interest to the Kremlin. With the use of its products at US government agencies now banned, the company has elected to shut down its D.C. area headquarters in Arlington, Virginia.

The D.C. office specialized in developing Kaspersky’s relationship with the U.S. government and supplying its software for federal contracts. The company has lost a lot of federal business this year. However, while its government business seems to be dead in the water, the company intends to continue the rest of its non-governmental U.S. operations normally and will be opening offices in Chicago and Los Angeles next year. 

“We are closing our facility in Arlington as the opportunity for which the office was opened and staffed is no longer viable,” a Kaspersky spokesperson told TechCrunch.
In September, the Department of Homeland Security issued a ban on Kaspersky products, coupled with a statement expressing its concerns regarding “the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.” The concern grew as part of an overall security reassessment tied to accusations of Russian meddling in the 2016 elections. The Wall Street Journal reported one incident of particular interest in which its signature security suite allegedly identified files on a National Security Agency contractor’s computer, allowing Russian operatives to target the device for an attack.

Plenty of drama ensued, including a revelation that the Israeli government itself had compromised Kaspersky’s antivirus software and found evidence that the software maker was spying on its U.S. clients, a claim that the company openly disputed. In the months following the initial public crackdown on its products, Kaspersky founder Eugene Kaspersky has fiercely defended his company from the allegations, dismissing them as “completely unfounded,” demanding that the U.S. government provide detailed proof of its damning claims and pledging to open its code for review.

Security breach encountered in Perth international airport

A Vietnamese hacker infiltrated Perth international airport's computer system and swiped away sensitive security details. Le Duc Hoang Hai, 31 , utilized credentials of a third party contractor to unlawfully get to the airport's system in March a year ago.

Prime Minister Malcolm Turnbell's cyber security adviser Alastair Macgibbon told the West Australian that the Vietnamese figured out how to steal "a significant amount of data". He added the hack to be "a close miss" that could have been a considerable measure more terrible. The programmer could get the data on the Airport's building security yet luckily not radars. The authorities at the Airport detected a security breach and informed the federal cyber security authorities in Canberra who at that point tipped-off Vietnam.

 The 31-year-old was then arrested in Vietnam after the authorities got the information about the tip-off from the Australian federal police. He has been convicted in a Vietnamese military court and condemned to 4 years behind the bars. Aside from this, the travellers were not placed in threat as he was not able access radars, computer data related with air traffic or even the personal details of said travellers.

 Kevin Brown,Perth Airport CEO,later assured that no personal data of members of the public,such as details of credit card numbers, was accessed but other Perth Airport documents were taken. Brown said the airport has completed a full risk assessment of the data stolen and concluded that there was no threat or risk to the travelling public.The Perth international airport was in any case, the main Australian focus of the hacker, who had prior succeeded in compromising the website of the Vietnamese banks and telecommunications also including an online military newspaper.

 Macgibbon further added saying that right now there is no confirmation whether Hai, was working with a bigger hacking group or whether the data stolen in the breach was sold off or leaked online. In any case, he commented on the incident saying that it is indeed a warning sign that crisis like these are going to be encountered a lot in the coming future.