Monthly Archives: May 2022

Trojan Attacks Google Play Store Again

I. Targeted Entities

  • iPhone users

II. Introduction

New attacks have been discovered on iPhones that can be executed despite the device being turned off. This is a direct result of how Apple implements wireless features in iPhones such as Bluetooth, Near Field Communications (NFC), and Ultra-wideband (UWB) technologies. These features remain active on iPhones when powered down, which makes attack scenarios, such as loading malware on an iPhone’s Bluetooth chip to be executed while powered off, possible.

III. Background Information

The features previously mentioned have access to the iPhone’s Secure Element (SE) which stores sensitive information, even when the iPhone is shut off, according to a team of researchers from Germany’s Technical University of Darmstadt.[1] Because of this, malware is able to be loaded onto a Bluetooth chip that is executed while the iPhone is off (Germans). By attacking these wireless features, cybercriminals can access secure information, including a user’s credit card data, banking details, and even digital car keys on the iPhone.[2] Although this threat is ever-present, exploiting the threat is not so easy, with the threat actors still having to load the malware when the iPhone is on for later execution when the iPhone is off. This would require system-level access or remote code execution (RCE).[3]

The researchers at Germany’s Technical University of Darmstadt say that the cause of the issue is the low power mode (LPM) for wireless chips on iPhones. The LPM issue is caused when the user turns off their iPhone or when iOS shuts down automatically due to low battery. The researchers say that this is different than the power-saving feature that can be enabled by the user in the Settings app or

the Control Center. Because LMP is based on the iPhone’s hardware, and a solution cannot be patched via software, “wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model.”[1]

Researchers analyzed the security of LPM features in a layered approach, observing the impact of the feature on application-, firmware-, and hardware-level security. A potential threat scenario that the researchers outlined on the iPhone’s firmware assumes that an attacker either has system-level access or can gain RCE using a known Bluetooth vulnerability.[2] In this attack, a threat actor with system-level access could modify firmware of any component that supports LPM. This way, they maintain limited control of the iPhone, even when the user turns the iPhone off.[3] Even if all firmware would be protected against manipulation, an attacker with system-level access could still send custom commands to chips that allow for “very fine-grained configuration, including advertisement rotation intervals and contents.” This could allow an attacker to create settings that would allow them to locate a user’s device with higher accuracy than the legitimate user in the Find My app, for example. [4]

The researchers reported their research to Apple, which did not provide feedback on the issues raised. A potential solution, according to the researchers, is for Apple to add “a hardware-based switch to disconnect the battery” so these wireless elements wouldn’t have power while an iPhone is powered down.[5]

IV. MITRE ATT&CK

  • T1204 – User Execution
    Adversaries must have system-level access to iPhones to conduct this kind of attack. Thus, they may attempt to social engineer iPhone users to load malware into their devices to be later executed when powered off.
  • T1569 – System Services
    Adversaries that have system-level control over iPhones will be able to execute malware remotely. Having this kind of control would give adversaries the ability to modify firmware that control low power mode, Bluetooth, NFC, and other wireless communication protocols.
  • T1644 – Out of Band Data
    Adversaries are capable of executing previously loaded malware on iPhones that have been powered off. Out-of-band data streams, such as Bluetooth and NFC, allow adversaries to execute malware remotely without needing any power from the device’s battery.

V. Recommendations

  • Set Antivirus Programs to Conduct Regular Scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
  • Monitor Malware
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Strong Cyber Hygiene
    Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
    Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
  • Turn on Endpoint Protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.

VI. Indicators of Compromise (IOCs)

The link below has been included to assist with the download of some identified IOCs related to this Threat Advisory report. Be on the lookout for these IOCs, as well as anything that looks similar.

https://usf.box.com/s/inzlsmaxpkn72bo64sv5wya7ythbftid

VII. References

(1) Cleafy Labs. “TeaBot Is Now Spreading across the Globe.” Cleafy Labs. Cleafy Labs, January 3, 2022. https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe.

(2) Nelson, Nate. “Teabot Trojan Haunts Google Play Store, Again.” Threatpost English Global, March 2, 2022. https://threatpost.com/teabot-trojan-haunts-google-play-store/178738/.

Threat Advisory created by the Cyber Florida Security Operations Center.
Contributing Security Analysts: Dorian Pope, Ipsa Bhatt, Sreten Dedic, EJ Bulut, Uday Bilakhiya, Tural Hagverdiyev.

2022-06-01T10:26:04-04:00May 17, 2022|
Read More

UWF 2022 GenCyber Summer Camps

Attention Panhandle parents: registration is open for the UWF 2022 GenCyber Summer Camps!

Students will spend a week making new friends and exploring the world of the cybersecurity professional by doing hands-on training just like the pros powered by the Florida Cyber Range. They’ll also get to meet the pros and learn about an exciting career that’s hungry for talent.

Learn more and register
2022-05-12T11:29:38-04:00May 12, 2022|
Read More

Episode 24: Dr. Melissa Dark – a cybersecurity education specialist, whose passions include the forest, DIY, and deviled eggs

Episode 24: Dr. Melissa Dark – a cybersecurity education specialist, whose passions include the forest, DIY, and deviled eggs

Dr. Melissa Dark is the Founder of DARK Enterprises, a non-profit organization dedicated to developing and supporting cybersecurity education at the secondary level. Before that, Dr. Dark worked in graduate and college cybersecurity education for over 20 years, as a professor at Purdue University. In this episode, Dr. Dark joins the No Password Required team to discuss her career in “training the trainers,” the early days of cybersecurity education as an academic subject, and how to encourage cybersecurity awareness among today’s students. Ernie and Jack discuss the Pinellas Park, Florida, cybersecurity analyst alleged to have stolen almost $600,000 in cryptocurrency and how he supposedly did it.

2022-05-10T15:02:05-04:00May 11, 2022|
Read More

UCF Professor’s Research Helps Inform Policy, Laws Surrounding Intimate Partner Cyber Abuse

There are various positive aspects to living in a time in which technology is more prevalent and accessible than ever, but there are also many shadows in the realm of the cyberspace.

This is why Erica Fissel’s goal is to illuminate the interpersonal victimization that occurs in cyberspace in hopes that her work will be used to help inform policy and help these victims.

Fissel, an assistant professor in the Department of Criminal Justice, doesn’t consider herself a particularly technology-savvy person but was fascinated with the way people behave online versus offline. From there, she began to look at what use or abuse of technology looks like in an intimate partner relationship. A member of UCF’s Violence Against Women faculty cluster, she focuses on the impact it has on women.

Although she didn’t intentionally seek to make women the focus of her research, Fissel says she quickly discovered that women are the most likely to experience such forms of interpersonal victimization. She also works with the Cybercrime Support Network to help serve those affected by the growing impacts of cybercrime.

“This area is so interesting to me because it’s so underdeveloped, and there are so many ways that people can use technology to abuse their partners that I would have never thought of,” she says.

Such technology can include smart-home systems like video doorbells, which can be used to track or monitor an intimate partner. Even reading a partner’s text messages without their permission can fall into the category of technology-based abuse under certain circumstances.

She adds that it’s important to realize that intimate partner cyber abuse is not illegal. There may be laws applicable to cyberstalking or cyber harassment, but intimate partner cyber abuse extends beyond those behaviors.

“Because of that, people don’t know what they’re experiencing is abusive or problematic,” Fissel says. “They don’t know that they should be able to get help for it. I want my work to be able to inform policies and laws. I want to help individuals experiencing these behaviors access helpful resources, realize that they’re experiencing problematic behavior and get out of those situations.”

In her Women and Crime course, Fissel often finds herself teaching survivors and others who have experienced intimate partner cyber abuse. She’s even had students realize through the class that they are either currently being victimized or have been in the past.

“It’s very heavy material for students, but what I try to do is have a very open dialogue and safe space within the class where people are able to share their ideas,” she says. “We can talk about these types of behaviors and experiences because they’re important to understand.”

Defining the Cyber Abuse Spectrum

Although statistics show that women are generally more likely to be victims of intimate partner violence, Fissel says she is seeing more parity between men and women engaging in cyber-based abuse.

One of the projects Fissel has been working on examines the normalization or societal acceptance of behaviors that could be considered cyber abuse. She and a team of researchers from other universities collaborated on the study, which was funded by a faculty enrichment grant from the University of Cincinnati’s Criminal Justice Research Center. They collected data from 1,500 adults currently in an intimate partner relationship and asked about their experiences with intimate partner cyber abuse, perpetration and victimization within the past six months.

“We did a pilot test, and 100% of people experienced intimate partner cyber abuse as we defined it in the past six months,” Fissel says. “We thought, ‘This is a much bigger problem than we thought or we’re measuring it wrong.’ We talked to people about it, and some of the behaviors that we were defining as abusive aren’t abusive in all contexts.”

For example, tracking a partner via GPS would be considered abusive if it was being done without consent. However, Fissel says, many participants later indicated they tracked each other’s locations for safety reasons.

“That’s one of the tricky things with intimate partner cyber abuse, because it’s totally relationship specific and dependent on whether the boundaries developed with your partner were agreed upon without coercion,” she says.

In addition to looking at intimate partner cyber abuse on the victimization side, Fissel also is working on it from the perpetration side. That entails trying to understand why people engage in such behaviors, which is vital to being able to prevent them from happening.

Fissel also is working on another study with Jackie Woerner, an assistant professor in UCF’s departments of sociology and psychology, that focuses on the perpetration side. The two surveyed 544 people and followed up with nearly 300 of them a month later to examine their intimate partner cyber abuse behaviors over time. Part of this research involved asking participants about the factors that motivate their behavior. Fissel says many cited personal insecurities such as lack of trust.

“There’s almost a range within intimate partner cyber abuse,” she says. “There are things like checking someone’s text messages without their permission, which I would say is probably on the lower end of the spectrum. Then you also have people who are opening bank accounts in your name and ruining your credit, or people who are sending you threatening text messages. We’re also trying to figure out where the line that society draws is, because that’s going to help with trying to determine laws, too.”

Fissel received her doctorate in criminal justice from the University of Cincinnati. Her primary research interests focus on various types of interpersonal victimization that take place online, including cyberstalking, intimate partner cyber abuse and cyberbullying. She joined UCF’s Department of Criminal Justice, part of the College of Community Innovation and Education, in 2019.

Retrieved from UCF.edu. To see the original article, visit: https://www.ucf.edu/news/ucf-professors-research-helps-inform-policy-laws-surrounding-intimate-partner-cyber-abuse/

2022-05-09T14:33:22-04:00May 9, 2022|
Read More

Space Cybersecurity Symposium III: Global and Applied Topics

Cybersecurity measures and policies are ubiquitous in the design, development, delivery, and operation of components supporting American space activities.

Join us on June 16 for a Department of Commerce and Department of Homeland Security jointly hosted symposium to learn relevant cybersecurity threat updates and geopolitical awareness, develop actionable ideas for securing space businesses and open data systems, and discuss recent cyber legislation and executive orders.

This is the third symposium in an ongoing series of events to connect commercial space companies of all sizes with the Departments regarding cybersecurity measures and policies.

All space cybersecurity stakeholders are welcome to participate.

Why attend?

Cybersecurity for space systems is an increasingly challenging environment for commercial space companies. Having to keep up with the changing threats, needs, guidance, and compliance requirements is a constant effort. At this event, learn the latest cyber intel and threats relevant to space systems and operations and find out how you can make use of resources and assistance programs available from the Departments of Commerce and Homeland Security to protect your business in the ever-changing space environment.

2022-06-24T16:46:43-04:00May 9, 2022|
Read More

Happy World Password Day – Password Tips to Help Keep Your Information Secure

Today is World Password Day! In honor of this national (digital) holiday, why not take some time to clean up your password lists? To learn some password tips to help secure your personal information, check out our blog post: http://ow.ly/mrTL50IZslP

2022-05-04T13:48:43-04:00May 4, 2022|
Read More

Password Tips to Help Keep Your Information Secure

Passwords are an essential part of protecting your personal information from cybercriminals. We all know that passwords can be a source of endless frustration in the digital world, and you’ve probably asked yourself, “do I really need to set a different password for each of my accounts?” Well, the short answer is yes.

Imagine that you are the ruler of a village, and your enemies are making their way to attack. Would you employ a single guard to protect every building and person across the land? No! You would send out an army of guards, each with a specific post to protect to increase your chances of a successful defense.

Your passwords work in the same way. Each of your online accounts needs its own unique password to ensure that your personal information is protected from potential attacks. If you reuse the same password for every account, all your personal information is at risk in an instant if that password is exposed by a cybercriminal seeking to infiltrate your accounts. Using an individual unique password for each account helps ensure that even if one password is exposed, your other accounts will remain protected.

In honor of World Password Day today, consider the following suggestions to help ensure that your passwords are successfully protecting your personal and confidential data from prying eyes.

Tips for Good Password Hygiene

Passwords vs Passphrases

Passphrases are a form of a password that is composed of a sentence or a combination of words. Often, passphrases can be more secure than normal passwords because they are longer yet easier to remember, reducing the likelihood that you will reuse the same password across multiple accounts for convenience.  

In contrast to passwords, passphrases are often created by using random words or phrases that are significant to the user but would hold no meaning to any other person. An easy way to create a passphrase that is simple to remember, yet secure enough to protect your account, is to select three to four words that are relevant and significant to you.  

It’s recommended not to use common greetings that can be easily guessed by others, such as “LiveLaughLove,” and instead use a phrase or words that would mean nothing to someone other than yourself. For example, on my desk I currently have a flag, mug, coffee, and a book, so an appropriate passphrase for me could be “FlagMugCoffeeBook”.  

While it may seem counterintuitive to use a series of random words for a credential, phrases like these are more memorable and far more secure than a password, which typically seeks security through a mix of numbers, special characters, and upper and lowercase letters. 

According to an article from Impact Networking, “the benefit of passphrases is that they make it easier for a user to generate entropy and a lack of order—and thus more security—while still creating a memorable credential. Generating entropy through randomized characters can be difficult, but this also makes it more difficult to launch a cyberattack against you.” 

Password Managers

So, now that you have created strong and unique passphrases for each of your individual accounts, how are you supposed to remember them? 

This is perhaps one of the main reasons why so many people commonly reuse passwords across multiple accounts. The truth is, unless you’re a robot or have a supernatural photographic memory, it’s probably going to be impossible to remember all your passwords without keeping track of them somewhere, and that’s okay! 

Luckily for us non-robots, there are plenty of password managers out there that can help you keep track of your credentials for all your accounts in a safe and secure way. 

Malwarebytes Labs defines a password manager as “a software application designed to store and manage online credentials. It also generates passwords. Usually, these passwords are stored in an encrypted database and locked behind a master password.” 

This means that once you enter your account usernames and credentials into the secure vault, the only password you need to remember is that master password, and the password manager will do the rest for you! 

For a list of the top-rated free password managers available in 2022, visit: https://www.pcworld.com/article/394076/best-free-password-managers.html. 

Password Tips

  • Refrain from reusing passwords on multiple sites and applications.
  • Add multi-factor authentication whenever possible for an added layer of security.
  • Update your passwords regularly.
  • Don’t text or email your passwords to anyone.
  • Do not create passwords based on your personal information or details, such as birthdays, names of family members, Social Security or phone numbers, etc.
  • See if any of your passwords have been exposed by entering your email address at https://haveibeenpwned.com/
2022-10-27T09:57:58-04:00May 4, 2022|
Read More
Copyright 2021 The Florida Center for Cybersecurity