Mad as a Black Hatter

 In ITC's Threat of the Week

The expression ‘mad as a hatter’ is apparently an old English colloquial saying, which predates Lewis Carroll’s brilliant character. Amongst many theories for the origins is the fact that hardworking milliners in times of yore were often poisoned by mercury used in the process. Lovely.

We all know that it doesn’t take mercury to drive computer hackers to distraction. Very small incidents or motivations can tip the balance in the hat wars between the good forces of White and the dark of Black, sometimes even via a period sitting on the Grey fence.

Although revenge, civil righteousness and ‘because I could’ do appear quite highly on the ‘why I done it Guv’ list, the primary desire of most Black hats is plain and simple; Filthy Lucre. In fact it is often the desire for wonga, which catches out even the smartest and most devious hax0rs, even in this world of anonymous cryptocurrency.

Maybe not for much longer! A report out this week from our friends Digital Shadows titled ‘A Tale Of Epic Extortions’ has identified a recruitment drive by criminal gangs to employ Black Hats for between $50,000 and $90,000 per month plus benefits (really) and have them extort BitCoin from wealthy individuals, primarily it would seem using the good old sextortion scam. It is a great report and really worth a read.

Did you hear that noise? Was that the noise of the corridors of ITC Towers emptying and turning very Dark (mwahahaha)? No of course it wasn’t. This sort of offer, providing a layer of abstraction between the money and the victim via a highly organised crime gang, will no doubt appeal to some poor impoverished, underpaid, underappreciated and very sensitive security types, don’t you think?

Anybody who has been bored by us at a presentation recently will have heard us talk about the publication of over 700 Meellion Username and Password combinations and how these are being used in these sextortion attempts. Other than never paying up (how bad could it be? OK, OK, really bad, we know), we have always advised using different passwords on all sites, multi-factor authentication and a password manager.

This week has seen a bit of bad news in the password manager department after Adrian Bednarek from Independent Security Evaluators demonstrated that plaintext passwords could be recovered from Windows 10 memory from the vaults of 1Password, Dashlane, KeePass and LastPass. Ouch.

Well the vendors have pushed back pointing out that this was only the case when the apps were running (so only when the password manager was in use, entering passwords), presenting similar risk to a good old-fashioned keystroke logger. You can bet that updates to all of these will be forthcoming however and that Mr Bednarek will not be in receipt of any freebie t-shirts any time soon.

Our unsurprising advice: use different passwords on all sites, multi-factor authentication and a password manager. Oh yes, and never pay up. Ever.

In other news this week, yet more holes have been discovered in Drupal and WordPress, both of which must now be approaching the dizzy bug heights (or should that be plagues) of Adobe, not really, that would be something. If you use these platforms, you know what to do.

ITC’s ace team of cyber advisors would love to listen to your cyber woes and see how we can help, understanding one’s exposure both directly and indirectly via third parties (including software vendors!) is crucial. If you would like to understand our robust, proven approach, please contact us at: [email protected] or call 020 7517 3900.

As a tail note, you will all be aware that we are often accused of being conspiracy theorists; even by some we consider to be ‘Good Friends’ (you know who you are). This week Microsoft announced a mandatory patch for Windows 7 and Windows 2008 to stop them using SHA-1 to verify future patches, mandating SHA-2.

‘What A Good Idea’ thought many. ‘Why?’ thought some. This very esteemed and credible blogger from Colombia has a fairly interesting idea, in summary that this patch is to protect users from a bad actor within the Head Shed of Microsoft itself. Fill your conspiracy boots here.

This blog brought to you from 2100 Metres. High Hat anyone?

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return