The Week in Cybersecurity

Cybersecurity stories and insights for the last week of July 2017.      

Adobe is Finally Killing FLASH — At the End of 2020!  

Security professionals rejoice! Like a zombie, Flash has lived on for far too long. It's security flaws are legendary. Glad to see Adobe is making the right, albeit difficult, choice to EOL in 2020 . Ironically, after EOL, Adobe will not publish updates or patches which will make legacy installs more insecure for those who have not migrated to different solutions (HTML5, WebGL, etc.).     

Alleged BTC-E Admin Arrested for Laundering $4 Billion in Bitcoin  

How do you launder $4 billion? Cryptocurrency. This is one reason that cyber and organized criminals continue to be drawn to Bitcoin and other the next generation cryptocurrencies like Zcash, Monero, and others which provide even more privacy and anonymity.     

Exploring the Psychology of Ransomware

An interesting study in how ransomware operators are using aspects of scarcity, authority, and consequence to influence victims to pay. They are taking pages from marketing and sales playbooks.     

It’s a Myth that Most Cyber-Criminals are ‘Sophisticated’

It is important to understand that not all attackers are the same. There are varying archetypes that differ in motivation, capabilities, and objectives. This largely determines their targets, persistence, and methods. Cyber-criminals are motivated by financial gain, they typically look for the easiest victims that will satiate their goals. Methods will vary across technical and behavioral vulnerabilities, but align to the path-of-least-resistance axiom. If you want to familiarize yourself with a comprehensive picture of different archetypes, take a look at the Threat Agent Library or other similar lists.     

Gas Pump Skimmer Sends Card Data Via Text 

It always fascinates me when we see hardware based attacks. There is a certain level of purpose, complexity, and planning involved in such exploits. It shows that threats are willing to make interesting trade-offs when it comes to pursuing their goals. This gives us insights to their range of actions, technical competencies, and level of commitment. It also provides opportunities to interdict threat-agents as they pursue such paths.     

$1,500 'smart' gun hacked with $15 magnets

The convergence of cyber and physical security mandates a greater level of scrutiny when it comes to matters of life-safety. Connecting devices to the internet or other electronic mechanisms inherently introduces a number of new vulnerabilities. For items that potentially hold the safety of people in the balance, it should not be done without proper planning, design, testing, and sustaining support. Failure could be catastrophic.       

Images Sources: 

• http://thehackernews.com/2017/07/kill-adobe-flash-player.html 
• http://www.ibtimes.co.uk/1500-smart-gun-hacked-15-magnets-1631905 
• https://betanews.com/2017/07/26/psychology-of-ransomware/ 
• https://www.cryptocoinsnews.com/alleged-btc-e-admin-arrested-for-laundering-4-billion-in-bitcoin 
• https://krebsonsecurity.com/2017/07/gas-pump-skimmer-sends-card-data-via-text/ 
• http://www.bbc.com/future/story/20170726-why-most-hackers-arent-sophisticated     

Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, Golos, and Steemit to hear insights and what is going on in cybersecurity.