Report Malicious Websites to Windows Defender Security Intelligence

While we are browsing web, we might come across dangerous websites, they might be phishing website or malicious websites. Internet Explorer and Microsoft Edge, come with a way to report unsafe website, from tools->Safety->Report unsafe website in Internet Explorer and tools->Send Feedback->Report unsafe website in Microsoft Edge, you could report unsafe websites to Microsoft. Such function is great in browsers and these browsers has feature called SmartScreen filter where it is able to detect and block suspicious websites. But there are cases where SmartScreen filter is unable to detect unsafe website and you could use those methods to report the website and when it has been detected as unsafe, it will be blocked. Now, Microsoft has a new way for users to report suspicious website and you could do this directly from Microsoft Windows Defender Security Intelligence and it is recommended to login with your Microsoft Account, so you may add multiple websites and keep track on your submitted website. However, if you are in public area and you fear that login with Microsoft Account has risk of your account being compromised, you may just add website as a guest without login with Microsoft Account. You may report suspicious websites on:

https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site

When you report unsafe website, you may report them as Phishing, meaning they are websites which might not contain malwares but pretend to be from authorized and well-known website. For example, consider creating website exactly like you bank account login page but it is not your bank’s login page and it steals your credentials. You may also report Malicious websites, they are one contains malware, you might see when you visiting a website your Anti-Malware detects a malware in the folder where browser’s cache is located or you see some malicious codes embedded into website, in other case, it might be scammer, they one saying your PC is infected and call this number or any other malicious intentions. When you report such a website, you are providing great help not only to Microsoft but to millions of users globally. Sending such report might lead to discovering new 0-day or unknown malware or exploit. It could help millions of users to lose their accounts and money to cybercriminals. It makes internet safer and healthier. We could stop botnets and malicious actors, before they perform their criminal intentions.

Enjoy surfing the web and please report all malicious websites to Microsoft. Also consider using Microsoft Edge and Internet Explorer for safer browsing experience.

Advertisements

What We Should Know About Hackers?

As security guy, I get involved with hackers (black, white and gray hats), hacking incidents, security issues and so on. One of the interesting thing is you will see a well reputable company or website get hacked, not because hacker is so smart but the company forgot one of the key security best practices. Here are some notes you should know about hackers and hacking incidents:

  • Gap Between Academic and Industry Security: There are several people doing PhD in area of security and governments spends millions of budgets for academic research and you will see their outcomes on as published paper. Unfortunately, academic research doesn’t have much impact on industry security. They end up with playing with numbers and mathematical formula and makes things complex but they failed to provide a actual solution to industry. For this reason, you will see several university professors who have been hacked by teenage hackers. It is because they have different understanding about security compare to industry about security. In Industrial research things are different. They normally won’t publish their result, because they don’t want hackers to figure out a way to bypass it. Their research will directly adapt into industry. Therefore, if you see a professor or PhD student in security, don’t leave your company to them, you will gain nothing but embarrassment when a teenager takes over your company’s network.
  • We are the smartest Guy: Most people won’t know how hacking works, they just see a guy play with black screen with a lot of codes and then get a lot of data and we will see wow they are cool. Even though, hacking required certain talent and expertise, but not all hackers all that super smart. In most cases, they just know some codes and scripts which is available publicly and they just copy and paste and modify it to get the job done. Because they have a dark screen with some code, they are not super. You should see what they are doing to see whether they are real smart hacker or just someone who is playing with some scripts.
  • I could hack into everything: We know in world of security, nothing is unbreakable. No matter how well you secure your systems, there could be a way to break into it. But it doesn’t mean every hacker could hack into everything. They required to have expertise in certain areas and they need to try and do research to figure out how to hack into your system. And they might get more failure than success or they might not be able to hack into your system at all.
  • Linux is the most secure operating system: Several people mentioning, we are migrating to Linux, which is absolutely WRONG. If you have any friend or you know any hackers, just ask them about hacking Windows or Linux. If you are hacker yourself, you will know what I am saying. Hacking Linux is a lot easier than hacking the latest version of Windows. Just have a try on it. It doesn’t mean there is no way to hack a Windows but to do that, you need to spend a lot of effort and normally, you couldn’t hide your identity after hacking. This is one of the reasons that top secrets servers and systems like NSA, US Army, NATO, CIA, FBI, Europol and so on all running on Windows.
  • No one ever knows about my hacking: Sun won’t stay under the cloud for too long. Even the best and most professional hackers have been discovered by authorities and internet is not just free place without any trace and detection. In the other hand, authorities are getting new tools to better discover cybercrimes and hacking incidents. Therefore, if you are a black hacker who hack into companies and damage them, it is better to switch to become white hackers who help companies securing themselves and be a good hacker, otherwise, you won’t have a nice future.

 

Hacking is interesting journey, if you want to be a hacker, try to be a good one. Try help companies with their security issues. If you are a black hacker, you may also switch to become good guys.

How to Protect Your Home Wireless Network?

Hacker and Cybercriminals interested in hacking Wi-Fi network. It is much easier since they just need a Wi-Fi connector and they don’t need to connect their device to a physical cable. If they have right tools and right skills, they could use laptop, tablet or even a mobile phone to hack into wireless network. There are some tips, which we could follow as home users to protect ourselves against Wireless hacking.

Encryption Protocol and Passwords: There are protocols to encrypt connections like WEP or WPA, if you look into encryption algorithm in your modem, you could check them and see which one is supported and is more secure, normally WPA2 is more secure than WEP and WPA. The enterprise standard would use digital certificate which is more secure but for home user you might need to use simple and cheaper way of encryption which is password. You should look into your modem specification and see what standards are supported and use the most secure one. Then you also need to select strong password. It should be long and complex. Normally, I suggest to create a long and complex password and save it in notepad and put it into a flash memory and paste it in your connected devices and save password. It is good idea to change your password regularly at most every 90 days.

Number of Connected Devices: In some routers, you may set the maximum number of connected devices. In this case, you could count how many devices are being connected to router and set that as maximum number of connected devices. So let say, if you are connecting 6 devices to the Wi-Fi router at the same time, if someone else tries to connect, the connection will be rejected (unless you have fewer number of devices connected at that time e.g. 5 devices).

MAC Address Filtering: MAC address is the physical address on devices, on some routers you may set MAC filtering , where you could set MAC address of your devices which are being connected to router and set rule that only accept devices which match the same address and reject the rest.

Hide SSID: If you already used Wi-Fi, you might have seen that when you turn on Wi-Fi, you will see name of access points. This is actually their SSID, in some routers you may set to hide this name. So when you turn on Wi-Fi, you won’t see the name of your access point and you have to manually type it and then it will be asked for password.

Guest Wi-Fi: Let say someone is visiting you and you want to grand him or her access to your Wi-Fi. Some Wi-Fi routers has Guest Account and normally you should leave it disable and only enable it when guest is coming. This account would create some restriction on the guest user and protect access against your own internet access and you could set some limitation like amount of time allowed to use Wi-Fi or bandwidth limit.

Router Login Page: In order to make any changes to the router, you should login to the router page. It is recommended to change the default username and password for login. Some routers has ability which you could set to only allow access through LAN and block access from Wi-Fi, make sure you set this option. In addition, you should set to only grand access from local network and block remote access. This basically means, you could only change router setting when you physically connect through direct LAN connection.

Reduce Signal Frequency: Above methods would provide great helps to stop hackers, for example hiding SSID, would hide your router from cybercriminals, MAC filtering, block external device access to router, strong password will stop bad guys against hack your router. However, hackers always working on ways to bypass these and there is a way when no one could hack into your router unless they are close to your router. It is by set frequency of connection. When you reduce frequency of signals, you only could connect to your router when signal is within range or you are close to your router. It is recommended to place your router in location where you could get signal inside your home but you are unable to get signal outside your home. In this case, only if someone manage to get into your home, then he or she is able to connect to your Wi-Fi.

It is also recommended to enable Wi-Fi logging and check log files regularly to check for suspicious activities.

Have a safe Wi-Fi connection.

 

Hacking Cars !

Computer technology came to car manufacturer and makes our life better. A central computer could play video, monitor activities in fuel system and so on. Then communication comes to place, when we could connect our mobile device to a car and then view SMS, play music and even answer calls. As we go forward, these technologies are getting smarter, for example HERE propose a way to have a better life with cars, by monitoring traffic, see which places are prone to damage your car, find place to park cars. I strongly recommend you visit demos in HERE website. Going forward are cars getting smarter, thanks to IoT. It is actually good thing, because soon we will have cars to drive us, our government would have a better data to create rules and monitor situation. So next time, when your car break down, you just need to press a button and it automatically log the problem and request for service to your location. So you don’t need to call a number, share several information, send your location and explain what happens. As we are moving our cars into internet, it promote new risks too. What if someone hacked into our cars and perform some malicious actions and intentionally break down our cars, even damage the breaking system and cause injury and even in worse case, cause dead. There are proof-of-concept about hacking cars out there and it is challenge for car manufacturers to keep their consumers safe on the internet-connected-cars. Why this problem started in first place, we could classify the cause of car-hacking in the following categories:

Lack of expertise: Just if someone could connect to internet and write a bit of python codes, doesn’t make him or her, expert in field of cybersecurity. The problem raised, when people from other backgrounds like mechanical engineering, physics, electronics, design a system which required expertise in software engineering and computer security. Building a safe car which safe passengers against accident is not same as building a car to protect them against hackers.

Requirement Changed but Design Method Doesn’t: When they design cars, they care about safety of cars and protecting passengers against accident, they calculate possibilities to protect passengers against failure of break system. But when they connect cars to other devices and even internet, they just perform a basic security test and create a system which could just work. There is no regular update or emergency response to cyber-threats in internet-connected-cars yet.

Lack of Threat Modeling: They will investigate and create a system which is safe by design, but no model has been proposed to simulate attack scenario to cars. The closer model, would be Microsoft Threat Modeling, but they are not even use it.

To overcome these problems and build a safe internet-connected-cars, car makers, should hire people with expertise in cybersecurity and work with car manufacturer’s designers. They should create a new test cases to evaluate safety of the car from physical security and cybersecurity perspective. Special team should be there to continually evaluate and response to threat, targeting cars which are connected to internet. In new design, risks related to cyberattacks, must be identified and prioritize and method to mitigate and defend them, should be defined. New model should be created to define attacks and propose defense and also create a cycle to identify new threats and combat them regularly. Updates also should be patch to cars without harming the user experience. Update also could be installed during regular PC maintenance.

As conclusion, internet-connected-cars are new opportunity and if they design well, they could even prevent death and accident. Just imagine, in your city, if majority of cars are internet connected, when you are too close to other car, it will automatically detect and press the break. But, if risks of cyberattacks targeting these cars, wouldn’t be identify and mitigate properly, it would create greater risk. Therefore, we need to identify them and prepare ways to protect ourselves against them.

 

What is Cyberterrorism?

If we want to define Cyberterrorism in one sentence, it is when someone sit behind his/her PC and use internet to conduct terrorism incidents. In other terrorism, they need to gain access certain location and place some bomb or hijack airplane, take some hostage and they should be physically there. But in case of Cyberterrorism, no physical present required. It is not simple that everyone could do it and public information as today, didn’t explain the real case of cyberterrorism , but as internet become global and by adaption of new technologies which are dependence to cyberspace, we will face cyberterrorism in future, if we don’t take right action today. Let discuss about some possible example of cyberterrorism, to show the risk of it. There are nuclear reactors which relays on connection to a device running operating system, they might not be connected to internet, but Stuxnet proof that they could get infected. Attacker could just infect a PC of a company which is collaborator to nuclear facility and if their PC get infected, then one infected USB drive could get there and stop operation there. But in worse case, a virus might blow up the nuclear reactor and kill people. Many of people are relay on GPS to navigate between cities and the GPS usually relays on internet to detect areas with terrific in real-time, so could recommend user a way with less traffic. What if someone hack this system and fake traffic data , so force the driver to go to the direction that they want and there , they perform terrorist attack. What if they hack into terrain system and modify the system so cause accident between trains. Same for aviation system, so they force airplane to crash by providing them the wrong direction. In the more advance case, they might create some virus to change breaking system in your car and let say when you are in high speed, the break doesn’t work. Or maybe they hack a drone (drone-jacking) and while you are driving in highway, jump directly into your car and cause crash. Cyber-terrorism could use cyberspace and internet to perform their crime easier from far location and sometimes, they just create a malicious code and send it over the net and just wait to see what happens. In such situation, we need to understand the risk of cyberterrorism and fight against it. Some people might say, when let stop all internet and all about IoT, so we are safe. Well, this is not a wise solution, because terrorists just use other means. For example, let say if we didn’t invent airplane or at least we didn’t put it to public access 9/11 would never occurred. But certainly 9/11 would have happened in other form or using other tools and we couldn’t blame all in airplane. In addition, airplane did a lot of great thing for us. Also consider electricity, some people are dying because of electricity. But, if electricity and cyberspace wasn’t there, I was unable to share the risk of cyberterrorism and ask you to prepare to defend against it.

How could we defend against cyberterrorism? Well, we need to understand and analysis it and create resources to defend against it (this is something that all governments must do today), we shouldn’t wait for another terrorist attack, so we could wake up and say , hey lets defend it, we should prepare before such attack occur. In other side, we need to create our tools (software, hardware, network, etc.) in a way that it is ready to defend and mitigate such attack. To get ready to combat against cyberterrorism, we need knowledge of criminology and IT and we need special taskforces to prepare and train people so make sure our devices are protected against known and unknown cyberterrorism attack. I request researchers, government, IT professionals and other stakeholders, get ready with all forces before it is too late. Looking forward to safer internet.

How to Bypass AI-Based Security Systems

It is not very difficult to bypass security systems which are based on Machine Learning and AI. Here attack-based scenario of how it could be done will be explained. Due to security reason and since the objective of this blog is only to show you risk and not teach hacking, we won’t explain everything in details but we just show you blueprint of attack to understand the risk. Firstly, let see how AI and Machine Learning based system are working. Basically, you need to send them very big amount of data and classify which one is safe and which one is harmful. Then keep doing this so the system get smarter (what they say) and it could figure out how classify the future and possible unknown data based on previous decisions and it is automated. This is simple to say but in background it required huge amount of data and required complex mathematical equation and large database to store and large processors to analyze them. Let say, we have a large sample of network package send to our Instruction Prevention System (IPS) and in this sample we classify these behaviors are harmful so it will block them and others which are safe and should be pass, then we send other samples and based on previous decisions, it will classify them. So the system will say I see this file in the past, so from its behavior, it seems to be harmful so block it and others consider safe and pass it. In this way, some safe packages incorrectly being blocked and we call them false positive and some harmful package will pass through it and we call them false negative. All experts in AI and Machine Learning just say these are false positive and they might either try define exception or get some bigger data or improve their algorithm to improve classification but still they are agreed, they are unable to stop false (positive or negative) and to improve their algorithm , they need to spend a lot of resources. But just imagine one and only one of package which is malicious manage to bypass the IPS and then this package could damage a system in a way to open backdoor for other malwares and take complete control of the system. Same issue will happen for Anti-Malware products which they incorrectly allow a harmful program to run and take a complete control of the system. Improving algorithm to stop such issue is so hard and time consuming and required heavy resources. But bypassing such systems is very easy, you just need to send some files (e.g. malware or malicious package) and based on block or not block figure out the algorithm and then design you malware or malicious package in a way so it classify it as a safe. You may also turn the security protection (IPS or Anti-Malware) into your friend, for example just send some safe package so it won’t be blocked by IPS and try change it a bit and send it so the system will learn about the package and then while you are sending this, add your malicious command inside it slowly, you may also send it encrypted so IPS won’t notice anything, just send some encrypt file along with safe package so IPS identify it as safe and bypass it and then once you did for a while and IPS detect it as safe , then send your malicious one. You may do the same for Anti-Malware software, send some safe file and once user get it just send some files and update it and when Anti-Virus trust it, then send malicious update in a way which Anti-Malware learned to classify as safe. Similar scenario is applicable in all other security products, you don’t need to be a great mathematician or have much knowledge or resource to bypass Machine Learning or Artificial Intelligence based security system but to build such system or change your existing algorithm you need to do a lot. This is why we keep calling security experts around the world to move from AI and ML to new ways which we could easily deal with cybercriminals. We don’t need AI or ML, we just need to see how to build weapon using our technology and analysis cyber-attacks and build strong counter-measure.

 

Machine Learning is the Enemy of Security

Recently, I have seen cybersecurity experts discuss about Machine Learning and how to use big data to protect cyber-attacks. Using Machine Learning is not a new concept, it has been used for many years to protect people against cyber-attacks. But it is time to change our approach toward a new method of protecting our users and it is wiser to abandon machine learning in cybersecurity. Here, I will discuss the reason behind it.

First of all, we never could say we have a model in machine learning which could give us complete protection. We always has something known as false-positive and false-negative, it means there are always sure ways to bypass machines. In addition, one false-negative could cost us millions of dollars. Consider a protection engine for Anti-Malware product which detects spywares and as you may know spywares are capable of stealing personal information. Just imagine a case when your Anti-Malware product missed only one spyware and this spyware is powerful enough to steal all your secrets. Anti-Malware vendor might say it was only one false-negative while it detects and removed 1000 spywares but only once false-positive cost a lot. One other problem with machine learning is they depend on past to predict future. They will say, because past spywares works this way, the other once might work in similar way. But consider a case when we have innovator hacker (actually we have many of them) who could come up with new intuitive idea to do something which never occurred in the past. Consider Stuxnet as example. In addition, machine learning, depends on data and learning. And smart hackers could fool a machine learning algorithm by sending fake data and machine learning algorithm classify it incorrectly and in the real attack, it perform different way. Let say someone performing attack on port 20-50 of the PC, so machine learning algorithm become sensitive on these ports and enhance protection on these ports and notify administrator about it. While everyone is worried about port 20-50, the real-attack would occur in port 90. Hacker just perform such action to fool the machine learning. Machine Learning would have been a way to solve security problems but with modern technologies and hackers who are getting smarter we couldn’t rely on it anymore.

So what is the solution? We need to understand anatomy of attack and ask ourselves how attacks are being performed. How people manage to bypass our protection engines and then create a threat model to combat them. We don’t need pass millions of data to some complex mathematical algorithm to come up with some results. For example, when we look into email spamming, people just think about which machine learning algorithm is better to compare text and classify it as spam or not spam and use some other complex math equations and at the end we would say sorry we have some false positive and false negative. Instead of this why not into anatomy of spam. We just have to look into sample of spam messages and create list of questions of why user would believe this is safe, what are actions which user might likely preform (reply with message, click on link) . Who is the sender? Then we could create set of roles and we could implement a software to manage those roles and share it with other security experts. In general we could just create a smart cybersecurity framework based on facts and innovation rather than prediction to protect ourselves.

Also remember, Machine Learning is increase complexity for analyze a system. And “Complexity is the enemy of security”. So why not we develop a simple framework which is more understandable to security community and instead spending so much resources on something complex and then facing false-positive and false-negative and waiting for hackers to bypass our system with few lines of code. We could just develop a simple and adaptable security platform or security framework based on roles, facts and innovation. Machine learning also block the innovation, you should just play around dataset which you have while hackers create their own dataset.

Therefore, I am requesting cybersecurity experts to work together in order to build a new way to combat cybercrime together based on our own mind not the machine one.