What are job termination scams ?

Job termination scams are a type of cyber attack where cybercriminals send fake emails that appear to be from a company's HR department, informing employees they have been terminated.

How does these scams operate ?

The scams operate by using deceptive emails to trick employees into taking actions that compromise their personal and company security;

Here is a detailed breakdown of how these scams operate

1. Initial Contact: Employees receive an email that appears to be from their HR department or another authoritative source. The email's subject line typically indicates termination or dismissal

2. Deceptive Content: The email is crafted to look legitimate, often using the company’s logo and branding to reduce suspicion. The content is designed to invoke an immediate, emotional response, leveraging the shock and anxiety associated with job loss to make the recipient act impulsively.

3. Malicious Attachments: The email includes an attachment, such as a PDF or Word document, or a link to a supposed termination notice or severance package details. The attachment or link points to malicious software.

4. Malware Installation and Execution: Once the attachment is downloaded or the link is clicked, malware is installed on the employee’s device. This malicious software steals login credentials, which cybercriminals use to gain unauthorized access to the company’s network and sensitive data.

5. Exploitation of Stolen Credentials: With stolen credentials, attackers can hijack email or other accounts to access sensitive corporate data and networks for theft and extortion. If the employee uses the same logins across multiple accounts, the attackers may launch credential stuffing campaigns to unlock those accounts as well

How do we recognize such scams ?

• Urgent language designed to create a sense of panic and prompt immediate action without careful consideration

• Suspicious attachments or links, especially if they come from unfamiliar sources or are related to sensitive topics like termination. Hovering over links may reveal subtle misspellings or unusual characters in the URL.

• Email addresses that are similar but not identical to the company’s official domain

What measures can we take to stop them ?

• Employee Education and Training

• Clear Communication Channels and Policies

• Vigilance

Above do work at times!

The Case for Offline Communication

We think offline methods for sensitive communication is very effective and secure because

• Reduces such phishing risks

• Prevents panic

• Builds trust

May be we are old school and biased! What do you all think ?

Folks, how many of you remember the good old days when the IT guy would show up at your desk with a floppy disk or CD, bringing in the latest patches? It was the perfect time for a fun chit chat while the updates did their thing on the screen. One of those days, amid the usual laughter and tech talk, we got to hear about an unfortunate aircraft disaster in history which impacted us deeply.

The Tenerife Airport Disaster

The Tenerife airport disaster took place on March 27, 1977, when two Boeing 747 passenger jets collided on the runway at Los Rodeos Airport on the Spanish island of Tenerife. The collision happened as KLM Flight 4805 began its takeoff in dense fog while Pan Am Flight 1736 was still on the runway. The impact and subsequent fire resulted in the deaths of all 248 people on the KLM plane and 335 of the 396 people on the Pan Am plane, leaving only 61 survivors in the front section of the latter aircraft. With a total of 583 fatalities, this disaster remains the 3rd most deadliest accident in aviation history.

The most intriguing aspect of this unfortunate airline disaster incident is the events which lead to this incident. Let’s look at them one by one in detail.

Event 1 : The Diversion

On March 27, 1977, a terrorist bombing at Gran Canaria Airport forced multiple flights, including KLM Flight 4805 and Pan Am Flight 1736, to be diverted to Los Rodeos Airport on the Spanish island of Tenerife.

Event Probability: 1/1000

Event2: The Capacity Limitation

Los Rodeos was a regional airport that couldn't easily handle the traffic diverted from Gran Canaria, including five large airliners. With only one runway and one major taxiway, the diverted planes had to park on the taxiway, making it unusable for taxiing.

Event Probability: 1/100

Event 3: The Fog

As the diverted flights awaited clearance to return to Gran Canaria, dense fog began to settle over Los Rodeos Airport. The heavy fog significantly reduced visibility, making it challenging for pilots and air traffic controllers to see the runways and taxiways clearly.

Event Probability: 1/100

Event 4: Miscommunication and Language Barriers

With visibility severely compromised, clear and precise communication became crucial. However, a series of miscommunications and language barriers between the flight crews and air traffic control led to confusion about taxiing instructions and takeoff clearance. the crew mistakenly assumed they had received clearance from air traffic control. Despite the lack of explicit permission, Captain of KLM flight initiated the takeoff roll, believing the runway was clear.

Event Probability: 1/10

Event 5: Runway Confusion

At the same time, Pan Am Flight 1736, piloted by Captain was instructed to follow the KLM aircraft and exit the runway. Due to the poor visibility and unclear signage, the Pan Am crew missed the designated exit and continued down the runway, unaware of the KLM plane's intentions.

Event Probability: 1/100

Event 6: The Collision

As KLM Flight 4805 accelerated for takeoff, the Pan Am crew suddenly saw the KLM aircraft emerging from the fog, heading straight toward them. In a desperate attempt to avoid a collision, the Pan Am crew tried to turn sharply off the runway, but it was too late. The KLM aircraft collided with the Pan Am plane, resulting in a catastrophic explosion and fire. The exact timing of both planes being on the runway at the same moment was the result of all previous delays and errors compounding into this fatal incident.

Event Probability: 1/1000

Combined Probability

1/1000 * 1/100 * 1/100 * 1/10 * 1/100 * 1/1000

= 1 / 10000000000000

This clearly illustrates how unfortunate and rare this incident is (1 in 10 trillion), yet it occurred in our times and was able to claim 583 precious lives.

It has ingrained in us the importance of addressing risks as individual occurrences rather than assessing them on combined probabilities when assessing risks from a cost perspective.

But to this day, in modern risk assessment world we do tend to make decisions based on combined probability than individual incident occurrence reduction.

Crowd Strike’s on Microsoft

During the second week of July 2024, we faced another incident that is still causing widespread inconvenience and mayhem at the time of writing this blog.

The Incident

The CrowdStrike and Microsoft incident began with a CrowdStrike update that caused compatibility issues with Windows, leading to widespread system crashes and blue screen errors (BSOD).

The Impact

This incident had a great impact at global level due to the widespread adaptability of Windows + Crowd Strike in modern critical infrastructure such as,

• Aviation

• Healthcare

• Border and Immigration Services

• Manufacturing

• Emergency Response Systems

At this moment, it is also important to understand the events which lead to this incident one by one,

Event 1 : Windows In Critical Infrastructure

Windows is widely adopted in critical sectors such as healthcare, finance, and aviation due to its reliability and comprehensive support and extensive monopoly

Event Probability: 1/2

Event 2: Crowd Strike in Windows

Crowd Strike's advanced threat detection and response capabilities have made it a preferred choice in the cybersecurity market, particularly in protecting endpoints.

Event Probability: 1/3

Event 3: Windows Update / 3rd party Update Compatibility Issues

Although compatibility issues between updates from different vendors are less frequent but still plausible due to the complexity of software environments.

Event Probability: 1/100

Event 4: Blue Screen Errors (BSOD) due to Updates

The specific occurrence of BSOD due to update conflicts is relatively rare but possible given the right circumstances.

Event Probability: 1/1000

Combined Probability

1/2 * 1/3* 1/100 * 1/1000

= 1 / 600000

Interesting there is nearly a 1 in million chance that this could become an occurrence

The Mitigation

In our opinion , the steps one could take are,

Minimize the risks individually than writing them off collectively

We are thankful that there was no major significant human cost due to this incident, but it is important to also remember that Nature DOES NOT repeat lessons in a kind manner all the time.

Reference

[1] Tenerife Airport Disaster

[2] Crowd Strike Incident

[3] Crowd Strike Incident 2

Aegis and the Amulet

Once upon a time, in the land of Elysia, there was an amazing hero named Aegis, famed for his cunning and bravery. No one stood a chance against him; he always emerged victorious in every battle and challenge in his life.

One day, the Oracle at Delphi invited him for a chat and warned him, “Beware, Aegis! Death will find you in the most unexpected ways.” Aegis replied, “It’s all good; I can defy death itself,” and walked off with confidence and pride.

The problem with warnings and cautions is that once you hear them, you see them everywhere. As usual, Aegis started seeing threats everywhere; even mundane events looked like potential dangers.

One evening, as Aegis was feasting with his companions, a humble traveler arrived at his camp asking for shelter and food. Aegis, being kind that day, invited the traveler to dine with him. As they dined, the traveler spoke highly of a powerful amulet that could protect its wearer from any harm.

Intrigued by the stories he heard, Aegis inquired if he could see the amulet. The traveler produced a simple pendant from his pouch, presented it to Aegis, and said,

This amulet will protect you from any danger. All you have to do is wear it everywhere you go.

and gifted it to Aegis and left.

Aegis happily wore the amulet and felt a sense of invulnerability from that day onwards. Months went by, and Aegis started noticing strange occurrences around him. One by one, his companions fell ill or dropped dead.

Worried, Aegis brought the traveler back to his camp. This time, the traveler revealed himself to be the God of Death and laughed, saying,

One cannot defy death, Aegis. It is inevitable. You sought protection, but in your quest for safety, you invited me into your life

And moved on to claim Aegis life…

So Sad!

We are going to stop our imagination here and move on to our main theme

The Curious Cases Of Exploding Electronics

Recently, there have been many incidents in which the electronics we use have been exploding around us. The Federal Aviation Administration has produced amazing data on this for air incidents[1].

Remember, the above chart is ONLY for the aviation industry for the past 28 years. Additionally, the New York Fire Department (FDNY) has warned that exploding lithium batteries are the primary cause of deaths and fires in the city [2].

Why?

For those wondering why these devices explode, the reason comes from the power source of our devices. In the modern world, our rechargeable devices are powered by lithium batteries, which have the capability to explode under the following conditions or reasons,

• Natural defects during manufacturing

• Physical damage during use

• Crushing or dropping devices

• Overcharging

• Extreme temperatures

• Aging

What is Powered By “Lithium Batteries“

• Smartphones

• Laptops

• Tablets

• Electric vehicles

  • Cars / e-scooters / trucks

• Air Pods / wireless headphones

Stay Calm , Be Wise

Remember, it is important to stay calm and not become paranoid about this and avoid technology altogether. The key point to remember is that for our betterment and progress, we do need these devices.

However,

is the question we all need to ask ourselves.

Cyber Hygiene

We are going to recommend a list of cyber hygiene practices that could minimize our chances of being in the line of fire:

• Purchase original equipment

• Do not overcharge

• Keep devices in safe places

• Do not overuse

• Monitor your charging

• Stay informed

Most importantly

Parting Thoughts

As usual, since we also need to entertain the philosophical ancestors in our heads, we're going to leave you with this thought as a parting gift

Sayonara surfers!

References

[1] FAA Lithium Battery Incidents

[2] New York Fire Department Warning

[3] EU Lithium Battery Regulation

While this holds true much of the time, there was a spyware named Pegasus that made headlines recently, proving otherwise

This notorious malicious software which was named after Greek mythological horse Pegasus introduced the concept of ‘no-click’ or ‘zero-click’ hacking to devices we use, challenging our conventional understanding of digital safety

Zero-click

Zero-click techniques are a type of cyber attack where an individual's device can be compromised without the need for the user to interact with a suspicious link or message. 

Normally, we think of cybersecurity threats as something we have to "act" on, like opening a dubious email attachment or clicking a questionable link. However, with zero-click attacks, the malicious software can be installed simply through the device receiving the malicious message.

The Silent Intrusion

Individuals affected by the Pegasus breach received typical phishing or spam messages on their mobile devices, including:

• Bogus mobile boarding passes

• Fraudulent package delivery notifications

• Counterfeit Twitter news update messages

• WhatsApp Missed Calls

Although users were cautious and refrained from clicking on the links, believing themselves to be safe, this unfortunately was not the case.

Zero Day

The silent intrusion was made possible due to unknown weaknesses in software such as WhatsApp and iMessage. These weaknesses, professionally termed 'Zero-Day' vulnerabilities, allowed actors to install malicious software on your phone without even clicking a single link.

Capabilities

Pegasus is claimed to have/had following capabilities at minimum

• Intercept and read messages from applications like WhatsApp and iMessage.

• Access call logs, contacts, and browser history.

• Activate microphones and cameras to survey the physical environment.

• Track the device's location.

• Harvest information from apps, including credentials and data from banking and social media applications.

Victims

• iPhones

• Androids

The Fix

It’s worth noting that both Apple and Google have made strides in patching vulnerabilities as they are discovered, improving the security of their devices to protect against such invasive software. However, the nature of zero-day vulnerabilities means that entirely securing against unknown exploits remains a challenge.

Detecting Pegasus

Amnesty International released an open-source utility called the Mobile Verification Toolkit, designed to detect traces of Pegasus[3]. While useful, this tool requires some expert capability and should be used with care.

Cyber Hygiene Tips

What can we do to protect ourselves from such attacks in the future? To be honest, zero-day attacks are difficult to defend against, since no one knows these vulnerabilities exist in the first place. However, we can minimize their impact and reach by adhering to 'cyber hygiene principles', which include

• Perform regular updates of operating systems and security patches

• Use a reputable security software

• Stay informed on cyber security and “hygiene” perspective

Stay Alert, Not Alarmed

Our intention is not to provoke anxiety but to foster vigilance. This article aims to enhance awareness of potential cybersecurity threats, empowering you to stay alert and secure in the digital landscape.

References

[1] Amnesty Report

[2] CISA Advisory

[3] Mobile Verification Toolkit

Microsoft recently announced a groundbreaking technology capable of crafting highly realistic videos from a mere single image. At first glance, this innovation promises a wave of practical applications—imagine animating historical figures for educational purposes or revitalizing family photos in new and dynamic ways.

However, this technology also opens Pandora's box for hackers and pranksters. With just one image, a person could become the unintentional star of an online video without ever stepping in front of a camera. Now, your awkward driver's license photo could be used to deliver a TED Talk.

Let’s look in to the implications and impact of this technology in detail.

What is Deepfake?

Think of Deepfakes as a high-tech version of a common prank from the past. Some of us may recall a friend who would call us and mimic another friend's voice or a celebrity's, to trick us into doing something funny.

Deepfake technology takes this concept to the next level, allowing someone to create videos or audio clips that look and sound convincingly real, making the prank, or the potential deception, much more impactful and harder to detect.

What is Different Now ?

Traditionally, creating Deepfakes was almost a high-budget production, requiring a large amount of video data to convincingly mimic someone. This steep requirement generally reserved the honor of being Deepfaked for celebrities and public figures.

However, with Microsoft's latest innovation, the cost of entry into the Deepfake club has drastically reduced to just possessing a single image. Yes, that one awkward passport photo in your drawer is now enough to cast you in an unexpected role in a viral video.

It's just a click away

Why People Do Deepfakes ?

• Personal Revenge

  • Creating damaging videos / content to damage someone’s reputation

• Financial Gain

  • Using you video to get access to gain financial benefit from institutions

• Entertainment

  • For amusement

• To Spread Misinformation

  • Political or Personal Agenda

How Can I Be Deepfaked ?

There are many ways to be Deeepfaked, We will list couple of most popular of them here

• Attacker creating a video that appears to show an individual engaging in illegal or morally questionable behavior. The attacker then threatens to release the video to the public

• In a sophisticated financial scam, Deepfake technology could be used to impersonate an individual’s loved ones in a video, urgently requesting money for an emergency, compelling the victim to act quickly

What is Microsoft doing about it ?

Microsoft has no plans to release it to the general public for now, providing one relief amidst ongoing concerns about potential misuse.

We are going take this moment to thank Microsoft for this, if they hadn't done the research and told us upfront, we wouldn't have even known this is a reality!

So we are gonna go ahead and say “Let's give a round of applause to Microsoft”

How to Protect Yourself from Deepfake Exploitation ?

• Verify before you Act or Believe

  • Always verify the information ( Video/Audio) before acting on it

• Educate and Be Aware of “Deep Fakes”

  • Educate everyone around you, Most importantly our non-tech savvy older generations

• Strengthen your online Privacy

• Report / Remove Illegal Content

• Take Legal Action

Where Can I Read More About This ?

• VASA - 1

Next time you confess your undying love for V from BTS in a text, you might want to look over your shoulder. Your friendly keyboard app could be the biggest gossip puppy in the town!

According to the vigilant dogs at Citizen Lab, University of Toronto, most pinyin keyboard apps are not just typing aides, they're potential informants, ready to spill your secrets to anyone listening in.

Alright, we can hear you all screaming at the top of your lungs, "Hey, what is going on? I don't get it!" We totally get the confusion, Let’s see if we can clear the air

What is Pinyin Keyboard Apps ?

In the Western world, they're broadly known as IMEs—Input Method Editors. These are the keyboard apps you use on your mobile phones to type in languages like English, Chinese, Japanese, or various Indic scripts. Simply put, they help us communicate in languages with just a few taps in our mobile phones and other systems.

What is wrong with them now ?

Good Citizens at Citizen Lab have uncovered, when those keyboard apps tap into cloud services for handy features like predicting text and autocorrect, there’s a little hiccup, Due to some security loopholes, it’s not just your phone catching the wind of your epic typing skills,

some uninvited eavesdroppers might be getting the memo too!

So next time you’re dishing out your hottest takes on this article, just remember: your keyboard might be letting us in on the joke too.

Which Apps Are Affected ?

There is a big list published in this Article but We are gonna let you all know the most popular ones that MAY be affected

• QQ Pinyin

• Samsung Keyboard

• Sogu IME

• Baidu IME

• iFlytek IME

• Sogou IME Custom Version

Does this mean Hackers have my data and passwords ?

We cannot verify if someone has/is eavesdropped/eavesdropping on you, but according to Citizen Lab,

What Are the Recommendations ?

1. QQ pinyin keyboard users should switch to alternative keyboards immediately.

2. Users of Sogou, Baidu, or iFlytek keyboards should update their keyboards and operating systems.

3. Baidu IME keyboard users should switch keyboards or disable "cloud-based" features.

4. Avoid enabling "cloud-based" prediction features on keyboards or IMEs if concerned about privacy.

5. Users concerned about privacy should not grant "Full Access" to their keyboards or IMEs.

Where Can I find More Information

[1] vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers

As per to CISA’s latest advisory , Chirp Systems , who is known for their smart locks and their cool smart phone app “Chirp Access” hardcoded some credentials into their application. Now, for the uninitiated, that's like leaving the keys to your house under the welcome mat.

Alright, We see you are panicking to see whether you are affected ! as usual We are going leave here with set of toddler questions and answers

Am I Affected ?

We are not your cyber doctor, but easiest way to find out is

• open your phone

• search for apps “Chirp Access”

• You MAY be affected

I have “Chirp Access” app on my phone ! What is next ?

Ok this is where it gets weird , Chirp system has released a press release ,

“Dear customers, We have conducted our own little nice investigation on this and found zero evidence of any issues!

The wonders of modern security theater!

I am confused, Any advice ?

The best approach forward is to observe the developments on this field both from Chirp System side as well as on CISA side. In the mean time, finding alternative ways to secure your door would be beneficial.

Shout outs!

We are going to give a shoutout to “Matt Brown who reported this vulnerability to CISA”. a little kudo’s to Chirp Systems for taking time to respond to the events.

So, MITRE's NERVE network, where all the cool research and collabs happen, got gate crashed by a foreign nation-state threat actor. MITRE has contacted authorities and notified affected parties and is working to restore operational alternatives for collaboration in an expedited and secure manner

I am going to leave some basic questions and answers bellow to provide more clarity

Who is MITRE ?

• Not for profit Organization based in US

• Funded primarily by US Government

• Provides services in defense, cybersecurity, healthcare and transportation

• Their popular initiatives

  • CVE

  • CWE

  • MITRE ATT & CK

What is Ivanti Flaw ?

A known weakness in Ivanti Connect Secure VPN solution which enables unauthorized access to sensitive data primarily through server side request forgery

What is the impact for MITRE ?

As per to MITRE , one of their Unclassified Research Prototype NERVE was breached

References

[1] MITRE press release

[2] CISA advisory on Ivanti Flaw

Who is CISA ?

CISA is the US organization responsible for federal cybersecurity and national coordinator for critical infrastructure security and resilience

What is MVSP ?

MSVP stands for Minimum Viable Security Product

Why do we need a MVSP ?

Ensure a product is “Secure by Default” for end-users and enterprises

What is MVSP Working Group?

Picture this: the MVSP Working Group is like a gathering of tech titans, with heavyweights like Google and Netflix teaming up to tackle the colossal task of "Secure by Design" and "Security by Default." It's like the Avengers assembling to save the digital world from cyber chaos!

What does this mean for us?

CISA joining MSVP working group would benefit the “Secure by Default” initiative in multitude ways

• Access to expertise

• Larger influence and advocacy

• Resource sharing

• Better standardization

• Promotes transparency and collaboration

The irony!

Oh, We are loving the irony here! So, since we're dubbing it the "Minimum Viable Security Product," does that mean the security is just gonna be... well, minimum? 😅 But hey!, we kid, we kid! Who needs maximum security when you can have the bare minimum, right?

Anyway as usual, some baby questions to take the first steps

What is “Cyber Security Framework” ?

The NIST Cybersecurity Framework is a set of guidelines, best practices, and standards designed to help organizations manage and improve their cybersecurity posture.

Alright that was a bit of bummer , let it me break it down in superhero terms

Cybersecurity Framework is like a treasure map for companies. It gives them step-by-step instructions on how to protect their digital stuff, like their websites and important data, from bad guys who try to break in and cause trouble.

Who is behind “Cyber Security Framework” ?

National Institute of Standards and Technology (NIST), which is a part of the U.S. Department of Commerce is behind this initiative

What is new in 2,0 ?

• Introduces a sixth function “ Govern”

• “Implementation Examples” are a cool addition

• Better “Integration with other frameworks” such as CIS , ISO27001

• Emphasize on “Supply chain security”

Whom does it concern ?

• Executives ( CEO, CTO, COO etc. )

• Cyber security professionals

• Risk managers

• Regulators and policy makers