New Episode Alert EP143

In episode 143 for October 19th 2020: Microsoft gets creative to help take down the TrickBot botnet, details on how attackers have been using VPN flaws to attack election support systems, and Zoom's rollout of end-to-end encryption.

Are you like most of us in that we seem to be constantly checking our smart phones for the latest Tweet or Facebook update?

In Last week's episode, I had a great conversation with Kevin Johnson about the popular Netflix movie, The Social Dilemma

, which highlights this exact problem and how the social networks are designed specifically to keep us focused on social media and scrolling through our feeds, which as you might be aware, is extremely bad for our mental health. So if you haven't checked out this movie on Netflix, be sure you do but also remember that we have tools that we can use right now to help keep us less distracted and limit our social media use. One of these products is a faraday sleeve for your smartphone and if you want the very best you want one from Silent Pocket. Pick up yours today by visiting

silentpocket.com

and because you listen to the Shared Security Show, take 15% off your order at checkout using discount code "sharedsecurity".

Microsoft and others orchestrate takedown of TrickBot botnet

Microsoft was in the news last week

for a pretty tricky maneuver that they were able to do in the US legal system via a court order to disrupt a massive ransomware botnet called TrickBot. Since 2016, TrickBot is one of the largest botnets discovered that has infected millions of systems around the world with ransomware. So what Microsoft did was make the case that TrickBot is causing harm to Microsoft's brand and reputation because victims often think that Microsoft and Windows is the source of their computer problems and not the criminals using TrickBot to infect their systems. Well the court agreed and allowed Microsoft and its partners to "disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers." Now it remains to be seen if these actions will completely dismantle this botnet or not but it does set new precedence since now companies like Microsoft can use copyright claims against malware and botnets. And that my friends, is progress in the fight against ransomware.

Hackers used VPN flaws to access US govt elections support systems

The U.S. Cybersecurity and Infrastructure Security Agency said last week that advanced persistent threat actors

have compromised and gained access to some US elections support systems

by chaining together Fortinet and MobileIron VPN vulnerabilities and CVE-2020-1472 (aka Zerologon), which is a critical security flaw in the Windows Netlogon authentication protocol that allows attackers to elevate privileges to domain administrator after successful exploitation. This would enable an attacker to take control over the entire domain and to change user passwords. The good news is that there is no evidence that the attackers were able to use their access to compromise the integrity of elections data according to the joint advisory from the CISA and FBI.  The CISA advisory went further to provide recommendations to government and critical infrastructure, especially those involved with the upcoming US election to ensure VPNs are fully patched and updated and how to uncover and mitigate malicious activity. Let's just hope that system administrators of our election support systems are heading this warning as we get closer to election day.

Zoom to roll out end-to-end encrypted (E2EE) calls

And in our last story, popular video conferencing software

Zoom announced late last week that their long awaited end-to-end encryption capability will start to roll out

starting this week in a technical preview mode which will allow anyone to use the new feature for 30 days to give Zoom feedback. And to be clear, Zoom does provide encryption for current Zoom sessions but it's not end to end, meaning Zoom end-to-end encryption uses public key cryptography. What this means is that the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to what is used by most end-to-end encrypted messaging platforms today. To participate in the preview, you'll need to enable end-to-end encrypted meetings in your Zoom account settings and opt-in to end-to-end encryption on a per meeting basis.

So if you do decide to participate in the preview, how do you know end-to-end encryption is working? First, look for the green shield logo in the upper left corner of the meeting screen and second, you'll see the meeting leader's security code that they can used to verify the secure connection. The host can read this code to the participants and all participants can check that they see the same code. Note that this is just Phase 1 of a more robust end-to-end encryption implementation with single sign on as the next phase of this feature. Given that Zoom is one of the most popular video conferencing solutions due to the global pandemic, this is a much needed privacy and security improvement for all users of Zoom.

Watch this episode on our YouTube Channel!

SeptemberMonthly ShowEpisode 104In our September monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas.

Watch this episode on our YouTube Channel!

Please support our sponsors!

Take advantage of this exclusive offer and help support this podcast!

Visit

silent-pocket.com

to shop Silent Pocket's great line of privacy focused products.