Issue 39 - Week of Nov 16th

1.       Following Paris attack, Clinton tells Silicon Valley to be a team player: Hillary Clinton wants Silicon Valley to stop being so stubborn. That's the message from the Democratic front runner in the US presidential race following attacks in Paris last week that renewed debate about technology's role in terrorism. Clinton told the tech industry it can't simply ignore the federal government's need to track down extremists and tech companies should not view government as its adversary. Federal officials have repeatedly requested an option that wouldn't weaken encryption for everyone but still make it possible for law enforcement to track potential foreign spies and violent extremists.

2.       Counter view: Tech group rejects push to let Govt. into encrypted data: In its first comments since the attacks, which killed at least 129 people and wounded hundreds more, the Information Technology Industry Council (ITI) argued that ensuring access to encrypted devices would be ruinous for global security. "We deeply appreciate law enforcement's and the national security community's work to protect us," said ITI CEO in a statement. "But weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy.

3.       Dyre banking malware: Windows 10 and Edge browser now targets: The notorious Dyre banking malware has been updated to take on Windows 10 machines and hook its claws into the Edge browser. Dyre appeared on the cybercrime scene in July 2014 and has quickly gained a reputation as a nasty piece of malware that aims to steal credentials. It's been found to target Salesforce users and banking customers. When a Dyre infected user tries to open any banking site, the credentials are first stolen and then the malware tricks users to call a telephone number and the person on the other end scams these victims.

4.       Crooks use old-school Conficker virus to infect police body cams: It is not surprising when Chinese phones come with pre-installed malware but it is definitely surprising when police body cams come with pre-installed malware. The malware infects PCs physically connected to the body cams and it spreads quickly across the network. Conficker was a major concern a few years ago, mostly for Windows devices.  IoT vendors are driven by time to market, functionality, and pricing pressures, meaning they will invest very little time, effort and money on IoT device security. This puts the onus of securing the devices before and after installation, very much on the users.

5.       2015 has been very successful year for hackers: The number of data records lost (in the first 10 months) to hackers is more than twice that of 2014. Researchers have now found that the Exploit kit activity is on a massive upswing and that the command and control (CnC) infrastructure behind these kits has mushroomed last quarter. The cybercrime economy thrives on this infrastructure and hackers rent it for as low as $500/month and earn $80k in returns. Angler, Magnitude, Neutrino, and Nuclear are the 4 major exploit kit families, with Angler estimated to have 82% market share. If these patterns remain consistent, one can expect 2016 to be deadlier than 2015.

6.       A 23-year-old Windows 3.1 system failure crashed Paris airport: A Paris airport was forced to shut down earlier this month after a computer running Windows 3.1, a prehistoric operating system, crashed in bad weather. The system connected the weather Bureau to ATC and this crash grounded flights for several hours. Older / obsolete systems are likely to have several known vulnerabilities and these remain prone to attacks and crashes, with rarely any support from OEM.

7.       Thousands of sites infected with Linux encryption ransomware: We discussed this last week, now there are several reports of infections coming in from various parts of the world. Researchers say the ransomware is designed to infect Linux machines set up to host websites by exploiting vulnerabilities in the Magento e-commerce platform and various content management systems (CMSs). It is estimated that there are over 3000 infections and the number will continue to rise. This infection does not depend on Social engineering it is exploiting a known vulnerability and hence it is strongly encouraged to update any outdated software.

8.       HDFC bank to monitor ATM fraud transactions on real time basis: Almost everybody carries a smart phone today and location of the phone can be easily found out. The Bank will be able to use this data and match it with the ATM location data. If the ATM card is being used at a location which is at a different location from the phone, then it will raise an alert. The bank's software can then either decline the transaction or seek a confirmation from the user before allowing the transaction. The bank is yet to lay down rules regarding the distance between  the ATM where the transaction is taking place and the mobile phone.

9.       Indian hackers target Pak Govt. entities: Two India-based cyber hacking groups have attacked defense and government establishments of Pakistan and some West Asian countries last month. The attacks were in the form of spear phishing, where an email with an attachment or link is sent to targeted individuals to gain unauthorized access to confidential data, the links used were that of spoofed new agencies websites to attract clicks. These APT attacks were only targeted to Govt. agencies.

10.   Spy firm publishes Price List for secret hacker techniques: The buying and selling of secret hacker techniques known as “zero day exploits”, has long taken place in the dark, hidden from the companies whose software those exploits target, and from the privacy advocates who criticize the practice. But one zero-day broker is taking the market for these hacking techniques into the open, complete with a full price list.  See below. In related news, a different firm that paid $1M for latest Apple hack is also in the business of selling Zero day exploits.