Issue 28 - Week of Aug 31st

1.       People tend to expose a lot of information on LinkedIn / to headhunters -  about their work environments, colleagues, the company's infrastructure and even internal projects. There are multiple cases where attackers have used fake LinkedIn profiles to gather sensitive information about organizations and their employees. This reconnaissance helps in knowing who is the manager of a particular department in a company or who is a member of the organization's IT staff can be very useful in planning targeted attacks. Armed with this RECON information hackers launch their next step of attacks with ultimate objective of stealing data.

2.       An Anonymous group called GhostSec, has launched an online battle against members of the Islamic State group. The hacktivists are targeting and attacking the online network of supporters and suspected websites of the IS including social media accounts. So far 60000 twitter accounts of jihadists have been shut down, Ghostsec has also used DDOS attacks, brute force attacks and SL Injection to halt IS communication network. The group's mission is to eliminate the online presence of Islamic extremist groups to stymie their recruitment and limit their ability to organize international terrorist efforts.

3.       A new kind of malware targeting jail-broken iPhones and iPads is able to steal security certificates, usernames and passwords, and other private account data. The malware, dubbed KeyRaider, intercepts iTunes traffic on the device, stealing usernames, passwords, and unique device identifiers, which are then uploaded to the malware owner's server. More than 225,000 users from 18 countries are thought to be affected by the malware. The malware is also known to have locked devices, holding them for ransom, an increasingly popular method of generating potentially vast sums of money for attackers.

4.       24 Chinese Android Smartphone Models Come with Pre-Installed Malware. Chinese middlemen suspected of adding malware to smartphones before they are shipped to customers. The middlemen not only make margins selling the device, they try to make extra bucks by using stolen user data and enforced advertising. The malware is hidden as an add-on in legitimate Android apps and cannot be uninstalled as it part of the firmware. The malware is of poor quality and it can be easily targeted and misused by other attackers to launch different attacks.

5.       Fraudsters increasingly rely on legitimate administrator tools instead of malware to successfully breach systems and steal data. They first use social engineering techniques and/or spear phishing to trick legitimate users to share their credentials. Once they have access to the credentials, they use legitimate tools like RDP, FTP, PowerShell, etc. With access to the systems they move laterally within the network to steal IP and other credentials. These type of attacks are very difficult to stop as they use legitimate tools, the only way to stop them is by knowing what is considered normal behavior for a user or a system admin and to flag an alert when an admin logs into a server at an unusual time or uses RDP from a different system. User education against phishing and unwarranted credential sharing is another acceptable method to stop this menace.

6.       Sony Pictures Entertainment sidestepped a class action suit by reaching a settlement with former employees whose information was exposed in a high-profile breach. On the cusp of a hearing to determine whether a lawsuit against Sony Pictures Entertainment should be turned into a class action suit, the company has reached a settlement with nearly 50,000 former employees after a breach exposed their personal information online. A data leak / hack can haunt the company for many months draining it valuable time and financial resources, Sony was hacked in Nov'14.

7.       Fallout of OPM Hack - China and Russia are using leaked OPM data to target U.S. spies especially those based in their countries. They are aggressively aggregating and cross-indexing the databases which includes security clearance applications, airline records and medical insurance forms - to identify U.S. intelligence officers and agents based in their soil. At least one clandestine network of American engineers and scientists who provide technical assistance to U.S. undercover operatives and agents overseas has been compromised as a result, according to two U.S. officials.

8.       US Feds putting teeth into requirements for corporate cybersecurity - Poor corporate cybersecurity is no longer an option. Businesses in the USA that fail to protect their customers’ sensitive information will now face even greater federal penalties. A US appeals court is allowing the Federal Trade Commission to sue global hotel chain Wyndham over breaches the company experienced in 2008-2009. Insufficient security practices that led to significant losses of customer data will be considered “unfair and deceptive trade practices.”

9.       Cybersecurity poses the biggest challenge and it is high time India took a lead at the world stage in addressing this issue, BJP MP Tarun Vijay has said. "The biggest challenge before India will not be as much of oil crisis or water or the military expansionism of the neighbors, it will be cybersecurity. No other factor is going to match this challenge of cybersecurity," he said.  Other cybersecurity news to grab the Indian media attention was that of Amitabh Bachchan’s Twitter account getting hacked. He later tweeted saying - "WHOA !..My Twitter handle hacked ! Sex sites planted as 'following' ! Whoever did this, try someone else, buddy, I don't need this !".