Tuesday, January 19, 2016

Issue 47 - Week of Jan 11th


1.       Hyatt Hack: In Issue 45, we spoke about Hyatt hack. More details emerged last week. According to Hyatt, 318 hotels out of 627 in the firm's portfolio were infected last year. Hyatt has published the list of properties that were compromised across 54 countries - China, India and the United States are at the top of the list for malware-ridden hotel systems, with 22, 20 and 99 infected sites respectively.  The malware stole financial data including cardholder names, card numbers, expiration dates as they passed through Hyatt's infected payment processing systems. Hyatt Regency Lost Pines, also figures in the list and had suffered infection from Aug to Dec 2015.

2.       US intelligence chief's personal email, phone hacked: The hacker that targeted a CIA director last year is back to claim another senior government scalp: the Director of National Intelligence. Hackers claim to have broken into a series of accounts associated with Director, including his personal email account. The FBI warned last year that US police and officials were targets of hacktivist groups, and should in particular "be aware of their online presence and exposure."

3.       Suspected members of Bitcoin extortion group DD4BC arrested: DD4BC -- otherwise known as Distributed denial-of-service for Bitcoin -- is a group dedicated to extorting virtual currency from companies. Emerging in the middle of 2014, DD4BC used the threat of DDoS attacks and held companies to ransom unless they agreed to pay a fee in Bitcoin. For organizations such as banks, financial institutions and even gambling websites, network downtime is equated with an immediate loss of revenue, which can lead them to give in to demands. European law enforcement has arrested and detained two alleged members of a hacking group.

4.       Windows users face a dangerous world with end of support for older Internet Explorer versions: Microsoft ends support of Windows 7, 8 and IE 8,9,10. The tens of millions of IE users, will be at risk almost immediately, considering nearly every month IE remains one of the most likely target of hackers and attackers. IE 11 would be the last version of the aging browser, which first debuted in 1995. The browser has long been known for its security flaws and issues, which have bogged both Microsoft and its users down for years. When Windows 10 was released, the company began pushing its new Edge browser more aggressively as an alternative. The browser was heralded as being safer than its predecessor as it prevents adware and toolbars from hijacking dynamic link libraries.

5.       Serious security flaw in OpenSSH puts private keys at risk: A major vulnerability has been found and fixed in OpenSSH, an open-source remote connectivity tool using the Secure Shell protocol. The flaw was the result of an "experimental" feature that allows users to resume connections. The malicious server can trick an affected client to leak client memory, including a client's private user keys. The software is used on many commercial routers and firewalls, some versions of Ubuntu & Red Hat  operating system are affected by the flaw. Developers and admins are advised to regenerate and rotate keys, the Bottom line is - Patch now, and patch fast.

6.       Simple eBay security flaw exposed millions of users to spear phishing campaigns: EBay has patched a severe XSS security vulnerability which exposed potentially millions of users to phishing campaigns and subsequent data theft. Despite being informed of the bug privately, the online auction trading site allegedly left a critical XSS flaw open to abuse on the ebay.com domain, and only rallied to fix the issue after the media caught wind of the flaw. The Cross-Site Scripting (XSS) vulnerability, implemented through Java, allowed an attacker to inject their own malicious page within eBay via an iframe.

7.       Brazilian cyber-crime flourishes, catching up to Russian, Chinese groups: For years Brazilian operators used to be customers of Russian hackers but now they have started using their own homegrown tools. In terms of technical expertise - they seem to have caught up and they are now placed just behind Russia and China. Like the Russians, they focus on financial institutions but unlike the Russians or Chinese they do not have a relationship with their govt. While the basic skills in each country are the same, there are regional differences - Japan's hackers are focused on forging documents, Germany's underground is strong in encryption, the U.S. underground focuses on illicit goods, and while Russia and China are known for their espionage attacks against U.S. systems and focus on financial crimes and the creation of criminal tools.

8.       Juniper Networks moves to replace vulnerable code: At the end of 2015, Juniper Networks publicly disclosed that it had found previously unknown backdoor code on some of its firewalls. Juniper patched the issues and is now going a step further by replacing a core cryptography component in its ScreenOS operating system to further reduce any potential risk. Last week, a security researcher discovered a highly suspicious code in Fortinet's FortiOS. A SSH backdoor with a hardcoded password (now leaked) that can be used to access the firewall. A fact to be noted is anyone using this backdoor account doesn't appear in the device's access logs, as the backdoor might be tied to its FortiManager maintenance platform.

9.       Hack WiFi password from smart doorbells: The buzz around Internet of Things (IoT) is rapidly growing. Another household device to join the IoT world is a Smart Doorbell. With these Internet-connected Smart Doorbells, one can get an alert on the smartphone app every time a visitor presses the doorbell and also view who's in front of the door. Security researchers have discovered a critical security hole in  Wi-Fi-enabled video doorbell that could be used to expose the home network password. Hackers can access a button behind the doorbell to slip the device in setup mode and access the password in the config file using their mobile's wifi.


10.   Indian Banks & Big industry targeted in Ransomware racket demanding Bitcoin: Three banks and a pharmaceutical company in India have been revealed as targets of a ransomware that saw a ransom demand in bitcoin. In what is now the first known instance of an online extortionist demanding ransom in bitcoins from Indian targets, the Economic Times has revealed that hackers disrupted operations by crippling computers at three banks and a pharma company. In all four cases, the hackers are said to have used the Lechiffre ransomware. Having encrypted all files, the hackers demanded one bitcoin each (about Rs 30,000 at current prices) per computer for a total running into millions of dollars.

2 comments: