Sunday, January 8, 2017

Issue 98- Week of Jan 2nd


1.      KillDisk - the world's biggest Ransomware?: KillDisk malware was originally used in the Ukraine energy attacks of 2015. Now researchers have found a Linux variant of it, which makes the Linux machine unbootable. It also demands an unusual high Ransom of 222 BTC (approx. $200K). Prevention is the best solution to Ransomware. Regular Backups & good Web Security solutions recommended.

2.      Koolova Ransomware: Users infected with this Ransomware can obtain the decryption key for free if they read two articles about Ransomware. This certainly is not the best way to build awareness about Ransomware. 'Popcorn time', another interesting Ransomware in news last month required the victim to infect two others to obtain the decryption key for free.

3.      Ransomware in Schools: In UK, cybercriminals pretending to be Govt. officials have been cold-calling schools to obtain email ids of key staff, to email them 'Supposedly' important docs. These docs actually contain malware which encrypts the school's machines. The hackers then demand a ransom of £8000. Similar scams are run by sending malware infected fake POs to sales organizations and fake resumes to HR depts..

4.      Mongo DB under attack: MongoDB had an vulnerability in which the database could be accessed without any authentication. A patch was later made available but some of the admins did not patch. Hackers are now deleting such databases before making a copy, they are willing to return the data for a Ransom of 0.2BTC ($150). Thousands have been affected; Upgrade of MongoDB strongly recommended.

5.      Tech support scam hits Mac: Users not on the latest Mac OS are prone to this malware infection, which opens several draft email windows with subject line "Virus detected call support on +1-800-xyz). This goes on till the laptop suffers memory issue and crashes. The trick is to get the victims to call, scare them to sell support which they really do not need. See image below.

6.      D-Link Sued: After the recent massive DDoS attacks, the US watchdog FTC has sued D-Link for its poor security. This move by FTC will go a long way in improving the security of IoT devices which the manufactures have not taken very seriously - most likely to keep their costs low. Usage of default passwords allows hackers to break-in easily; it is strongly recommended to avoid using default passwords.

7.      FTC announces $25K reward: Keeping in mind the role IoT played in the recent massive DDoS attacks, FTC has announced a reward of $25K to anyone who can create a solution that will patch all vulnerable IoT devices. A serious challenge in IoT is that many of these devices do not have ability to be patched remotely. Issue 88 - we saw a Chinese company admitting its products were misused to launch the DYN attack, later the company recalled some of the devices.

8.      Netgear announces Bug Bounty program: Last week, Netgear launched its Bug Bounty program in which it will reward hackers up-to $15K for responsible reporting of flaws found in its products. Several companies offer such programs the biggest one being that of Zerodium which offers $1.5M for bugs in iOS 10 Zero-day exploits.

9.      Critical RCE bugs patched: Websites using PHPmailer/ Swiftmailer/ Zendmail, were vulnerable to a RCE (Remote Code Execution) bug. Using contact/registration forms - hackers could run arbitrary code thereby compromising the site. All the vulnerabilities have now been patched. Admins can consider updating.

India's pitch to Google: India's IT minister told the visiting Google CEO to play a 'more meaningful' role in countering cyber threats. Experts are not sure what exactly a company like Google can do to increase cyber security. As India is rapidly moving towards Digitalization - the cyber-threats will grow disproportionately. 'Digital India' will slow down if these threats become mass and real.


Sunday, January 1, 2017

Issue 97- Week of Dec 26th - Happy New Year

Issue 97- Week of Dec 26th

1.      US Election hacking fallout: US expelled 35 diplomatic personnel from Russia embassy last week, it is alleged these Russians interfered in US presidential election by hacking the DNC. Russia did not do the usual tit for tat but it trolled President Obama by calling him a Lame duck.

2.      Super Mario Run APK is a malware: Nintendo's 'Super Mario Run' was released recently for iOS devices only. Some of the Mario lovers went looking for the Android version of the game outside the Goggle play store and ended up with malware. This malware can take full control of the Android device. It is advised to wait for the official version on Play Store.

3.      Lithuania computers infected with Russian Spyware: Reuters reports that Lithuania has accused Russia of cyber-attacks on it Government networks. Lithuania fears Russia is trying to infiltrate its political sphere. Russia has rejected this as Laughable and unsubstantiated. Meanwhile in Germany, its intelligence believes Russia may interfere in its National elections in 2017.

4.      Application for Marijuana seller's details leaked: Recreational marijuana is legal in Nevada. Details from the 11700 reseller applications that Nevada state government had received was easily accessible via Google on the State Government's Website. Experts are not willing to call this a cyber-hack. The site is currently down.

5.      Another DDoS attack: For most part of 2016 - DDoS attacks was launched using Mirai botnet in hacked IoT devices. Last week - A 650Gbps attack was launched using a new botnet called Leet Botnet. Issue 84 - A 1.5Tbps attack was launched on France-based hosting provider OVH and Issue 87 - DNS provider DYN suffered massive DDoS attack.

6.      Android Trojan infects Wi-Fi router: A new Android Trojan called Switcher comes in disguised apps and does not affect the device but targets the Wi-Fi router it is connected to. It changes the DNS settings of the router to redirect traffic to malicious websites. Issue 95 - we saw something similar called 'DNS Changer' - where the router was attacked via a PC. Issue 94 - we saw Stegano Malvertising redirecting traffic.

7.      Amazon Echo's help required to solve murder case: Amazon Echo is a smart device that responds to voice commands. This device was being used in a home where a murder took place. The police have issued a Warrant to Amazon to handover the voice recordings during the suspected time of murder. Amazon has declined. Sounds very similar to Apple v/s FBI case wherein Apple declined to unlock the San Bernardino terrorist's iPhone.

8.      InterContinental Hotels may have been hacked: After a debit and credit card fraud pattern was found at some of the InterContinental properties - the hotel has launched an investigation.  Kimpton Hotels & HEI Hotels & Resorts (which operates Marriott, Hyatt and Sheraton and Westin hotels) recently suffered PoS breach.

9.      Critical flaws in PHP 7 detected: Experts have found 3 critical 'Zero Day' vulnerabilities in PHP 7. Two of the flaws allow hackers to take full control of the web server and steal data. The third flaw helps in DoS attack shutting down the server. PHP was notified about these flaws in Sep and as of now they all have been patched.

10.   Security and demonetization: Recall the story we discussed in Issue 49 - wherein a Bangalore businessman's account was hacked and $70K was stolen. The hackers were able to very easily obtain a duplicate SIM card of the businessman's phone number and then hack the bank account as the OTP was now being delivered to the criminals. With Demonetization and Digital India - thousands are embracing e-wallets and online transactions every day. Criminals now have a much wider attack surface, one should stay alert to prevent such hacks.


Source - idtheftcenter.org