Uncategorized
Tor Users Targeted With Firefox Zero-Day Exploit
Since we had a brief discussion about TOR last class I thought this article was interesting. It talks about a Zero-Day exploit that propagated on the TOR network. It took advantage of a FireFox exploit and was very similar to one that the FBI has used in the past. Unfortunately these are older vulnerabilities that have still not been patched up. But the point is that TOR is a probably not ideal for people seeking privacy or secure web browsing.
http://www.securityweek.com/tor-users-targeted-firefox-zero-day-exploit
Burp Suite Analysis – Philadelphia Gas Works (PGW)
burp-suite-scan Powerpoint
pgw-burpsuite Word document
Over-the-Air Update Mechanism Exposes Millions of Android Devices
The insecure implementation of the OTA (Over-the-air) update mechanism used by numerous Android phone models exposes nearly 3 million phones to Man-in-the-Middle (MitM) attacks and allows adversaries to execute arbitrary commands with root privileges.
The vulnerable OTA update mechanism is associated with Chinese software company Ragentek Group, which didn’t use an encrypted channel for transactions from the binary to the third-party endpoint. According to security researchers at AnubisNetworks, this bug not only exposes user-specific information to attackers, but also creates a rootkit, allowing an adversary to issue commands that could be executed on affected systems.The code from Ragentek contains a privileged binary for OTA update checks as well as multiple techniques to hide its execution. Located at /system/bin/debugs, the binary runs with root privileges and communicates over unencrypted channels with three hosts. Responses from the remote server include functionalities to execute arbitrary commands as root, install apps, or update configurations.
The issue, tracked as CVE-2016-6564, is that a remote, unauthenticated attacker capable of performing a MitM attack could replace the server responses with their own and execute arbitrary commands as root on the affected devices.
http://www.securityweek.com/over-air-update-mechanism-exposes-millions-android-devices
Burp Suite Analysis – Philadelphia Truck Lines
Week 12 Presentation
Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System
Hackers successfully encrypted over 2,000 servers and PCs that are used to run San Francisco’s Light Rail Transit system. The hackers demanded 100 bitcoin (~ $73,000 USD) for the key to decrypt the data. The attack mainly impacted e-mail and payroll systems, but agency shutdown their ticket vending machine as a precaution and allowed traveler to ride for free on the light rail system for most of the day Friday and all day Saturday. This was one of the biggest travel days of the season.
The attack was conducted using malware called HDDCryptor. It does not appear the the attackers were targeting the agency. They cast a wide net and found success in the vulnerable environment.
Although it may have taken the agency more time to get the systems back up and running and they probably lost more than $73,000 in ticket sales, I think it was the right move to resolve the issue without paying the ransom. They probably learned a lot about weaknesses in their environment and sent a strong message that they will not submit to the demands of these criminals.
link – http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#158b80fe54dd
http://www.wsj.com/articles/after-ransomware-san-francisco-offers-free-light-rail-rides-1480366454
Ransoc, A New Type of Ransomware
A new ransomware variant was discovered been in the past few weeks. This variant doesn’t encrypt your hard drive or anything like the traditional ransomware instead it displays a full screen web application that prevents a user from accessing other applications nor the operating system. Called Ransoc because of it’s connections to social media, the malware searches for illegal files on the system and scrapes social media information from the user profiles. Social media accounts include Facebook, Linkedin and Skype. Ransoc also prevents the user from killing the malware through regedit, msconfig or task manager as it resets and checks every 100s. Depending on what is found that is illegal (it searches the system for child pornography, media files downloaded through torrent, etc) the ransomware displays a fake legal notice in full screen view (similar to a browser locker) threatening to expose the user if they don’t pay. Normally the payment is made using bitcoins but in this case the credits cards are even accepted. The gutsy approach is confidence that the user will not contact authorities to minimize the risk of getting exposed.
http://www.sectechno.com/ransoc-malware-that-uses-social-networks-for-a-customized-attack/
https://www.proofpoint.com/uk/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles
This $5 Device Can Take Over a Computer—Even If It’s Locked
This article explains a pretty nasty device. It can take over your computer using remote code execution even it is locked. The author recommends putting your device to sleep when you walk away from it, but I can imagine that someone could just turn the device back on and plug this thing in.
The other suggestion is to cement the USB port so that it is unusable. I think that is the most secure thing to do, but it’s not always practical and USB ports can serve critical business needs. I think its more strategic to implement end point security that would block malicious devices and alert on abnormal activity.
http://gizmodo.com/this-5-device-can-takeover-a-computer-even-if-its-loc-1789062061
Holiday season cyber crime forecast
This article is slightly dated-it’s the forecast for the 2015 holiday season and cyber crimes associated with that time of year. One, I would assume, can be almost certain that the forecast for this season is probably very similar. With Black Friday and Cyber Monday coming up, the holiday shopping season is basically here. The spike in hacking/stealing during November and especially in December is staggering. The greatest threat of all hacks comes from financial hackers which is no surprise given the amount of money that is processed during the holiday season. Second is attacks from a political cyber warrior. I think I’ll be spending a lot more old fashioned cash this holiday season.
tis the season to be hacking- Forecast for Cybercrime activities during the holidays