Malware researchers recently discovered a particularly dastardly new type of ransomware, still under development. It gives its victims the option to either pay up or infect others to get the decryption keys to their data. At the very least, it sounds like an evil social experiment.
Week 09: Malware
October is national cyber security awareness month. According to the author of this article, Mark Kaelin, this is an opportunity for enterprises of all sizes to take time to educate their workforce on lurking cyber security threats. We hold a “Selfies for Security Challenge” at my company in celebration of cyber security awareness this month. This is a selfie contest in which employees take selfies to display how they are protecting the company and our clients. Please share how cyber security awareness month is being celebrated this year if this is something they also do at your company or anywhere else you may know.
Recently, researchers have demonstrated that how attackers can cause fatal equipment failures by destroying the integrity of 3D-printed parts. In a proof-of-concept experiment, they sabotaged the 3D printed replacement propeller of a quadcopter by maliciously modifying its design, and thus caused the quadcopter to fall from the sky. Researchers simulated how attackers could use spear phishing emails to obtain access to the target controller PC for 3D printing, and install malwares on the target. The malware then downloaded the blueprint, and replaced the original blueprint with the one with developed sabotaged design. In the experiment, researchers modified the design file by inserting 0.1mm internal rectangular gaps into the joint, and the sabotage would remain unnoticed by a simple visual inspection. The propeller performed normally in the first three test cycles, but broke apart in the fourth cycle. This experiment is designed to expose the threat additive manufacturing companies face from increasing use of 3D printing. There are increasing industries started to use 3D printed parts in their products, such as aerospace and automotive industries. The growth of additive manufacture also attracts attention of hackers from criminal gangs or terrorists.
One thing I think interesting is that the design defect could not be noticed through visual inspections, and the quadcopter could even normally perform in the initial test. This would be very dangerous if this kind of attack happens in the real life. For example, if the 3D printing blueprint of a replacement part of an airplane is maliciously modified, the airplane may be still able to pass the visual inspection and flight mechanical test. However, the unnoticed defect may lead to airplane failures or even air crash later in real flight. In addition, I think this kind of attacks can hardly be conducted by an individual, because it requires both IT experts and experts with knowledge and experiences in the targeted industry. Therefore, this kind of attacks may attract more attention of terrorist organizations with adequate resources rather than normal hackers. This would become a great threat to governments, since many countries have already used 3D printing for weapon and aircraft manufacturing.
There has been another recent wide-scale DDoS attack, this time against Dyn DNS service. This company provides DNS service to Twitter, Etsy, GitHub, Souncloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom and Heroku. All the listed sites were affected. It looks like the DDoS attack was launched used IoT devices, which was similar to the attack on the Krebs site a month ago. I wonder if we will start seeing more of these attacks on DNS service providers, instead of specific websites.
This article discusses the details around the distributed denial-of-service (DDoS) attack that occurred on Friday morning using a large number of Internet of Things devices such as webcams, DVRs, and other smart devices that have minimal security features. Attackers were able to successfully impact the DNS provider Dyn for several hours while interrupting many large sites such as Amazon and Twitter. The attack is being labeled as an easy and non-sophisticated attack using simple devices and easily attainable malware.
The attackers used a botnet program called Mirai to gain control of all these devices. Mirai uses simple telnet commands to search for available devices and cycles through default login information until it is able to successfully gain access. Unlike normal servers, a majority of the IoT devices broadcast their version and model number once you connect to them.
With a large volume of IoT connected devices being added everyday, it raises the new concern of the lack of security in IoT devices. As showed on Friday, we now have to be concerned with a relativity easy attack that criminals can use to disrupt the internet.