Good morning,
This week we will look at Unix/Linux network controls.
We are reviewing for our 2nd test, please bring all your questions, we will be taking time to complete the University survey. After everyone has their questions answered we will begin the quiz will be released for this week.
If anyone has any questions as always please reach out to me and I’ll be happy to work with you.
In The News:
When Identity Thieves Hack Your Accountant
- The Internal Revenue Service has been urging tax preparation firms
Use of Secure VPN to use the internet
- Protect you browsing from your ISP
‘iTunes Wi-Fi Sync’ Feature Could Let Attackers Hijack Your iPhone, iPad Remotely
- Why you should always carry your…
This weeks slides: Week_14
Atlanta spends more than $2 million to recover from ransomware attack
https://finance.yahoo.com/news/atlanta-spends-more-2-million-202000413.html
. the attackers ‘only’ asked for $51K but the city of Atlanta ended up shelling out $2.7M for what ultimately became an unmitigated disaster and cautionary tale about crisis management and the importance of taking basic steps to protect systems.
I read about this when it first happened last month and remember thinking to myself that they are screwed financially, and this article proves it. Like the article points out, victims of these types of attacks have two options, pay the ransom and hope they get their data back, or refuse to pay and lose all the data that was compromised, which, when combined with the remediation and recovery costs, can get to be much much more expensive than the original ransom request.
I thought it was interesting that one individual estimated that they could have spent about 10 – 20% of the cost to bring in the consultants to help with the issues prior to the incident. I guess that estimate ($270K – $540K) assumes the city already has a security department that can implement and sustain the services recommended by the consultants. Security resources are expensive (cheers from the ITACS student peanut gallery) and so are the control capabilities that would have prevented or detected this. I could easily see a city government investing millions in consulting fees, full time resources, and control capabilities to prevent an attack like this.
Yeah, I don’t believe that $270k-$540k would cut it for this. That’s essentially the salary of 2-6 full time employees IT security for an entire city would be much more costly with the types of systems, applications, and resources required to lock down the system in a better manner. I agree that it would have taken a few million to even come close to enhancing the security of the systems throughout the city.
agreed but that being said this is going to used to justify future consulting engagements for the rest of time! 😉 As everyone knows, these sorts of high profile incidents just keep the revenue flowing for consultants;)
Microsoft is now building its’ own Linux OS for IoT devices. They are focusing on protecting microcontroller-based IoT devices, including smart appliances, connected toys, and other smart gadgets,
“Azure Sphere provides security that starts in the hardware and extends to the cloud, delivering holistic security that protects, detects, and responds to threats—so they’re always prepared,” Microsoft said.
https://thehackernews.com/2018/04/microsoft-azure-sphere-iot-linux.html
This is a very necessary and, what seems to be, a very well thought out system. It’s a fully designed end to end system from the custom designed microcontroller units, to the specially designed OS, to the cloud based connectivity which takes care of software and security updates.
IOT devices are some of the most insecure devices in today’s world, and this ecosystem could be a very big step forward in securing these devices.
A very interesting model. I especially thought the service used for device-to-device and device-to-cloud certificate-based authentication is an interesting concept to secure IoT devices. I assume this is something that could prevent rogue bots (e.g. Mirai) from communicating with the devices.
Use of Secure VPN to use the internet
Protect you browsing from your ISP
http://thehackernews.com/2017/03/secure-vpn-services.html
It’s really unfortunate that we don’t really have government backing our own privacy anymore in favor of how to let companies clear a better profit off of selling our information. I’ve known about VPNs for many years ever since I decided to study abroad in China back in 2012. In case anyone is unfamiliar, China has one of the most in-depth and strong censoring systems on the internet within the country and blocks any website or web content that it deems unfit for its citizens. This include sites like facebook, google, and can even include any information it wishes to hide from its citizens, such as any information about the Tianmen Square Protests and Massacre of 1989.
I was able to get around “The Great Firewall” through the use of a VPN. With the intense information gathering and selling and hacking going on nowadays, VPNs can be even more important to protect our browsing history, and our privacy through the use of these VPNs.
In addition to privacy, other VPN benefits include access to your US Netflix catalog and other geographical based streaming services when traveling out of the country!
That’s a good point. I hadn’t thought of that. VPNs are essential if you’re ever considering becoming an expat in another country.
https://thehackernews.com/2018/04/iphone-itunes-wifi-sync.html
The article talks about the risk of trusting another computer when you plug your iPhone in the USB port to charge it. I rarely ever do this, but when I do use a computer USB to charge my phone, I never “trust” it. This article also talks about the risk of connecting to free airport charging stations and warns against “trusting” those. I remember reading another article that talked about the risk of plugging your phone into public outlets and charging stations. Apple has implemented some additional controls that require you to enter your password when trusting a computer, however Symantec advises that they should increase the controls – i.e. provide users with “noticeable indication or mandatory re-authentication between the user’s device and the trusted computer after a given interval of time.” Good suggestions.
I agree. The additional control which apple implemented is a step in the right direction, however I agree with the idea that mandatory re-authorization after a specified time interval passes. That way, even if someone gets control, they will only be able to until re-authorization is required.
https://boingboing.net/2018/04/25/hospitality-industry.html
In 60 seconds, security researchers can clone the master hotel-room keys for 140,000 hotels in 160 countries
Hackers with an room hotel key are able to derive the master keys to unlock every room. This vulnerability is not going to work for every RFID card scanner.Researchers alerted Vanguard (the main company susceptible to the hack) years ago of the vulnerability but some common problems present themselves. Hotel card locks are old, not connected to the internet (that could be a good thing) and it is up to the hotel to uptake and patch.
The researchers were unwilling to give the full details of the hack or how to derive the master codes but they loosely described it as using the location of a door to interpret the final code.
Vanguard had released some patched but unfortunately without a way to force the update all your hotel visits might as well be an open door policy.
https://thehackernews.com/2018/04/drupal-vulnerability-exploit.html
Drupal is an open source content management system that is written in PHP and it powers millions of websites. Drupal has been found vulnerable to a critical remote code execution vulnerability. This remote code execution vulnerability could allow miscreants to take over a website’s server, steal information or alter the pages. The fix is to apply the latest security patches.
https://arstechnica.com/gaming/2018/04/the-unpatchable-exploit-that-makes-every-current-nintendo-switch-hackable/
“The “unpatchable” exploit that makes every current Nintendo Switch hackable ”
Thought this was interesting, as game console manufacturers have unique challenges for preventing privacy. The Nintendo Switch uses an Nvidia Tegra X1 chipset which apparently can be hacked to allow arbitrary code to run. The hack involves short circuiting the hardware protection built in to Nvidia:
“By sending a bad “length” argument to an improperly coded USB control procedure at the right point, the user can force the system to “request up to 65,535 bytes per control request.” That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.”
Interesting article – I don’t have any sort of remediation ideas at the moment.
Pentagon confirms hack attempt against Defense Department credit card holders
https://www.cnbc.com/2018/03/15/pentagon-confirms- hack-attempt- against-defense- department-credit-card- holders.html
There is a confirmation from Pentagon that there was a hacking attempt against an online financial services portal of Defense Department which is managed by Citigroup. Citi provides consumers, corporations, governments and institutions with broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services and wealth management.
The hack was made to access several Citi credit card accounts of the Department of Defense and it also stated that there was a large no. of attempts that almost crossed 1 Million attempts. The confirmation came after a day when Citigroup told to a news channel that a “malicious actor” attempted to gain access to information for Pentagon-linked credit card accounts. The bank also responded to the channel’s company saying that the attack came from a computer that was randomly guessing cardholder account credentials and also the bank told that “No data compromise occurred”.
Energy sector on alert for cyber-attacks on UK power network
https://www.ft.com/content/d2b2aaec-4252-11e8-93cf-67ac3a6482fd
The UK Power Network has been brought under high alert after cases of power disruption in a fresh new cyber-attacks. There is fear on Russia’s ability to cause blackout or mass-attack on the country’s critical services from electricity grids to telecom networks. Moreover, with the recent US military attacks on Syria, there is a fear that Russia might impact the country’s energy sector by inducing cyber-threats through several channels. The country has been cautioned to protect its critical infrastructure and network systems before any such attacks causes widespread destruction.
The US and UK security services issued a joint warning in the wake of the military action that Russia was deliberately targeting critical western internet-based infrastructure and for the first time offered advice on how companies and utilities can protect themselves.
The nature of these attacks are now no simpler in nature. Telecom companies say that these cyber-attacks have become very sophisticated from attempts to hack people’s devices to more concerted efforts to get into the “plumbing” of the internet – the routers and servers that underpin internet access
U.S. UK Government Say Russia Increasing Infrastructure Attacks
http://www.eweek.com/security/u.s.-uk-government-say-russia-increasing-infrastructure-attacks
There have been increased concerns on the increasing Infrastructure attacks by some of the Russian cyber-criminals. These cyber-attacks have been targeted mostly towards Infrastructure systems such as routers, switches, and other infrastructure devices. Most of these attacks are of the nature of man-in-the-middle, espionage, hijacking and other attacks.
The main devices under threat are mostly used by larger companies and private sector industries where Infrastructure is a critical component. It is said that Russian attackers are depending on weak security, legacy protocols and service ports intended for administration purposes
What would be interesting to see is how SMEs would be able to prevent themselves from such attacks provided that the internal resources for defense is weak.