Week 08: Social Engineering, Encoding and Encryption

Read article here

Increased social media usage means personal information is more exposed than ever before. Fraudsters can leverage this to enable better social engineering attacks. However, employees can protect themselves. First, if employees use strong passwords on their social media sites, the threat of social engineering attacks is reduced. Additionally, 60% of employee social media profiles are completely public meaning anyone can see their content. If employees make their accounts private the threat of social engineering is reduced even further. Other approaches that can help are making sure that employees are well educated about the risk of making their information private and the threat of social engineering. Finally, in order to provide employees with a safety net, companies should implement safeguards so that if employees do fall prey to social engineering it doesn’t lead to an organization wide data breach.

http://www.pcworld.com/article/3133923/security/easy-to-exploit-rooting-flaw-puts-linux-computers-at-risk.html

I thought this would be an interesting article to post because we used these tools in our virtual machines.  The maintainers of the Linux distributions are patching a privilege escalation vulnerability, which is a major risk to the servers, desktops and other devices that use the operating system.  The vulnerability has been named the Dirty Cow, it allows an attacker to gain to a limited user account to get root privileges and control the system.

We were under attack- said the New York Times in today’s edition, based on users’ reported sporadic problems reaching several websites including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times.

Reports from Dyn, a company that servers to monitor and reroute internet traffic said that they experienced a DDOS attack just after 7:00 a.m. Friday morning. Some users reported inaccessible sites from East Coast and it spread westward in three separate waves until evening hours.

Other reports associated to this incident mentioned that the attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected and here is the kicker, without their owner’s knowledge, allegedly with software that allows a hackers to commend them to flood a target with overwhelming traffic.

Kyle York, Dyn’s chief strategist, said in this article that others that host the core parts of the internet’s infrastructure were targets for a growing number of more powerful attacks, and “the number and types of attacks, the duration of attacks and complexity of these attacks are all on the rise,” Mr. York said this morning.

We often cover topics about IDSs in class. It is a system(s) embedded within computer networks against malicious activities or policy violations. For example, an IDS infrastructure does so by analyzing incoming network traffic. However, this article titled “How to install Advanced Intrusion Detection Environment on CentOS” that I’m sharing with you provides a broader prospect about IDS, the Advanced Intrusion Detection Environment.

AIDE was developed to replace Tripwire licensed under the terms of the GNU General Public License (GPL). According to author of the article,  Jack Wallen, AIDE is recommended for better I.T. Security because it serves as a supplement layer of protection for CentOS environments. For those who might be interested in learning how to deploy AIDE on a network platform the correct way, here are some detailed instruction materials of how to install AIDE on CentOS.

Access the full article via the link below:

http://www.techrepublic.com/article/how-to-install-advanced-intrusion-detection-environment-on-centos/

intro-to-ethical-hacking-week-8

People expect public Wi-Fi at nearly all the places we go and expect to be connected all the time. Wi-FI users regularly connect to Wi-Fi in their homes, but they require mobility. According to the survey of Xirrus, a Wi-Fi tech company, 49% of them connect to public Wi-Fi at least three times a week, and 31% connect everyday. 89% of users connect to more than one network a day because people would switch to home and work Wi-Fi networks which are private, safe and only accessible to selected users. In addition, 70% of users are even willing to change hotels for better connection and security, but the need to be connected overcomes security concerns. Few public Wi-Fi networks encrypt and protect our data when we connect. This means private information are at risk of being stolen every time a person connect to a public Wi-Fi. Although 91% of the respondents admit that public Wi-Fi is insecure, 89% use it anyway. That means most of users are aware of the security risk of public Wi-Fi, but most of them decide to ignore it. The good news is that most public Wi-Fi networks holding by restaurants, airports or hotels are required to upgrade to provide better security for customers. Over public Wi-Fi, 83% of users access their emails, 68% of users access social medias, and 18% even log in for online banking. Although most of users know phishing, but there are still 30% of users unfamiliar to ransomware that is a malware installed on a victim’s computer, executes attacks to encrypt or access to your data and demands a payment to decrypt it or not publish it. The number of victims and the amount of demanded payment keeps increasing. 85% of users would blame themselves for.  hacks, while only 32% would blame Wi-Fi vendors and 24% would blame the venue. Wi-Fi users have to take the burden because most business do not educate their employees or provide necessary tools to help them stay safe. 46% of employees said that they didn’t receive any security training, and only 39% said they received one to two trainings in the past year. Companies should have their employees educated and trained regularly to ensure that they are always aware of the importance of security and won’t put their personal or work-related information under the risk of being exposed. However, there is still a large gap between employers encourage secure behavior and those do not. 47% employees are encouraged to use VPN for working when they are traveling for business. The good news is that most public Wi-Fi networks holding by restaurants, airports or hotels are required to upgrade to provide better security for customers.

 

Link: http://www.darkreading.com/cloud/public-wi-fi-use-grows-despite-security-risks/d/d-id/1327206

A security researcher recently discovered that the some of the email servers linked to Mr. Trump’s organization (including hotels and other businesses) has some serious security flaw. One of the biggest issue is that the email servers are running Windows Server 2003, an operating system that Microsoft hasn’t supported since July of 2015.  Even worse, the email servers are not patched. Also an issue is the use of out-dated software, in this case Microsoft IIS 6.0. IIS version 6 is a web server that comes with MS Windows Server 2003, so it is also unsupported by Microsoft. And to add to all that, the servers use one factor authentication. What’s interesting is the researcher got all this from doing what we’ve done in class in regards to reconnaissance. He searched through public info and he didn’t run any advanced scans. Isn’t ironic how Mr. Trump talks about the lack of security in Mrs. Clinton’s email servers but has the same issues with his own servers.

 

Links:

motherboard

arstechnica

trumporg site report

This article discusses the breach of OPM (Federal Office of Personal Management), this breach leaked information about roughly 22 million current and former employees became public in mid-2015.  It took close to another 15 months for Congress to complete a report on it. Hackers, said to be from China, were inside the OPM system starting in 2012, but were not detected until March 20, 2014.  A second group, who worked as a third-party contractor was also able to get access to OPM’s system, and it was not discovered until May 2015.  I was employed with the federal government in May 2014, so there was a chance that my information was apart of this 22 million names that were sent out.  I received several e-mails and letters in the mail informing me about the breach.  Below is a list of what the inspector general found about the security in place at OPM.

An inspector general’s report from November 2014 was blunt about a lack of basic security measures including:

• A lack of encryption
• No two-factor authentication for workers remotely accessing the system
• No inventory of servers and databases
• Lack of awareness of all the systems connected to its networks

Article Link:

http://www.csoonline.com/article/3130682/data-breach/the-opm-breach-report-a-long-time-coming.html?google_editors_picks=true

In the upcoming election on November 8th neither Hillary Clinton or Donald Trump have presented their cybersecurity initiative for their administration. When asked during the first debate regarding cybersecurity the candidates shifted blame to Russia and China and that they were responsible for the most recent attacks. Shifting blame to other countries and not addressing the real issues behind cybersecurity can effect the overall security of our country. Attacks on election systems can effect how the next presidential election will be played out. Russian hackers have already been found to hack into power grids in Ukraine disabling power to over 1.4 million people for over 6 hours. This is a concern for our critical infrastructure in the US. With our GDP relying almost 100% on information technology the next president needs to have policies in place to prevent catastrophic hacks from happening in the future.

Article: http://www.forbes.com/sites/ciocentral/2016/10/09/to-the-next-president-get-a-aational-cybersecurity-strategy/#370477096a0f

This article discusses the system, Acars, which is a decades old air-traffic messaging system, in need of a possible upgrade. Acars is used by airplanes to provide information on the status of aircraft components during flights. Although the information that is sent using Acars isn’t considered “safety critical”, Government and industry officials, as well as European safety regulators are worried about the possibility of vulnerabilities around this system. There hasn’t been any hacks aimed at the Acars system, but it seems like officials are worried that there might be vulnerabilities due to the lack of safeguards, which are available in newer networks (Acars system built in 1980).

It’s good to see officials take a pro-active step against cyber security, however, it’s also worrying that it doesn’t seem they know the exact vulnerabilities around this system. It looks like they are only trying to upgrade it because it is not “new” and from the 1980s. They need to do a better job at figuring out the vulnerabilities before blindly going in to upgrade to a newer system.

Article: http://www.wsj.com/articles/aviation-officials-step-up-cybersecurity-checks-of-older-messaging-system-1476556582