Week 11: SQL Injection

https://www.fenderbender.com/articles/9799-the-challenges-autonomous-cars-pose-to-future-of-cybersecurity

Moving forward there are potential challenges for autonomous vehicles that may create for the future of cybersecurity. Risks such as hacking are one of the many threats linked with these cars. The Alliance for Telecommunications Industry Solutions (ATIS), the risks of cyber intrusion can vary from access to the personal and financial information of the owner, driver or passenger, to even the loss of control of the vehicle. The stat that I also found interesting is that more cars become connected, the more cyber security concerns will rise, especially since the connected car market is expected to quadruple by 2021.It is no longer just GPS or satellite radio, cars are connected throughout and into dealerships and personal homes.

https://thehackernews.com/2017/06/wordpress-hacking-sql-injection.html

Speaking of wordpress since we use that here  🙂  This site basically sums up how vulnerable sites that use

a WordPress plugin are potentially to sql injection related attacks.  Hopefully our schools site doesn’t use this

plugin that is causing all sorts of problems.

This is a interesting article about how the US government found Russian cyber security software on their computers. According to the article 96 of the 102 government agency had this software on their computers. IT is a pretty interesting article cause it shows that no matter how high the security is people can still get in and mess around with stuff.

 

https://www.wsj.com/articles/russian-cybersecurity-software-found-on-u-s-government-computers-1510693733

Snowbug is a group that has been active since 2015 and seems to be highly interested in foreign policy information from diplomatic and government entities. The group’s victims include organizations in Brazil, Peru, Argentina, and Ecuador. The hacker group has also targeted Southeast Asia like Brunei and Malaysia. The group was first spotted in 2017 when Symantec discovered a brand new backdoor dubbed Felismus being used against a target in Southeast Asia. What makes this group a major focus is the hacker group’s target, South America, which is quite rare. The targets are usually within the United States or Europe. A big takeaway from this article is that this issue is a global issue and no region is safe.

https://www.darkreading.com/attacks-breaches/south-america-the-target-of-sowbug-cyber-espionage-group/d/d-id/1330349?

 

https://www.darkreading.com/endpoint/new-banking-trojan-similar-to-dridex-zeus-gozi/d/d-id/1330407?

A newly discovered banking Trojan called IcedID looks monitors online activity. It sets up a local proxy and intercepts traffic, sounds like something we learned in class!

According to the article, a BBC journalist has discovered a security flaw in the office collaboration tool Huddle that leads to private documents being exposed to unauthorized parties. A huddle is an online tool that lets work colleagues share content and as states that Huddle is the global leader in secure content collaboration. The BBC journalist believes that there is an access control problem with Huddle which allows the BBC journalist has the full access to KPMG account and put out the information about clients and financial documents.

http://www.bbc.com/news/technology-41969061?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

A plastic surgeon of the celebrities in London decided to fight back against the hacker group, “Dark Overlord” after the group downloaded patient pictures and information.  Fighting back by organizations has been on the rise and called, “Hacking Back”.  The article mentions organizations deploying several different resources to gather information on the hackers and initiate an offensive against the hackers.  The article didn’t mention any statics on the success, but I would imagine it would depend on the size and capabilities of the hackers.

The Dark Overlord is a hacking group that has taken credit for several major information system hacks over the last several years.  They have been growing and do this as a full time job.  Just like we go to our job and do whatever it is we do, they go to the office and hack systems.  You never know who is on the other end of a hack.  Be careful not to upset the beast.  In my opinion, a group like Dark Overlord can destroy a person/company if they identify you as a target.  My advice…  Don’t put yourself in a situation where the Dark Overlord can beat you up.  Do you best to avoid the conflict by protecting your system and acknowledging certain information may be best kept in a secure system, segregated from other organizational networks.

Here are a few sips from the article on what happened.

“…the hackers had targeted London Bridge Plastic Surgery (LBPS), which describes itself as “one of the leading plastic-surgery clinics in the U.K.” on its website. LBPS clients include TV star Katie Price and other celebrities, …graphic and close-up images of surgery on male and female genitalia”

“doctors tried to gather information on the Dark Overlord with a small hack of their own”

“The hackers shared a Word document with The Daily Beast that the group says Chris Inglefield, LBPS’ chief surgeon, sent to them, but …it contains no text at all”

The file was an “image stored on a server belonging to LBPS. When the target opens the document, it opens a connection and retrieves the image from LBPS’ server, meaning LBPS now has the target’s IP address”.

He was caught by the “Dark Overlord” group and they responded with, “We confronted Christopher about his attempt to de-anonymize us, and he denied it vehemently. …We punished Christopher accordingly, …it amounts only to a fair bit of chuckling around the office.”

https://www.thedailybeast.com/hackers-say-plastic-surgeon-to-the-stars-hacked-back-at-them

 

http://searchcloudsecurity.techtarget.com/tip/Why-web-application-attacks-are-a-growing-threat-to-the-cloud

Why web application attacks are a growing threat to the cloud

This article talks about the following: Web application are becoming a growing threat to cloud systems. It is found that 73% of the cloud attacks are directed towards the web applications. These attacks usually comprise SQL Injections or Cross Scripting strategies. These attackers take control of CMS (Control Management Systems) and in fact, most such attacks are automated

It will be interesting to see how things unfold in the future. Will organizations be able to deploy sophisticated defences against SQL Injections in the future and will they be able to leverage cost, quality, and time as key factors in such deployments? The answer to this question will only tell us the applicability and adaptability of these systems in the future

https://securityintelligence.com/injection-attacks-the-least-glamorous-attack-is-one-of-the-most-threatening/

Injection Attacks: The Least Glamorous Attack Is One of the Most Threatening

This article talks about the following: Research says that Injection attacks are the most common form of attacks in organizational networks, especially SQLi. Attackers have started using malicious PHP scripts, mining tools, and force attacks to take control of systems. Out of all this, 47% attacks are from OS Command Injections, 36% from SQL Injections, and about 13% from Code Injections. The most favourable targets for these attacks obviously are the largest networks in organizations.

It will be interesting to see how things unfold in the future. With password reuse, server misconfiguration being the usual causes of such vulnerability, how can organizations enforce that employees adhere to security practices? Do such companies have a time-sensitive response system to prevent injection attacks?

https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance

Today, a Reddit user pointed out that Hong Kong-based sex toy company Lovense’s remote control vibrator app (Lovense Remote) recorded a use session without their knowledge. An audio file lasting six minutes was stored in the app’s local folder. The users says he or she gave the app access to the mic and camera but only to use with the in-app chat function and to send voice clips on command — not constant recording when in use. Other users confirmed this app behavior, too.