Week 07: Social Engineering

A study performed by the Institutes for Application Security and System Security at Technische UniversitÃt Braunschweig in Germany looked at the Alexa top 1 million websites list in order to find how many of them run Webassembly code and of what nature. Of the nearly 1 million websites searched, the study found that 1,950 modules of Webassembly were being run across 1,639 websites. The study went further, investigating just how many of these modules were being used for malicious intent, and of what nature. The results of this analysis found that 55.8% of the webassembly modules being used across these sites were malicious, with 55.6% of it being cryptocurrency mining and the other .2% being obfuscation.

Source: https://it.slashdot.org/story/19/11/03/0044253/study-estimates-50-of-webassembly-sites-are-using-it-for-malicious-purposes

A zero-day vulnerability in iTunes and iCloud application was discovered by the security company Morphisec here on October 10th, 2019. The article continues to disclose additional technical details on the vulnerability. The vulnerability in the applications will not trigger an antivirus software detection as the software is signed by Apple, and is automatically flagged as okay. The root cause according to the article is known as an unquoted service path, when a developer forgets to surround a file path with quotation marks.  “When the bug is in a trusted program — such as one digitally signed by a well-known developer like Apple — attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.”

As of today, Apple has released the patches for iTunes and iCloud for windows to close the security vulnerability.

After the NotPetya ransomware attack of 2017, Microsoft conducted research into why large companies were being affected even though patches were already available.  Microsoft visited a significant number of customers and was surprised by how many challenges organizations faced with processes and standards.  They discovered many companies failed to install patches because they simply didn’t have a patch testing procedure in place.  Instead, they would wait a while and then ask an online forum if anyone has experienced any problems with the patches before applying them.  In addition, Microsoft has spoken with partners like the Center for Internet Security (CIS), U.S. Department of Homeland Security (DHS) Cybersecurity, and Cybersecurity and Infrastructure Security Agency (CISA).  This led Microsoft to team up with NIST and “build common enterprise patch management reference architectures and processes, have relevant vendors build and validate implementation instructions in the NCCoE lab, and share the results in the NIST Special Publication 1800 practice guide for all to benefit”.  They are also extending an invitation to other vendors so they can collaboratively work on addressing this problem.

Source: https://sdtimes.com/msft/microsoft-and-nist-partner-on-best-patch-management-practices/

The title of the article makes it seem like there’s a new vulnerability or attack that can be exploited to defeat MFA. However, the article just reiterates what most of us already know; the human factor is often the easiest target for attackers. Social engineering paired with phishing attack tools, such Muraen and NecroBrowser, are being used to bypass MFA. As we learned in previous weeks, user awareness and training are some of the most effective ways to defend against these attacks.

https://www.forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/#ea474547efba

Two of the biggest companies in antivirus and tech sub domains are integrating together to provide better threat intelligence processes. One of things that article talks about is “One of the key realizations of the initiative is the time wasted on connection and integration that could be better spent creating tools to directly address pertinent security issues. With this newfound integration, the organizations hope to “develop protocols and standards which enable tools to work together and share information across vendors.

“The aim is to simplify the integration of security technologies across the threat lifecycle – from threat hunting and detection to analytics, operations, and response — so that products can work together out of the box.”

This alliance according to the article will create new sets of open source content and tools which will enable users and companies to share info and solutions.

Source Link: https://www.techrepublic.com/article/mcafee-ibm-join-forces-for-global-open-source-cybersecurity-initiative/

Intro-to-Ethical-Hacking-Week-7

https://capture.fox.temple.edu/Mediasite/Play/54400cae3d8e4c6996ca78bc8533ccda1d

“Pinterest says it’s using machine learning techniques to identify and hide content that displays, rationalizes, or encourages self-injury. The company says it has achieved an 88% reduction in reports of self-harm content by users and that it’s now able to remove such content 3 times faster.”

Social media plays a big role in raising awareness of mental health. It is important to make use of it to prevent cyber bullying and personal attack instead of encouraging negative influence.

VentureBeat Article 

Adobe announced to ban accounts and cancel the subscriptions for all its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country. (The Presidential Executive Order 13884 has been designed to block American companies and individuals from conducting virtually all trade with Venezuela). As a result, Adobe decided to deactivate all accounts in the country, leaving thousands of users and companies without access to the company’s graphics and multimedia software. Also, Adobe is refusing to refund its Venezuelan customers, because the presidential order also barred any transactions with the entities, “including no sales, service, support, refunds, credits, etc.” Therefore, we can see how policy can effect a business.

https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html

This article from the Healthcare IT News highlighted a few topics we touched in this class.

According to the article the attacks were “carried out on Oct. 1 and involved Ryuk ransomware code, a malware that contains several bugs, resulting in damage about one in every eight files that it encrypts.”

According to a report released by Emsisoft, in the first nine months of 2019, at least 621 “government entities, healthcare service providers and school districts, colleges and universities” have been subject to ransomware attacks. Emsisoft also found that 491 of the attacks were on healthcare providers, the security firm warned that attacks on managed services providers (MSPs), are on the rise and that average ransom demands are climbing, encouraged by payouts similar to this one.

The FBI issued a warning on Oct. 2 highlights the ransomware attacks are “becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent,” the warning also points out that in some cases, even when victims who paid the ransoms were never given a decryption key.

 

We’re just five days away from Patch Tuesday, the day that Microsoft will release new updates for all supported versions of Windows. Apparently, the company just couldn’t wait, as it released a whole round of updates today.

Unlike most non-Patch Tuesday updates, these are actually mandatory. That means that your PC will install it automatically at some point. The updates are billed as security updates, fixing an issue where print jobs might fail. Here’s the highlight:

• Updates an intermittent issue with the print spooler service that may cause print jobs to fail.

Here’s the full list of fixes:

• Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error.
• Addresses an issue that may result in an error when you install Features On Demand (FOD), such as .Net 3.5. The error is, “The changes couldn’t be complete. Please reboot your computer and try again. Error code: 0x800f0950.”

 

https://www.neowin.net/news/microsoft-releases-required-security-updates-for-all-versions-of-windows-10/