Week 08: Malware

Intro-to-Ethical-Hacking-Week-8

https://capture.fox.temple.edu/Mediasite/Play/ab2489455d0a4295baf86b63361af17c1d

Hackers can destroy a organization though multiple ways, and one of that is get the information on enterprise resource planning (ERP) software. The information including personal information, IP and financial data. All information, if in the wrong hands, could destroy a company. This article interprets that 90% of SAP systems are reported to be vulnerable to 10KBLAZE, a public exploit discovered in April this year. Even though the ORACLE publishes patches to fix the bugs, the company still needs make sure they have cybersecurity and application maintenance policies and procedures in place. They should also make sure that included in those procedures is an audit process that truly assesses the system – identifying any vulnerabilities, and ensuring fixes and patches are implemented in a timely manner.

https://www.natlawreview.com/article/could-your-erp-system-make-you-victim-cybercrime

A senior member of the White House cybersecurity staff delivered his resignation as part of a scathing memo this week. Among other things, he claims security is taking a back seat to convenience at 1600 Pennsylvania Avenue.

That staffer was Dimitrios Vastakis, whose official title was branch chief of the White House computer network defense. His resignation this week is just the latest in a string of worrying departures by members of the White House infosec team.

Vastakis was originally part of the Office of the Chief Information Security Officer (OCISO). That Office was created just 5 years ago – after it was discovered that hackers linked to Russian intelligence agencies breached White House systems.

In a short amount of time, the staff of the OCISO made dramatic improvements to the White House systems known collectively as the Presidential Information Technology Community (PITC).

https://www.forbes.com/sites/leemathews/2019/10/23/senior-infosec-staffer-resigns-says-white-house-on-track-to-be-hacked-again/

This link gives weekly news about cyber security, this includes the good and bad stuff.

https://cyware.com/weekly-threat-briefing/cyware-weekly-threat-intelligence-october-14-october-18-2019-ddd4

In March 2018 one of NoedVPN’s data centers in Finland was “accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server, which had been active for about a month.  They exploited an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.  This is such a breakdown of physical security and poor patch management. IT is also disturbing that they are reporting in October 2019 for an incident in march.

NordVPN confirms it was hacked

Facebook is looking to step up its application security through a bounty program aimed at identifying vulnerabilities in third-party apps. This move is in addition to their Data Abuse bounty program launched last year which rewarded testers who identified 3rd-party apps collecting data and passing it off to non-authorized parties.

Facebook security has taken a hit in the past year due to improper use of collected data and account hacking. Well, Mr. Zuckerberg looks to be making a public relations and financial effort to curtail the recent security issues by enticing third-party developers to design apps with security and set up a vulnerability disclosure programs. He will pay white-hat researchers to identify third-party apps with vulnerabilities, even if app developers don’t have a bounty program.

https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html

The United states banned the use of equipment from certain Chinese vendors but many of the cameras, around 2,700, are still in use. Its been difficult for government agencies to replace due to cost and technical challenges in some cases. This is great example of how tough vulnerability management and remediation can be when its at such a large scale. In some cases IT officials don’t think its a big deal and have been slow to remove cameras from their networks also showing how high level buy in is necessary in a process like remediation. In other cases they haven’t been replaced because they’re the cameras watching a bowling alley and not a nuclear facility so the risks are lower than the cost of replacing the cameras so nothing has been done about it.

https://www.wsj.com/articles/u-s-government-still-uses-suspect-chinese-cameras-11571486400

The breach occurred because the attacker compromised an employee’s VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution. The hacker successfully escalated privileges of the compromised credentials. I found it interesting that Avast allowed the hacker to roam free for weeks in order to track their whereabouts and figure out their intentions. They were able to gather that the intruder was extremely sophisticated and tried to cover their tracks to not be detected.

https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/