Week 09: Web Application Hacking

In a bid to improve end-to-end cyber security and improve privacy controls for all Windows users, Microsoft has begun the planning phase in the implementation of DNS Over HTTPS (DoH). The Microsoft team has already laid out the their standards and guiding principles of this implementation project, which include: Windows DNS needs to be private and functional by default, users (familiar and unfamiliar) are required to set DNS configuration, streamline the process of DNS configuration for all users, and Windows should never fallback to unencrypted DNS without explicit permission from the administrator.

Source: https://yro.slashdot.org/story/19/11/18/1929229/microsoft-announces-plan-to-support-doh-in-windows

A “massive” cyber-attack against multiple targets in Georgia has taken place on October 28, as the BBC and other media reported.

Not only has this seen thousands of websites impacted but two Georgian TV broadcasters, Imedi TV and Maestro, were temporarily taken offline as well. Critical national infrastructure, however, would appear not to have been affected.

Intro-to-Ethical-Hacking-Week-9

 

https://capture.fox.temple.edu/Mediasite/Play/19ca5f5e1b8f452cad8debc470df07871d

People are aware that the impact of data breach will be more severe for big company like Facebook and Target, but it could be more serious for small company because it could cause the bankruptcy in the end. This article shows the results of a survey of 1,008 small businesses with up to 500 employees to prove it. This survey found that 10 percent of the business went out of business, and 25 percent of them had to file for bankruptcy and 37 percent experienced a financial loss after suffering a data breach. 44 percent of these victims were from larger firms of 251-500 people, while 11 percent were companies with 10 or fewer workers. Even though these company has less probability to be the target of hackers and the scale of the organization determines the amount of losses it can suffer, the problem will become more severe for the organization itself based on poor cyber security policy.

https://www.scmagazine.com/home/security-news/data-breach-causes-10-percent-of-small-businesses-to-shutter/

A government-owned entity – the Nuclear Power Corporation of India was one of the victims of the most recent high profile cyber-attacks. According to a statement released by the company, the attack was discovered on September 4, and no plant control systems were affected. “The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. The investigation also confirms that the plant systems are not affected.” According to the article by TNW, the attacks used malware to access the domain controller account that grants access and authenticates requests from other computers in the network.

Some additional information also provided in the article is the data collected by the malware was sent to a mounted drive via SMB and the drive and credential is statically encoded: net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator

 

https://www.itpro.co.uk/google-android/34657/android-gets-new-security-sandboxing-features

This article describes a new feature in Chrome and Android that aims to help with cross-site scripting attacks and other similar attacks. The feature isolates the data in each tab of Chrome and prevents them from reaching out and communicating with each other. So, some malicious code on Tab A, wouldn’t be able to pull your session or credentials from Tab B.

A ransomware victim who paid the attackers to decrypt his files gets revenge by hacking them right back. The German programmer released almost 3,000 decryption keys to assist others hit by the Muhstik ransomware, alongside free decryption software. What he did wasn’t legal, but it’s cool to see this vigilante type response to being hacked. Who knows? Maybe if situations like these happened more often, we’d see a decline in ransomware related attacks. Since the FBI warns companies not to pay the ransom anyway, the possibility of getting hacked right back could further deter ransomware attacks.

 

https://thenextweb.com/hardfork/2019/10/08/ransomware-bitcoin-hacker-cryptocurrency-muhstik-rekt/

A hacker has defaced over 15,000 websites hosted on the infrastructure of Pro-Service, a Georgian web hosting provider, including government sites, local newspapers, and TV stations.

Yesterday, the country of Georgia suffered a major cyber-attack.  Over 15,000 websites were defaced with an image of former Georgian President Mikheil Saakashvili, with the text “I’ll be back” overlaid on top.  Two television stations went off-air following the attacks.  I did read in another article that one of the TV station’s equipment was actually destroyed by the attack.  A third TV station was affected, but did not go off-air.  Several newspaper sites were also brought down.  Many linked yesterday’s attack with a similar 2008 Russian attack that defaced government sites and hacked TV and radio stations.  Although currently there is no evidence to suggest it was Russian based, an investigation was started to identify the culprit.

Pro-Service, a local web hosting provider, took blame for the issue.  They admitted that a hacker breached its network and took down customer websites.

 

Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed.

https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/