Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Main Content

“OceanLotus” targets BMW and Hyundai networks

By Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

 

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

by Leave a Comment

The reason why I post this article is that I am a Foxit PDF software user with an account. From the article, we know that  unknown third-parties gained unauthorized access to Foxit’s data systems recently and accessed its registered users’ data, including user’s email addresses, passwords, users’ names, phone numbers, company names, and IP addresses. I use my Wechat account to access the Foxit, so I take this event very serious. However, I found that the Foxit annouce that users in China will not affect by this data breach because Chinese users do not use the same register path with users from other country. It is interesting that Foxit did not send any email or any kind of message to its Chinese users, at least I did not receive any. In addition, I do not know whether Chinese users is really safe in this event, so if you have any professional opinion about this event, welcome to share it on comments.

 

https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html

HackerOne – Company secures $110 mil in funding!

by 1 Comment

I usually check TechCrunch at least twice or three times a week and I recommend my classmates to do the same because you can find all tech related news on this platform. Anyway, I came cross this article that mentions about this company called HackerOne that “ that mediates between hackers and companies interested in testing their online vulnerabilities” which managed to raise $36 million in Series D funding bringing total funding to $110 mil. The article talks briefly what the company does and how it helps their client “to help find critical security weaknesses so they can address them before players with nefarious intentions find and exploit them.” They have over 1500 customers currently (Google, AirBnB, Intel just to name a few). They are also invested in working with Facebook on some blockchain stuff which I thought was super interesting. As we all know that cybersecurity domain is one of the fastest growing domains right now and companies like BugCrowd and HackerOne further proves why. Businesses are vulnerable to data leakage and different types of attacks so there will be new mechanisms and software companies in market to battle these issues.

Link: https://techcrunch.com/2019/09/08/hackerone-just-closed-a-new-round-of-funding-that-brings-its-total-funding-to-110-million/

What is Network Encryption?

by 1 Comment

For my folks with some non-technical background, this is something related to what we discussed in our last class. The article listed here talks about the importance of Network Encryption. Although we don’t realize it but it plays a really important part every time we go online whether it be accessing bank information or browsing through websites. It goes on to explain what an Encryption Key is and the algorithms behind it along with the keys which the SSL encryption depends on. I will try to hunt down the article about the strong encryption method that requires a ton of computing power (I think it was RSA).

https://www.lifewire.com/introduction-to-network-encryption-817993

Article 1: Cybersecurity And The Explosion Of Augmented Reality (Forbes)

by 1 Comment

As organizations begin to integrate more sophisticated and innovative technology in their business processes as time goes on, the risk associated with these technologies are also taken on by the organizations. This is why there has been an ever growing significance among corporations to analyze new tech and implement cyber security solutions accordingly, as every additional layer of tech has the potential of opening up an entirely new “landscape of new cybersecurity vulnerabilities”. This article talks about one of the more increasingly common technologies being implemented in order to help increase business process performance, that technology being Augmented Reality. Among the more interesting aspects of the article are its inclusion of known vulnerabilities that organizations and tech companies have had to struggle with in the past, and the solutions they implemented to reduce the risk, if applicable.

Source: https://www.forbes.com/sites/forbestechcouncil/2019/09/06/cybersecurity-and-the-explosion-of-augmented-reality/#21fb4dc43c07

Cybersecurity Regulations: 10 Ways To Encourage Employee Compliance

by 3 Comments

https://www.forbes.com/sites/forbestechcouncil/2019/09/05/cybersecurity-regulations-10-ways-to-encourage-employee-compliance/#81189acead3d

I found this to be interesting, because one of the major hurdles that organizations face is that the employees pose a large risk to information security. If staff are not trained well, they can be the gateway to either initiating a threat or being duped into allowing an attacker inside. The struggle is often not about coming up with good policies, but is about getting employees to adopt them. This article introduces some nice ideas for how to fix that.

Thousands of servers infected with new Lilocked (Lilu) ransomware

by 1 Comment

Continuing with the ransomware discussion with Andrew’s thread.

A new ransomware has been identified:

https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

bleepingcomputer.com/news/security/lilocked-ransomware-actively-targeting-servers-and-web-sites/

It appears the ransomware is targeting servers and encrypting the data located on them. All of the known infected servers are web sites. To make the situation worse for the website owners, their site and the encrypted files is Google searchable with the search string: intitle:”index of” “#README.lilocked”

 

Town Avoids Paying Massive $5 Million Ransom In Cyberattack

by 3 Comments

Here is a rare ransomware case with a happy ending. The city of New Bedford, Mass was hit with a ransomware attack the night of July 4th. The hackers demanded 5.3 million in bitcoin to release the encrypted city-data. The ransomware included in the attack was Ryuk. Ryuk has unique features where it can encrypt network drives, as well as delete shadow copies on the endpoint resulting in the disabling of the Windows System Restore feature.

City officials lucked out that the attack occurred during a holiday and only 4% of systems were deemed comprised. They decided to contact the hackers using a provided email address and negotiate for the decryption key by offering the city’s allocated insurance payment of $400.000. The negotiation tactic worked, it stalled the payment demands by the hackers, and city officials were able to restore a good portion of data using external backups.

The city exercised its business continuity or disaster recovery plan and was able to restore the compromised data and operations quickly.

https://www.npr.org/2019/09/06/758399814/town-avoids-paying-massive-5-million-ransom-in-cyberattack

Ransomware Attack on Dental Data Backup Service Offering Ransomware Protection

by 3 Comments

File this one under Ironic. PercSoft, the online cloud storage company for Digital Dental records (DDR) which offers DDS Safe, a backup service used by dental offices was hit by ransomware. DDS Safe is a HIPAA Compliant online dental backup service used by hundreds of dental practices across the US. The ransomware involved in the attack is called Sodinokibi also named Sodin or REvil malware.

The article states ransomware had been deployed on the remote management software their application uses to back up client data. The hackers were able to exploit a recently patched Oracle WebLogic Server vulnerability. Oracle WebLogic Server is a Java EE application used for may web applications and portals.

Oracle Security Alert Advisory – CVE-2019-2725 https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html

The hackers could exploit this vulnerability remotely and execute commands without authorization (no credentials) by sending a specially crafted HTTP request. The vulnerability had a CVSS score  9.8/10, and Oracle addressed the flaw on April 26 by releasing an out-of-band update.

The ransom had been paid, and a tool was provided, and files were decrypted. Having a well-designed patch management process is crucial in reducing vulnerabilities. The question is, can you stay one step ahead of the hackers.

https://securityaffairs.co/wordpress/90570/malware/dds-safe-ransomware-attack.html