Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Main Content

“OceanLotus” targets BMW and Hyundai networks

By Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

 

Post-Quantum Cryptography: 10 Things You Need to Know

by Leave a Comment

I think it’s always good time to talk about Quantum. Quantum computer is a looming threat to all forms of cryptography. I have confidence that as quantum becomes available to the “bad guys” trying to brute force our systems, quantum will also be available to the “good guys” and we will have new tools for using the extra CPU horsepower to protect our systems. This article is a nice compilation of what is going on with quantum currently and how it relates to cryptography.

https://www.thesslstore.com/blog/post-quantum-cryptography-10-things-you-need-to-know/

Utah power utility experiences a Loss of View due to DDoS Attack

by Leave a Comment

Attack on Utah power utility cause a loss of view of remote power station from the main control center.
A DDoS attack was carried out on an unpatched internet facing server on the utilities network that caused a crash leading the company to be unable to monitor the remote station. No further breach occurred but this would be the first step in a full fledged attack on a power utility and could be viewed as a proof of concept attack. This shows how crucial it is for a continuous vulnerability scanning program and patching program to be in place.

https://threatpost.com/solar-wind-power-utility-cyberattack/149816/

Windows ‘BlueKeep’ Attack That U.S. Government Warned About Is Happening Right Now

by Leave a Comment

The NSA considers the BlueKeep exploit potentially “devastating” and a “wide-ranging impact”. In June 2019, they published an advisory urging Windows administrators to update their operating systems to prevent this growing threat. The exploit is being compared to the WannaCry attack, which as we know infected numerous systems worldwide. This ongoing BlueKeep attack seems to be smaller scale as a cryptocurrency miner payload is being used. However, the threat actors behind the attack can potentially drop more malicious payloads that can infect the estimated 700,000 Windows systems that still aren’t patched. Another interesting fact is that the BlueKeep exploit was recently released in Metasploit.

 

https://www.forbes.com/sites/daveywinder/2019/11/03/windows-bluekeep-attack-that-us-government-warned-about-is-happening-right-now/

Article 7: Study Estimates 50% of WebAssembly Sites Are Using It For Malicious Purposes

by Leave a Comment

A study performed by the Institutes for Application Security and System Security at Technische UniversitÃt Braunschweig in Germany looked at the Alexa top 1 million websites list in order to find how many of them run Webassembly code and of what nature. Of the nearly 1 million websites searched, the study found that 1,950 modules of Webassembly were being run across 1,639 websites. The study went further, investigating just how many of these modules were being used for malicious intent, and of what nature. The results of this analysis found that 55.8% of the webassembly modules being used across these sites were malicious, with 55.6% of it being cryptocurrency mining and the other .2% being obfuscation.

Source: https://it.slashdot.org/story/19/11/03/0044253/study-estimates-50-of-webassembly-sites-are-using-it-for-malicious-purposes

Article 6: Does California Need A More Decentralized Energy System?

by Leave a Comment

This article sheds light on a proposal that is starting to garner attention in California, which ultimately aims to revolutionize California’s electricity system to be cleaner, more reliable, and more resilient. The proposal aims to change the old electricity system, which was a “centralized, top-down, long-distance, one-way” system to a “decentralized, bottom-up, local, networked” electrical system. However, this proposal is still in its infancy and has only recently begun to be studied, but there are scientific ideas and studies that show that certain concepts behind this system are already proving to be effective in other parts of the United States. Among these concepts that are proving to be effective are microgrids made up of many local “solar+storage+smart inverter systems” networked together that help balance out consumption and generation more efficiently during blackouts, while costing just as much as current California grid power in various regions.

Source: https://hardware.slashdot.org/story/19/11/03/0210245/does-california-need-a-more-decentralized-energy-system

Article 5: Chrome Tries APIs That Allow Changing A User’s Files, Receiving SMS Verification Texts

by Leave a Comment

Previously, websites could only access files and services of your computer through the use of Java or ActiveX plugins. However, thanks to the new Native File System API update included in Chrome 78, websites can simply open a file picker dialog, allowing them to open, upload and make changes to files on our computers without the need for plugins. Thankfully, Google thought of many controls to implement prior to implementing this update. These include: Limiting access to files by requiring permission to be granted by an admin account for every file to be opened, requiring permission for every change to be made, and an indicator in the address bar that shows if you have given a site file permissions.

Source: https://tech.slashdot.org/story/19/11/02/2323246/chrome-tries-apis-that-allow-changing-a-users-files-receiving-sms-verification-texts

New Chrome Zero-Day Exploit

by Leave a Comment

A new zero-day was disclosed by Google on October 31. Update 78.0.3904.87 will start rolling out “over the coming days/weeks” according to Google. The nature of the zero-day and the detail about this vulnerability is not available at this time, according to Google “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed.”

With the limited information on this zero-day, Google did confirm it is related to CVE-2019-13720 vulnerability, which was first reported by Kaspersky. You can read more about this zero-day here.

Hacker duo plead guilty

by Leave a Comment

Two hackers who extorted money from Uber and LinkedIn plead guilty in a California court yesterday. Two guys (one from FL and other from Toronto) admitted that they had accessed and downloaded massive amount of confidential data from AWS using stolen creds.

One of the emails sent by them was:

“I was able to access backups upon backups, me and my team would like a huge reward for this,” the hackers said to the victim company in an email.

“Please keep in mind, we expect a big payment as this was hard work for us, we already helped a big corp which paid close to 7 digits, all went well.”

These guys were able to get their hands on more than 55 million Uber riders and drivers for which the company reportedly paid $100k in bitcoins in an attempt to cover up the breach. According to the article – “The indictment also revealed that the duo blackmailed LinkedIn in the same way in December 2016, informing the company that they had compromised databases of LinkedIn’s subsidiary Lynda.com and stole over 90,000 user records, including their credit card information.”

They have been released on a bond and will be sentenced in March 2020.

Article: https://thehackernews.com/2019/10/hackers-extorted-money.html

5 Places Where Hackers Are Stealthily Stealing Your Data In 2019

by Leave a Comment

The article states that there are top five places in 2019 where hackers can steal corporate and government data without detection. The details are as follow;

  1. Misconfigured cloud storage: “(ISC)² Cloud Security Report 2019 assets that 64% of cybersecurity professionals perceive data loss and leakage as the biggest risk associated with the cloud.” In order to mitigate this, a cloud security policy should be established and regularly updated inventory of cloud infrastructure.
  2. Darkweb: “Notorious Collection #1, revealed in 2019 by security expert Troy Hunt, is a set of email addresses and plaintext passwords totaling 2,692,818,238 rows”. To protect, set up holistic password policy and incident response plan.
  3. Abandoned and unprotected websites: “The same report revealed that 25% of e-banking applications were not even protected with a Web Application Firewall (WAF). Eventually, 85% of applications failed GDPR compliance tests, 49% did not pass the PCI DSS test.” To mitigate, the in-depth web penetration testing should be conducted.
  4. Mobile Applications’ backends: There is a vulnerability on API. To protect, conduct mobile penetration testing.
  5. Public code repositories: Some organization store high sensitive data in the open and accessible repositories like GitHub. To mitigate this, the policy related to code storage and access management should be established and then enforcing it to both internal and third-party.

Russian Hackers Breach Network using IoT devices

by Leave a Comment

Per Microsoft, Russian state backed hackers have been using IoT devices to breach certain networks. The attacks were discovered in April when some common IoT devices (VOIP Phone, Office printer) were found to be communicating with servers associated with “Strontium,” a Russian state backed group better known as Fancy Bear.

The devices were able to be compromised due to default passwords in use, and old firmware being used with know vulnerabilities.

From the article:

“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server”

Microsoft has notified the IoT vendors to address the vulnerable devices.

Securing IoT devices can be a challenge as the device may have a proprietary OS that cannot be managed like Windows 10 IoT. Many IoT devices are configured using the set and forget method, leaving them in a vulnerable state. More education around securing IoT devices is needed prior to purchase.

https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/