Ethical Hacking

This article touches on some new app permissions Google is pushing out. They are making it so apps that haven’t been used in months will auto-reset their permissions. This is a step in the correct direction for user privacy and security, as app permission can be overreaching often times. And usually it is the apps that are forgotten about and left on the phone that are the ones with too much access. Resetting the permissions makes it so the user is more in control of what permission they are allowing apps, and for how long.

https://thehackernews.com/2021/09/google-to-auto-reset-unused-android-app.html

I found this trending article about how three former American intelligence officers hired by the United Arab Emirates to carry out sophisticated cyberoperations admitted to hacking crimes and to violating U.S. export laws that restrict the transfer of military technology to foreign governments.

The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States.

The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from foreign governments hoping to bolster their abilities to mount cyberoperations.

Link: https://apnews.com/article/technology-united-states-hacking-5700a1fa8b1b4612477658b883e58f31

Article: Rapid digitisation of banks invites cyber risks as well. What are the risks, and what should banks do?
Author: Ishwari Chavan
Published: September 20, 2021, 09:24 IST
Site: CIO.com The Economic Times
Link: Article

Going digital without care is not the way to go for financial institutions. This article reports an increase in cyberattacks focused on banking institutions to a whopping 238% between Feb 2020 and April 2020 (VMWare Carbon Black). Anywhere from phishing, network scanning and probing (Recon work), viruses and website hacking has been methods used in the attempt to penetrate organizations. PII containing applications are particularly vulnerable due to the simple fact that they have “minimal to no security”. With everything moving to some kind of cloud, the boundaries have been deleted and hackers have new ways of “getting in”. Increasing the vulnerable points of an application has increased the risk. Even if the banks are secure, think about the third party applications that interface – Venmo, Facebook, Zelle, and Paypal to name a small few. The article encourages a collaborative effort for financial institutions to counter against these attacks and vulnerabilities. “Banks are required to reimagine some of their own technology and adapt to a three-year or four-year journey.”

I thought this article was timely as we’re just getting started with Kali.  The latest version of Kali includes a new set of tools, improved virtualization support, and new OpenSSL configurations.  These new additions may come in handy later in the course as we explore related topics. 

Highlights of this release include:

• Wide default compatibility for OpenSSL
  • Enables older, insecure protocols in OpenSSL to increase the attack surface for penetration testing.
• New Tools
  • HostHunter looks particularly interesting for hostname recon. 
• Improved VM support
  • The Live image can be used in a virtualized environment and supports copy, paste, and drag/drop functionality natively.
• Smartwatch support for Kali NetHunter  
  • This looks super cool and supports Bad USB and NMap scans.  
• Improved ARM support for devices like the Raspberry Pi.

Users can update by downloading the latest ISO at http://cdimage.kali.org/kali-2021.3/ or follow the upgrade instructions detailed in the article.  

Article: Kali Linux 2021.3 released with new pentest tools, improvements

Author: Lawrence Abrams

Published: September 15, 2021

Link:https://www.bleepingcomputer.com/news/security/kali-linux-20213-released-with-new-pentest-tools-improvements/

Consumer focused hardware companies are delivering more products than ever before due to the popularity of IoT technology. IoT devices promise to save consumers time and money by automating repeat takes and applying insights that previously weren’t possible. “The GSM Association estimates that by 2025 there will be almost 25 billion IoT devices deployed in the world.” The prevalence of IoT hardware comes with an increased cybersecurity risk.

Connected hardware has an increased cybersecurity risk because it is tangible. In other words, it can directly affect the world in which it resides.  The article provides an interesting example of a robot being compromised and directed to move to a new location to be sold for parts.

The author provides a few suggestions for hardware manufacturers to pursue to help increase cybersecurity in their products.

• Design with cybersecurity in mind and allow products to be updated in response to new threats.
  • Improve firmware verification and error checking.
  • Support for encryption methods like AES, DES, etc.
  • Adding secure key storage 
• Expand Data Access Controls
  • User vetting and verification must be added to the user authentication pipeline. 
    • “Keys and other access mechanisms are methods, they are not proofs of identity. We cannot blindly trust the keyholder. This is security backward. The keyholder must be vetted as well.”
• Increase CIO/CISO Roles in hardware IoT companies
  • Companies cannot afford to risk losing competitive advantages by not having CIO/CISO

Article: The Increase in Scope of Cybersecurity from Software to Hardware Protection

Author: Neil Okikiolu

Published: September 8, 2021

Link: https://cisomag.eccouncil.org/the-increase-in-scope-of-cybersecurity-from-software-to-hardware-protection/

Article: CISA Launches JCDC, the Joint Cyber Defense Collaborative
Author: Kelly Jackson Higgins
Published: August 5, 2021, 8:55 PM
Site: DARKReading.com

What is the best defense against all the cyber attacks our country has experience in the last few years? What is the best response? What is the best approach and strategy?

Jen Easterly may have an answer – COLLABORATION! Easterly is the newly appointed Cybersecurity and Infrastructure Security Agency director and has launched an initiative to band the public and private sectors of the security industry to work together and “proactively address and defend” against the cyberattacks in the US. The initiative is called Joint Cyber Defense Collective (JCDC) goals are to increase awareness on the threat landscape that we face today and map that landscape to actual operational “blueprints”.

The first items on the agenda are ransomware and cloud security. Goals are to plan a “framework to respond to cyber incidents affecting CSPs”.

The collaborating pool of entities is impressive!

1. Government: CISA, Dept of Defense, US Cyber Command, NSA, FBI and Office of the Director of National Intelligence.
2. Future: Dept of Energy, Transportation, EPA, & FDA will be soon to follow.
3. Private: AWS, AT&T, CrowdStrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon.

This is an exciting turn of events and about time. The US needs to leverage the knowledge and strengths from ALL sectors to combat the ever growing mal-actors that are waiting in the sidelines to disrupt our world. I look forward to following this initiative closely and even looking into how to get involved! Cyber security is our future and the sooner we become part of the solution the better.

Vanessa

Reference:

https://www.darkreading.com/threat-intelligence/cisa-launches-jcdc-the-joint-cyber-defense-collaborative/d/d-id/1341592

I found this article very entertaining because it is hard to believe such simple mistakes are made like this. Emails were blasted out to the winners of McDonald’s Monopoly game last week and within those emails contained userID and passwords that had access to a server containing the information for the game. McDonald’s has since stated that the passwords were changed and the initial email was due to a human error. It is just another example that no matter how robust the security of an organization is that the human element is always the most dangerous and unpredictable.

McDonald’s Email Blast Includes Password to Monopoly Game Database

Article: BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says

Author: Jill McKeon

Published: Sept 09, 2021

Probably the most interesting article I’ve read all week! BlackMatter is a ransomware group that provides RaaS – Ransomware as a Service that has one motivation – $$.

BlackMatter has roots in Eastern Europe and have targeted victims North/South America and Asia with a focus on real estate, IT, F&B, architecture, education and finance sectors. Though it claims to “not target hospitals, critical infrastructure facilities, nonprofit companies, government, the defense industry, or the oil and gas industry” it is imperative to know that it’s connection to DarkSide and REvil/Sodinokibi is making that claim doubtful. (Darkside was the threat actor in the the Colonial Pipeline hack.)

The BlackMatter group makes it a business to sell credentials, VPN logins  and webshells to ransomware groups.

Highly recommend you read the article. It is insightful into how bold these cybercriminals are. No longer even a secret. Now it’s a service.

Source: https://healthitsecurity.com/news/blackmatter-ransomware-attacks-threaten-healthcare-hc3-says