• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Main Content

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

December 7, 2020 By Vraj Patel Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses.  It has been unclear if there were any of the phishing attacks were successful.  IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

 

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

New Week 14 Presentation

December 7, 2020 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-14 new

Week 14: In the News

December 6, 2020 By Kyuande Johnson Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

Ransomware attack at German hospital leads to death of patient

September 18, 2020 by Anthony Messina Leave a Comment

A ransomware attack has caused the death of patient.  This is the first time that anyone has lost their life due to a cyber attack.   University Hospital Düsseldorf (UKD) in Germany suffered the cyber attack on September 10th.  The attacker’s exploited a vulnerability in a Citrix VPN, Citrix ADC CVE-2019-19781 vulnerability.  The attack caused the IT systems in the hospital to be disrupted forcing the hospital to re-route all planned and outpatient treatments to more distant hospitals.

A patient in a life-threatening condition was forced to be treated at a more distant hospital.  This caused the patient to receive care an hour later which may have led to her death.  The ransom note left on the hospital’s servers were addressed to Heinrich Heine University, and not the actual hospital.  The attackers did not intend to attack the hospital.  Authorities contacted the attackers and explained to them that the attack was putting patients at risk.  The attackers withdrew the ransom and provided a decryption key.

German prosecutors still launched an investigation against the attackers on suspicion of negligent manslaughter due to the patient having to be transported to another hospital 20 miles away.  This resulted in the doctors not being able to treat the patient for an hour resulting in her death.

 

https://www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/

Filed Under: Week 04: Network Mapping and Vulnerability Scanning Tagged With:

Wk #4 Reading Discussion

September 17, 2020 by Mei X Wang 1 Comment

Proactive Vulnerability Assessment w/ Nessus

  • Nessus is an open-sourced free vulnerability scanner tool, it can be configured to auto-update when new vulnerabilities are discovered (900+ at the moment), beating even proprietary scanners. Plug-ins can be used to not only scan for existing vulnerabilities but also provide descriptions and instructions on how to fix it. ->can be seen as a “hacker tool”, finds vulnerabilities by exploiting them, and may crash the system.
  • Nessus may also run into false positives if the target system is behind a firewall/packet filter device. A port scan can be changed to run against 65535 ports, not just the first 15000. It works as an initial scanner, showing POSSIBLE vulnerabilities. Further analysis should be done to see if they’re false positives or actual vulnerabilities(and what remediation needs to be done).

 

Discussion Questions:

  1. Has anyone worked with using Nessus before? If so, what was your experience like?
  2. Nessus can be used by both the “good guys”/”bad guys” to test the system. Using the reports, the “bad guys” can also find what to exploit. Are there any ideas about what can be done to get around that?

Filed Under: Uncategorized Tagged With:

Wk #4: Universities Face Increase in Ransomware Attacks as Students Return

September 17, 2020 by Mei X Wang 1 Comment

In the UK, educational institutions have been the target of many ransomware attacks. Due to the pandemic, there has been a heavy surge of reliance on using technology. Hackers are taking advantage of these circumstances and recent incidents have “observed more remote desktop protocols, unpatched software/hardware being utilized, and use of phishing emails to deploy ransomware”. They have also sabotaged any chances of backups or auditing devices that can be used to recover stolen data by encrypting virtual servers and using shell environments to deploy attacks. The complexity and scope of devices and environments colleges use makes it extremely difficult to monitor the system as a whole. The National Cyber Security Centre advises these institutions to have better vulnerability management and patching procedures, also to have safety protocols such as multi-factor authentication, enabling anti-virus, and phishing prevention training.

Source: https://www.infosecurity-magazine.com/news/universities-ransomware-attacks/

Filed Under: Uncategorized Tagged With:

Week 3 Presentation

September 15, 2020 by Wade Mackey 1 Comment

Intro-to-Ethical-Hacking-Week-3

Filed Under: Week 03: Reconnaisance Tagged With:

September 13, 2020 by Akshay Shendarkar 3 Comments

Google Chrome to add new features to protect against phishing attacks

Looking at the usefulness of Google in reconnaissance activities this week, I wanted to bring to light the latest development made by Google for safe browsing.

Google is working to add a feature to Google Chrome that warns users about similar or lookalike URLs that users may visit thinking they are legitimate sites.

This new feature will alert users when they visit URLs that pretend to lookalike a legitimate URL. For example, Appl3[.]com, tw1tter[.]com, m1crosoft[.]com.

Even though these features are currently available only in ‘Chrome Canary 74’, these are massive strides in the direction of safe internet browsing.

References:

https://cyware.com/news/google-to-add-a-feature-to-chrome-that-warns-users-about-lookalike-urls-481786c6

https://community.mis.temple.edu/mis5211sec702fall2020/2020/09/13/6661/

Filed Under: Uncategorized Tagged With:

Summary of Readings !

September 13, 2020 by Akshay Shendarkar Leave a Comment

This week’s reading article emphasized on the importance of vulnerability management program in any organization.  Specific importance was given into difficulties organizations face in choosing their business partners.  We have seen over the years that hackers target vendors/business partners to gain an entry into the target organization.  This article provided a brief introduction to open source tools which can be used to get the necessary information about vendors’/ business partners’ strength and security of IT systems, without disrupting relations. Information obtained using these open source vulnerability assessment tools can help organizations in making informed decisions regarding their business partners.

Filed Under: Uncategorized Tagged With:

Readings Week 3 – Concepts of Reconnaissance

September 12, 2020 by Anthony Messina 1 Comment

This was an excellent read.  Reconnaissance is the first step in the MITRE ATT&CK chain.  It helps attackers find vulnerabilities on internal systems.  Many times this is done by analyzing public facing web servers.  There is a myriad of information to be gained from web-servers.  These systems will show services and banners and the exact software versions that are being run on the server.  The article referenced many tools to accomplish this.  Some of these I have heard of and used in the past such as Shodan, and others I have not heard of such as Recon-ng.

Shodan is very useful as it will scan an IP and tell you what ports are open and many times what services are running on the website such as Apache, IIS, Nginx, etc.  You need the IP address of the site you want to scan.  Generally you can just plug a website URL into a DNS lookup tool and get the IP that way, then just plug it into Shodan.  Recon-ng, according to the article is a command line tool that is included in Kali.  It is a python script that works like Metasploit that queries Google and Shodan for information on a given a site for services and open ports.  The article goes on to mention that once you determined a particle service is running such as Apache 2.4.4, http://www.cvedetails.com will allow you to research any know vulnerabilities against that service.

 

Questions for the class:

While Nmap and OpenVAS are standard programs for port scanning and basic enumeration, why are open source reconnaissance tools like Shodan and Google searches a better starting point in terms of stealth?

Filed Under: Uncategorized Tagged With:

Northwestern Memorial HealthCare Data Breach

September 6, 2020 by Vraj Patel 1 Comment

Northwestern Memorial HealthCare had notified around 56,000 donors and patients that their personal recorders were being comprised earlier this year (Jimenez, 2020). One of the hospital vendor Blackbaud, had an successful attack on their system earlier this year and as a result unauthorized person was able to access the hospital systems. The hospital has also notified the U.S. Department of Health and Human Services along with the patients those data was being breach. After the investigation, the hospital has confirmed that the data that was being access was only the donor’s or patient’s personal information and not their health information. Hospital has also confirmed that the attack was not on their health care system which those system includes the electronic medical records.  Blackbaud believes that the data that was being compromised that no reason to get misused or made publicly available. They have also said that the intention for the attack was to only disturb the business by encrypting their systems which they company was successful to prevent from happening. Blackbuad has also hired an third-party team to monitor the black web to monitor for any of the data that are being compromised.

 

References:

Jimenez, A. 2020. Northwestern Memorial HealthCare warns 56,000 donors and patients about data breach. Retrieved from: https://www.chicagotribune.com/business/ct-biz-northwestern-medicine-data-breach-56000-individuals-20200904-bvizgdmwcrcuvou7fv3rx4b2au-story.html

 

Filed Under: Week 02: TCP/IP and Network Architecture Tagged With:

Student arrested for cyber-attack against Miami schools used ‘easy to prevent’ program

September 5, 2020 by Anthony Messina Leave a Comment

A 16-year-old teen accused of launching a cyber-attack that temporarily shut down Miami-Dade’s online classes.  The teen used a simple, easy-to-download distributed denial of service program to overwhelm the servers.  Miami-Dade is the nation’s fourth-largest school district.  The teen is accused of orchestrating no fewer than eight of at least two dozen cyber-attacks.  The first three days of the districts virtual classes were halted due to the attacks.

What alarmed cybersecurity experts was the simplicity of the attacks.  According to experts, the district should have been able to ward of an attack this simple.  The student admitted to using a tool called “Low Orbit Ion Cannon (LOIC).”  This tool easy to download and even easier to operate.  This was a point-and-click program that doesn’t need a great degree of sophistication to operate.   This was the same tool that the hacker group Anonymous used a decade ago to cripple companies such as MasterCard, Visa and PayPal.

Experts and law enforcement officials were shocked that the school’s servers could not handle the LOIC attack.  Official’s stated that the firewalls on the district’s computer network should have been able to detect and mitigate the attack.  One expert said this attack was “really easy to prevent,” and the schools router configuration must really be out of date.  Experts were shocked that a school district of Miami-Dade’s size could be taken down so easily.

The student faces a felony charge of using a computer to attempt to defraud and a misdemeanor charge of interference with an educational institution. The student will likely to be charged by Miami-Dade prosecutors and tried in state court, and not by federal prosecutors with the U.S. Attorney’s Office.  The school is being encouraged to use federal resources, provided by the Cybersecurity and Infrastructure Security Agency (CISA) to secure its networks, including virtual classrooms.

https://www.miamiherald.com/news/local/education/article245461020.html

Filed Under: Uncategorized Tagged With:

Week #3 Reading Discussions

September 4, 2020 by Mei X Wang 1 Comment

Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment

  • Using a Google search of “intitle:index.of “Apache 2.2.22at “, we can find all servers using that version of Apache. When you attach a site name, all the possible queries showing vulnerable software or sensitive information (password, scans, files) can be found. This can be done using any search engine.
  • If flagged, Google can prompt you to answer the captcha puzzle, Google can also freeze all search activity on your network if Google decides there’s a botnet on the server.

 

What software can be used to test sites against malware/spam?

What tools can be used to non-intrusively perform a vulnerability assessment?

Filed Under: Uncategorized Tagged With:

  • « Go to Previous Page
  • Page 1
  • Interim pages omitted …
  • Page 9
  • Page 10
  • Page 11
  • Page 12
  • Page 13
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (46)
  • Week 01: Overview (3)
  • Week 02: TCP/IP and Network Architecture (6)
  • Week 03: Reconnaisance (5)
  • Week 04: Network Mapping and Vulnerability Scanning (11)
  • Week 05: Metasploit (10)
  • Week 06: More Metasploit (4)
  • Week 07: Social Engineering (7)
  • Week 08: Malware (6)
  • Week 09: Web Application Hacking (7)
  • Week 10: SecuritySheperd (6)
  • Week 11: Intro to Dark Web and Intro to Cloud (4)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (7)
  • Week 13: WPA2 Enterprise and Beyond WiFi (3)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (4)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in