Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey

Main Content

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

By Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses.  It has been unclear if there were any of the phishing attacks were successful.  IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

 

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Week 14: In the News

By Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

News article

by Leave a Comment

Canadian government services forced offline after credential stuffing attacks

Some of the key Canadian government applications, including the ones providing federal and immigration services were recently attacked and force to stop their operations. As per the report, the attack conducted was ‘password stuffing’, where username and passwords of users which were stolen in previous hacks were used. This attack was successful due to the fundamental human nature, where we use the same password/username for multiple applications and accounts.

My understanding from this article is that people or organizations might not even be aware that they have been hacked or suffered a security breach. It should be noted that usernames and passwords which were used in this attack, were stolen previously and there were no suspicions raised by any people whose usernames and passwords were stolen. The most realistic solution to prevent these attacks would be to have different usernames and passwords for different accounts. However, in the age of SSO and due to limited human capabilities to save different passwords, this solution is always going to be a challenge.

Reference:

https://portswigger.net/daily-swig/canadian-government-services-forced-offline-after-credential-stuffing-attacks

Summary of Readings

by Leave a Comment

The reading articles for this week provided a great and simplistic introduction to the networking concepts which included brief descriptions of all the layers in OSI and TCP/IP (DoD) model.  The takeaway for me from these readings was getting an understanding of all the protocols which work in sync across all the layers when two ‘hosts’ communicate on a network. As a user, we are mostly interfacing with the application layer, however, I realized everything eventually comes down to bits and the electrical signals when a packet traverses across a network. The readings provided a fundamental understanding of the all the layers and could prove to be a good starting point to understand vulnerabilities in networks.

Canadian Revenue Agency security breach 

by Leave a Comment

                                                   

 The Canadian Revenue Agency (CRA) was forced to suspend its services after a series of cyberattacks that compromised the username and password of thousands of accounts. The federal government described the three separate attacks as the “credential stuffing,” which uses password and username from another website to access the CRA (D’Amore, 2020). This attack brings a unique set of challenges because they were not going through the back doors, instead applied credentials like regular users. According to Marc Brouillard, the federal government’s acting chief information officer. Detection of intrusion traffic from normal is challenging (D’Amore, 2020).

References

D’Amore, Rachael. (2020, August 17). What to know (and do) about the CRA breach and shutdown. Globalnews.ca. https://globalnews.ca/news/7281074/cra-hack-online-services/

Tesla Was Target of Russian Ransomware Conspiracy

by 1 Comment

Tesla was confirmed to be the target of a ransomware conspiracy by Russian hacker Egor Igorevich Kriuchkov(Muncaster 2020). He approached a Tesla worker and teamed up to deploy malware that can help steal sensitive data, the firm was required to pay up for lost information or risk it going public.

The malware was deployed by the insider with network access, there was a separate DDoS attack made to distract Tesla’s IT Team. Kriuchkov first approached the Tesla employee via WhatsApp before meeting with them socially and offering a $1m to help with the plot.

Apparently Kriuchkov had successful schemes before and had received over $4m payout from other corporations. This reinforces the importance of ransomware victims to refuse payout, as it leads to more leverage to exploit.

Muncaster, P. 2020. Tesla Was Target of Russian Ransomware Conspiracy.  Retrieved from: https://www.infosecurity-magazine.com/news/musk-tesla-target-russian/

Discussion Question:

  1. What type of screening does Tesla require for their employees?
  2. How can they better train their workers on social engineering and is there any incentive to be the “whistleblower”?

T-Mobile Data Breach

by 1 Comment

One of the recent data breach of the T-Mobile has resulted on compromising personal information of more than 1 million customers (Coldewey, 2019). T-Mobile has confirmed that the data that was being compromised is the name, billing address, phone numbers, account numbers, and rate plans of the customers. Customers financial and password data was not being compromised.

T-Mobile has explained that the attacker had gained an unauthorized access to their email vendor which allowed them access to the T-Mobile network (Wagner, 2020). For the customer which data was being compromised, T-Mobile had sent an text message to their phone to inform the user regarding the incident. Data of the customers that were affected, T-Mobile has offred them an credit monitoring for an limited time.

 

References:

Coldewey, D. 2019. More than 1 million T-Mobile customers exposed by breach.  Retrieved from: https://techcrunch.com/2019/11/22/more-than-1-million-t-mobile-customers-exposed-by-breach/#:~:text=T%2DMobile%20has%20confirmed%20a,exposed%20to%20a%20malicious%20actor.

Wager, A. 2020. T-Mobile reveals data breach, customer account info accessed. Retrieved from: https://www.tmonews.com/2020/03/t-mobile-reveals-data-breach-customer-account-info-accessed/