Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey

Main Content

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

By Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses.  It has been unclear if there were any of the phishing attacks were successful.  IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

 

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Week 14: In the News

By Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

Week 9: In the News Web Application

by Leave a Comment

On Wednesday morning (ET), around 2,034 BTC ($21.6 million) from the 2016 Bitfinex hack moved into a few unknown wallets. The action was caught by the Btcparser program as five transactions with around 400 BTC each moved for the first time in four years. Around August of 2016 a very popular digital currency exchange Bitfinex. Most of the stolen bitcoins sat idle for a little less than four years, but in 2020 the hacker has been moving lots of coins in batches. The 2016 Bitfinex hack was one of the biggest cryptocurrency trading platform hacks when it happened. At the time, Bitfinex was one of the largest cryptocurrency platforms around. When the hack happened, Bitcoin price fell by 20%, affecting global cryptocurrency trades.

https://www.goodwinlaw.com/publications/2016/09/the-aftermath-of-the-bitfinex-hack

Week 8: In the news

by Leave a Comment

Barnes & Noble confirms cyberattack, ransomware group leaks allegedly stolen data

On October 20, 2020 Barnes and Noble confirmed that a cyber attack impacted Nook services and exposed customer data. Over the weekend customers reported multiple instances of outages. Customers were not able to access their nook library and their previous purchases were no longer recorded. The Outage also affected physical assets such as cash register. There is speculation that Barns and Noble could be infected with malware that affects point of sale systems (POS) . Customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories may have been exposed during the breach. The article mentioned that the bookseller’s VPN servers were previously vulnerable to CVE-2019-11510, an arbitrary read vulnerability.Security flaws like this can be used to compromise corporate networks and deploy payloads, including ransomware.

Week 8: Reading

by Leave a Comment

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and scareware. Malware spreads in computer when you download or install an infected software. They also enter your computer through an email or a link. Once malware enters the computer, it attaches itself to different files and overwrites the data. 

Effects of Malware: 

  • Disrupts Operations 
  • Steals sensitive information.
  • Allows unauthorized access to system resources.
  • Slows computer or web browser speeds.
  • Creates problems connecting to networks.
  • Results in frequent freezing or crashing.

Week 7: In the news

by Leave a Comment

Illinois Community College Addressing Cybersecurity Breach

Heartland Community College is working with outside consultants to address a security breach in its computer systems. As of now all of the college’s online operations including classes are shut down. The college became aware of the breach on Monday and immediately shut down all of the university online services in efforts to investigate and maintain the security breach. The College is unaware if any student or personal data have been compromised. Reports mentioned the spike of phishing emails since the pandemic. Since the shutdown the college informed students via social media that their instructors would be in touch to reschedule missed classes, tests and assignments. Heartland Community College is working to resume normal online operations as quickly as possible, but it did not provide a timeline. The college has not shared any more information on the nature of the cyberattack.

https://www.wglt.org/post/breach-disrupts-heartland-community-colleges-computer-systems#stream/0

Week 3 in the News

by Leave a Comment

Anglicare Sydney being held to ransom over sensitive data stolen from computer system

Anglicare Sydney is a community service organization that provides foster care and adoption services. As of Yesterday (Sept 20, 2020) Anglicare has confirmed that their sensitive data has been held for ransom. The ongoing investigation reported that 17 Gigabytes worth of sensitive data has been transmitted to a remote location. At this time Anglicare refuses to pay the ransom. Anglicare’s spokesperson hinted that the organization does not want to engage with cyber criminals. People receiving government services were entitled to have their personal identification protected.
Anglicare has to eventually make a decision about resolving this issue. The integrity and security of the stolen data is detrimental. Many children could be at risk.

Week 2: In the News

by Leave a Comment

In the News: 

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.

The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

Week 2 Reading

by Leave a Comment

Week 2: 

Readings: 

The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. There are 7 layers in the OSI model 

Application Layer

Presentation Layer 

Session Layer 

Transport Layer 

Network Layer 

Data Link Layer 

Physical Layer 

The Application layer is the top most layer of TCP/IP Model that provides the interface between the applications and network. Application layer is used exchange messages. Some of the devices used in Application layer are,

  • PC’s (Personal Computer), Phones, Servers
  • Gateways and Firewalls

Transport layer is responsible for end-to-end communication (or process-to-process communication). Some of the transport layer devices are, Firewalls and Gateways The network layer is responsible for creating routing table, and based on routing table, forwarding of the input request. Some of the Devices used in Network Layer are, Routers. A router helps you connect multiple devices to the Internet, and connect the devices to each other

 

Data Link layer is responsible to transfer data hop by hop (i.e within the same LAN, from one device to another device) based on the MAC address. Some of the devices used in Data Link layer are, Bridges, Modems and Internet Cards 

Physical layer of TCP/IP model is responsible for physical connectivity of two devices. Some of the devices used in Physical layers are, Cables, Hubs and Repeaters 

………………………………………………………………………………………………………………………………………………………………………………………..

 

 

 

 

 

 

 

 

Security flaw in WPA 3

by Leave a Comment

Researchers has found vulnerabilities in WPA 3 that could be used by an attackers to gain the password for the Wi-Fi (Khandelwal, 2019). WPA is used to authenticate the device using a  AES (Advanced Encryption Standards) protocol. It is being designed to prevent attackers from performing eavesdropping attack on wireless data. WAP 3 has been designed to b secure than WPA 2.  WPA 3 uses a more secure handshake than WAP 2. Which is known as Dragonfly. It aim is to protect the Wi-Fi network from an offline directory attack.  There are two types of attack that can be performed: downgrade attack and second to side channel leaks.

 

References:

Khandelwal, S. 2019. Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password. Retrieved from: https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html

 

 

Network Mapping and Vunerability Scanning – THE IMPORTANCE OF VULNERABILITY SCANS

by Leave a Comment

https://www.allcovered.com/blog/the-importance-of-vulnerability-scans/#:~:text=The%20Importance%20of%20Vulnerability%20Scans%20Vulnerability%20scanning%20is,reporting%20of%20potential%20security%20issues%20on%20a%20network.

Proactively managing and monitoring the network is part of the protection and vulnerability scans can help the organization identify and fix vulnerabilities /issues discovered before they become exploitable. Scans of the network, servers, applications and myriad of other network components is a good start point.

It is important to form vulnerability scans as part of the network protection because for Every time a computer connects to the Internet, there is a risk of a hacker taking advantage of some new vulnerability. This needle in the cyber-haystack can wreak havoc on networks and computers. Most disconcerting, these vulnerabilities can cause more than annoying pop-ups. They can worm their way into a network and steal proprietary information and other data critical to the profitability of a business. Even the National Institute of Standards and Technology’s Computer Security Division keeps a National Vulnerability Database (NVD) in an effort to help companies prepare against potential attacks. The NVD is sponsored by the Department of Homeland Security’s National Cyber Security Division. As of April 2014, there were more than 50,000 vulnerabilities scored in the NVD.

Reconnaissance – How cybercriminals are exploiting US unemployment benefits to make money

by Leave a Comment

https://www.techrepublic.com/article/how-cybercriminals-are-exploiting-us-unemployment-benefits-to-make-money/?ftag=CMG-01-10aaa1b

Thinking of this, these scammers are leveraged the current coronavirus pandemic and have paid close attention the many means and avenues through which the governments and businesses and even individuals are trying to provide support during this period. These scammers have some part of information, taken them and used what the know to build up to find the loopholes or vulnerabilities that are exploitable. This is cybercriminals carrying out Reconnaissance.

Cybercriminals have been capitalizing on virtually every aspect of the coronavirus pandemic and the resulting lockdown. They’ve created malware designed to tap into the medical, financial, social, and even psychological repercussions of the outbreak. To help people and businesses affected financially, the government has been offering loans, stimulus packages, and increased unemployment benefits. And, of course, all of that represents another area to be manipulated by scammers.

Cybercrime forums on the Dark Web have been populated with conversations on unemployment benefits. IntSights researcher Yoav Harpaz Cohen said he found discussions around the benefits themselves, the regulations from each state, and the steps required to claim the benefits, according to the report.

One discussion thread discovered by Cohen centered around the various pandemic unemployment assistance (PUA) benefits offered, detailing the minimum and maximum payouts available from each state and offering links to file a claim. Another thread revealed conversations among people looking to work together to collect the benefits by using different drops or mules. Such mules are recruited to launder the money.