Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey

Main Content

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

By Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses.  It has been unclear if there were any of the phishing attacks were successful.  IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

 

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Week 14: In the News

By Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

by 1 Comment

Three nation-states cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, as per reports by Microsoft. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind these attacks.
The primary attack methods used are password spraying and brute forcing employee accounts. These employees have also been subjected to spear phishing attacks, where attackers have managed to masquerade these emails coming from WHO officials. Microsoft declined to speak about any compromise of data, however at least one breach has been confirmed.
Reference:
https://threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/

Week 12, In the News: Microsoft urges users to stop using phone-based multi-factor authentication

by Leave a Comment

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies.  Alex Weinert, Director of Identity Security at Microsoft said in a blog post last year that users who enabled multi-factor authentication (MFA) ended up blocking around 99.9% of automated attacks against their Microsoft accounts.  SMS and voice calls are transmitted in cleartext and can be easily intercepted by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.  SMS-based one-time codes are also phishable via open source and readily-available phishing tools like Modlishka, CredSniper, or Evilginx.  Weinert goes on to say that users should enable a stronger MFA solution for their accounts, recommending Microsoft’s Authenticator MFA app as a good starting point.  But if users want the best, they should go with hardware security keys, which Weinert ranked as the best MFA solution in a blog post he published last year.

https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/

In the News Week 11

by Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

 

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.

The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

 

Week #11: In the News

by Leave a Comment

The UK in Cyber-War against Anti-Vaccine Propaganda

Britain is taking caution about hostile states and terror groups spreading the anti-vaccine propaganda. They created a digital offensive toolkit operation to prevent the circulation of this propaganda, this toolkit is created to tackle disinformation and Islamic state recruitment material.

The group GCHQ has been ordered to take anti-vaxxers offline and monitor/disrupt terrorist propaganda. Most of the focus is on taking down state-linked content and encryption the data/cutting off communication on these cyber-actors. Most private users are not disturbed even if they post disinformation.

This was created to disrupt any lies about the virus and to protect the discovery of a safe vaccine.

https://www.infosecurity-magazine.com/news/uk-in-cyber-war-against-anti/

Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

by Leave a Comment

https://thehackernews.com/2020/11/windows-10-ios-chrome-firefox-and.html

This article is interesting to show that these applications vulnerabilities following the outcome of a bunch of hackers at a competition and the Patches for all the demonstrated bugs demonstrated are expected to be released in the coming days.

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China.

The hacking was done against these list of platforms

  • Adobe PDF Reader
  • Apple iPhone 11 Pro running iOS 14 and Safari browser
  • ASUS RT-AX86U router
  • CentOS 8
  • Docker Community Edition
  • Google Chrome
  • Microsoft Windows 10 v2004
  • Mozilla Firefox
  • Samsung Galaxy S20 running Android 10
  • TP-Link TL-WDR7660 router
  • VMware ESXi hypervisor

Week 11 – In the News – Linux version of RansomEXX ransomware discovered

by Leave a Comment

Kaspersky said it discovered a Linux version of the RansomEXX ransomware on Linux machines.  This is a fairly new strain of ransomware that had been widely affecting Windows machines.  The ransomware has been used in attacks against the Texas Department of Transportation, Konica Minolta, US government contractor Tyler Technologies, Montreal’s public transportation system, and, most recently, against Brazil’s court system (STJ).  This form of ransomware is referred to as a “human-operated ransomware.  The groups that utilize this new ransomware buy access or breach networks themselves, expand access to as many systems as possible, and then manually deploy their ransomware binary as a final payload to cripple as much of the target’s infrastructure as possible.

Many ransomware gangs have realized that attacking workstations first isn’t a lucrative deal, as companies will tend to re-image affected systems and move on without paying ransoms.  Many of these ransomware gangs haven’t bothered encrypting workstations, instead, they target crucial servers inside a company’s network, knowing that by taking down these systems first, companies wouldn’t be able to access their centralized data troves, even if workstations were unaffected.  Creating a new strain that attacks Linux machines was the next step as many companies today are running internal systems on Linux.

https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/#ftag=RSSbaffb68

Accessing Google User’s Account Information using GHunt

by Leave a Comment

GHunt is an open-source intelligence (OSINT) tool which can be used to explore the data that are created by the Google account (Pritchard, 2020). GHunt is an OSINT tool which uses an open source information to compile data of a user identities and activities. GHunt can be used to analyze the uses data by just having the users email address. GHunt can extract the users name, YouTube channel, and other Google Services.

GHunt tool was being developed by Thomas Hertzog. GHunt can be used by white hat and penetration tester to find out if the email address found during an testing can leak any other information. Individual and business can use this tool to identify how much of their information is available publicly.

References:

Pritchard, S. 2020. GHunt OSINT tool sniffs out Google users’ account information using just their email address. Retrived from: https://portswigger.net/daily-swig/ghunt-osint-tool-sniffs-out-google-users-account-information-using-just-their-email-address