Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey

Main Content

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

By Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses.  It has been unclear if there were any of the phishing attacks were successful.  IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

 

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Week 14: In the News

By Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

In the News – Week 9 – FBI, CISA: Russian hackers breached US government networks, exfiltrated data

by Leave a Comment

US government said that Russian state-sponsored hacking group has successfully breached US government networks.  The Russian hacker group was identified as Energetic Bear.  The group has been targeting numerous US state, local, territorial, and tribal government networks since February 2020.  The hacker group appeared to have breached the government servers by combining VPN appliances and Windows bugs.

The Russian attackers used publicy known vulnerabilities to breach networking equipment, pivot to internal networks, elevate privileges, and steal data.  The targeted devices included Citrix access gateways (CVE-2019-19781), Microsoft Exchange email servers (CVE-2020-0688), Exim mail agents (CVE 2019-10149), and Fortinet SSL VPNs (CVE-2018-13379).

Once in, the attackers used the Zerologon vulnerability in Windows Servers (CVE-2020-1472) to access and steal Windows Active Directory (AD) credentials. The group then used these credentials to roam through a target’s internal network.  Some of the data that was exfiltrated included:

  • Sensitive network configurations and passwords.
  • Standard operating procedures (SOP), such as enrolling in multi-factor authentication (MFA).
  • IT instructions, such as requesting password resets.
  • Vendors and purchasing information.
  • Printing access badges.

 

https://www.zdnet.com/article/fbi-cisa-russian-hackers-breached-us-government-networks-exfiltrated-data/#ftag=RSSbaffb68

Week 9 Readings – OWASP Top 10

by Leave a Comment

This week’s readings had us view the OWASP top 10.  The OWASP (Open Web Application Security Project) is a super informative site.  It essentially outlines the top 10 web attacks the attackers are utilizing against web servers today.  This is useful as it gives you an idea of how attackers are exploiting environments.  It also helps IT departments assess their own externally facing servers for vulnerabilities.

 

Questions for the class:

SQL Injection is the number 1 threat on the OWASP top 10, how do SQL injections work?

News – How much phishing is too much phishing?

by Leave a Comment

A review of the Phishing attacks for the Year 2020 has been summarized below:
A report by Interisle Consulting Group and Illumintel states some major facts about the phishing landscape in 2020.
First off, the exact size of the phishing problem remains unknown. However, the problem is bigger than it seems.
Most phishing is focused on a small number of domain registrars and registries and hosting providers.
Of all the maliciously registered domains, 65% is used within 5 days of registration.
Around 9% of phishing attacks are conducted on a small number of subdomain service providers.

The amount of phishing attacks discovered every year continues to increase. It takes advantage of our cognitive biases and fools us into giving away our details. When these biases are combined with clever tactics used by cybercriminals, the attacks become even more effective.

Reference: https://cyware.com/news/how-much-phishing-is-too-much-phishing-6de63298

Week 9 -Readings Summary

by Leave a Comment

This week’s reading article introduced us to the world of malware. The article provided a fundamental definition of malware as well as provided brief definitions of the types of malware.
It was interesting to read how the malware propagates through systems once they are infected. The article also provided history of malware in computer systems and concluded with a methodology of six basic steps which constitute a malware response plan.

Question:
What skills are needed for writing malware?

Week #8 Reading Discussions: Malware

by Leave a Comment

Malware

  • Described as malicious software intentionally designed to cause damage to a computer, server, client, or computer network. (ex.  computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware)
  • Detect/remove malware: windows defender/Malwarebytes
  • The term was coined by Yisrael Radai in 1990
    • first-known malware is Creeper: moved around different mainframes with a message that said “‘I’m the creeper: Catch me if you can.”
  • PUP(Potentially unwanted software): tricks users into installing into their systems through browser toolbars
    • can contain spyware functionality…not normally considered malware unless executes malicious features.

 

Questions:

  1. Have you ever encounter a malware attack? How and why?
  2. What can be used to defend against a malware attack?

Week #8: In the News

by Leave a Comment

Many Apple Users also use the navigation software app called Waze. Security engineer Peter Gasper found out when he was using the app’s web interface that it doesn’t just display his coordinates, it also displays the coordinates of the driver’s nearby. Each driver/account is assigned a unique ID and it doesn’t change over time. This means that if someone with malicious intent were to track a driver, they can also track the driver’s complete journey, what cities they go through, and their stops. This is incredibly dangerous because if there were any human trafficking/kidnappings to occur, the trafficker could’ve used Waze’s vulnerability to locate their target. This vulnerability has been patched since then but it’s interesting to think how as much as technology helps us, it can also make the world a more dangerous place.

 

https://www.infosecurity-magazine.com/news/waze-vulnerability-identifies-users/

In the news – Week 8 – New Emotet attacks use fake Windows Update lures

by Leave a Comment

Emotet botnet is one of the largest sources of malspam. Malspam is a term used to describe emails that deliver malware-laced file attachments. Emotet has recently developed a new campaign that show a message claiming to be from the Windows update service, telling users that the Office app needs to be updated. Like they’re other malspam, this is done by clicking the enable editing button. These malware documents are being sent from emails with spoofed identities that appear to come from acquaintances and business partners.

Emotet is know for using a technique called conversation hijacking, meaning it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and finally adding the malicious office documents as attachments. The technique is generally hard to notice which is why Emotet manages to infect corporate and government networks on a regular basis. Proper security awareness and training is generally the best way to safeguard against Emotet attacks. Any user that works with emails daily must be made aware of enabling macros inside documents as this feature is rarely used for legitimate purposes. The article goes on to show a list of the most popular Emotet document lures.

 

https://www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/#ftag=RSSbaffb68