MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Donald Hoxhaj

The Seemingly Random and Definitely Worrisome Cyberattack on Atlanta

by Leave a Comment

https://www.newyorker.com/news/news-desk/the-seemingly-random-and-definitely-worrisome-cyberattack-on-atlanta

The city of Atlanta became a victim of ransomware on Thursday. According to the chair of the city’s finance committee, this is the biggest debacle he has seen in last 2 decades. All the information of last 16 years has been lost.  The group which has been identified behind the cyber-attack is identified as SamSam. Many more cities like Boeing have been affected by ransomware but the Atlanta is the largest city to be affected by ransomware so far. It is not yet clear if it is done for monetary incentives. Moreover, the city does not have the policy regarding the payment compensation of ransomware.

A federal criminal investigation is going on. Not many details have been revealed by the authorities so far.  The executive committee of the city held a meeting to discuss the attack but no major solution has been found so far. Chair of the finance committee said there are 9700 employees. So anyone can open an attachment related to the cyber-attack which comes in their mail for the purpose of malware or ransomware. He seemed helpless and he did not know how to prevent it in future.  The city administration has told the city to use more sophisticated methods to prevent such kind of attacks.

Report: Macro-less Word Document Attacks on the Rise, Zero Day Malware Variants Jump 167 Percent

by Leave a Comment

https://www.prnewswire.com/news-releases/report-macro-less-word-document-attacks-on-the-rise-zero-day-malware-variants-jump-167-percent-300620680.html

WatchGuard Technologies, a leader in advanced network security solutions, said that the malware attacks on SMBs (Small and Marginal Businesses) and distributed enterprises grew by 33% and that cyber criminals are increasingly using Microsoft Office documents to penetrate or inject malicious codes in to network systems. Corey Nachreiner, chief technology officer at WatchGuard Technologies says that ‘After a full year of collecting and analysing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data’.

Some of the alarming statistics for the same say that malware attacks grew significantly while zero day malware variants rose 167%. About half of the malware was injected through basic Antivirus solutions. Similarly, Scripting attacks account for 48% of top malware threats.

A Cyberattack Hobbles Atlanta, and Security Experts Shudder

by Leave a Comment

https://www.nytimes.com/2018/03/27/us/cyberattack-atlanta-ransomware.html

A cyberattack shook the Atlanta Municipal government, creating another case of digital extortion. The attacks proved the vulnerability that still exists within the systems, letting such cybercrime take its shape over and over again. In a typical ransomware attack, the malicious software blocks data and resources of the victim’s computer or network resources until a ransom is paid to unlock it. The attacker has been identified as someone from the SamSam Hacking group. This group is known to select their targets that are most likely to pay the ransom asked. Until date, this criminal group has been known to have extorted more than $1 million in ransom across 30 organizations. It is said that until cyber security is treated at the same level as public security, the need to constantly improve and enhance security systems against cyber-threat won’t take a good shape.

Four strategies organisations are using to combat cyber attacks

by Leave a Comment

http://www.itpro.co.uk/endpoint-security/30837/four-strategies-organisations-are-using-to-combat-cyber-attacks

With growing cyber threats, organizations have learned the hard way to not use traditional security systems for prevention. They have gradually started adopting more advanced security tools such as layered and endpoint security to move up their internal defense mechanisms against data breaches and ransomware. Organizations are using 4 key strategies to combat cyber-attacks i.e. AI and Machine Learning, Merging existing and new technologies, Flexible endpoint solutions, and Technical integration. Many vendors have started to use AI and Machine Learning in their security products to understand patterns of threats and flag the threatening ones

Most IT pros fear IoT cyber attacks. Few are doing anything about it.

by Leave a Comment

http://www.zdnet.com/article/most-it-professionals-fear-iot-cyber-attacks-new-research-suggests-few-are-doing-anything-about/

Cyber-attacks have been continuously breaching security rules in IoT. In a recent survey conducted, it was found that 97% of the respondents believed that unsecured IoT devices can be harmful for their organizations, while only 29% actively monitored the systems for any 3rd party breach. Where organizations are failing is they understand the adoption of IoT and are able to scale well, but fail to understand the risks posed by such systems in their networks. Lack of clear accountability when it comes to third-party IoT risk management is another big issues that remains unattended

The research that was conducted on more than 600 respondents revealed the fact that about 38% believe that no one in their organization is responsible for reviewing the risk-management policies of third-party vendors. The biggest challenges with respect to IoT Risk Management Practices consist of the fact that 49% do not keep inventory of IoT devices and 56% do not keep inventory of IoT applications. More than 53% of the respondents depend on contractual agreements with external 3rd party risk management vendors. Another alarming fact that came out is that only 29% actively monitor 3rd party IoT risks. There is a clear gap in educating the employees about the risks of leaving IoT open in the network and not taking care of it.

South Koreans paid as much as $2.5 million in ransomware payments over the last two years

by Leave a Comment

South Koreans paid as much as $2.5 million in ransomware payments over the last two years

http://www.firstpost.com/tech/news-analysis/south-koreans-paid-as-much-as-2-5-million-in-ransomware-payments-over-the-last-two-years-4404523.html

South Korea has been hit by ransomware disproportionally. In the last 2 years, the country has paid about $2.5 million was paid towards ransomware. Ransomware has become quite a common form of attacks these days especially in large corporation and government settings. They encrypt and hold certain files in the storage and demand payment in exchange of unblocking the systems. The article says that ‘Ransomware operators used a Russian bitcoin exchange, BTC-E, to convert bitcoin to fiat currencies’

Bitcoin Ransomware Attack Halts Major American City’s Government and Police

by Leave a Comment

Bitcoin Ransomware Attack Halts Major American City’s Government and Police

https://news.bitcoin.com/bitcoin-ransomware-attack-halts-major-american-citys-government-and-police/

In a major shock to many government services in Atlanta, Georgia, one of the largest metropolitan US City, a ransomware attacked computers of municipal corporations, urging $51,000 worth of bitcoin money. The entire operations were hampered the whole week because of this. All police departments and courts were impacted with the cyber threat. Looks like the city employees first received an official email about a critical issue, asking them to shut the computers down. At the same, time, the employees also saw increase in the demand for bitcoins. In order to get back into the computers, they would have to pay for it. These attacks have been quite common in Florida, Alabama, and New Mexico where such attacks have demanded money to power back.

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

by Leave a Comment

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

http://community.mis.temple.edu/mis5212sec001sec701sp2018/2018/02/10/unpatched-dos-flaw-could-help-anyone-take-down-wordpress-websites/

The article here talks about how a single application level DoS (Denial of Service) has been found in WordPress sites that could potentially allow anyone to take down the website with just a single machine, something which was only possible in network level DDoS. The company has yet to patch the systems and most probably all the WordPress releases in the last 9 years are subjected to this attack. As per the article, the vulnerability was ‘Discovered by Israeli security researcher Barak Tawily, the vulnerability resides in the way “load-scripts.php,” a built-in script in WordPress CMS, processes user-defined requests.’ It is surprising because the load-scripts.php file essentially is used by system administrators to improve performance of the systems.

Lack of authentication in the home page has caused the load-scripts.php to be executed by anyone. All one needs to do is to call the php file to load all the JavaScript files by passing them into the URL

Sacramento Bee Databases Hit with Ransomware Attack

by Leave a Comment

Sacramento Bee Databases Hit with Ransomware Attack

https://www.darkreading.com/attacks-breaches/sacramento-bee-databases-hit-with-ransomware-attack/d/d-id/1331023

In one of the recent ransomware attacks, Sacramento Bee, a newspaper that is published in Sacramento, reported that 2 of its databases were hit in 2017. The tip on the attack came from a reporter to an internal employee working with the company. While both the databases are located in 3rd party servers, one of the database contains information on California voter registration from the California Secretary of State. The other database usually consisted of subscriber information on the people who had subscribed to the digital accounts. It seemed that the databased consisted of 53000 records of current and former Bee subscribers. The ransomware extracted the name, email address, and contact information of some of the customers. The company immediately notified the customers whose details were compromised. The good news however is that none of the database consisted of critical information such as Social Security Number, Bank account details, and Credit card information.

Tracking Bitcoin Wallets as IOCs for Ransomware

by Leave a Comment

Tracking Bitcoin Wallets as IOCs for Ransomware

https://www.darkreading.com/threat-intelligence/tracking-bitcoin-wallets-as-iocs-for-ransomware-/a/d-id/1331016

Bitcoins have become quite popular as a safe payment method for many over the last 2-3 years. However, not many know that this cryptocurrency has been in the dark for some time and is used mostly for ransomware and cyber extortion by people acting anonymously in the system. Most cyber criminals use Bitcoin primarily because it provides anonymity when making payments, acts as a global currency, and is an easy way of receiving and transferring.  It has also been seen that careful tracking of bitcoin transactions can actually reveal correlations between various attacks.

 

That is why tracking bitcoin wallets as Indicators of Compromise (IOC) ads a lot of value. Tracking bitcoin wallet addresses as IOC has enabled to connect the dots between ransomware, shared infrastructure, TTPs (tactics, techniques, and procedures), wallet addresses, and attribution

Moreover, tracking bitcoin wallets as IOCs also helps in knowing whether the bitcoins in a transaction are going to a specific wallet address. This helps in narrowing down the wallet address. Thought using this approach may not give the exact reasons for an online ransomware, but tracking bitcoin wallets as IOCs can help in knowing the connections between ransomware.