MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Elizabeth V Calise

Cybercrime Economy Generates $1.5 Trillion a Year

by Leave a Comment

It was stated at the RSA Conference 2018 that “If cybercrime was a country, it would have the 13th highest GPA in the world.” Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia. The $1.5 trillion that cybercriminal generate each year includes $860 billion in illicit online markets, $500 billion in theft of trade secrets and intellectual property, $160 billion in data trading, $1.6 billion in crimeware-as-service-, and $1 billion in ransomware. Evidence has show that cybercrime often generates more revenue than actual companies. It is time to start thinking that cybercrime is more like a business.

 Additionally, it was mentioned that more 620 new drug types have appeared in the market since 2005. Many of these drugs are created in China or India, purchased online, and sent to Europe in bulk. There has been evidence that shows that groups earning revenue from cybercrime are also involved in drug production. Taking a look at the dark web, one can find listings for illegal drugs, toxic chemicals, malware, and stolen and fraudulent data.

https://www.darkreading.com/vulnerabilities—threats/cybercrime-economy-generates-$15-trillion-a-year/d/d-id/1331613

Card Data Stolen From 5 Million Saks and Lord & Taylor Customers

by 1 Comment

Cybercriminals have obtained more than five million credit & debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. The data was stolen using software that was implanted into the cash register systems at the stores. The investigation continues, but its e-commerce platform appears to not have been affected by the breach. However, the company has not stated how may customer accounts or stores were affected by the attack. This theft is one of the largest known breaches of a retailer and demonstrates how hard it is to secure credit-card transaction systems.

It was found that a group of Russian-speaking hackers known as Fin7 or JokerStash posted online that it had obtained a cache of five million stolen card numbers. Fin7 did not state where the numbers had been obtained. It is unclear how the malware was installed in the stores checkout systems, but it was stated that it was most likely from phishing emails.

Click here for the link.

Cyberattack Shows Vulnerability of Gas Pipeline Network

by 2 Comments

A cyber-attack on a shared data network forced four of the nation’s natural gas pipeline operators to temporarily shutdown computer communications with the customers for over a week. No gas service was interrupted, but it was unclear if any customer data was stolen. Aside from consumer and business data, energy companies possess proprietary information about their holdings, trading strategies and much exploration and production technologies. The dependence of pipeline infrastructure on digital systems makes them a target. Control valves, pressure monitors and other equipment connected to wireless networks are vital to daily functions. With almost 2.5 million miles of oil, gas and chemical pipelines all over the country, intrusions into control systems could do more than disrupt deliveries. Risks could include explosions, spills, or fires.

Click here for article.

Boeing Possibly Hit by ‘WannaCry’ Malware Attack

by Leave a Comment

Boeing recently stated that it was hit by a cyber attack that was identified as the same WannaCry computer virus that hit thousands of computer systems in more than 70 countries last year. There is concern that the attack could spread to Boeing production systems and airline software. WannaCry is known as a ransomware malware that locks up victims; computers and data with encryption, until the attackers’ extortion demands are met.

Click here for article.

Uber Agrees to New FTC Settlement Over 2016 Breach Disclosure

by Leave a Comment

Uber has agreed to an updated settlement with the Federal Trade Commission (FTC). The organization was charged last year for deceiving customers with its privacy and data security practices. The new settlement considers Uber’s massive 2016 data breach. In the original settlement, the FTC reported that Uber failed to live up to its claims that it closely monitored employees’ access to rider and driver data. Additionally, it failed to live up to that it implemented measures to secure personal data on the third-party cloud servers. After the original settlement, FTC learned that Uber failed to disclose a breach of user data. As a result, FTC updated its complaint to note that Uber knew about the breach and paid the attackers $100,000 through a “bug bounty program” to keep things quiet. In the new agreement, Uber is required to disclose future incidents involving consumer data and all reports from required third-party audits of its privacy program.

https://www.darkreading.com/attacks-breaches/uber-agrees-to-new-ftc-settlement-over-2016-breach-disclosure/d/d-id/1331525

Former Airline Database Administrator Sentenced for Hacking Reservation System

by Leave a Comment

Suzette Kugler, a former database administrator at PenAir, will serve a fiver-year probation sentence for hacking the airline’s database. The database was for its ticketing and reservation system. After her removal from the organization, Kugler hacked into the system between April and May 2017. It has been assumed this was in retaliation for being fired. Kugler utilized her insider knowledge of the database system to create fake privileged credentials, which she used to destroy critical data and prevent airline employees from booking, ticketing, modifying, and boarding passengers during the attack. A U.S. District Judge sentenced Kugler to five years of probation, 250 hours of community service, and a fine of over $5,000 to PenAir.

https://www.darkreading.com/attacks-breaches/former-airline-database-administrator-sentenced-for-hacking-reservation-system/d/d-id/1331530

 

North Korea Threat Group Targeting Turkish Financial Orgs

by 1 Comment

Hidden Cobra, a threat group linked to North Korea, has turned its interest to the financial institutions in Turkey. McAfee reported finding malware (known as Bankshot) associated with the group surfacing on systems belonging to three large financial organizations and at least two of major government-controlled entities involved in finance and trade in Turkey. The malware is designed to persist on compromised systems for further exploits. Stated by McAfee, this suggests that Hidden Cobra is trying to gather specific information that can be used to launch more attacks.

The FBI and the US Department of Homeland Security has described the group having a wide range of attack tools at its disposal. This includes: denial-of-service botnets, wiper malware, and remote access Trojans. The attacker’ tool choice, Bankshot, was also used in a Korean bank attack and in banks in Latin America. McAfee’s investigation showed that Bankshot implants were distributed via phishing emails. The emails contained a malicious word document with an embedded exploit for a recently disclosed Adobe Flash vulnerability.

https://www.darkreading.com/attacks-breaches/north-korea-threat-group-targeting-turkish-financial-orgs/d/d-id/1331223

Germany Says Hackers Infiltrated Main Government Network

by Leave a Comment

Recently, hackers used software to penetrate the German government’s main data network. This system is used by the chancellor’s office, ministries and the Parliament. News sources are claiming a Russian hacking group supported by the Russian government is behind it. The hacking group is called Snake or also known as APT28 or Fancy Bear. However, nothing has been confirmed by the German government. The German government was a specific target and the attackers were seeking specific information.

This attack came two years after German security officials determined that the Fancy Bear hackers were able to breach the German Parliament’s data network. This led to increased security on the country’s most sensitive systems. This same group has been accused of breaching computer servers of the Democratic National Committee in the United States,

Investigators with Palo Alto Networks stated that the ones associated with Fancy Bear used “malicious emails targeting foreign affair agencies and ministries in North America and Europe.”

In the 2015 attack on the German Parliament, hackers succeeded in breaching the system and stealing 16 gigabytes of sensitive information. Patrick Sensburg, a lawmaker with the governing Conservative Party, stated that the most recent attack appeared to have a clearer target.

Click here for link. (Source: The New York Times)

What He Did on His Summer Break: Exposed a Global Security Flaw

by Leave a Comment

Nathan Ruser, an Australian university student, tweeted that a fitness application revealed the locations of military sites in Syria and other places. He was not expecting much response to his tweet. However, this grabbed a high amount of attention. The news alarmed security experts who said hostile entities could gain valuable intelligence from the Strave app’s global “heat map”. This includes locations of secret bases and the movements of military personnel.

Ruser looked over Syria on Strava’s map, which is based on location data from millions of users, including military personnel, who share their exercise activity. He stated that the area “lit up with those U.S. bases.”

Link to article here

PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

by Leave a Comment

The Pyeongchang Winter Olympics (In South Korea) was disrupted by a malware attack before and during the opening ceremony. The cyber-attack involved 12 hours of downtime on the official website, the collapse of WiFi in the Olympic stadium, and the failure of televisions and Internet at the main press center.

Various cybersecurity companies reported that it was a wiper malware attack that had spread through the Winter Games official network using stolen credentials. Wiper malware focuses on taking down networks and systems, and wiping the data. Experts have mentioned the hacker potentially being located in North Korea, China or Russia. Based on the Cisco Talos analysis, the attacker had intimate knowledge of the Winter Games’ network system and knew technical details of the infrastructure such as username, domain name, server name, and password. It has also been considered that the Olympics’ infrastructure was already comprised before the attack, making it possible to allow exfiltration of the used credentials.  

https://thehackernews.com/2018/02/pyeongchang-2018-winter-olympics.html