In my forensics class, the professor talked about how a forensics expert solved cases to put the murderers away but later found he was incorrect. So the people sent to jail were freed. This can damage the reputation and trust of anyone in the field and relates to cyber security because we want to make sure our facts and data line up before we give a solution or data to accuse someone of an activity that either cause a system failure or intrusion.

http://www.forensicsciencetechnician.net/25-wrongly-convicted-felons-exonerated-by-new-forensic-evidence/

South Koreans paid as much as $2.5 million in ransomware payments over the last two years

http://www.firstpost.com/tech/news-analysis/south-koreans-paid-as-much-as-2-5-million-in-ransomware-payments-over-the-last-two-years-4404523.html

South Korea has been hit by ransomware disproportionally. In the last 2 years, the country has paid about $2.5 million was paid towards ransomware. Ransomware has become quite a common form of attacks these days especially in large corporation and government settings. They encrypt and hold certain files in the storage and demand payment in exchange of unblocking the systems. The article says that ‘Ransomware operators used a Russian bitcoin exchange, BTC-E, to convert bitcoin to fiat currencies’

Bitcoin Ransomware Attack Halts Major American City’s Government and Police

https://news.bitcoin.com/bitcoin-ransomware-attack-halts-major-american-citys-government-and-police/

In a major shock to many government services in Atlanta, Georgia, one of the largest metropolitan US City, a ransomware attacked computers of municipal corporations, urging $51,000 worth of bitcoin money. The entire operations were hampered the whole week because of this. All police departments and courts were impacted with the cyber threat. Looks like the city employees first received an official email about a critical issue, asking them to shut the computers down. At the same, time, the employees also saw increase in the demand for bitcoins. In order to get back into the computers, they would have to pay for it. These attacks have been quite common in Florida, Alabama, and New Mexico where such attacks have demanded money to power back.

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

http://community.mis.temple.edu/mis5212sec001sec701sp2018/2018/02/10/unpatched-dos-flaw-could-help-anyone-take-down-wordpress-websites/

The article here talks about how a single application level DoS (Denial of Service) has been found in WordPress sites that could potentially allow anyone to take down the website with just a single machine, something which was only possible in network level DDoS. The company has yet to patch the systems and most probably all the WordPress releases in the last 9 years are subjected to this attack. As per the article, the vulnerability was ‘Discovered by Israeli security researcher Barak Tawily, the vulnerability resides in the way “load-scripts.php,” a built-in script in WordPress CMS, processes user-defined requests.’ It is surprising because the load-scripts.php file essentially is used by system administrators to improve performance of the systems.

Lack of authentication in the home page has caused the load-scripts.php to be executed by anyone. All one needs to do is to call the php file to load all the JavaScript files by passing them into the URL

Sacramento Bee Databases Hit with Ransomware Attack

https://www.darkreading.com/attacks-breaches/sacramento-bee-databases-hit-with-ransomware-attack/d/d-id/1331023

In one of the recent ransomware attacks, Sacramento Bee, a newspaper that is published in Sacramento, reported that 2 of its databases were hit in 2017. The tip on the attack came from a reporter to an internal employee working with the company. While both the databases are located in 3rd party servers, one of the database contains information on California voter registration from the California Secretary of State. The other database usually consisted of subscriber information on the people who had subscribed to the digital accounts. It seemed that the databased consisted of 53000 records of current and former Bee subscribers. The ransomware extracted the name, email address, and contact information of some of the customers. The company immediately notified the customers whose details were compromised. The good news however is that none of the database consisted of critical information such as Social Security Number, Bank account details, and Credit card information.

Tracking Bitcoin Wallets as IOCs for Ransomware

https://www.darkreading.com/threat-intelligence/tracking-bitcoin-wallets-as-iocs-for-ransomware-/a/d-id/1331016

Bitcoins have become quite popular as a safe payment method for many over the last 2-3 years. However, not many know that this cryptocurrency has been in the dark for some time and is used mostly for ransomware and cyber extortion by people acting anonymously in the system. Most cyber criminals use Bitcoin primarily because it provides anonymity when making payments, acts as a global currency, and is an easy way of receiving and transferring.  It has also been seen that careful tracking of bitcoin transactions can actually reveal correlations between various attacks.

 

That is why tracking bitcoin wallets as Indicators of Compromise (IOC) ads a lot of value. Tracking bitcoin wallet addresses as IOC has enabled to connect the dots between ransomware, shared infrastructure, TTPs (tactics, techniques, and procedures), wallet addresses, and attribution

Moreover, tracking bitcoin wallets as IOCs also helps in knowing whether the bitcoins in a transaction are going to a specific wallet address. This helps in narrowing down the wallet address. Thought using this approach may not give the exact reasons for an online ransomware, but tracking bitcoin wallets as IOCs can help in knowing the connections between ransomware.

Another course that I’m taking this semester has us listening to information security related podcasts, and I thought I’d share one that I found.

Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.

Risk Business Podcast

This week’s episode highlights the below.

• Strava heatmap
• Dutch infiltration of Cozy Bear
• Possible nationalization of the US 5G network on security grounds
• Microsoft disabling Intel Spectre patches
• Google’s Chronicle announcement
• US$400m Cryptocurrency ownage

The Strava heatmap topic was personally interesting to me, since I was able to find the base I was stationed at in Afghanistan without any issues. It wasn’t a special or secret base, but it wasn’t one of the huge ones either, so it was interesting.