Week 02

Icelandic Police had arrested 11 suspects as part of the investigation, one of which has escaped from prison and fled to Sweden on a passenger plane reportedly also carrying the Icelandic prime minister Katrin Jakobsdottir.

Sindri Thor Stefansson, who is suspected of masterminding the whole theft of almost $2 million worth of cryptocurrency-mining equipment, traveled under a passport of someone else but identified through surveillance footage.

Stefansson had recently been transferred to a low-security Sogn prison, located in rural southern Iceland (just 59 miles away from Iceland’s international airport in Keflavik), from where he escaped through a window early Tuesday and boarded the flight to Sweden.

https://thehackernews.com/2018/04/iceland-big-bitcoin-heist.html

This report identified three vulnerabilities with VPN services leaking sensitive IP Address and location information.  Virtual Private Networks are used for several different reasons, but in this case it is used to connect privately to an internal network.  The VPN service will encrypt your data and hide your true IP address for security reasons.

Vulnerabilities were found at PureVPN, HotSpot Shield, and Zenmate.

It was also noted that these vulnerabilities were with the Chrome plug-in.  Not the desktop or smartphone version.  The other vulnerabilities were not disclosed because no patch has been created.

https://thehackernews.com/2018/03/vpn-leak-ip-address.html

Hidden Cobra, a threat group linked to North Korea, has turned its interest to the financial institutions in Turkey. McAfee reported finding malware (known as Bankshot) associated with the group surfacing on systems belonging to three large financial organizations and at least two of major government-controlled entities involved in finance and trade in Turkey. The malware is designed to persist on compromised systems for further exploits. Stated by McAfee, this suggests that Hidden Cobra is trying to gather specific information that can be used to launch more attacks.

The FBI and the US Department of Homeland Security has described the group having a wide range of attack tools at its disposal. This includes: denial-of-service botnets, wiper malware, and remote access Trojans. The attacker’ tool choice, Bankshot, was also used in a Korean bank attack and in banks in Latin America. McAfee’s investigation showed that Bankshot implants were distributed via phishing emails. The emails contained a malicious word document with an embedded exploit for a recently disclosed Adobe Flash vulnerability.

https://www.darkreading.com/attacks-breaches/north-korea-threat-group-targeting-turkish-financial-orgs/d/d-id/1331223

How a Low-Level Apple Employee Leaked Some of the iPhone’s Most Sensitive Code

On Wednesday, an anonymous person published the proprietary source code of a core and fundamental component of the iPhone’s operating system.

Full Story Here.

https://www.prnewswire.com/news-releases/report-macro-less-word-document-attacks-on-the-rise-zero-day-malware-variants-jump-167-percent-300620680.html

WatchGuard Technologies, a leader in advanced network security solutions, said that the malware attacks on SMBs (Small and Marginal Businesses) and distributed enterprises grew by 33% and that cyber criminals are increasingly using Microsoft Office documents to penetrate or inject malicious codes in to network systems. Corey Nachreiner, chief technology officer at WatchGuard Technologies says that ‘After a full year of collecting and analysing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data’.

Some of the alarming statistics for the same say that malware attacks grew significantly while zero day malware variants rose 167%. About half of the malware was injected through basic Antivirus solutions. Similarly, Scripting attacks account for 48% of top malware threats.

https://www.nytimes.com/2018/03/27/us/cyberattack-atlanta-ransomware.html

A cyberattack shook the Atlanta Municipal government, creating another case of digital extortion. The attacks proved the vulnerability that still exists within the systems, letting such cybercrime take its shape over and over again. In a typical ransomware attack, the malicious software blocks data and resources of the victim’s computer or network resources until a ransom is paid to unlock it. The attacker has been identified as someone from the SamSam Hacking group. This group is known to select their targets that are most likely to pay the ransom asked. Until date, this criminal group has been known to have extorted more than $1 million in ransom across 30 organizations. It is said that until cyber security is treated at the same level as public security, the need to constantly improve and enhance security systems against cyber-threat won’t take a good shape.

http://www.itpro.co.uk/endpoint-security/30837/four-strategies-organisations-are-using-to-combat-cyber-attacks

With growing cyber threats, organizations have learned the hard way to not use traditional security systems for prevention. They have gradually started adopting more advanced security tools such as layered and endpoint security to move up their internal defense mechanisms against data breaches and ransomware. Organizations are using 4 key strategies to combat cyber-attacks i.e. AI and Machine Learning, Merging existing and new technologies, Flexible endpoint solutions, and Technical integration. Many vendors have started to use AI and Machine Learning in their security products to understand patterns of threats and flag the threatening ones

http://www.zdnet.com/article/most-it-professionals-fear-iot-cyber-attacks-new-research-suggests-few-are-doing-anything-about/

Cyber-attacks have been continuously breaching security rules in IoT. In a recent survey conducted, it was found that 97% of the respondents believed that unsecured IoT devices can be harmful for their organizations, while only 29% actively monitored the systems for any 3rd party breach. Where organizations are failing is they understand the adoption of IoT and are able to scale well, but fail to understand the risks posed by such systems in their networks. Lack of clear accountability when it comes to third-party IoT risk management is another big issues that remains unattended

The research that was conducted on more than 600 respondents revealed the fact that about 38% believe that no one in their organization is responsible for reviewing the risk-management policies of third-party vendors. The biggest challenges with respect to IoT Risk Management Practices consist of the fact that 49% do not keep inventory of IoT devices and 56% do not keep inventory of IoT applications. More than 53% of the respondents depend on contractual agreements with external 3^rd party risk management vendors. Another alarming fact that came out is that only 29% actively monitor 3^rd party IoT risks. There is a clear gap in educating the employees about the risks of leaving IoT open in the network and not taking care of it.

https://www.darkreading.com/perimeter/encrypted-attacks-continue-to-dog-perimeter-defenses/d/d-id/1331038

Interesting article on how encrypted attacks create issues for corporate defenses.