Week 05

Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia’s Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles.

Dubbed Fusée Gelée and ShofEL2, the exploits lead to a coldboot execution hack that can be leveraged by device owners to install Linux, run unofficial games, custom firmware, and other unsigned code on Nintendo Switch consoles, which is typically not possible.

Both exploits take advantage of a buffer overflow vulnerability in the USB software stack of read-only boot instruction ROM (IROM/bootROM), allowing unauthenticated arbitrary code execution on the game console before any lock-out operations (that protect the chip’s bootROM) take effect.

https://thehackernews.com/2018/04/nintendo-switch-linux-hack.html

 

https://technical.ly/baltimore/2018/03/29/city-cyber-attack-baltimores-911-computer-aided-dispatch-system-ransomware/

The cyber-attack on Computer Aided Dispatch (CAD) system which supports Baltimore 911 operations, reported being ransomware. This cyber-attack was caused by ransomware perpetrators. Federal investigations are going on to know the source of the attack. The attack forced CAD system to go offline for 17 hours. This attack is placed in the category of Wannacry attack. Ransomware is not about stealing data, it only makes system non-functional. Whereas cyber-attacks involve stealing money as well as information. The attack in Baltimore city comes in line with the attack on Atlanta in which several official departments went offline. Employees are not able to use email any longer.

Soon the system was restored to the original level and computer affected with ransomware was segregated to prevent the transmission of attack to other parts of the network. No data was compromised in this attack. The city is concerned about these threats and has the strategic policy in place according to some officials. Every technical thing is at risk of cyber-attack. Every entity- whether public or private- is prone to this kind of attacks. An investigation is going on this matter but culprits are not yet known.

https://www.prnewswire.com/news-releases/acronis-warns-about-the-worst-year-for-data-loss-incidents-and-cyberattacks-urges-immediate-action-to-prepare-300622152.html

According to Acronis, the year 2018 will be the worst year as far as cyber-attacks are concerned. According to a survey done by Acronis 60% of respondents never heard of ransomware. Ransom attacking will be increased to the rate of every 14 seconds in two years from the rate of 40 seconds this year. In this prediction, attack on individuals, which are more frequent, are not considered. Acronis warns that only a high-quality backup security solution will be able to prevent entities from ransomware.

Ponemon Institute revealed in a report that 69% of organizations do not believe their anti-virus can prevent ransomware activities in their organizations.  The new trend has emerged whereby the hacker attack backup files and data. Only a few backup solutions are able to protect from large-scale ransomware attacks. Due to growing ransomware attacks, Acronis improved its back up the solution by integrating it with innovative Ai based technology.  It also introduced Acronis Ransomware Protection which can be clubbed with other backup solutions.  Acronis advice to keep operating system and software up to date, always have the backup of important data and install anti-virus software.

https://theconversation.com/is-counter-attack-justified-against-a-state-sponsored-cyber-attack-its-a-legal-grey-area-94023

US Department of Justice indicted 9 Iranians against cyber-attacks on many public and private institutions, on March 23. Institutions were targeted worldwide; even United Nations was not spared. This movement will not reduce the number of cyber-attacks in future. International law does not provide provision for self-defense against cyber-attack (only army attack is identified). So it needs to be analyzed if this action by the US is appropriate and real. This is the grey area which international community should consider upon.

Defendants are founders of an organization formed for the purpose of scientific espionage. The organization is named as Mabna which reportedly got the contract from Iran to conduct cyberattack on its behalf. Lots of data were stolen by this organization. It wanted to steal research data and intellectual property information. More than 1 lakh professors and 8000 emails were targeted. Private companies were targeted too using password spraying technique in which hacker gains access to the email account by using default or common passwords. Some say that this action is not going to cause much deterrence. According to them, there should be counter attack as in this case culprits will not be given punishment as they are based in Iran.

https://www.businesstimes.com.sg/government-economy/bank-negara-foils-attempted-cyber-attack

Malaysia’s central bank revealed that it has foiled major cyber-attack in which false messages were sent through the SWIFT. Fortunately, no transactions were made and nothing wrong happened. But it is the second cyber-attack on central bank worldwide. First one occurred in 2016 on Bangladesh Central Bank in which $ 81 billion was spent. Both incidents involve SWIFT transaction method. Who was behind the attack is still unknown. Even how they access the bank’s SWIFT server is not known currently but it has triggered the wave of enhancing security by the financial institution. All the financial institutions, similarly. Got concerned after Bangladesh central bank attack.

Bank Negara supervises 45 commercial banks but it has not revealed the details of a message which were done by hackers.  SWIFT also declined to comment on the matter but said its security system was definitely compromised.it shows that SWIFT platform is vulnerable to this kind of attacks. Some hackers reportedly stole 339.5 million rubles from Russian bank using SWIFT transaction method. There was no disturbance to other functions of the Malaysian Bank according to Bank authorities. The bank is conducting the investigation in collaboration with many local and international agencies.

Massive 1.7Tbps DDoS reflection/amplification attack was conducted against one of its unnamed US-based customer’s website.

Attackers exploited vulnerability of many internet facing “Memcached” servers, open-source memory caching system, by sending a forged request to the targeted Memcached server on port 11211 using a spoofed IP address that matches the victim’s IP. Requests sent to memcached servers triggered tens of thousands of times bigger response against the targeted IP address, resulting in a powerful DDoS attack.

Read more at:
https://thehackernews.com/2018/03/ddos-attack-memcached.html

A recent Forbes article mentions 68% of senior IT professions do not think their boards are being briefed on mitigating controls for cyber risks. I was surprised by the percentage. Either companies are not managing up, or down, or are not doing enough to mitigate cyber risk.

https://www.forbes.com/sites/gilpress/2018/03/15/cybersecurity-by-the-numbers-market-estimates-forecasts-and-surveys/#5b079c3212c4

http://www.zdnet.com/article/iot-security-warning-cyber-attacks-on-medical-devices-could-put-patients-at-risk/

Here is another example of why the government, the health industry, cyber security experts and device makers should come together – medical devices have evolved to be considered Internet of things (IoT) and need to be protected because they are attached to human beings and since they rely on internet, cyber attacks could cause massive harm to these people. The article explains why we need all the necessary parties to come together to incorporate protection and plan for the events that may take place so the patients are not harmed in anyway.

https://www.infosecurity-magazine.com/news/ddos-costs-skyrocket-for-smbs/

 

Interesting take on how much it is costing companies to take care of ddos related kinds of attacks. As well as what they do to handle them.