Week 06

 

https://www.newsbtc.com/2018/03/27/symantecs-internet-security-threat-report-highlights-cryptos-increased-use-cyber-crime/

Symantec has released its 23rd internet security threat report which says that there have been more attacks associated with cryptocurrency. The report says that the crypto jacking was the largest trending attack of 2017 in which computer system is used to mine the cryptocurrency though the owner of the machine remains unaware of it. There are two easy benefits for the attacker. One is that great deal of anonymity is maintained and other that regular CPUs can be used to mine the coin, unlike bitcoin which needs specialized equipment.

All the cyber criminals resorted to cryptocurrency because their price shoots up in 2017. So there was a lot of profitability for the cybercriminal. In addition to that criminal need just a few lines of code to mine the currency. The report mentions ransomware as another major online attack resorted to in 2017. In this hackers make the system non-functional and then they demand money, usually in the form of cryptocurrency, to unlock the system. These kinds of incidents are increasing day by day. In 2018, already such kind of attack has been made on the city of Atlanta. These attacks are only going to increase in the year 2018.

Over the past few days, users with Alexa-enabled devices have reported hearing strange, unprompted laughter. Amazon responded to the creepiness today in a statement to The Verge, saying, “We’re aware of this and working to fix it.”

Thirty-six people have been charged for their alleged involvement in running a cyber-crime service responsible for more than $530m (£381m) of losses.

The Infraud Organisation is said to have dealt in stolen credit cards and passwords and engaged in bank fraud and ID theft.

As of March 2017, its dark-web-based service’s discussion forum is said to have had 10,901 registered members….

 

“The criminals involved in such schemes may think they can escape detection by hiding behind their computer screens here and overseas,” said Derek Benner, of Homeland Security Investigations.

“But as this case shows, cyber-space is not a refuge from justice.”

 

https://www.goldsteinreport.com/article.php?article=26142

https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

GitHub is a code hosting website and someone or some group managed to find a misconfigured Memcached server(s) and spoofed an IP Address to create the DDoS event. The attack caused over 1.35Tbps of data, which is the largest attack ever. Experts say that these aren’t common and more to come in the future. The port number was 11211 and experts say to prevent these attacks is to either disable the port or use firewalls to protect memcached servers from attacks.

Private-browsing modes are leaky because data tends to move between different places and can be exploited. Veil encrypts the website before showing on the screen and has a decryption algorithm embedded in the page.

To avoid the lag when loading, developers will have to create Veil version of the website first.

 

https://www.engadget.com/2018/02/24/mit-veil-private-browsing/

Advanced Penetration Testing -Week-6