Week 08

Security researchers have developed a new malicious ‘skill’ for Amazon’s popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device.

Amazon Echo is an always-listening voice-activated smart home speaker that allows you to get things done by using your voice, like playing music, setting alarms, and answering questions.

However, the device doesn’t remain activated all the time; instead, it sleeps until the user says, “Alexa,” and by default, it ends a session after some duration.

https://thehackernews.com/2018/04/amazon-alexa-hacking-skill.html

 

Suzette Kugler, a former database administrator at PenAir, will serve a fiver-year probation sentence for hacking the airline’s database. The database was for its ticketing and reservation system. After her removal from the organization, Kugler hacked into the system between April and May 2017. It has been assumed this was in retaliation for being fired. Kugler utilized her insider knowledge of the database system to create fake privileged credentials, which she used to destroy critical data and prevent airline employees from booking, ticketing, modifying, and boarding passengers during the attack. A U.S. District Judge sentenced Kugler to five years of probation, 250 hours of community service, and a fine of over $5,000 to PenAir.

https://www.darkreading.com/attacks-breaches/former-airline-database-administrator-sentenced-for-hacking-reservation-system/d/d-id/1331530

 

https://www.cfr.org/report/cybersecurity-and-new-era-space-activities

As satellites have become more and more integral to technology and internet use through things like GPS and other forms of communication, they have effectively become part of the Internet of Things. This opens up a whole new avenue for security vulnerabilities that will have to be addressed on a global scale. Major governments will have to set up frameworks, regulations, and alliances to facilitate a more proactive approach to satellite use and security in partnership with the private sector. With the growing trend towards commercial space travel and usage, security concerns will only increase as economic, military, and infrastructure concerns increasingly depend on space communication.

https://www.bloomberg.com/news/articles/2018-04-02/energy-transfer-says-cyber-attack-shut-pipeline-data-system

Cyber attack against a pipeline company. Although only impacting data transfers, their stock price dropped 2.5% due to the news of the attack.

 

http://www.straitstimes.com/tech/gamers-make-best-cyber-security-experts-survey-says

McAfee reports resulted in saying that, Gamers can be the best candidates for cyber security jobs. The survey involving 300 senior security managers and 650 security professionals, a major percent of respondents stated that, gamers could be a have a potential and skills for cyber security jobs, as they have an impulse to look at things differently, problem solving, logical thinking and active usage of brain.

Another major part of the respondents from the survey, believed that this particular generation, which has a large community of gamers and the young people who starts playing the video games at very young age will help the cyber security industry. As the cyber world is drastically increasing, we have to train more no. of cyber security professionals which might maintain a balance between the one and the bad when it comes to cyber security.

“Human and machines should work together to achieve better results, with the automated programs dealing with small and basic problems, allowing the human to deal with complex problems”, said Grant Bourzikas , Chief information security officer, McAfee.

 

https://www.forbes.com/sites/montymunford/2018/04/07/techvets-will-teach-military-veterans-to-learn-cybersecurity-and-build-national-security/#41de46437f88

Military Veteran aren’t the one who live a happy life. The situation of veterans in UK is a bit strange, it is known that the sacrifices of military veterans are overlooked. But finally there is a good news, they are about to learn skillsets of technology and awareness on cyber security. This could help them in working in technology and cybersecurity sectors after their period of service.

A new non-profit social enterprise TechVets was recently launched in UK which was initiated by Mike Butcher along with his other co-founders Peter Connolly, a retired Major and entrepreneur, Mark Milton, a tech design and innovation specialist and Euan Crawford, a corporate financier. TechVets is going to work in ground with the UK government, to help build a tech and cyber sector with human potential.

Veterans possess unrivalled leadership, crisis management and problem-solving skills that have been forged in the toughest environments. When given effective transition support, veterans have the potential to contribute an enormous amount to the future of the UK’s tech, cybersecurity and startup sectors, said Mike Butcher, Co-Founder, TechVets.

 

https://economictimes.indiatimes.com/tech/internet/cyber-threat-to-government-websites-a-look-at-the-data/articleshow/63659529.cms

Cyber threat is not an exception to government sites. Recently this Friday, there was an unexpected shutdown of 10 various government websites which has provoked the officials that it might be a cyber-attack but later they got to relieve their nerves as it turned out to be a storage system failure that was a fearful coincidence, isn’t it?

There were some cyber activities which had taken place in the recent past. January 1, 2017, a group of unknown hackers partially defaced Nuclear Suppliers Group’s website. Between Nov, 2016 and June 2017, it is reported that there were 50 cyber-attacks on 19 financial organizations. From 2014, Out of 8000 hosted government websites on NICNET, 248 were defaced till Nov 2017. And the list is increasing rapidly with the increase of exploiters in the cyber world.

Government has taken some steps to prevent cyber-attacks and secure websites, The National Cyber Coordination Centre made some necessary situational awareness of existing and potential cyber threats. CERT-In has exercised 25 cyber securities in organizations in defense, IT, Energy, Power, telecom sectors to check for vulnerabilities.

An interesting read that I found talked about how Memcached servers can be quickly hijacked and compromised by to launch large DDoS attacks. Utilizing IT spoofing and a poorly implemented UDP causes the servers to be put at risk because attackers will send a packet to the server, which will in turn greatly increase the size and forward the attack to the intended target. The fix only involved disabling the UDP port, but the question is, how many servers are out there with this setting unknowingly enable and stand at a huge vulnerability.

https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html