MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Jason A Lindsley

Meet PINLogger, the drive-by exploit that steals smartphone PINs

by Leave a Comment

This article is about an attack devised by security researchers to access motion and orientation sensors using JavaScript code to server malicious code through HTML based iframe tags on legitimate sites.  The JavaScript can then accurately infer characters being entered into the devices by listening in through advert banners or open tabs.

The attacks that were demonstrated are most useful at guessing digits in four-digit PINs and have a 74-percent accuracy the first time it’s entered and a 94-percent chance of success by the third try.

The success of these attacks varied by browser.  Mozilla and iOS have released update to mitigate these attacks.  Google Chrome has not yet released a fix, but has acknowledged the issue publicly.

Cerber Takes Ransomware Crown from Locky

by Leave a Comment

This article is about the heavy distribution Cerber ransomeware and how it has taken over Locky in the last three months of the top ransomware threat.  Cerber is “ransomeware as a service” which allows novice users to pay for it to be used against targets.

The article emphasized that controls inside the perimeter are key to defending against malware such as Cerber because it is able to sneak past endpoint- and malware-detection technologies.  For example, least privilege access control is key to defending against this ransomeware because it crawls the network looking for accessible file systems and encrypting its contents.

This is an example of the importance of having a defense in depth approach to information security.

https://www.infosecurity-magazine.com/news/cerber-takes-ransomware-crown/

Alfa AWUS036AC in Kali

by Leave a Comment

Hi All,

I was finally able to get my wireless adapter to work.  The following helped the most if anyone else has these issues:

Driver Installation

Latest Driver

http://alfanetworkinc.blogspot.com/2016/08/awus036ac-awus036ach-awus036eac-kali.html

You also may need to update the Linux Kernel and Headers.  Please respond if anyone is experiencing similar issues and I’ll try to help.

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear

by 1 Comment

This is an interesting article on hackers combining their physical penetration skills with technical skills.  Hackers were able to drill a whole the size of a golf ball next to the PIN pad and insert a wire to take command and control of the ATM and dispense cash.  Security researchers at Kaspersky demonstrated that the technical hack could easily be done with a simple Arduino controller, a breadboard, and a 9 volt battery.

These stories remind me of Terminator 2 when young John Connor was hacking the ATM machine.  The ironic thing is that the ATMs that were compromised have been used since the 90s when that movie came out!

The challenge that banks will face in fixing this vulnerability is that the software cannot be done remotely and they are also recommending adding additional hardware enhancements and physical security controls (e.g. surveillance cameras, physical access controls).  This all requires work to be done on premises and these devices are apparently widely in use.

https://www.wired.com/2017/04/hackers-emptying-atms-drill-15-worth-gear/

Yahoo CEO Marissa Mayer stripped of bonus after probe reveals high-level knowledge of huge hack

by 1 Comment

The security breaches that we posted about in 2016 resulted in a $350 million discount in Verizon’s purchase of Yahoo.  It also resulted in Yahoo CEO being stripped of her 2016 annual bonus (up to $2 million).  She also volunteered to surrender her 2017 equity grant (no less than $12 million).  The board accepted her offer and she has requested that it be distributed among the Yahoo employees.

An interesting part of the article was a Gartner analyst comment that “security is often not on the top of a company’s agenda because it isn’t directly tied to revenue growth.”

If cybersecurity is not a top item on the board’s agenda for internet based companies, financial services, and other critical infrastructure companies, they’ll have a lot more to worry about than revenue growth.

I’m encouraged that Yahoo and even Marissa Mayer acknowledged her accountability in this breach.  More needs to be done to hold executives accountable for cybersecurity at these major companies.

http://www.securityinfowatch.com/news/12311944/yahoo-ceo-marissa-mayer-stripped-of-bonus-after-probe-reveals-high-level-knowledge-of-huge-hack

Hackers who took control of PC microphones siphon >600 GB from 70 targets

by 1 Comment

Hackers compromised PC microphones using malware embedded in Microsoft Word documents.  The attack targeted companies in several industries, including critical infrastructure, news media, and scientific research.  The data was siphoned via Dropbox accounts.

The article states that organizations typically don’t prevent end users from accessing Dropbox.  In this day in age, that needs to change.  DLP strategies for companies in each of these industries should be blocking these cloud sharing sites.  Any exceptions to these blocks should be closely monitored.

On another note, I would hate to be the one that had to listen to hours of audio to try to find the sensitive information, intellectual property, trade secrets, and research data!

 

https://arstechnica.com/security/2017/02/hackers-who-took-control-of-pc-microphones-siphon-600-gb-from-70-targets/

by 1 Comment

This is an interesting article about fileless memory that does not need to be downloaded to a hard drive. It runs in the kernel or RAM without downloading any payload to the hard drive. Therefore, it could go undetected by traditional AV software.

This highlights the importance of having a defense in depth strategy that monitors activity on the network and endpoints, enforces strong access management, prevents data leakage, enforces a strong perimeter, etc. If a company or bank is relying solely on AV software to detect and remove malware, they will struggle to defend against today’s threats.

https://www.wired.com/2017/02/say-hello-super-stealthy-malware-thats-going-mainstream/

https://community.mis.temple.edu/mis5212sec001sp2017/2017/02/10/3174/

Metasploit security kit now hacks IoT devices, hardware

by 1 Comment

This article is about a recent upgrade to Metasploit to perform penetration testing on IoT devices, including those that are not connected through Ethernet connections.  To achieve this, they have updated the Hardware Bridge API that allows testers to connect directly to firmware or create a relay service through a REST API.

The initial release is targeted to automotive penetration testing and includes modules for testing vehicle Controller Area Network (CAN) buses.  Does anyone have a spare Tesla we can test?!?

Link

Ransomware is about to get a lot worse….

by 1 Comment

…by holding your operating system hostage.

Ransomware has become the most common form of malware over the past few years.  Typically ransomware encrypts your key files and the attacker demands payment, however it is expected that variants will begin to emerge that are designed to modify the infected computer’s Master Boot Record.  This will cause the system to boot to a lock screen demanding payment before the attacker will decrypt files and restore access to the main operating system.

Multiple layers of defense are required to counter ransomware.  Strong network controls and access controls are very important, however user awareness and training is just as critical to prevent social engineering that allows an attacker to deliver the malware.  Finally, always backup your data AND your operating system.  In many cases, if you detect the ransomware in a timely manner, you can wipe the OS and restore from backup.

Be safe!

link