Week 10

 

Article Link

An Indian hacking group claimed to hack Snapchat last year and recently leaked 1.7 million user accounts and data on the Dark Web.  This comes after the CEO said that they were going to remove Snapchat from poor countries such as Spain and India.  “Although, Evan Spiegel recently announced that he made no claims and the claims that are spread on social media were made by a Snapchat ex-employee.”

 

“Indian Snapchat users have started to protest on social media networks, making the hashtag #UninstallSnapchat and #BoycottSnapchat trend on Twitter. While many Indian Snapchat has started to make funny meme’s against Snapchat and Snapchat’s CEO.”

Below are two interesting topics with potentials to create a lot of controversies beyond cyber security.

Cheney: Russian Cyberattack On Election Could Be Viewed As ‘Act Of War’

Cyber Security was one of the main topics and concerns during the past U.S. elections. Numerous claims were made that Russia interfered the previous elections to favor Donald Trump over Hillary Clinton by hacking systems linked to the Democratic party. Should the U.S. perceived this as an “Act Of War,” as Former Vice President Dick Cheney stated if those claims are proven to be true? I understand that Cyberattacks should be taken as serious as any other form of attacks; however, what about other cyberattacks linked to other countries such as: China, Iran, North Korea, and so forth? Shouldn’t they also be viewed through the same lens?

I think specific characteristics should be developed before viewing a Cyberattack originated from another country as an “Act Of War.” For example, is it government sponsored, can it create mass destruction, are infrastructure direct targets, etc. Otherwise, this could create a lot of confusion moving forward because we now live in a world where cyberattacks are occurring more often than ever.

http://www.huffingtonpost.com/entry/cheney-russian-hacking-war_us_58d9d67be4b00f68a5ca35ef?utm_hp_ref=cyber-security

4 myths — and facts — about online security

Allow me to go straight to the point. The four myths are:

1. Emails are always secure
2. “Private browsing” is always private
3. Turning off GPS means no one can track me
4. My password is enough to protect me

These are excellent points, but are all of them still myths? I would say one of them is. Yes, most people still believe that “Private browsing” is always private. Anything accessed via a web browser is stored, but with traceable history, even if browsing history is deleted. All that is needed are the right skills with the right tools. On the other hand, I don’t believe many people continue to see emails as secured as in the past. Also, it should be clear to everyone that password alone is not enough. The reason I say these is because every now and then there is a high-profile story about group of hackers attacking someone, an organization, or another country. Moreover, should I get started with the whole circus about Hillary Clinton’s emails? Lastly, latest Yahoo controversy eliminated the belief of whoever still was thinking emails are always secure and password is good enough to protect.

Turning off GPS means no one can track someone. This could be true, but to a certain extent. It depends on the device, tool and the network.

http://money.cnn.com/2017/03/22/technology/cybersecurity-misconceptions-pew/index.html

Advanced Penetration Testing -Week-10

Suspected cybercrime group known as Lazarus is suspected to be behind numerous attacks against Polish banks.  Polish banks reportedly detected previously-undetected Malware variants in their system.  They reported usual behavior that included abnormal network traffic to foreign locations, encrypted executable, and malware on user workstations. The hackers conducted the attack by compromising the websites of their target by injecting them with malicious codes that redirects the visitors to an exploit kit that installs the malware.

I thought this is interesting since we had some experience with WebGoat and how attackers can inject codes to web applications.  This seems to be the route that this cybercrime group took.

Article: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/polish-banks-and-other-financial-organizations-hit-by-new-malware-attacks

A ransomware variant from the CERBER family has emerged and it is affecting machine learning file based detection solutions. With the emergence of machine learning solutions in the security industry, attackers are getting more crafty in how they evade systems. In this particular case attackers are taking advantage of static file detection solutions that focus on features instead of signatures.

Through their research Trend Micro has discovered that CERBER has the ability to evade a system undetected in a machine learning solution especially if it is static file based solution. As with all ransomware CERBER is distributed through email with a link to a self extracting archive file that is stored and maintained in DropBox by the attacker. The contents of the archive file is a Visual Basic script, a dll file and a configuration file. Once a user clicks on the link the archive file is downloaded and self extracts on to the target system. It then runs the VBscript file that is contained in the archive, loading the contained dll file during the process and decrypting part of the configuration file needed to evade the system. The issue presents itself in static detection tools that use machine learning because it is hard to detect CERBER when it looks like any other self extracting process involving an archived file. Even further once unpacked it may not be able to detect the binary contents and thus allow the non-malware to get in.
All the more reason why it is best to use more than one single approach to secure systems and the network they are in.  

Source:

Dark Reading

Trend Micro

 

Kali Linux is an open source Debian-based operating system for penetration testing and forensics. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.

After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone.

The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.

http://thehackernews.com/2014/09/kali-linux-nethunter-turn-your-android.html

The original cloud service “FTP” is on the radar of many hackers. The FBI sent out an alert to medical and dental entities warning them to secure their FTP servers. Hackers are trying to access protected health information (PHI) and personal identifiable information (PII) through FTP. Research has shown that there are over 700K exposed FTP servers on the internet. Before the days of Dropbox, Google drive and Onedrive people would use the File transfer protocol (FTP) to move or copy data from pc’s to servers or vice versa. Now with cybercrimes at an all-time high this once useful feature is a backdoor to store malware and launch DDoS attacks.

https://www.bleepingcomputer.com/news/security/fbi-alert-urges-companies-to-secure-ftp-servers/

Article Link

This is an interesting article.  Many users install software like Symantec to help keep them safe, and here, there was a flaw that would allow an unauthenticated attacker to retrieve SSL Certificates, but not only that, reissue or revoke those certificates.

The flaw was discovered by an IT consultant from Cloud Harmonics, and Symantec asked the consultant not to disclose the flaw as it would take Symantec almost two years to fix the issue.

 

Pwn2Own 2017 contest, an annually computer hacking contest, has ended in March 17. During the three-day contest, Google Chrome remained unscratched; Mozilla Firefox fell once; Apple’s Safari was taken down fourth and numbers of flaws were found from its new-developed Touch Bar; Two exploits were found on both Adobe Reader and Flash Player. One impressive thing on this contest was that two teams,360 Security and Tencent Security both from China successfully completed virtual machine escapes on the third day. Virtual machines are usually used to create an isolated environment that poses no threat to the host operating system in case of compromise. One of the main goals of hypervisors is to create a barrier between the guest OS running inside the VM and the host OS that the hypervisor runs. It prevents one user’s data and OS from being accessed by others sharing the same physical server. However, the success of VM escape meant that hackers were able to break out a VM and interact with and execute code on the host OS. 360 Security completed the VM escape by exploiting a heap overflow bug in Microsoft Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation. The code demonstration took only 90 seconds. On the other hand, Tencent Security completed the guest-to-host by using a three-bug chain involving a Windows kernel UAF, a Workstation infoleak, and an uninitialized buffer in VMware Workstation. Finally, the 360 Security team won the most number of points and were crowned Master of Pwn for this year, and Tecent Security was the second. All the exploits found in this contest had to be shared with the contest’s organizer and the vendors, and these exploits will be kept confidential until vulnerabilities have been patched.

Link: https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/

The Security and Privacy of Your Car (SPY Car) bill has been reintroduced by Senators from Massachusetts and Connecticut. This bill introduces a number of security measures that would beef up the cybersecurity of cars. Some of these initiatives includes: critical systems to be isolated from non-critical systems, breach detection with reporting capabilities, and a “cyber dashboard” that displays a scorecard of how secure the car is. Another piece of this bill is the requirement for manufactures to explain what type of driving data is being collected and how it is being used.

Personally, I am behind this bill. As cars become more connected to the network, even if they are not “electric cars,” cybersecurity should be the focus by all manufacturers. The one thing I like about this bill, the protection of the driver’s privacy is included (with the data collection disclosure requirement), and not the just the cybersecurity of the car itself.

https://techcrunch.com/2017/03/23/senators-reintroduce-a-bill-to-improve-cybersecurity-in-cars/