Week 14

Last Friday around midnight, the 1.6 million people living in Dallas woke up to the screeching sounds of sirens that was triggered as a result of a supposed computer hack outside of the emergency notification network.  The emergency system was used to warn its residence of tornadoes and other dangerous weather conditions.  The alarms were blaring for 95 minutes until the administrators shut down the system manually. Initially the attack was thought to be caused by a network hack, but it wasn’t entirely accurate.

Dallas City Manager later clarified that the “hack” used a radio signal that spoofed the system used to control the siren network.  He did not disclosed any additional details, but noted that it was not a software issue but rather a radio issue.  Experts speculates that older Emergency Alert Systems are usually controlled by tone combinations that are broadcast over the National Weather Service’s weather radio.  The sirens receive their commands from a Dual-Tone Multi-Frequency (DTMF) or Audio Frequency Shift Keying (AFSK) that sends encoded commands from the command center.  If these frequency were not monitored, then an attacker can send endless combinations until they get the right one. Then all they had to do is repeat the signal.

Article: https://arstechnica.com/information-technology/2017/04/dallas-siren-hack-used-radio-signals-to-spoof-alarm-says-city-manager/

 

The Philadelphia ransomware has begun targeting healthcare organizations, in a targeted campaign likely carried out by amateurs. According to Forcepoint researcher Roland Dela Paz, the attack involves using Philadelphia as the payload in a spear-phishing campaign. A shortened URL is used as a lure. Once a user clicks on the link, the site redirects to a personal storage site to download a malicious document that contains the targeted healthcare organization’s logo and a signature of a medical practitioner from the organization as bait.

One teenager was identified as a suspect for operating Philadelphia just last month. A public decrypted is available to those who have been infected by Philadelphia. The analyst Dela Paz pointed out that being inclined to paying ransom to recover patient data, the healthcare sector became a low-hanging fruit for seasoned ransomware operators looking to maximize profit, such as those behind the Locky ransomware.

 

Link: https://www.infosecurity-magazine.com/news/philadelphia-ransomware-sets/

In this week’s article, a study was performed by Pew Research Center which examined the knowledge that American’s have of Cyber Security. Some of the questions asked in the survey were regarding botnets, ransomware, and WiFi. Even though this might not play a major role in the cyber security space as a whole, citizens need to begin to be more cognizant about their security online. Many might believe that are not susceptible to attackers, however EVERYONE who is connected to the internet can be infiltrated. Making citizens aware of cyber security education should be a priority in the digital age.

Article – http://www.king5.com/money/consumer/few-americans-understand-cyber-security-study-finds/430265704

Flaws in a microchip used widely in Apple and Android mobile devices could be used to remotely hack a device over Wi-Fi.The problems are contained within the firmware of a system on chip made by Broadcom that is used in mobile devices and Wi-Fi routers. The chips are in Google’s flagship Nexus devices, Samsung’s high-end devices and in Apple’s iPhone 4 through later models.Mobile phones increasingly depend on a separate system on chip to deal with the complexities of managing Wi-Fi. The advantage of offloading these tasks to a separate chip – referred to as Wi-Fi FullMAC chips.

Google found a series of vulnerabilities that affect Broadcom’s system-on-chip firmware, which then could allow someone to elevate privileges and get inside the operating system’s kernel.Essentially, the flaws in the firmware can be exploited via Wi-Fi frames to overflow the stack of the system on chip, allowing other code to run in memory.Apple has issued a patch for the flaws, but Android devices remain unprotected.

http://www.bankinfosecurity.com/google-discovery-shows-fragility-mobile-phone-security-a-9816

http://www.pcworld.com/article/3188662/security/spain-arrests-supposed-russian-computer-scientist-at-us-request.html

This is an article about two governments working together to stop cybercrimes.  A Russian man who has been affiliated with sending spam emails has been arrested and is being detained in Spain.  The arrest of Piotr Levanshov at Barcelona airport on Friday was not connected with Russian interference in the 2016 presidential election, but that contradicts news reports from Agence France-Presse and other news outlets, which said Levashov’s wife, Maria Levachov was told his arrest was connected to Trump’s election

Click for Article

There is a Zero-Day attack that works on all versions of Windows, even fully patched machines.   The attack happens by opening up a Microsoft Word RTF file.   The vulnerability is present in all versions of installed Microsoft Word.

Attackers gain full code execution on the victims machine.    Since discovery, it doesn’t look like a patch for this flaw will be available in the next round of Microsoft patches that are released in April.   So, current recommendations to protect yourself against this flaw are to not open any suspicious Word Documents, always view documents sent to you in Office Protected View, and disable macros from automatically executing.

 

Article

AIG recently began selling cyber security insurance plans on an individual level aimed at the upper class. The article analyzes the various factors that may affect the success of this endeavor. For example, the risk pool may have an adverse selection problem, the actual risk might be too difficult to calculate, and there might not be enough demand. However, the author also postulates that AIG can be profitable from this due to its ability to collect massive amounts of data and absorb high loss rates while it figures everything out.

I think its an interesting idea, but I don’t know how realistic individual cyber security insurance is. I understand that having bank account numbers lost is something to protect against, but at the same time, credit cards that get stolen generally totally absolve their customers of any fraudulent charges. I think that moving in this customer service direction is more realistically the way of the future which would invalidate the need for that kind of insurance. Another thought I had is that it would be difficult for one person to incur significant losses to validate the need for insurance. I could be wrong and this form of insurance could be super lucrative, who knows.