Sophisticated Method to Hack Your Network Devices

So the Criminal hackers have to get more sophisticated as some networks are patching their devices.

 

You must have heard of the Casino that got breached through a thermometer in the fish tank?  We get excited with new capabilities of Internet connectivity. But unfortunately we forget that a Cybersecurity weak device can open doors for criminal hackers.  You have a firewall right? It defeats the easy entry of a hacker.

But what if the hacker is already in your network? How? Somehow they were able to make the connection…

“Wicked Botnet uses passel of exploits to target IoT”by Threatpost.com has an interesting paragraph:

“It scans ports 8080, 8443, 80 and 81 by initiating a raw socket SYN connection; if a connection is established, it will attempt to exploit the device and download its payload,” explained researchers Rommel Joven and Kenny Yang, in the analysis. “It does this by writing the exploit strings to the socket. The exploit to be used depends on the specific port the bot was able to connect to.”

Since other previous malware has already infected the easy to infect routers, the  botnets now have to infect using exploit tactics.  This is typical of old and new tactics as the cybersecurity landscape changes quickly.

This new botnet is called “Wicked Botnet uses passel of exploits to target IoT”  and scans for ports 80,81,8443, and 8080.

Unfortunately  there are cloud based problems as well:

Nolacon2018 had Sean Metcalf discuss this very issue

There is a specific issue  Sean is concerned about

because every 2 minutes password synchronization has to occur for Azure cloud, thus an attacker can capture the stored password hash, and then try to guess it at their leisure.

The reality is the hacker will always try to use the technologies that you use to outfox and steal your money, data, and anything else they can.

In some ways it is always a losing game – a catch-up if you will. We have to defend everything, and all the criminals have to do is to attack and succeed in one spot.

So we have to do the proper risk management analysis to figure out where to put most of our time and resources.

Contact us to discuss.

 

Criminals Trying to Run Crypto Miners on Your Systems

Good YouTube video: “Rise of the Miners Josh Grunzweig

Ransomware is no longer a viable method of making money for the criminals, since Bitcoin is worth a lot of money, and it would be difficult to get people to pay for their ransomed computers.

So the Criminals have moved to Cryptomining.

The cryptominers have infected hundreds of thousands of machines to capture pennies per day for each machine.  Together on a daily basis the criminal can accumulate wealth. And it never ends. 609000 machines times 2 pennies per day = $12,180  per day or $365,000 per month. $4.4mil per year.

It may be worth it for the criminal to spend a little money on spam or watering hole attacks.   A water hole attack is where a popular website is infected with malware (a water hole).   as soon as the infections go into the hundreds of thousands the traffic and infrastructure will be noticed, so you may need to bribe various organizations as well. Like in Russia,  you may have to pay the local government officials to keep quiet (or China too).

In North Korea, the state itself could be running an operation like this.

 

Contact us to discuss this phenomenon.

5 Top Cybersecurity Attacks Revealed at RSAC2018

YouTube Video of the discussions of the following people:

Alan Paller, Moderator, Research Director and Founder, SANS Institute Ed Skoudis, Faculty Fellow, Penetration Testing

The following image shows the most interesting points brought forward in the video, as this is a presentation at RSAC every year now with SANS’ top instructors or employees that work throughout their company. Dr. Johannes Ulrich is at Internet Storm Center many days(although others keep it going when he is not available).

Top Cyber attacks to look for this year:

  1. Cloud Storage leakage
  2. Big Data Analaytics
  3. Crypto Currency mining on your infrastructure
  4. ICS/SCADA  will get some attention from hackers
  5. IoS will continue to be attacked and used for hacker purposes

These possible attack vectors are not surprises really, but it is good to reinforce where we need to focus.

Cloud storage can be a problem when not configured with security in mind. Have you done an audit with  your data?  Considered if private repositories were marked public? Public repositories with sensitive data? Github, Amazon, Google cloud, Microsoft Azure, Docker Hub and more each have their own pitfalls.

When you collaborate within the cloud is the software written within the cloud written with security in mind?  We know that some chips cannot keep all data within the bounds as we expect without a patch.  This information was found after the software was out in the world for years. New cloud security problems are being investigated now.

Big Data Analytics

Now the criminals are using the data that they have already stolen in new ways…  Maybe they fill out your new credit card with all info about you(as if it was you).  Also could fill out a completed tax form with 90% accuracy.    So it is possible that new methods are being devised where data is being found on you to help create better scams or general criminal enterprises.

Data is not important, criminal hackers want your computer resources to run crypto currencies.

Finally, the ICS/SCADA cyber problem is going to just get going. The problem in SCADA is that people will likely get hurt.  The problem in this space is that the ICS (Industrial Control Systems) space is not as secure as other systems have been due to a lack of focus on security.

Of course the IoT(Internet of Things item is also an important attack area. If you think about it the criminals will come up with new ways of attacking our infrastructure and will try and find any method that is possible. So if you are not focusing on an area, or it has not had a Cyber focus in the past… then it will be found sooner than later.

 

It is true, the hackers are trying to get the low hanging fruit, but we need to circle the wagons, and review everything again and again.

The simple thing to do is to audit your systems with a framework of audit work such as in CISA (Certified Information Systems Auditor).

Lucky we have this CISA certification –

Contact Us

In a Russian Conflict: Cybersecurity another Dimension of Attack

(((4/19 update below)))

In that cybersecurity is another Dimension of attack  (versus Dimensions: Land, Air, Sea, and Space) how would we be affected by this dimension?

In Land one sees their foe most of the time, and if the enemy wants to take your stuff they have to physically take it.  (Or they try and send munitions instead via Artillery with limited range).

In Air one can take troops up and over your land and enemy land forces to drop them and take stuff. Munitions are able to  drop from remote areas, but one has to send missiles and airplanes where radar can see them.

In Sea one can move around with ships or submarines to drop people to take stuff. The munitions are sent via devices as well which are physical.

Space is also a dimension which although in a unique area, is also a physical dimension with physical munitions.

In Cyber how do you know if the enemy is not already in your  systems.  There is no need for enemy soldiers to leave their homes or their barracks, they can attack your infrastructure without moving. Control of your computers can be done automatically and it can look like a third party attacked.  Cyber has an electronic dimension so the fact that it is not as physical “or real” has made understanding this dimension more difficult for some.

So what does this mean? It means if you understand how to navigate a command line or can read custom code you can understand this phenomenon (Cyberwar) in ways a non speaker is not capable:

Maybe this analogy will help:

You know in Physics there is Height, width, and length?

What about the fourth dimension(and not time) :

It is hard for us 3D people to think 4D.  So that seems to be the same for people who do not live in Cyber, they just DO NOT get the details!!!   It does not matter how much I try to explain the details, 4D is too much of a leap for some.

 

So I think Cyber is just too difficult or maybe a better word is ‘strange‘ of a concept for many people.

 

****UPDATED 4/19 12pm Central******

An interesting story about Russia attacking US and UK routers…

https://mashable.com/2018/04/17/russian-router-warning-us-uk/#slGg.DbuWsqF

Remember my post on 3/13/18?  http://oversitesentry.com/replace-your-wi-fi-router-if-2yr-old/

some good quotes from the mashable article:

‘These “cyber actors” are identifying vulnerable devices to break into, where they can extract device configurations, harvest login details, and control the traffic that goes through the router.’

 

A quick review from my post  — you can’t patch older than 2 years routers, as they are not being patched by manufacturers.

********************************

The compliance departments are reverse engineering the effects of a breach and Cyber understanding.   It is too difficult to decipher code, so we say don’t perform CC processing without encryption.  We don’t say what the encryption is and how it should be sent. There are many more pitfalls for a manager without technical knowledge.

If Hackers can steal data of your prized customers with a thermometer, then what else can they do?

So what to do? Create Cyber audits to review the IT world in your entity. Otherwise you will see headlines that you will not like.

Contact Us to discuss

 

 

The Real Problem With Facebook Privacy Issues

We can easily read the latest news on Facebook’s transgression of not protecting privacy of 50 million users on the CNN website ,  on 2015 this ‘hack’ supposedly happened and Facebook ‘let’ it happen.

I guess the media and the rest of the world was not paying attention, as in 2009 Dark Reading story: “Private Facebook Info exposed By Simple Hack”

Apparently a blog called FBHive was able to view supposedly private information .

How about this:

In 2008 a Sophos video about how to view everyone’s birthdate on Facebook, even if it claims to be “secure”.

So all one needs to do is hack Facebook. So what do I mean by that? Well, all one has to do is to play around with the URL settings of Facebook.

I.e. https://www.facebook.com/<FirstInitialLastname> for  main account lookup, but then you need security username and password.

If you use https://www.facebook.com/photo.php?fbid=

Then use a set of numbers, which you can modify to look at other people’s  information. What all these hackers found out is that Facebook has some settings that are public no matter what Facebook Privacy settings are. (we are not going to ‘hack’ Facebook on this post) .

So, what to do? The only thing one can do is to have a sufficient red team and make many tests from outside Facebook. It is obvious that Facebook does not have the capability to review its own security flaws.

So if one is a programmer then one can create quick programs to cycle through all numbers and place them in your own database, thus creating your own database of all the Facebook userbase.

There are more problems, one programmer was able to delete other user’s photo albums. The specific details are at zerohacks.com  “Deleting any photo albums – How I hacked Your Facebook Photos”

Needless to say the enterprising programmer was able to delete another photo album and received $12.5k from Facebook’s bug bounty program. (He released to Facebook first not to the criminal hackers).

 

 

A serious Cybersecurity Audit must be performed by known attackers, call the ethical hackers or certified Information Systems Auditors (CISA).  The price for this audit is cheap compared to the damage being done to Facebook today (many billion$ in stock price and reputation). The estimates are that Facebook has over 2 Billion monthly active users (Zephoria Digital marketing).

Even as some younger users disconnect due to shifting moods, there are still quite a few users on Facebook. I suspect this is only a beginning of the blowback to the Facebook reputation. As this latest election related snafu has created quite a big spotlight.

The point of this post is to be careful what you post, as if you post, it is public no matter the safeguards. Hackers are always out there probing for weaknesses, and it is better to find them yourself rather than have the criminals tell you after a defining Cybersecurity event for your company.  TonyZ says: “Do not post anything that you are embarrassed for the world to know!”

Contact Us to discuss your Cybersecurity audit program.