Week of August 12, 2016


Week of August 12, 2016

How Hackers Are Going For Gold In The Rio 2016 Olympics

  • This month’s Olympic Games in Rio de Janeiro aren’t just a showcase of the greatest athletes from around the globe; they’re also a target for the world’s online criminals.
  • The security risks aren’t limited to the 500,000 expected visitors, hackers also likely to target the multinational companies that partner with the IOC, including the Coca-Cola Co., General Electric, McDonald’s Corp, Visa, and others.
  • Olympics fans will be seen as a lucrative target for email phishing attacks, just because there are so many of them; one avenue will be scammers selling counterfeit tickets.
  • Fraudulent emails and social media posts will also likely offer links to video clips, downloadable apps, games, and other content that can distribute malware to those watching from home.
  • Bank card readers and ATMs are yet another vulnerability – last year 49% of Brazilians reported experiencing some kind of credit card fraud.
  • Fans attending the Games will inevitably search for Wi-Fi hotspots to get online and criminals are likely to respond by setting up rogue Wi-Fi access points that log activity and data.
  • It’s also possible that activist hackers will try to tamper with the infrastructure of the Games themselves with denial of service attacks, which could disrupt and potentially delay the games.

Source: Fast Company, August 07, 2016

Hacker Creates Fake, Effective Boarding Passes

  • Przemek Jaroszewski created an android app that generates fake boarding pass QR codes.
  • He’s used the app multiple times to access airline lounges, but says the same process could be used to bypass no-fly lists.
  • Jaroszewski suggests boarding passes remain shockingly insecure, despite multiple similar demonstrations of their short comings over more than a decade. A statement from the International Air Travel Association, airlines are solely responsible for the security of their lounges, and the hack wouldn’t allow anyone to fly or even enter an airport without a legitimate ticket (in part because they would be subject to physical inspection at those points).
  • Still it’s shocking to realize that any aspect of the global airline security apparatus is still so flimsy and porous.

Source: Fortune, August 07, 2016

Will the US Elections be Hacked?

  • The fact that most election machines are not connected to the internet makes hacking unlikely, but the software itself could be vulnerable.
  • It’s been a topic of debate ever since hackers – presumably working for Russia stole thousands of private emails from the Democratic National Committee and leaked them on the net.
  • Attackers reaching into the ballot box from thousands of miles away won’t happen, simply because the vast majority of election machines are not connected to the internet.
  • Some 31 states offer voting via internet, email, or fax, but nearly all only allow it as an option for military families and Americans living overseas – a very small percentage of the electorate.
  • Still, election rigging is a potential threat – adversaries could alter the software inside the voting machines themselves to favour one candidate.
  • Anyone with access to the machines could attack them, including a software engineer who works for a voting machine vendor, a janitor with the keys to the room where the machines are stored, a truck driver who delivers them to polling places or even a poll worker.
  • The machines usually have tamper resistant tape on them but it’s easily circumvented.
  • The best defense against election rigging is having the ability to audit the results using a voter verified paper trail.
  • Attackers determined to alter the US election would likely focus on counties in those swing states where the final result will likely be close and unverifiable.
  • One expert says he’s not more concerned about this election than those in the past because more states have adopted paper ballots than four or eight years ago, though 16 states have electronic voting machines and inadequate paper records.

Source: The Guardian, August 06, 2016

Those Chip And Pin Cards Aren't As Secure

  • Chip and PIN cards and readers are finally rolling out in the United States, which should make purchases or withdrawals more secure since the information is only valid for 60 seconds.
  • At a conference last week, a security researcher showed that a lot can happen during that minute.
  • An ATM machine or point-of-sale (POS) terminal can be used to intercept that onetime-use key and other information about the card, then the data is transmitted to another device (in this case an ATM) that makes another transaction, withdrawing money from your account.
  • First the target POS or ATM needs a piece of hardware installed that reads the card's chip.
  • Once the data has been captured, it’s transmitted to a legitimate ATM that's been hijacked and a robot hand enters the pin.
  • An ATM with a robot hand would certainly arouse suspicion, but if you put a facade and an “out of order” sign on a machine, no one gives it a second look.
  • That hijacked ATM will collect and dispense all the cash so that whenever the thieves are ready to collect they drive up, grab the cash and leave.
  • If that ATM is compromised, they put the facade on another machine in another location and start collecting data (and cash) again.
  • This type of attack probably won't happen in the near future, but unless that 60-second gap is closed or made more secure, this will eventually be a problem that affects us all.

Source: Engadget, August 12, 2016

Researchers Have Built The First Ransomware For Smart Thermostats

  • Security experts have constructed the first ransomware for smart thermostats.
  • Hackers Andrew Tierney and Ken Monroe revealed the malware that infected a Linux-based internet connected thermostat at a cybersecurity conference.
  • The hackers said they created the ransomware as a proof of concept rather than for profit, and plan to inform the manufacturer of the flaw.
  • Ransomware is a form of malware that infects an individual computer or system and refuses to unlock until certain conditions are met.
  • A recent survey found that nearly 40% of businesses in the US, Germany, the UK, and Canada suffered from ransomware attacks in the last year.
  • The two researchers highlighted the importance of securing IOT devices from malicious viruses, including ransomware – hackers could set the temperature on a smart thermostat so high it causes a fire.
  • Security for the IOT has become a major issue as adoption has increased.

Source: Business Insider, August 10, 2016

Oracle's Data Breach May Explain Spate Of Retail Hacks

  • The cloud giant discovered malicious software on systems running its network of MICROS payment terminals.
  • In addition to affecting hundreds of the company’s computers, the breach affects an online support portal that allows Oracle to remotely address customers’ issues concerning their cash register-connected terminals.
  • The malware planted on Oracle’s systems enabled attackers to steal customers’ login credentials.
  • The MICROS system compromise could explain why so many shops, hotels, and retail outlets have been suffered breaches at their point of sale systems in the past months.
  • MICROS point-of-sale technology is used by companies in hoteling (Hyatt, Marriott, Hilton), food and beverages (Yum, Burger King), and retail (Ikea, BJ’s, Adidas).
  • MICROS is used in 180 countries and is one of the three largest providers of point of sale tech worldwide.
  • In response to the attack, Oracle is requiring users of the service to change their account passwords

Source: Fortune, August 08, 2016

Symantec Discovers "Strider", A New Cyber Espionage Group

  • Symantec has discovered a previously unknown cyber espionage group so selective in its targets that it is only known to have compromised seven organizations and 36 endpoints since it started operating five years ago.
  • The seven organizations include targets in Russia, an airline in China, an embassy in Belgium, and an organization in Sweden.
  • Dubbed “Strider” by Symantec, the organization’s malware of choice is a custom Windows infostealer called Remsec.
  • Symantec has not speculated on Strider's origins or Remsec's creators, other than to say in today's blog announcing the discovery that it is "possible that the group is a nation-state level attacker."
  • The fact that someone invested the time and money into creating custom malware and only used it on a small number of targets suggests someone has gone through a lot of trouble and done a lot of reconnaissance.

Source: Dark Reading, August 08, 2016

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top