Ransomware Grabs Headlines but BEC May Be a Bigger Threat*:
- With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
- Ransomware like WannaCry or Petya has generated dramatic headlines around the globe.
- These online threats have become a shooting star among malware vectors, gaining notoriety and troubling millions of businesses and individuals alike.
- Business Email Compromise (BEC) is another cyber threat lurking beneath the surface, and it depends entirely on social engineering.
- It involves a faked email from a co-worker or corporate executive that short-cuts internal processes and asks the finance department to make a payment; the ploy appears to be fairly simple and turns out to be both surprisingly effective and lucrative.
- Perpetrators typically begin with reconnaissance - including scouting the company’s hierarchy, corporate executives, and employees – which has been made much easier with the advent of social media.
- What follows is usually a fake email, supposedly sent from the CEO or other corporate official, urgently requesting that the recipient pay a business partner or supplier, but the beneficiary’s account is often abroad and held by cybercriminals.
- Despite all the corporate policies and safeguarding the firms have put in place, the success rate of the fake messages is astonishing – a 1,300% increase since Jan 2015.
- Since these emails don’t contain malware or suspicious links, they can often bypass security tools and permeate an organization.
- The Internet Crime Complaint Center – an alliance between the FBI, the U.S. Department of Justice, and the National White Collar Crime Center – reports that $5.3 billion was stolen due to BEC-related fraud between October 2013 and December 2016.
- Combating BEC fraud has little to do with technology; it all boils down to process improvements and policy enforcement, awareness, and education.
- The FBI issued a one-pager that recommends organizations use corporate email accounts only, that companies carefully consider what’s posted to their social media and corporate websites, and that employees be suspicious of requests for secrecy or quick action.
*Source: Dark Reading, October 12, 2017
T-Mobile Bug Gave Hackers Access to Customer Data Using Only a Phone Number*:
- A security researcher has revealed that a recently patched hole in T-Mobile's security made it possible for hackers to vacuum up all your personal account information, and all they needed was your phone number.
- The flaw was reported to T-Mobile by a security researcher who noted that T-Mobile's wsg.t-mobile.com API was misconfigured and could be queried directly with a phone number.
- The API would then reply with all the account data associated with that number – that included addresses, account numbers, email addresses, other numbers on the same account, and device IMSI numbers.
- T-Mobile says it corrected to vulnerability within 24 hours of being notified, but that’s not the end of the story.
- After posting the story, Motherboard was contacted by a black hat hacker claiming the security hole was known to people in the hacking community for at least several weeks before it was fixed.
- These individuals used it to hijack phone numbers by requesting new SIM cards using the account information obtained via the hack.
- That could indicate there's a database of Tmo users out there, but T-Mobile says it has no evidence of that.
*Source: Android Police, October 11, 2017
North Korean Hack of U.S. War Plans Shows Off Cyber Skills*:
- The techno soldiers of Kim Jong Un are growing more aggressive in defending North Korea’s supreme leader against threats from Donald Trump and South Korea.
- The country’s hackers stole military plans developed by the US and South Korea last year that included a highly classified “decapitation strike” against the North Korean leader.
- The plans were devised as the regime in Pyongyang steps up nuclear tests and fired long-range missiles toward the Pacific Ocean.
- If Kim’s cyber warriors have indeed stolen the top-secret intelligence, it raises alarms about the security of US-South Korea information and the effectiveness of potential military options.
- North Korea has been developing cyber capabilities as trade sanctions and a debilitated domestic economy make it difficult to invest in conventional military capabilities.
- The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staff.
- In a briefing with reporters, a Pentagon spokesman wouldn’t discuss whether any breach occurred, but said the US has confidence in the security of its intelligence and its ability to deal with North Korean threats.
- This year, the country’s hackers appear to have stepped up their efforts to secure bitcoin and other cryptocurrencies that could be used to avoid trade restrictions.
- They increased attacks on exchanges in South Korea and related sites, according to a report from security researcher FireEye Inc.
- North Korean diplomats and official media have denied that the country played any role in cyber-attacks, including the Sony hack.
*Source: Bloomberg, October 11, 2017
Dubai Airport is Going to Use Face-Scanning Virtual Aquariums as Security Checkpoints*:
- Dubai International Airport has come up with a novel way for departing travelers to clear security: by walking through a virtual aquarium lined with facial recognition cameras.
- The virtual aquarium is shaped like a tunnel, and outfitted with 80 cameras that can scan faces and irises as passengers walk through.
- The images inside the tunnel can be changed to show different landscapes, like deserts, or to display advertisements.
- Once a traveller reaches the end, they’ll either be cleared, or a red sign will be displayed to alert security.
- The aquarium doesn’t just hide the facial recognition tech – it also encourages travelers to look around, and increase the quality of their face scan.
- Dubai Airport plans to install the first of these virtual walkways by the end of summer 2018 at Terminal 3 where, with other terminals following in phases until 2020.
- The idea came about when officials were considering how to accommodate the growing number of passengers passing through Dubai each year, with 124 million expected to pass through all Dubai airports by 2020.
- There are also privacy concerns over the technology’s spread and questions over whether the benefits of the technology outweigh the costs to privacy.
*Source: The Verge, October 10, 2017
Hackers Using New 'Ingenious' KnockKnock Method to Attack Firms in Over a Dozen Countries*:
- Hackers have been attacking international businesses in over a dozen nations using a new and "ingenious" attack method dubbed KnockKnock.
- The attack technique allows hackers to infiltrate organisations' Office 365 accounts by attempting to "knock" on backdoor system accounts.
- In order to maintain a low profile, KnockKnock hackers have been using a small botnet, made of a network of 83 IP addresses, distributed across 63 networks.
- KnockKnock also targets only around 2% of the Office 365 account base, indicating that the hackers are focused on a limited number of targets.
- KnockKnock further obfuscates the attack by targeting businesses in a staggered way – as attacks against one company ramp up, attacks against another slow down.
- Low and slow brute force attacks such as KnockKnock are known to allow hackers to infiltrate networks without raising alarms, as they can bypass security measures.
- KnockKnock is designed so hackers can steal any data in account inboxes, and also allows hackers to create a new inbox rule that hides and diverts all incoming messages.
- KnockKnock then attempts to launch a phishing attack and use the infected inbox to spread across the targeted organisation's networks.
*Source: IB Times, October 10, 2017
Hackers Could Purchase Enough Personal Information to Alter Voter Registration Files in 35 States*:
- Harvard researchers have discovered a vulnerability on government websites that may let hackers and other malicious actors change your voter registration information.
- In 35 states plus the District of Columbia, voter registration websites allow users to log on and change information such as home address, party affiliation, and gender.
- This provides a convenient way for voters to update their registration information, but it gives malicious actors an easy way to impersonate voters and submit address changes, delete voter registrations, or request absentee ballots.
- Voters may be turned away from the polls or asked to file provisional ballots because the name or address on their ID doesn’t match the state’s records.
- The fear is that this vulnerability could be used either to undermine confidence in elections and depress voter turnout, or even to swing the results in favour of a specific candidate.
- In Riverside County, California’s primary election in June 2016, a number of voters had their party affiliations switched without their knowledge or consent; the changes were allegedly made by hackers.
- Over the next several months, federal investigators uncovered evidence that Russian hackers had targeted election systems in at least 21 states – in some cases attempting to alter voter registration information.
- The information needed to impersonate voters on all 36 voter registration websites could be acquired relatively cheaply from government offices, data brokers, the deep web, or darknet markets.
- Using that information, cyber-attackers could theoretically access and alter the voter registration files of thousands of Americans.
- The study authors pointed out that most states have safeguards in place to prevent widescale attacks on voter registration systems.
- Authors of the study are urging states to take additional steps to protect against potential attacks.
*Source: Extra News Feed, September 30, 2017
Australia Jet and Navy Data Stolen in 'Extensive' Hack*:
- About 30GB of data was compromised in the hack on a government contractor, including details about new fighter planes and navy vessels.
- The data was commercially sensitive, but not classified.
- Australian cyber security officials dubbed the mystery hacker "Alf", but the hacker’s identity is not known.
- The breach began in July last year, but the Australian Signals Directorate (ASD) was not alerted until November.
- The Defence Industry Minister has been assured the theft was not a risk to national security.
- The data included information about Australia's new A$17bn F-35 Joint Strike Fighter programme, C130 transport plane and P-8 Poseidon surveillance aircraft, as well as a few naval vessels.
- The hacker had exploited a weakness in software being used by the government contractor; the software had not been updated for 12 months.
- The data that was taken was commercial data, not military data, but it is still very serious and Defence Industry Minister Pyne said, “We will get to the bottom of it.”
*Source: BBC, October 12, 2017