Tag Archives: cyber attacks

Supply-chain is becoming huge National security issue

Abstract

The Huawei problem is simple to explain. The company is based in China and subject to the rules and dictates of the Chinese government. The government could require Huawei to install back doors into the 5G routers it sells abroad, allowing the government to eavesdrop on communications or — even worse — take control of the routers during wartime. Since the United States will rely on those routers for all of its communications, we become vulnerable by building our 5G backbone on Huawei equipment.

It’s obvious that we can’t trust computer equipment from a country we don’t trust, but the problem is much more pervasive than that. The computers and smartphones you use are not built in the United States. Their chips aren’t made in the United States. The engineers who design and program them come from over a hundred countries. Thousands of people have the opportunity, acting alone, to slip a back door into the final product.

……….

Technical solutions fall into two basic categories, both currently beyond our reach. One is to improve the technical inspection processes for products whose designers provide source code and hardware design specifications, and for products that arrive without any transparency information at all. In both cases, we want to verify that the end product is secure and free of back doors. Sometimes we can do this for some classes of back doors: We can inspect source code this is how a Linux back door was discovered and removed in 2003 or the hardware design, which becomes a cleverness battle between attacker and defender.

Read more in

https://www.schneier.com/blog/archives/2019/09/supply-chain_se_1.html

Just One command & hacker stole 100 million users from the Capital One’s network

Abstract

One command executed in the firewall hack allowed the intruder to gain credentials for an administrator account known as “*****WAF-Role.” This in turn enabled access to bank data stored under contract by a cloud computing company that went unnamed in court documents, but was identified as Amazon Web Services by the NYT and Bloomberg. Other commands allowed the attacker to enumerate Capital One folders stored on AWS and to copy their contents. IP addresses and other evidence ultimately indicated that Thompson was the person who exploited the vulnerability and posted the data to Github, Martini said.

Thompson allegedly used Tor and a VPN from IPredator in an attempt to cover her tracks. At the same time, Martini said that much of the evidence tying her to the intrusion came directly from things she posted to social media or put in direct messages. A June 26 Slack posting and another post the next day to an unnamed service, for instance, both referred to the WAF-Role account.

Reads more in

https://arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/

CyberSecurity: Fake firms who say they recover data from ransomware but not really

As per ProPublica report, There are two firms identified in U.K. who market themselves as Data recovery firm. These firms provide solution to the their clients If any organization or individual are attacked by the ransomeware. But in reality, They just negotiate with hackers and make payment on behalf of victims and later on put bills to the victim by saying they have resolved the problem.

In a very simple terms, Ransomeware is a type of sophisticated attack by which Hackers encrypt & crippled someone data also lock the systems. Then hackers threatened to destroy it and other option they provide is to pay money to decrypt/Restore their data and allow users/organizations to use their own systems or data.

FROM 2015 TO 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the U.K. It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles. It knocked out Atlanta’s online water service requests and billing systems, prompted the Colorado Department of Transportation to call in the National Guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6 million in ransom.

Reads more in wonderful articles:

Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers”

The Trade Secret

CyberSecurity: Triton is the world’s most murderous malware & It’s spreading.

Abstract

The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.

How dangerous it is?

The malware made it possible to take over these industrial systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm.

Read more in

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

Steganography: A Safe Haven for Malware

Abstract

Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network attacks containing cryptocurrency CPU-mining tools hidden within fake image files.

Terrorist uses Steganography:

When a suspected al-Qaeda member was arrested in Berlin in May of 2011, he was found with a memory card with a password-protected folder—and the files within it were hidden. But, as the German newspaper Die Zeit reports, computer forensics experts from the German Federal Criminal Police (BKA) claim to have eventually uncovered its contents—what appeared to be a pornographic video called “KickAss.”

Wonderful articles written on Steganography

https://arstechnica.com/information-technology/2014/05/how-to-stash-secret-messages-in-tweets-using-point-and-click-steganography/

https://arstechnica.com/information-technology/2012/05/steganography-how-al-qaeda-hid-secret-documents-in-a-porn-video/