CYBER-SECURITY : WEEKLY REPORT (September 29, 2017)

0
14

 

SUMMARY REMARKS

Germans had geared up to prevent much anticipated but un-materialized Russian cyberattacks to influence the Sept 25 elections, but had to run and hide in the face of a massive `push’ from another direction, China.  A wave of attacks by Chinese hackers on Germany’s cutting-edge manufacturers is raising alarm in Berlin and prompting the government to step in to defend the country’s competitive edge.  Deutsche Telekom said it had detected more than 30,000 cyberattacks from China during first three weeks of this month alone.  The targets were the small and midsize companies that make Germany an export powerhouse.

BfV, the German domestic intelligence agency, had earlier said that they had evidence that the APT-10 Chinese hacker group – also known Menupass Team and Stone Panda – was behind a recent hacking campaign against German high-tech firms. According to James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International in Washington DC, Chinese companies used to be able to direct the People’s Liberation Army (PLA) or Ministry of State Security (MSS) to hack into western competitors and they still can make such requests.

Meanwhile, with the 19th Communist Party Congress scheduled next month and the 4th Chinese-convened World Internet Congress (WIC) soon to follow, a hitherto unknown Cyberspace Administration of China (CAC) has outlined President Xi’s ambitious policies of turning the country from being a cyber power to being a “cyber superpower”, a goal that implies rough parity with the United States.  According to a translation published by the New America think tank, the strategy involves developing capabilities in four major areas: a) managing internet content and creating “positive energy” online; b) ensuring general cybersecurity, including protection of critical information infrastructure; c) developing an independent, domestic technological base for the hardware and software that undergird the internet in China; and d) increasing China’s role in building, governing, and operating the internet globally.

Closely following on the heels of the Chinese APT 10 hacker group, its Iranian counterpart, the APT 33, registered its own escapades against targets in the US and Saudi Arabia. They compromised an American aerospace organization and energy and aviation bodies across their Gulf adversary.  The attacks were described as espionage-driven and focused on stealing sensitive information, according to a report from FireEye.  It said that the targets are in line with what a state-sponsored hacking group may be interested in pursuing.

It is not just the smaller companies that are vulnerable to hacker attacks, giant corporations too fall prey despite higher security controls.  After recent attack on Equifax, American credit checking company, which exposed personal details of 143 million people, it is now the turn of Deloitte, one of the world’s “big four” accountancy firms. It was targeted by a sophisticated hack that compromised confidential emails and plans of some of its blue-chip clients, according to the Guardian newspaper. The company’s global email server was compromised through an “administrator’s account” that might have given the hackers privileged and unrestricted access to all areas.

Even pirates on sea are increasingly becoming hi-tech using hacking technologies to select their targets.  A ship flying Thai-flag was hijacked off the coast of Terengganu in Malacca straits earlier this month.  It was foiled by alert Malaysian coast guard authorities and the interrogation of the gang revealed that their leader monitored the online Marine Traffic system and used the Ship Finder app to plot the movements of the targeted ship. This is a new dimension in maritime cyber security that will have unknown implications as nearly 90 per cent of the world trade passes through major sea channels.

****

INTER-STATE CYBERWARFARE

Hit by Chinese Hackers Seeking Industrial Secrets, German Manufacturers Play Defense

https://www.wsj.com/articles/hit-by-chinese-hackers-seeking-industrial-secrets-german-manufacturers-play-defense-1506164404  A wave of attacks by Chinese hackers on Germany’s cutting-edge manufacturers is raising alarm in Berlin and prompting the government to step in to defend the country’s competitive edge. The small and midsize companies that make Germany an export powerhouse have landed in the crosshairs of foreign hackers attracted to the firms’ valuable but often poorly protected intellectual property, German intelligence officials warn. Deutsche Telekom said it had detected more than 30,000 cyberattacks from China so far this month.

China’s Strategic Thinking on Building Power in Cyberspace

https://www.newamerica.org/cybersecurity-initiative/blog/chinas-strategic-thinking-building-power-cyberspace/?utm  With the 19th Party Congress coming next month and the 4th Chinese-convened World Internet Congress (WIC) soon to follow, China’s digital policy authorities this month held a publicity-filled Cybersecurity Week, and the Party’s leading journal on theory, Qiushi, published an important article from a previously unknown entity under the Cyberspace Administration of China (CAC). The article, which a team of analysts has translated in full, outlines the major elements of General Secretary Xi Jinping’s strategic thinking on one of Chinese cyberspace policy’s watchwords: ”cyber superpower.”

China Disrupts WhatsApp Texts as Censor Tools Grow More Powerful

https://www.bloomberg.com/news/articles/2017-09-26/china-disrupts-whatsapp-texts-as-censor-tools-grow-more-powerful  China is tightening the screws on Facebook Inc.’s WhatsApp, honing and employing cutting-edge surveillance technology to disrupt the messaging service as part of a longer-term crackdown on its online spheres. The latest disruptions are affecting users intermittently across the world’s second largest economy, intensifying a blocking effort that began around July but has gotten more sophisticated in ensuing months, said Nadim Kobeissi, a cryptographer at Paris-based online security firm Symbolic Software.

Suspected Iranian Hackers Targeted U.S. Aerospace Sector

http://www.thedailybeast.com/suspected-iranian-hackers-targeted-us-aerospace-sector  Hackers likely sponsored by the Iranian government recently compromised a U.S. aerospace organization, according to a new report from cybersecurity firm FireEye. The hackers, which FireEye dubs APT33, also targeted a selection of other energy and aviation bodies across Saudi Arabia and South Korea. The attacks were espionage-driven and focused on stealing sensitive information, according to the report. Iranian hackers have previously tried to identify computers that control infrastructure in the U.S., targeted a small dam in New York’s Westchester County, and launched distributed-denial-of-service (DDoS) attacks on U.S. banks designed to slow service to a crawl.

North Korea may be mining Bitcoin in addition to hacking it

http://www.nextgov.com/cybersecurity/2017/09/north-korea-may-be-mining-bitcoin-addition-hacking-it/141287/?oref=ng-channelriver  Last month, North Korea was banned from exporting coal to China, its biggest buyer. The rogue regime may have found a new use for these idle coal supplies: powering bitcoin mines. Bitcoin mines are generally large server farms containing thousands of machines specifically designed to mine the cryptocurrency. One of the world’s largest bitcoin mines, in Inner Mongolia, runs an electricity bill of $39,000 a day. North Korea is among the top 10 net exporters of coal globally, according to the International Energy Agency. Since the country can no longer earn revenue from coal exports, it makes sense that it might put some coal to use generating electricity for a bitcoin mine.

Hackers targeted election voting systems in 21 states, US government reveals

http://www.independent.co.uk/news/world/americas/us-politics/us-election-hacking-voting-systems-breach-states-revealed-a7962542.html Hackers attempted to disrupt election systems in 21 of 50 American states during last year’s election, according to the federal government. While the attempts almost all failed, the wave of attacks nevertheless highlighted how America’s elections systems are targets for disruption at a time when intelligence agencies concluded Russia launched a wide-ranging election meddling campaign. Federal officials said that in most of the 21 states, the targeting was preparatory activity such as scanning computer systems. Officials said there were some attempts to compromise networks but most were unsuccessful. Only Illinois reported that hackers had succeeded in breaching its voter systems.

Cyber Defense Is Very Much About Political Decisions

http://www.defenseone.com/threats/2017/09/cyber-defense-very-much-about-political-decisions/141198/?oref=d_brief_nl  One of the things the West is least prepared to handle about a cyberattack is how quickly the response to it turns political. Defense officials responding to an attack quickly encounter bureaucratic roadblocks and geopolitical concerns they may be unprepared to navigate.  That was one of the main takeaways from a first-of-its-kind tabletop cyber exercise Estonia hosted earlier this month. CYBRID 2017 put European Union defense ministers in the hot seat as a fictional scenario “moved from a minor cyber incident up to a real blockade of communications systems that stopped a naval operation on the Mediterranean,” Estonian Defense Minister Jüri Luik said.

CYBER-CRIME

Pirates used AIS tracking app to identify ship to hijack

http://www.seatrade-maritime.com/news/asia/pirates-used-ais-tracking-app-to-identify-ship-to-hijack.html Malaysian authorities have come down hard on the hijacking gang took a Thai-flagged tanker earlier this month. The court heard Heinrick Piterson Parera booked into a hotel in Larkin, Johor, prior to the crime, and from there, monitored the online Marine Traffic system and used the Ship Finder app to plot the movements of the targeted ship, tanker MGT-1. The coastal products tanker was hijacked off the coast of Terengganu.

Deloitte hit by cyber-attack revealing clients’ secret emails

https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails  One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

RedBoot: A new ransomware that can encrypt and repartition your hard drive-permanently

http://www.techrepublic.com/article/redboot-a-new-ransomware-that-can-encrypt-and-repartition-your-hard-drive-permanently/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  A newly discovered ransomware called RedBoot is one of the most dangerous yet. Not only does it encrypt files, it also alters the partition table and the master boot record (MBR) to cause what seems to be permanent damage. Early research into RedBoot hasn’t turned up a command and control server, nor are ransomers asking for Bitcoin payment. Those facts, along with what looks to be irreparable encryption, is leading some to believe RedBoot is just designed to do damage.

VULNERABILITIES / PATCHES

macOS High Sierra comes with a flaw that leaves your passwords vulnerable

http://www.techrepublic.com/article/macos-high-sierra-comes-with-a-flaw-that-leaves-your-passwords-vulnerable/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  The newly released macOS High Sierra comes with a lot of new features—and at least one massive zero-day exploit.Discovered by former NSA hacker Patrick Wardle, the exploit allows an attacker to steal the entire contents of a macOS Keychain in plain text. To make matters even worse, Wardle was able to steal passwords using an unsigned app downloaded and installed from the internet.As if a flaw that lets hackers get at the entire contents of your Keychain password vault isn’t bad enough, it’s not just High Sierra that’s vulnerable: Older versions of macOS and OS X can be exploited in the same way.

Gatekeeper alone won’t mitigate Apple Keychain attack

https://threatpost.com/gatekeeper-alone-wont-mitigate-apple-keychain-attack/128172/  Apple’s advice to rely on Gatekeeper as a mitigation against a Keychain attack disclosed this week by researcher Patrick Wardle doesn’t fully address the risk.  Experts, Wardle included, said that while Gatekeeper is a solid measure in preventing unsigned code from executing on a macOS machine, it doesn’t prevent, in this case, malware signed with a legitimate Apple developer certificate from executing and dumping passwords stored in the Keychain.

Remote Wi-Fi attack backdoors IPhone 7

https://threatpost.com/remote-wi-fi-attack-backdoors-iphone-7/128163/  Google on Sept 26 disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the iPhone 7,” said Google Project Zero researcher Gal Beniamini. “Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames.”

Oracle patches Apache Struts, reminds users to update Equifax bug

https://threatpost.com/oracle-patches-apache-struts-reminds-users-to-update-equifax-bug/128151/  Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerability that could let an attacker take control of an affected system.  Scores of Oracle products, roughly two dozen in total, are affected by the vulnerability.  Multiple versions of Oracle’s Financial Services product, in addition to its FLEXCUBE Private Banking product and WebLogic Server, are included in the advisory.

Adobe Private PGP key leak a blunder, but ic ould have been worse

https://threatpost.com/adobe-private-pgp-key-leak-a-blunder-but-it-could-have-been-worse/128113/  Adobe suffered at a minimum a PR black eye on Sept 22 when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.  The company’s public and private key pair were published together, both of which could be used to either decrypt messages sent to Adobe PSIRT, or sign messages purporting to be Adobe PSIRT.

EternalBlue exploit used in Retefe Banking Trojan campaign

https://threatpost.com/eternalblue-exploit-used-in-retefe-banking-trojan-campaign/128103/  Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue.  The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, researchers at Proofpoint.  Earlier this year, researchers at Flashpoint observed the TrickBot banking Trojan had added an EternalBlue module as well.

What’s new in Android 8.0 Oreo security

https://threatpost.com/whats-new-in-android-8-0-oreo-security/128061/  In addition to the many tweaks and new features in Google’s Android 8.0 Oreo operating system introduced last month, the biggest changes are its security enhancements.  Oreo security additions are meaningful and go far beyond what recent OS updates have brought to the table.

CYBER-SECURITY

5 critical IT security questions enterprises need to answer now

http://www.techrepublic.com/article/5-critical-it-security-questions-enterprises-need-to-answer-now/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  With the European General Data Protection Regulation coming into effect in 2018, a global standard will be set that increases the responsibility to protect data, as well as the penalties if it is not done adequately. At Microsoft Envision, Microsoft’s president and chief legal officer Brad Smith shared some tips for how companies can gut check their own security strategy.

Why don’t big companies keep their computer systems up-to-date?

https://theconversation.com/why-dont-big-companies-keep-their-computer-systems-up-to-date-84250  Every major piece of software has vulnerabilities, almost inevitably. When they’re found, typically the company or organization that writes the software creates a fix and shares it with the world, along with notifications that users should update to the latest version. For regular people, that is often as easy as clicking a button to agree to update an operating system or software application. For businesses, the process can be much harder. In part that’s because many companies use complex systems of interacting software to run their websites.

The Coming Software Apocalypse

https://www.theatlantic.com/technology/archive/2017/09/saving-the-world-from-code/540393/  A small group of programmers wants to change how we code—before catastrophe strikes. Software is different. Just by editing the text in a file somewhere, the same hunk of silicon can become an autopilot or an inventory-control system. This flexibility is software’s miracle, and its curse. “The problem,” Leveson wrote in a book, “is that we are attempting to build systems that are beyond our ability to intellectually manage.”  The software did exactly what it was told to do. The reason it failed is that it was told to do the wrong thing.

Like Sputnik, Cyber Attacks Demand a New Approach to Education

http://www.defenseone.com/ideas/2017/09/sputnik-cyber-attacks-demand-new-approach-education/141258/?oref=d-river   The oceans that once separated America from its adversaries cannot protect a modern society from network attacks. But efforts to raise defenses in this new era have largely focused on their technical aspects: building secure, resilient networks and teaching experts to protect them. This is no longer sufficient. Leaders from the business, law enforcement, academic, and government communities were recently gathered by the Center of the Study of the Presidency & Congress in Charlotte, North Carolina, to identify better ways to meet our modern-day Sputnik moment.

An ambitious plan to stop DDoS for good has its limits

https://www.wired.com/story/cloudflare-unmetered-mitigation-ddos-attacks/  The notion that an industry-wide push could eliminate DDoS altogether has percolated for a few years. Services like Google’s Project Shield, which offers free DDoS protection to news, human rights, and election-monitoring websites are proponents of the approach. DDoS defense may genuinely be moving in this direction. Some large internet service providers in the United States and Europe have even begun planning or quietly rolling out standard DDOS defense as a way of maintaining the health of their networks and avoiding collateral damage from large attacks. But Cloudflare is the first to loudly guarantee free protection for all of its customers. That’s an important step, but the industry ubiquity needed to quash DDOS altogether remains a long way off, if it will come at all.

India joins quantum computing race

http://www.thehindu.com/news/national/india-joins-quantum-computing-race/article19723359.ece  Keen to tap into the next big advance in computing technology, the Department of Science and Technology (DST) is planning to fund a project to develop quantum computers. A quantum computer, still largely a theoretical entity, employs the principles of quantum mechanics to store information in ‘qubits’ instead of the typical ‘bits’ of 1 and 0. Qubits work faster because of the way such circuits are designed, and their promise is that they can do intensive number-crunching tasks much more efficiently than the fastest comparable computers.

Amid heightened cyber threat, Sebi to hire agency to strengthen IT infra

http://www.business-standard.com/article/markets/amid-heightened-cyber-threat-sebi-to-hire-agency-to-strengthen-it-infra-117092400160_1.html   Markets regulator Sebi plans to rope in a third-party agency to identify and classify security holes in its entire information technology infrastructure and suggest measures to mitigate such risks. This comes at a time when several malware attacks have come to light globally, including in India. The agency will be responsible for carrying out enterprise-wide system audit focused on configuration, security aspects, risk assessment, deployment, administration, access control, backup and business continuity. The audit will also cover review of standard operating procedures, automation and monitoring of all IT assets.

Huawei aims to make India 5G-ready, will invest $600-mn by 2018

http://www.business-standard.com/article/companies/huawei-aims-to-make-india-5g-ready-will-invest-600-mn-by-2018-117092700915_1.html  On the first day of the “India Mobile Congress 2017” here, Huawei highlighted its efforts in ensuring that the commercial roll-out of the 5G network in the country happens along with the developed global economies of the world. The company, which began investing in 5G research in 2009, is aiming to invest $600 million in the technology by 2018. “The 5G era is approaching, and we are confident that 5G deployment in India will happen in line with global timeline,” said Jay Chen, CEO, Huawei India.

LEAVE A REPLY