CYBERSECURITY – WEEKLY REPORT (August 30, 2017)

0
8

 

SUMMARY REMARKS

China has demonstrated another technological marvel which may eventually give it superiority in battle field compared to even the United States. The June 11 display of “swarm” technology by China Electronics Technology Group, a state-owned high-tech company, brought together 119 drones in perfect air formation. Analysts believe that this unlikely spectacle could represent a `revolution in military affairs. Each tiny aircraft – bought online for a few hundred dollars – is loaded with software and sensors capable of communicating with the other drones in the swarm.

Developers are working towards a future where thousands could operate in sync, identifying and attacking targets.  In theory, such swarms could feature drones fitted with missiles or warheads capable of sophisticated attacks designed to overwhelm defences with their sheer numbers.

Randall Steeb, senior engineer at the Rand Corporation in the US, said, “This goes all the way back to the tactics of Attila the Hun…A light attack force that can defeat more powerful and sophisticated opponents.  They come out of nowhere, attack from all sides and then disappear, over and over.”

****

WikiLeaks came out with a new report suggesting that CIA gained access to Indian `Aadhaar’ data (unique identity card issued to its citizens – similar to American social security card data). It said that CIA is using tools devised by US-based technology provider Cross Match Technologies for cyber spying. The company provides biometric solutions to the Aadhaar scheme.  Indian officials, however, dismissed the claims.

Whether it is true or not, Supreme Court of India has raised concerns over `data protection’ while passing last week a historical judgement on `right to privacy’.  Noting that “informational privacy is a facet of the right to privacy”, a nine-judge Bench observed that dangers of personal data originate not only from the government but also from private players.  It further called upon the government to put in place a robust mechanism for data protection.

Following the Supreme Court judgement, App developers in India could face severe consequences for misusing customer data.

INTER-STATE CYBERWARFARE

Drone swarms vs conventional arms: China’s military debate

https://www.ft.com/content/302fc14a-66ef-11e7-8526-7b38dcaef614  The June 11 demonstration of “swarm” technology by China Electronics Technology Group, a state-owned high-tech company, included 119 drones. That made it the world’s largest-ever swarm, according to CETC, breaking a US-held record. Each tiny aircraft — bought online for a few hundred dollars — is loaded with software and sensors capable of communicating with the other drones in the swarm. Developers are working towards a future where thousands could operate in sync, identifying and attacking targets.

India, Pakistan hit by spy malware, says cybersecurity firm

http://www.business-standard.com/article/current-affairs/india-pakistan-hit-by-spy-malware-says-cybersecurity-firm-117082900039_1.html  Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.  In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016. The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

Theresa May refuses to rule out cyber attacks and military options over North Korea’s ‘illegal’ acts

http://www.telegraph.co.uk/news/2017/08/29/britain-calls-sanctions-north-korea-wake-missile-test/  Theresa May has refused to rule out using cyber warfare or even taking part in military action against North Korea if it does not stop firing missiles in “illegal” acts of provocation. Mrs May arrived in Japan this morning in the midst of an escalating crisis over Pyongyang’s latest missile launch, and will have lengthy discussions with Prime Minister Shinzo Abe about what can be done. She arrived with a message for China’s President Xi Jinping, telling him in no uncertain terms that it is his responsibility to rein in Kim Jong-un.

Trump Cybersecurity Advisors Resign, Citing His ‘Insufficient Attention’ to Threats

http://fortune.com/2017/08/26/trump-cybersecurity-advisors-resign/?utm_campaign=time&utm_source=twitter.com&utm_medium=social&xid=time_socialflow_twitter  A quarter of the members of the National Infrastructure Advisory Council, whose purview includes national cybersecurity, have resigned. In a group resignation letter, they cited both specific shortfalls in the administration’s approach to cybersecurity, and broader concerns that Trump and his administration have undermined the “moral infrastructure” of the U.S. “The moral infrastructure of our Nation is the foundation on which our physical infrastructure is built,” reads the letter in part. “The Administration’s actions undermine that foundation.”

WikiLeaks hints at CIA access to Aadhaar data, officials deny it

http://timesofindia.indiatimes.com/india/wikileaks-hints-at-cia-access-to-aadhaar-data-officials-deny-it/articleshow/60228184.cms  WikiLeaks published reports on Thursday that claimed to “expose” that CIA is using tools devised by US-based technology provider Cross Match Technologies for cyber spying that may have comprised Aadhaar data. The claim was dismissed by official sources in India. Cross Match Technologies also provides biometric solutions to the Unique Identification Authority of India, the statutory body for Aadhaar, leading to claims of possible data leakage.

Right to Privacy: Misusing customer data may land app developers in trouble

http://www.business-standard.com/article/economy-policy/right-to-privacy-misusing-customer-data-may-land-app-developers-in-trouble-117082600042_1.html  App developers in India could face severe consequences for misusing customer data after a nine-judge Supreme Court Bench ruled that the right to privacy was a fundamental right of every citizen in the country. While these developers can continue to collect data from users as long as they have their consent, the latest judgment could set the stage for severe punishment if they are found using customer data for any purpose other than for which it was collected.

Worried Indian Supreme Court calls for robust data protection regime

http://www.thehindu.com/news/national/worried-sc-calls-for-robust-data-protection-regime/article19555907.ece?homepage=true  The Supreme Court of India urged the government to put in place a robust mechanism for data protection. Noting that “informational privacy is a facet of the right to privacy”, a nine-judge Bench, led by Chief Justice of India J.S. Khehar, said dangers to personal data originate not only from the government but also from private players. The court observed that the creation of a regime requires careful and sensitive balance between individual interest and legitimate concerns of the state.

Commentary: The fight for internet freedom in Trump’s America

http://in.reuters.com/article/us-parker-internet-commentary-idINKCN1B21YV  One of the great things about America is that if you don’t like the government, you have the right to speak out against it. Since President Donald Trump took office in January, ordinary citizens have been voicing dissent on the Internet and in the streets. Recently, an extraordinary request from the Department of Justice (DOJ) threatened to make people increasingly afraid to exercise that right. The DOJ tried to compel an internet hosting company, DreamHost, to hand over information about everyone who visited disruptj20.org, a DreamHost customer web site that helped organize Trump inauguration protests.

CYBER-CRIME

NHS trust hit by cyber attack cancels operations and asks patients not to come to hospital ‘unless it is essential’

http://www.independent.co.uk/news/uk/home-news/cyber-attacks-uk-nhs-lanarkshire-scotland-hospitals-affected-patients-operations-ransomware-wannacry-a7913896.html  Scotland’s third-largest NHS trust appealed for patients not to attend hospital unless it is “essential” amid an ongoing cyber attack. Operations and appointments were cancelled by NHS Lanarkshire and people were warned they could be turned away, but a spokesperson insisted there were “no concerns around emergency treatments”. It is the second time the trust has been affected by malware within months, having been one of the worst-affected trusts during the global WannaCry ransomware attack in May.

HBO hackers leak Game of Thrones Season 7 climax

http://indianexpress.com/article/technology/mobile-tabs/hbo-hackers-leak-game-of-thrones-season-7-climax-4814365/  Just a day before the last episode of “Game of Thrones” Season 7 set to hit the screens, the HBO hackers calling themselves as “Mr Smith” have leaked the climax of the ongoing season, thus ending the suspense that kept the millions of fans on toes. The hacking group demanded approximately $6.5 million worth of Bitcoin from HBO but that demand has not been met so far. However, the hacking group claimed to have sold the stolen data to three customers in deep web who paid them half of the amount they had requested in ransom from HBO.

Facebook, Instagram users face outage

http://www.business-standard.com/article/pti-stories/facebook-instagram-users-face-outage-117082600938_1.html  Many Facebook users on August 27 reported experiencing an outage as they “struggled” to access the popular social media site. A section of users across geographies, including the US and Europe, reported that they faced log-in problems, while others had a difficulty in uploading videos, liking or commenting on posts, loading pages, or saw error messages. It could not be confirmed if users in India also faced a similar difficulty. Facebook has over two billion monthly active users globally. India is one of the biggest markets for the US-based firm.

Spambot contains `mind-boggling’ amount of email, SMTP credentials

https://threatpost.com/spambot-contains-mind-boggling-amount-of-email-smtp-credentials/127722/  Researchers have managed to penetrate a spam bot and uncover a massive list of 711 million records that includes email addresses, email and password combinations (some in cleartext), and SMTP credentials and configuration files.  The spambot is called Onliner and has been around since 2016 and is best known for spreading Ursnif banking Trojan.

Revamped Nukebot Malware changes targets, adds functions

https://threatpost.com/revamped-nukebot-malware-changes-targets-adds-functions/127707/  A revamped version of the Nukebot banking Trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems.

CYBER-SECURITY

Password reuse is the biggest vulnerability exploited by hackers

http://www.business-standard.com/article/economy-policy/password-reuse-is-the-biggest-vulnerability-exploited-by-hackers-117082600606_1.html  Remembering and changing passwords regularly is the top source of cyber fatigue for users and also the easiest vulnerability exploited by hackers, says the Thycotic Black Hat Hacker survey report 2017. Consequently, using multi factor authentication and encryption can be the biggest barrier against attacks, said the same report.

HPE locks down server security

https://www.hpe.com/in/en/resources/solutions/security-threat-levels.html?parentPage=/in/en/solutions/infrastructure-security  The security threat landscape is increasing for businesses and attacks are becoming more sophisticated. Emerging technologies open new business opportunities, but also introduce new risk. HPE has a strategy to stay ahead of the threats through its unique server firmware protection, detection and recovery capabilities. Download the analyst paper and learn more.

Only Indian phones for defence officials?

http://www.thehindu.com/news/national/only-indian-phones-for-defence-officials/article19583072.ece?homepage=true  The Centre is considering the creation of a secure communications ecosystem for its officials, especially those working in the defence sector. One of the proposals is mandating the use of mobile phones manufactured by Indian companies for official communication. The government will also be providing a secure email service to its officials. “The view is that communications for vital departments of the government need to be secured… a lot of the companies store user data on a server in a foreign country, including China,” a senior official, who requested anonymity, told The Hindu.

Huawei’s `XHaul’ to help mobile operators build 5G networks

http://economictimes.indiatimes.com/magazines/panache/huaweis-x-haul-to-help-mobile-operators-build-5g-networks/printarticle/60209276.cms  Chinese tech company Huawei has released its 5G­oriented mobile bearer solution “X­Haul” to help operators build end-­to-­end 5G networks. The solution provides flexible access capabilities that can match the scenario of any site and implements agile network operations based on a cloud architecture, the company said. Huawei has currently deployed over 190 mobile bearer networks in more than 100 countries, which bear more than 2.8 million base stations, serving one ­third of the world’s users.

Uber to end post-trip tracking of riders as part of privacy push

http://in.reuters.com/article/us-uber-privacy-idINKCN1B90EN  Uber Technologies Inc is pulling a heavily criticized feature from its app that allowed it to track riders for up to five minutes after a trip, its security chief told Reuters, as the ride-services company tries to fix its poor reputation for customer privacy. The change, which restores users’ ability to share location data only while using the app, is expected to be announced on August 28 and rolled out to Apple Inc iPhone users starting this week. It comes as Uber tries to recover from a series of crises culminating in the ouster of Chief Executive Travis Kalanick and other top executives.

VULNERABILITIES / PATCHES

Intel confirms its much-loathed ME feature has a kill switch

https://threatpost.com/intel-confirms-its-much-loathed-me-feature-has-a-kill-switch/127739/ Researchers at Positive Technologies forced Intel’s hand at revealing that a previously undocumented kill switch exists for its oft-criticized Intel Management Engine, a remote management component of Intel CPUs. Initially, Positive Technologies set out to disable the feature that some security professionals have deemed a risk. Researchers did create a unofficial workaround dubbed ‘ME Cleaner’, which cripples the feature, but does not eliminate it. Positive Technologies researchers Mark Ermolov and Maxim Goryachy said they believed the kill switch was introduced by Intel at the behest of the National Security Agency

Turla APT used Whitebear espionage tools against Defense industry, Embassies

https://threatpost.com/turla-apt-used-whitebear-espionage-tools-against-defense-industry-embassies/127737/  A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise.  The tools, called, WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and South America during most of 2016.

New Locky variant `IKARUSdilapidated’ strikes again

https://threatpost.com/new-locky-variant-ikarusdilapidated-strikes-again/127726/  A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security expers.  The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s trusted business-class multifunction printer. This is the second wave of the rasomware spotted in the past month, according to Comodo Threat Intelligence Lab.

Mobile wirex DDOS Botnet `neutralized’ by collaboration of competitors

https://threatpost.com/mobile-wirex-ddos-botnet-neutralized-by-collaboration-of-competitors/127680/  A collaboration between leading content delivery networks and technology companies – some of them competitors – is in the midst of shutting down the largest botnet of mobile devices ever recorded.  The WireX botnet was detected on Aug 17 after businesses in a number of industries, most notably hospitality, porn and gambling, as well as domain registrars, reported signs of substantial distributed denial of service attacks.

Defray Ransomware seen targeting education, healthcare industry

https://threatpost.com/defray-ransomware-seen-targeting-education-healthcare-industry/127656/  Researchers observed a new, albeit small and selective ransomware campaign earlier this month targeting both education and healthcare verticals. The ransomware, dubbed Debray, comes hidden in rigged Microsoft Word document attachments, sent via email.

LEAVE A REPLY