CYBERSECURITY – WEEKLY REPORT (September 13, 2017)

0
14

SUMMARY REMARKS

Recent spurt in maritime accidents involving naval ships and merchant vessels raised suspicions of hacking electronic systems on board by hostile nations.  A latest instance involving China gives credence to such suspicions.  Beijing is allegedly hacked the electronics of a yacht owned by a Chinese billionaire dissident in an attempt to intimidate him.  The suspicious hacking took place on the Hudson River near New York city in July which left the ship temporarily unable to turn and in danger of colliding with nearby freighter.  Guo WEngui @ Miles Kwok, who now lives in New York, said he believes Chinese intelligence disrupted the electronics on his high-tech yacht on several occasions during the month, which also coincided with threats in media.

In one such incident, the vessel’s bow and stern thrusters suddenly shut down.  It was discovered that while the thrusters were functioning, control over them had been disconnected from the bridge.  The ships controls were apparently hacked by an unknown third party that gained access to the ship’s computer system, possibly using a mobile phone.  In another incident, the ship’s Wi-Fi network went offline as Guo boarded the yacht.  His mobile phone was apparently hacked and using it, the hackers could disable electronic controls on the board. FBI is investigating the allegations.

The US Navy is separately investigating possibilities of electronic hacking in two collisions between its destroyers and commercial ships that killed 17 American sailors.  One of the warships, the USS John S. McCain had been involved in an operation close to a disputed Chinese island in the South China Sea days before the collision.

If the above suspicions are proven, the threat to naval forces and merchant shipping would be enormous with serious consequences.

***

The debate over possible Russian interference in German elections is intensifying as the polls are round the corner.  The Washington Post expressed surprise that the much anticipated Russian cyber onslaught is not seen as yet. It said that German politicians have been watching nervously for possible embarrassment and scandal in the event of Russian hackers releasing massive data that they suspected to have stolen from Parliament networks in 2015.  Russia Today network mocked the Post for not considering the possibility that Moscow had no intention of meddling in the elections.  Meanwhile, a German research group warned of vulnerabilities in the election software used for recording, counting, displaying and analyzing votes.

In the lead to preparations for next year’s World Cup, England’s soccer federation has written to FIFA to address cybersecurity issues as Russian hacking group, Fancy Bears, allegedly had access to confidential medical information of scores of athletes and leaked anti-doping correspondence.  Meanwhile, the Trump administration instructed government agencies to remove Kaspersky Lab products from their networks over concerns of Kremlin’s influence on the cybersecurity firm.

***

India and the US were again in the grip of cyber-attacks last week.  A new malware Xafecopy Trojan was detected in India which steals money through victims’ mobile phones.  Around 40 percent of targets of the malware were detected in India.  US-based credit reporting agency Equifax Inc was hacked potentially impacting approximately 143 million American consumers.  Hackers gained access to consumer information including names, social security numbers, credit card numbers, addresses etc., exposing regulatory gaps.

INTER-STATE CYBERWARFARE

Beijing Suspected in Hacking Yacht Owned by Chinese Billionaire  :  FBI investigating possible electronic sabotage against dissident’s ship

http://freebeacon.com/national-security/beijing-suspected-hacking-yacht-owned-chinese-billionaire/?utm_source=Freedom+Mail&utm_campaign=2fca701200-EMAIL_CAMPAIGN_2017_09_07&utm_medium=email&utm_term=0_b5e6e0e9ea-2fca701200-38360125   China is suspected of hacking the electronics of a yacht owned by a Chinese billionaire targeted by Beijing. Guo Wengui, who uses the English name Miles Kwok, said several incidents involving his 152-foot motor yacht, Lady May, appear to be part of a Chinese government effort to threaten and intimidate him. The suspicious hacking took place in July on the Hudson River near New York City and left the ship temporarily unable to turn and in danger of colliding with nearby freighter. Disclosure of the suspected yacht hacking comes as the Navy is investigating with external electronic hacking who is involved in two similar collisions between U.S. Navy destroyers and commercial ships that killed 17 American sailors.

Cyber threats to navies take many forms

http://navalinstitute.com.au/cyber-threats-to-navies-take-many-forms/  Interview with Roger Hilton of the Institute for Security Policy at Kiel University: The cyber capabilities are really integrated at all levels at the naval mission. So, the core capabilities navies seek to provide are the blue-water capabilities of forward presence, deterrence, control, sea control, and power projection, as well as maritime security and humanitarian assistance or disaster response. All of these core capabilities are supported and enhanced by cyber capabilities. Thus, the full spectrum of naval operations and the corresponding naval strategy involve cyber capabilities today.

Germany’s election software is dangerously hackable

https://www.wired.com/story/security-roundup-germany-election-software-is-hackable/  Chaos Computer Club, a German collective of hackers and security researchers, exposed the results of their unsolicited audit of the country’s voting infrastructure. They found that a program called PC-Wahl, used for recording, counting, displaying, and analyzing votes in German elections from the local level to the national government. The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country’s October parliamentary election.

As Germans prepare to vote, a mystery grows: Where are the Russians?

https://www.washingtonpost.com/world/as-germans-prepare-to-vote-a-mystery-grows-where-are-the-russians/2017/09/10/07d47f54-9257-11e7-8482-8dc9a7af29f9_story.html?utm_term=.d9e8b4e0888c  In 2015, suspected Russian hackers broke into the computer networks of the German Parliament and made off with a mother lode of data — 16 gigabytes, enough to account for a million or more emails. Ever since, German politicians have been watching nervously for the fruits of that hack to be revealed, and for possible embarrassment and scandal to follow. Many warily eyed September 2017 — the date of the next German election — as the likely window for Russian meddling to once again rattle the foundations of a Western democracy. But with the vote only two weeks away, the hacked emails haven’t materialized. Nor have Russian-linked propaganda networks churned into overdrive with disinformation campaigns. The apparent absence of a robust Russian campaign to sabotage the German vote has become a mystery among officials and experts who had warned of a likely onslaught.

‘Where are the Russians?’ WaPo worried it can’t find Kremlin hackers in German election

https://www.rt.com/news/403051-german-election-russian-interference/   With two weeks left till the general election in Germany, the Washington Post is “worried” to see no evidence of a massive Russian meddling campaign. The article does not, however, consider the possibility that Russia had no intention of conducting one in the first place.

England’s Soccer Federation Asks FIFA to Address Cybersecurity Ahead of World Cup

https://www.nytimes.com/2017/09/11/sports/soccer/fifa-world-cup-cybersecurity.html?_r=0   England’s soccer federation has written to FIFA to express concerns about the leak of confidential antidoping correspondence by a hacking group believed to based in Russia, and to request assurances about the soccer governing body’s cybersecurity preparations ahead of next year’s World Cup there. Since last year, leaks by the hacking group, known as Fancy Bears, have revealed confidential medical information of scores of top athletes, including tennis champions, track stars and an Olympic gymnast, who had received exemptions to take medication usually be banned under doping regulations.

Trump administration orders purge of Kaspersky products from U.S. government

https://www.reuters.com/article/us-usa-security-kaspersky/trump-administration-orders-purge-of-kaspersky-products-from-u-s-government-id  The Trump administration on Sept13 told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security. In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.

Nations that hack the US could face `real world’ consequences, Homeland Security Adviser warned

http://www.nextgov.com/cybersecurity/2017/09/nations-hack-us-could-face-real-world-consequences-homeland-security-adviser-warned/140827/?oref=defenseone_today_nl  White House Homeland Security Adviser Tom Bossert suggested, “…what we’ll do on the deterrence side is end up figuring out a means and method outside cybersecurity to apply elements of national power to punish bad behavior commensurate with offense. We want to punish in a way that is real world, not cyber.” He said “there is very little reason to believe” U.S.-led offensive cyber strikes are “going to have any deterrent effect on a cyber adversary.”

CYBERSECURITY

Nascent Quantum Computing Poses Threat to Cybersecurity

https://blogs.wsj.com/cio/2017/09/13/nascent-quantum-computing-poses-threat-to-cybersecurity/  The threat of a cyber attack by hackers or rogue nation states with access to quantum computers is becoming real enough that scientists and public officials are convening in London from Sept 13 in part to urge companies to develop a plan for defense. More than 150 cryptographers, business executives and public officials attended the first day of the three-day Quantum Safe Workshop.

China sets up first ‘commercial’ quantum network for secure communications

https://www.reuters.com/article/us-china-quantum/china-sets-up-first-commercial-quantum-network-for-secure-communications  China has set up its first “commercial” quantum network in its northern province of Shandong, state media said, the country’s latest step in advancing a technology expected to enable “hack proof” communications. China touts that it is at the forefront of developing quantum technology. In August it said it sent its first “unbreakable” quantum code from an experimental satellite to the Earth.

S&T awards $8.6 million for enhancing security of mobile apps for the government

http://www.homelandsecuritynewswire.com/dr20170911-s-t-awards-8-6-million-for-enhancing-security-of-mobile-apps-for-the-government?page=0,1  The US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded funding to five research and development (R&D) projects that will enhance the secure use of mobile applications (apps) for the federal government. The recently launched MAS project is focused on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle.

CYBER-CRIME

Beware! New malware Xafecopy Trojan is stealing money through your phone : Around 40 per cent of target of the malware has been detected in India

http://www.business-standard.com/article/technology/beware-new-malware-xafecopy-trojan-is-stealing-money-through-your-phone-117091000343_1.html  A new malware Xafecopy Trojan has been detected in India which steals money through victims’ mobile phones, cyber security firm Kaspersky said in a report. Around 40 per cent of target of the malware has been detected in India. The mobile malware targets the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge. Xafecopy Trojan is disguised as useful apps like BatteryMaster and operates normally. The trojan secretly loads malicious code onto the device.

Cyberattack may have affected 143 million US consumers: Equifax

http://www.business-standard.com/article/international/cyberattack-may-have-affected-143-million-us-consumers-equifax-117090800252_1.html  US-based credit reporting agency Equifax Inc announced on Friday that hackers had gained access to the company’s data, potentially impacting approximately 143 million US consumers. Hackers exploited a vulnerability in the company’s website application from mid-May through July and gained access to consumer information including names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers, the agency said in a statement. The breach also included credit card numbers of approximately 209,000 consumers and certain dispute documents with personal identifying information of approximately 182,000 consumers.

Equifax Hack Exposes Regulatory Gaps, Leaving Consumers Vulnerable

https://www.nytimes.com/2017/09/08/business/equifax.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news  Equifax warehouses the most intimate details of Americans’ financial lives, from the credit cards in their wallets to the size of their medical bills. But the company doesn’t face the constant monitoring and auditing that help strengthen banks’ systems and data protections. The dangers of such lax oversight became apparent when Equifax disclosed that hackers had compromised the personal and confidential information, including Social Security numbers, of nearly half of the American population.

Equifax Hack Leaves Consumers, Financial Firms Scrambling

https://www.wsj.com/articles/equifax-hack-leaves-consumers-financial-firms-scrambling-1504906993  Consumers, financial firms and regulators attempted to assess the damage the large hack at Equifax Inc. The hack is under investigation by the Federal Bureau of Investigation. It ranks as one of the three worst data breaches of all time, alongside Yahoo ’s AABA -0.69% loss of more than one billion records, disclosed last year, and Sony Corp.’s 2014 cyberattack, which exposed confidential data and knocked computers and telephones offline.

Apache Foundation refutes involvement in Equifax breach

https://threatpost.com/apache-foundation-refutes-involvement-in-equifax-breach/127910/  A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims.  Rene Gielen, VP of the Apache Struts Project wrote that if Struts was targeted, it’s unclear which vulnerability, if any was exploited.  The letter was spurred by an internal analyst that suggested data from Equifax’s servers was breached via an unnamed Apache Struts flaw.

Thousands of ElasticSearch servers hijacked to host PoS Malware

https://threatpost.com/thousands-of-elasticsearch-servers-hijacked-to-host-pos-malware/127965/  Thousands of insecure Elasticsearch servers are hosting point-of-sale malware, according to an analysis by Kromtech Security Centre.  In total, researchers found 15,000 insecure Elasticsearch servers with 27% (4000) hosting the PoS malware strains Alina and JackPoS.  Insecure servers have opened the door for hackers to use them for a wide range of illegal activities. Kromtech said 99% of compromised EalsticSearch servers were hosted on Amazon Web Services’ platform.

Son of Russian lawmaker pleads guilty in cyber crime cases

http://in.reuters.com/article/usa-cyber-russia/son-of-russian-lawmaker-pleads-guilty-in-cyber-crime-cases-idINKCN1BJ2Q2  The son of a Russian lawmaker accused of stealing credit card data and other personal information has pleaded guilty in two criminal cases stemming from a probe into a $50 million online identity theft scheme, the U.S. Justice Department said. Roman Seleznev, 33, the son of Russian parliament member Valery Seleznev, was sentenced to 27 years in prison by a federal court in Washington for his role in a cyber assault. He was arrested in the Maldives and brought to the United States to face charges. The Russian government has previously criticized the arrest, calling it an unlawful kidnapping.

Indian Fashion designer’s struggle with Cyber stalker

http://www.thehindu.com/news/cities/Hyderabad/fashion-designers-struggle-with-cyber-stalker/article19652413.ece  Alert woman protects bank accounts.First they tried to hack her Facebook page, then got her SIM (subscriber identity module) card blocked and now her WhatsApp account is hacked. Yet, alert fashion designer managed to resist all these online attacks but the feeling of insecurity still lingers.

VULNERABILITEIS/PATCHES/RISK ANALYSIS

Critical Bluetooth flaw could put nearly every connected device at risk of cyberattack

http://www.techrepublic.com/article/critical-bluetooth-flaw-could-put-nearly-every-connected-device-at-risk-of-cyberattack/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  A new attack vector called BlueBorne could put billions of connected devices at risk of a cyberattack, according to research from Armis Labs. According to an overview post, BlueBorne puts mobile, desktop, and IoT devices running Android, iOS, Windows, or Linux at risk. “The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today,” the post said. Using BlueBorne, hackers can attack Bluetooth-connected devices over the air, without the device even being paired to the attacker’s device, the post said. Once successfully penetrated, the attacker gains full control over the victim’s device.

Microsoft patches .Net Zero Day vulnerability in September update

https://threatpost.com/microsoft-patches-office-zero-day-vulnerability/127946/  An actively exploited zero-day vulnerability tied to Microsoft’s .Net framework is one of 25 critical and 54 important vulnerabilities fixed by Microsoft in its September Patch.  The .Net framework vulnerability (CVE-2017-8759) allows attackers to “take control of an affected system.”

Abode fixes eight vulnerabilities in Flash, Robohelp, Coldfusion

https://threatpost.com/adobe-fixes-eight-vulnerabilities-in-flash-robohelp-flash-player/127944/  Abode fixed eight vulnerabilities across three products, including two critical memory corruption bugs and a critical XML parsing flaw.

FreeXL library fixes two remote code execution vulnerabilities

https://threatpost.com/freexl-library-fixes-two-remote-code-execution-vulnerabilities/127932/  Researchers warned on Sept 11 of two remote code execution vulnerabilities in an open source C library that could let an attacker execute code with local user privileges.  The library, FreeXL, was updated last week to fix the issues.  It allows users to extract valid data from within an Excel (.xls) spreadsheet and is used by the SpatiaLite open source library.

Popular D-Link router riddled with vulnerabilities

https://threatpost.com/popular-d-link-router-riddled-with-vulnerabilities/127907/  A wireless router made by D-Link has nearly one dozen critical vulnerabilities, according to a report released by independent researcher Pierre Kim.  The bugs found are in D-Link’s model DIR 850L wireless AC1200 dual-band gigabit cloud routers and could allow a hacker to ultimately hijack the routers and take control of them.

Android users vulnerable to `high-severity’ overlay attacks

https://threatpost.com/android-users-vulnerable-to-high-severity-overlay-attacks/127901/  Security researchers warned of a high-severity Android flaw that stems from what they call a “toast attack” overlay vulnerability.  Criminals could use the Android’s toast notification, a feature that provides simple feedback about an operation in a small pop up, in an attack scenario to obtain rights on targeted phones and take complete control of them. Affected are all versions of the Android operating system prior to Android 8.0, Oreo, released last month.

New report unveils top 3 cybersecurity threats facing business data

http://www.techrepublic.com/article/new-report-unveils-top-3-cybersecurity-threats-facing-business-data/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  Ransomware, insider threats, and denial of service are the three biggest threats faced by organizations as they try to secure sensitive data, according to a new study from Infoblox and SANS.

Prof Shows How Your Internet Activity Is Being Watched

http://cornellsun.com/2017/09/11/prof-shows-how-your-internet-activity-is-being-watched/   Cornell’s Department of Computing and Information Science kicked off the first of a series of talks that aims to discuss the importance of technological advancements and the law in exploring surveillance, privacy and bias. Prof. Arvind Narayanan, computer science, Princeton University, was the first speaker of the series and presented his research with a talk entitled “Uncovering Commercial Surveillance on the Web.” Commercial surveillance involves techniques used by companies to discreetly and legally trace the internet activity of users. Such surveillance is so widespread that it affects anyone who uses the internet, even for basic browsing. Narayanan laid out a technical overview of how third-party companies gain access to users’ personal information using ingenious techniques.

CRYPTO-CURRENCIES

China to Shut Bitcoin Exchanges : Authorities to ban commercial trading of all virtual currencies

https://www.wsj.com/articles/china-to-shut-bitcoin-exchanges-sources-1505100862  Chinese authorities plan to shut down domestic bitcoin exchanges, delivering a final blow to a once-thriving industry of commercial trading for virtual currencies, which took off inside the mainland four years ago. The country’s central bank has led a draft of instructions that would ban Chinese platforms from providing virtual currency trading services, according to people familiar with the matter. The move comes after months of scrutiny by Beijing, including a ban last week in China on initial coin offerings, a kind of fundraising via virtual currencies.

LEAVE A REPLY