CYBERSECURITY – WEEKLY REPORT (September 06, 2017)

0
5

 

SUMMARY REMAKRS

This week, Russian and Chinese hacker groups were alleged to have picked up new targets in western countries and southeast Asia respectively.  After last month’s attacks on German parliament, it is now claimed that Russian hackers attacked the website of Julia Kloeckner, vice chairman of Chancellor Merkel’s Christian Democratic Union party, a day before her televised election debate.  The CDU’s regional headquarters in the state of Rhineland-Palatinate was also said to have experienced massive DDoS attacks. Most of these attacks were from Russian IP addresses.  German leaders have been voicing concerns of Moscow’s attempts to interfere in the Sept 24 national elections, similar to what it did in American presidential elections last year.

Hillary Clinton, who lost the US presidential election, and her Democratic Party organs continue to be under the focus of hackers.  Verrit, a political fact-checking site, has been hacked almost immediately after it was endorsed by her.  Within an hour of her tweet inviting followers to sign up the site, a DDoS attack prevented it from loading.

The energy sector in Europe and North America had also come under a new wave of cyber attacks by a revamped Dragonfly hacker group, believed to be associated with Moscow.  The organization that came under attack are in the US, Turkey and Switzerland.

Meanwhile, Chinese hackers have broadened their attacks against official and corporate targets in Vietnam in the background of continued tensions over the South China Sea disputes.  Cyber Security firm FireEye traced the attacks to suspected Chinese cyber spies.  They were identified based on their previous activity where they used the same infrastructure.  The hacker team used the conimes.com domain and it focuses on Southeast Asia although its main target is Vietnam.

INTER-STATE CYBERWARFARE

Merkel’s party alleges Russian cyber attacks ahead of elections

http://timesofindia.indiatimes.com/world/europe/merkels-party-alleges-russian-cyber-attacks-ahead-of-elections/articleshow/60363823.cms  A top leader of German Chancellor Angela Merkel’s conservative party said her website had been hit by thousands of cyber attacks- many from Russian IP addresses- before Sept 3’s televised election debate. German intelligence and government officials have often voiced concerns that Moscow could seek to interfere in the Sept. 24 national election, in which Merkel is widely expected to win a fourth term. Following a pattern seen in earlier hacks, the CDU’s headquarters in the state of Rhineland-Palatinate, where Kloeckner is the party’s leader, also experienced “massive attacks” ahead of the debate, she said.

Hackers target fact-checking site after Clinton endorses it

https://www.cnet.com/au/news/hillary-clinton-verrit-backs-fact-check-site-targeted-by-hackers-donald-trump-fake-news/  A political fact-checking site has been hacked almost immediately after it was endorsed by Hillary Clinton. Clinton invited followers to sign up to Verrit on Sept 3, but within an hour of her tweet a distributed denial of service (DDoS) attack prevented the site from loading. It’s now up and running again. The site is aimed at “the 65.8 million”, a reference to the higher number of US voters who picked Clinton in last year’s Presidential Election over the eventual winner Donald Trump.

Dragonfly: Western energy sector targeted by sophisticated attack group

https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group  The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. Symantec has evidence indicating that the Dragonfly 2.0 campaign has been underway since at least December 2015 and has identified a distinct increase in activity in 2017. Symantec has strong indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries. Dragonfly is believed to be a group of Russian hackers.

Chinese cyber spies broaden attacks in Vietnam, security firm says

http://www.straitstimes.com/asia/se-asia/chinese-cyber-spies-broaden-attacks-in-vietnam-security-firm-says?utm_source=The+Sinocism+China+Newsletter&utm_campaign=18ce6cbbce-EMAIL_CAMPAIGN_2017_08_31&utm_medium=email&utm_term=0_171f237867-18ce6cbbce-29622273&mc_cid=18ce6cbbce&mc_eid=a080463883  Cyber spies working for or on behalf of China’s government have broadened attacks against official and corporate targets in Vietnam at a time of raised tension over the South China Sea, cyber security company FireEye said. FireEye told Reuters the attacks happened in recent weeks and it had traced them back to suspected Chinese cyber spies based partly on the fact that a Chinese group it had identified previously had used the same infrastructure before.

U.S. Takes Fight to ISIS on Cyber Battlefield   

https://www.thecipherbrief.com/article/tech/u-s-takes-fight-isis-cyber-battlefield  U.S. Cyber Command has mustered an array of cyber capabilities intended to undermine ISIS’s operations and messaging on the web. Much like the U.S. strategy of denying physical safe-haven to terrorists, the U.S. and its allies are seeking to deny virtual safe-haven for the spread of terrorist ideology and operational know-how. ISIS is vulnerable to cyber warfare and the campaign presents an opportunity for military hackers to hone their trade by testing doctrine, tactics, and integration with other domains of war.

CYBERSECURITY

NAIC cyber security model law hews to New York state’s standard

http://www.businessinsurance.com/article/20170904/NEWS06/912315561/NAIC-cyber-security-model-law-hews-to-New-York-state-standard  The National Association of Insurance Commissioners is moving closer to adopting an Insurance Data Security Model Law that closely follows New York’s cyber security regulation, which took effect in March. The model law establishes industry standards for data security that will apply to a broad range of parties, including insurers, agents and brokers.

CYBERCRIME

British man charged with cyber attacks on Lloyds and Barclays banks is extradited to UK from Germany

https://www.standard.co.uk/news/uk/british-man-charged-with-cyber-attacks-on-lloyds-and-barclays-banks-is-extradited-to-uk-from-germany-a3623351.html  Lloyds Banking Group services were disrupted by an apparent cyber attack in January 2017, while Barclays fended off an apparent cyber assault in the same month.  A Surrey man has been brought back to Britain charged with carrying out cyber attacks on two of the UK’s biggest banks. Daniel Kaye, 29, is accused of attacking and blackmailing Barclays and Lloyds in two separate attacks January this year. He was in Germany but has been extradited back to the UK to face the charges.

Radio Hacker Interrupts Police Chase in Australia

https://www.bleepingcomputer.com/news/security/radio-hacker-interrupts-police-chase-in-australia/?utm_content=buffer362d9&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer  A pirate broadcaster posing as a police officer interfered in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers. The incident took place on Tuesday when officers from Victoria Police were called to intervene in alleged armed robbery that took place in the town of Sale. Pirate broadcaster hijacks police radio frequency.

VULNERABILITIES / PATCHES

Router flaws put AT&T customers at hacking risk

http://www.zdnet.com/article/flaws-in-att-routers-put-customers-at-risk/  Thousands of routers, many of which belong to AT&T U-verse customers, can be easily and remotely hacked through several critical security vulnerabilities. Five flaws were found in common consumer Arris routers used by AT&T customers and other internet providers around the world. The flaws were detailed in a blog post by Joseph Hutchins, who described some of the them as being as a result of “pure carelessness.”

IDN Homograph attack spreading Betabot backdoor

https://threatpost.com/idn-homograph-attack-spreading-betabot-backdoor/127839/  An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor and ultimately infecting compromised machines with cryptocurrency-mining and data-stealing malware.  Kaspersky Lab describes Beta Bot as a Trojan that first disables security software and denies users from accessing security websites. This is not direct a security issue with Adobe, but someone is impersonating them to spread malware.

Multiple vulnerabilities found in NVIDIA, Qualcomm, Huawei Bootloaders

https://threatpost.com/multiple-vulnerabilities-found-in-nvidia-qualcomm-huawei-bootloaders/127833/  Six exploitable flaws in chipsets used by Huawei, Qualcomm, MediaTek and NVIDIA were found in popular Android handsets, according to a report by University of California at Santa Barbara computer scientists. Each of the flaws exist in phones sold by Huawei, Sony and Google, and are tied to each of the phones’ bootloader firmware. The vulnerabilities allow an adversary with an existing foothold on phones to break the Chain of Trust during the boot-up sequence.

13 critical remote code execution bugs fixed in September Android update

https://threatpost.com/13-critical-remote-code-execution-bugs-fixed-in-september-android-update/127832/  Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs in its September release.  The most concerning vulnerabilities, as usual, concern Media Framework, Android’s lightweight media player.  If a remote attacker used a specially crafted file, they could execute arbitrary code within the context of a privileged process via the vulnerabilities.

Hoeflertext popups target browsers with RAT and Locky Ransomware

https://threatpost.com/hoeflertext-popups-target-browsers-with-rat-and-locky-ransomware/127795/  A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users.  The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool (RAT) or Locky ransomware.

FDA recalls 465K pacemakers tied to medsec research

https://threatpost.com/fda-recalls-465k-pacemakers-tied-to-medsec-research/127750/  The US Federal Drug Administration is recalling 465,000 pacemakers that attackers can gain unauthorized access to issue commands, change settings and maliciously disrupt.  Affected are four models manufactured by Abbott Laboratories. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency communications. This incident is a reminder of how software has become integral to almost every aspect of our lives.

Malware attacks: Risks now come in new ways, even latching on to anti-viruses

http://www.livemint.com/Technology/k7BbHkslyDxDMq5f7IqCVO/Malware-attacks-Risks-now-come-in-new-ways-even-latching-o.html  Computer Emergency Response Team (CERT), a security agency under the ministry of electronics and IT (MeitY), has issued a warning about an evolved version of Locky ransomware that is using spam emails to target users. US-based security firm App River, which detected it first, points out that 23 million spam emails with Locky ransomware hidden in a zip file have been sent to users in the US in a time span of 24 hours last week. Security solutions company Symantec has come across a new spyware targeted at Indian users. The spyware opens a backdoor to install malware on users’ computer. First reported by Israeli cyber security firm Cybellum, this malware targets the very anti-virus solution users are counting on to protect their device.

Beware these Hurricane Harvey phishing and spam attacks

http://www.techrepublic.com/article/beware-these-hurricane-harvey-phishing-and-spam-attacks/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  Natural disasters are open season for cyber criminals intent on making a buck using time-tested and fraudulent means. Security firm AppRiver discovered a scam email on Wednesday with links to a forged Red Cross donations site. Hackers are also using social media platforms in attempts to solicit charitable donations for flood victims, including creating fake Facebook and Twitter pages dedicated to victim relief containing links to spam websites or malware, as CNET reported.

Princess ransomware targets hacked websites via RIG exploit kit

http://www.techrepublic.com/article/princess-ransomware-targets-hacked-websites-via-rig-exploit-kit/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  A new cybercrime campaign targets hacked websites to distribute ransomware known as PrincessLocker via drive-by downloads, according to research from Malwarebytes. The campaign leverages compromised websites and the commonly-used RIG exploit kit to deliver PrincessLocker, also known as Princess.

Risky business: Here’s why your payment system may be vulnerable to cyberattack

http://www.techrepublic.com/article/risky-business-heres-why-your-payment-system-may-be-vulnerable-to-cyberattack/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  Many firms, especially those in hospitality and retail, fail to comply with payment card industry data security standards and protect against breaches, according to a new report from Verizon. As cybercrime rates continue to rise, firms must pay attention to payment card security to avoid a potential breach and the theft of cardholder data. Verizon offers five tips to help companies comply with PCI DSS over time and keep their customer’s payment data safe

MISCELLANEOUS

Five Things to Know About Cryptocurrency New Offerings

http://www.caixinglobal.com/2017-08-31/101138777.html?utm_source=The+Sinocism+China+Newsletter&utm_campaign=18ce6cbbce-EMAIL_CAMPAIGN_2017_08_31&utm_medium=email&utm_term=0_171f237867-18ce6cbbce-29622273&mc_cid=18ce6cbbce&mc_eid=a080463883  The initial coin offering (ICO), mysterious as it may sound, is the latest crowdfunding phenomenon in which new cryptocurrencies make their debut. Regulating ICOs is already on the radar of Chinese regulators as the market has grown very quickly. Investors in China snapped up 2.6 billion yuan ($394 million) worth of new virtual currencies through crowdfunding during the first six months of this year, a government-backed study found. Potential risks and outright fraud prompted regulators in China and elsewhere to step in and demand more discipline and transparency.

Beyond GPS

http://www.defenseone.com/assets/beyond-gps/portal/?oref=email  This new eBook examines how, in the era of cyberwar, the vulnerabilities of the Pentagon’s Global Positioning System are everyone’s problem. Demand for accurate positioning and timing is growing as quickly as the ecosystem of digital devices that need to report their location. That’s why the U.S. military is working to upgrade, harden, and augment its navigation-and-timing backbone.

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz