Cybersecurity Predictions for 2018*:
- There are two safe predictions about cybersecurity in 2018: there will be more spectacular data breaches and the EU General Data Protection Regulation (GDPR) will go into effect on May 25.
- 2018 could also bring a lot of new takes on old vulnerabilities, some completely new types of cyberattacks, and successful new defenses.
- The following list of predictions starts with general observations and moves to a wide range of cybersecurity topics.
- Attacks on the US government and critical infrastructure – the probability is high that we will see the first major cyberattack on US critical infrastructure; we’ve already seen power grids and manufacturing plants in Europe attacked over the past two years.
- Determining authenticity in the age of fake news – fake news became a major issue in 2017and will likely get worse in 2018 with CGI and Photoshop technology making it almost impossible to tell if a photo or video is real or fake.
- Consumer privacy and the GDPR – data privacy and data security have long been considered two separate missions with two separate objectives, but all that stands to change with serious global regulations kicking into effect.
- The Internet of Things (IoT) – brands have been quick to jump on the IoT bandwagon, but hackers will continue to leverage unprotected devices to spy on their users and break into home and corporate networks.
- Artificial intelligence as a double-edged sword – just as organizations are adopting machine learning and AI to improve their cybersecurity posture, so are the threat actors.
- The trouble with Cryptocurrencies – cryptocurrency enabled and fuelled the growth of ransomware threats in 2017; in 2018 a major vulnerability could topple the value of one of the popular cryptocurrencies.
- Biometrics and multi-factor authentication – after the huge success of fingerprint readers in iPhones and Android devices, we will see more consumer-ready biometric authentication capabilities.
- The deployment of enterprise IT and cybersecurity – cyber attackers will begin looking at mainframes as a future source of attacks; the overall security landscape in 2018 will be centered around the cloud and IoT.
- It’s the people – in 2018 the role of the CISO will continue to evolve to encompass public policy, law enforcement, privacy, and an understanding of threat landscape; the current talent gap in cybersecurity skillsets is massive and will only widen in 2018.
*Source: Forbes, December 26, 2017
SWIFT Hackers Hit Russian State Bank*:
- The news has broken that bad actors tried to steal about $940,000 from Russian state bank Globex – but sources told Russian news outlet Kommersant that they were only able to make off with about 10%, or $94,000.
- Globex president told wire services that “customer funds have not been affected.”
- SWIFT is an international payments system used for global monetary transfers.
- The unusually large size of the attempted fraudulent transactions is what tipped the bank off and allowed it to block most of the theft.
- In 2016, hackers were able to make off with $81 million from Bangladesh’s central bank, using a software exploit and a malware that had been specifically designed to change code in SWIFT’s Access Alliance software.
- Since then, the SWIFT system has issued tighter security guidance, though bad actors continue to target it.
*Source: InfoSecurity, December 21, 2017
Mozilla Patches Critical Bug in Thunderbird*:
- Mozilla issued a critical security update to its popular open-source Thunderbird email client.
- The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low.
- The most serious of the fixes is a critical buffer overflow bug (CVE-2017-7845) impacting Thunderbird running on the Windows operating system.
- The same critical vulnerability (CVE-2017-7845) was reported and patched earlier this month in Mozilla’s Firefox web browser.
- The two security issues rated high were CVE-2017-7846 and CVE-2017-7847 – the first is described as a flaw in Thunderbird’s RSS reader, and in the second crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
- The remaining moderate (CVE-2017-7848) and low (CVE-2017-7829) vulnerabilities are a RSS bug and a bug impacting email.
*Source: Threat Post, December 26, 2017
Nissan Canada Data Breach: 1.1 Million Customers Notified*:
- Nissan Canada’s finance business revealed that all of its 1.13 million current and former customers may have had their details compromised in a data breach.
- The carmaker said no payment information was compromised, but the following might have been: customer name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount and monthly payment.
- The breach affects some customers that financed their vehicles through Nissan Canada Finance (NCF) and INFINITI Financial Services Canada, although the firm is still working out exactly how many are affected.
- It’s erring on the side of caution by informing all current and former customers and offering them 12 months of free credit monitoring services through TransUnion.
- After investigation, NCF said there’s currently no reason to believe customers outside of Canada are affected.
*Source: Info Security, December 22, 2017
CBI Programmer Behind Massive Tatkal Ticket Booking Scam*:
- Railway passengers will know how rare a feat it is to be able to book confirmed Tatkal tickets themselves.
- Contrarily, agents seem to have it very easy; it turns out, it was a massive cybercrime network let by a CBI techie.
- Tatkal booking for AC classes open at 10am and non-AC classes at 11am for next day's trains.
- A common complaint is that seats get full within minutes, even if you line up at a ticketing booth the night before.
- Some travel agents offer Tatkal tickets and charge a premium over the official price.
- In 2012, assistant programmer Ajay Garg joined the CBI, and he had previously handled IRCTC’s ticketing system and learned the vulnerabilities within.
- He created an illicit program that stores passengers’ details beforehand, bypasses several steps, and allows multiple simultaneous logins.
- Garg sold the software to agents and charged them separately per ticket.
- He would accept payment only in bitcoins and through hawala networks.
- CBI raided 14 premises associated to Garg and his associates and recovered Rs 89.42L in cash, gold jewellery worth Rs. 61.29L, two gold bars of 1kg each, 15 laptops, and other incriminating material.
*Source: News Bytes, December 19, 2017
Two Romanians Charged With Hacking DC Surveillance Cams in Ransomware Scheme*:
- Federal authorities charged a pair of Romanian nationals with hacking more than 100 Washington, D.C. police department computers and surveillance cameras, just days before President Donald Trump's inauguration.
- The suspects have been charged with conspiracy to commit wire fraud and conspiracy to commit computer fraud.
- A Secret Service agent wrote in the complaint that the suspects used spam emails to distribute malicious software to Metropolitan Police Department computers used to operate 123 of the city’s 187 surveillance cameras.
- Investigators said they were able to re-secure the cameras before the inauguration and police operations that day were not interrupted by the hack.
- The suspects used the hacked computers to spread further spam in a bid to distribute the ransomware more widely, ultimately targeting some 179,000 email addresses with malicious code.
- Investigators determined that the spam mailings were routed through the bulk email service SendGrid, which allowed them to identify specific email accounts linked to the suspects.
*Source: CBS news, December 28, 2017
Huawei Router Vulnerability Used to Spread Mirai Variant*:
- Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Mirai Okiru, also known as Satori.
- The flaw is in Huawei’s router model HG532, and researchers said they are tracking hundreds of thousands of attempts to exploit the vulnerability in the wild.
- Leading up to the discovery in November, researchers observed a flurry of attacks worldwide against the devices, with the US, Italy, Germany, and Egypt hit hardest.
- The original Mirai malware exploited flaws found in the CCTV and DVR hardware that allowed a default Linux telnet credential to be used.
- Since the Mirai source code became publicly available, many hackers have modified the code and expanded the number of Internet of Things devices compromised.
- In the case of Mirai Okiru/Satori, researchers suspected an inexperienced hacker that goes by “Nexus Zeta” is behind the attacks.
- The attack involves a command injection, where the malicious payload is downloaded and executed on the Huawei router.
- The vulnerability allows remote administrators to execute arbitrary commands by injecting shell meta-characters into the DeviceUpgrade process.
- According to Huawei, mitigation against attack includes configuring the router’s built-in firewall, changing the default password or using firewall at the carrier side.
- Researchers said it’s still unclear how the vulnerability it discovered found its way to Nexus Zeta’s possession.
*Source: Threat Post, December 22, 2017
Printer-Spoofing Campaign Installs Espionage-Bent Backdoors Inside the Enterprise*:
- For many large organizations, emails from corporate printers and scanners are commonplace, and cyber-criminals are finding this vector to be a lucrative host to launch cyber-attacks.
- Barracuda Networks has tracked an uptick in attacks through Canon, HP and Epson printer and scanner email attachments of late.
- Since late November, cyber-criminals have made millions of attempts to infect unsuspecting users by sending impersonated or spoofed emails from these common printer and scanner brands, with attachments that contain malware.
- Typically, the subject line of the malicious emails would seem routine: “Scanned from HP”, “Scanned from Epson” or “Scanned from Canon,” for instance.
- Using modified file names and extensions, the attackers are also able to hide the malicious code and bypass security measures such as email antivirus systems.
- Once unpacked, the malware installs a backdoor on the machine that offers unauthorized access to a victim PC and cyber-espionage capabilities.
- This includes the ability to monitor user behavior, change computer settings, browse and copy files, utilize bandwidth for criminal activity, access connected systems, and more.
- It also scans connections in an attempt to escalate from having user rights on the workstation to having local administrator rights.
- Indicating a ransomware-ready aspect, attackers also can change the victim’s wallpaper to display a message of their choice.
- Workers should use common sense to avoid the threat:
- Double-check with the sender if you aren’t expecting a document
- Hover the mouse over every hyperlink to make sure it’s legitimate
- Don’t click if there is any doubt whatsoever about the source
*Source: Info Security, December 22, 2017