Category Archives: HACKING BUGS ID THEFT

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.

Metasploit security kit now hacks IoT devices, hardware

This well supported hacking tool kit can now be linked to everything from fridges to cars in the search for vulnerabilities.

hack-keyboard-pirate-symbol image www.intelagencies.com

The popular Metasploit hacking kit has been upgraded to tackle today’s Internet of Things (IoT) devices, granting researchers the opportunity to scour for bugs in modern vehicles.

Rapid7 Research director of transportation security Craig Smith announced on February 2 that the Metasploit framework can now link directly to hardware, permitting users to develop exploits to test their hardware and conduct penetration testing with less time wasted.

It is hoped that researchers will no longer have to build multiple tools to test today’s modern devices and overcome previous network limitations.

“Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware,” Smith says.

The open-source penetration testing software, available for free or as an extended, paid-for edition, is over a decade old but is still utilized by thousands of researchers worldwide. The framework currently boasts roughly 1,600 exploits and 3,300 penetration testing modules.

Due to the fresh update to the Hardware Bridge API, users are no longer limited to Ethernet network connections. Instead, researchers can build support directly into firmware or create a relay service through a REST API, which is necessary for some hardware tools including Software Defined Radio (SDR) that cannot communicate over Ethernet.

“Every wave of connected devices, regardless of whether you’re talking about cars or refrigerators, blurs the line between hardware and software. As we like to say, this hardware bridge lets you exit the Matrix and directly affect real, physical things,” said Smith. “We’re working to give security professionals the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on.”

The initial release focuses on IoT, with a particular slant towards automotive penetration testing. The bridge now includes modules for testing vehicle Controller Area Network (CAN) buses and users are also offered interactive commands for gathering information on vehicles being tested, such as speed and inbuilt security systems.

“If you are in security at an automaker, you are challenged to test things that are not exposed to traditional networks,” Smith told Dark Reading. “The hardware bridge allows security teams to add hardware testing to their QA process. It also allows red teams to have a central user interface to all of their hardware tools.”

Additional modules which target embedded, industrial, and hardware devices, including SCADA systems for industrial applications, will be added over time. Rapid7 also plans to add additional BUS systems, such as K-Line, in the future.

Rapid7 is asking users of the initial Metasploit release to provide feedback and suggest new automotive features for future versions.

club libido banner-22

Henry Sapiecha

Yahoo hack: Email accounts of Australian politicians, public figures,police and judges compromised in massive breach, dataset has revealed

Yahoo suffers world’s biggest hack with data stolen from ONE BILLION users – including over 150,000 US government and military employees

  • Hackers stole data from more than one billion user accounts in August 2013
  • A different breach from one disclosed in September of 500 million accounts
  • Stolen info includes names, emails, phone numbers and dates of birth
  • The company still doesn’t know how the data from the accounts was stolen

yahoo-ceo-on-stage image www.intelagencies.com

The stolen database contains email addresses,

Key points:

  • Private email addresses, passwords belonging to politicians were obtained by hackers
  • AFP officers, judges and magistrates were also affected
  • Security experts warns the hack has the potential to cause serious embarrassment for officials

Data provided by US security company InfoArmor, which alerted the Department of Defence of the massive data breach last October, reveal more than 3,000 log-in credentials for private Yahoo services were linked to Australian Government email accounts.

InfoArmor, an Arizona-based cybersecurity firm which investigates data theft for law enforcement agencies, said the data was stolen from Yahoo in 2013 by a hacker organisation from Eastern Europe.

It said the hacker group then sold the Yahoo accounts to cyber criminals and a suspected foreign intelligence agency for $US300,000 each.

Yahoo revealed late last year that it believed hackers had stolen data from more than 1 billion user accounts in August 2013, in what is thought to be the largest data breach at an email provider.

A Department of Defence spokesperson confirmed key events to the ABC, including:

  • Defence was notified of the breach last October via an intermediary from NSW Police, two months before Yahoo announced the data breach to the public
  • It then notified its own affected employees of the breach

It remains unclear whether affected staff from other Commonwealth agencies have also been notified by their departments.

The stolen database contains email addresses, passwords, recovery accounts, and other personal identifying data belonging to a startling array of senior Australian officials.

Among those affected were Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Victorian Premier Daniel Andrews, Liberal MP Andrew Hastie, opposition health spokesperson Catherine King and Liberal senator Cory Bernardi.

It is unclear how many of the accounts are still active.

The ABC was able to identify officials in the dataset because they had used their government emails as backups if they forgot their passwords.

Last week, the ABC approached each of these affected politicians’ offices, as well as some public servants, seeking confirmation of the authenticity of these log-in credentials. Most declined to do so.

The compromised accounts do not exclusively relate to clients of Yahoo’s email service, but also Yahoo-affiliated web services such as the microblogging site Tumblr and the photo sharing site Flickr.

A spokeswoman for Mr Porter said “as far as the Minister is aware he has never used a Flickr account”.

A spokesperson for Senator Bernardi said “to the best of his knowledge, [Senator Bernardi] doesn’t have a Yahoo account.”

One advisor told the ABC it was possible some accounts linked to politicians were set up by former staffers.

Others who did respond confirmed the log-in credentials are accurate.

Do you know more about this story? Email investigations@abc.net.au

Accounts linked to police, judges also compromised

Other government officials compromised include those carrying out sensitive roles such as high-ranking AFP officers, AusTrac money laundering analysts, judges and magistrates, political advisors, and even an employee of the Australian Privacy Commissioner.

“Perhaps records of transactions of purchases, or discussions or things they’ve done. Private conversations that they didn’t want to do on a government server. Perhaps they’ve engaged in some sort of shady activity. Or just expenses for politicians, for example, that they might have tried to keep out of official channels.

“Blackmail information is very valuable to other governments for nudging or persuading people to do things.”

Another challenge facing the Government is how to deal with compromised private accounts belonging to some Australian diplomats and special defence personnel posted overseas. Many of the officials featured in the dataset are employed in roles with security clearances that are intended to be low-profile.

“If I was in a position where my relationship with the government wasn’t to be known by others, then absolutely you shouldn’t be linking a government account to your personal accounts,” Mr MacGibbon said.

Hackers have had years to exploit data

A further problem is the protracted period between the Yahoo data breach itself, which dates back to March 2013, to the eventual public confirmation of Yahoo, over three years later.

Andrew Komarov, InfoArmor’s chief intelligence officer, said malicious hackers would have had literally years to exploit the users’ data.

“The bad actors had enough time to compromise any records they wanted as it’s a pretty significant time frame,” Mr Komarov said.

“That’s why today is pretty hard to figure out what exactly happened and how many employees in government could be compromised.”

According to InfoArmor, the hacker group responsible are an Eastern European cyber-criminal organisation motivated by profit, rather than a state-sponsored entity.

“This group has no presence on any forums or marketplaces. In the past they used two proxies: one for the Russian-speaking underground and another one for the English-speaking,” Mr Komarov said.

“They sell their data indirectly using some trusted channels, contacts and proxies. Not through any marketplaces or forums because of their security measures. They don’t need it.

“They have pretty serious contacts in the underground and some trusted rounds of various cybercriminals with whom they work.”

CLUB LIBIDO BANNER blonde on floor

Henry Sapiecha

Trump concedes Russia likely hacked DNC, attacks USA intelligence agencies over leaks

US President-elect Donald Trump acknowledged for the first time Wednesday that he believes Russian operatives hacked the Democratic Party during the election, but he continued to dispute intelligence reports that Moscow acted to help him win.

During an at times rancorous press conference, he angrily denounced the publishing of claims he had been caught in a compromising position in Russia and attacked news organisations for publishing the claims, while also lashing US intelligence agencies over the leak of an explosive but unverified dossier.

“I think it was Russia,” Mr Trump conceded at the press conference in New York when asked who was responsible for the leaks of Democratic emails during the campaign.

But Mr Trump said he believes Russia would have released damaging information about him had they obtained such information.

Mr Trump also addressed questions about his relationship with Russian President Vladi­mir Putin, saying “If Putin likes Donald Trump, guess what folks, that’s an asset not a liability. I don’t know if I’ll get along with Vladi­mir Putin. . .but even if I don’t does anyone in this room think Hillary Clinton will be tougher on Putin than me? Give me a break.”

Mr Trump made his remarks in his first news conference as President-elect, ending a period of 167 days since he has fielded questions from the full media contingent. Past winners of the presidency have traditionally faced the press far earlier.

ooo

On Wednesday morning the president-elect angrily denounced news reports about a dossier of potentially compromising information Russia has allegedly gathered about him, citing denials from the Kremlin that it has any such intelligence.

The president-elect also charged via Twitter that his “crooked opponents” are trying to undermine his electoral victory. He accused the intelligence community of leaking the information to get in “one last shot at me,” saying, “Are we living in Nazi Germany?”

President-elect Donald Trump listens to a question during a news conference in the lobby of Trump Tower in New York image www.intelagencies.com

At the news conference on Wednesday he attacked US intelligence agencies over the leak of the dossier, which was published in full by the news and entertainment website Buzzfeed on Tuesday.

“I think it was disgraceful, disgraceful that the intelligence agencies allowed any information that turned out to be so false and fake out there,” Mr Trump told the news conference. He called the dossier that makes salacious claims about him “fake news” and “phony stuff.”

Mr Trump acknowledged Russia was likely behind the hack of the DNC image www.intelagencies.com

“I think it’s a disgrace … That’s something that Nazi Germany would have done,” the Republican said days ahead of his inauguration.

Mr Trump’s comments follow the revelation Tuesday night that a classified report delivered to Mr Trump and President Obama last week, according to US officials, included a section summarising allegations that Russian intelligence services have compromising information about Mr Trump’s personal life and finances.

The officials said that US intelligence agencies have not corroborated those allegations but believed the sources involved in the reporting were credible enough to warrant inclusion of their claims in the highly classified report on Russian interference in the presidential campaign.

Earlier Wednesday, a spokesman for Russian President Vladimir Putin called the allegations that Russia has collected compromising information about Trump an “absolute fantasy.”

Soon after, Mr Trump tweeted: “Russia just said the unverified report paid for by political opponents is ‘A COMPLETE AND TOTAL FABRICATION, UTTER NONSENSE.’ Very unfair!”

Most media organisations reported only on the existence of the report and that intelligence officials had included a summary of it in their briefings with Mr Trump and Mr Obama on Russia’s attempts to sway the election. But BuzzFeed News published a document supposedly created by a former British intelligence official. The information it contains has not been verified.

Mr Trump and other officials appeared to focus on BuzzFeed’s publication of the report, denying that the document possesses any truth.

Mr Trump said Wednesday morning that he had no relationship with Russia that could compromise him.

“Russia has never tried to use leverage over me,” he said. “I HAVE NOTHING TO DO WITH RUSSIA — NO DEALS, NO LOANS, NO NOTHING!”

The Washington Post with Reuters

Trump Receives Russia Hacking Report. Contents, true or false??

trump-side-image-www-intelagencies-com

Hours after concluding his meeting with the U.S.’s top intelligence officials, President-elect Donald Trump didn’t immediately continue his previous denial that the Russian government was behind the election season hacking of the Democratic National Committee.

Trump did, however, promptly issue a statement contradicting the report’s scope.

His statement, which was emailed to the media around 2:30 P.M., claimed that regardless of who was behind the hacks, they caused “absolutely no effect on the outcome of the election.”

However, the Office of the Director of National Intelligence (ODNI), which prepared the report, explicitly said they never attempted to judge how many votes Russia might have swayed — just that it was Russian President Vladimir Putin’s intent to favor Trump over his opponent, Hillary Clinton.

“We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election,” the report read. “The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze U.S. political processes or U.S. public opinion.”

It would likely be impossible to determine how many voters stayed home or chose Trump over Clinton because of the hacks, as well as their subsequent news coverage, especially in Russian outlets like RT, which the report called “a platform for Kremlin messaging.” Clinton lost by 74 electoral votes — a minimum of at least two states — though she received more total votes than any American presidential candidate in history save President Obama in 2008. She received 2.8 million more votes than Trump.

ODNI, which presented the report to President Obama on Thursday, made a declassified version available to the public late Friday afternoon. It contains few genuine revelations not previously reported in the news, though it’s noteworthy for breaking down the independent major intelligence agencies’ conclusions. The CIA and FBI both have “high confidence” that Putin ordered a hacking campaign to injure Clinton’s campaign. The NSA, which intercepted messages of senior Russian officials celebrating Trump’s win, expressed “moderate confidence” in that conclusion.

The report maintains, also with high confidence, that the online character Guccifer 2.0, who had claimed to be a Romanian hacktivist while slowly dispensing various documents stolen from Democrats’ servers, was a tool of Russian intelligence to disseminate those files. Vocativ reported in July that Guccifer 2.0 was lying about his identity and likely Russian, and in September that he seemed to leaking information about Democrats specifically in states vital for a Trump victory.

Trump added in his statement “that there was no tampering whatsoever with voting machines.” That, however, wasn’t even up for debate. It wasn’t mentioned in ONDI’s report, and prominent voting experts, as well as FBI Director James Comey, proclaimed before the election that a major attack on the U.S.’s physical voting machines was unlikely. Subsequent audits found no evidence of foreign tampering.

club-libido-banner-masked-woman-on-black

Henry Sapiecha

www.ispysite.com

Red Cross data theft: personal info of 550,000 blood donors exposed to the masses

The private lives of half a million Australians – including sexual and medical histories – have been made public in what could be one of the country’s largest data breaches.

Australian Red Cross Blood Service staff are contacting more than 550,000 blood donors whose personal information was contained in a file accidentally placed on an unsecured, public-facing part of their website.

Massive Red Cross breach

A file containing the details of over 550,000 Red Cross blood donors and donor applicants has been leaked. Courtesy ABC News 24.

The information relates to donors from 2010 to 2016 and includes names, addresses and dates of birth as well as sensitive donation eligibility questions concerning sexual activity, drug use, weight and medical conditions.

The Australian Privacy Commissioner will launch an investigation and a human rights lawyer says those affected may be able to make a claim for damages.

red-cross-data-breach image www.intelagencies.com

The breach of data comes from the Australian Red Cross Blood Service and dates back to 2010. Photo: Dallas Kilponen

Australian Red Cross Blood Service image www.intelagencies.com

A text message sent to people potentially affected by the Red Cross data breach. Photo: Supplied

Red Cross Blood Service chief executive Shelly Park blamed human error by a contractor running the organisation’s website for the breach but said the information was considered to have a low risk of direct misuse in the future.

The data was available online since early September and is believed to have been accessed on Monday, October 24.

Investigations are continuing and the Australian Federal Police and Australian Cyber Security Centre have been informed of the breach.

“On October 26, we learnt that a file, containing donor information,which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website,” Ms Park said.

“The issue occurred due to human error. Consequently, this file was accessed by a person outside of our organisation.”

Ms Park said the organisation had engaged cyber security experts to investigate how it was “caught out” and was in the process of notifying donors affected.

Donors affected have been warned there is an increased risk to their online security and that they should be on the look out for phone and email scams.

“We are extremely sorry. We are deeply disappointed to have put our donors in this position,” Ms Park said.

Microsoft employee and technology blogger Troy Hunt, who runs a data breach notification service, reported the person who gained access to the information had contacted him, revealing Mr Hunt’s own personal details and a 1.74GB data file containing the records.

His name, email, gender, date of birth, phone number and date of last donation were disclosed in the file.

This was also the case with his wife, whose file also contained her blood type and their home address.

“The database backup was published to a publicly facing website. This is really the heart of the problem because no way, no how should that ever happen,” he wrote in a blog post.

Mr Hunt said he had deleted his copy of the information and the person who gave it to him had agreed to do the same. The Red Cross said, to their knowledge, “all known copies of the data have been deleted”.

Some exposed data could contain the highly sensitive eligibility questions, including: “In the last 12 months, have you engaged in any at-risk sexual behaviour?”

Beautiful_Russian_2_728_90ooo

Donors are also asked if they have ever injected recreational drugs, are on antibiotics, if they are under or overweight and if they have undergone any surgical procedures.

Australian Privacy Commissioner Timothy Pilgrim announced a probe into the breach on Friday afternoon.

“I will be opening an investigation into this matter and will work with the Red Cross to assist them in addressing the issues arising from this incident.

“The results of that investigation will be made public at its conclusion,” he said in a statement.

“My office encourages voluntary notification of data breaches, particularly where there is a risk to an individual as a result of a breach.”

Human Rights lawyer George Newhouse said the privacy commissioner had the power to order damages and apologies.

Adjunct Professor Newhouse also said his office was considering mounting legal action for those affected.

“We’re looking into a class action on behalf of those who have had their data unlawfully accessed,” he said.

“On the basis that they’ve had their privacy breached.”

Even basic personal information could lead to identity fraud but it was worse for anyone who’s sexual or medical history had been compromised, he said.

“This is highly sensitive personal information that could cause enormous embarrassment to people in their personal and work lives. This incident highlights how vulnerable organisations and individuals are to unauthorised access.”

A Health Department spokeswoman said she was confident the blood service would recover.

“The ARCBS is a long-standing institution who are charged with ensuring a viable donor base, safe collection, processing and distribution of blood and blood products,” she said.

“We are confident that the ARCBS will be able to recover from this incident, build the confidence of the donor base and ensure that the safety and security of their systems are robust and compliant with privacy and confidentiality requirements.”

The AFP and the Australian Cyber Security Centre referred questions about their involvement to the Health Department.

If people have privacy concerns about this incident they can contact the privacy commissioner’s office for free confidential advice on enquiries@oaic.gov.au or 1300 363 992 or contact the Red Cross Blood Service through a dedicated hotline.

GJVTooo

Henry Sapiecha

How to build defenses against the internet’s doomsday of DDoS attacks

Last week assault on Dyn’s global managed DNS services was only the start. Here’s how to fend off hackers’ attacks both on your servers and the internet.

internet-of-things-symbol image www.intelagencies.com

We knew major destructive attacks on the internet were coming. Last week the first of them hit Dyn, a top-tier a major Domain Name System (DNS) service provider, with a global Distributed Denial of Service (DDoS) attack.

As Dyn went down, popular websites such as AirBnB, GitHub, Reddit, Spotify, and Twitter followed it down. Welcome to the end of the internet as we’ve known it.

Up until now we’ve assumed that the internet was as reliable as our electrical power. Those days are done. Today, we can expect massive swaths of the internet to be brought down by new DDoS attacks at any time.

We still don’t know who was behind these attacks. Some have suggested, since Dyn is an American company and most of the mauled sites were based in the US, that Russia or Iran was behind the attack.

It doesn’t take a nation, though, to wreck the internet. All it takes is the hundreds of millions of unsecured shoddy devices of the Internet of Things (IoT).

In the Dyn onslaught , Kyle York, Dyn’s chief strategy officer said the DDoS attack used “tens of millions” devices. Hangzhou Xiongmai Technology, a Chinese technology company, has admitted that its webcam and digital video recorder (DVR) products were used in the assault. Xiongmai is telling its customers to update their device firmware and change usernames and passwords.

Good luck with that. Quick: Do you know how to update your DVR’s firmware?

The attack itself appears to have been made with the Mirai botnet. This open-source botnet scans for devices using their default username and password credentials. Anyone can use it — China, you, the kid next door — to generate DDoS attacks. For truly damaging DDoS barrages, you need to know something about the internet’s architecture, but that’s not difficult.

Or, as Jeff Jarmoc, a Salesforce security engineer, tweeted, “In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.” That’s funny, but it’s no joke.

Fortunately, you can do something about it.

Russian_Girl_1_728_90

Securing the Internet of Things

First, and this unfortunately is a long-term solution, IoT vendors must make it easy to update and secure their devices. Since you can’t expect users to patch their systems — look at how well they do with Windows — patching must be made mandatory and done automatically.

One easy way to do this is to use an operating system, such as Ubuntu with Snap, to update devices quickly and cleanly. These “atomic” style updating systems make patches both easier to write and deploy.

Another method is to lock down IoT applications and operating systems. Just like any server, the device should have the absolute minimum of network services. Your smart TV may need to use DNS, but your smart baby monitor? Not so much.

That’s all fine and dandy and it needs to be done, but it’s not going to help you anytime soon. And, we can expect more attacks at any moment.

Defending your intranet and websites

First, you should protect your own sites by practicing DDoS prevention 101. For example, make sure your routers drop junk packets. You should also block unnecessary external protocols such as Internet Control Message Protocol (ICMP) at your network’s edge. And, as always, set up good firewalls and server rules. In short, block everything you can at your network edge.

Better still, have your upstream ISP block unnecessary and undesired traffic. For example, your ISP can make your life easier simply by upstream blackholing. And if you know your company will never need to receive UDP traffic, like Network Time Protocol (NTP) or DNS, your ISP should just toss garbage traffic into the bit bin.

You should also look to DDoS mitigation companies to protect your web presence. Companies such as Akamai, CloudFlare, and Incapsula offer affordable DDoS mitigation plans for businesses of all sizes.

As DDoS attacks grow to heretofore unseen sizes, even the DDoS prevention companies are being overwhelmed. Akamai, for example, had to stop trying to protect the Krebs on Security blog after it was smacked by a DDoS blast that reached 620 Gbps in size.

That’s fine for protecting your home turf, but what about when your DNS provider get nailed?

You can mitigate these attacks by using multiple DNS providers. One way to do this is to use Netflix‘s open-source program Denominator to support managed, mirrored DNS records. This currently works across AWS Route53, RackSpace CloudDNS, DynECT, and UltraDNS, but it’s not hard to add your own or other DNS providers. This way, even when a DDoS knocks out a single DNS provider, you can still keep your sites up and running.

Which ones will work best for you? You can find out by using Namebench. This is an easy-to-use, open-source DNS benchmark utility.

Even with spreading out your risk among DNS providers, DNS attacks are only going to become both stronger and more common. DNS providers like Dyn are very difficult to secure.

As Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company, told Bloomberg, DNS providers are like hospitals: They must admit anyone who shows up at the emergency room. That makes it all too easy to overwhelm them with massive — in the range of 500 gigabits per second — attacks. In short, there is no easy, fast fix here.

One way you can try to keep these attacks from being quite so damaging is to increase the Time to Live (TTL) in your own DNS servers and caches. Typically, today’s local DNS servers have a TTL of 600 seconds or 5 minutes. If you increased the TTL to say 21,600 seconds or six hours, your local systems might dodge the DNS attack until it was over.

fhj,ljk

Protecting the internet

While the techniques might help you, they don’t do that much to protect the internet at large. DNS is the internet’s single point of total failure. That’s bad enough, but as F5, a top-tier ISP notes, DNS is historically under-provisioned. We must set up a stronger DNS system.

ISPs and router and switch vendors should also get off their duffs and finally implement Network Ingress Filtering, better known as Best Current Practice (BCP)-38.

BCP-38 works by filtering out bogus internet addresses at the edge of the internet. Thus, when your compromised webcam starts trying to spam the net, BCP-38 blocks these packets at your router or at your ISP’s router or switch.

It’s possible, but unfortunately not likely, that your ISP has already implemented BCP-38. You can find out by running Spoofer. This is a new, open-source program that checks to see how your ISP handles spoofed packets.

So why wasn’t it implemented years ago? Andrew McConachie, an ICANN technical and policy specialist, explained in an article that ISPs are too cheap to pay the small costs required to implement BCP-38.

BCP-38 isn’t a cure-all, but it sure would help.

Another fundamental fix that could be made is response rate limiting (RRL). This is a new DNS enhancement that can shrink attacks by 60 percent.

RRL works by recognizing that when hundreds of packets per second arrive with very similar source addresses asking for similar or identical information, chances are they’re an attack. When RRL spots malicious traffic, it slows down the rate the DNS replies to the bogus requests. Simple and effective.

Those are some basic ideas on how to fix the internet. It’s now up to you to use them. Don’t delay. Bigger attacks are on their way and there’s no time to waste.

Beautiful_Russian_2_728_90

Henry Sapiecha

Middle Eastern hackers employ this phishing technique to infect political targets with Trojan malware

‘Moonlight’ group is likely to be involved in cyber espionage, warns Vectra Networks.

White full moon atmosphere with star at dark night sky background

White full moon atmosphere with star at dark night sky background

The hacking group has been dubbed Moonlight due to references in code

A hacking group is conducting cyber espionage against targets in the Middle East by duping politicians, activists and staff at NGOs into clicking links to authentic-looking but fake versions of high-profile websites in the region, and then infecting them with malware.

The operation — dubbed ‘Moonlight’ by cyber security researchers, after the name the attackers chose for one of their command-and-control domains — has generated over two hundred samples of malware over the past two years and targets individuals via their private email accounts instead of their corporate ones, to increase the chances of a successful attack.

The attacks, which are themed around Middle Eastern political issues such as the war in Syria or the conflict in Palestine, have been unearthed by cybersecurity researchers at Vectra Networks, who say the tools and targets are reminiscent of the Gaza Hacker Team, a group of hacktivists said to be aligned with Hamas, the Palestinian militant Islamic group. The attacks are purely centered on Middle Eastern targets, with the text crafted in Arabic.

Moonlight typically delivers an obfuscated version of the widely available H-Worm, a malicious Visual Basic Script-based remote access Trojan. It isn’t sophisticated, but the effort the attackers put into their phishing attacks means that it’s effective.

“They put effort into lovingly crafting the emails, the websites, the documents they’ve created, putting a fair amount of effort and energy into it. But beyond that the underlying tech is off the shelf,” says Oliver Tavakoli, CTO at Vectra Networks, emphasizing how the attackers don’t need sophisticated hacking skills.

“It teaches you about the low degree of skill required to actually pull something like this off,” he adds.

As with other phishing schemes, those behind Moonlight are attempting to entice their target to click on malicious documents, which claim to contain information about issues and events in the Middle East, such as Hamas, Gaza, Syria, Egypt and other topics relevant to audiences in the Arab world.

moonlight-decoy-people-trafficing image www.intelagencies.com

A decoy report on people trafficking.

Image: Vectra Networks

The lure is deployed as an EXE file, but rather than doing nothing but install malware when clicked on, Moonlight presents the victim with a relevant decoy, therefore avoiding suspicion that the document may be malicious.

Another method the attackers use to deploy malware is via malicious links that lead to fake but convincing versions of authentic Middle Eastern media organizations’ websites. Typically deploying the link via a shortened URL, the user is invited to click through to a news article based on current events in the Middle East. While it looks like the real deal, users will find themselves infected with malware.

The end result in each of these two attacks is that the victim — of which there have been hundreds — becomes infected with a Trojan that’s most likely used to conduct espionage. But rather than infecting corporate environments, it’s the personal email addresses and therefore home networks of victims which have been targeted, because they represent more vulnerable targets — and that’s reflected in unsophisticated nature of the malware itself.

“The obscuring that they did wasn’t of network communications, but of the actual exploit and malware they delivered. That leads me to believe that it’s not really targeted at employees of companies, but more at end users — politicians using their private emails or private machines, activists in the Middle East and NGOs,” says Tavakoli.

While the endgame of Moonlight and who is ultimately pulling the strings remains unknown, the group behind it is still active and still targeting individuals interested in political issues in the Middle East.

While those outside the Middle East aren’t likely to be targeted by Moonlight, it serves as a reminder that a well-crafted phishing attack can be almost indistinguishable from a real email. Nonetheless, there are still ways that targeted users and organizations can fight back.

www.scamsfakes.com

Russian_Girl_1_728_90

Henry Sapiecha

Spying the new hacking method: Here’s how to retaliate

shadowy-virtual-reality-figure image www.intelagencies.com

How can businesses defend themselves from hackers using traditional espionage techniques?

Education goes a long way to protect yourself from the wide variety of cyberthreats out there.

Once upon a time it was much easier to stay safe online; as long as you used an up-to-date antivirus package and were careful how you acted on the internet, you could expect to stay safe.

But now things have changed: new forms of malware and viruses appear every single day. Meanwhile the rise of social media means everything from your pet’s name to what you did at the weekend is online and could be exploited by cybercriminals to hack your devices and services.

Increasingly cybercriminals are using spying techniques better associated with intelligence agencies to identify relevant information about you and your life and turn that around to attack you.

“There are no hackers, they’re all gone — there are only spies,” says Eric O’Neill, national security strategist for Carbon Black and a former FBI counter-intelligence operative.

“The new hackers are using traditional espionage techniques and they’re blending it with advanced cyber penetrations in order to steal information,” he says, adding “just ask the DNC”.

Antivirus software was previously able to react to malicious activity but according to O’Neill, the rise of phishing and other social engineering techniques means companies are becoming more vulnerable to hackers than ever.

Ultimately, he argues, if a person can’t tell if any email is bogus — and in many cases they can’t — then antivirus has no chance.

“Antivirus can’t stop spear phishing if I’m going to leverage spy tradecraft, if I’m going to learn about you and learn everything I can from your social media accounts. And when I send a spear phishing email to you, it’s going to look like it’s from one of your pals. Once [cybercriminals] get in [to your devices], they get a foothold and antivirus isn’t going to touch that,” he says.

So how can you stay safe from these threats? For a start, don’t uninstall that antivirus yet because it still has a role to play.

“Many attacks can be ruled out by antivirus clients,” says Dr. Siraj Ahmed Shaikh, reader in cybersecurity at Coventry University.

At the most fundamental level, some sort of protection software is still required for any computer connected to the internet, especially when you consider the sheer amount of systems shipped and the amount of patching which is required to ensure they’re up-to-date.

“The role of a traditional antivirus is still useful because when you buy a computer, it’s already out of date because there have been so many patches since the software was released. Antivirus at least does a good job of raising the threshold, raising the minimum bar of our security systems,” says Dr. Shaikh.

But if protective software can’t be relied on to detect sophisticated attempts at coercion, how do we begin to take on the threat posed by cybercriminals attempting to trick people with espionage? The answer lies in education — training people to recognise what might be suspicious and reporting it.

“It’s about raising awareness that these emails are coming in and how sophisticated they can be. It’s about using examples, showing these emails, and breaking them down to show where the red flags are,” says cybersecurity consultant Dr Jessica Barker.

It’s also important to teach people that in the vast majority of cases, only those with malicious intent will ask for credentials and passwords to be sent over email. Even within an organisation, it’s unlikely that another department is going to ask for your login credentials over email.

“It’s about encouraging people that no company will ask you for your login details — but if they do, you should find another way of contacting them,” she says, detailing a simple way people can avoid falling victim to a phishing attempt. Within an organisation, that’s as simple as talking to the department where the email is said to be from.

It’s also important to make sure employees are aware they can come forward if they think they’ve fallen victim to phishing, because no matter what training is provided, it just takes one person clicking on a malicious link or accidentally providing corporate credentials to a criminal to breach a whole corporation’s network.

“What you need to do is build a culture when someone can immediately report that they’ve clicked a link they’re worried they shouldn’t have, and people feel safe to question and not be punished,” says Dr Barker. An organisation taking this approach can then move to minimise damage sooner rather than later.

“If you have an incident like that, where you get a phishing email and someone clicks the link, you can respond quickly and minimise the damage, whereas if someone doesn’t speak up, it’s harder to mitigate any damage.”

For O’Neill however, there’s only one way that the enterprise and cybersecurity providers will ensure that they remain secure — and that’s by using a similar level of intelligence to defend organisations.

Serious security: Three changes that could turn the tide on hackers

hacker-at-work image www.intelagencies.com

We’re all guilty of making security an afterthought. We need to change that attitude, and fast.

“We need to think about spies, leverage human intelligence, not just machines. We need to start with human intelligence and use software to augment that,” he says.

We’re told data breaches cost millions on average – but this security study disagrees

MONEY NOTES COINS

New research suggests that the average cost of data breaches is lower than many estimates and too low to drive greater investment in cybersecurity.

Read more on cybersecurity

Date_Hottest_Girls_300_250

Henry Sapiecha