Hackers target ‘Internet of Things’ to launch various attacks

Today, most of the insecure embedded devices connected to the Internet like CCTV cameras, routers and often called as Internet of Things (IoT) are being targeted or hacked in any cyber attacks.

Imperiva Incapsula, a security firm, has revealed about a DDoS (distributed denial of service) attack. The attack was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras or closed-circuit television (CCTV) cameras protecting businesses around the world instead of a typical computer botnet.

The researchers from the security firm posted in its blog informing about the attack which peaked at 20,000 requests per second and originated from around 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
“Further investigation of the offending IPs showed that they belonged to CCTV cameras, all accessible via their default login credentials. And that’s not all. Looking through the camera lens we also spotted a familiar sight—a storefront in a mall located not five minutes away from our offices,” they said in the blog post.

The researchers said that they were able to meet with the store owners, showed them how their CCTV cameras were abused to attack our clients and help them clean the malware from the infected camera’s hard drive.

They claim in the blog post that among the 245 million professionally installed surveillance cameras operating around the world. However, there are more than million that were installed by unqualified professionals, with even fewer security precautions.

“Even as we write this article, we are mitigating another IoT DDoS attack, this time from an NAS-based botnet. And yes, you guessed it, those were also compromised by brute-force dictionary attacks,” they added.

So, whether it is a router, a Wi-Fi access point or a CCTV camera, default factory credentials are there only to be changed upon installation. 

——–myabhya——–
(Perfect Training Center)

Kemoge mobile malware infecting more than 20 countries

If you are Android user and you have an app
Talking Tom 3, Smart Touch, Privacy Lock then
you should be vary.

FirmEye, a Security and cyber-attack firm tracked down a new mobile malware that is threat in more than 20 countries worldwide.

Kemoge, an Android-affecting malware which you can install via ads, poses a security threat. The
apps are duplicates of software that can be found on the Google Play Store; the key difference is that they attack the user’s device after installation.

On its blog, FireEye says, “The attacker uploads the apps to third-party app stores and promotes the
download links via websites and in-app ads. Some aggressive ad networks gaining root privilege can
also automatically install the samples. On the initial launch, Kemoge collects device information and uploads it to the ad server, then it pervasively
serves ads from the background. Victims see ad banners periodically regardless of the current activity (ads even pop up when the user stays on the Android home screen).”

Your data such as the phone’s IMEI, IMSI, and storage information are then remotely sent to a third-party server.

FireEye said that “Kemoge has self-preservation features, and can uninstall other software including
anti-virus applications. Google has been notified of the threat, and everyone else is advised not to
download dodgy looking things from third-party websites.”

FireEye suggest Android users not to click on the suspicious links from emails/SMS/websites/
advertisements, don’t install apps outside the official app store, Keep Android devices updated to avoid being rooted by public known bugs.

——–myabhya——–
(Perfect Training Center)

Chinese hackers arrested as per the request of the U.S. govt

It seems that the disturbed relation between China and the U.S. over commercial cyberespionage has shown some sort of improvement.

A report published in Washington Post confirms that the Chinese government has arrested hackers, who had been identified by the U.S. officials as they stole commercial secrets from its firms to be sold or passed along to Chinese state-run companies, as per the request of the U.S. government.

However, the Chinese government did not public the details about those hackers. And the government has also clarified that arrests were not related to a mass sweep launched by the Chinese government in July in which authorities as of early September had arrested about 15,000 people in the charge of hacking, sending spam text messages and online scams.

The news report says that the Chinese government took the step in order to improve its relation with the U.S.

“For years, U.S. firms and officials have said Beijing hasn’t done enough to crack down on digital larceny. Experts estimate that Chinese industrial hacking costs U.S. firms tens of billions of dollars annually,” the report read.

However, White House and intelligence officials have not confirmed the arrests.

According to the news report, a senior administration official provided a statement, “As the president has said, we have repeatedly raised our concerns regarding cybersecurity with the Chinese, and we will continue to use all of our engagements to address our concerns directly with the Chinese.”

On September 25 the U.S.-China cyber-agreement announced under which both countries would cooperate “with requests to investigate cybercrimes” and “collect electronic evidence” and to mitigate malicious cyber-activities coming from their territory.

“Particularly now that we have reached this agreement with the Chinese, we should hold them at their word and see what they’re willing to do,” the U.S. official told Washington Post. “We have maintained all along that what we want to see is actions.”

——–myabhya——–
(Perfect Training Center)

Phones on Drones all set to Hack Wireless Printers

If you think, your office is secured because it’s on the top floor of a skyscraper building, then you may need to rethink as in this day and age, pretty much nothing is unhackable—not even office printers locked at the top floor.

Yes! A group of security researchers from Singapore has built a drone that along with a smartphone and custom applications can be used to automatically steal documents from printers with open Wi-Fi connections. The technology was developed by researchers from iTrust, a cyber security research center at the Singapore University of Technology and Design.
The researchers used a standard drone from a Chinese firm, DJI and used it to transport a Samsung Smartphone to an area where a wireless network with wireless printer was located. 

The researchers used two applications that they developed:

▬The first app establishes a bogus access point once the open wireless printer is detected.  The access point mimics the printer and tricks computers in the internal wireless network to send sensitive documents to it.

▬The second app is Cyber security Patrol, which is designed to scan the air searching for open Wi-Fi printers and automatically notify the organization’s IT department. This app has been designed to improve the security of the target organization. It looks for unsecured printers in the target organization accessible via the drone, but rather launching the attack, it took photos of the compromised printers and reports it to the internal staff.

Once a document is intercepted, the app can send it to an attacker’s Dropbox account using the phone’s 3G or 4G connection, and also send it on to the real printer so a victim wouldn’t notice the hack.

The attack zone is limited to 26 meters in radius. But with dedicated hardware, an attacker could generate a stronger signal which can extend that range further. Any computer inside the attack zone will opt to connect to the fake printer over the real one, even if the real printer is closer in proximity to the rogue one.

A drone hovering outside an office building would be obviously spotted, but the goal of the project intended to help companies so that they could be taught how easily accessible Wi-fi printers can be which can be stolen by hackers to steal data or get into their networks.

The project was part of a government-sponsored cyber security defense project.

Student researchers Jinghui Toh and Hatib Muhammad developed the method under the guidance of Professor Yuval Elovici of Department of Information Systems Engineering at Ben-Gurion University of the Negev.

The system targets wireless printers because wireless printers are supplied with the Wi-Fi connection open by default, and many companies forget to close this hole when they add the device to their Wi-Fi networks. This open connection potentially provides an access point for outsiders to connect to a network and steal a company’s sensitive data.

The researchers also demonstrated that the attack could also be carried out by hiding a cellphone inside an autonomous vaccum cleaner, after which the device will continuously scan for organisation’s networks for printers with unsecured connections.

The project conducted by the researchers demonstrated once again the close link between physical and logical security. 

Any person can simply install the Cybersecurity Patrol app on a smartphone and attach it to a drone to and send it upwards. Though the same method can be used by organizations to check for unsecured printers and other wireless devices.

It’s true that every invention and development comes with both pros and cons but if the cons have greater risk, then it’s time to approach physical security in a different way.

——–myabhya——–
(Perfect Training Center)

Negligence of Experian puts T mobile’s 15 million records at stake

Third biggest mobile company in U.S, T mobile’s CEO, John Legere is angry again and for a very obvious reason as this time highly personal records of some 15 million users have been leaked through one of the largest credit agency data brokers in the world, Experian.

The information exposed names, addresses, and social security, driver’s license and passport numbers of the customers. The license and passport numbers were in an encrypted field, but Experian said that encryption may also have been compromised.

The massive security breach was first discovered on September 15, 2015 which impacted customers who registered for T mobile between September 01, 2013 and September 16, 2015.

Legere broke the sad news in a post on the company’s website which displayed his frustration over the incident.

The post read as below:
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian.”

Experian took immediate action upon finding the breach. It secured the server, initiated a comprehensive investigation and notified U.S. and international law enforcement.

In the most obvious manner in which the companies react on their security being breached; Experian too is offering those impacted by the break-in two years of free credit monitoring and identity theft resolution services.

There have been a series of high-profile hacks of businesses and other organizations in recent years impacting millions and sometimes tens of millions of records, including adultery website Ashley Madison, Sony Pictures, and retailers such as Home Depot, Target, and eBay.

Theft of personnel records from the U.S. government this year, a 2014 breach on JPMorgan Chase and a 2013 attack on Target Corp’s cash register systems were also some of them.

The irony is that a company which handles the personal information of many Americans had not been able to protect the information of customers who applied for T mobile services.
It is the second massive breach linked to Experian.

An attack on the company’s subsidiary happened in 2012 which exposed the Social Security numbers of 200 million Americans and prompted an investigation by at least four states, including Connecticut.
Though the security breach will adversely affect both the companies but T Mobile is trying to put all the blame on Experian.
In one o it’s FAQ , it read-

“Experian has taken full responsibility for the theft of data from its server.”
Both the companies had made it clear that no credit card or banking data was exposed. Yet, the hoard of T-Mobile customer data can still be used for assembling profiles for identity theft.

If consumers can’t pressure data aggregators like Experian into securing their secrets, perhaps the consumer-facing companies who collect that information can.

——–myabhya——–
(Perfect Training Center)

Will ‘Green Dispenser’ Take of all your Money?

ATM malwares are no myth to the cyber world and this time is no different than the earlier. a team of security researchers from PointProof have unraveled the veil off a new malware, named GreenDispenser, that gives the capability to hackers to attack compromised ATMs and drain all of it’s cash.

This malware acts on the basic principle of a primitive DDoS action in which the machine displays an ‘out of service’ message on the screen but in the meanwhile can crack open the bank vaults through correct pin number, looting a lot of money with no trace of robbery at all.

Such kind of activities were first reported in Mexico and similar abuses have been reported in other countries ever since. GreenDispenser, unlike its predecessors, Ploutus and Tyupkin; requires no physical access for the installation procedure and hence makes it easier for the hacker to break into the machine and subsequently; the server.

It is being doubted that cyber criminal bosses now have an mobile app that provides them with a two-step encryption and creates a firewall of authorisation for malwares such as GreenDispenser itself.

ProofPoint, in another post explained such encryption; an extract from which is given below:-
GreenDispenser employs authentication using a static hardcoded PIN, followed by a second layer of authentication using a dynamic PIN, which is unique for each run of the malware. The attacker derives this second PIN from a QR code displayed on the screen of the infected ATM. We suspect that the attacker has an application that can run on a mobile phone with functionality to scan the barcode and derive the second PIN – a two-factor authentication of sorts.

Now, these malwares are evolving with the passage of time, making ATMs more vulnerable. ATMs being the primary target results as a threat to the financial institutions. Thus, security with credit and debit card credentials should be also enhanced accordingly. The question arises; How long to completely secure the parameters?

——–myabhya——–
(Perfect Training Center)

Huge card breach at Hilton Hotel properties

Hilton Worldwide Holdings, Inc., an American global hospitality company formerly known as Hilton Worldwide and Hilton Hotels Corporation, has started its investigation after a security researcher Brian Krebs claimed that some hackers had compromised credit card data in gift shops and restaurants at a “large number” of Hilton Hotel and franchise properties across the United States.
   
The researcher said that the hackers broke into point-of-sale machines.

However, it is not clear that how many Hilton properties might get affected by the incident, that might have happened date back to November 2014, and may still be ongoing.

“In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity,” the researcher added.

He said that other five different banks had said that the common point-of-purchase for cards included in that alert had only one commonality. They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said in a statement. “We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”

——–myabhya——–
(Perfect Training Center)