Cyber Security News 2nd week October 2016

  1. Indo-Pak cyber war continues: Patriotic Indian hackers continue to damage crucial Pakistani websites. They have been defacing Pakistani Govt. websites and launching Ransomware attacks. Pakistan has been responding and at least 50 IT companies in Hyderabad have come under cyber-attacks from Pakistan-based hackers over the past 10 days, the Society for Cyberabad Security Council (SCSC) revealed. The Cyber Security Forum officials said Pakistani hackers have used servers in Turkey, Somalia and Saudi Arabia to launch attacks. Meanwhile in Delhi – Pakistan Cyber Army tried but failed to breach the Delhi Police website and steal the GPS data of the PCR vans.
  1. Air Force computer outage hits drone center: The US Air Force is investigating the failure of its classified computer network at Creech Air Force Base, a key nerve center for worldwide drone and targeted killing operations mainly in Syria, Afghanistan, Pakistan and Somalia. Military officials would not say whether the critical failure was due to internal technical issues, a cyberattack, or something else. Within weeks of the network crash at Creech, there were a series of airstrikes that went terribly wrong. It will be difficult to connect these events with each other. The investigation into the issue is ongoing.
  1. BlockChain.info Domain hijacked; site goes down: Blockchain.info, the world’s most popular Bitcoin wallet and Block Explorer service, was down for few hours last week. It is believed that a possible cyber-attack had disrupted the site. The site has more than 8 million Digital Wallet customers. It was a DNS issue that led to their Domain name getting hijacked. It could be possible that the attacker wanted to host a fake web page on the same domain in an effort to steal bitcoin wallet credentials. The site is back now and there is no statement from the Blockchain.info team that suggests any hacking or compromise of its users bitcoin wallets.
  1. Turkey Blocks several sites to censor RedHack leaks: RedHack, a 20-year-old hacktivist group leaked 17GB of files containing some 58,000 stolen emails dating from April 2000 to Sep’16. In order to suppress the circulation of these stolen emails – Turkey has blocked access to cloud storage services including Microsoft OneDrive, Dropbox, and Google Drive, as well as the code hosting service GitHub. Like China, Turkey has long been known for blocking access to major online services in order to control what its citizens can see about its government on the Internet.
  1. New Android banking Trojan discovered in Singapore and HK: A recent version of a banking Trojan called Acecard – pretends to be a video plugin/Flash Player/app/video codec. If it gets installed on Mobile phones, it waits for victims to open any financial app. The Trojan then overlays itself on top of the legitimate app where it proceeds to ask users for their payment card number and card details such as card holder’s name, expiration date, and CVV number. It also requests for personal information including a selfie of the victim holding his ID card under the face. With all this info – Hackers can make illegal transfers and take over victim’s online accounts.
  1. Hackers leverage 12-year-old OpenSSH vulnerability for IoT attack: We have seen examples of DDoS attack launched from hacked Smart devices. Now, Researchers have discovered a new attack that was using compromised IoT devices to act as proxies for malicious traffic. Dubbed “SSHowDowN Proxy,” this attack uses different types of IoT devices, from Wi-Fi routers and internet-connected NAS devices to DVRs and wireless cameras. More importantly, the SSHowDowN Proxy attack exploits a default configuration flaw in OpenSSH that was first discovered and addressed in 2004. It is recommended that end users always change the factory default credentials of any internet-connected device; disable SSH services on the devices unless they are required to operate; and establish firewall rules that prevent SSH access to and from IoT devices.
  1. Social media apps used for surveillance: It was disclosed last week that Facebook, Instagram, Twitter, VK, Google’s Picasa and Youtube were handing over user data access to the developer of a social media monitoring tool called Geofeedia — which then sold this data to law enforcement agencies for surveillance purposes. The company has marketed its services to 500 law enforcement and public safety agencies. Facebook, Instagram, and Twitter have all moved to restrict access to Geofeedia after learning about the tool’s activities when presented with the study’s findings.
  1. Beware of Security Fakeware: A hacker group called StrongPity has been using watering hole attacks to distribute compromised versions of WinRAR and TrueCrypt. By setting up fake distribution sites that closely mimic legitimate download sites, StrongPity is able to trick users into downloading malicious versions of these encryption apps in hopes that users encrypt their data using a Trojanized version of WinRAR or TrueCrypt apps, allowing attackers to spy on encrypted data before encryption occurred. The top five countries affected by the group are Italy, Turkey, Belgium, Algeria and France.
  1. Microsoft and Adobe patch vulnerabilities: Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether. MS has removed the ability to pick and choose which individual patches to install. Adobe also released a new version of Flash Player that patched a dozen of vulnerabilities in its software, most of which were remote code execution flaws. Users are advised to apply Windows and Adobe patches to keep away hackers and cybercriminals from taking control over your computer.
  1. MITRE will award $50,000 for a solution that detects rogue IoT Devices: The non-profit research and development organization MITRE has challenged security researchers to propose new methods and technologies that could help in detecting rogue Internet of Things (IoT) devices on a network. It will give a $50,000 reward to the researchers who will propose a non-traditional method for enumerating IoT devices through passive network monitoring. Recently IoT botnets were observed launching massive DDoS attacks against the OVH websites and on Infosec websites.