Cyber Security News 3rd week October 2016

  1. Massive ATM hack hits 3.2 Million Indian Debit cards: India is undergoing the biggest data breaches to date with as many as 3.2 Million debit card details reportedly stolen from multiple banks and financial platforms. The massive financial breach has hit India’s biggest banks including State Bank of India (SBI), HDFC Bank, Yes Bank, ICICI Bank and Axis, and customers are advised to change their ATM PIN immediately. Hackers stole the data by allegedly using malware to compromise the Hitachi Payment Services platform — which is used to power country’s ATM, point-of-sale (PoS) machines and other financial transactions.
  1. An army of Million hacked IoT devices almost broke the Internet: A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. Though the exact details of the attack remain vague, it is suspected that it could have been using hijacked IoT devices – very similar to the  1 Tbps DDoS attack on France-based hosting provider OVH.
  1. Weebly & Foursquare join the massive Data breach family: Weebly and Foursquare are the latest victims of the massive data breach, joining the list of “Mega-Breaches” revealed in recent months, including LinkedIn, MySpace, VK.com, Tumblr, Dropbox, and the biggest one — Yahoo. Website building service company – Weebly, lost details of 43 Million users, which includes usernames, email addresses, passwords, and IP addresses. The passwords were encrypted and salted, so it will be difficult for hackers to obtain the real passwords. Location based search-and-discovery service mobile app company – Foursquare, lost details of 22.5Million customers.
  1. LinkedIn hacker arrested: The 29 year old Russian hacker responsible for massive 2012 data breach at LinkedIn, has been arrested in Prague. The breach had affected 117 Million users. He had managed to break into the company’s computers in March 2012 by stealing the username and password of a LinkedIn employee who worked at the company’s Mountain View, California, headquarters. This stolen data was put on sale by a hacker called ‘Peace’, who also put data dumps of MySpace, Tumblr, VK.com, and Yahoo! on the dark web marketplace. As of now it is not sure if the arrested person and ‘Peace’ are the same.
  1. Details emerge after the NSA contractor’s arrest:   “Another NSA Contractor arrested for stealing ‘Secret’ documents”. Now, according to a court document filed last week, the FBI seized at least 50 terabytes of data from the contractor that he had siphoned from government computers over two decades, he also took several physical documents, many of which were marked “Secret” and “Top Secret.” The stolen data also contained the hacking tools that were recently leaked by ‘The Shadow Brokers‘, further investigation will determine if there is any connection between these events.
  1. Dirty COW — critical Linux kernel flaw being exploited in the wild: A nine-year-old critical vulnerability Dubbed “Dirty COW”, has been discovered in virtually all versions of the Linux OS and is actively being exploited in the wild. The flaw is a privilege-escalation vulnerability, that is part of every distro of Linux – RedHat, Debian, and Ubuntu and it can be easily/reliably exploited. The flaw gets its name from the copy-on-write (COW) mechanism in the Linux kernel, which is so broken that any application or malware can tamper with read-only root-owned executable files to gain administrative (root-level) access to the device and completely hijack it.
  1. This free tool protects PCs from master boot record attacks: Petya Ransomware which not only encrypts the files but also locks down the entire computer by attacking the Master boot record. Now Cyber security experts have developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks. Dubbed ‘MBRFilter’, the tool is nothing more than a signed system driver that puts the MBR into a read-only state, preventing any software or malware from modifying data of the MBR section.
  1. Ransomware update: Ransomware has exploded in 2016 and is increasingly targeting business networks instead of individual users. The total cost of damages related to these attacks is set to cross $1 billion this year. The primary drivers of Ransomware growth have been that attacks are easy to carry out and victims are willing to pay to get their data back. The bad news is that ransomware doesn’t show any signs of slowing down and it’s likely to only become a bigger problem during 2017. Building awareness, regular back-ups and a good Web Security solution can go a long way in protecting networks from Ransomware.
  1. St. Jude Medical and Muddy Waters update: St. Jude Medical (STM) sued Muddy waters to set the records right. Last week – Muddy waters launched a new website, posting more demo videos and information about vulnerabilities in STM’s implantable cardiac devices. STM claims that MedSec and Muddy Waters falsely issued warnings about insecure medical devices in order to intentionally drop the share value of STM – with an objective to profit from it. Meanwhile, STM has announced plans for a Cyber Security Medical Advisory Board which will handle all issues related to cybersecurity standards of its medical devices.
  1. Indo-pak cyberwar update: Pakistani hackers often tap into the frequencies that Indian airlines use to communicate with ATC while landing in border towns like Jammu. The hackers then block the communication and start transmitting Pakistani patriotic songs. Indian pilots quickly coordinate with other Airforce ATC in the vicinity to change the frequency to restore communications. For all its IT prowess, cyberspace is one frontier on which India remains seriously vulnerable. Steps are being taken to plug the gaping holes. The ambitious Digital India program will also need to factor in Cybersecurity. We can also learn from the Yahoo breach and protect our own billion+ user database – Aadhar.