AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – August 9, 2018

EXTORTIONISTS INCREASINGLY USING RECIPIENTS’ PERSONAL INFORMATION TO INTIMIDATE VICTIMS

The Internet Crime Complaint Center (IC3) has recently received an increase in reports about extortion attempts received via e-mail and postal mail and using specific user information to add authenticity. While there are many variations in these extortion attempts, they often share certain commonalties. Extortion attempts vary widely, but there are a few common indicators of the scam. The following list of commonalities is not exhaustive, but intended as examples of red flags. It is import to remember these extortion scams change to take advantage of current events such as high profile breaches or new trends involving the Internet to add authenticity.

Medical Records of 90 Million People Left Vulnerable to Critical Security Flaws

Security researchers have found more than 20 bugs in the world’s most popular open source software for managing medical records. Many of the vulnerabilities were classified as severe, leaving the personal information of an estimated 90 million patients exposed to bad actors. OpenEMR is open source software that’s used by medical offices around the world to store records, handle schedules, and bill patients. According to researchers at Project Insecurity, it was also a bit of a security nightmare before a recent audit recommended a range of vital fixes.

US braces for possible cyberattacks after Iran sanctions

Concern over that cyber threat has been rising since May, when Trump pulled out of the 2015 nuclear deal, under which the U.S. and other world powers eased economic sanctions in exchange for curbs on Iran’s nuclear program. The experts say the threat would intensify following Washington’s move Tuesday to re-impose economic restrictions on Tehran. “While we have no specific threats, we have seen an increase in chatter related to Iranian threat activity over the past several weeks,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a global real-time cyber threat intelligence company.

White supremacists who used Discord to plan Charlottesville rally may soon lose their anonymity

In the aftermath of the violence at the Unite the Right rally in Charlottesville, Virginia, last year, attorneys for injured counter-protestors have filed a subpoena for chat platform Discord, where they say members of the alt-right gathered prior to the event. The Washington Post reports that Discord messages discussing logistics, encouraging violence, and more have been cited in a federal lawsuit against Unite the Right organizers as evidence that they “conspired to commit acts of violence, intimidation and harassment.” Following the Charlottesville attack, where one woman was killed, Discord banned servers promoting Nazi ideology. “Discord’s mission is to bring people together around gaming,” the company said at the time. “We’re about positivity and inclusivity. Not hate. Not violence…We will continue to take action against white supremacy, nazi ideology, and all forms of hate.”

Malware Targeting Bitcoin ATMs Pops Up in the Underground

The financial industry has seen several changes in terms of technology, including new ATM capabilities and the increasing use and popularity of cryptocurrencies. These two intersect in what’s known as a Bitcoin (BTC) ATM. Although it looks similar to a regular ATM, a Bitcoin ATM differs in certain important aspects. Perhaps the most notable difference is that a Bitcoin ATM does not connect to a bank account. Instead it connects to a cryptocurrency exchange, which is a platform for buying and selling cryptocurrencies like bitcoin. The purchased bitcoins go to the customer’s digital wallet. In essence, a Bitcoin ATM is not really an ATM in the traditional sense of the word but is rather more like a kiosk or terminal that allows users to connect to exchanges.

Experts criticize West Virginia’s plan for smartphone voting

The state of West Virginia is planning to allow overseas voting via smartphone in the 2018 election, and election security experts aren’t happy about it. “Mobile voting is a horrific idea,” said Joe Hall, an election security expert at the Center for Democracy and Technology in an interview with CNN. The West Virginia project is being run by Voatz, a startup with $2 million in venture capital funding. To ensure buzzword-compliance, the Voatz system uses a blockchain in addition to a mobile app.

Florida Man Arrested in SIM Swap Conspiracy

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone “SIM swaps.”

Hacker honeypot shows even amateurs are going after ICS systems

While stories of nation-state backed hackers threatening the U.S. power sector garner regular headlines, a new experiment highlights the risk of unintended consequences when less-skilled adversaries target the sector. Researchers from Cybereason, a Boston-based company, set up a honeypot in mid-July that mimicked a utility substation’s network environment, drawing the attention of a determined attacker that repeatedly disabled the honeypot’s security system. The hackers’ attempts to be conspicuous, coupled with some sloppy work, told researchers that they were not part of any advanced persistent threat (APT) group that is linked with a nation-state.

New bugs leave millions of phones vulnerable to hackers

Research funded by the Department of Homeland Security has found a “slew” of vulnerabilities in mobile devices offered by the four major U.S. cell phone carriers, including loopholes that may allow a hacker to gain access to a user’s data, emails, text messages without the owner’s knowledge. The flaws allow a user “to escalate privileges and take over the device,” Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate told Fifth Domain during the Black Hat conference in Las Vegas. The vulnerabilities are built into devices before a customer purchases the phone. Researchers said it is not clear if hackers have exploited the loophole yet. Department of Homeland Security officials declined to say which manufacturers have the underlying vulnerabilities.

Mattis says Russia sanctioned 2016 election meddling, outlines protections for midterms

Russian efforts to influence the 2016 election were sanctioned by the Russian government, Defense Secretary Jim Mattis said Tuesday, as he outlined steps the military is taking to protect the 2018 midterms. “We all saw what happened in 2016 when the Russians, and possibly others, but the Russians for certain tried to do both influence operations and actually get in and corrupt some of the election process,” Mattis told reporters Tuesday during a Pentagon ceremony for British Secretary of State for Defense Gavin Williamson. “There’s also other activities that went on that perhaps are not directly ascribed to the official Russia. But we watch for all of it and we can trace at least parts of it back to the Russian government.”

Verizon Didn’t Bother to Write a Privacy Policy for its ‘Privacy Protecting’ VPN

Verizon is rolling out a new Virtual Private Network service called Safe Wi-Fi it developed in conjunction with McAfee. According to Verizon, the $4 per month service “protects your privacy and blocks ad tracking, creating a secure Wi-Fi connection anywhere in the world.” Besides Verizon’s long history of allowing third parties to monetize its customers’ web-browsing habits, there’s another reason you probably shouldn’t trust this product to “protect your privacy:” Verizon didn’t bother to write a privacy policy for it before releasing it to the public. The company’s terms of service directs all of its VPN users to the general McAfee privacy policy governing all of McAfee’s products. That policy, in turn, states that McAfee and Verizon have the right to collect an ocean of data on the end user, including carrier data, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI data, and more. The policy explicitly says that browsing history can be used to help target ads at you.

Should I infect this PC, wonders malware. Let me ask my neural net…

Here’s perhaps a novel use of a neural network: proof-of-concept malware that uses AI to decide whether or not to attack a victim. IBM took a copy of the WannaCry ransomware, encrypted and hid it in a benign video-conference app, and wrapped machine-learning code around it that used a trained neural network to cough up the key to unlock and run the file-scrambling WannaCry payload. That neural network was trained to recognize a particular victim’s face from the computer’s front-facing camera. When it spotted the right person in front of the PC, it provided the key needed to unlock the payload so it could be executed, and hold the system’s documents to ransom.

The Next Milestone for the NYS DFS Cybersecurity Regulation is Approaching

The landmark NYS DFS cybersecurity regulation that took effect in New York State in March 2017 is approaching its third of four milestones. This was the first regulation of its kind that included prescriptive direction for the protection of personally identifiable information handled by all financial institutions that conduct business in the State. The next set of milestones are set to take effect on September 1, and they are amongst the toughest from a technical standpoint. They include data encryption (in transit and at rest), five-year audit trails and limitations on data security.

Yes, We Used a Router to Fry an Egg and Here’s Why

It took about 10 minutes to get an egg to sizzle on top of a dangerously hot piece of hardware. While our team didn’t convince any passersby to trade in their favorite grills, there was a serious purpose behind our fun simulation. We were on hand to show one of the more dramatic consequences of being cryptojacked. Cryptojacking is an attack where a cyber criminal hijacks your machine – PCs, cloud-based servers, smartphones and IoT devices – in order to use the processing power without your permission to mine for cryptocurrency. What was important to demonstrate with our simulation was to visually show why everyone should take cryptojacking seriously. While most users may be unaware about the heat that a device can generate through cryptomining, the temperatures can be painfully hot to the touch.

Apple joins Thread Group, hinting at Wi-Fi mesh networking plans

When Apple discontinued its own AirPort series of routers in April, it hinted that it viewed mesh networking as Wi-Fi’s next evolution by promoting Linksys’ Velop mesh routers in its stores. Now the company is taking another step in that direction by joining The Thread Group, an organization devoted to promoting mesh networking. The group describes Thread as an “IP-based wireless networking protocol providing the best way to connect products in the home,” enabling integration of over 250 devices per location into a “low-power, wireless mesh network.” Thread competes with better-known mesh options Zigbee and Z-Wave, which have only achieved modest success since entering the market, and arguably Bluetooth 4.0/LE, which was updated with mesh support last year but seemingly hasn’t seen much adoption.

Deloitte: China is outspending and outpacing U.S. in 5G development

U.S. cellular carriers may be the first to launch large-scale 5G networks, but China is deploying far more 5G infrastructure at a rapid clip, says global consultancy Deloitte — a difference that could soon make China the world’s leader in next-generation wireless technology. In a new report, the firm recommends that U.S. regulators and carriers rapidly adjust their 5G plans, lest they get caught in a “5G tsunami, making it near impossible to catch up.” Fifth-generation, or 5G, cellular networks are the next evolution of wireless technology, promising dramatic improvements in bandwidth, responsiveness, security, and ubiquity compared with today’s 4G/LTE networks.

Related Posts