Cyber Security Training from QA

Cyber Pulse: Edition 9

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


6 April 2018

Pingu Cleans Up: Subscription scam on Google Play

Android users should keep their eyes peeled for a curious scam technique discovered on Google Play – one going directly after their money and relying solely on user inattention. The app seen using the technique, a game uploaded under the name “Pingu Cleans Up”, attempted to trick users into unwittingly signing up for a €5.49 per week subscription using Google Play’s own legitimate payment method. The trick works on the assumption that some users will “click away” any legitimate-looking windows that keep them from running the game itself, without paying much attention to their contents. The primary target of the scam are users with credit card information stored in their Google Play accounts. The game was first uploaded to Google Play on February 8, 2018, and was installed between 50,000 and 100,000 times before being taken down after ESET notified Google. Looking at the game’s rating and reviews, it seems that it has appealed to some users regardless of its misleading use of Google Play’s payment method; nevertheless, negative ratings prevail.

Hackers who stole €1 billion allegedly laundered the profits with crypto

Government watchdogs are wary of bitcoin being used for illicit purposes, and now they have an example that seems ready for a Hollywood script. According to Europol, a cyber gang that stole more than €1 billion ($1.2 billion) from more than 100 financial institutions in 40 countries used crypto assets to cover their tracks. The alleged mastermind is a 34-year-old Ukrainian man whom officials identified as “Denis K,” who wanted to create a money-laundering cryptocurrency for the Russian mafia, El Mundo reported. During the nearly five-year plot, Europol says, the gang of cybercriminals used malicious software to access banking networks and servers controlling ATMs, which were then instructed to spew cash at certain times so that it could be collected by “mules” who were waiting for it. The hackers posed as representatives of legitimate companies, sending phishing emails to bank employees to trick them into downloading software that allowed the criminals to control the machines. They used the infiltrated e-payment network to transfer money into criminal accounts, and databases were modified to inflate bank balances.

Mirai IoT botnet variant likely used in January DDoS attack against Dutch banks

A series of denial-of-service attacks against banks and government agencies in the Netherlands was carried out by an attacker using a Mirai botnet variant, according to new research from the cybersecurity firm Recorded Future. The late January attacks temporarily brought down the networks of the Netherlands national tax office as well online banking services for ABN Amro, ING and Rabobank. The attackers themselves have been subject to much speculation but remain unknown at this time. Researchers said the malware used in the attacks may be linked to IoTroop, code that infects Internet of Things (IoT) devices like routers, televisions and cameras in order to send a tsunami of data at a target until the network buckles under the weight. IoTroop also shares a lot of source code with the infamous Mirai malware. Mirai was used in a series of unprecedented 2016 denial-of-service attack that, most notably, took down the DNS provider Dyn and with it a huge swath of the internet’s most prominent websites for much of the United States.\FThe Netherlands arrested an 18-year-old man in February 2018 on charges of launching a series of denial-of-service attacks, but it’s not clear if he’s responsible for the January 2018 attacks in question.

Buggy Verge crypto-cash gets hacked, devs go fork themselves, hard

The Verge cryptocurrency has seen its value drop by 25 per cent after hackers exploiting a bug in the alt-coin's software forced its developers to hit the reset button and hard-fork the currency. Programmers on Wednesday confirmed that the fun-bux had been on the receiving end of a "small hash attack" that caused its value to drop from $0.07 to $0.05 per XVG. The developers claimed they had cleared up what was portrayed as a minor hiccup. According to netizens observing the attack from the Bitcointalk forums, however, the shenanigans were anything but minor. Rather, bugs were present in the XVG code that allowed miscreants to mine blocks with bogus timestamps, messing up the currency's blockchain. The programming blunders were leveraged by persons unknown to generate new blocks at a rate of roughly one per second. This, in turn, allowed the attackers to net an estimated $1m. OCminer added it was a 51 per attack, in which miscreants seize control of the majority of miners on a cryptocurrency's network.

Sears, Kmart and Delta Hit with Payment-Card Breach

Customers of Sears, Sears subsidiary Kmart and Delta Airlines have had their customer payment information stolen, thanks to a cybersecurity breach at a software provider that they all use. The firm provides online customer support services based on artificial intelligence and machine learning. The breach affected users processed through its platform starting on September 26, 2017; the issue persisted until its discovery on October 12, 2017. It is, however, just now notifying its customers; Sears said it wasn’t notified of the incident until mid-March, and Delta only found out on March 28. Other details are scant. The department store said that hackers were able to access credit-card information of about 100,000 of its customers across Sears and Kmart. Delta didn’t provide numbers but characterized the number of affected users as a “small subset” of its customer base. The airline also said that personal details related to passport, government identification, security and SkyMiles information were not impacted. The issue, unlike other payment-card breaches, doesn’t involve point-of-sale malware or a network compromise at the affected companies but rather a weak link at a partner. Third-party contractors are just a fact of today’s corporate life, meaning that businesses need to be aware of the security profile of one’s technology partners.

Brain monitor had remote code execution and DoS flaw

Cisco’s Talos security limb has warned that specialist medical hardware has remote code execution and denial of service bugs. Talos researchers say Natus Xltek EEG medical products are susceptible to “A specially crafted network packet” that “can cause a stack buffer overflow resulting in code execution.” Which is rather scary because the Xltek EEG range includes the Xltek EEG32U Electroencephalography (EEG) recorder and the Xltek Brain Monitor. As Talos explains, the vulnerabilities create two risks. One is that bad code running on the devices could see someone mess with the data they produce, which is heavily sub-optimal as they’re designed as diagnostic tools. The other is that hacking a brain monitor or EEG device offers a route into other parts of a healthcare facility. Which is also bad because they’re chock full of confidential records. The good news is that Talos diagnosed the problems and Natus inoculated its kit against the threats. So if Natus users have done their patching, this should be no more serious than a dose of man-flu. As messes like the Equifax horror demonstrate, it’s best not to assume patches have been done properly. So if your next brain scan produces some bad vibrations, please tell your doctor it's not a sign of a sick mind, you’re just worried about proper patching.

Rampant Misconfigurations Expose 1.5 Billion Sensitive Corporate Files

More than 1.5 billion sensitive corporate and other files are visible on the public internet due to human error. Analysis from security firm Digital Shadows showed legions of misconfigured Amazon Web Services S3 buckets, which is the most high-profile issue; however, these make up a fraction of the leakage, accounting for just 7% of exposed data. The bigger problems are misconfigured network attached storage (NAS) devices, FTP servers and a host of other common tools that people use to back up, sync and share files. Old-school protocols and platforms like Server Message Block (SMB) (33% of visible files), rsync (28%) and FTP servers (26%) expose the vast majority of data. The exposed files are a gold mine for criminals. The most common data exposed was payroll and tax return files, which accounted for 700,000 and 60,000 files, respectively. However, consumers are also at risk from the exposure of 14,687 incidents of leaked contact information and 4,548 patient lists. In one instance, a large amount of point-of-sale terminal data, which included transactions, times, places and some credit-card data, was found to be publicly available. Of all the data an organization seeks to control, intellectual property (IP) is among the most precious. Digital Shadows detected many occurrences of this confidential information. For example, a patent summary for renewable energy in a document marked as “strictly confidential” was discovered. Another example includes a document containing proprietary source code that was submitted as part of a copyright application.

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities. The new guidance, issued April 2, adds a “stopped” status to Intel’s “production status” category in its array of available Meltdown and Spectre security updates. "Stopped" indicates there will be no microcode patch to kill off Meltdown and Spectre. The guidance explains that a chipset earns “stopped” status because, “after a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons.” Thus, if a chip family falls under one of those categories – such as Intel can't easily fix Spectre v2 in the design, or customers don't think the hardware will be exploited – it gets a "stopped" sticker. To leverage the vulnerabilities, malware needs to be running on a system, so if the computer is totally closed off from the outside world, administrators may feel it's not worth the hassle applying messy microcode, operating system, or application updates. Now all Intel has to do is sort out a bunch of lawsuits, make sure future products don’t have similar problems, combat a revved-up-and-righteous AMD and Qualcomm in the data centre, find a way to get PC buyers interested in new kit again, and make sure it doesn’t flub emerging markets like IoT and 5G like it flubbed the billion-a-year mobile CPU market.


Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Useful links

Cyber Pulse: Edition 1

Cyber Pulse: Edition 2

Cyber Pulse: Edition 3

Cyber Pulse: Edition 4

Cyber Pulse: Edition 5

Cyber Pulse: Edition 6

Cyber Pulse: Edition 7

Cyber Pulse: Edition 8

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James has worked on many high complexity eDiscovery Projects and Forensic Investigations involving civil litigation, arbitration and criminal investigations for large corporation and international law firms across UK, US, Europe and Asia. James has assisted on many notable projects involving: one of the largest acquisition and merger case of all time – a deal worth $85 billion, multijurisdictional money laundering matter for Government bodies, and national cyber threat crisis including the more recent ransomware, phishing campaigns, and network intrusion. James has comprehensive knowledge of the eDiscovery lifecycle and forensic investigation procedures in both practise and theory with deep focus and interest in Forensic Preservation and Collection and Incident Response. In addition, He holds a first class bachelor’s degree in Computer Forensics and is accredited as an ACE FTK certified examiner.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.