Hidden Cobra From North Korea

North-Korea-featured-1024x717.png

From: https://www.us-cert.gov/ncas/alerts/TA17-318A

This is an alert by the homeland of security about North Korea malware. The malware called Fallchin has been targeting financial industries and telecommunication since 2016. The hackers can issue commands from a command and control server to the computer that is infected. The way to get infected is by visiting sites compromised by the virus.

North Korea hacking is quite terrifying, since we cant respond with a counter attack. They have nothing to lose right now and they know this hacking will not spark a war. They are one of the only nations that can get away with cyber warfare without much cause for concern. Luckily, we have the department of homeland security cyber professional analyzing threats and alerting us when a threat occurs.

Advertisements

NSA

OHr577N-

From: https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html

This article is about the Shadow Brookers. A hacker ground that was able to obtain high level information from the NSA. They actually obtained code itself, which they used for devastating hacks across the world. This has brought the NSA into a crisis as they look for turncoats and as staffers leave for better paying jobs.

The hacker group might be linked to Russia, the article states. The article then poses the question on whether secrecy is possible with this plague of leakers and hackers. The USA has focused on offense rather then defense. What is scaring about this group is that they haven’t been caught with the full force of the NSA after them.

Cyber warfare is undoubtedly going to be what our nation is concerned about in the foreseeable future.

We Need Cyber Security Professionals

IT Programmer

From: http://www.milforddailynews.com/news/20171105/need-for-cyber-security-professionals-rises-with-prevalence-of-attacks

This article is pointing out the fact that cyber attack have been growing. Companies need to start investing in keeping their systems secure. The article gives some statistics, for example, 4,000 ransomware attacks happen a day. It is very hard to defend against these attacks because they can be using the most innovative tactics. The only way to defend against this is to do ethical hacking and try to find vulnerabilities.

The article mentions that companies are finding a shortage in talent. Some universities are offering degrees in computer security because they are seeing how important it has become. I don’t see this going away any time soon and I hope more universities take the opportunity to invest in protecting our future and information. I also suggest jobs start to train new cyber security interns to help get that talent started.

Monitor Hacking?

Internet2

From: http://www.businessinsider.com/how-hackers-can-compromise-your-computer-monitor-darkly-cybersecurity-ssl-mr-robot-red-balloon-security-2017-11

This article shows another vulnerabilities most people do not even think about. What if a hacker was able to take control of your monitor and what it displays? What if it can change the pixel value to show something else? This could be used to show a site as secure, when it is not. It could display the site with a https, when the site doesn’t actually have one.

The problem I see with this type of hack is that it would require a lot of communication between the two parties and that would be complicated. It could definitely be used against t a specific target, but I do not see it to be very viable as a large scale attack. If this is ever used, I see it being used against a target, where you know what bank service the person uses. You would need to collect data of the person before performing the attack.

Reaper Update

IoTroop-Infrastructure-Overview

From: https://research.checkpoint.com/iotroop-botnet-full-investigation/

An update on the reaper botnet. It seems like researchers have found it being developed in China. The website has discovered the exact infrastructure the botnet uses to propagate with a beautiful chart I linked above.

The IoTReaper is showing really interesting behavior. It doesn’t have any DDoSing capabilities right now, but that can change. It also disables other malware on the device so that it is the only one. It scans other hardware for vulnerabilities and then exploits them.

The reaper seems to be very sophisticated and it seems like people are just waiting to see what it will do next. Th researchers think its from a hacking group in China, but with no clear motivate in mind this story is getting scarier and scarier. IoT devices do not fix vulnerabilities quickly, meaning this isn’t going away any time soon.

Public Key Pinning

public-key-pinning

From: https://medium.com/@mattrco/on-guarding-against-certificate-mis-issuance-b968e61baf18

Public key processing is a system put in place to prevent compromised certificate authentication. The way it works is by having the web server communicate with the browser to make sure that the public key is acceptable. This process tries to prevent man in the middle attacks from occurring. Google has decided to get rid of public key pinning, due to the complexities involved with it. Error fatigue on the users end was one reason, as well as low adoption rate on the process.

Instead of public key pinning, Google is going to use Certificate Transparency. The way this works is certificates are sent to a auditable log. It then returns a confirmation that is used by the web server to confirm with the browser about the certificate being properly given out.

It should be interesting to see if this new process works out, or if they will need to go back to the drawing board.

The IoT Reaper

Reaper

From: http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/

This article is about a new threat that is targeting IoT devices. IoT devices tend to be less secure if at all, which makes them the perfect target for hackers to use for botnet networks. Some of the code from this new threat took some of the code from a previous botnet called Mirari. Often times hackers use code from famous malicious software to build something new.

What is scary about this botnet is that it doesn’t rely on password cracking. Instead, it relies on vulnerabilities. The article mentions that its not very aggressive, meaning scans have a hard time finding it. More complex attacks can be carried out with this version of botnet. The article then gives the 9 exploits it uses to infect devices with links to how each one works. I highly recommend checking these out if you want more in depth knowledge of this attack. The botnet has not actually performed a DDoS attack yet, instead deciding to just spread the botnet.

Our IoT devices are extremely vulnerable in becoming part of a botnet. This article is showing how quickly the botnet is growing. These vulnerabilities in IoT system might never be fixed, due to the nature of the device.

reCaptcha, Does it Work?

Screen Shot 2014-12-04 at 5.48.17 PMFrom: https://github.com/ecthros/uncaptcha

This article is about a team of researchers defeating the Google system of audio reCaptcha. They defeated it with an accuracy of 85%. The code uploads the audio files to a audio transcription services. They then use the most likely result and type it out in a organic way. They actually have some of the code on GitHub for people to analyze it. For example, it can create an account on Reddit and bypass all security, which the article gives an example for.

The intended purpose of reCaptcha is to prevent bots from making fake accounts. It was developed by Google to prevent the bot epidemic. It checks for the speed of the user, whether you solved the question, mouse movements and cookies you might have. These researches developed a program to bypass all this.

 

WPA2 Vulnerability

wireless-cracking-using-kali-13-638

From: https://www.krackattacks.com/

This article is super interesting if you are into how some of these vulnerabilities are used. The way this vulnerability works is a key re installation attack that tricks the client  into reinstalling a key. To do this they replay cryptographic handshake messages.  Keys are only supposed to be used once, but using it more is at the heart of the exploit in WPA2.

When a client joins a network it undergoes a 4 way handshake. It does this to get a fresh encryption key. It will start to install this key after the third message from the handshake. The key will be used to encrypt data transmitting through. The WPA2 has a case that it will resend the key if the message is lost or drop, which can occur. The way an attacker exploits this is force it to replay the message. Because of this, the encryption protocol can be attacked, allowing for packets being replayed or decrypted.

Some of the things that can be decrypted is a TCP sqeuence, which can hijack the TCP connection. Malware can be injected into unecrpyted HTTP connection with this information. Luckily, this has been patched and as long as you keep your devices updated you should be fine. This affects all wifi enabled devices.

I highly recommend reading the whole article because it goes into a lot more detail then I do here. The video on the website shows how serious this attack is with an example and explanation.

 

Chipset Vulnerability

SMARTi_LU

From: https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/

The Ifineon chipset had a flaw in the TPM, which integrates cryptographic keys and is used for cryptography processes. The flaw allows for a practical factorization attack, which allows for the private key to be figured out and thus break the whole cipher. The only thing the attacker needs to know to do this is the public key to attack on the cipher.

The cipher itself is a RSA cipher. Any computer that has the chipset could be vulnerable due to this bug. With the private key, the attacker can decrpyt any information from the computer or impersonate the computer. 760,000 devices have been found with the vulnerability, but it could be a lot more. This is concerning for governmental officials and corporations, since they need to worry about cyber warfare and espionage.

With the WPA2 attack and this one it seems like our ciphers use for crypto communication isn’t as safe as we think. Of course its not exactly the fault of the cipher, but the vulnerabilities that allow for the private key to be discovered.