Showing posts with label internet security. Show all posts
Showing posts with label internet security. Show all posts

Wednesday, 2 August 2017

How Hackers Hijacked a Bank’s Entire Online Operation

Hackers

Extraordinary Incident of Wholesale Bank Fraud Done by Hackers


Hacking a bank is not different from the out-dated means of raiding it and hackers can get in and out with the goods quite easily. However a particular enterprising team of hackers aiming a Brazilian bank seemed to take a much more inclusive and a scheming method of operation.

On a certain weekend afternoon, they had rerouted all the online customers of the bank to effortlessly reconstructed fakes of the bank’s properties wherein the marks offered over their information of the accounts. The researchers at Kapersky the security firm had defined an extraordinary incident of wholesale bank fraud, which had basically hijacked the complete internet footprint of the bank.

 Last year, on October 22 at 1 pm, the researchers had stated that the hackers had altered the Domain Name System registration of all 36 online properties of the bank, taking the desktop and mobile website domains of the bank to take users to phishing site. That meant that the hackers had the potential of stealing login credentials at the sites which had been hosted at the legitimate web addresses of the bank.

The researchers of Kaspersky were of the belief that the hackers could have also simultaneously redirected most of the transactions at ATMs or point-of-sale systems to their own servers, gathering the details of the credit card of anyone who utilised their card on that Saturday afternoon.

Malware Infecting Customers


One of the researchers of Kaspersky, Dmitry Bestuzhey, who had analysed that attack in real time on seeing malware infecting customers from what seemed to be the fully valid domain of the bank, had stated that absolutely all of the bank’s online operations had been under the control of the attackers for five to six hours.

From the point of view from the hackers, according to Bestuzhey, the DNS attack meant that `you become the bank and everything belongs to you now’. Kaspersky has not revealed the name of the bank which had been targeted in the DNS redirect attack. He has stated that it seems to be a major Brazilian financial company with hundreds of branches, operations in the US and the Cayman Islands, with 5 million customers and over $27 billion in assets.

Though Kaspersky is not aware of the full extent of the damage caused due to the takeover, it should be a warning to banks all over to consider how the insecurity of their DNS would support a nightmarish loss of control of their core digital assets. Bestuzhev had commented that they have never seen it exploited in the wild on such a big scale.

DNS – Vital Decorum Under Cover of Internet


The Domain Name System – DNS tends to serve as a vital decorum running under the cover of the internet and translates domain names in alphanumeric characters such as Google.com, to the IP addresses such as 74.125.236.195, which tends to represent the definite locations of the computers hosting websites or other services related on those machines.

 However attacking the records could take the sites down or redirect them to a destination of a hackers’ choice. For instance, in 2013, the Syrian electronic Army groups of hacker had changed the DNS registration of The New York Times in redirecting visitors to a page with their logo. Recently, the Mirai Botnet attack on the DNS provider Dyn had cracked a main portion of the web offline inclusive of Amazon, Reddit and Twitter.

However the attackers of Brazilian bank had subjugated their victim’s DNS in a much more directed and profit-driven manner. Kaspersky was of the belief that the hackers compromised the account of the bank at Registro.br which is the domain registration service of NIC.br, the registrar for the sites ending in the Brazilian .br top-level domain which is said that it also manages the DNS for the bank.

Changing Registrar – Domains of Bank


The researchers are of the opinion that with that access, the hackers had been capable of changing the registrar at the same time for all the domains of the bank, redirecting them to servers which the attackers had set up on the Cloud Platform of Google.

With the hijacking of the domain, those visiting the website URL of the bank were redirected to the duplicate sites where those sites also had valid HTTPS certificates issued in the name of the bank. Hence those visitors’ browsers portrayed a green lock together with the name of the bank like they would in the real sites. Kaspersky also observed that the certificates was provided six months earlier by Let’s Encrypt, the non-profit certificate authority which makes obtaining an HTTPS certificate easy in case of increasing HTTPS acceptance.

 Josh Aas, founder of Let’s Encrypt had stated that `if an entity had gained control of DNS and had gained effective control over a domain, there could be a possibility for that entity to get a certificate from them. Such issuance would not constitute mis-issuance on their part since the entity receiving the certificate would have been able to properly demonstrate control over the domain’.

Hoaxed Sites Infected with Malware


Eventually the hijack had been so thorough that the bank was unable to even send email. Bestuzhev stated that they could not even communicate with the customers to send them an alert and if your DNS is in control of the cybercriminals, you are basically screwed’. Besides phishing, the hoaxed sites also infected victims with malware download which had disguised itself as an update to the Trusteer browser security plug-in which the Brazilian bank provided the customers.

As per the analysis of Kaspersky the malware gathers not only banking logins from the Brazilian banks but also eight others as well as email and FTP credentials together with contact lists from Outlook and Exchange. All of these had gone to command-and-control server hosted in Canada. The Trojan also comprised of an operation intended to disable antivirus software for infected victim, and could have persisted much beyond the five hour window when the attack had taken place.

The malware had scraps of Portuguese language, implying that the attackers could have been Brazilian. Bestuzhev of Kaspersky debates that for the banks the incident could have been a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets do not manage their DNS but tend to leave it in the hands of a potentially hackable third party and irrespective of who tends to control the DNS of a bank they can take special precautions in preventing their DNS registrations from being changed without safety checks such as `registry lock’, which some registrars tend to provide together with two-factor authentication making it difficult for hackers to change them.

Tuesday, 18 July 2017

Terrifying LeakerLocker Ransomware Can Send Your Most Embarrassing Private Photos to Friends

Ransomware

New ransomware threat found- notorious for sending embarrassing photos to all friends


Ransomware threat doesn’t seem to end any soon. Security experts have found a new one which is notoriously designed to find the private photos of the victims and send it across all their contacts present in the address book. This particular threat has been discovered by a team of experts at the renowned cyber security firm McAfee and this virus has been named as LeakerLocker. This virus has the ability to lockdown the phone and threatens the victim of sending out the private images to all the numbers or addresses present on the phone.

£39 ransom for saving ‘grace’

Like any other ransomware this also has a similar modus operand wherein victim’s phone is locked and a ransom is asked for. In this case users are threatened with sending out the embarrassing photos unless the victim is willing to pay £38 to save his or her modesty. Most of the victims are most likely to pay the token amount in order to save them from humiliation but this is resulting in attackers laughing to the bank.

Earlier ransomware threats

Just a few months back a worldwide ransomware attack was launched which was called WannaCry and this virus is also the same one. WannaCry went on to bring the NHS right to its knees while quite recently McAfee security experts found a virus on the Google Play store which doesn’t really went all the way to encrypting the files but it was still evil in its working. This virus was found in two apps present on the Google Play Store namely “Booster & Cleaner Pro” and “Wallpapers Blur HD”.

However LeakerLocker kept itself below the security experts radar by settling with a really modest ransom. However it did go ahead with making a backup of the phone’s sensitive data and threatened to leak it all to the user’s contacts unless it demands are met which was just £38.

How bad is LeakerLocker?


Any phone infected with the LeakerLocker showcases a ransom threat on the screen which states that all the data present on the device would be sent out to ever person present in the phone contact list and email contact list. Victims are required to pay a modest ransom amount of $50 if they wish to abort this action. It even suggests that there is no other way of deleting the data from the device but it can be done through paying the ransom. If any victim tries to harm the phone or power off the device then it wouldn’t mean that the threat is avoided rather attackers has very smartly backed up all the data in cloud from where it can be sent to the copies email and contact list of the victim.

Security experts at McAfee has clarified that the claims in the form of threats made by this ransomware is not completely true. This virus is not capable enough to access, read or leak every data present in the phone device. But it is banking on the fear of private photos leaking onto every known person of the victim is enough to get $50 ransom easily out of the victims.

Saturday, 6 May 2017

FalseGuide Malware Victim Count Jumps to 2 Million

1

2 Million Android Users Infected By Malware, Learn How to Protect Yourself

Check Point researchers recently reported that millions have unintentionally downloaded a malware called FalseGuide hidden in over 50 apps downloaded from Google Play Store. Attacks like this have been made through Play Store before with the use of malwares like Vikinghorde and Dresscode. The botnet malware spread through the download of guide apps for games like FIFA, Pokemon Go, Subway Surfers, GTA San Andreas, Asphalt and others. The malware quickly spread and infected over 2 million android devices, compromising their internet security. Initially, a report published on 24th April had informed that the malware has affected only 600,000 users but since then Check Point has researched that the FalseGuide malware attack is far worse. FalseGuide was uploaded onto Play Store as early as November last year and has been sitting there ever since, generating more and more downloads. Find out whether you have been a victim of this attack and learn how you can boost your internet security to protect yourself from such attacks.

How does FalseGuide operate?

Hackers behind this attack developed these simple apps as guides for games are widely popular and are downloaded by people all around the world. They don’t require much maintenance and updates which makes the hacker’s job all the more easier. This is how FalseGuide malware infects your device-

  • After the installation of the game guide, FalseGuide asks for device admin permission from the user. 
  • If you have given it administrative permission, it cannot be deleted from the device. It can then use methods to hide its activities.
  • You will then be part of a botnet without your knowledge. The hackers will control your device for adware purposes and make an income through it. 
  • Then FalseGuide registered itself on a message topic of the same name on a cross-platform messaging service called Firebase Cloud Messaging. After subscribing to this topic, the attackers can send messages containing links to more malware, download and install them to your device. 
  • After restarting, a background service will start running and display illegal pop-up ads so the hackers can make money. 
  • Highly malicious coding has been found in these modules which can actually allow the attackers to root your device, launch a DDoS attack or infiltrate private networks.

Did the attack originate from Russia?

Check Point surmised that the malicious apps containing FalseGuide malware was submitted to Play Store by two fake developers with Russian names, Sergei Vernik and Nikolai Zalupkin. Later, they updated their post with the information that 5 more of such apps had been found and these had been developed by Anatoly Khmelenko (translated from a Russian name).

What to Do If You Are a Victim?

Google has already removed the apps from the Play Store but your device might still be infected. You must perform a factory reset on your device. If it still does not work, you must take your phone to a professional.
How to Protect Yourself from Similar Attacks

  • Only download apps from trusted sources and developers. 
  • Beware of installing apps that request administrative permission. 
  • Keep an updated antivirus on your device.

Monday, 13 March 2017

iPhone Spying Bugs Revealed By Wikileaks Have Been Fixed, Apple Says

 WikiLeaks
Apple iPhone is revered as the most secure device which even government security agencies can get into. But Wikileaks has revealed a number of vulnerabilities in the iPhone which can be easily utilized by the agencies to launch ‘zero day’ attacks. Apple was quick to swing into action which resulted in fixing all the vulnerabilities before can think about using it against millions of iPhone users. Wikileaks also pointed that a number of hacking tools were exclusively developed by the GCHQ which is the infamous British spy agency.
Apple has released an statement where it confirmed to fix all the vulnerabilities present in the 8,761 pages long documentation published by the Wikileaks. These vulnerabilities were not just limited to the iPhone but also the iPad and iOS as a whole.

Some tips to secure iPhone from hackers

  • Make use of PIN or fingerprint security: This will help you in securing the smartphone against unwanted individuals getting inside your phone. 
  • Make use of longer password: Simply going to the settings followed by ‘Touch ID & Passcode’ and turn the ‘Simple Passcode’ off. Now indulge in creating a complex and longer password for your phone which consists of upper and lower case letter along with numbers & symbols. 
  • Boost your privacy settings: Carefully allot the privileges for different apps by simply turning them on/ off by going to the Settings followed by ‘Privacy’. 
  • Don’t forget to activate the self destruct: When someone tries to break into your phone then you can set it for self-destruct where all the data will be deleted instantly. This feature can be activated by simply going to the Settings followed by the enabling the ‘erase data’. This will ensure that your iPhone turns the device cleans after ten incorrect PIN guesses. 
  • Turn of the notification: One doesn’t need to unlock the device in order to read the notification and this can result in revealing too much about you than you wish.
Apple has worked towards fixing the 14 different iOS vulnerabilities and it has been found that most of it was linked to the older version of the operating system. When compared against the Google’s Android operating system Apple iPhone is always considered to be highly secured and protected device. Secondly Apple tends to offer or bring over-the-air security updates to the iPhone more quickly than Google. Android platform isn’t known to be hyper active when it comes to operating system version up-gradation and updates.

Wikileaks has given a dramatic revelation to the world wherein it stated that CIA has dedicated the whole specialized unit of the Mobile Development Branch for the iOS devices. The reason behind is pretty simple as most of the prominent figures in the field of entertainment, politics and business tend to use iPhone than the Android device. Quite incidentally Apple has been in fierce battle against FBI over creating a backdoor in it device which will help agencies get into iPhone.

Thursday, 9 March 2017

Protection Against Android Malware

Android
BGR
Some tips could always be useful irrespective of the user being new to Android who would be eager to explore new available options on the screen. Some of them could also be annoying which tends to come with the daily functions and operations. These tips could be helpful to the user since every few months there seems to be some security vulnerability in Android which could affect many users of Android smartphones, for instance in recent years, Quadrooter together with Stagefright.

 These two security vulnerabilities were considered to be different. In regular life, how secure would Android be and what would be helpful against the dangers from the internet? Numerous security holes had been exploited by Quadrooter, in Qualcomm drivers in the summer of 2016 wherein nine hundred million Android devices had been affected.

This had been presented by those who had identified the gaps. But in order to take the benefit of the Quadrooter exposure, the invader needs to be capable of installing and running an appropriate designed app on a smartphone. The Stagefright susceptibility seemed to be different which was unseen in the functions in processing of streams or media files and the issue was that when even a video would be sent as an MMS there was a tendency of it being misused.

The invader had the capability of sending a file to the user where the dangerous code could be accomplished. Beginning with Android 4.0, it seemed difficult to exploit the susceptibility owing to the system intervention, though it is not difficult. The dissimilarity between the two security breaches is evident. While Quadrooter tends to need few steps from the user, Stagefright can be exploited remotely without the need of interaction of the user. Android tends to have various means of safeguarding the security of the users. The most significant methods are:

1. Prevention of installation of unfamiliar apps 



There is said to be a setting in the Android system which enables or disables installations of apps of unfamiliar source wherein the option gets deactivated on the device in its delivery state where one can install apps only from the Play Store. Some of the companies tend to have their own app store preinstalled like in the case of Samsung, with its Galaxy Apps. The capability of limiting the option is not relevant for these and this option tends to protect the user against malware spreads through an unfamiliar app store or simple internet pages. News regarding malware in the Play Store seems to be quite rare since these disreputable apps are eradicated rapidly from the Play Store. However, unknown sources need to be activated in using app store of Amazon or perhaps for another like F-Droid.

2. Virus Scanner of Google 



The second line of defense of Google does not seem to have compatibility issue but provides security against malicious apps – virus scanning. Beginning with Android 4.2, this has been made available and is now a part of the services of Google Play. It has also been activated by default and should be left that way. The setting is said to enable apps to be scanned for likely malware before the installation. However if malware tends to be discovered, Android rejects the installation.

Quadrooter Malware 



Google had confirmed with Android Central some few days after discovering that Quadrooter malware cannot be installed while the corresponding setting had been set. Adrian Ludwig, security chief of Android had declared that it was identical to Gooligan, the malware which had hacked Google accounts in December 2016. As of April 2016, Android Security Report, in 2015 states that with this procedure, the threat landscape for users of Android could be considerably less and with this feature the malware apps does not have any chance against Google. Essentially the verification of the app tends to function by calculating the fingerprint – hash value of an APK which is compared against the database of Google comprising of likely threats. Google tends to scan apps on the Play Store, as well as APKs which are accessible through the web.

Alerts against Ensuing Manipulation



This system seems to be quite effective since around 90% of the apps connected outside the Play Store seemed to be well-known to Google which had been scanned for probable security concerns. Besides this, Google is also capable of extracting specific features from the apps subjecting them to identical process which enables Google to identify dangerous feature. Thus it warns the user if essential and also prevents the installation of such a kind of app. Google, in the meantime tends to scan the installed apps during the process and can also alert against ensuing manipulation of the app, which is already installed. In the case of extreme condition, there is also the likelihood of removing apps from the smartphone if these have been permitted by a device administrator.

Thursday, 15 December 2016

Popcorn Time Ransomware Offers to Restore Your Files for Free — If You Infect Two Friends


Popcorn Time Ransomware
Instead of luring users into clicking on the link and then asking for money hackers has come up with an innovative approach. Ransomware has been in vogue for almost a decade where modus operandi has become standardized. This has helped hackers in doing way with billions of dollars in last decade by taking way the control over the files or networks and devices leaving user’s at hacker’s wisdom. Most of the time user decides to pay upfront and get back the critical data or simply lose it by wiping up the machine. With constant campaign against such malpractices and attacks people have vigilant and the ransomware cases started to die down but didn’t went way at all.

Hackers have come up with an innovative alternative wherein the ransomware offers an opportunity to recover the files by simply making your two friends victim of the same.

New Ransomware ‘Popcorn Time’

This new ransomware has been named ‘Popcorn Time’ which offers a lucrative deal to the victims by asking them to infect two other friends in order to safeguard their own data. This ransomware is designed to find all the files present on the desktop along with the files present in My Documents folder and encrypt them using the AES-256 encryption.

Like every other ransomware this one also asks users to pay up in Bitcoin in order to salvage their files and the price is set at just 1 Bitcoin which amounts to $780. Secondly the warning screen also lays down the instruction for paying in the Bitcoins in case a user is not so familiar with this popular cyrpto currency. Even after paying the money users should understand that entering the decryption key wrongly for more than four time will result in losing all the data.

Apart from it this malware also offers an opportunity to get back the files by simply infecting any two of your friend’s system. Victims are simply required to click on the link containing the unique ID which will help in downloading the malware. Simply forward it to your friends and save your files is the modus operandi here.

Hackers living up to their bargain

Most of the promises made by the hackers are not kept but this ransomware originators are showing never seen before honor among the hackers attitude. When a user pays the ransom then he gets a decryption key which helps in restoring the files and it is old school. If ransom is unpaid then that data is lost forever. In a number of cases affected users even after paying up the ransom users were unable to get their data back.

Security analysts and firms are actively working towards finding decryption keys for some of the popular ransomware infections which will offer a free way of getting back the files to the victims. But such initiatives will become obsolete if hackers start using Popcorn Time or its enhanced variants in future which encourage towards making other infected in order to save their skins.

Saturday, 3 December 2016

Why Light Bulbs May Be the Next Hacker Target

Smarthome

Smart Light Bulbs – Wireless Fault - Hackers Take Control


Supporters debate that the Internet of Things provides several benefits like energy efficiency, technology convenience that can anticipate what one needs and also reduce congestion on the roads. However, placing a cluster of wirelessly connected devices in one spot could be tempting to hackers and would enable them to spread malicious code via air, just like a flu virus on a plane. Researchers had reported in a recent paper release that they had discovered an error in a wireless technology which is generally included in smart home devices like lights, locks, switches, thermostats and several of the components of the smart home of the future.

According to researchers at the Weizmann Institute of Science near Tel Aviv and Dalhousie University in Halifax, Canada, they focused on the Philips Hue smart light bulb and discovered that the wireless fault can permit hackers in taking control of the light bulbs. It may not sound like a great deal. But considering thousands or even hundreds of thousands of internet-connected devices in close proximity and the malware that is created by hackers could spread among the devices on compromising with just one of them.

Popular Websites Experience Outages/Interruption


Moreover they would not need to have direct access to the devices to pollute them. The researchers were capable of spreading infection in a network within a building by driving a car 70 metres away. The hackers had briefly denied access to complete chunks of the internet recently, by developing a flood of traffic which had overwhelmed the servers of a US company known as Dynthat assists in handling key components of the internet.

 Pinterest, Twitter, Reddit together with PayPal were down for most part of a day since their domain name provider, Dyn had been compelled to be offline. It had also resulted in popular Australian websites like ANZ, Coles, The Daily telegraph; Ebay, NAB, 9News and many others, to experience outages and interruption. Security experts are of the belief that the hackers discovered the horsepower essential for their attack by gaining control of a range of internet-linked devices.

Password Partially Blamed for Attack


However the hackers did not utilise the system provided in the report that had been released recently. A Chinese wireless camera company had stated that weak passwords on some of its products could be partially blamed for the attack. Although it had not been the first attempt hackers had utilised the Internet of Things to control an attack, the measure of effort against Dyn had been an eye opener to users who had not realized that the impact of internet-linked things joined in daily life would foresee new risks.

A widely respected cryptographer, Adi Shamir who assists pioneer modern encryption methods and is also one of the authors of the report, had commented that `even the best internet defense technologies would not stop such an attack.The new risk is said to come from a little-known radio protocol named ZigBee which had been developed in 1990s.

 ZigBee is a wireless standard which is used extensively in home consumer devices. Though it has been presumed to be secure, it has not been held up for scrutiny of the other safety methods utilised across the internet. The researchers had discovered that the ZigBee standard could be utilised in creating a computer worm to spread the malevolent software in devices which were internet-linked.

Wednesday, 26 October 2016

Hackers Used New Weapons to Disrupt Major Websites Across U.S.


map
Crucial sites were difficult to reach to individuals crosswise over wide swaths of the United States on Friday after an organization that oversees vital parts of the web's framework said it was under assault. Programmers unleashed a mind-boggling operation on the internet through some devices like webcams and computerized recorders and slice access to a portion of the world's best-known sites, a staggering rupture of worldwide web dependability. Clients reported sporadic issues achieving a few sites, including The New York Times, Spotify, Twitter, Reddit, Airbnb,Etsy, SoundCloud, and Netflix. The organization, Dyn, whose servers screen and reroute web activity, said it started encountering what security specialists called a dispersed dissent of-administration assault in the early morning.

Reports that numerous locales were blocked off began on the East Coast, however, spread westbound in three waves as the day wore on and into the night. Also, in an upsetting improvement, the assault seems to have depended on a huge number of web associated gadgets without their proprietors' knowledge — with programming that permits programmers to summon them to surge an objective with overpowering activity.

The assaults were not just more regular, they were greater and more advanced. The run of the mill assault dramatically increased in size. Besides, the aggressors were all the while utilizing diverse techniques to assault the organization's servers, making them harder to stop. The most successive targets were organizations that give web foundation administrations like Dyn.

The main cause and working of the gadgets-

Jason Read, the creator of the web execution checking firm CloudHarmony, possessed by Gartner Inc., said his organization followed a half-hour-long interruption early Friday influencing access to numerous destinations from the East Coast. Dyn is a New Hampshire-based supplier of administration for overseeing DNS, which goes about as switchboard associating web activity. Krebs, whose site was focused by a comparative assault in September, said the XiongMai gadgets are basically unfixable and will remain a threat to others unless they are completely expelled from the web.

These gadgets are thusly used to make a botnet, or robot system, to send a large number of messages that thumps the out casualties' PC frameworks. The source code for Mirai was discharged on the purported dull web, locales that work as a kind of online underground for programmers, toward the start of the month.

The assault comes during an era of increased open affectability and worry that the country's establishments and framework could confront huge scale hacking assaults. The latest illustration has been the arrival of messages stolen from the servers of the Democratic National Committee, which the USA knowledge sources say was the work of Russian Federation.

The theme has come up often amid the fall's hard-battled presidential crusade. The US Department of Homeland Security and Federal Bureau of Investigation both were mutually exploring the late blackout. Dyn authorities wouldn't affirm the figure amid a phone call later Friday with correspondents.

It is too soon to figure out who was behind the assaults, however, it is this kind of assault that has US authorities concerned. They are concerned that an assault could keep nationals from submitting votes.

Thursday, 6 October 2016

Have hackers turned my printer into an offensive weapon?



list
It was just last month that is in September one of the largest net attacks took place with pinpointed a renowned OVH a French hosting firm and a blogger. This single attack is believed to have comprised of over one trillion bits of data. Both of the hacking events marked a change in the methods used by hackers who survive by breaking into websites which hold widespread data add this form of attacks is known as Distributed Denial of Service attacks (DDoS). The data was sent to the targets through and other such "smart" devices which were hijacked by the hackers.

Can I tell if my webcam/DVR/printer is attacking someone? 

Well to be honest, not easily. If you are a medium of bombarding someone else, your internet speed may slow down however it may not be noticed at times of normal browsing while it may be evident when it comes to video or music streaming or games which will lag. For those who are tech savvy, they can make use of software’s which keep a tab on the flow of data packs on their home network, however this is not easy if you are unaware of what you are doing exactly.

Could I get in trouble for letting my webcam attack someone? 

In terms of legality, you can’t get into trouble with the police however it is believed through researches that a hacker can get into your internal network through a webcam hack and keep a tab on everything else. So in such a case you have an intruder which is best if gotten rid of by taking the necessary action.

Why are malicious hackers using these devices? 

That’s because it is way easier to hack in comparison to PCs or servers and these devices tend to make use of default passwords and fail to have any kind of security software in place. And to the benefit of the hackers, there are endless numbers that stay on all day long and it is a task to both update as well as secure. In modern days it is extremely easy for hackers, they are able to target vulnerable devices and put together an army of their own to create a botnet without having to rent hijacked machines like in the past.

What kind of devices are they scanning for? 

Web-associated cameras are especially prominent however outputs are likewise being completed for advanced TV recorders, home routers and printers. All these have a fundamental processor inside that can be subverted to pump out attack packets. Brian Krebs, the blogger who experienced an assault an IoT botnet, has ordered a rundown of gadgets known to have misused his webpage with information. Large portions of the login names and passwords for these gadgets are anything but difficult to-crack. On 1 October, source code for one IoT assault was freely shared, driving some to propose that numerous more malignant programmers will now begin checking for vulnerable gadgets. This guide made by security firm Symantec demonstrates where Europe's botnets are facilitated. Turkey is home to the vast majority of the commandeered devices and PCs.

How new are these types of attacks? 

The main DDoS assaults were seen on the web in 2000. The primary influx of information bombardments was gone for betting locales which were undermined with being thumped disconnected unless they paid an expense. The greater part of those coercion endeavors utilized commandeered PCs to send information. Presently the ascent of the Internet of Things that is populated with brilliant gadgets has commenced recharged enthusiasm for these sorts of assaults. Security scientists have cautioned about the perils of unreliable IoT gadgets for quite a while yet they are beginning to be utilized for critical assaults sooner than numerous individuals anticipated.

Friday, 12 August 2016

Hackers Breach the Ultra-Secure Messaging App Telegram in Iran

Telegram

Telegram Accounts Hacked – Susceptibility of SMS Text Message


According to Reuters, over a dozen Iranian Telegram accounts, like the messaging app having a focus on security have been compromised in the last year due to the susceptibility of an SMS text message.They have recognized around 15 million Iranian users’ phone numbers, which seems to be the biggest known breach of the encrypted communication systems as informed by cyber researchers to Reuters.

 According to independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, studying Iranian hacking groups for three years has informed that the attack which had occurred this year, had not been reported earlier, has endangered the communication of activists, journalist together with several others in sensitive positions in Iran, where Telegram is said to be utilised by around 20 million users.

Telegram tends to endorses itself as an ultra-secure instant messaging system since all the data is encrypted from beginning to end which is known as end-to-end encryption. Various other messaging services comprising of Facebook Inc., WhatsApp state that they have the same proficiencies. Telegram, which is headquartered inBerlin, states that it has 100 million active subscribers and is extensively usedin Middle East, inclusive ofthe Islamic State militant group and in Central and Southeast Asia as well as Latin America.

Authorization Code –Diverted by Phone Company/Shared with Hackers


According to Anderson and Guarnieri, the susceptibility of Telegram is in its use of SMS text messages in activating new devices. When a user tends to log on to Telegram from a new phone, the company directs them with an authorization code through SMS which can be diverted by the phone company and shared with the hackers, according to the researchers.

Equipped with the codes, the hackers can now add new devices to the Telegram account of the user enabling them to read chat histories together with the new messages. Anderson had informed during an interview that they had over a dozen cases where Telegram accounts have been negotiated through ways that sound like fundamentally coordinated with the cellphone company.

According to the researchers, Telegram’s dependence on SMS verification tends to make it defenceless in any country where the cellphone companies are possessed or profoundly influenced by the government.

Iranian Hacking Group – Rocket Kitten


Telegram spokesman stated that customers could defend against these attacks by not relying on the verification of SMS. Telegram enables though it is not essential that customers create passwords which could be reset with the so-called recovery emails.

The spokesman, Markus Ra has informed that if one has a strong Telegram password and the recovery email is secure, the attackers can do nothing about it. The researchers believe that the Iranian hacking group Rocket Kitten is responsible for the Telegram breaches based on resemblances to the setup of past phishing attacks credited to the group.

There is a prevalent rumour that Rocket Kitten tends to have ties to the Iranian government. John Hultquist, managing the cyber espionage intelligence team at the security firm FireEye, of Rocket Kitten has informed that `their focus generally revolves around those with an interest in Iran and defense issues however their action is completely global. With regards to Telegram attacks, it has also been suggested by the researchers that SMS messages could have been conceded by Iranian cell phone companies, which is an industry that has prospective links with the government

Wednesday, 4 May 2016

Hackers Steal Millions of Minecraft Passwords

Minecraft

Minecraft Passwords Stolen by Hackers


Login data of more than seven million members of the Minecraft site Lifeboat has been stolen by hackers. Lifeboat is a service for determined servers and customized multiplayer games for Minecraft Pocket Edition and this data breach tends to affect customers who seem to use the service. If one has used Minecraft Pocket Edition without signing up for Lifeboat, it is ok but if one used Lifeboat, they would possibly get a message compelling them to change the password for the site in early 2015 which was because the company was aware about the hack, though it had not made the information public till recently. Lifeboat permits members to run servers for customised, multiplayer maps for smartphone edition of Minecraft.

There is confirmation that the information that is stolen comprising of email addresses and passwords is provided on site that trade in hacked data. Investigation recommends that passwords were weakly protected and hence attackers could work them out with ease. Evidence regarding the breach had been passed to Tony Hunt, independent security expert, who stated that he had received the list from someone who tends to trade in stolen identifications. Most of the people had informed him that the data had been circulating on dark net sites.

Passwords for Lifeboat Hashed – Little Security


Mr Hunt had mentioned that the data had been stolen in early 2016 though the breach had only been known, now. He said that passwords for Lifeboat accounts were hashed though the procedure utilised provided little security. Hashing is said to be a technique utilised to scramble passwords in order that they are not easily read if the data tends to get stolen or lost. According to Mr Hunt, usually a Google search for hashed password would practically provide it in an accurate plain text and people familiar in cracking tools could possibly computerize and accelerate this procedure.

He further stated that a Google search for a hashed password could quickly return the correct plain text value and well known cracking tools could automate as well as speed up this procedure. He had mentioned in a blogpost regarding the breach that a large percentage of those passwords would be reverted to plain text in a short time. He also informed that this often tends to lead to other security problems since several people re-use passwords and find out one which could lead attackers to compromise accounts on other sites. Lifeboat, in a statement provided to Motherboard, had stated that it had taken action in limiting the damage.

How to Minimise Damage to Users


It informed the news site that when this occurred in early January, they figured the best thing for their players was to quietly force password resets without letting the hackers know they had limited time to act, adding that it now used stronger hashing procedures. It also mentioned that they had not received any reports of anyone being damaged by this. Mr Hunthad been critical of the company for `quietly’ compelling the password re-set stating this policy had left him speechless.

As an alternative, he said that Lifeboat should have done more in alerting users so that they could change passwords rapidly if they used the same one on other sites. He said that the first thing which should be a priority with any company after an incident like this is `How to minimise the damage to the users’.

Wednesday, 13 April 2016

The Ransomware That Knows Where You Live

Ransomware

Ransomware - Scam Email Quoting People’s Postal Addresses -


As per security researcher, an extensively distributed scam email quoting people’s postal addresses tends to link to a dangerous kind of ransomware. After getting to know of an episode of BBC Radio 4’s You and Yours that discuss about the phishing scam, Andrew Brandt, of US firm Blue Coat had got in touch with BBC. He found that the emails seemed to be linked to ransomware known as Maktub.

The malware tends to encrypt the files of the victims, demanding a ransom to be paid before they can be unlocked. The recipients were told by the phishing emails that they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking a link. However, according to Mr Brandt that leads to malware. One of the said emails had been received by You and Yours reporter, Shari Vahl. Mr Brandt had informed BBC that `it was incredibly fast and by the time the warning message had appeared on the screen, it had already encrypted everything of value on the hard drive, it happened in seconds’. Maktub does not only demand a ransom but it tends to increase the fee which needs to be paid in bitcoin, as time passes.
Ransomware_1

Addresses Highly Precise


One of the website connected with the malware had explained that during the first three days, the fee is at 1.4 bitcoins or around $580 and rises to 1.9 bitcoins or $799 after the third day. The recipients are told by the phishing emails that they owe money to British business and charities when they do not owe them anything. One of the organisations named was Koestler Trust, a charity that tends to help ex-offenders and prisoners produce artwork.

Chief executive Sally Taylor told You and Yours that they rely on generous members of the public and was very distressed when they discovered that people felt they had received emails from them asking for money when they had not been generated by them at all. A remarkable feature of the scam was that they included not only the victim’s name but the postal address as well. Several of them including the BBC staff had noticed that the addresses were generally highly precise.

Data Derived from Leaked/Stolen Databases


As per cybersecurity expert at the University of London, Dr Steven Murdoch, it is yet not clear how scammers were able to gather people’s addresses and link them to names and emails. The data could have been derived from a number of leaked or stolen databases for instance making it difficult in tracking down the source.

Many of the people had got in touch with You and Yours team to inform that they were concerned that the data could have been taken from their eBay account since their postal addresses had been stored in the same format there as they seemed to appear in the phishing emails.

The firm had mentioned in a statement that eBay tends to work aggressively in protecting customer data and privacy which is their highest priority and they are not aware of any link between this new phishing scam and the data of eBay. In an effort of creating the safest, environment possible for their customers, they tend to constantly update their approach to customer data security.

Thursday, 24 March 2016

Why the Government can’t Actually Stop Terrorists from Using Encryption


Whatsapp

Encrypted devices at the hand of the governmental agencies seem like a bliss but same is made available for the common public or more importantly lands in the hands of terrorists then world appears to be in danger. U.S. government is currently failing to gain an upper hand in the fight to compel the tech giant Apple and others to give access to their encrypted devices. But having to these encrypted devices and technologies will not be enough to marginalize the wide availability of same technologies to the terrorists and criminal minded individuals.

How the encrypted service or devices turns to be out-of-reach of U.S. government

Most of the encrypted products and services are made by the developers who are from all parts of globe. In simple words most of the encryption projects happens to be open source in nature which brings an amalgamation of great developers from across the globe and it puts them out of government’s reach as well.

An example will help in understanding the limitation of governmental agencies in going after the encrypted services and products. There is a popular instant messaging service based in Germany called Telegram and it offers one of kind encrypted chat functionality. Another encrypted services provider which helps in encrypted voice call and test messages is called Silent Phone which is based in Switzerland. They are simply out of reach of the U.S. government but are easily available for the public and criminal minded individuals alike.

Open source projects are simply driving the ushering of encrypted technologies reach

A research conducted by the Open Technology Institute has revealed that there are about 16 different applications for encrypted communications are being developed outside of US mainly through the open source projects.

U.S. government hands are simply tied as it can’t stop the developers from developed such application outside its borders. However it is enraging a battle against the domestic companies which offers encryption services to its consumers.

Even more number of common users has started making use of strong means and forms of encryption technologies than before for their own reasons. This has made it necessary for the tech companies to bring such encrypted features in their own applications as default in order to reign in consumers from adopting other applications. iPhone has already brought the features of setting up the password by default in order to encrypt the information stored on the device. On other hand Facebook owned Whatsapp is thinking aggressively about bring an encrypted texts and messages features on its instant messaging platform.

U.S. government has finally understood that with continuous availability and emergence of new mode of encrypted communication applications it is not feasible to reign in the availability to the users. But as it is working on other front of reducing the amount of information which is likely to get encrypted by bringing in default encryption features in the popular applications and devices. In other words U.S. battle against encryption is not going to stop the common users and terrorist alike from using the encryption technologies in future.

Tuesday, 22 March 2016

Chinese Hackers Behind U.S. Ransomware Attacks Security Firms

Hack

A group of four security firm investigating the cyber attacks on the U.S. based companies has found that most of the hackers make use of the same tactics and tools which were once associated with the Chinese government supported cyber attacks. Ransomware has become a major tool for unleashing the cyber attacks on the unsuspecting common users. Ransomware as the name suggests simply take over the control of the system and very carefully encrypts all the data stored on the system which leaves it inaccessible to the users. In order to get back the access users are required to a ransom of few Bitcoins.

Hackers tricks users into installing Ransomware

Security firms have stated that hackers use various complex and highly intelligent ways to spread ransomware by actively exploiting the vulnerabilities found in the application servers. Once vulnerability has been compromised hackers tricks users into installing ransomware on their devices. In one of the recent attacks more than 30% of the machines at transportation and a technology firm were infected with the ransomware.

The rise of ransomware over the years

Ransomeware aren’t something new as it has been in wide usage by the cyber criminals over a decade. In the beginning unsuspecting users were lured into downloading infected programs or antivirus suits which when installed happens to overtake the device and requires a ransom of certain amount in order to get back the access.

However in the recent years cyber criminals has got hand at the better encryption techniques which ensures that users wouldn’t be able to get access to their files without paying the ransom. Formatting the devices is a great way to do away with the ransomware but it comes at the cost of losing all the data associated with device. Ransomware payments are mainly made in the virtual currency Bitcoin which offers secrecy from governmental agencies and others.

‘Mind’ game behind ransom

Ransomware happens to be one of the most successful tools of the cyber criminals as a greater percentage of infected users end up in paying the modest ransom amount for their inaccessible data. Cyber criminals usually set a modest price as a ransom in order to give back the access to the users. Most of the victims are willing to pay this amount in order to get back their data and it also results in getting positive response in the online sphere. Assume a victim pays about 1 or 2 Bitcoin which amounts to $600 and he gets back the access to its data and he give a feedback on the online forums that he was relieved to get access to data finally after paying then ransom operators. In short all the other victims searching for this malady online will be more willing to pay on basis of this feedback.

On other hand security firms have warned victims that paying ransom will only end up in making cyber criminals much more ambitious. Very soon they will shift from asking ransoms of few Bitcoins to performing some complicated scams and credit card theft as well.

Tuesday, 16 February 2016

Hack' on DoJ and DHS downplayed

DHS

Data Breach – DoJ/DHS

The US authorities had approved a data breach disturbing the Department of Justice, DoJ as well as the Department of Homeland Security – DHS, though restrained its severity. As per technology news site, Motherboard, the hacker has stated that they would soon share personal information of around 20,000 DoJ employees comprising of staff at the FBI.

It was informed by the news site that it had verified small parts of the breach, but had also observed that some of the details listed seemed to be improper or probably out-dated. The Department of Justice too restrained the significance of the breach. DoJ spokesman, Peter Carr had informed Guardian that `the department has been looking into the unauthorized access of a system which was operated by one of its components comprising of employee contact information and this unauthorized access is under investigation.

However, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department has taken this very seriously and is continuing to arrange protection as well as defensive measure in safeguarding information. Any activity which is determined to be criminal in nature would be referred to law enforcement for investigation’

Hacked Data Posted on Encrypted Website

Hacked data which had been anonymously posted on encrypted website and reviewed by the Guardian comprise of a DHS personnel directory and the information listed included phone numbers together with email addresses. These were for individuals who have not worked for DHS for years. Besides this, some of the listings also had out-dated titles.

The encrypted DHS directory had appeared online prior to 7 pm EDT on Sunday and the password seemed to be `lol’. A source demanding responsibility had informed Motherboard who had revealed the story of the hack, that they had compromised the employee account of DHS and had then used the information from it to convince an FBI phone operator to provide access to the computer system of DoJ.

 The hackers had promised to release the information from the DoJ on Monday. At 4 pm EDT, an identical list had been posted on the same site with a DoJ staff directory which had also appeared to be out-dated. In order to assess the hack, during a government wide-meeting, an official compared it to stealing a years old AT&T phone book after the telecom had digitized most of its data already.

Disruption Regularly in Government Data Security

However, experienced officials state that it should be less simple in obtaining access token by imitating an official from a different department over the phone to a help desk.Things tend to be disrupted regularly in government data security and the OPM hack, exposed in June, revealed the deeply researched security clearance of 21.5m present and former government employees together with contractors from phone numbers to fingerprints.

 But the DHS breach seems to be far less severe and it is especially embarrassing considering that the department has been selected the point of entry for all corporate data shared with government agencies in the debated information sharing program between government and industry developed last year, by the Cybersecurity Information Sharing Act. The program wherein private companies tend to share user information with the government in exchange for immunity from regulation had not been accepted from its start at the DHS, which is left holding the bag in the incident of a breach.

Alejandro Mayorkas, DHS deputy secretary cited troubling provision from the bill to Senator Al Franken in a letter sent in July, wrote that `the authorization to share cyber threat indicators and defensive measures with any other entity or the Federal Government, notwithstanding any other provision of law, could sweep away important privacy protection’

Tuesday, 29 December 2015

Java Plugin Malware Alert to be issued by Oracle


Java
Oracle is widely known for being behind the popular programming language called Java. Java is used for variety of purposes by the developer from making apps, games to even other robust programs. Oracle has issued an advisory where it has warned millions of Java users could get exposed to a malware threat which results due to the flaw in the software update tool. This particular plug-in is installed on a large number of PCS’s which allows them to run small programs written in the Java language.

Oracle has issued an alert for this malware threat on the social media as well as on its official website. US’s Federal Trade Commission is currently investigating the Oracle for any wrongdoing which isn’t a good time for the malware to emerge.

The threat of the Malware target

The reason for launching an investigation on Oracle can be summarized from the FTC’s complaint which states that Oracle was aware of number of security issues in the Java SE (standard edition) plug-in when it bought Java technology from its creator Sun in 2010. FTC has highlighted the flaws in the security system of the Java will can easily allow hackers to craft malware providing access to consumer’s usernames and passwords for the financial accounts. Apart from this malware can even be designed to feed of other vital and sensitive information which results in the attack on the user’s privacy. FTC has alleged that Oracle has been fooling its customers by asking them to install its updates which would ensure that their PC’s remain safe and secure. But Oracle had the firm knowledge that the Java has existing security issues.

Reasons for security issues in Java

The presence of security issues in the Java language is mainly attributed to Sun as it didn’t deleted the original update process in the earlier versions of the software before passing it on to Oracle. FTC states that it offers a great way for the hackers to exploit and launch their attacks on the PCs running Java.

Oracle has tried to address this issue but its update tools were only able remove the issues in latest version of Java but it left the earlier editions behind. Oracle only managed to rectify the problem in August 2014. In the current investigation being carried out by the FTC Oracle is not liable to plead ignorance as internal documents dating 2011 has stated that Java update mechanism is not aggressive enough or simply not working.

Trouble days for Java

Java is currently used to power a wide number of web browser base games, hat tools, and calculator and performs some other essential functions. Java also happens to be one of the top three applications which are targeted by the criminals. Most of the people don’t even know that it comes pre-installed on a large number of machines. FTC is recommending the business to stop using the java application or to remove them from their systems in order to remain safe secure from cyber threats. FTC is basically corned about the update procedures which are followed by the Oracle and it will not simply settle the problem by imposing a financial penalty.

Wednesday, 14 October 2015

Crippling Linux Botnet Strikes Gaming, Education Sites


Botnet
Botnet Plundering Linux Computers – Attack Powerful


The IT world has recently revealed that a botnet has been plundering the Linux computers and the attacks seem to be quite powerful. Several of the targets seem to be in Asia and the security experts are making efforts in tracking them and the botnet appears to be of Asian origin.

A network of Linux computers seems to be flooding gaming as well as education sites with about 150 gigabits per second of malicious traffic, according to Dan Goodin of Ars Technica, which in some cases is adequate to knock the targets offline.

This is a DDoS – distributed denial-of-service network and the discoveries are from Akamai Technologies. The Security Intelligence Response Team – SIRT, at Akamai reflected the botnet XOR DDoS as `High Risk’ in an advisory posted recently.

 It is said that the XOR DDoS botnet had developed and now has the potential of mega DDoS attacks at 150 plus Gbps and are utilising a Trojan malware in hijacking the Linus system. The first access was obtained by brute force attacks in order to discover the password to Secure Shell services on a Linux machine. When the Login has been attained, the attackers used root privileges in order to run a Bash shell script, thereby downloading and executing the nasty binary

SIRT Tracking XOR DDoS – Trojan Malware


Akamai’s Security Intelligence Response Team has been tracking XOR DDoS, which is a Trojan malware that DDoS attackers seemed to have used in hijacking Linux machines in building a botnet for distributed denial of service attack campaigns with DNS and SYN floods.

Some of the key points observed by Akamai were that the gaming sector had been the main target, which was followed by educational institutions. The botnet seemed to attack around 20 targets each day, 90% of which were from Asia.

The malware tends to spread through Secure Shell – SSH services vulnerable to brute force attacks owing to weak passwords. This could turn from bad to worse. The team at Akamai expect the XOR DDoS activity would continue since attackers refine and improve their methods, inclusive of a more diverse selection of DDoS types of attack.

Advisory Describing DDoS Mitigation/Malware Removal Information Available


As per the Akamai team, the IP address of the bot seems at times hoaxed though not always. The botnet attacks noticed that in the DDoS campaigns against Akamai consumers were a mixture of hoaxed and non-hoaxed attack traffic. According to Lucian Constantin of IDC News Service recently stated that this power to generate crippling attacks at more than 150 Gbps represent several time greater than a usual company’s organization could endure.

 In the meanwhile an advisory describing this threat inclusive of DDoS mitigation payload analysis as well as malware removal information is made available for download from Akamai. Eliminating the XOR DDoS malware seems to have a four step procedure wherein most of the scripts are provided in the advisory.

Senior vice president and general manager of Akamai, Stuart Scholly has said that XOR DDoS is an example of attackers switching focus and developing botnets utilising compromised Linux systems to launch DDoS outbreaks. This occurs more frequently now than earlier, when Windows machines were the main targets for DDoS malware.

Thursday, 8 October 2015

Global Nuclear facilities 'At Risk' of Cyber-Attack

Iran

Cyber-Attacks on Nuclear Power Plants on the Rise


According to a report, the danger of serious cyber-attack on nuclear power plants across the globe is on the rise. It has stated that civil nuclear infrastructure in several nations are not well equipped to defend against such outbreak.

 The report had mentioned that most of the control systems for the organization were insecure by design due to their age. Circulated by the influential Chatham House committee, the report considered cyber defences in power plants across the world over an 18 month period. It stated that cyber criminals, state sponsored hackers as well as terrorists were increasing their online activity which would mean that the risk of a significant net based attack would prevail.

 This kind of attack on nuclear plant though on small scale or unlikely, should be taken seriously due to the harm which would follow if radiation was released. Besides, it is said that even a small scale cyber security instance at a nuclear facility would lead to a disproportionate effect on public opinion as well as the future of the civil nuclear industry.

Research, unfortunately carried out for the study indicated that the UK’s nuclear plants and the related organization did not seem to be adequately protected or prepared due to the industry being converted to digital systems recently.

Increase in Digitisation/Growing Reliance on Commercial Software


Increase in digitisation and growing reliance on commercial software is giving rise to the risk that the nuclear industry tends to face. There seems to be a `pervading myth’ that computer systems in power plants were isolated from the internet due to which, they were immune to the type of cyber-attacks which has evaded other industries.This air gap between the public Internets and nuclear system seems easy to breach with `nothing more than a flash drive’.

It observed that the destructive Stuxnet computer virus infected Iran’s nuclear facilities through this route. The researcher also came across virtual networks together with other links to the public internet on nuclear structure networks.

Some of these seemed to be unknown or forgotten, by those in charge of these organisations. Search engines which had hunted out critical structures had indexed these links making it easy for attackers to locate ways in to networks as well as control systems

Security with Cyber Security – Priority for Power Station Operators


According to chief executive of the Nuclear Industry Association, Keith Parker, he states that `security inclusive of cyber security is an absolute priority for power station operators. All of Britain’s power stations are designed with safety in mind and are stress tested to withstand a huge range of potential incidents. Power station operators tend to work closely with national agencies like the Centre for the Protection of National Infrastructure and other intelligence agencies, to be aware of emerging threats always’.

He added that the industry’s regulator continuously monitors plant safety to protect it from any outside threats.The first international conference with regards to cyber threats facing plants and manufacturing facilities was held in June this year by the International Atomic Energy Agency.

 Yukiya Amano, director of the IAEA had informed during the conference, that both random as well as targeted attacks were directed at nuclear plants. In a keynote address to the conference he commented that `staff responsible for nuclear security needs to know how to repel cyber-attacks and to limit the damage should the system be penetrated.

Wednesday, 23 September 2015

Poker Players Targeted By Card-Watching Malware

Poker

Malware Target Popular Online Poker Sites


Malware researchers at security firm ESET have come across a new Trojan which has been designed to cheat online poker by a sneak quick look at the cards of infected opponents. According to ESET’s security researcher, Robert Lipovsky, the malware is said to target PokerStars and Full Tilt which are two of the most popular online poker sites.

He has mentioned in his recent blog post that the attackers operate in a simple manner and after the victim has been affected successfully with the Trojan, the culprit then attempt to join the table where the victim tends to be playing with an unfair advantage by getting to know about the cards in their hands.

Malware, Win32/Spy.Odlanor, covers up as a benevolent installer for several general purpose programs like Daemon Tools or mTorrent. Lipovsky has mentioned that people tend to get infected while downloading some other useful application from some unofficial source.

In some instances, it tends to get loaded on to the user’s systems through several poker related programs which comprises of poker player databases as well as poker calculators like Tournament Shark, Smart Buddy, Poker Calculator Pro, Poker Office and much more.

Prowls in Software Created For Better Performance


The tricky malware has been discovered prowling in software created to support poker fans with better performance according to a security firm which discovered it. The software is also said to target other valuable information on a user’s computer like login names as well as passwords.

When a system is infected, the software observes the activity of the PC and operates when a victim has logged in to any of the two poker sites. Thereafter it begins taking screenshots of their activity and the cards they tend to deal with and send the screenshots to the culprits.

Lipovsky mentioned that later on the screenshots can be retrieved by the cheating culprits which reveal not only the hands of the infected opponent but the player ID as well.This according to ESET enables the criminals to search the sites for that play and join in their game. Both the targeted poker sites permit searching for players by their player ID and so the culprit can connect with ease at the table on which they tend to be playing.

Largest Detection of Spywares – Eastern European Countries


With the information gathered with regards to the victim’s hand, it provides significant advantage to the criminal. Lipovsky writes that he is not sure if the attacker tends to play the games manually or in some automated way.ESET have discovered that the Windows malware seem to be prowling in some of the well-known file-sharing applications, PC utilities and many other widely used poker calculators and player databases.

Lipovsky writes that the largest number of detection of spyware has been active for several months where most of the victims were from Eastern European countries. However, the Trojan tends to be a potential threat to any online poker player.

 Most of the victims were from the Czech Republic, Poland and Hungary. ESET had stated that they had discovered various versions of this malware dating back to March 2015. To make matters worse, new versions also tend to contain `general purpose data stealing functions’ with the abilities of siphoning passwords from several web browsers. As of September 16, several hundred users have been infected with Win32/Spy.Odlanor.

Tuesday, 1 September 2015

Samsung Smart Fridge Leaves Gmail Logins Open to Attack

Smart_Fridge

Samsung Smart Fridge – MiTM attacks on Connections

Security researchers have identified a possible way of stealing user’s Gmail identifications from Samsung smart fridge. At the recent DEF CON hacking conference, Pen Test Partners have discovered the MiTM – man-in-the-middle, weakness which enabled the exploit at the time of the IoT hacking challenge. The hack was against the RF28HMELBSR smart fridge, a part of Samsung’s line-up of Smart Home appliances that is controlled through their Smart Home app.

Though the fridge gears SSL, it tends to fail in validating SSL certificates thus enabling man-in-the middle attacks on most of the connections. Internet connected devices are designed to download Gmail Calendar information to on-screen display. Security shortcomings would mean that hackers who tend to be on the same network could possibly steal Google login information from their neighbours.

According to a security researcher at Pen Test Partners, Ken Munro, `the internet-connected device is designed to download Gmail Calendar information on its display and it seems to work the same way like any device running a Gmail calendar. User or owner of the calendar, logged in, can make updates and those changes are then seen on any devices which a user could view the calendar on

Fridge Fails to Validate Certificate

The fridge fails to validate the certificate while the SSL is in place and hence the hacker who tend to access the network where the fridge is on, probably through a de-authentication and fake Wi-Fi access point attack, can man-in-the-middle, the fridge calendar client and steal Google login information from the neighbours.

Since the fridge has not yet been in Europe, the UK based security consultancy fell short of time at DEF CON in trying to interrupt communications between the fridge terminal and the software update server. Efforts were made to mount a firmware-based attack through a customer updates was not successful but they had more safety when it pulled apart the mobile app and discovered the possible security problem in the process, though was not confirmed.

Name of a file that was found in a keystore of the mobile app’s code indicated that it comprises of the certificate which was used to encrypt traffic between the mobile app and the fridge.

Working on IoT Security/Hacking Research

The certificate had the correct password though the information to the certificate seemed to be stored in the mobile app in an obscured manner.

Then the next step would be to find out the password and use the certificate data in order to confirm to the fridge and send commands over the air to it. Pedro Venda of Pen Test Partners adds that `they wanted to pull the terminal unit out of the fridge in order to get physical access to things such as the USB port and serial or JTAG interfaces, but were unable to do so since they had run out of time. The MiTM is sufficient enough to expose a user’s Gmail information’.

 The team at Pen Test Partners are working on more IoT security and hacking research. It had published research that revealed Samsung’s smart TV’s failure to encrypt voice recordings sent through internet, in February. Samsung had informed that they were looking into the issue and stated that `at Samsung they understand that the success depends on consumer’s trust and the products and services provided. Protecting consumers’ privacy is the top priority and will work hard each day to safeguard valued Samsung users’.