Showing posts with label cyber attack. Show all posts
Showing posts with label cyber attack. Show all posts

Wednesday 17 May 2017

rpcbomb: remote rpcbind denial-of-service + patches

It is imperative to block the post immediately after being used. Sources have claimed that a payload of 60 bytes which is sent to a UDP socket via a rpcbind service which is capable of leading to a crash to its host by blocking the memory of the target user.

This rpcbind vulnerability is enough to crash your entire system, which will lead to further consequences like blocking your entire system, loss of all the primary data and files. The vulnerability can be avoided only by taking proper measures and being cautious enough in terms of blocking all the ports.

The rpcbomb exploit was manufactured by Guido Vranken, he is the person behind the discovery of vuln. He is a very tactful person and rumors are he wrote the matches for the system himself since he was unable to contact the maintainers to get the required actions for putting up the managing packages. This complaint against him is viral everywhere which has made him famous both positively and negatively by setting an example that if you are determined enough to get something, none can stop you from achieving it.

He with regard to this complaint has written Shodan which is responsible for converting rpcbind’s Port up for almost 1.8 million hosts. This port related to rpcbind vulnerability is also known as Port 111 subjected to the Internet. Some or even many are hosting mass like AWS, where a user generally configures a default Linux distribution and if you really intend to run rpcbind which binds all the RPC calls to their address by putting all the limitations of firewall Port 111 behind the world outside. The experts have suggested that the best way in which you can avoid this situation is by turning off the daemon, they say it is the easiest way of avoiding rpcbind vulnerability to block your port.

The patches present in the GitHub are said to be small enough through which the developers get a way to figure out whether they are nice and accurate or not. This also helps them to ensure that whether they aren’t malicious. Sources have even suggested that a rpcbind vulnerability requires only two lines for getting it fixed, while libtirpc requires 256 lines to get the thing patched and rectified. In this way, we can understand that how serious is the damage that has taken place.

Vranken has suggested that rpcbind vulnerability enables an attacker to attach itself to ample number of bytes i.e. almost up to 4 gigabytes per attack that too for the host of a remote bind and the memory is never released from the attack unless the entire system gets crashed or the administrator waits for a while or restarts the service again.

It is certain that an attacker can possibly go beyond the limits of only hosting the target. Vranken writes as per this situation since some software is always subjected to unpredictable downfalls when the system tends to run out of the memory.

Wednesday 13 April 2016

The Ransomware That Knows Where You Live


Ransomware - Scam Email Quoting People’s Postal Addresses -

As per security researcher, an extensively distributed scam email quoting people’s postal addresses tends to link to a dangerous kind of ransomware. After getting to know of an episode of BBC Radio 4’s You and Yours that discuss about the phishing scam, Andrew Brandt, of US firm Blue Coat had got in touch with BBC. He found that the emails seemed to be linked to ransomware known as Maktub.

The malware tends to encrypt the files of the victims, demanding a ransom to be paid before they can be unlocked. The recipients were told by the phishing emails that they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking a link. However, according to Mr Brandt that leads to malware. One of the said emails had been received by You and Yours reporter, Shari Vahl. Mr Brandt had informed BBC that `it was incredibly fast and by the time the warning message had appeared on the screen, it had already encrypted everything of value on the hard drive, it happened in seconds’. Maktub does not only demand a ransom but it tends to increase the fee which needs to be paid in bitcoin, as time passes.

Addresses Highly Precise

One of the website connected with the malware had explained that during the first three days, the fee is at 1.4 bitcoins or around $580 and rises to 1.9 bitcoins or $799 after the third day. The recipients are told by the phishing emails that they owe money to British business and charities when they do not owe them anything. One of the organisations named was Koestler Trust, a charity that tends to help ex-offenders and prisoners produce artwork.

Chief executive Sally Taylor told You and Yours that they rely on generous members of the public and was very distressed when they discovered that people felt they had received emails from them asking for money when they had not been generated by them at all. A remarkable feature of the scam was that they included not only the victim’s name but the postal address as well. Several of them including the BBC staff had noticed that the addresses were generally highly precise.

Data Derived from Leaked/Stolen Databases

As per cybersecurity expert at the University of London, Dr Steven Murdoch, it is yet not clear how scammers were able to gather people’s addresses and link them to names and emails. The data could have been derived from a number of leaked or stolen databases for instance making it difficult in tracking down the source.

Many of the people had got in touch with You and Yours team to inform that they were concerned that the data could have been taken from their eBay account since their postal addresses had been stored in the same format there as they seemed to appear in the phishing emails.

The firm had mentioned in a statement that eBay tends to work aggressively in protecting customer data and privacy which is their highest priority and they are not aware of any link between this new phishing scam and the data of eBay. In an effort of creating the safest, environment possible for their customers, they tend to constantly update their approach to customer data security.

Tuesday 16 February 2016

Hack' on DoJ and DHS downplayed


Data Breach – DoJ/DHS

The US authorities had approved a data breach disturbing the Department of Justice, DoJ as well as the Department of Homeland Security – DHS, though restrained its severity. As per technology news site, Motherboard, the hacker has stated that they would soon share personal information of around 20,000 DoJ employees comprising of staff at the FBI.

It was informed by the news site that it had verified small parts of the breach, but had also observed that some of the details listed seemed to be improper or probably out-dated. The Department of Justice too restrained the significance of the breach. DoJ spokesman, Peter Carr had informed Guardian that `the department has been looking into the unauthorized access of a system which was operated by one of its components comprising of employee contact information and this unauthorized access is under investigation.

However, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department has taken this very seriously and is continuing to arrange protection as well as defensive measure in safeguarding information. Any activity which is determined to be criminal in nature would be referred to law enforcement for investigation’

Hacked Data Posted on Encrypted Website

Hacked data which had been anonymously posted on encrypted website and reviewed by the Guardian comprise of a DHS personnel directory and the information listed included phone numbers together with email addresses. These were for individuals who have not worked for DHS for years. Besides this, some of the listings also had out-dated titles.

The encrypted DHS directory had appeared online prior to 7 pm EDT on Sunday and the password seemed to be `lol’. A source demanding responsibility had informed Motherboard who had revealed the story of the hack, that they had compromised the employee account of DHS and had then used the information from it to convince an FBI phone operator to provide access to the computer system of DoJ.

 The hackers had promised to release the information from the DoJ on Monday. At 4 pm EDT, an identical list had been posted on the same site with a DoJ staff directory which had also appeared to be out-dated. In order to assess the hack, during a government wide-meeting, an official compared it to stealing a years old AT&T phone book after the telecom had digitized most of its data already.

Disruption Regularly in Government Data Security

However, experienced officials state that it should be less simple in obtaining access token by imitating an official from a different department over the phone to a help desk.Things tend to be disrupted regularly in government data security and the OPM hack, exposed in June, revealed the deeply researched security clearance of 21.5m present and former government employees together with contractors from phone numbers to fingerprints.

 But the DHS breach seems to be far less severe and it is especially embarrassing considering that the department has been selected the point of entry for all corporate data shared with government agencies in the debated information sharing program between government and industry developed last year, by the Cybersecurity Information Sharing Act. The program wherein private companies tend to share user information with the government in exchange for immunity from regulation had not been accepted from its start at the DHS, which is left holding the bag in the incident of a breach.

Alejandro Mayorkas, DHS deputy secretary cited troubling provision from the bill to Senator Al Franken in a letter sent in July, wrote that `the authorization to share cyber threat indicators and defensive measures with any other entity or the Federal Government, notwithstanding any other provision of law, could sweep away important privacy protection’

Wednesday 16 December 2015

Moonfruit takes Websites Offline after Cyber-Attack Threat

Cyber attacks have been increased rapidly throughout the globe. Sony was hacked just a few months which caused leakage of emails, movies details and other. Snapchat has also been hit in the past and now every website is playing cautious when it comes to imminent cyber attacks. Recently Moonfruit took thousands of its hosted business and personal websites offline after being threatened by a cyber-attack.

What is Moonfruit and why it took websites offline? 

Moonfruit is a UK company which helps its consumers and small business to create websites and online stores. Moonfruit is highly popular among the users in UK for its affordable pricing and efficient website builder which makes it simpler and easier to create demanding websites with less coding. Moonfruit has taken thousand of its customer’s website offline after receiving threats about a cyber attack.

Moonfruit had stated that it has kept thousands of its customer websites offline for up to 12 hours in order to make necessary changes in its infrastructure and to safeguard its consumers. Moonfruit has also perceived problems last Thursday when it suffered from a 45 minute of distributed denial-of-service attack. In this attack Moonfruit computer were overwhelmed by unwanted traffic and it made the use of its legitimate services non-functional.

Moonfruit consumers suffers from being offline

Moonfruit has informed its consumers about the decision of taking down the websites for up to 12 hours from Monday and it has generated some angst among the consumers. One such consumer Reece de Ville, a filmmaker, has complained that Moonfruit has been slow in communicating this decision which has the potential to disrupt the website performance and reach.

Moonfruits users had complained that this is bad time for taking down the websites as the holiday season is in full swings which brings higher web traffic and increases the sales volume. Apart from losing money through sales another problem faced by the users is the loss of potential clients or new clients within a day. Online stores will sells items especially for the holiday season like gifts and greeting cards store will take a severe hit in this Christmas week.

Armanda Collective behind the cyber attack threat

Moonfruit has sent emails to its customers where it explained that a notorious cyber hack group called Armanda Collective is attempting to extort money out of the company. Armanda Collective had previously successfully attacked the websites of web mail companies which included Hushmail, ProtonMail, RunBox and quite a number of Greek banking institutions.

The customers have been furious and quite unhappy with the loss of sales and potential clients. But it should also be understood that Moonfruit is a victim too of unpleasant criminal act where cyber criminals are threatening its business for extorting money. Moonfruit is working with the law enforcement authorities regarding this matter and hopes to dissolve this threat at the earliest. In the mean time customers have to bear with the Moonfruit decision of keeping the hosted websites offline.

Thursday 3 September 2015

Web Address Explosion is Bonanza for Cyber-Criminals


Explosion in Internet Addresses

According to an industry study which had been published recently, an explosion in various new Internet addresses has developed opportunities for criminals misusing shady domains like zip. kim. or party. The attackers are on the prowl of new domains like urging users in downloading malware and divulge personal data or spam their friends and a liberalisation of the Web had increased the number of top level domains tenfold in the last two years.

An investigation of tens of millions of websites had been conducted by enterprise security company Blue Coat and found that the most dangerous top level domain – TLDs were .zip, .review and country, while the safest new ones were .london, .tel and .church.

Blue Coat mentioned in its study that TLDs ideally would all be run by security-conscious operators who diligently review new domain name applications and reject those which do not meet a severe set of criteria and the reality for several of these new neighbourhoods is that this does not occur. The body which tends to manage the Web identifiers, the Internet Corporation for Assigned Names and Numbers - ICANN, had launched an initiative in order to expand the number of TLDs to encourage competition and choice online.

Generic Top-Level Domains

Initially there were only six not including country codes like .com, .edu, .gov, .mil, .net and .org. Enterprises interested in selling new TLDs had to pay $185,000 by way of fee to internet industry regulator – ICANN and demonstrate that they had the potential of running a registry.

They are presently in the process of introducing more than a thousand new web address endings which is known as generic top-level domains. The extent of the global Web domain name sales market seems to be hard to determine since several sales are private and sought-after domains tend to change hands for millions of dollars though more vague ones could be had for about 99 cents.

The world’s largest accredited registrar of domain names, - GoDaddy (GDDY.IN) had made sales of $1.4 billion last year and was worth at $3 billion in an earlier public offering this year. This year, Bain Capital had bought Blue Coat for $2.4 billion in an indication of strength of demand for cyber security technology.

Unscrupulous Operators on the Lookout of Hold Companies to Ransom

Law firm Hugh James clarifies that the cyber squatters tend to buy addresses alike those of well-known companies or which they expect that the companies may need in the future. The cyber criminals then expect to sell the web address for an overstated sum or profit from the extra web traffic resulting from well-known brand appearing high in online searches, boosting their own advertising revenue.

Around 198 cybersquatting disputes have been registered over the last eight months in comparison to the 48 in the first eight months after the new naming system had been introduced. This comprise of Red Bull which had challenged the use of `’ and Laura Ashley had challenged the use of Tracey Singlehurst-Ward, Senior Associate at Hugh James had stated that, `businesses are being forced to spend time and money in these disputes. Tech-savvy, though often unscrupulous operators are on the lookout to hold established companies to ransom.

Tuesday 21 April 2015

Hackers Who Breached White House Network Allegedly Accessed Sensitive Data

Hackers Breached White House Network

According to recent story published by CNN, Russian government hackers have breached the White House’s computer systems late last year and have gained access to sensitive details though the US officials disagree with it. The officials had stated earlier, that in October, the White House breach had only affected an unclassified network, though sources informed CNN that the hackers had gained access to real time non-public details of the president’s schedule.

 The sources also informed CNN that the hackers were the same ones who were behind a damaging cyber-attack on the US Department of State at the same time last year, which forced the department to close down its email system for an extended period of time. The connected cyber-attack on the State Department recently has been characterized as the worst hack on a federal agency. The White House is not unfamiliar to attacks from foreign spies.

 The Chinese have been associated in many high profile attacks of White House unclassified systems together with employee emails. Reports of the breach came in as government official have become more concerned with regards to cyber threats from Russia. James Clapper, FBI director informed Senate committee in February that `the Russian cyber threat is more severe than they had earlier assessed’.

Immediate Measures to Evaluate/Mitigate Activity

Ben Rhodes, White House deputy national security adviser stated that the breached White House system had no sensitive data. He informed CNN that they had an unclassified system and a classified system, a top secret system. And that they do not believe that their classified systems were compromised.

A White House spokesperson who tried to restrain the report informed that it was based on a security breach which was already revealed to the public. Spokesperson, Mark Stroh, informed the media, that this report was not referred to a new incident and any such activity was something which was taken seriously and in this case, they had made it clear at that time and had taken immediate measures to evaluate and mitigate the activity.

He also informed that as officials did last year, the US would not comment on who could have been behind the attacks. Investigating the security breaches are the Secret Service, FBI and US Intelligent agencies which according to CNN sources say were the outcome of one of the most sophisticated cyber-attacks that was ever directed at US government agencies.

Theft of Private Data – Government/Corporation/Individuals 

The recent report comes amid hacker thefts of private data related to governments, corporations as well as individuals, from sensitive emails to medical reports to financial information and possession of these data could tend to be of great importance to either enable criminal acts or assistance in government spying.

As per a senior department official, none of the department’s classified email system in the State Department breach was affected at that time though hackers used that breach to break into the White House’s network as reported by CNN.

The security researchers were under suspicion after the White House security breach was revealed in October, that hackers working for the Russian government were the cause of both the attacks according to the story of Washington Post and inspite of efforts beingmade by the State Department to safeguard its security, hackers were capable of accessing the system with the result that the network was owned for months by Russian hackers.

Thursday 8 January 2015

The Real Cybercrime Geography

According to cyber experts, the recent cyber attack on Sony Pictures was due to digital infiltration of North Korea. In digital world things change very rapidly and due to that spin doctors of North Korea stated in quick response that they didn’t hack the server of Sony Pictures and some of cybercrime experts from U.S. also telling the same that North Korean propagandists can be right. As per the evidence, which represented by FBI, it’s clear that incriminate hackers were working for the government organizations, communist, but still U.S experts stated that these proof are not just enough to blame Pyongyang.

According to Sam Glines, CEO of Norse (a cyber security firm), “According to data collection which was based on forensic evidence, it’s clear that North Korea is not accountable for any type of hacking activity or on initiating the attack on Sony Pictures”. All the hackers must be busy because thousands of information gathered from Sony Picture’s servers, which they released after few hours. All the leaked information was related to cast salaries, film’s budget, taxes of actors and actresses with little known fact that Kevin Federline act for a cameo appearance in $5,000. We all know that country North Korea is still on war with America, but America was never on the radar for computer attacks. So, who was responsible for cyber attack on Sony Picture’s? India? Russia? or Iran and Iraq? In future the answer can be the surprise.

According to Symantec there are 20 countries in world that can responsible for cyber attacks and the list was generated on following factors; malicious code rank, malicious computer activity, phishing, spam zombies rank, attack origin and bot rank. The top five countries according to survey were the U.S.A., China, Germany, Britain and Brazil, whereas; the in the list bottom three are Argentina, Australia and Israel, however; South Korea came in at No. 14, Russia at No. 12, and the fact is that North Korea didn’t make it to enter into top 20.

If you will say just gather 10 American computer experts on coffee table and soon the talk will turn into hacking and cybercrime, but it’s not true, however the Russians have been active in cybercrime and cyber-hacking from past few decades as they are also playing the vital role in cybercriminal world. In present if you own money, and want to hack into PC or mobile, so all you need to place an order or buy a program for a cyberattack to get someone’s personal information or swipe financial or banking information. IN western firms the online banking fraud and credit card information theft is normal, now the main question is “If the Russians are so good, so why they just landed up on rank at No. 12?

Monday 15 December 2014

FBI warns of ‘destructive’ malware in wake of Sony attack

According to the recent reports, the FBI (Federal Bureau of Investigation) has already intimated all the businesses in The United States of America, that the hackers have been using malicious software to launch a destructive cyber attack in the United States of America.

This was announced post the devastating breach that took place at Sony Pictures Entertainment last week. As per the Cyber security experts, the malicious software that has been described in the FBI alert looks to be describing the software that affected Sony.

This can be considered as the first key destructive cyber attack waged against a company operating on the soil of the United States of America. Until now, these kind of attacks has been seen in the Middle East and Asia, but nothing has been reported in the United States of America. At present, the Federal Bureau of Investigation had not disclosed as to how many companies have actually been victimized by these destructive attacks.

Confidential "flash" warning

According to Tom Kellermann, who is the chief cyber security officer with security software maker Trend Micro Inc, this synchronized cyber attack with the destructive payloads against a business in America clearly represents a turning point event.

For these destructive cyber attacks, Geopolitics will serve as the forerunners. The 5 page confidential "flash" warning issued by the FBI was released for the businesses on Monday; it has all the technical details pertaining to the malicious software that was used on this attack.

As per the reports, the malware has the ability to overrides all data stored on the hard drives of computers, which includes the master boot record. Due to this, the computers will not be able to boot. The reports also highlights that if the companies are unable to restore their data through the standard forensic methods, then overwriting of the data files will become more costly and extremely difficult.

This document was sent through mail with the clear instruction of not sharing the same with anyone else. This document was released post the unprecedented attack on Sony Pictures Entertainment, which affected the entire systems and the email line of the company. This has affected the company as they have crucial movies to be released during the holiday season.

The company’s spokeswoman stated that they are working with the federal and law enforcement officials to check on this issue and the company has been able to restore some of their important services. She declined to comment on the warning issued by FBI.

Actions currently being taken

Currently the FBI is working along with the Department of Homeland Security to investigate these attacks while FireEye Inc's has been hired by Sony to carry out the post attack clean up. Although FBI didn’t reveal the name of the victim of this attack; cyber security experts stated that it is a California-based unit of Sony Corp.

According to technical section of the report, some of the software used in this attacks have been compiled in Korea but no correction has been established with North Korea.

Friday 28 November 2014

China Suspected Of Attacking USPS and NOAA

Last week, National Oceanic and Atmospheric Administration and the United States Postal service had confirmed that that there were attacks on their computer system. These cyber attacks went on for a month and suspected to be originated in China. According to USPS, these attacks compromised the private information of nearly 800,000 employees. The type of information that was at risk includes date of birth, names, addresses, date of employments and Social Security numbers. This information’s is very important as anyone can forge and influence the service as well as other government agencies.

What is at risk? 

According to CTO, Greg Kazmierczak, Wave systems, specific details about any individual can be risky as the attackers can use them to spear phishing attacks later on. According to Eric Chiu, the president and founder of HyTrust, apart from attacking the companies, this personal data can be harmful to the employees against themselves. He stated that compared to the customer’s date, employee data is more valuable as the companies have a record of their social security, finance and home. This can help the attackers to forge the identity.

NOAA Breach: 

Even though USPS had not pointed fingers at anyone pertaining to this attack, but China is being suspected behind these attacks. According to CEO of ThreatTrack, Julian Waits Sr., this revelation could not have come at any bad time, now the customers will get concerned about their identity and their personal security. NOAA was called on the carpet regarding the breach originated from the Chinese systems. They informed Frank R. Wolf from the Virginia Republican that they sure that their systems were hacked by China. However, they were unable to confirm that this attack specifically originated in China.

The Breach Diary: 

1. 10th Nov- USPS confirms the cyber intrusion and gave an estimation of 2.9 million affected customers.

2. 10th Nov- Sarah Hendrickson appointed as the chief of security.

 3. 11th Nov- Microsoft fixed a 19-year-old bug, which can be used by the hackers to launch drive-by attacks.

4. 12th Nov- 24,105 stories about data breach was reported by the Deloitte

According to another news report, after hacking into USPS, days after this event, hackers broke into U.S. National Weather Service computers. This attack was confirmed by the US National Oceanic and Atmospheric Administration. This attack took place just two days after the attack on the USPS. According to the American media reports, many of the NOAA services were put under temporary maintenance or were taken down temporarily. One of the representatives of the company told the Washington post that they know it was an attack from the hackers and it originated from China.

The agency had failed to inform appropriate authorities regarding these attacks. Although there is enough evidence pertaining to these attacks, NOAA refused to comment on the issue pertaining to the Chinese attacks on the United States Satellite network and weather conditions. They haven’t confirmed if this attack affected their notification or impacted any classified data.