CHB Cybersecurity Briefing 01/07/19
by Cameron Hunter Bell
Five Eyes Partners accused of hacking 'Russia's Google' Yandex: Western intelligence are said to have broken into Yandex, known as Russia's Google, to spy on accounts using the Regin malware. Yandex said the attack was "fully neutralised" before any damage was done. Sources speaking to Reuters said the malware was looking for how users are authenticated — potentially allowing spies to impersonate any of the 108 million Yandex users.
Russia has denied Israeli suggestions that it is behind disruption of GPS signals at Israel's Ben Gurion airport: Since early June, GPS signals at the airport have been unreliable for pilots and planes using the location. The missing navigational data has had a "significant impact" on airport operations, said Israel's Airports Authority. Russia's ambassador to Israel said the accusation was "fake news" and could not be "taken seriously".
DHS cyber chief warns of surge in Iranian "wiper" attacks: Amid ongoing tensions between the U.S. and Iran, Homeland Security's cyber division chief Chris Krebs warned about a rise in "wiper" attacks, believed to be the tool of choice by Iranian hackers. "What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network," said Krebs. In a later interview with Ars, Krebs said there was a "dramatic increase" in activity, even if there hasn't been any malicious payloads seen yet.
Lloyds has frozen 8,000 accounts of offshore banking customers after they failed to provide identity information in response to a money laundering crackdown in Jersey: The lender asked thousands of account holders to provide extra “know your customer” information in January 2016 but, three years later, thousands had failed to respond satisfactorily. The news, comes days after Jersey, Guernsey and the Isle of Man announced they will open up their company registers to public scrutiny. All three jurisdictions, which have been criticised for aiding financial crime and tax avoidance, will allow the public to access a register of the beneficial owners of offshore companies incorporated in their jurisdictions.
Myspace staff abused a tool, ‘Overlord’, to spy on users: Back when Myspace was the king of social networks, multiple staff reportedly used a tool called "Overlord" to read users’ messages and access their passwords, @josephfcox reports. The tool was described as an "entire backdoor" to the Myspace platform. "While the tool was originally designed to help moderate the platform and allow MySpace to comply with law enforcement requests, multiple sources said the tool was used for illegitimate purposes by employees who accessed Myspace user data without authorisation to do so."
Inside the West’s failed fight against China’s ‘Cloud Hopper’ hackers: Chinese hackers broke into eight of the world's biggest tech companies, including HPE, Fujitsu and NTT Data, for years. The hackers, believed to be associated with APT 10, were charged last year. The hackers were trying to steal intellectual property and industrial secrets.
Trump officials weigh encryption crackdown: It's reported that several members of the US National Security Council were weighing up another possible "crypto wars" style legal challenge to the use of strong crypto. Congress would have to outlaw end-to-end encryption, they said, but no decision had been made yet on supporting an effort. More: Gizmodo
Hackers are reportedly stealing years of call records from hacked cell networks: Security researchers say they've found evidence of multiple intrusions at several cell providers' networks that led to the theft of hundreds of gigabytes of call detail records every time they broke in — at least four or five times over the past year alone. Said to be part of an espionage effort against at least 20 targeted individuals — likely more — to understand where they went, when, and who they talked to.
Mistakes in phone record collection led NSA to close program: The NSA was caught improperly collecting phone records for a second time. The ACLU obtained documents showing the collection happened just months after it was forced to delete hundreds of millions of records it wasn't lawfully allowed to collect. It were these legal snafus that led the NSA to effectively shutter the phone metadata collection program over the past year, ahead of the law's anticipated expiry in December.
Silexbot is bricking IoT devices with known login credentials: A new bot, dubbed Silexbot, is a "blunt tool" being used to login to IoT devices with default, unchanged credentials and effectively destroy them. The malware drops all network connections and deletes memory. It's not too dissimilar to BrickerBot, which first emerged some years ago, which would deliberately brick insecure devices.
Hackers are poking at a macOS flaw Apple left unfixed: Apple was notified of the Gatekeeper bypass flaw back in February, but Apple has yet to fix the bug. Security researcher Filippo Cavallarin lifted the lid on the bug after the 90-day disclosure lapsed. The bug, if exploited, can allow hackers to slip malicious code past Gatekeeper's defences.
Cloudflare blames outage on Verizon BGP issues: Cloudflare this week had an hours-long outage where at its worst about 15 percent of its global traffic dropped. The company quickly blamed the outage on Verizon for the BGP routing leak. In a blog post, Cloudflare said Verizon's snafu was the equivalent of routing an entire freeway down a neighbourhood street. "This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet," wrote CEO Matthew Prince. The Register had a good explainer.
Huawei gear 'more vulnerable' to hackers than its rivals' equipment: A new report out this week suggests Huawei's telecom equipment is a lot more buggy than its rivals. In every tested firmware image there was at least one bug, the report found.
Deconstructing the Apple Card: A hacker’s perspective: The new Apple Card is meant to be a numberless, secure credit card with a rotating card verification number that aims to prevent fraud. Researchers gave it a pretty firm thumbs up — but warned that the hardware itself is a single point of failure. If there's a bug in the card there's no easy fix, they said.~ ~
A vendor for half the Fortune 100 exposed their backups: UpGuard security researchers found an exposed Amazon S3 bucket containing about a terabyte of data — mostly backups from some of the largest companies in the world. Attunity, a data integration company, left the S3 bucket exposed and without a password, allowing anyone to look in. The data included email correspondence, system passwords, sales and marketing contact information, project specifications, and more.
OneDrive Personal Vault adds a new layer of security for sensitive files: Microsoft rolled out Personal Vault this week, a "protected area in OneDrive" that comes with additional security features to get in. It requires a second step of identity verification, like a fingerprint or a PIN, to keep extra sensitive files locked away.
Other Interesting Reading:
Why are Passwords Still A Thing?: Cyber Podcast from Mother board interviews Wendy Nather, a veteran of the infosec world who knows a thing or two about identity and authentication. She's one of the top chief information security officers at the password security startup Duo Security—which was bought by Cisco in October for billions, signifying how seriously big tech is taking the future of identity verification.
Burned by Fire(fox): A three-part series: @patrickwardle has his final instalment looking at a Firefox zero-day used to target employees of several cryptocurrency exchanges to install Mac backdoors. As usual, it's a really good deep dive. You should also read Robert Heaton's blog post on how he almost became a victim himself.
If you wish to submit a story, event, research or article to the CHB Cybersecurity Briefing, please email [email protected] The information contained within the brief is gathered from current, open source data supplied through contacts within diplomatic posts, law enforcement agencies & UK intelligence services. Credit to Dillitas International Risk and Zack Whitaker at Tech Crunch.
This information keeps you informed of current security situations and risks within the UK and internationally. Please forward this briefing to colleagues. You can follow Cameron on Twitter @CamHunterBell.
About the Author
Cameron is a UK InfoSec veteran and an experienced innovation strategist. He speaks regularly at conferences and industry events about commercial strategy, ecosystem creation and business design. In 2009, he helped found the cyber security startup Vacta Ltd, which was integrated into the ECS Group in 2012. Cameron has successfully implemented innovation programs for several multinational defence, logistics, automotive manufacturers and financial service providers. He previously established the highly successful Berlin Studio for Idean (now part of the CapGemini Invent Group), specialising in service and ecosystem design for autonomous automotive. More recently, Cameron led the team delivering LORCA, the new 13.5M London cyber innovation centre, for Plexal in association with Deloitte, CSIT Belfast and the UK Department for Culture Media and Sport. Cameron advises Casta Spes Technologies, an AI driven robotics startup tackling the challenge of physical perimeter security.
The article has been originally published at: https://www.linkedin.com/pulse/chb-cybersecurity-briefing-010719-cameron-hunter-bell/