What you need to know for your personal cyber security life…
Eighth in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.
# # #
Indian hackers deface Pakistani sites in response to cyberattac
By Ryan Huang
January 30, 2014
Over 2,000 websites from India and Pakistan have been defaced so far in the past two days, as hackers from both countries duke it out in cyberspace.
More than 100 Pakistani websites were defaced on Wednesday, apparently in retaliation for the defacement of more than 2,000 Indian websites by Pakistani hackers on Republic Day, according to The Hindu.
The defaced websites carried the message “Hacked by Indian Cyber Rakshak”, and the attacks are expected to continue, cybersecurity experts told the news agency.
The retaliatory defacement of Pakistani websites began on Tuesday night and continued through Wednesday, according to the Global Cyber Security Response Team (GCSRT).
# # #
New Clues in the Target Breach
By Brian Krebs
Jan 29, 2014
An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into a widely-used IT management software product that was running on the retailer’s internal network.
As I noted in Jan. 15′s story – A First Look at the Target Intrusion, Malware – the attackers were able to infect Target’s point-of-sale registers with a malware strain that stole credit and debit card data. The intruders also set up a control server within Target’s internal network that served as a central repository for data hoovered up from all of the infected registers.
That analysis looked at a malware component used in Target breach that was uploaded to Symantec’s ThreatExpert scanning service on Dec. 18 but which was later deleted (a local PDF copy of it is here). The ThreatExpert writeup suggests that the malware was responsible for moving stolen data from the compromised cash registers to that shared central repository, which had the internal address of 10.116.240.31. The “ttcopscli3acs” bit is the Windows domain name used on Target’s network. The user account “Best1_user” and password “BackupU$r” were used to log in to the shared drive (indicated by the “S:” under the “Resource Type” heading in the image above.
That “Best1_user” account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas base BMC Software — includes administrator-level user account called “Best1_user.”
# # #
GoDaddy Admits Hacker’s Social Engineerin
g Led It To Divulge Info In @N Twitter Account Hack
By Matthew Panzarino
January 29, 2014
An update in the @N account hacking case has just come through from GoDaddy, one of the companies involved in the somewhat convoluted social engineering case. The company admits that one of its employees was ‘socially engineered’ into giving out additional information which allowed a hacker to gain access to Naoki Hiroshima’s GoDaddy account.
The hack, which we detailed in a post earlier today, was performed by calling up PayPal and GoDaddy to gain access to Hiroshima’s personal email, which was then used to extort the @N Twitter user handle from him.
Hiroshima outlined the hack in a post on Medium, which garnered a lot of attention. We received responses from Twitter that the matter was being looked into and PayPal was spurred to issue a denial that it had provided credit card information, and to note that its employees were trained to avoid social engineering attacks.
Social engineering is a method of hacking in which attackers utilize personal or not-so-personal information to impersonate the rightful owner of an account. They call up the company in question and engineer a ‘reset’ of the account permissions that allow them to take over.
# # #
Security 101 fail: 3G/4G modems expose control panels to hackers
By John Leyden
30th January 2014
Vulnerabilities in a number of 3G and 4G USB modems can be exploited to steal login credentials — or rack up victims’ mobile bills by sending text messages to premium-rate numbers — a security researcher warns.
Andreas Lindh claims that all the devices he has looked at so far are managed via their built-in web servers and — you guessed it — are vulnerable to cross-site request forgery (CSRF) attacks. This means a malicious website visited by a victim can quietly and automatically access the USB modem’s control-panel web page and tamper with the device.
Thus, a vulnerable gadget can be tricked into sending SMS messages over the mobile network to a miscreant-controlled premium-rate number. Similarly, a malicious web page could masquerade as a legit login page — such as the account sign-in page for Twitter — and covertly text the victim’s intercepted username and password to the hacker.
# # #
ture hack data found in public domain
By James Hayes
Engineering and Technology Magazine
28 January 2014
Data available from mainstream online media — such as blogs, social networking websites, and specialist online publications — could be used by malevolent agents to mount a cyber-attack on UK critical national infrastructure (CNI), the findings of an investigative assessment to be presented next week will warn.
Key information regarding vulnerabilities in Industrial Control Systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems is now openly available from a range of sources on the public Internet, according to ‘Using Open Source Intelligence to Improve ICS & SCADA Security’ from UK design and engineering consultancy Atkins, being presented as part of the IET seminar ‘Cyber Security for Industrial Control Systems’ on 6 February in London.
The investigation discovered that many industrial sector websites and academic papers, for example, also provide some information about potential attack vectors, including the identification of engineering staff, their social media information used to corroborate control systems data, and their suitability for social engineering attempts.
The identification of known vulnerabilities and exploits against specific types of control systems can also be accessed online, along with the identification of third-parties such as contractors and control system integrators, who have detailed knowledge and physical network access.