Top CyberSecurity News for November 10th 2016

  1. Russian Hackers Launch Targeted Cyberattacks Hours After Trump’s WinFrom Motherboard. 

Merely a few hours after Donald Trump declared his stunning victory, a group of hackers that is widely believed to be Russian and was involved in the breach of the Democratic National Committee launched a wave of attacks against dozens of people working at universities, think tank tanks, NGOs, and even inside the US government.

Around 9 a.m. ET on Wednesday, the hackers sent a series of phishing emails trying to trick dozens of victims into opening booby-trapped attachments containing malware, and clicking on malicious links, according to security firm Volexity, which observed and reported the five attack waves. The targets work for organizations such as Radio Free Europe / Radio Liberty, the Atlantic Council, the RAND Corporation, and the State Department, among others.

Advertisements

Top CyberSecurity News for November 9th 2016

  1. Researchers hack Philips Hue smart bulbs from the skyFrom PC World. 

    Security researchers in Canada and Israel have discovered a way to take over the Internet of Things (IoT) from the sky.

    Okay, that’s a little dramatic, but the researchers were able to take control of some Philips Hue lights using a drone. Based on an exploit for the ZigBee Light Link Touchlink system, white hat hackers were able to remotely control the Hue lights via drone and cause them to blink S-O-S in Morse code.

Top CyberSecurity News for November 8th 2016

  1. Lessons From the Dyn DDoS AttackFrom Schneier.com. 

    A week ago Friday, someone took down numerous popular websites in a massive distributed denial-of-service (DDoS) attack against the domain name provider Dyn. DDoS attacks are neither new nor sophisticated. The attacker sends a massive amount of traffic, causing the victim’s system to slow to a crawl and eventually crash. There are more or less clever variants, but basically, it’s a datapipe-size battle between attacker and victim. If the defender has a larger capacity to receive and process data, he or she will win. If the attacker can throw more data than the victim can process, he or she will win.

    The attacker can build a giant data cannon, but that’s expensive. It is much smarter to recruit millions of innocent computers on the internet. This is the “distributed” part of the DDoS attack, and pretty much how it’s worked for decades. Cybercriminals infect innocent computers around the internet and recruit them into a botnet. They then target that botnet against a single victim.

Daily CyberSecurity News For 7th November 2016

  1. Researchers Create Undetectable Rootkit That Targets Industrial EquipmentFrom Bleeping Computer. 

    Two researchers presenting at the Black Hat Europe security conference in London revealed a method of infecting industrial equipment with an undetectable rootkit component that can wreak havoc and disrupt the normal operations of critical infrastructure all over the world.

    The attack targets PLCs (Programmable Logic Controllers), devices that sit between normal computers that run industrial monitoring software and the actual industrial equipment, such as motors, valves, sensors, breakers, alarms, and others.

Daily CyberSecurity News For 6th November 2016

  1. Android spyware targets business executivesFrom HelpNetSecurity. 

    Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company.

    The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher.

    They don’t say how the malicious app – a piece of commercial spyware they dubbed Exaspy – found its way onto the victim’s phone, but chances are someone took advantage of the physical access they had to the device to do the dirty deed.

Daily CyberSecurity News For 5th November 2016

  1. Ne’er-Do-Well News and Cyber JusticeFrom KrebsOnSecurity. Way back in the last millennium when I was a lowly copy aide at The Washington Post, I pitched the Metro Section editor on an idea for new column: “And the Good News Is…” The editor laughed me out of her office. But I still think it’s a decent idea — particularly in the context of cybersecurity — to periodically highlight the good news when people allegedly responsible for spewing so much badness online are made to face justice.

In the United Kingdom this week, 14 people were arrested on suspicion of laundering at least £11 million (~USD $13.7M) on behalf of thieves who stole the money using sophisticated banking Trojans like Dridex and Dyre. A statement issued by the U.K.’s National Crime Agency (NCA) said 13 men and a woman, aged between 23 and 52, were arrested in the roundup, including a number of foreign nationals.

Daily CyberSecurity News For 4th November 2016

  1. Mirai botnet attackers are trying to knock an entire country offlineFrom ZDNet. 

One of the largest Distributed Denial-of-Service (DDoS) attacks happened this week and almost nobody noticed.

Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1Tbps — more than double the attack a few weeks earlier on security reporter Brian Krebs’ website, which was about 620Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things (IoT) devices.

Daily CyberSecurity News For 3rd November 2016

  1. Computer virus attack forces hospitals to cancel operations, shut down systemsFrom ZDNet. 

    A computer virus has forced three hospitals offline and caused the cancellation of all routine operations and outpatient appointments.

    The Northern Lincolnshire and Goole NHS Foundation Trust says a “major incident” has been caused by a “computer virus” which infected its electronic systems on Sunday. As a result of the attack, the hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus.

    “A virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it,” said Dr Karen Dunderdale, the trust’s deputy chief executive, according to the BBC.

Daily CyberSecurity News For 2nd November 2016

  1. New, more-powerful IoT botnet infects 3,500 devices in 5 daysFrom ArsTechnica. 

    There’s a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report.

    Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices.

Daily CyberSecurity News For 1st November 2016

  1. Was a Trump Server Communicating With Russia? From Slate.com. he greatest miracle of the internet is that it exists—the second greatest is that it persists. Every so often we’re reminded that bad actors wield great skill and have little conscience about the harm they inflict on the world’s digital nervous system. They invent viruses, botnets, and sundry species of malware. There’s good money to be made deflecting these incursions. But a small, tightly knit community of computer scientists who pursue such work—some at cybersecurity firms, some in academia, some with close ties to three-letter federal agencies—is also spurred by a sense of shared idealism and considers itself the benevolent posse that chases off the rogues and rogue states that try to purloin sensitive data and infect the internet with their bugs. “We’re the Union of Concerned Nerds,” in the wry formulation of the Indiana University computer scientist L. Jean Camp.