Tag: hacking

Trend says that destructive hacking on the rise

1858_4_CourseOfEmpire_Destruction_ColeHacking attacks which are designed to destroy a company, rather than just steal information, are on the rise.

A poll by the Organisation of American States found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.

Less than 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.

The survey went to companies and agencies in crucial sectors as defined by the OAS members. Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.

The questions did not delve into detail, leaving the amount of typical losses from breaches and the motivations of suspected attackers as matters for speculation. The survey-takers were not asked whether the attempted hacks succeeded, and some attacks could have been carried off without their knowledge.

The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published.

The report was compiled by Trend Micro whose Chief Cyber security Officer Tom Kellermann said additional destructive or physical attacks came from political activists and organised crime.

“We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.”

Destructive attacks or manipulation of equipment are infrequently revealed. That is in part because breach-disclosure laws in more than 40 states centre on the potential risks to consumers from the theft of personal information, as with hacks of retailers including Home Depot and Target.

 

Frequent flyers hit by hackers

ukflagBritish Airway’s air miles scheme appears to have been hit by Russian hackers.

The BBC reported that a number of people appear to have their air miles accounts cleared out, or even used to book items using air miles.

But BA said only a small number of people appear to have hit – and it has written to all its users to notify them of the problem.

The report points to Flyertalk.com, which has several people complaining that the BA points – called Avios and two rooms in Spain were booked under the name of the person who owns the account.

Some people, apparently, had their own mobile phone number substituted for a Russian number.

BA said that its customers could be re-assured that their personal credit card details hadn’t been hacked, and it has taken steps to prevent the hack from happening again.

A billion people get their data leaked

IBM logoA report from IBM’s security division estimates that in 2014 “at lease” a billion records of people across the world were leaked.

That’s about one in seven of this planet’s humanoid population.

IBM released its X-Force quarterly report and relays information about over 9,000 security “vulnerabilities” affecting over 2,600 vendors in 2014. That’s an increase of 9.8 percent compared to 2013 and Big Blue said it’s the highest single year total in the 18 years it’s been tracking such things.

The USA has suffered the most because at 74.5 percent that’s far higher than other territories. IBM said that 40.2 percent of the most common attacks didn’t get described by those surveyed but malware and DDoS accounted for as much as 17.2 percent each.

IBM said that there was a big rise in so-called designer vulnerabilities.

All operating systems seemed to be under attack – including Windows, Mac OS X and Linux.

One key vulnerability happened in October with a researcher showing there are thousands of security problems in Android apps.

 

Health insurer tells watchdogs where to go

bad-dogIn the wake of a serious hacking, a US health insurer has resolved a problem with government watchdogs snuffling around a huge data leak by banning them from its networks.

Anthem Healthcare lost more than 80 million patient records raising a slight question about what it does about security.

However when the federal auditor asked to scan the company’s systems, it took the bold step of telling the watchdog to sling its hook.

The  Office of Personnel Management’s (OPM) Office of Inspector General, issued a statement saying that Anthem refused to allow the agency to perform “standard vulnerability scans and configuration compliance tests” this summer, as requested by the OIG. Worse: Anthem refused a similar request in 2013. In each case, Anthem cited “internal policies” that forbid outside access to its network as the reason for refusing to allow the vulnerability scans.

In other words, no you can’t look at our security because that would be a breach of security.

In its dealings with other insurers, the watchdog would have a problem, but OPM has the authority to conduct the audits on Anthem because that health insurer provides health plans to federal employees under the Federal Employee Health Benefits Program (FEHBP).

What Anthem appears to be worried about is that the watchdog might find out that its security problems go much deeper than a one off hacking.

An earlier OPM report filed in September 2013 and based on only limited access to Anthem’s network identified a number of concerns, from porous vulnerability scans that failed to include desktop systems to a loose configuration management program. In each case, Anthem (then Wellpoint) responded by arguing that its current processes were adequate.

Healthcare systems are subject to hacking

wargames-hackerHospitals, clinics, trusts and insurers are under a barrage of cyberattacks but the healthcare section does not seem to be spending enough money to protect itself.

According to ABI Research, cybersecurity for healthcare protection will only be worth $10 billion by 2020, while other sectors such as financial and defence are coping.

ABI said “the healthcare industry is drowning” because of attacks from malicious online agents and a lot of companies and organisations in the sector are failing to modernise to take account of current threats.

Michelle Menting, a practice director at ABI, said: “Cybersecurity for healthcare is still a small fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organisations increasingly come under cyberfire.”

She said a few startups such as TrueVault and FireHost are targeting the healthcare sector and building a niche for themselves. There are also managed services and cloud apps from companies like NetFortris and ID Experts.

Lenovo gets hacked

lenovo-logoA cyberattack by a hacking group called Lizard Squad brought down Lenovo’s web site yesterday.

That’s following the revelation that Lenovo shipped adware called Superfish on some of its notebook devices.

Lizard Squad claimed responsibility for downing the Sony site at the end of last year.

Lenovo managed to get its site up and running after people that went to its site were redirected to other web sites.

Lenovo has stopped including Superfish shipping on its machine and offered people that had encountered it a software fix to remove it.

Lizard Squad managed to use a vulnerability to Lenovo’s name registrar to divert people away from the Lenovo web site.

 

Man says he didn’t hack 160 million credit cards

Screen Shot 2015-02-18 at 10.53.04A Russian extradited to the US for allegedly hacking into major corporations has pleaded not guilty to the charges.

Vladimir Drinkman, who was extradited from the Netherlands, said he didn’t conspire with other people to hack into major financial networks and sell data to other crooks.

Reuters said the attacks, which started in 2005, meant 160 million credit card numbers and hundreds of millions of dollars were extracted from corporations and individual people.

Networks hacked included a Visa licensee, 7-Eleven, JC Penney and Carrefour.

He faces a trial in Newark at the end of his April and if convicted could spend 30 years in jail.

He fought against extradition after being arrested in 2012. Three alleged co-conspirators have so far not been caught, while a fourth Dmitriy Smilianets was also extradited from the Netherlands and is in jail in the USA.

Netgear has a nasty bug in the soap

original_bug-soapSome Netgear wireless routers have a vulnerability which turns over all the data a hacker needs to break into the network.

The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control their routers via their smartphones or computers.

Network engineer Peter Adkins said that at first glance, this service appears to be filtered and authenticated, but an HTTP request “with a blank form and a ‘SOAPAction’ header is sufficient to execute certain requests and query information from the device,” he explained in a post on the Full Disclosure mailing list.

As the SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query, Adkins said.

If this is true then the vulnerability can be exploited both by attackers that have already gained access to the local network and by remote attackers.

All this applies to Netgear WNDR3700v4 – V1.0.0.4SH, Netgear WNDR3700v4 – V1.0.1.52, Netgear WNR2200 – V1.0.1.88 and Netgear WNR2500 – V1.0.0.24.

Netgear was told of the flaw and it replied that any network should still stay secure due to a number of built-in security features, said Adkins.

“Attempts to clarify the nature of this vulnerability with support were unsuccessful. This ticket has since been auto-closed while waiting for a follow up. A subsequent email sent to the Netgear ‘OpenSource’ contact has also gone unanswered.”

 

Dutch government hit in cyber barrage

dutch-childrenWebsites run by the Dutch government were downed yesterday morning after a cyber attack.

The outages affected many of the government’s web sites and lasted for over seven hours.

And the cyber attackers – whoever they are – also used a distributed denial of service (DDoS) attack to take down a satirical website called GeenStijl.nl.

No one has yet claimed responsibility for the attack.

According to Reuters, phone systems and emergency channels stayed online.

The government information service said it is inestigating the attack along with the Dutch National Centre for Cyber Security.

The attackers targeted the hosting company that services the government sites – Prolocation.

Panda blamed for healthcare hack

Screen Shot 2015-02-06 at 15.29.14A report said that investigators into a hack at US healthcare firm Anthem are blaming the Chinese government for the breach.
Bloomberg, which said it has spoken to three people on conditions of anonymity, claim the hacks are to provide the Chinese government with data on government workers and others.
Hackers managed to grab as many as 80 million details of Anthem’s customers.
The wire is blaming an espionage unit dubbed “Deep Panda” for orchestrating the attack.
China consistently denies that it hacks into organisations or into other countries’ computer systems.   It’s widely believed, however that many countries, including China, have cyber warriors testing others’ systems.
“Deep Panda”, if it exists, is alleged to have made hacking attacks on contractors and other health care companies over the last few months, Bloomberg alleges.
The investigation into the Anthem attack is being led by the Federal Bureau of Investigation.
Anthem has not yet explained the vulnerability in its IT systems which allowed its data to be hacked.

 

US health firm comprehensively hacked

Sheffield: CEO of AnthemAn American health insurer appears to have been hacked and lost millions of its customers’ records.
Anthem said that hackers stole the identities of customers across all of its business units.
It has about 37 million customers in the USA and has reported the attack to the Federal Bureau of Investigations (FBI).
It has said it has now closed the hole but that’s somewhat equivalent to closing the gate once the horse has bolted.
The hackers do not appear to have had access to Anthem customers’ credit card records.
It has set up a website to try to explain what happened, with its CEO and president claiming his company had state of the art information security systems.
He said that despite that, his company “was the target of a very sophisticated external cyber attack.  These attackers gained unauthorised access to Anthem’s IT systems”.
Anthem has hired a company called Mandiant to assess its IT systems.
Sheffield said: “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge.”

UK open to security abuse

ciscologoA report from networking giant Cisco revealed that only 41 percent of UK companies have good security processes in place.
That places it well below India at 54 percent, and below the US at 44 percent and Germany at 43 percent.
But the situation is worse in Asia.  Only 36 percent of Chinese enterprises have adequate security while Japan has only 24 percent.
Cisco’s annual security review reveals that hackers are moving from compromising servers and operating systems to target individual users’ browsers and emails.
Some of the favoured techniques are Snowshoe spam, which generates many spam emails from a large range of IP addresses to avoid detection.
Attackers are also taking advantage of the relatively weak security of JavaScript and Flash by attacking both at the same time.
According to the survey, less than 50 percent of firms patch and configure systems to ensure security.
The survey canvassed executives at 1,700 companies and it appears there is a gap in perception with 75 percent thinking their security tools are very effective, while the reality is quite different.

 

Office warned over data hack

wargames-hackerThe Information Commissioner’s Office (ICO) has warned high street retailer Office after a hacker gained access to over a million customer records.
The ICO said the hacker accessed contact details by cracking open an unencrypted database that was due to be phased out.
The information went undetected and the ICO has had Office sign an undertaking to ensure problems associated with the hack are resolved.
In that undertaking, Office CEO Brian McCluskey said that the firm made no reference to retention of data and didn’t give formal data protection training.  Both these are now being addressed.
The ICO said that there was no suggestion that the breach went further and no bank details were stored.

 

Youth arrested over console hack

wargames-hackerA British youth has been arrested over the hack that brought down the Playstation network and Xbox Live over the holiday period.
UK police are working in tandem with the FBI to track down the perpetrators, who identified themselves as the Lizard Squad.
In addition to arresting the 16 year old youth, the police from the South East Regional Organised Crime Unit (SERCO) seized computer equipment, which they will now scrutinise.
SERCO said it is working with both business and the academic world to create specialist tools to protect the public.
The Sony and Microsoft hacks happened on Christmas Day, using a distributed denial of service (DDOS) attack.
The police said they were still in the early stages of its investigation.

 

Crooks stole 61 million customer records

IBM logoResearch from IBM said that in 2014 cyber attackers stole 61 million records from retailers.
But that’s just in the USA.
IBM’s survey said that there had been a 50 percent decline in attacks on retail web sites in 2014.
The report said that even though the number of cyber attacks had fallen, the attacks have become much more sophisticated.
IBM’s security services analyse over 20 billion security incidents every day – presumably worldwide.
The attackers are developing sophisticated techniques to grab “massive amounts” of data with each attack.
“The threat from organised cyber crime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager of IBM Security Services.
IBM suggested that not all cyber breaches are disclosed.
Big Blue said the primary way cyber gangs gained access was through a method called Secure Shell Brute Force, which now outweighs malicious code.
There has been a rise in attacks however in point of sale systems using malware, but most were through command injection or SQL injection.
IBM said lack of data validation in SQL databases by system administrators made retail databases a favourite spot to attack.