Monthly Archives: December 2016

Encryption backdoors are against US national interest, say lawmakers

Any attempt to weaken encryption is against the national interest, a group of US lawmakers has warned.

The widespread use of strong encryption has lead to complaints from law enforcement agencies that they are unable to access to communications of criminals – the so-called ‘going dark’ issue. This has lead to calls for government to order tech companies to install backdoors into the encryption they use, in order to allow investigators access to data. Critics of this move argue backdoors would weaken security and privacy for everyone, with little benefit to law enforcement.

“Any measure that weakens encryption works against the national interest,” it said and also noted that encryption is a global technology that is widely and increasingly available. It also said that there are different attitudes to encryption and the going dark phenomenon, and so “there is no one-size-fits-all solution to the encryption challenge.” The group said Congress should foster cooperation between the law enforcement community and technology companies.

“Encryption is inexorably tied to our national interests. It is a safeguard for our personal secrets and economic prosperity. It helps to prevent crime and protect national security,” the report said, but added: “The widespread use of encryption technologies also complicates the missions of the law enforcement and intelligence communities,” and said those complications cannot be ignored.

Encryption Challenge

Description: Encryption Challenge consist of 1 negative number 1 neutral number and all others are positive numbers.





New ransomware lets you decrypt your files — by infecting other users

A new kind of ransomware comes with its own “referrals” program, one that you probably wouldn’t want to join.

The malware dubbed “Popcorn Time” locks your Windows computer’s files with strong AES-256 encryption, until you a pay a ransom of one bitcoin (or $780 at the time of writing).

A series of screenshots tweeted by the MalwareHunterTeam, which found the ransomware, shows that the criminals purport to be Syrian, and that the money paid “will be used for food, medicine, and shelter to those in need.”

“We are extremely sorry that we are forcing you to pay but that’s the only way that we can keep living,” said the ransomware note.


(Image: MalwareHunterTeam)

Teenage DDoS users targeted by international law enforcement operation

An international operation involving Europol’s European Cybercrime Centre (EC3) and the law enforcement authorities of 13 countries is targeting the users of distributed denial-of-service (DDoS) cyberattack tools, leading to 34 arrests and 101 suspects interviewed and cautioned.

Those arrested are suspected of paying for stressers and booters services as part of DDoS-for-hire schemes, and using them to launch attacks against targets, in order to flood websites and web servers with data, leaving them inaccessible to users.

Many of the individuals arrested or cautioned are described as “young adults under the age of 20”. During the week-long operation, different measures were taken depending on national legislation: suspects were interviewed, detained, arrested, or fined; notifications were sent to parents; and house searches were conducted.

The operation took place from 5 December to 9 December 2016 and involved Europol working alongside law enforcement from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the United States.

Participating countries worked together within the framework set out by the European Multidisciplinary Platform against Criminal Threats (EMPACT), a project with the aim of protecting against cyberattacks targeting critical infrastructure and information systems in the European Union.

China targets aviation industry to spy and steal secrets

Cyberattacks against the aviation industry are nothing new, but with the inclusion of Internet-capable devices at the basic level of embedded devices to in-flight Wi-Fi and connected aviation systems, there are more avenues than ever that threat actors can exploit.

Successful attacks which have compromised systems and caused severe disruption to fliers and airlines alike have hit the spotlight in recent years.

In 2015, Polish airline LOT was forced to cancel 10 flights and delay over a dozen after asuccessful cyberattack against ground systems. This year, Istanbul’s Ataturk and Sabiha Gokcen airports’ passport control systems were the target of attacks and a group of threat actors believed to have originated from China hijacked airport announcement systems in Vietnam.

Spear phishing is one of the most common attack vectors in which fraudulent emails contain malicious documents or links to fake websites used to later infect computer systems relating air traffic control, civilian aviation authorities, airlines, booking systems and manufacturers.

“The aviation sector is incredibly vast and its systems are numerous,” the executive says. “Most of these systems have weaknesses and many are not well protected from threats.”

As we saw in Vietnam, hacktivists can use airline information displays to get their political message out, but this is not the most serious problem facing the aviation industry today.

The majority of attacks against airlines and players in the aviation industry are for financial gain. Airlines store huge amounts of personal information on their passengers, credit card data and payment details which can be stolen and sold on the Dark Web, potentially leading to hefty profit margins for attackers.

If a cyberattack compromises an air traffic control system, for example, these groups can steal information related to how controllers identify aircraft, how communication systems work, and data on surveillance technology related to radar and satellite signals.

This information is not only valuable for the Chinese government and military, but this intelligence, alongside airline and airport infrastructure information, can be used for both political and criminal purposes.

The executive noted:

“Access to these systems can also facilitate covert operations by enabling them to issue badges to operatives, bypass security cameras, and so on.”

In addition, Boland says that data stolen in attacks against aviation firms may be used to enhance China’s own defense and aviation markets, with the country seeking to improve its domestic aviation capabilities.

The security expert said that as China has “historically turned to outside sources for this information,” cyber espionage is no surprise — and so far, FireEye has spotted China-based threat groups which have targeted intellectual property which would help them manufacture their own aircraft and become more competitive.

While China appears to be a leading threat to players in the aviation industry, cyberattacks as a whole will likely continue to grow as a problem for the sector due to the lure of intellectual property and valuable data stored within.

Watch out: These are biggest ransomware threats and they’ve grown even larger

Cyberattacks using the most common forms of ransomware spiked during November, continuing the ongoing trend for growth in the use of the file encrypting malicious software by cyber criminals.

Ransomware has exploded in 2016 and is increasingly targeting business networks instead of individual users. The total cost of damages related to these attacks is set to top $1 billion this year.

According to the monthly global threat index by cybersecurity researchers Check Point, the number of attacks using the Locky and Cryptowall variants of ransomware rose by 10 percent in November when compared with the previous month.

Locky also continues to feature as one of the world’s most prevalent forms malware, ranking as the second most common threat in Check Point’s index, accounting for six percent of all known attacks.

While ransomware runs riot, it was the Ramnit banking Trojan which saw the largest increase in attacks during November, entering Check Point’s top ten for the first time in sixth spot. The number of Ramnit infections has more than doubled since October, with those behind the malware using it to steal banking credentials, passwords and other data from victims.

The Global Threat Index also details the most significant malware threats to businesses via mobile devices, with the HummingBad Android malware remaining the most common form of cyberattacks against mobile devices.

Remaining second to HummingBad was Triada, a backdoor for Android which grants super-user privileges to downloaded malware and spoofs URLs. Triada was followed by Ztorg, a Trojan which downloads and installs applications on the phone without the user’s knowledge.

​WA Auditor General recommends inter-agency cooperation to counter malware

Western Australia’s Office of the Auditor General (OAG) has made six recommendations to state government agencies after it was found six agencies had previously been the target of malware campaigns.

According to the OAG, the six agencies probed — which included the Department of the Attorney General, Department of Mines and Petroleum, Department of Transport, Main Roads Western Australia, and the Office of the Government Chief Information Officer (OGCIO) — were under constant threat, which it said highlighted the need for improved central governance arrangements to identify, warn of, and prevent attacks.

In its report [PDF], Malware in the WA State Government, the OAG said as a result of the audit, it made “detailed recommendations” to each agency that came under the microscope. The explicit details were not published, but instead, the OAG offered up the broader six recommendations it made, which included an in-depth assessment of the risk to the agency malware poses, improving any controls the OAG identified as ineffective, and that each agency consider additional controls to better secure its networks, systems, and data against malware.

“The government spends AU$1 to AU$2 billion on IT and this needs to be strongly managed to ensure we deliver the best value to West Australians,” the premier said at the time. “Nunis has the right combination of professional skills and practical experience, with a fundamental understanding of the private and public sectors and how to negotiate and deliver large IT projects.”

Yahoo fixes flaw allowing an attacker to read any user’s emails

Yahoo has fixed a severe security vulnerability in its consumer email service that could have allowed an attacker to read a victim’s email inbox.

The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail.

The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty,

Dailymotion Said to Suffer Massive Data Breach With Over 85 Million Accounts Compromised

One of the popular video streaming websites, Dailymotion has been hit a cyber-attack that is said to have led to a massive data breach of more than 85 million user accounts. The data breach occurred on October 20, according to data breach monitoring company LeakedSource. After its report, Dailymotion on Tuesday came into action to issue an advisory to its users to change their passwords, in addition to denying any compromise of user data.

Dailymotion, owned by the media group Vivendi, took this event to its blog, where it has said that the hack is limited and there has been no data breach. “It has come to our attention that a potential security risk, coming from outside Dailymotion may have compromised the passwords for a certain number of accounts. The hack appears to be limited, and no personal data has been comprised.” the blog post said. The data breach is said to have supposedly stolen 85.2 million usernames and email addresses, along with 18 million scrambled passwords on October 20, LeakedSource said, BBC reports.

However, just to mark its users safe, Dailymotion has advised them to change their passwords to something that is not obvious and as easy as ‘password1234’ or some other letter-number combination that can be hacked with some guesswork. For its partners, Dailymotion has laid down a recommendation to use its refresh-token method to authenticate their apps and services.If you use Dailymotion, you should change your password by following these simple steps:

  1. Go to Dailymotion website either on the Web or mobile
  2. Log into your account, as you normally do
  3. You’d see the Settings option in the drop-down menu on the top right corner, click or hover on it
  4. Now, select the Account Settings
  5. Replace the old password with a new and stronger password, and you’re set

With this latest cyber-attack, the number of Internet security rupture has risen to an alarming number. LinkedIn, TalkTalk, Indian payment card system are some of the recent examples of cyber-attacks.

Ransomware blamed for cyber attack which forced hospitals to cancel operations and shut down systems

An NHS hospital trust which was forced to shut down systems and cancel operations as a result of a cyberattack has revealed that a ransomware infection was the source of the problem.

The cyberattack against Northern Lincolnshire and Goole NHS Foundation Trust took three hospitals offline after what has now been confirmed as a Globe2 ransomware infection. The incident led to the cancellation of 2,800 patient appointments the NHS Trust.

Hospitals are an appealing target for cybercriminals to infect with ransomware not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital.