CyberSecurity Pulse 2016-08-25

CyberSecurity Pulse 2016-08-25

“The man of integrity walks securely, but he who takes crooked paths will be found out.”
Proverbs 10:9 (CSB)

Analyst Insight

Automatic Replies (“Out of Office”). Data leakage?

Over the past few weeks, when sending our newsletter “Cyber Security Pulse_” we have received many “Out of Office” messages (OOO). Its use is a fairly widespread practice during the summertime. Attackers can take advantage of these holiday periods by gathering valuable information from their victims, being this data used for subsequent targeted attacks.CyberSecurity Pulse 2016-08-25Mailing is a basic work tool, generally becoming the primary contact point between colleagues, employees, customers and other people from all over the world. “Out of Office” messages plays an important role when informing the sender that the recipient is not available, but in order to prevent potential data leaks, no more information than strictly necessary should be exchanged.

These are the security threats involved within this scenario:

  • Spam: An “Out of Office” message ensures the sender that the email address is correct, as well as may disclose other email addresses, referred to alternative contact points, within the content of the automatic reply message.
  • Information leaks (OPSEC): Context information gathering, both at personal (mobile phone, victim geolocation, etc.) and professional (hierarchical and operational structure of the department, working teams, product and service information, etc.) levels.
  • Social engineering attacks: On the basis of the information gathered about the victim and their environment, an attacker could perform a targeted attack (phishing/whaling).
Considering that relevant emails should always be replied, the following recommendations and good practices in this regard are provided below:
  • Communicate in advance your absence to people involved in critical tasks, as well as provide them with an alternative point of contact during this period.
  • Do not reveal too much information. It should only include the period of absence and a default contact point (a generic mailbox if possible). Delete any type of generic signature which could reveal sensitive information such role, telephone number, etc.
  • Deliver different notifications, distinguishing between internal and external contacts.
  • These type of recommendations should be included within the Organization’s information security policies.

Top Stories

Group Wants to Shut Down Tor for a Day

CyberSecurity Pulse 2016-08-25The temporary shut down of the Tor network has been requested for 24 hours. The call has been made through the website GhostBin for September 1, motivated by the way that Tor project members are handling the sexual accusations against Jake Applebaum (one of the most relevant members), as well as the accusations related to an alleged collaboration with intelligence agencies like CIA. The debate concerning the support for this iniciative, is mainly argued based on the need users have for this network as a mean of communication in countries whose governments do not respect the fundamental right to freedom of expression.

» More information at the Softpedia

Russian State Hackers Tried to Hack New York Times and Other Reporters

CyberSecurity Pulse 2016-08-25The FBI is investigating a hacker group, allegedly linked to Russian intelligence services, regarding their possible involvement within the attacks carried out against the New York Times journalists and other US media in recent months. The email and sensitive information theft from non-governmental organizations has become a new focus of interest for intelligence agencies, since this data might show the jourlanlists point of view regarding governmental affairs, data, communications and private documents containing sensitive information, thus providing a much more valuable vision from the intelligence side.

» More information at DaiyMail

Rest of the Week´s News

A Winning Anonymous Bidder Bought 2,700 Bitcoins at US Government Auction

Only 5 bidders participated in the auction of 2,719 bitcoins organized by the US government (USMS United States Marshals Service). The bitcoins came from several criminal, civil and administrative cases (most of them related with the Silk Road market). The anonymous winner invested 1.6 million dollars in this purchase.

» More information at CoinDesk

Epic Games Forums Hacked

Epic Games was the last company of the entertainment industry (video games) to have become a target from a cyberattack . The company has contacted the members of their forums in order to notify them that their personal data has been compromised.

» More information at The Register

DCNS Massive Data Leak Discloses Scorpene Submarines Combat Capabilities

The DCNS French shipyard has been affected by a massive data leakage of over 22,000 classified documents. The documents detail the combat capabilities of the new Scorpene submarines. This data leak becomes a significant risk to the national security of different countries like India, Brazil, Chile, Malaysia and Australia.

» More information at IBTimes

Further Reading

Cisco and Fortinet Say Vulnerabilities Disclosed in “NSA Hack” Are Legit

» More information at The Hacker News

Android Vulnerable to Serious TCP Flaw in Linux

» More information at The Hacker News

Euro Police Arrest 75 people in Major Online Child Abuse Swoop

» More information at Security Week