CyberSecurity Pulse 2017-05-15

CyberSecurity Pulse 2017-05-15

“You never fail until you stop trying.”
Albert Einstein

Analyst Insight

The Cyberattack That Rocked the World

May 12th will be remembered as the day in which WannaCry entered the news after hitting dozens of companies all over the world forcing many of them to stop their daily work. In the case of WannaCry, the malicious payload used was formed by a ransomware which encrypted the documents of several extensions asking for a ransom between 300 and 600 USD and which should be paid as soon as possible. Afterwards, the compromised system would try to propagate the sample making use of EternalBlue, one of the exploits leaked by ShadowBrokers in April allegedly linked to NSA and that would be affecting Windows systems which would have not patched the CVE-2017-0144 vulnerability. So as to disguise the source of the attack, the cybercriminals where also using other well known technologies like Bitcoin to and the Tor network so as to perform several Command and Control communications that would complicate even more the task of security researchers and prosecutors to find the ones responsible for the attack in the corresponding attribution exercises.

CyberSecurity Pulse 2017-05-15The tools and frameworks that have been recently published have reminded us that incidents like this could really happen. In fact, if we go back to July 2015, many of the readers will remember the Hacking Team incident in which several governmental hacking programs of countries all over the world were exposed. More recently, ShadowBrokers leaks in April as well as the weekly releases of Wikileaks' Vault 7 series have been warning us about several tools like the ones created to hide footprints and deceive the researchers as included in Marble and many others like AfterMidnight and Assasin focused on the creation of botnets; Grasshopper, thought to make the configuration of ad hoc malicious samples easier or Weeping Angel, designed to record audio and exfiltrate it from certain Smart TVs.

These leaks and incidents as mediatic the one involving WannaCry have put on the table a real scenario: the possibilities of blocking a company or even a country are not necessarily reserved to the script of a science fiction film. It cannot be ignored that the impact has been enormous, nor it does the feeling of being facing some sort of proof of concept that has pointed out that, when we are unable to correct vulnerabilities in time, we are really more exposed than ever. For many there is still a question in the air: if the malicious payload had not manifested itself as clearly as it did with the famous warning, how long would it have taken us to realize that we have been hacked? Are we really prepared for the challenges lying ahead?

Top Stories

Microsoft Finally Bans SHA-1 Certs in IE and Edge

CyberSecurity Pulse 2017-05-15 The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the SHA-1 hashing function as insecure. The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year. Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing. In February, researchers from Google and CWI have proved the first practical collision attack against SHA-1, producing two PDF files with the same SHA-1 digest.

» More information at Computerworld

Microsoft Will Offer Ubuntu, Suse and Fedora Linux Distros in the Windows Store

CyberSecurity Pulse 2017-05-15 Users will be able to install the above Linux operating systems on their Windows machine, the novelty is represented by Fedora and SUSE because Ubuntu is already available on the Windows Store for downloading. The decision of Microsoft is aligned with its policy to support also open source community. In this sense, the operation has a specific marketing intent together the interest of the last audience of Ubuntu, Suse, and Fedora users that every day have also to work with Windows systems. In 2016, Microsoft also chose Ubuntu as the OS for its Cloud-based Big Data services and it has also joined the Linux Foundation as a Platinum member.

» More information at Security Affairs

Rest of the Week´s News

Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware

A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed Jaff the new file-encrypting ransomware is very similar to the Locky ransomware in many ways, but it is demanding 1.79 Bitcoins (approx $3,150), which much higher than Lucky, to unlock the encrypted files on an infected computer.

» More information at The Hacker News

Vanilla Forums Software Is Still Affected By a 0-day Reported Last December

The popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Dawid Golunski was the researcher who found the vulnerabilities which exist in the most recent, stable version of Vanilla Forums.

» More information at Security Affairs

Built-in Keylogger Discovered In Several HP Laptop Models

Security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes. Depending upon the computer model, HP also embeds some code inside the audio drivers delivered by Conexant that controls the special keys, such as Media keys offers on the keypad.

» More information at The Hacker News

Further Reading

New Bondnet Botnet Mines Cryptocurrencies

» More information at Dark Reading

Persirai Malware Strikes at IP Cameras in Latest IoT Attack

» More information at Security Affairs

Baijiu Malware Abuses Japanese Web Hosting Service to Target North Korea

» More information at Security Affairs