CyberSecurity Pulse 2017-06-12
|“Work on one thing at a time until finished.”|
Top Secret NSA Leaked Report Details Russian Hacking Effort Days Before US Elections
As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. Two months later, on October 27, they set up an "operational" Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation "targeting U.S. local government organizations". These emails contained a Microsoft Word document that had been "trojanized" so that when it was opened it would send out a beacon to the "malicious infrastructure" set up by the hackers.
However, the NSA is uncertain about the results of the attack, according to the report. "It is unknown whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor". At the same time, it is also unclear what the effort achieved, but the NSA assessed that the Russians appeared intent on "mimicking a legitimate absentee ballot-related service provider". Anyway, the report does not indicate why the Russians targeted the tiny Pacific islands, a US territory with no electoral votes to contribute to the election.
Using Intel AMT Tool to Bypass Firewall
Microsoft has recently discovered that the cyberespionage group Platinum is now leveraging Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) channel as a file-transfer tool to steal data from certain targeted computers without beign detected. The Intel-based chipsets are shipped with the AMT embedded technology and are designed to permit IT administrators to remotely manage and repair PCs, workstations, and the servers of their organisations. The Intel AMT technology operates independently of the operating system and works even when the system is turned off if the platform is still connected to a power line and a network cable is also plugged. That is to say, whenever AMT is enabled, any packet sent to the PC's wired network port will be redirected to the Management Engine and passed on to AMT. This implies that neither the operating system, not any other network monitoring applications installed on it, will be capale of knowing what is going around.
Kaspersky Accuses Microsoft of Unfair Competitive Practices
Kaspersky Lab told European antitrust regulators that Microsoft prevents third-party security software vendors from competing on equal footing with software products built into Windows operating system. "Microsoft uses its dominant position in the computer operating system market to promote its own security software (Windows Defender) at the expense of users' previously self-chosen security solution" says the co-founder of the security company, Eugene Kaspersky. In return to this issue, Microsoft has recently published a public statement, saying that the company has tried to reach out to Kaspersky Lab after the initial complaint filed in November 2016, but that no words between the two had been exchanged since then. However, it's still to be seen what EU regulators decide to do about this matter.
Rest of the Week´s News
An Updated Firefox Extension Abusing Instagram
According to a report published by researchers from Eset, a recently discovered backdoor Trojan has been using comments posted to Britney Spears's official Instagram account to let the infected machines to locate the C&C server that sends instructions and offloads stolen data to and from the targeted systems. The innovation makes the malware harder to detect because attacker-controlled servers are never directly referenced in either the malware as the information is being shared in an apparently innocuous connection.
Password Manager OneLogin Hacked, Exposing Sensitive Customer Data
In a brief blog post, OneLogin said that it was aware of unauthorized access to OneLogin data in our US data region. "The threat actor was able to access database tables that contain information about users, apps, and various types of keys", the company said. OneLogin has also advised customers to change their main passwords, to generate new API keys for their services and to create both, new OAuth tokens (used for logging into accounts) and new security certificates.
Linux Distros Patch Dangerous Vulnerability in Sudo Command
Several Linux distros have issued updates to fix a vulnerability in Sudo, a Linux app behind the sudo command, which can allow an unprivileged attacker to gain root privileges. Researchers say that an attacker that is in the position to run bash commands can create malformed sudo commands that will allow him to overwrite any file on the system, even root-owned content. In other words, the attacker gains the root-level privileges.