30-Day InfoSec

IoT is Vulnerable IoT Homefootage on sale in the deep and dark web and an intimate IoT device is found to have an exploit. * https://www.hackread.com/3tb-clips-hacked-home-security-cameras-leaked/ * https://gizmodo.com/a-security-flaw-could-send-your-dick-to-jail-forever-1845286359 Trickbot Takedown via Private and Public Sector Both Microsoft and USCybercom both try to disrupt the Trickbot gang using different approaches * https://krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/ * https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/ Government Sponsored Cyber Attacks The UK reveals it carried out cyberattacks against Russia, Iran and Russia found to be interfering with US elections. The NSA releases a list of the 25 most used exploits in attack from China. * https://www.cnn.com/2020/10/21/politics/fbi-election-security/index.html * https://www.ibtimes.sg/uk-carried-out-secret-cyberattacks-russia-retaliation-says-former-national-security-adviser-52806 * https://www.zdnet.com/article/nsa-publishes-list-of-top-25-vulnerabilities-currently-targeted-by-chinese-hackers/ Bug Bounty crew spends 3 months hacking Apple A bug bounty crew cashes in big hacking apple infrastructure. * https://samcurry.net/hacking-apple/ Ransomware actor gives to charity Darkside ransomware actors show proof of their philanthropy by press releasing a receipt of their donation. * https://www.hackread.com/3tb-clips-hacked-home-security-cameras-leaked/ Upcoming Events: * Blackhat EU 2020 - Nov. 9 * OSDF Con - Nov 18 * Cyber Security & Data Protection Summit - Nov 19 Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/

Emotet Is back and then not The group behind the Emotet malware has popped back up but shortly after that it appears the C2 infrastructure was compromised and started sharing out memes. * https://www.bleepingcomputer.com/news/security/emotet-malware-operation-hacked-to-show-memes-to-victims/ [https://www.bleepingcomputer.com/news/security/emotet-malware-operation-hacked-to-show-memes-to-victims/] * https://www.bleepingcomputer.com/news/security/emotet-spam-trojan-surges-back-to-life-after-5-months-of-silence/ [https://www.bleepingcomputer.com/news/security/emotet-spam-trojan-surges-back-to-life-after-5-months-of-silence/] Garmin HACKED!!! Garmin was hacked recently and the intrusion was used to spread ransomware on the network. The attackers also ended up being paid out $10M by Garmin. * https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/ [https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/] Twitter Admin Panel Exposed Recently a teenager was able to get access to a twitter management panel which allowed them to take over high profile accounts to include Barack Obama, Beyonce as well as Elon Musk. The take over was being used a scam to attempt to get bitcoin from people. * https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html [https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html] High Profile Exploits Recently Released Recently there were several high profile exploits released that were all remote code execution exploits. Vendors such as F5, SAP and Microsoft were all among the vendors affected by these exploits. * https://threatpost.com/thousands-f5-big-ip-users-takeover/157543/ [https://threatpost.com/thousands-f5-big-ip-users-takeover/157543/] * https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/ [https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/] * https://www.bleepingcomputer.com/news/security/critical-sigred-windows-dns-bug-gets-micropatch-after-pocs-released/ [https://www.bleepingcomputer.com/news/security/critical-sigred-windows-dns-bug-gets-micropatch-after-pocs-released/] Tesla Attempted Hack A Tesla employee was approached by a supposed Russian sponsored individual in an attempt to compromise the entire organization and spread ransomware. * https://www.databreachtoday.com/russian-indicted-in-tesla-ransom-scheme-a-14960 [https://www.databreachtoday.com/russian-indicted-in-tesla-ransom-scheme-a-14960] Upcoming Events: * https://ekoparty.org/en_US/ [https://ekoparty.org/en_US/%20] * https://www.bsidesclt.org/ [https://www.bsidesclt.org/%20] * https://shellcon.io/ [https://shellcon.io/] Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated [https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated]) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/ [https://creativecommons.org/licenses/by/3.0/us/]

Honda hit by Cyberattack Honda was hit by a cyber attack shutting down its manufacturing plant for several days. It appears to be the Ekans variant of ransomware. The company has insisted no data has been breached and added that "at this point, we see minimal business impact". * https://www.bbc.com/news/technology-52982427 [https://www.bbc.com/news/technology-52982427] 59 Chinese Apps Banned Apps such as TikTok are starting to be banned within the Indian government. Many other countries and businesses are now also considering banning the applications from there networks. These applications were exposed to collecting too much detailed information about their users. * https://twitter.com/ShivAroor/status/1277619905269989378 [https://twitter.com/ShivAroor/status/1277619905269989378] MongoDB Exposed Millions of Medical Insurance Records Millions of records containing personal information and medical insurance data were exposed by a database belonging to the insurance marketing website MedicareSupplement.com. * https://www.cybersecurity-review.com/news-june-2019/mongodb-leak-exposed-millions-of-medical-insurance-records/ [https://www.cybersecurity-review.com/news-june-2019/mongodb-leak-exposed-millions-of-medical-insurance-records/%20] Upcoming Events: * https://conference.hitb.org/hitb-lockdown002/ [https://conference.hitb.org/hitb-lockdown002/] * https://www.opcde.com/ [https://www.opcde.com/] Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated [https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated]) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/ [https://creativecommons.org/licenses/by/3.0/us/]

US President target of hackers In a press conference in May The White House Press Secretary held up the check being donated from the president's salary which held his account number and the routing number of an account within Citibank. This has placed a large target on the bank as they now have ties with the administration and government accounts. Hackers will be targeting them similar to how the REvil group is targeting Trump with the release of information collected during the hack of a law firm said to contain information about the president. * https://thehill.com/homenews/administration/499268-trump-routing-number-bank-revealed-coronavirus-response [https://thehill.com/homenews/administration/499268-trump-routing-number-bank-revealed-coronavirus-response] * https://twitter.com/ransomleaks/status/1261105634159800321 [https://twitter.com/ransomleaks/status/1261105634159800321?s=21] Contact Tracing Apps and Jailbroken Phones Governments around the world have started encouraging citizens to install tracking application to hopefully get an idea of the spread of the virus. It’s gone as far as Apple and Google baking this into the operating system of the devices. Tracking applications present huge security concerns and risks to everyone. We should all be looking at these to ensure personal safety is being maintained while using them. * https://www.unc0ver.dev [https://www.unc0ver.dev] Increased Unemployment Fraud With the world under its current situation, Brian Krebs has been reporting on increased unemployment fraud along with Microsoft report huge upticks of malicious documents related to COVID-19. With the world in crisis and working from home everyone's guard is down so scammers and malicious attackers will be taking advantage of this. * https://krebsonsecurity.com/2020/05/riding-the-state-unemployment-fraud-wave/ [https://krebsonsecurity.com/2020/05/riding-the-state-unemployment-fraud-wave/#more-51743] * https://www.infosecurity-magazine.com/news/microsoft-warns-of-massive-covid19/ [https://www.infosecurity-magazine.com/news/microsoft-warns-of-massive-covid19/] Verizon DBIR The Verizon Databreach Investigation Report was released and covers the current attack surfaces being exploited at least during 2019 but a majority of these will continue on into 2020. * https://enterprise.verizon.com/resources/reports/dbir/ [https://enterprise.verizon.com/resources/reports/dbir/] Upcoming Events * https://www.sans.org/event/hackfest-ranges-summit-2020 SANs Hackfest * https://www.securitysummits.com/event/enterprise-lockdown/ Enterprise Lockdown 6/25 * https://securecon.streameventlive.com/login SecureCon 6/16-18 * https://www.eventbrite.com/e/bsides-greenville-2020-tickets-84602497347 BSides Greenville 6/13 * https://www.womenhackerz.com/whackzcon-2020 WomenHackerz Con 6/6-7 * https://2020.pass-the-salt.org Pass the Salt 6/29 Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated [https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated]) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/ [https://creativecommons.org/licenses/by/3.0/us/]

COVID-19 Related Attacks * COVID-19 has hit the entire world extremely hard. We have seen an uptick in COVID-19 related attacks targeting businesses and consumers around the world. Recently we have witnessed spear phishing attacks related to streaming platforms as well as an uptick in malicious mobile applications related to COVID-19. * References * https://research.checkpoint.com/2020/covid-19-goes-mobile-coronavirus-malicious-applications-discovered/ [https://research.checkpoint.com/2020/covid-19-goes-mobile-coronavirus-malicious-applications-discovered/] * https://www.infosecurity-magazine.com/news/hackers-target-netflix-disney/ [https://www.infosecurity-magazine.com/news/hackers-target-netflix-disney/] Dark Nexus IOT Botnet * IoT attacks have seen an uptick in IoT related attacks over the past few years. One of the largest currently operating in the Dark Nexus botnet. * References * https://labs.bitdefender.com/2020/04/new-dark_nexus-iot-botnet-puts-others-to-shame/ [https://labs.bitdefender.com/2020/04/new-dark_nexus-iot-botnet-puts-others-to-shame/] Ransomware Attacks (Travelx and Cognizant) * Ransomware attacks have always been an issue, but with employees in work from home mode and using VPNs, it increases the risk to the corporate network for attack. Two companies that we have seen hit recently Travelex were hit with Sodinokibi ransomware causing them to pay out $2.3M in ransom to unlock the systems. Cognizant is an MSP for some large organizations, and they were hit with MAZE ransomware. The difference here is attackers are exporting this data so the victims can no longer just restore from backups they are forced to pay out the ransom. * References * https://threatpost.com/travelex-pays-2-3m-in-bitcoin-to-hackers-who-hijacked-network-in-january/154666/ [https://threatpost.com/travelex-pays-2-3m-in-bitcoin-to-hackers-who-hijacked-network-in-january/154666/] * https://www.infosecurity-magazine.com/news/maze-wage-ransomware-attack-on/ [https://www.infosecurity-magazine.com/news/maze-wage-ransomware-attack-on/] Online Training/Events * It seems with the world in its current state all of the infosec conferences have quickly adapted to still providing training within the virtual space. TJ and I collected several upcoming events and listed them for everyone to enjoy hopefully. * References * https://wildwesthackinfest.com/deadwood/tickets-and-training-info/ [https://wildwesthackinfest.com/deadwood/tickets-and-training-info/] * https://www.sans.org/blog/and-now-for-something-awesome-sans-launches-new-series-of-worldwide-capture-the-flag-cyber-events/ [https://www.sans.org/blog/and-now-for-something-awesome-sans-launches-new-series-of-worldwide-capture-the-flag-cyber-events/] Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated [https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated]) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/ [https://creativecommons.org/licenses/by/3.0/us/]