Cars Are Getting Hacked, What’s New?

Image result

For those who didn’t know, cars are already fully capable of driving themselves and are available for purchase. Now due to legal issues there still must be a person operating the vehicle, but it’s not like that person has to do anything.

Well recently, Tesla was exposed for their self driving car feature being hacked remotely by two guys who were 12 miles away. The hackers were working with Tesla so no real harm was done. The hackers were able to do basically anything they wanted to do with the car from driving it to moving around seats inside of it. The hackers also said that it wasn’t just one model of Tesla, the same hack worked for numerous models they tried it on.

I guess the only bright side to this is that in order for the car to be hacked, the car had to be connected to a malicious WiFi hotspot and the car’s web browser had to be opened manually by the driver. So the moral here is if you ever have a self driving car, a) make sure you’re actually the one driving it. And b) just don’t open your web browser and you’ll be good, for now.

As a side note, Tesla did patch this flaw in their software within 10 days of the flaws being detected, so at least they work faster than apple.

Sources:

http://thehackernews.com/2016/09/hack-tesla-autopilot.html

https://www.google.com/imgres?imgurl=http%3A%2F%2Fbuyersguide.caranddriver.com%2Fmedia%2Fassets%2Fsubmodel%2F7651.jpg&imgrefurl=http%3A%2F%2Fwww.caranddriver.com%2Ftesla%2Fmodel-s&docid=y3jhKqU0YjzsWM&tbnid=WghqSLLXRGvH_M%3A&w=800&h=489&bih=964&biw=1920&ved=0ahUKEwi8lMa7u63PAhXJMz4KHSpRDcgQMwhLKAQwBA&iact=mrc&uact=8

Yahoo has 500 million users information breached, may be followed up with SEC investigations

yahoo-500-million

Yahoo received an anonymous tip about a hacker who calls himself,  Peace or Peace of Mind, that 200 million account’s information was compromised back in July. He was seen selling 200 million Yahoo user account information on the dark web. Yahoo had also been going through the work and deal to sell its main business operations to Verizon also since July. Verizon claims that it knew nothing about a possible breach or anything regarding the breach until this past Thursday when Yahoo went public with its situation.

The anonymous tip triggered an investigation by Yahoo which actually uncovered that 500 million user’s information was compromised, since 2014. The information stolen includes names, email addresses, dates of birth, phone numbers, password information and possibly even the security question answers, as stated by Yahoo. The hackers received the hashed passwords of all compromised users. The hackers did not receive information on users payment card data or bank information because the information is not stored in the system that has not been affected so far in the investigation, says Yahoo.

Security experts from Symantec who are looking into the breach now, suspect it is an attack from a  nation state, suggesting Russia. They suspect it to be a nation state because a nation state would practically be the only entity to have enough resources to both break the encrypted passwords and enact anything malicious with that information, on the scale that was stolen.

The 4.83 billion deal with Verizon has obviously taken a blow. The SEC is also very likely to follow up with an investigation of Yahoo, to investigate whether or not they were withholding information from stockholders and the market.

Not very much detailed information has been released on this breach so far. Yahoo has only suggested its users change their passwords and other account passwords if you tend to use similar or the same password for other accounts.

Sources:

‘Marissa was aware absolutely’: Yahoo chief ‘knew back in July that company was investigating a security breach’ – but only disclosed it to regulators and potential buyer Verizon this week

What Consumers Need to Know About the Yahoo Security Breach

Many Questions Still Unanswered After Yahoo Confirms Massive Data Breach

The future of Malware

Malware is constantly changing, just like human beings.
Researchers have found a new type of macro malware that avoids detection by going dormant, when it detects that its in a security researcher’s test environment.

The malware uses few techniques to figure out if the host is a legitimate target or not,it uses a feature in windows, Recent Files. It uses the Recent files feature to see how many word documents the user has and if they don’t have certain number of documents then it will not execute. Another method, is the malware  uses the IP of the computer network it’s on and see’s if it matches a blacklist and if it does match up then the malware doesn’t execute.

The reason why maker of the malware wouldn’t want the malware to execute while its in a VM(virtual machine) environment is so that it prolong the life span of the malware.

The malware is distributed through spam and phishing. The researches expect to see more malware in the future to have this ability.

-Brett Patterson brp5088
in dedication to Jar311

sources:

Malware Evades Detection with Novel Technique

Mokes, Any OS, Any Time!

A recent article by Swati Khandelwal on The Hacker News reports a new form of malware that is taking hold of many machines. Mokes, as it has been dubbed, has been found by Kaspersky to be able to infect all the major operating systems. The article focuses on the mac side of it as it was the part lastly discovered.

Mac-flashback.jpg

 

This form of malware creates a backdoor that can capture camera and keyboard inputs as well as take screenshots every thirty seconds. It also reportedly has the ability to search for word document files with a range of extensions. It even has the ability to monitor USB removal and insertion.

It runs off of Qt, a framework of C++ meant to be used for cross platform applications. It connects back a control and command server over AES-256 encryption, a very secure method. In part of its exploit it can take control of the terminal and send it commands.

It has been reported that upon infection of a Mac it will copy itself to parts of the filesystem belonging to Skype, Google, Firefox, and even Dropbox. The Linux variant is much less spread out and lacks Google and Skype.

The overall spread of this malware has yet to be discovered. It is clearly a very complex program but is not believed to be state funded nor is it being claimed by any large group.

source:http://thehackernews.com/2016/09/cross-platform-malware.html

-Evan Delmolino edd1717

 

Someone May Be Planning To Take Down The Internet

According to a recent report by Bruce Schneier, hackers may be planning a takedown of the internet. While China and Russia are the likely suspects, it is unknown who is launching the attacks, and if the US government knows they have decided to stay quiet. Schneier has done a very nice job of describing the attacks:

These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

 

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

According to VeriSign’s (the registrar for .com and .net domains) quarterly report, the most common vector they experienced was, “UDP floods (including Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and Chargen).” The next most common vectors were TCP Layer attacks, IP Fragment attacks, and Application Layer attacks.

Schneier says he doesn’t see a motive in the attacks. However, he says “it feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar.”

Martin McKeay, security advocate at Akamai, says a complete internet takedown is impossible because, “it’s a whole bunch of networks, and you’re not going to take it down unless you take down all the circuits. You can take down a company, an organization, or part of a government — but you can’t really take down the Internet as a whole.” He cites the fact that the transoceanic cables have terabit switches, which can handle far more data than the 500Gbps record for the largest attack. Tim Mathews, vice president of the Incapsula product line at Imperva, concurs saying that the attacks “are an order of magnitude smaller than the bandwidth capacity the largest transit providers and ISPs manage.”

In the event the attacks do manage to take down a registrar, such as VeriSign, it would cause a mass blackout affecting many sites and emails. VeriSign manages 143.2 million domain names, including domains for banks, the stock market, and insurance companies. In addition, the attacks could target emergency services, such as 911 and hospitals.

In the end Schneier admits that we can’t really do anything about it, “but this is happening. And people should know.”

Author: Christian Martin

Sources:
https://www.lawfareblog.com/someone-learning-how-take-down-internet
https://www.verisign.com/assets/report-ddos-trends-Q22016.pdf
http://www.technewsworld.com/story/83894.html
https://www.verisign.com/en_US/company-information/index.xhtml