Encryption system used to exploit protected Wifi networks

Everyone knows that they could be a potential target for cyber-crime; as it often appears in the news almost every day. But just how vulnerable is an individual? CERT recently made a statement about how your Wifi network could be exploited if proper precautions are not taken.

On October 16th, 2017, the Computer Emergency Readiness Team made an announcement that addresses the protection of your sensitive information. In short, its advice is to update all your devices when security advancements are available. The reason for this is that a widely used encryption system used on wireless networks can lead to a breach of your credit card information, emails, passwords, etc.

Essentially, the system allows a hacker to gain access to the internet traffic that occurs between computers. Once in, the hacker can manipulate the data that is recovered. Depending on the target’s network configurations, it is even possible for the attacker to inject malware into the network. The unsettling part about this encryption system is that it has the capability of effecting a very wide range of devices including Android, Apple, Linux, and Windows.

Companies such as Intel, Microsoft, Google, and Apple have heeded this advice and have released updates that will help protect people with their devices from this issue.

– Jared Albert



Hackers Exploit Microsoft Servers to Mine Cryptocurrency

Mining for cryptocurrency is becoming an extremely profitable investment. One of the most popular currencies, bitcoin, is skyrocketing in value. One bitcoin is currently worth $4297 U.S. dollar. These currencies are becoming more and more popular to use online for illegal activity because it’s more difficult to trace, and increasing in value so quickly.

Now to this recent attack on servers running Windows server 2003. An exploit in this software was discovered in March of this year (2017), the exploit targets the web server in Windows server 2003. Hackers have now taken to attacking servers that have not patched to the most recent update that fixes the exploit. The exploit infects the server and adds it to a botnet for the hacker to control and mine for cryptocurrency. In this attack the hackers were mining for a currency called Monero, this currency is completely untraceable and anonymous. Hackers prefer mining for Monero because it uses an algorithm called CryptoNight which works on CPUs and GPUs and unlike Bitcoin requires no special hardware to begin mining. This currency is currently significantly less valuable than bitcoin, at the time of writing 1 Monero is worth $90 U.S. dollars but, like all cryptocurrency the value fluctuates quite frequently. This attack gained the hackers $63,000 worth of Monero in 3 months. There are quite a few pieces of malware that exploit servers to mine this currency. One piece of malware called Adylkuzz uses the EternalBlue exploit, which was actually created by the NSA and released by a group called the Shadow Brokers this exploit was used in the WannaCry ransomware attack. BondNet is another form of malware that also creates a botnet to mine Monero.


– Levi Walker









BlueBorne, a Bluetooth Vulnerability

Armis has identified a new threat to almost every device we own. There are eight vulnerabilities that have been identified, four of which are critical. These vulnerabilities affect over 5 billion Android, Windows, iOS, and Linux devices. This vulnerability is known as BlueBorne.

What makes this vulnerability different than most cyber attacks is that there is no link that a user has to click on or a malicious file that the user has to download to become a victim. The user doesn’t even have to be connected to the internet. Instead, BlueBorne is spread through a devices Bluetooth connection. The attack doesn’t require the targeted device to be paired to the attackers device or even for the targeted device to be set to discoverable mode.

Image result for BlueBorne

This all contributes to BlueBorne being easily spread to devices at a possible unprecedented rate. Bluetooth processes have high privileges on all operating systems which allows this exploit to completely take over the device. Android devices are vulnerable to remote code execution, information leaks, and Man-in-The-Middle attacks. Windows devices are vulnerable to the Man-in-The-Middle attack. Linux devices running BlueZ are affected by the information leak vulnerability, and Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (This includes many smart watches, smart tvs, and smart refrigerators). iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability, but this vulnerability was already patched for users running iOS 10. Even networks that are “air gapped” are at risk of this attack, and includes industrial systems, government agencies, and critical infrastructure.

Examples of attacks:

  • Taking a picture on a phone and sending it to the hacker
  • Listening to a conversation through a wearable device
  • Redirecting a user to a fake login page to steal their login information
  • Cyber espionage
  • Data theft
  • Ransomware
  • Creating large botnets out of IoT devices

Many companies are pushing out updates for their users, but for many it is too late, and for others they have older devices that will not receive the updates.

As of 9/13/17:

  • Apple users with iOS 10 are safe
  • Google has released a patch for this vulnerability for Android Marshmallow and Nougat, but it might be weeks before the patch is available to some Android users
  • Microsoft patched the vulnerabilities in July
  • A patch for Linux is expected to be released soon

The problem is that even with these patches, there are many users who are unaware of this exploitation and/or do not update their devices regularly. For users that haven’t updated their devices or do not have an update for their device, the safest thing to do is to turn Bluetooth off on your phone and leave it off until there is a patch for your device


Source: https://www.armis.com/blueborne/


-Matthew Smith

How Equifax got Hacked

I’m sure almost everyone has heard about the Equifax data breach at this point, but what we haven’t really known at this point was how exactly the hack was done. Information was just recently released by the hackers themselves to a writer on the website spuz.me. What we know know is this breach is entirely Equifax’s fault.

Basically, Equifax had many “management panels” on their servers, each with a different function. Some of these panels were even publicly available to see, can be found on the IoT searching site shodan.io. In these panels, there was barely any security. The password for one of them was “admin:admin” Now the hackers confirmed not all the passwords were that easy, but the private keys for the panels were actually stored in the panels themselves. Not only that, but over 300 employee admin usernames and passwords were stored in plaintext in a javascript file.

The hackers are currently asking for 600BTC (~$2.2 million at the time of writing) for a full public dump of the data, or 4BTC (~$15k) for 1 million entries of the data. At the time of writing, no money has been sent to the bitcoin address.

It’s very scary how bad the security practices were in this scenario. This is a credit agency after all, and their security was laughable. How many other huge corporations out there have practices this bad? I guess only time will tell.

– Noah Kalinowski


Apache Struts 2 vulnerability possibly linked to Equifax breach


Equifax (EFX), one of the big 3 of credit reporting companies, recently had their systems breached; leaking 140+ million records of individual’s personally identifiable information including SSNs’, credit card info, credit scores and more.

Apache’s Struts 2 framework is now under scrutiny after security researchers discovered a critical Remote Code Execution (RCE) vulnerability that is being deemed as the possible culprit behind Equifax’s breach. A report from Baird Equity Research report is claiming that the Struts 2 vulnerability was the root cause of the incident.

Neither Equifax nor Apache have publicly released a statement that the incident was a result of the flaw present in Struts 2. EFX was also breached in mid-May, months before CVE-2017-9805 was publicly disclosed, leaving it as the unlikely vulnerability that was the cause.

The more likely case was that hackers took advantage of a flaw that Strut’s fixed in March, CVE-2017-5638, another RCE vulnerability. Hackers likely went after unpatched systems and took advantage of this exploit, as was indicated by an attack on the Canadian Revenue Agency utilizing this exploit.

René Gielen, VP of Apache Struts released the following in a public statement: “Any complex software contains flaws; Don’t build your security policy on the assumption that supporting software products are flawless, especially in terms of security vulnerabilities.”

–  Matthew Turi