Under Armour: My FitnessPal Hack

On March 25, 2018, Under Armour was alerted of a breach that took place in February 2018. Under Armour notified the media, that 150 million MyFitnessPal user accounts were hacked from the breach of its database. However, since information like Social Security numbers and drivers license weren’t even asked for by the app, and since payment cards were processed separately, they were not stolen in the data breach. The stolen data consists of account usernames, as well as the email address associated with it and the hashed passwords. Meaning that though the passwords were obtained, they remained encrypted. The reason this is important to note is because, though the hackers have access to the above mentioned info, they still don’t have all the account passwords. Therefore, users still have time to change their passwords. Since many users use the same username and password across multiple sites and applications, it would be a good idea for them to change their passwords on their other accounts as well. Nevertheless, the risk still remains from this data breach. With the emails, the attackers are able to send phishing attacks to the user, making the email seem like its from the fitness app. Under Armour said it is working data security firms and law enforcement, but did not provide details on how the hackers got into its network or pulled out the data without getting caught in the act.

 

Sources:

https://www.reuters.com/article/us-under-armour-databreach/under-armour-says-150-million-myfitnesspal-accounts-breached-idUSKBN1H532W

https://www.slashgear.com/under-armour-myfitnesspal-hack-5-things-to-know-30525418/

-Noor Mohammad

Advertisements

Baltimore’s Dispatch System Taken Down

Baltimore’s 911 dispatch system was breached Sunday, March 25th, shutting down automatic dispatching until Monday, March 26th, as well as halting call logs from 9:54 a.m. Sunday to 7:42 a.m. Monday.

A server running the city’s computer-aided dispatch (CAD) system was infiltrated around 8:30 Sunday morning, forcing caller information to be relayed manually for the remainder of the day into Monday. Under normal circumstances, caller information appears on a map and the nearest first responders are dispatched automatically. The attack effectively slowed this process and demanded that call center staff relay this information to dispatchers themselves.

The exploited vulnerability was a port that had been left open after an IT team attempted to troubleshoot a communications issue and in the process made changes to the firewall. City workers were able to take the affected server offline, conduct a thorough investigation, and successfully bring it back online by approximately 2 a.m. Monday morning. Later reports confirmed that the attack did involve ransomware, but neither the ransom amount nor the city’s response to the ransomware has been stated.

-Jordan Sullivan

Sources:

• http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-hack-folo-20180328-story.html
• https://nakedsecurity.sophos.com/2018/03/29/hackers-hit-911-system-emergency-dispatch-affected/

Quantum Computing’s Impact on Cyber Security

With more and more technological advancements every day, our vision of quantum computing is turning more into a reality than a theory. Companies like IBM and Microsoft are accelerating forward and becoming closer than ever to build the first fully functioning quantum computer. Seemingly on the edge of an almost quantum revolution, it’s important to ask questions about how integral parts of our lives like cyber security will be affected by this change.

First, let’s understand what quantum computing is. Comparing it to modern computing, which relies on discrete values of a bit being either a 0 or a 1, quantum computing would allow both of these possibilities to exist simultaneously in something called qubits, and these values only truly form when they are observed. This allows quantum computers to handle operations and equations at speeds that are exponentially higher than what we are used to in modern computers and their energy costs are far less.

How does this effect today’s security? Many of today’s security systems rely on cryptography, this is because normal computers struggle at factoring large numbers. This means that cryptography based on factoring numbers would be a safe bet against our technology today, but with the introduction of quantum computing, these practices would be useless. This isn’t the end of cryptography though because there are some approaches in use today that will be safe against the power of a quantum computer. That doesn’t mean that important companies and governments are using them though, and if quantum computing is to take off faster than anticipated they could run into some trouble. Other security strategies that are used today, like two-factor authentication, will still be just as effective after the introduction of quantum computing, due to multiple steps being taken by the person to log into a system.

Tomorrow’s security will be something almost unfathomable with quantum-based security implementations. Techniques like theoretically unbreakable cryptography, encrypting data to stop working if anyone attempts to uncover them and guaranteeing a safe passage to send data no matter what attacks are being used against it can all be potentially achieved with quantum computing. It’s not all positive though because with the power to develop secure techniques comes the power to exploit older strategies. An almost quantum arms race has begun between intelligence agencies and this is because the first agency to gain access to quantum computing power will have an incredible edge over all other counties.

Although quantum computers may never be a household item, their impact in the world will definitely be historical. While many of their advancements will benefit society and the internet infrastructure as we know it, it is still important to make sure what the world is ready for a step this large.

-Jeremy McGrath

Sources:

https://www.technative.io/how-will-quantum-computing-impact-cyber-security/

https://www.nasdaq.com/article/quantum-computing-what-it-is-and-who-the-major-players-are-cm939998

 

City of Atlanta Victim of yet Another Cyber Attack

Early on March 22nd, several departments in Atlanta, Georgia were the target for a cyber attack. The attackers launched a ransomware attack, and demanded bitcoins as payment (over $50,000 USD).

Ransomware attacks are relatively new and became popular in 2017 with the widely feared WannaCry attack. Ransomware typically encrypts some of your files and locks you out of your computer, then demands a ransom to be paid (usually with Bitcoin, an anonymous cryptocurrency).

This attack had a widespread impact as it affected multiple departments in Atlanta. Administrators took down several websites and services while the attack was investigated by the FBI, DHS, Microsoft, and Cisco. While ATL airport was not directly affected, administrators also disabled its Wi-Fi and advised passengers that flight schedules may not be accurate and to verify information with their airline.

As an additional measure, city employees were directed not to turn on any devices in the building until the malware had been contained. Five days later on March 27th the first machines were powered back on. Administrators expect some machines to be infected and that employees will continue to work using other methods if their machines are affected.

Ransomware attacks historically have just been a means of pressuring victims into paying the ransom. Attackers usually are not looking to steal information in the process. In fact, if an attacker did want to steal information, it wouldn’t make much sense to tell the victim that their machine is infected. However, in the case of the Atlanta cyber attack, both employees and the public were advised to monitor their credit cards and bank accounts for any suspicious activity.

The investigation has shown that it doesn’t appear any information has been compromised. While the details of the attack have not been released, Rendition Infosec reported that Atlanta government had been compromised by a previous cyber attack in April 2017. Microsoft had released critical patches over a month before the attack happened, but they were not installed. The attack lasted a little over a week, and statements from the city of Atlanta suggest that they were not aware the attack had happened in the first place. The identity of the attackers still remains unknown.

---

Jesse Roux

http://amp.wsbtv.com/www.wsbtv.com/news/local/atlanta/fbi-looking-into-citywide-computer-issues-in-atlanta/720045695?tnym

http://amp.wsbtv.com/www.wsbtv.com/www.wsbtv.com/news/local/hartsfield-jackson-takes-down-wi-fi-after-cyber-attack-on-city/720533019

http://searchsecurity.techtarget.com/news/252437715/Five-days-after-Atlanta-ransomware-attack-recovery-begins

https://www.renditioninfosec.com/2018/03/atlanta-government-was-compromised-in-april-2017-well-before-last-weeks-ransomware-attack/

Fileless Malware

Malware is constantly evolving to match the level of sophistication that anti-malware programs use to prevent it. This is especially so in the type of malware called fileless malware. This malware is relatively new (first big cases seen in 2014) but becoming more common. Fileless malware tends to avoid the filesystem by operating almost entirely in memory, therefore we have also seen some attacks like this as early as in the 2000’s. It hit a milestone in 2017 of attacks by making up nearly 52% of all malware attacks that year.

This type of malware aims to avoid modifying the filesystem at all. It allows “cybercriminals to skip steps that are needed to deploy malware-based attacks, such as creating payloads with malware to drop onto users’ systems. Instead, attackers use trusted programs native to the operating system and native operating system tools like PowerShell and WMI to exploit in-memory access, as well as Web browsers and Office applications.”

So why does it matter if it avoids modifying the filesystem? That is because a big part of malware protection in anti-malware programs is scanning files to detect infected ones.

How can it be prevented? This is a process called behavioral detection. “Looking for signs associated with malicious PowerShell use (like a PowerShell session executed using an encoded command via the command line), provides security teams with the evidence they need to investigate incidents that could turn out to be instances of malicious PowerShell use.”

Sources:

https://www.technewsworld.com/story/85178.html

https://www.darkreading.com/perimeter/fileless-malware-attacks-hit-milestone-in-2017/d/d-id/1330691?

https://www.cybereason.com/blog/fileless-malware

-Dylan Arrabito