Issue 50 - Week of Feb 1st

1.       Online 'Batman' Takes On Dridex Trojan: Someone appears to have disrupted at least part of the channel that distributes the malware and replaced the malicious links with installers for a free antivirus tool (Avira) instead. So users who click on malicious links get Avira’s antivirus tool instead of the banking Trojan. The hacker who has discovered how to do a good thing but perhaps with not strictly legal methods - is being dubbed as the Online Batman. Dridex has caused considerable damage and has so far resisted Govt. efforts to take it down.

2.       Linux.Wifatch - White hat virus that helps:  A new virus called Linux.Wifatch has been spotted that instead of hijacking the  internet routers and IoT devices for criminal purposes, is improving their security. Most often these devices have poor security and top of that -people use default settings and default admin password. The Virus tends to address these issues - It closes the telnet protocol so that nothing else can get in, it leaves a message asking the router's administrator to change the password on the router's firmware, and the goes hunting in the router for any other malware it can kill off. However it still is a virus and one cannot be really sure of its long term intentions.

3.       US Homeland security’s $6B Firewall has many frightening blind spots: A recent audit revealed the US Cybersecurity Protection System—aka EINSTEIN—does not scan for 94% of threats and doesn't monitor web traffic. The system is signature-based and can detect only known patterns of malicious traffic. It is also limited in regards to detecting advanced persistent threats (APTs) and Zero day attacks. In terms of known vulnerabilities in common applications - it was able to identify only 29 of the 489 known  vulnerabilities. Information sharing is another goal of EINSTEIN which is also in need of attention as 1 in every 4 notifications are not received by agencies who use the Firewall.

4.       Login duplication allows 20m Alibaba accounts to be attacked: To begin with - Hackers obtained a database of 99 million usernames and passwords from a number of websites in China. They then tried out these credentials on Alibaba and were able to access 20.59 million accounts. The hackers used compromised accounts to place fake orders, a practice known as "brushing" in China and used to raise sellers' rankings. The hackers also sold these accounts to fraudsters. Hackers have exploited the human tendency to frequently use the same set of credentials for all applications and websites, it probably helps to remember at least 2 credentials - one for sensitive apps/Websites and other one for rest.

5.       PGP co-founder says Ad companies are the biggest privacy problem today, not governments: The big tech companies today- Apple, Facebook, Google, and Microsoft,  have more data on you than anyone or anything else out there. Apple and Microsoft use the data to make their products better and their revenue primarily depends on selling these products to us. On the other hand, Facebook and Google are ‘free to use’ and advertising revenue is what keeps it that way. For better ads - they collect data like browsing habits, search results, and other demographic data (such as your age, location, and education). Many find the ads intrusive and don't like being tracked.

6.       Mattel's Smart Toy Bear & HereO watches - patch vulnerabilities: The Wi-Fi-enabled stuffed animal, was vulnerable to a remote flaw. An attacker could trick the web service (API) to send requests that shouldn't be authorized. From there, an attacker could allow easily access children's profiles (reminds of Vtech hack). The attacker could also force the toy to perform actions that the child user didn't intend, interfering with normal operation of the device. A similar flaw affecting HereO, a smart GPS watch designed for children, allows a hacker to trick a family's group into accepting a request to join their group and be able to access every family member's location and location history. Both these companies were receptive to these findings and have since fixed these vulnerabilities.

7.       Apple Phone's 'Error 53' - its security v/s convenience: When those iphone6 users who had their ‘home button replaced by non-Apple technicians’ were trying to update their iOS, their expensive phones got bricked. It becomes permanently unusable and can be at best used as a brick. Many customers were furious and felt Apple was arrogant enough to do this. Apple has hit back at criticism, claiming it is part of measures to protect customers’ security. When iOS finds a mismatch in hardware, Touch ID including Apple Pay use, is disabled. If a customer encounters Error 53 or any other issues it is better to contact Apple Support. Maybe Apple should have informed users about this feature before the OS update.

8.      Hack Hall of Shame – January 2016:

a.       A new hacktivist group called New World hacking emerges - BBC, Trump web attacks "just the start," says hacktivist group.

b.      Anonymous keep themselves busy - They hack Saudi Arabian government websites, Thai police sites, Nigerian government websites & Nissan websites.

c.       Scathing report shows Microsoft failed to warn the Chinese Govt. hack on thousands of Hotmail accounts of China’s Tibetan & Uighur minorities.

d.      Britain’s Opposition Leader had his Twitter account hacked.

e.      Tech support scam points to Dell breach

f.        US Spy Chief pranked by teen hackers

g.       Hyatt names hotels hit by malware

h.      LastPass susceptible to phishing attack

i.         Melbourne hospital’s computer system is taken down by virus

j.        Java bug also found in PayPal

9.       Hackers are sending social-engineering emails to SMBs in India to steal money: Hackers begin by either stealing somebody’s email account or spoofing - to send emails to Finance dept. of targeted companies. These emails either contains a link to some malicious site or a malicious attachment. The subject line and body of the email are designed to LURE these employees to open the link / attachment. Once they do so, their machine gets compromised and from there on the hacker has full control on the machine. The hackers objective is to steal money. They use their access to the machine to observe the user and trick them to transfer money. There have been instances where the hackers would change the bank details for remittances etc. ONGC is classic Business Email Compromise (BEC) example.

10.   Deceptive-site-ahead; Google will warn legit sites carrying Malvertising: Google is casting a wider net with its Safe Browsing technology to protect Chrome users, not just from deceptive websites but also from deceptive ads on legitimate sites. Google notes the new Safe Browsing feature may have an impact on legitimate websites that display deceptive ads. The warning Google posts in its blog demonstrates that its alerts will indicate that the site itself is deceptive.