22Line Code “Scalpel” to Removes British Airways Customer Data

A couple weeks ago British Airways confirmed that the personal data of 380,000 customers had been stolen.

Magecart Again. Still?

On September 11th the simplicity of this surgical strike was revealed by RiskIQ and the details are pretty amazing. According to RiskIQ the incident, which lasted 15 days, was very similar to the breach of Ticket Master UK earlier in the year. That similarity combined with crawl data allowed them to quickly confirm that the threat actors were one in the same, Magecart.

Magecart is a group of criminals that specialize in web based credit card skimmers. RiskIQ actively monitors 2 billion pages of the world wide web for Magecart activity and Magecart is so active that RiskIQ gets hourly notifications of sites being hacked!

The 22 Line Scalpel

In the case of the British Airways hack, Magecart slightly modified their code so it went unnoticed by the RiskIQ automated crawlers and only after the fact could RiskIQ manually identify their handiwork. It turned out that the 22 lines of javascript shown below is what excised the personal data of 380,000 customers.

The same code also appears to have affected the British Airways mobile app for the same period of time. This is because the app was developed as an empty shell that simply pulled in functionality from the desktop site. While past Magecart attacks grabbed form data indiscriminately, these 22 lines were highly targeted, extracting payment information and sending it off to their own servers.

Konsultek Knows Security

Threat prevention, detection and quarantine are the hallmarks of a robust security solution. If your current approach to network security is a patchwork quilt of boxes and software that has been cobbled together over time it’s probably time to have us perform a comprehensive review. Simply give us a call and we’ll schedule a time to chat. It’s really that easy to get started.

Power Transmission Substation Honeypot Yields Unexpected Results

We’ve discussed the security of critical infrastructure many times on this blog. From the hijacking of the Dallas, TX tornado warning system, to discussions at Davos, selfies revealing sensitive information and even a video showing a white hat hacker team physically compromising a substation security system.

The security of the nation’s critical infrastructure is, well, critical, so we were quite intrigued by a recent honeypot experiment conducted by researchers at Cybereason.

Honeypot Yields Unexpected Results

Looking to further understand the threats facing critical infrastructure Cybereason set up a honey pot late in Q2 2018 that emulated the network of a major electric provider’s power transmission substation. All significant network systems including an IT environment, an OT environment and HMI (human machine interface) management system were included in the honeypot to make it appear as legitimate a network as possible.

Gotcha!

Cybereason expected the honeypot to reveal attack vectors that targeted individuals with network access. Instead what they found was that the honeypot was compromised by a set of actors who sourced their access tools off a dark web forum!

According to Cybereason CISO Israel Barak, the honeypot infrastructure was first discovered by a black-market seller conducting a broad internet reconnaissance. “The seller was able to compromise a single machine in the honeypot and posted it for sale in a black market called xDedic – along with the network identifiers of the compromised environment, which disclosed its probable affiliation with a large utility provider.”

Dark Web = Lights Out?

While the genesis of the threat, purchasing access off the darkweb, was unexpected Cybereason believes that those using the purchased access are very familiar with ICS environments. They moved quickly from the honeypot’s IT environment into the OT (operational technology) environment which is the system environment that actually controls the equipment used to deliver the utility in question whether it be electricity, natural gas or water.  The attackers appear to have been singularly focused on getting to the OT network. And, while some of their techniques were sloppy and raised red flags that would have likely elicited a security team’s response, had they been left unchallenged for some reason it appears possible they would have achieved their goal.

Can We Help You Achieve Your Goals?

When it comes to security, having an end goal in mind makes sense. Let us help you discover what goals make sense for your organization. It’s simple to get started, we’re just a phone call away.

 

 

Cortana – Let’s Start Hacking!

Cortana –  Let’s Start Hacking!

If you’ve ever witnessed the breadth of friendly Alexa hijinks going on in the world you could predict that hackers exploiting voice command vulnerabilities would just be a matter of time.

Well, that time is now. Voice hacking is a real and growing threat according to a mounting body of evidence.

Open Sesame

Yesterday afternoon (8/8/18) attendees at Blackhat.com in Las Vegas were treated to a presentation by a group of Israeli students and researchers who revealed what they are calling the “Open Sesame” vulnerability of Cortana.

According to the session overview…

In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the “Open Sesame” vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges. To make matters even worse, exploiting the vulnerability does not involve ANY external code, nor shady system calls, hence making code focused defenses such as Antivirus, Anti-malware and IPS blind to the attack.

Hackers Never Sleep

As technology continues to integrate into every aspect of our lives we can expect new and different vulnerabilities to emerge. Unfortunately, the hacking and cyber-criminal community never sleeps when it comes to identifying and exploiting these vulnerabilities for their profit at your expense.

Konsultek Stands Vigil

That’s where Konsultek comes in. Our custom security solutions are based upon the most advanced architectures and tools available and stand guard 24x7x365 to keep your networks and information secure. If you are looking for a security partner that is constantly innovating and keeping ahead of the curve please give us a call. Konsultek – your vigilant security partner.

If you’re interested in a complimentary Executive Risk Assessment, just pick up the phone and give us a call to schedule your first step towards greater security.

You’ll understand where your most important digital assets are, what the impact and likelihood of an incident is, and how to protect those assets. Why wouldn’t you want to know something about your business you didn’t know for free!

Reporter Trolls the Russian Dark Web and Finds…

Reporter Trolls the Russian Dark Web and Finds…

Dylan Curran, writing for the Guardian, recently published a fascinating look at the world of Russian Dark Web hacking forums.

Knowledge is Power

You may recall that we took a look at dark web forums previously here, here and here. Well, in case you are under the false impression that the dark web has been scrubbed clean or had the bright light of justice shone upon it, you’ll be disappointed to learn that the dark web is not just alive, but thriving!

FreeHacks

Dylan’s deep dive was into just one of the larger hacking forums called FreeHacks which divides itself up into no less than 17 different hacking related sub-forums (granted, one of those sub-forums  is “Humor”) to meet the needs of its 5,000 or so members.

Unlike some of the sites we’ve chronicled in the past, FreeHacks is focused on education and sharing and in this way really highlights the difference in mindset between Russian hackers and those in Western countries.

Collaboration vs. Independence

On FreeHacks information and instruction on a very detailed and granular level are being openly shared for the greater good of the community. This is in contrast to Western hackers who are more apt to keep a lower profile, less openly sharing knowledge and less likely to collaborate with strangers in order to maintain as much anonymity (and competitive advantage?) as possible.

Konsultek Collaborates Too

At Konsultek we understand that the best security solutions come from collaborating with the top firms and brightest minds in the industry. That’s why we’re proud to partner with industry thought leaders at ForeScout, Checkpoint, SentinelOne, Gigamon, IntSIght and more. Are you looking to collaborate with a local leader with a global reach? Look no further! If you’re interested in a complimentary Risk Assessment, just pick up the phone and give us a call to schedule your first step towards greater security.

Understand where your most important digital assets are, what the impact and likelihood of an incident is, and how to protect those assets.

Small Business Better Watch Out!

While large business breaches such as those that have plagued Home Depot, Target and Yahoo grab the headlines, these businesses have the financial resources and resiliency to shake off the attacks and continue to grow.

Sadly, when a commensurate attack occurs at small to medium sized businesses (SMBs) they frequently struggle to survive. In fact, according to the U.S. National Cyber Security Alliance, “60% of small companies are unable to sustain their business more than six months following a cyberattack.” This fact and a host of other related information were the subject of a recent post at Security Magazine. In that post the risks SMBs face and possible basic protective measures they should be taking to avoid becoming part of the 60% of post-breach SMBs that fail were examined.

Smaller Target Easier Access

Since the big breaches grab the headlines you might think that huge multi-nationals are the only businesses being targeted by cyber-criminals. The reality is quite the opposite – a fully 58% of all attacks are on smaller organizations according Verizon’s 2018 Data Breach Investigation Report. SMBs make attractive targets because they often have valuable assets such as intellectual property and personal information on their networks with only minimal security protections in place. In the past we have discussed specifically how medical, law and manufacturing businesses are targeted by cyber-criminals exactly because the effort to reward ratios are attractive.

Konsultek Provides Solutions

Fortunately, making your business a less attractive target is something we excel at. Our holistic approach to security emphasizes prevention, detection and response. From BYOD to NAC to helping you create a security culture in your organization, Konsultek has the resources and expertise you need to keep the barbarians at the gate.

Even if the attack begins from within, our approach will minimize the impact regardless of whether the attack was intentional or by accident. One way we do this is by confining the breach through sophisticated user controls and privileges.

Let us help you become a less attractive target. We are currently offering a complimentary Executive Risk Assessment for you organization. It all begins with a conversation, so please give us a call and let’s work together.

Fortnite Craze Attracts Hackers

Recently, Fortnite has been used as malware bait for gamers who are looking to cheat their way to a win.  TheHackerNews.com informs us that many of these game cheat download links might actually be downloading malware onto the eager-to-win gamer’s computer. The fake Fortnite hacking tools infect personal computers mainly through advertisements on YouTube videos and allow the attackers to modify the victim’s network with a man-in-the-middle strategy.  This gives them the access they need to spread targeted, malicious ads over webpages visited by the user.

Gamers Guide to Staying Safe

  • Only download content from a developer making sure that the source is safe and reputable
  • Use a Mac or IOS software because it doesn’t affect those as of yet. NOTE: this is most likely a temporary solution until the hackers adjust to infect those operating systems as well
  • Beware of Youtube videos promoting Fortnite cheat downloads and avoid them, they might be hiding malware
  • Don’t cheat! J Playing the game honestly to win more of the in-game rewards is obviously the safest way to obtain them and hopefully more fun!

Growing Avenues of Threats

Gamers are an easy target for hackers since winning is difficult without cheat codes. Fortnite is certainly not the first game that has been targeted and will probably not be the last.  The growing online presence of video games combined with the desire of many to win at all costs will make an ever larger portion of gamers more susceptible to devious hackers.  The game cheat vector is really quite similar to email phishing scams that take unsuspecting victims to malware laced websites. The only difference is the bait. Gamers, like email users, need to be prepared, stay safe, and maintain a sense of vigilance in regards to their security.

Safety Under Control

Konsultek excels at the game of preventing, detecting, and responding to data breaches and unauthorized network access. If you are wondering about potential disruptions that your organization could be facing, look no further. We would be happy to assist you with a security assessment and we are always game for a phone call to discuss your cyber security needs.

© Copyright 2018 Konsultek