Cyber security weekly summary 7 - 13 August

The second week of August in the cyberspace was marked by the hack of the Irish energy company EirGrid, the new cyber-spy campaign of the APT28 group and another contribution by WikiLeaks in revealing CIA cyber tools.

In the past week, a cyber attack on the electricity transmission system operator EirGrid, who manages the power grid on the Irish island, was disclosed. During the incident, which occurred in April this year, hackers managed to penetrate the Vodafone network used by EirGrid and then compromise the EirGrid's routers. The unidentified, but, according to Vodafone and Irish National Cyber Security Center, state-sponsored hackers thus gained access to the unencrypted communications in the architecture. At present, the scale of the breach and amount of stolen data is unknown. The EirGrid case was preceded by another attack attempt against local energy industry, aimed at Irish Electricity Supply Board.

On 8 August, DirectDefense experts reported a potential leak of terabytes of confidential data from several top US companies, accusing the cyber security company Carbon Black of sharing corporate files with external entities via the Cb Response anti-virus service. The problem stems from the way Carbon Black analyzes the maliciousness of different files, which it sends to cloud-based malware multi-scanner when it lacks its own information. Data including customer credentials, financial records, network intelligence and other sensitive data is thus available to anyone who is willing to pay for their access. Carbon Black responded to the allegation by saying that disclosing clients' data to third parties is not a mistake but the regular feature of their system, which is turned off by default, and when enabled, the users are warned about third parties data sharing.

Last week, the media reported about a DDoS attack against the Ukrainian Post website on 8 August. Attacks, targeting mainly the service for tracking parcels, lasted for two days. The first DDoS wave, lasting from Monday morning until the evening, afterward continued with more attacks during Tuesday. During the incident, interruptions and slowdowns of the institution's website and services were registered. Over the last few years, Ukraine has been repeatedly facing heavy cyberattacks. The most severe cases included attacks on financial and energy sector and the NotPetya and XData malware infections, generally associated with the Russian Federation. Representatives of local authorities expect more cyber attacks on significant national days.

On 10 August, WikiLeaks, in the continuation of the Vault 7 project, published another material allegedly stolen from the CIA. The document called CouchPotato describes a tool for capturing real-time video streaming from RTSP/H.264 supporting web cams. Their data stream can be stored as video files as well as pictures, and the program is able to identify movement in a video and save only specific parts where activity occurs. Unlike the similar Dumbo tool, described in the previous review, CouchPotato does not require physical access to infect the devices.

On 11 August, the FireEye's security company reported a new case of misuse of the EternalBlue exploit, which is a cyber tool leaked from the NSA and published by the hacker unit Shadow Brokers in April 2017. The exploit was used by the Russian APT28 group to spread within compromised wi-fi networks of multiple companies in the hospitality industry, including hotels in at least seven European states and one Middle Eastern country. The attacks were presumably carried to obtain personal data of VIP hotel guests. The perpetrators contacted hotel guests with a phishing document containing macros to install Gamefish malware as a vector opening the path for the Responder tool, which is based on a technique known as NetBIOS Name Service poisoning, and obtains the victims' usernames and hashed passwords.

About author: Roman Šulc


Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace