Cyber security weekly summary 19 - 25 June

The users of popular messaging service Skype from were dealing with severe breakdowns which started on Monday 19 June at 19:01 GMT. The incident affected multiple European countries, as well as Japan, Singapore, India, Pakistan and South Africa. Microsoft which acknowledged the situation didn't elaborate on its cause further, but a hacking group CyberTeam claimed responsibility for the outages with the hint, that its next target will be the digital gaming platform Steam. According to the experts, if the service disruptions were indeed caused by the hackers, the most probable attack method was a DDoS.

As security firm UpGuard on June 12 revealed, that due to a security settings misconfiguration, personal information of almost 200 million registered U.S. voters was accidentally exposed online. The owner of the database - firm called Deep Root Analytics has been storing it on an Amazon S3 server which was easily accessible. for everyone who would navigate to a six-character Amazon subdomain: “dra-dw”. Even though the information (names, addresses, party affiliation, and other) was mostly publicly accessible anyway, such amount of completed records posed a risk of misuse by cyber criminals. The concerned data was made unavailable the night of June 14th.

As the British media reported on July 23, security credentials belonging to thousands of government officials, including 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff, have been sold and traded on Russian-speaking hacking sites. The majority of the passwords have reportedly been compromised in a 2012 hack of the business social network LinkedIn. At the time the concerned LinkedIn users were warned to change their passwords to prevent their exploitation.

On June 22 the WikiLeaks published details about next item from the toolset of the American CIA, called Brutal Kangaroo which serves as a mean of extracting information from the air-gapped systems. The set consists of several parts including its basic module Drifting deadline which distributes malware Shadow. The infection starts on a computer with internet connection and further spreads via flash discs to air-gapped systems where proliferates itself to other machines. Brutal Kangaroo supports extracting of obtained data by connected flash drives or (when detected) by open internet connection.

The Washington Post Journal reported on June 23 about a new form of the American response to Russian cyber attacks, which was authorized by Obama's administrative. These encompass cyber implants designed to hit Russian networks considered as “important to the adversary and that would cause them pain and discomfort if they were disrupted,”. The implants would be distantly activated in cases like Russian meddling with American presidential vote or attack on U.S. critical infrastructure. Said measures which are only in the initial realization phase should be automatically valid during current presidential administration unless Donald Trump says otherwise.

A month after a global outburst of ransomware WannaCry, new attacks of this malware are still registered. One of the recent victims is Honda Motor Company which was forced to halt the production in one of its Japan-based factories for more than 24 hours after finding the WannaCry infections in its computer networks. Another WannaCry attack led to the infection of dozens of traffic cameras in Australian Victoria.

Aside from the continuous WannaCry campaign, another major case of ransomware was registered. On June 10, Linux based systems of South Korea-based web hosting company NAYANA were attacked by virus Erebos, which affected the websites, database and multimedia files of around 3,400 its clients. Under the circumstances, NAYANA representatives decided to pay the ransom.

Apart from new types of ransomware older representatives of this malware family are also active. The case in point being updated version of ransomware Locky which is targeting computers on platform Windows XP. The malware is distributed via botnet known as Necurs, at the expense of similar cyber tool Jaff, which encryption has been cracked by Kaspersky Lab.

About author: Roman Šulc

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace