Security Briefing 8.29.17
A spate of incidents involving US warships in Asia, including a deadly collision this week off Singapore, has forced the navy to consider whether cyberattackers might be to blame. All modern ships are equipped with state-of-the-art navigation systems that, in theory, could be compromised. The greater theory is that Naval crews may be overstretched and overworked.
Phishing emails related to Hurricane Harvey may land in user inboxes as the now-tropical storm cuts a path of destruction across Texas, the US-CERT warned today. US-CERT is advising users to remain cautious when receiving unsolicited emails with attachments or links purporting to be related to the Hurricane Harvey disaster, which has killed at least five people to date.
Research, called “Shattered Trust: When Replacement Smartphone Components Attack,” by researchers at the Ben-Gurion Univesity of the Negev in Israel raises the possibility that someone with hardware know-how could cause serious harm to a smartphone owner who takes their phone in for repairs or tries to DIY with compromised parts. This would be known as “chip-in-the-middle!”
A few weeks ago, an exploit was demonstrated where researchers hijacked the Controller Area Network (CAN) bus on a car and could use it to enable a Denial of Service (DoS) attack on safety systems including brakes, airbags and power steering. And the news got worse this past week, with word that the flaw – which applies to virtually every modern car, not just a single brand or model – is unfixable. As Bleeping Computer put it, “this flaw is not a vulnerability in the classic meaning of the word … (It) is more of a CAN standard design choice that makes it unpatchable.” To patch it would require “changing how the CAN standard works at its lowest levels”.
Facebook shuts down more than 1m accounts every day because of spam, fraud and hate speech, CNBC reported on Thursday. Alex Stamos, chief security officer, pushed back at an event in San Francisco against suggestions that there were too many false positives among the accounts it shuts. “It’s not just a bunch of white guys” deciding what to take down, he told free-speech advocates.
A collaboration between leading content delivery networks and technology companies—some of them competitors—is in the midst of shutting down the largest botnet of mobile devices ever recorded. The WireX botnet was detected on Aug. 17 after businesses in a number industries, most notably hospitality, porn and gambling, as well as domain registrars, reported signs of substantial distributed denial of service attacks. Google has joined forces with some big names to belay this threat caused by Android malware – already removing 300 offending apps from the store and enhancing its Play Protect service.
Eight members of the National Infrastructure Advisory Council resigned last week, citing inadequate attention by the Trump Administration to address growing cybersecurity threats facing the United States. “The moral infrastructure of our Nation is the foundation on which our physical infrastructure is built. The Administration’s actions undermine that foundation,” read the resignation letter (PDF) first published by NextGov.
Researchers observed a new, albeit small and selective ransomware campaign earlier this month targeting both education and healthcare verticals. The ransomware, dubbed Defray, comes hidden in rigged Microsoft Word document attachments, sent via email. The attacker asks for $5,000 in ransom notes dropped throughout the victim’s machine but as the researchers point out, several email addresses, presumably of the cybercriminal – Igor Glushkov – are included so the victims can either “negotiate a smaller ransom or ask questions.”Researchers said they didn’t get into the specifics of the encryption routine but noticed it encrypts a hardcoded list of file types but doesn’t change the file extension names.
Want to read more? You can go here and do so.