Category: Cyber attacks

hacking-911-service
Just last month, researchers explained how an attacker can knock the 911 service offline in an entire state by launching automated Distributed Denial of Service (DDoS) attacks using a botnet of just 6000 smartphones. But, doing so, in reality, could not only land public in danger but the attacker as well. The same happened to an 18-year-old teen from Arizona, who was arrested this week following a severe disruption of 911 emergency systems caused due to one of his iOS exploits. Meetkumar Hiteshbhai Desai discovered an iOS vulnerability that could be exploited to manipulate devices, including trigger pop-ups, open email, and abuse phone features, according to a press release from the Cyber Crimes Unit of Maricopa County Sheriff’s Office.

Read more at
http://thehackernews.com/2016/10/hacking-911-service.html

911-emergency-callWhat would it take for hackers to significantly disrupt the US’ 911 emergency call system? It only takes 6,000 Smartphones. Yes, you heard it right! According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the country to knock the 911 service offline in an entire state, and possibly the whole United States, for days. The attacker would only need 6,000 infected smartphones to launch automated Distributed Denial of Service (DDoS) attacks against 911 service in an entire state by placing simultaneous calls from the botnet devices to the emergency numbers. However, as little as 200,000 infected mobile phones could knock the 911 emergency call system offline across the entire US.

Read more at
http://thehackernews.com/2016/09/hacking-911-emegency.html

hack-mysql-databaseTwo critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database. Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB. Golunski further went on to publish details and a proof-of-concept exploit code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB.Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not. The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones.

Read more at
http://thehackernews.com/2016/09/hack-mysql-database.html

fbi-cia-director-hacked-crackas-with-attitudeUS authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group “Crackas With Attitude.” Crackas with Attitude is the group of hackers who allegedly was behind a series of audacious and embarrassing hacks that targeted personal email accounts of senior officials at the CIA, FBI, the White House, Homeland Security Department, and other US federal agencies. Andrew Otto Boggs, 22, of North Wilkesboro, N.C., who allegedly used the handle “INCURSIO,” and Justin Gray Liverman, 24, of Morehead City, who known online as “D3F4ULT,” were arrested on Thursday morning on charges related to their alleged roles in the computer hacking, according to a press release by Department of Justice. A 16-year-old British teenager suspected of being part of the group was arrested in February by the FBI and British police.

Read more at
http://thehackernews.com/2016/09/fbi-cia-hacker-arrested.html

e-Voting

Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared. After Russian state security personnel were accused of hacking the Democratic National Committee, the possibility of outsiders manipulating the American political process became a reality. With the reliance on computers to collect votes, report results, communicate campaign strategies, and coordinate voter registration activities, the electoral process has new vulnerabilities. In addition, rogue countries aren’t the only threats; insiders are also capable of manipulating election results. Here are six ways that elections can be hacked.

Read more at
http://www.darkreading.com/endpoint/6-ways-to-hack-an-election/a/d-id/1326762?

Mikko_HypponenAt some point in the recent past — he is not sure exactly when — F-Secure’s Chief Research Officer Mikko Hypponen coined the term ‘cyber crime unicorn’. His purpose was to highlight the growing professionalism of cyber criminals; and the term caught on. Now he has asked the question seriously: could a ransomware product actually be a criminal tech unicorn; that is, a start-up business valued at more than $1 billion? In a new article his short answer is No; but that’s only because it would be impossible for the founders to cash-out through the traditional IPO route. By most other yardsticks, cyber crime relates favorably to legal business. Consider one of today’s prime businesses, Uber. According to a Thursday report in Bloomberg, Uber is on course to recording a $2 Billion loss this year following a similar loss last year — and yet its latest valuation is $69 billion. Cyber criminals do not make losses.

Read more at
http://www.securityweek.com/f-secures-mikko-hypponen-talks-cyber-crime-and-cyber-unicorns

YORKTOWN HEIGHTS, NEW YORK––IBM has created a computer, called Watson, that will play against the best Jeopardy contestants for three nights, Feb. 14, 15, and 16. The host of Jeopardy, Alex Trebek, rehearses for the upcoming show. (Photo by Carolyn Cole/Los Angeles Times via Getty Images)

IBM and leading universities will train IBM Watson to discover hidden patterns and cyber threats. IBM Security is giving its cloud-based cognitive technology Watson a new assignment: cybersecurity. The new Watson for Cyber Security is now in training at IBM to study the nuances of security research findings in order to more effectively discover patterns and hidden cyberattacks. IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. That information includes 20 years of security research, details on 8 million spam and phishing attacks, and over 100,000 documented vulnerabilities. As part of a year-long research project, IBM this fall will work with eight leading universities and their students to further train Watson on the language of cybersecurity.

Read more at
http://www.darkreading.com/threat-intelligence/ibm-watson-will-help-battle-cyberattacks/d/d-id/1325506?

Secretary of Defense Ash Carter met with Swiss Defense Minister Guy Parmelin in Davos, Switzerland at the World Economic Forum on Jan. 21, 2016.(DoD photo by U.S. Army Sgt. 1st Class Clydell Kinchen) (Released)

The annual World Economic Forum (WEF) in Davos, Switzerland in January drew a powerful cyber-attack, according to Swiss defense minister Guy Parmelin. Swiss newspaper Tages-Anzeiger is reporting that the attack was not successful, but it does indicate a pattern of high-level attempts. Parmelin said that he suspects economic espionage as the reason behind the attack, but added that a nation-state led offensive could be plausible as well. He also said that he suspects the attackers to be of Russian origin—though no official accusations have been made. “Significant events, like the World Economic Forum, serve as a hub for important conversations and attract high-profile visitors from all over the world,” Kaspersky Lab researchers said. “But a high concentration of important people in one place also attracts malicious cyber-attackers, who consider public events a good opportunity to gather intelligence with the help of targeted malware.”

Read more at
http://www.infosecurity-magazine.com/news/swiss-defense-minister-davos-was/

Swift-Software-ExploitedA bug in SWIFT banking software may have been exploited to allow hackers to make off with $81 million from Bangladesh’s central bank in February, according to reports. Investigators at British defense contractor BAE Systems told Reuters that the malware in question, evtdiag.exe, had been designed to change code in SWIFT’s Access Alliance software to tamper with a database recording the bank’s activity over the network. That apparently allowed the attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances – effectively hiding the heist from officials. The malware even interfered with a printer to ensure that paper copies of transfer requests didn’t give the attack away. It’s thought that the malware was part of a multi-layered attack and used on the SWIFT system once Bangladesh Bank admin credentials had been stolen. Although it was written specifically for this attack it could be repurposed for similar attacks in the future, BAE claimed.

Read more at
http://www.infosecurity-magazine.com/news/swift-software-exploited/

Spear Phishing AttackA former employee of the Nuclear Regulatory Commission (NRC) has been sentenced to 18 months in prison after offering to hand over the email addresses of Energy Department employees to a foreign government for use in cyber attacks, and then trying to carry out a spear phishing campaign.

Charles Harvey Eccleston, 62, pleaded guilty in February to one count of “attempted unauthorized access and intentional damage to a protected computer,” after being arrested in the Philippines in 2015, according to the Justice Department.

He first came to the attention of the FBI in 2013 after entering a foreign embassy in Manila and offering to sell a list of over 5,000 e-mail accounts of employees of the agency, which he claimed he could get thanks to his security clearance – despite having being sacked three years earlier.

Read more at
http://www.infosecurity-magazine.com/news/former-us-boffin-18-months-spear/