Categories


Authors

BTH News 18July2020

BTH News 18July2020

This Week In Cybersecurity

This week on Between the Hacks, hacked Twitter accounts used in a bitcoin scam, a critical Windows server vulnerability, the UK proposed IoT security standards, the Internet goes down on Friday and a riveting book about how wormable malware created an enormous botnet.


Twitter

Twitter accounts for some very recognizable global figures were compromised on Wednesday and used to post a bitcoin scam. The scammers gained access to the accounts of Joe Biden, President Barak Obama, Jeff Bezos, Elon Musk, Kim Kardashian West, Bill Gates, Michael Bloomberg, Warren Buffet and other wealthy and well-known figures.

The scammers tweeted the following message to Jeff Bezos’ account:

“I have decided to give back to my community. All Bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $50,000,000.” This message was followed by the scammer’s bitcoin address.

While this seems like an obvious scam, the bitcoin wallet has received more than 12 bitcoin, worth over $180,000. To minimize the success of the scammers, “Coinbase Inc., the largest U.S. crypto exchange, has begun blocking its users’ payments sent to the hackers’ accounts” reports Bloomberg.

On Thursday, Twitter Support wrote, “Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”

Brian Krebs wrote a very informative article that reveals information about who was behind the “Epic Twitter Hack.” The New York Times also wrote an informative article about the scammers and how this attack was executed.

“The hack has sparked criticism of Twitter's security policies, as well as an investigation by New York Attorney General Letitia James. The FBI has also begun a federal inquiry into the hack” reports CBS News.


Image from Checkpoint Research

SIGRed: A 17 Year-old Critical Windows DNS Vulnerability

A critical vulnerability in the Windows DNS server was disclosed on Tuesday by Check Point Research. The vulnerability, code named SIGRed (CVE-2020-1350) is, “a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure” states the report. This attack could also be used to poison an organization’s DNS to execute a pharming attack.

As Windows server users around the world rush to install patches, the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency directive giving government agencies just 24 hours to update Windows Server or apply other mitigations, according to Forbes.

If you are running a Windows server that is configured as a DNS server, be sure to install the Windows patch as soon as possible.


UK IoT Regulations

Internet of Things (IoT) devices are the fastest growing and arguably the riskiest part of the Internet. For years, cybersecurity professionals have been working hard to find ways to mitigate this risk and create standards for IoT companies to follow that will ensure that cybersecurity is built into all of those connected “things.”

This week, the UK government took a first step in making that happen. “The UK Government Department for Digital, Culture, Media and Sport (DCMS) has published proposals for a new law designed to protect purchasers of so-called “smart devices” from cybercriminals.” reports Bitdefender.

The proposal outlines three requirements that IoT manufacturers must follow and documents the potential penalties if those requirements are not met.

The requirements are simple but greatly needed as many IoT devices connected to the Internet today, are not compliant.

  1. Ban universal default passwords in consumer smart products

  2. Implement a means to manage reports of vulnerabilities

  3. Provide transparency on for how long, at a minimum, the product will receive security updates


cloudflareOutage.png

Mom, The Internet is down!

If you found yourself cursing your ISP late yesterday afternoon because the Internet was down, you may owe them an apology. At 5:12 pm ET yesterday, many Internet sites went down, including Discord, Patreon, Feedly, Medium, and Shopify.

What happened? Cloudflare, the company that protects websites from cyberattacks (including Between The Hacks) had an outage that lasted 27 minutes. In a blog post yesterday, Cloudflare CTO John Graham-Cumming stated, “this was not caused by an attack or breach of any kind.” Rather, it was a manual configuration error, “that caused all traffic across our backbone to be sent to Atlanta. This quickly overwhelmed the Atlanta router and caused Cloudflare network locations connected to the backbone to fail.”

Cloudflare apologized for the outage and stated that they have made changes that will prevent this from happening again.


Tip of the Week

Worm: The First Digital World War

Whether you are a lover of tech or just someone who loves a riveting story, Worm: The First Digital World War is a book you’ll want to read.

Author, Mark Bowden is the bestselling author of Black Hawk Down and he will keep you on the edge of your seat as he tells the story of how the Conficker worm infected millions of computers around the world to create an enormous botnet, and how a small group of people fought to stop it in an ongoing battle of minds and technology.

“The Conficker worm infected its first computer in November 2008 and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks (including the British Parliament and the French and German military) were infected. No one had ever seen anything like it. By January 2009 the worm lay hidden in at least eight million computers and the botnet of linked computers that it had created was big enough that an attack might crash the world.” - Book Summary


Picture of the Week

netmask.jpg
BTH News 26July2020

BTH News 26July2020

Pharming

Pharming