Another missing link in Stuxnet Reveals Earlier Infection Time

Stuxnet, the government malware believed to have been created by a dual-venture of the US and Israel, and the one used to attack the Iran nuclear enrichment facility, is now believed to have an earlier attack link. It is believed now that sometime in 2008 was when the facility may have been in progress of attacks from Stuxnet.

Iran leaders met in Kazakhstan this week to discuss with members of the UN Security Council the nuclear program. The researchers there announced a new variant of the sophisticated Stuxnet cyberweapon.

Some have noted that the US and Israel may have partnered way before doing similar activities to try to take down the nuclear enrichment program in Iran.

The new variant was designed as a different attack vector against the centrifuges for the uranium enrichment program, versus later versions released. This “new variant” was apparently released in 2007. Here we are six years later, knowing the discovery of such variant. This shows that the current versions of Stuxnet were made in 2009, which means this variant now recognized predated the original code that researchers found. Therefore, its first version may have been in 2007. That tells security experts this: Stuxnet was attacking much earlier than previously thought.

Still to make a rebuttal, Iran is awaiting and planning new cyberwarriors, which can construct cyberattacks and cyberterrorism on the US.

Looking in the code of the 2007 version, it was used for Siemens PLCs, which are used in the Iran nuclear enrichment program in Natanz. It was aimed at sabotaging the valves’ operations, by controlling the flow of uranium.

The list of new information goes on. According to Wired Magazine, the new finding, described in a paper released by Symantec on Tuesday (.pdf), resolves a number of longstanding mysteries around a part of the attack code that appeared in the 2009 and 2010 variants of Stuxnet but was incomplete in those variants and had been disabled by the attackers.

DNSChanger Suspect Pleads Guilty; 25 Year Prison Outlook Among Other Issues

One hacker/malware writer of the DNSChanger malware has pleaded guilty. Only two out of the six have been extradited to the US, so far, to be charged. Valeri Aleksejev, one suspect, has now pleaded guilty and is looking at 25 years in prison, with the possibility of having to pay back up to $7M to victims. Deportation is probable as well.

When hackers change DNS settings, they have the ability to lead the victim(s) to other sites through redirects. Redirects can be used for fraudulent purposes, such as boosting affiliate sales, getting search traffic, etc.

The six suspects in this case effectively manipulated this method and other methods, and “were able to manipulate Internet advertising to generate at least $14 million in illicit fees.”

$200M Major Credit Card Fraud, 18 People Charged

Eighteen people have been charged in a major credit card fraud scheme. New Jersey federal prosecutors called the fraud one of the largest credit card fraud schemes ever uncovered by the US Department of Justice. This fraudulent act spanned eight countries, as well as 28 US States.

“The defendants are part of a massive international fraud enterprise involving thousands of false identities, fraudulent identification documents, doctored credit reports and more than $200 million in confirmed losses. Due to the massive scope of the fraud, which involved over 25,000 fraudulent credit cards, loss calculations are ongoing and final confirmed losses may grow substantially,” FBI Special Agent James Simpson said in court records.

The criminals charged used greedy means for the stolen money, buying high-end clothing, automobiles, electronics, etc. As well, they stockpiled some in odd places, like an oven in one case.

More information is still up for grabs in this case, once everyone has made their court appearances. It is unknown what the aim was for the criminals, however, it is no surprise the schemes used were for means to make the criminals more wealthy.

Keep your credit card safe with a couple of different tools:

 

 

ChronoPay Co-Founder Plants Lawsuit on Kaspersky Lab

Co-founder with ChronoPay, Pavel Vrublevsky, has decided to plant a lawsuit on Kaspersky Lab. ChronoPay is a large e-payment system in Russia. The lawsuit arises when Vrublevsky accused Kaspersky Lab of publishing defamatory blog posts about him, because of his ongoing trial. His trial is about cybercrime, as he is allegedly believed to have hired the creator of the Festi spam botnet to launch an attack on one of ChronoPay’s competitors.

Apparently, Vrublevsky is known for past campaigns in pharma-scams and other associated cybercrimes. His trial does not come light.

From what it seems like, this situation is a bit out-of-reach for Kaspersky, only because they were just blogging about news that goes on. If the posts were truly defamatory, what tact would Vrublevsky have on them anyway?

The Damage Swell of Saudi Aramco Attack

The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:

That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.

The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.

Related articles

• How hackers attacked Saudi oil company’s computers (seattletimes.com)
• US Increasingly Convinced Iran Behind Attack On Saudi Aramco (techweekeurope.co.uk)
• Shamoon Virus that Attacked Saudi Aramco is the Most Dangerous to Date (oilprice.com)

DDoS on HSBC, disruption in online banking services

The Hongkong and Shanghai Banking Corporation, also known as HSBC, was the next victim of a distributed denial-of-service attack (DDoS), making it impossible for customers to conduct their Internet banking services.

According to a statement posted on its website:

On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.

This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.

We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.

We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.

We apologise for any inconvenience caused to our customers throughout the world.

The update on its website stated, “HSBC restored all of its websites globally to full accessibility as of 11:00 PM EST time last night. ”

DDoS attacks, conducted by cyber criminals, are a means of controlling a certain number of computers to target a single or group of Internet servers, in attempts to overload them. This in turn, causes the server to shutdown, or discontinue its service until the load wears down.

This is only one of the few latest DDoS attacks on corporations or government entities.

Unknown hackers allegedly steal $400,000 from city of Burlington, Washington

The town of Burlington, Washington fell victim to a recent attack by a band of unknown hackers, stealing $400,000 in the operation. Odds are that taxpayer data was stolen, also.

Burlington officials have warned residents in the city that their private data could have been stolen, and becoming targets for identity theft. A number of billing systems in the town were attacked, notably the online automatic utility billing system, which holds a large amount of resident data. Once these systems were attacked, the band of hackers were able to leak $400,000 out of the city’s funds.

According to Computer World, an alert [that was] issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was compromised following an intrusion into a city utility billing system.

Authorities are still investigating this issue, and will provide updates soon.

Related articles

• Police: Hackers Take $400,000 From Washington City Account (seattle.cbslocal.com)
• Hackers steal $487K from Washington town (kgw.com)

Cyberwar continues, Attacks on Iran infrastructure slows Internet access

Various parts of the Islamic Republic were disrupted yesterday (their Internet access) after hackers attacked Iran’s infrastructure and communications companies. “Yesterday we had a heavy attack against the country’s infrastructure and communications companies which has forced us to limit the Internet,” the secretary of the High Council of Cyberspace, Mehdi Akhavan Behabadi, is said by Reuters as having told the Iranian Labour News Agency about the issues.

Some officials claim that their Internet access in Iran is constantly disrupted by cyberattacks, however, the ones yesterday were the most noticeable. This attack would be one of the largest cyberattacks so far, after several gigabytes of traffic overwhelmed the Iranian infrastructure. This is still widely accusative that the US and Israel could be involved, as a response to the nuclear program developed by Iran.

It is noticed also that the cyberwar is heating up for Iran, and that Iran could be constructing counterattacks, such as the recent one against US banks. All of these concentrated attacks are all part of military plans, which are developing “cyber warriors” or a “cyber army”. As always, news about cyberwar will continue to be on this blog.

 

October is National Cyber Security Awareness Month

NCSAM official image (Department of Homeland Security)

Cyber security awareness is so important, and we’re going to display a few things you should be aware of this month, for you to try to make capable changes to your personal or business security perspective. You will notice some of the information below is linked to different posts here on the blog. This should help you understand each topic better! Please don’t be afraid to use each of the links below to learn more about protecting your system(s).

• Email is one of the biggest attack methods. Since users are still highly dependent on email, it is so critical that email systems get fixed. Spam can be so cunning that it may disguise itself as your friend, someone you trust, or a bank. The main target in these spam attacks is phishing, which will allow an attacker to trick you into doing something or giving away personally identifiable information.The goal is to also download malware on to your computer, which can be used to take control of your computer and steal much more personal information. Some emails may claim to be a legitimate organization sending you an attachment, but it’s purpose is to distributed malware on your computer. It is best to secure email systems against spam. This can be done using a variety of products whether hardware or software. Make sure to secure your system(s) with the latest spam fighting utilities. Also, securing Outlook or Windows Live Mail is beneficial.
• Instant Messaging still seems to be a vector for malware attacks. Just when people drop their guard about IM security, a new band of threats affects users. Most IM attacks come in the form of spam, a message from an apparent trusted friend, or a phishing attempt/scam from a legitimate looking company. A lot of the time, when the message appears from a trusted friend, it usually means that person’s IM account or email account has been hacked and the attacker has mined the email addresses or IM addresses in order to send you these attacks. It is important to have a good Internet Security product that protects against IM attacks along with network defense.
• Exploits are the most common cause of infections on computers these days. Many of the exploits have been caused by out-of-date Java plugins or Adobe Flash Player plugins (or even fake Flash Player), among other types of plugins for your browser. Other exploits come in the form of advertisements that are catered to your interests, by the use of tracking cookies, which when you click on the ads it can lead to a site that will immediately download malware and attempt to take control of your computer.Those are just a couple of examples of why you need Internet Security protection as declared just above in the explanation for IM security. Also, having a second-opinion malware scanner can make sure that things don’t get missed, giving you maximum protection. Working on a defense-in-depth strategy for your computer can be a great way to avoid exploits.
• Downloading and installing untrusted software products is a good way to get infected with viruses, spyware, and other threats and malware. Using tools such as Web-of-Trust for your browsers is a key idea in managing whether a site is safe. Also, reading reviews for the product you are getting ready to download and purchase will help you make an informed decision. It is important to have Total Internet Security protection, as stated above in IM security. Please refer to the “Internet Security product” link for more information on securing your system(s) with protection mechanisms.

There are many more vectors of cyber security problems. It is important to use the methods described above as well to secure your system(s) from attacks from cybercriminals.

Summary of mitigating most attacks:

• Have a good antivirus or internet security product for maximum protection against malware, exploits, etc.
• Have a defense-in-depth PC strategy to help secure your system(s) against malware and exploits, among other threats.
• Keep abreast of the latest malware threats, so you know the seriousness of securing the system(s).
• Having a second-opinion malware scanner is not a bad idea to help secure even further against malware and exploits.
• Watch out for fake bank emails, so you can keep your financial information very safe!!
• Avoid digital disasters by backing up your data on to an external drive, CD/DVD, etc. Using a backup solution can mitigate this problem (especially for businesses).
• Always maintain a good password on any online account, especially social networks and banks!

Senator blames Iran for attacks against US banks

US Senator Joe Lieberman blamed Iran for the attacks against US banks last Friday, with thoughts that Iran did so out of revenge for the Stuxnet case. The victims of last week’s attacks included Bank of America and JPMorgan Chase. Although not attacked, speculation is that CitiGroup has been a target over the past year. All of these denial of service campaigns seemed to have begun in late 2011.

In C-SPAN’s taping of “Newsmakers,” Lieberman labeled the recent DDoS attacks against the banks a “powerful example of our vulnerability”.

Now, from the perspective of Lieberman, it makes sense to make such claims. When we reported in June about a potential US and Israeli connection for malwares like Flame and Stuxnet, labeled “Operation Olympic Games”, we saw the counterattack that continued cyberwarfare between Iran and the US (as well as other countries). This could be just one of possibly many counterattacks from Iran, and it’s going to be quite dangerous to companies that are vulnerable to cyberattack.

Cyberattacks will continue with DDoS and other hacks, and it could target almost any major organization around the world. The main idea is to craft the correct cybersecurity strategies, and be aware of any attack vectors (like if there are too many people trying to hack in to the networks). It’s important to learn from issues like this, and be able to adapt the latest strategies for businesses. Which means: If you don’t have a director for information security at your major company, it’s about time to get one and soon!

Keep all of your devices FULLY safe from hackers: