Tag Archive | hackers

Mandiant is investigating hacks in efforts to better their research

Mandiant, the company behind the big research report we talked about on APT1, is now asking for people to talk about their hacking episodes they’ve been affected with. They’re trying to be the go-to investigators, it seems, for the Fortune 1000.

When trying for importance, first of all, let your work speak for yourself instead of trying so hard and stating your intents. Anyway, back on topic…When the New York Times was hacked back in late 2012, phone calls were made to Mandiant. When Mandiant investigated this issue, reports were shown that the hacks were coming from a hidden firm in the Chinese military, called APT1.

Chinese Defense Building

Sketch of the 12-Story Shanghai-based defense headquarters of unit 61398.

A 60-page report (PDF), which was created by Mandiant, detailed the issues behind cyber-espionage group APT1.  The New York Times detailed all about APT1 as well (which summarized some info in the 60-pg. report), and by rights done so out of anger/reply against the crime group.

One of the surprising aspects of the report, is that APT1 practiced spearphishing attacks on the NYT, but what were they targeting? A big organization with big media possibilities. That’s the point in spearphishing.

Mandiant’s data forensic capabilities are stepping it up, and now they want to know about your hacks that have been experienced. They’re looking to investigate more of the issues behind some of the hacks. They want to target the organizations, whomever they are, that are behind these small-to-large scale attacks.

Check out this video from Mandiant:

Some of Mandiant’s operations can be read on their annual report.

This proves that the investigations are continuing in trial for the cyberwars that are going on around the world. It’s still continuing, and even stepped up in some means.

Feel free to comment on this story below.

Near 50 Million Passwords Reset in Evernote Infraction

The hugely popular note-taking app/service Evernote, has been hacked. The company posted an advisory stating some 50 million users (which is about how many the service has) could have been compromised in their accounts. It informed them that usernames, email addresses, and encrypted passwords were stolen.

The investigation is still ongoing on how exactly the hackers gained administrative entry to the site. However, Evernote has told reporters that suspicious activity seemed to have been noticed first on Feb. 28.

Apparently, no payment details or other identity information was stolen, and it seems like the passwords were indeed encrypted, which is good.

It seems Evernote has responded quickly to this incident, and it does seem a bit isolated compared to other recent incidents of this scale.

 

Learn how you can protect your computer for a lifetime low cost of $24.95.

Passwords are Losing Trust; Hello Fingerprints, Hashes, Unique Codes

One of the biggest vulnerabilities in computer security is the password. Let’s face it. Something’s got to give! What exactly will it take to authenticate somebody with their own personal information or data without being discovered or hacked?

There are many companies attempting to implement new changes in the way that users authenticate themselves. The best example is Google’s 2-step authentication. This system allows a user to log into their Google account like normal when they access it on their common browser/app…however, whenever they log in elsewhere, it requires an access code specialized for that given with a name.

Google has come up with other ideas such as having a smartcard embedded finger ring or using a smartphone to authorize a new device/computer to add to your account.

More companies are attempting hardware-based authentication. Most companies attempting such measures only have prototypes, and are awaiting the ability to beta the use. Most of these types of measures are called security or hardware tokens.

A pin or password is usually needed for devices…right? However, depending on the type of device will show what other forms of authentication are needed in addition to that. For example, a one-time password may be in order, similar to the Google access code as a second step in authentication, which would be too hard to hack. Others would take a challenge code, which would prove that your a human in public, instead of a hacker/robot on a different network trying to hack.

Many networking authentication proposals for authentication would only allow a certain unique IP address to access the login section or be able to enter a password. Some require a smart card or fingerprint. All of these are good ways to help authentication become more physical and legitimate.

Proving possession is everything in the computer security world now, but this type of authentication has been proposed for around ten years, at least. It’s time tpo get serious about authentication, and develop better solutions. This is the call to action.

How Hackers Find Attack Targets (mini-whitepaper)

Hackers are always searching for ways to target and dismantle security. But, the questions do indeed continue about how hackers find a way in, how they exploit vulnerabilities, and ways to do this dismantling. What is the main answer? Research!

There are many different things that hackers do that gives them the wide open door into vulnerabilities:

  • Hackers study their target well in advance of actual hacking. They do their homework, and figure out how strong the target is, how to exploit the vulnerability, method of attack, backup plan, and anonymity.
  • Hackers commonly use search queries through search engines to create a map of the target’s vulnerabilities. Many different items can be for display when creating a map, such as server statistics (downtime/uptime), platform usage, coding languages, and other miscellaneous unspecific information.
  • The map is configured carefully to build a complete intelligence database (which can be shared for high fees across the hacker community). It compiles a lot of information not only through research as explained above, but also uses government databases, financial filings, court records, etc. Who would’ve thought to check for stuff like that?
  • The hacker’s main purpose after doing the research is to identify any security and technology officers on staff at the company. The hackers needs to know the security architect, how powerful they are, some of the recent meetings, new plans, etc. The hacker reads how the roadmap is for the officer, and whether the time to attack is good soon, or whether the hacking should be held off. (Not really a lot of time to decide, to be honest)
  • The last stage of research before the planning of the attack, the hacker looks for business partners, trusted or strategic customers, suppliers, etc. that are used by the target. It may be easier, sometimes, to attack a smaller business partner than the actual target, some have argued. But, this information is dependent on the information gathered in the search engines and other info.
  • Once this is all compiled, all of the information offers a list of likely points within the target to attack.
  • The attack is usually staged, literally, in efforts to find the target point, nailing it at the right time, and exiting without being caught. This is in hopes of securing the vulnerability exploit well, and knowing the best route to escape.
  • The hacker attacks when ready, and the operation is complete soon after. The idea or methodology for a hacker is to “push in, pull out” or like Facebook would say “Move fast, break things”. What a philosophy!

There is little that can be done, when you have a public company, and all the information on the company is widely available. People will do their research. You can reduce the significance of the threats of hackers by conducting the same research yourself, setting up your own map, and conducting competitive counter-intelligence. This can be a difficult things to learn.

It’s best to take necessary operations to ensure that if a hacker comes nearby, to always be ready using the following methods (some may not apply to your business):

  1. Secure all servers with adequate security protection. Through good amounts of searching on search engines, you can find a wealth of free tips and more whitepapers on good server security. Simply searching for “server security” will result in a lot of good results. Also, it’s good to look for SQL Security, which is a very good, invaluable resource.
  2. Encrypt passwords incoming to your server! When people enter passwords in to your website (for accounts and logins), make sure they get encrypted. If the passwords are being sent in plaintext form, this can make the passwords easy to read while in transmission to the server from the user’s browser.
  3. Always have good passwords at your end. Everyone should have a very good password. It’s best to have a password consisting of at least 8 total characters in the form of at least one capital letter, one small letter, one number, and one symbol. This is the best way, and the only other way to prevent it from being hacked easily. There is no longer 100% protection from your password being stolen. Some of the best passwords can be stolen easily. But, at least having a very good password will protect you while other security methods can be implemented (fingerprint scanners, voice activation, unique ID codes, etc.).
  4. Encourage your users to have good passwords, by forcing them to use the characteristics described above for their password.
  5. Have weekly meetings with your staff about how best to implement security policy, some of the latest threats, the analytics behind your network (server uptime/downtime, security breaches, etc.), and future plans to implement policies.

By following all these simple steps, your company can become widely aware of hackers and be able to implement good security policy that will save a lot of time and money!

Saudi Aramco Incident Investigated Much Closer

We reported back in October about the damage swell of Saudi Aramco, Saudi Arabia’s oil company, which fell victim to a cyberattack. Some new details have been revealed by a few investigating/reporting organizations…

The New York Times reported the following yesterday:

The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production, but was one of the most destructive hacker strikes against a single business.

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, said on Al Ekhbariya television. It was Aramco’s first comments on the apparent aim of the attack.

Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying that their motives were political and that the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet been published.

The “Cutting Sword of Justice” made a post on PasteBin.com about taking credit for the attack.

We explained previously that most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. However, renewed thoughts of Aramco are showing the want by hackers to stop the flow of production. Good thing it got sorted out.

Cyberwar continues, Attacks on Iran infrastructure slows Internet access

Various parts of the Islamic Republic were disrupted yesterday (their Internet access) after hackers attacked Iran’s infrastructure and communications companies. “Yesterday we had a heavy attack against the country’s infrastructure and communications companies which has forced us to limit the Internet,” the secretary of the High Council of Cyberspace, Mehdi Akhavan Behabadi, is said by Reuters as having told the Iranian Labour News Agency about the issues.

Some officials claim that their Internet access in Iran is constantly disrupted by cyberattacks, however, the ones yesterday were the most noticeable. This attack would be one of the largest cyberattacks so far, after several gigabytes of traffic overwhelmed the Iranian infrastructure. This is still widely accusative that the US and Israel could be involved, as a response to the nuclear program developed by Iran.

It is noticed also that the cyberwar is heating up for Iran, and that Iran could be constructing counterattacks, such as the recent one against US banks. All of these concentrated attacks are all part of military plans, which are developing “cyber warriors” or a “cyber army”. As always, news about cyberwar will continue to be on this blog.

 

Windows 8 Security Features Explained (mini-whitepaper)

Windows 8 is apparently more secure than Windows 7. Perhaps this is true, and it is best to learn what security features there are for the new operating system. Some of these security features are verified to help out very well in the security of Windows 8, and some may not be in time, or lastly some may not work at all.

One of the most discussed security features is Secure Boot. Now, Secure Boot is a Unified Extensible Firmware Interface (UEFI) specified in the boot process to check cryptographic signatures of kernel-mode drivers, making sure they aren’t modified or corrupted. In other words, the boot process is now made to check if the operating system has been corrupted by malware or some other issue.

This is all part of a hardware restriction process called Hardware DRM. All non-ARM devices have the option to turn Secure Boot off, however ARM devices must keep it on. Experts state that it will be resistant to rootkits, since the MBR and BIOS cannot be accessed, unless if someone working on the computer penetrates it.

Next, Windows 8 features better built in antivirus software, with a much better improved Windows Defender. The software in Windows 8 is combined with the optional tool Microsoft Security Essentials. Now, with Windows Defender super-powered with MSE, it has much more anti-malware features.

With better anti-malware features, Internet Explorer is now made with better features as well. It has the ability to prevent zero-day exploits much greater than previous versions of Internet Explorer. With the challenges of exploiting Windows 7, there was the issue risen up again for Java and Flash Player, so hackers can gain control over the operating system. Those browser plugins are now easier to exploit than the Internet Explorer’s code.

A new application sandboxing environment called AppContainer provides the ability to run all apps in a controlled environment, where it controls how apps work. This prevents apps from disrupting the operating system. Of course, this is just supplemented by Internet Explorer’s SmartScreen filter, which prevents the download/install of known malicious software. However, Windows 8 now has SmartScreen available for any app, allowing even more prevention. Of course, this means Microsoft employees are going to increase in numbers, if they really want to keep up. Now that hackers know their new challenges, they will be relentless.

The questions are still played on whether Windows 8 will be a repeat of Vista or not. The reality of the situation, is if Windows 8 has big popularity, then the security issues will also light up big time. However, many will stick to Windows 7, so the security issues for Windows users are not close to be over. Feel free to take a look at related articles below for Symantec’s opinions, which aren’t too well on the new OS.

Added October 31, 2012: Trusted Platform Module, read more

Keep up with the latest security tips on our blog here. In addition, please donate to help us continue to write these awesome whitepapers.

%d bloggers like this: