On May 2, 2018 we reported that two ethical hackers had discovered a number of vulnerabilities in certain Audi and Volkswagen cars. Now it’s been reported by Auto Express that a group of white hat Chinese hackers have discovered a slew of vulnerabilities in late model BMWs.

BMW Recognizes and Appreciates the Contribution

Rather than being defensive or dismissive over the vulnerability revelation BMW has rewarded the group responsible for uncovering the flaws.  According to Auto Express, BMW awarded Tencent Keen Security the “BMW Group Digitalization and IT Research award”. Furthermore, BMW was so impressed with the firm’s work that the two are now “discussing options for joint in-depth research and development activities.”

14 Flaws Uncovered

As is often the case, the vehicle infotainment centers were at, well the “center” of the vulnerabilities.  In all, 14 vulnerabilities were identified. Here’s how they broke down:

  • Infotainment System – 8 Vulnerabilities
  • Telematics Units – 4 Vulnerabilities
  • On-board Diagnostics Gateway – 2

It should be noted that while 9 of these vulnerabilities required a physical connection to the vehicle, 5 did not, leading Tencent Keen Security Lab to remark:

“these attack chains could be utilized by skilled attackers at a very low cost” and “they would allow hackers to “trigger or control car functions over a wide-range distance”

Konsultek’s Take

Our take away from this? Information security is becoming more important in virtually every aspect of our lives. Automobiles included. Once a vehicle’s infotainment system is breached, any connected devices such as smartphones are instantly made more vulnerable. Ubiquitous BYOD policies then place networks at risk.

As we have chronicled before, “smart” objects ranging from medical instruments, to HVAC systems to manufacturing equipment all present potential entry points to your network.

That is why one of the first things we do when developing a custom security solution is audit the network to determine what has access and to what degree. The best technology, ill-applied does no good.  Let’s get the process right together. Give us a call and let’s begin a security dialogue.

 

read more

Back in February of this year we covered the hacking of Batavia, Illinois’ municipal workers personal information. In that case municipal worker W-2s were pilfered through a well-crafted spear phishing attack.

Well, this week govtech.com published a story chronicling the woes of Riverside, OH, a small town near Dayton that has been the target of multiple cyber-attacks, some reported as “ransomware” which have resulted in the loss public records.

Computer Virus cripples Riverside Police & Fire Server

Earlier in April of this year a server for the Riverside Police and Fire departments was hit with a virus that denied access to approximately 1 years’ worth of records. The entry vector for that attack appears to have been an email fax.

Secret Service Involved

According the report on govtech.com, U.S. Secret Service agents are investigating the latest attack on Riverside’s computer server. Since the attack investigation is still active the Secret Service is abstaining from discussing the details of the attack and their response.

Data Loss Personal Information Not Released

In the latest attack approximately 8 hours of police and fire reports were lost. Fortunately, most of this data was either backed up on other servers or existed in hard copy form. While police and fire reports often contain personal information there is no indication that personal information was disseminated during the attack.

Atlanta, Rockport, Davidson…

Riverside and Batavia are just two of the many municipalities attacked of late. One of the largest and most costly attacks has been the March, 22 2018 ransomware attack on Atlanta.

That attack locked down 6 separate systems, each held “ransom” for 0.8 bitcoins or approximately $50,000 if a master key was purchased. Atlanta, DHS and the FBI concluded that the ransom should not be paid and according to a report on wsbtv.com the resulting repairs and recovery will cost the city an estimated $2.7 million dollars.

Konsultek Knows Security

Municipalities large and small are being targeted with increasing frequency indicating that cyber-criminals see an opportunity that is ripe for the picking. If your municipal systems haven’t had a security checkup by an independent 3rd party in the last 12 months you might consider contacting Konsultek to learn about our vulnerability assessments. When it comes to security, an ounce of prevention is certainly worth far more than a pound of cure.

 

read more

Two ethical hackers, Daan Keuper and Thijs Alkemade have shown that it has been possible for hackers to break into 2015 Volkswagen GOLF GTE and 2015 Audi A3 Sportback e-tron. This according to a post on CarComplaints.com.

The remote hacking was made possible through the Harman infotainment systems included in the cars.

They Know Where You Are

Once the vehicle’s internal systems were accessed the two researchers showed it was possible to know where the vehicles were and then remotely follow them.

They Are Listening

Beyond just tracking your location, Keuper and Alkemade were also able to listen to conversations, access the address book and conversation history.

Volkswagen verified the findings and allegedly fixed the security flaws by updating the infotainment systems so that new vehicles won’t have the same flaws. However, security researchers responded to the fix by saying,

“…it seems that cars which have been produced before are not automatically updated when being serviced at a dealer, thus are still vulnerable to the described attack.”

Researchers say the only way older models could be updated is with dealers or consumers performing the updates since the Harman systems that were hacked are not capable of remote security updates.

They Could Have Done More

The researchers believe that they could have gone further, potentially taking control of portions of the automobiles engine, transmission and braking systems but stopped their research where they did due to legal and safety concerns.

Reminiscent of JEEP Vulnerabilities

Back in September, 2015 and then again in March, 2016 we discussed the vulnerabilities of the Jeep Grand Cherokee that were uncovered by researchers who also gained entry into vehicle systems through their infotainment systems.

Konsultek’s Take

Our take away from this? Information security is becoming more important in virtually every aspect of our lives. As we have chronicled before, “smart” objects ranging from medical instruments, to HVAC systems to manufacturing equipment all present potential entry points to your network.

That is why one of the first things we do when developing a custom security solution is audit the network to determine what has access and to what degree. The best technology, ill-applied does no good.  Let’s get the process right together. Give us a call and let’s begin a security dialogue.

 

read more

According to krebsonsecurity.com typo-squatting (dot)cm urls has apparently become a big business in 2018 for self-proclaimed “spam king” and one time convicted felon Scott Richter.

Research conducted by Matthew Chambers of Secure Works in Atlanta found that 1000s of the .cm domains participating in this new approach to spam were all part of a vast network empire all owned by Media Breakaway, LLC, headed by Mr. Richter. It seems that Media Breakaway in turn leases this massive network to folks that, surprise, don’t have the end user’s best interests at heart.

How it Works

When fast but flawed typers accidentally enter Espn[dot]cm or more than a thousand so-called “typosquatting” domains hosted on the same Internet address including aetna[dot]cm, aol[dot]cm, box[dot]cm, chase[dot]cm, citicards[dot]cm, costco[dot]cm, facebook[dot]cm, geico[dot]cm, hulu[dot]cm, itunes[dot]cm, pnc[dot]cm, slate[dot]cm, suntrust[dot]cm, turbotax[dot]cm, and walmart[dot]cm they are (currently but subject to change) directed to one of two sites antistrophebail[dot]com or chillcardiac[dot]com offering amazing deals, free gifts etc. for completing a short survey.

Trying to Hide from Researchers

As Matthew Chambers points out:

“One thing we notice is that any links generated off these domains tend to only work one time, if you try to revisit it’s a 404,” Chambers wrote, referring to the standard 404 message displayed in the browser when a Web page is not found. “The file is deleted to prevent researchers from trying to grab it, or automatic scanners from downloading it. Also, some of the exploit code on these sites will randomly vaporize, and they will have no code on them, but were just being weaponized in campaigns. It could be the user agent, or some other factor, but they definitely go dormant for periods of time.”

Enormous Amounts of Traffic

With a recorded 12 million visitors in the first quarter of 2018 this network is getting gobs of traffic for Media Breakaway and their customers. Given the creativity of the cybercriminal world there is a tremendous monetization potential held within this network. Ransomware, root kits, and password stealing key loggers could all be delivered from the bogus sites directly or from a redirect.

Konsultek’s Holistic Approach

If you’ve spent any time on this blog or attended one of our events you know that we take network and information security seriously.  That’s why when we develop our custom solutions for clients Palo Alto’s prevention expertise is more likely than not going to be part of that solution when applicable.  However, we also believe in the power of detect and respond so you can be certain that technologies from ForeScout, FireEye, Firemon and others are going to be part of your solution as well.

 

read more

Stay Secure on Spring Break!

On March 15th, 2018, posted in: Hackers by konweb

Spring break is in the air. In March millions of people (perhaps you?) will be taking to the road and sky to beat the cold and have some fun. Unfortunately the always present cyber-criminal element is also aware of this annual migration and ready to take full advantage of it.

Don’t Let Your Guard Down

As NBC reports, it is all too easy for hackers to set up fake wifi networks that will allow them to siphon off passwords, credit cards and other personal information from unsuspecting vacationers.

 

The Takeaway? Have fun, enjoy the warmth but think twice before you connect to a public WiFi network unless you have verified its trust.

read more

Cisco’s Annual Cyber Security Report was released today and as always it is filled with interesting insights about both sides of the cyber security battle.

Insights into Hackers and Attackers

1. Adversaries are taking malware to unprecedented levels of sophistication and impact.

Malware, especially self-propogating “worm” malware such as WannaCry and Petya played a pivotal role in some of the biggest attacks and infections of 2017.

2. Adversaries are becoming more adept at evasion— and weaponizing cloud services and other technology used for legitimate purposes.

One trend is the use of encryption by hackers to protect themselves from detection, especially C2 types of activities.

3. Adversaries are exploiting undefended gaps in security, many of which stem from the expanding Internet of Things (IoT) and use of cloud services.

Defenders are deploying IoT devices at a rapid pace but often pay scant attention to the security of these systems.

Insights into Security Defenders

1. Budgets are perceived to be relatively stable, growing and appropriate.

2. Breaches appear to be the biggest driver of future investments and improvements in technology and process.

3. The use of outsourcing is growing as a means of dealing with security threats, especially in the areas of monitoring and incident response.

Konsultek’s Take

Cisco’s report is well written, easy to read and full of valuable insights. Many of these insights such as the growing reliance on outsourcing correlate closely with our own findings. As a pioneer in outsourced security solutions we too have seen strong growth in both the variety and volume of services our clients outsource to us.

Managed services are a cost effective way to improve security efficacy as well as scale security solutions in a growing organization. If either of these are of interest to you and your organization please give us a call to set up an introductory meeting.

 

read more

You could say that Mordechai Guri, director of the Cybersecurity Research Center at Israel’s Ben Gurion University, is obsessed with the “air gap”. His obsession, as described in depth in a fascinating Wired.com article has resulted in some of the most arcane ways to beat the “air gap” ever devised.

Connectivity Beyond Wires and WiFi

One of the best ways to secure sensitive data is to have it stored on machines that are isolated from the network and Internet by both wire and WiFi, or so called “air gapped”. Makes sense, right? If your machine is not connected to the outside world it should be impossible to breach from the outside world.

Want to take your security a step further? Place your machine in a secured metal clad room or Faraday pouch to prevent the transmission of electrical signals.

Still Not Enough

What Mordechai has proven is that a hacker who is determined and skilled enough can overcome virtually any isolation if given enough time and resources.

Here is a list of some of his most creative ways to extract data to date:

  • Altering the noise the machine’s internal fan generates
  • by changing air temperatures in patterns that the receiving computer can detect with thermal sensors
  • by blinking out a stream of information from a computer hard drive LED to the camera on a quadcopter drone hovering outside a nearby window.

And a Couple of Videos Showing the Techniques in Action

 

The Saving Grace

The one saving grace and defense to most of these techniques is that they rely upon the system having been previously compromised with malware. The malware itself would likely have been injected via a corrupted USB drive – think Stuxnet. Still, fascinating research and a great reminder that the concepts of security need to constantly be challenged.

 

 

read more

Jackpotting Hits ATMs in the USA

On January 31st, 2018, posted in: Hackers, Jackpotting by konweb

ATM “jackpotting” the practice of hacking an ATM and causing it to dispense large amounts of cash all at once is beginning to flourish in the United States according to an Secret Service press release issued on January 26th.

According to the Secret Service

“ATM jackpotting is a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that force the machines to dispense huge volumes of cash on demand. To execute a jackpotting attack, perpetrators must gain physical access to the cash machine and install malware, or specialized electronics, or a combination of both to control the operations of the ATM.

Criminals have been able to find vulnerabilities in financial institutions that operate ATM’s, primarily ATM’s that are stand-alone. The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs. Criminals range from individual suspects to large organized groups, from local criminals to international organized crime syndicates.”

Ploutus.D PLUS Surgery Delivers the Cash

According to a Global Security Alert distributed by Diebold-Nixdorf and uploaded to KrebsonSecurity.com thieves in Mexico have been using a variant of the well known Ploutus ATM malware known as Ploutus.D. What’s new is the novel approach thieves have taken to inject the malware.

“In order to initiate the dispenser communication additionally a dedicated button inside the safe needs to be pressed and held. With the help of an extension, which is inserted into existing gaps next to the presenter, the button is depressed. According to customer CCTV footage the criminals use an industrial endoscope to achieve this.”

Source: gadgetsforgeeks.com.au

CyberCrime Follows the Money

Jackpotting ATMs has to be the most straight forward example of cybercrime chasing the money. When your organization is targeted, the motive and attack vector will likely be more discreet. Criminals may decide to steal your trade secrets or personal information or perhaps infect your systems with ransomware. Frankly, you’ll never know until it is too late. That is where Konsultek comes in. For well north of two decades we have been designing and implementing robust, holistic security solutions for organizations small to large across a variety of market verticals. From education to finance to manufacturing we have the expertise to develop the solutions your organization needs. Pick up the phone and schedule an appointment to learn more.

 

read more

Why Hackers Hack

On January 24th, 2018, posted in: Cyber Attacks, Hackers by konweb

Through the years we’ve posted a number of times on the subject of hackers and their motivations. This infographic courtesy of Raconteur provides an interesting look at hackers and their motivations as a function of industry, pattern and motive. Click on the image to view in full size.

Image Courtesy of Raconteur

Konsultek Knows Security

If there is one thing you can count on, so long as there is information you are trying to secure there will be hackers. Some will be motivated by idealism, some by the challenge and some by the money to be made. That’s where we come in. No matter your organization size or focus, Konsultek can develop a customized, robust security solution that fits your needs and budget. Call us to learn more about how we can help you secure your future.

read more

On Tuesday Kaspersky announced that it had uncovered the most advanced and sophisticated Android spyware to date. So far it appears to only be accessible to organizations in the “lawful intercept” market and for the moment is confined to Italy. So, no need to worry, right? I mean, when has a helpful tool for the greater good like this ever accidentally been released into the wild?

Sophisticated “Multiple Exceptional Capabilities”

Dubbed “SkygoFree” by Kaspersky researchers this malware inserts an implant on the device that provides the ability to grab a lot of exfiltrated data, like call records, text messages, geolocation, surrounding audio, calendar events, and other memory information stored on the device. Essentially a surveillance team’s dream come true. Remember how unsophisticated the technology was on series The Wire – imagine if this technology existed back then!

Image Source: Kaspersky Lab

Distribution

SkygoFree is being distributed on fake websites that are designed to look and feel like the websites of major carrier providers such as Vodafone. The victim is prompted to get an update for the phone and voila, SkygoFree is downloaded and the device is compromised.

Compromised Device = Compromised Network

While SkygoFree and other mobile device oriented malware presents a huge breach of privacy and security at the individual device level, compromised devices also represent an opportune attack vector for any network the infected device connects to. That’s why Konsultek uses multiple approaches and technologies when developing our network security solutions. If your organization is ready for a more proactive approach to network and mobile security please give us a call.

 

read more