UNM4SK3D: NSA, China, and Spotify

May 26, 2017 | Views: 5851

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

#wannacry (again). 

Break out the tissues, this report will make you ‘WannaCry’ some more. Following the most massive ransomware campaign, there were multiple warnings against subsequent attacks and hackers using the NSA exploits to their advantage. Those warnings were correct, but the reality is even more severe.

As a refresher, WannaCry “exploited a Windows zero-day SMB (Server Message Block) bug that allowed remote hackers to hijack PCs running on unpatched Windows OS and then spread itself to other unpatched systems using its wormable capability.” Security researcher Miroslav Stampar has discovered a new strain of malware, fondly named ‘EternalRocks.’ Someone must be a geology fan. This strain spreads itself by exploiting flaws in Windows SMB file sharing protocol, but is even more dangerous than WannaCry because it exploits all seven of the leaked NSA hacking tools rather than just two and has no kill switch. It appears to function secretly in order to ensure that it remains undetectable on the affected system. Stampar found that ‘EternalRocks’ disguises itself as ‘WannaCry’ to fool security researchers, and instead of dropping ransomware, gains unauthorized control of the affected computer to launch future attacks.

‘EternalRocks’ works by downloading the Tor web browser on affected computers, connecting them to its command-and-control (C&C) server located on the Tor network of the Dark Web, and waiting 24 hours to avoid sandboxing techniques, making the worm infection undetectable. Then, all seven SMB exploits are downloaded to the infected computer. ‘EternalRocks’ scans the internet for open SMB ports to spread itself to other vulnerable systems as well. If that was not bad enough, the Shadow Broker’s have announced that they plan to release exploits for smartphones, routers, web browsers, and Windows operating system, including Windows 10 in the coming months.

Microsoft released patches for SMB flaws on supported versions in March and following the WannaCry ransomware, released patches for unsupported versions, however, the company still failed to patch the other three NSA hacking tools, dubbed ‘EnglishmanDentist,’ ‘EsteemAudit,’ and ‘ExplodingCan.’ Perhaps the most dangerous of the three is ‘EsteemAudit’ which targets RDP service (port 3389) on Microsoft Windows Server 2003 / Windows XP machines. This means that over 24,000 vulnerable systems are still exposed for anyone to hack. Many warn that one infected computer could leave organizations open to serious exploitation. The Hacker News recommends securing your RDP port by disabling it or putting it behind a firewall.

Windows XP-based systems currently account for more than 7% of desktop operating systems still in use today, and the cyber security industry estimates that more than 600,000 web-facing computers, which host upwards of 175 million websites, still run Windows Server 2003 accounting for roughly 18 percent of the global market share. -Security researchers

For a full report on the WannaCry ransomware, read last week’s UNM4SK3D: WannaCry, Bell Canada, and CIA. 

#cybersecuritylaw   

Changes to the wording of a Chinese cyber security law broadens the scope of businesses involved with strict sanctions. The updated proposal is set to go into effect on June 1st, giving many international business leaders a serious headache. 

The new measures implemented in the newest draft of this law give the government unprecedented access to foreign technology and allows for the collection and movement of data to be more heavily monitored. For example, rules limiting the transfer of data outside China’s borders originally applied only to ‘critical information infrastructure operators.’ But that was changed to ‘network operators,’ which could mean just about any business. Therefore even a small e-business or email system could be considered a network.  In addition, “provisions in the law include a more comprehensive security-review process for key hardware and software deployed in China and a requirement to assist authorities conducting security investigations.” More than 50 trade associations are seeking a delay, arguing the law could impact billions of dollars of cross-border trade and lock out foreign cloud operators. Chinese leaders have argued that the revised law is necessary to protect national security.

In similar, related news, Microsoft announced Windows 10 China Government Edition specifically designed for the Chinese government. The OS is based on Windows 10 Enterprise Edition, which already provides several security, identity, and manageability features, but the customized versional also offers the ability for the country to use the management feature to monitor and deploy updates as needed, manage telemetry, and use its own encrypted algorithms. A release date for the Windows 10 China Government Edition has not been announced, but three Chinese government groups, China Customs, Westone Information Technology and the City of Shanghai, have already announced their plans to adopt Windows 10 China Government Edition.

These measures will add costly burdens, restrict competition and may decrease the security of products and jeopardize the privacy of Chinese citizens. -letter from bodies representing businesses based in the U.S., Europe, Japan, Korea, Australia, and elsewhere

Read the original write-up on cyber security laws in China in this December edition of UNM4SK3D: Europol, FCC, and China.

#hacked

Spotify is putting to rest previous accusations that they’ve suffered a security breach this week and assure users that its user records are secure in a statement to  International Business Times after a hacking group announced they possessed 9,000 Spotify login credentials. 

According to the latest update, Spotify did not suffer from a breach per say, however, the alleged Spotify hack is actually a dump of reused passwords, and the lack of complex passwords in the list seems to prove this claim. Having become aware of such a security breach, Spotify’s security team identified that some of the leaked user credentials might correspond to Spotify accounts. “We take a proactive approach to security and have reset all of the relevant passwords and sent the customers an email asking them to create a new one.”

Originally, the claim of the ‘hack’ was made on Monday by the Leak Boat via Twitter, but further investigation revealed the page that listed all the account details had information of fewer than 6,500 Spotify subscribers. That same night, the Leak Boat also released a few login credentials for wizard101.com, a website to play a wizard game. Continuing in a taunting tone on Twitter, they shared the message, “Don’t worry, we’re #Comey Approved, lmfao.” The group also said it was considering starting a ‘Lulzcalypse,’ a reference to starting an apocalyptic storm of leaks just because they think it’s funny. Later, they called it a Leakocalypse. Will the group continue to wreak havoc on the Twittersphere? Could be a new story for next week. Until them, secure your accounts.

We do however pay attention to breaches of other services, and take steps to help our users secure their Spotify accounts when those occur, because many people use the same login and password combination for multiple services. -Spotify representative

For tools that will help you perform mobile security testing, read ‘Social Media and Apps “Stealing” Your Information.’

#factbyte

According to the A10 Networks’ Application Intelligence Report (AIR), 50% of all global respondents consider apps to be as or almost as important as breathing, eating and drinking. 

#certspotlight 

Security policy is a critical component of the design and further implementation of information systems. It outlines a set of rules and procedures that specify how the system should manage and safeguard sensitive information. The objective of policies is to educate by guiding design, development, implementation, testing and maintenance across an organization.

Cyber security’s progressive nature must be addressed by policies that are equally as progressive. These policies, likewise, must recognize a continually growing list of threats while remaining closely aligned to a business’ goals and objectives. Policies form the framework for a comprehensive security program which guide and clarify decisions made by the senior governance body within an organization and can ultimately aid in both subjective and objective decision making.

In order to provide the basis for a company-wide information system, you must first learn to develop policies that address the confidentiality, integrity, and availability of critical information. The Policy Development Micro Certification addresses areas to protect your organization’s reputation, resources and employees, while ensuring compliance with all industry, regulatory, Federal, and international standards.

Use code OBLOG50 for half off any micro certification. 

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. “Someone must be a geology fan.” I died funeral is tomorrow.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel