UNM4SK3D: CIA, Instagram, and St. Jude

September 1, 2017 | Views: 4030

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

#wikileaks 

Wikileaks is in the news for more reasons than 1 this week. As expected, they’ve added another hacking tool to the growing list of Vault 7 leaks. The latest, ‘AngelFire’ is a Windows hacking tool used to gain persistent remote access. But, prior to that leak, Wikileaks was hacked themselves by none other than the infamous group ‘OurMine.’

You may recall OurMine from last week’s UNM4SK3D in which Sony PlayStation was targeted. The Saudi hacking group, known for targeting high-profile figures and companies’ social media accounts, including Facebook CEO Mark Zuckerberg and HBO, have not rested on their mission to bring attention to the security holes in targets systems or accounts. Escalating from their traditional message posting, this one more aggressive than previous, the group called out Anonymous and Wikileaks directly. While there was no indication WikiLeaks servers had been compromised, their website was redirected to a hacker-controlled server using DNS poisoning attack. In this type of attack, an attacker gets control of the DNS server and changes a value of name-servers in order to divert Internet traffic to a malicious IP address. Site administrators quickly regained access to their DNS server, returning the WikiLeaks website back online with its legitimate servers, allowing them to later post ‘AngelFire.’

The ‘AngelFire’ framework “implants a persistent backdoor on the target Windows computers by modifying their partition boot sector.” It consists of 5 components: Solartime, Wolfcreek, Keystone, BadMFS, and Windows Transitory File system. According to Wikileaks, administrative rights are needed on the target computer in order to install and utilize the tool. The guide also indicates the 32-bit version of the implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2 and Windows 7. It also states that loading additional implants create memory leaks that can be possibly detected on infected machines.

Hi it’s OurMine (Security Group), don’t worry we are just testing your…. blablablabla, Oh wait, Wikileaks, remember when you challenged us to hack you? Anonymous, remember when you tried to dox us with fake information for attacking Wikileaks? There we go! Our group beat you all! #WikiealksHack let’s get it trending on twitter! -OurMine post

Want the scoop of Wikileaks and OurMine? Catch up with last week’s ‘UNM4SK3D.’ 

#hacked

No matter what filter or lighting you use, this is a bad look for Instagram, who suffered a data breach in which hackers gained access to phone number and email addresses for many ‘high-profile’ users.

It appears the flaw resides in Instagram’s application programming interface (API), which the service uses to communicate with other apps. The specific flaw was not revealed by ‘the gram’ although they continued to assure users that the bug has been patched and that their security team is investigating the incident further. Instagram also declined to provide which accounts had been affected by the breach, however many have speculated the recent hack of Selena Gomez’s account with over 125 million followers was related. Two days prior to this disclosure, an unknown hacker hijacked most her account, posting ex-boyfriend Justin Bieber’s nude photographs. Her account has also since been recovered.

Despite the Instagram hackers not having access to passwords, this breach is still especially dangerous. The Hacker News says, “With email addresses and phone numbers in their hands, the hackers next step could be used the information in tandem with social engineering techniques in an effort to gain access to verified users’ Instagram accounts to embarrass them.” All verified users were given notice via email and were encouraged to be cautious if they receive suspicious or unrecognized phone calls, text messages, or emails. All users are highly recommended to enable two-factor authentication for their accounts and use password best practices.

We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information—specifically email address and phone number—by exploiting a bug in an Instagram API. -Instagram

Are you a Facebook, Instagram, or Snapchat user? Find out how cyber criminals are able to hack your account in this detailed post from Heimdal Security.

#iot 

At last, the firmware update mandated by the FDA to address security vulnerabilities in radio frequency (RF)-enabled St. Jude Medical (now Abbott) implantable pacemakers is now available to patients. 

The initial report, filed by MedSec and Muddy Waters, claimed that attackers could, among other things, crash implantable cardiac devices and drain their battery at a fast rate. Shortly after the FDA began investigating this claim, they released formal guidance on “the postmarket management of cybersecurity for medical devices, while St. Jude Medical pushed a security update to resolve some of the flaws in January 2017.” Released on August 23rd, the new software will reduce the risk of patient harm due to potential exploitation of cyber security vulnerabilities. In order to get this update, however, patients must visit their healthcare provider for the operation.

Specifically, for those who may be affected, the firmware releases are meant to mitigate issues with Accent/Anthem, Version F0B.0E.7E; Accent MRI/Accent ST, Version F10.08.6C; Assurity/Allure, Version F14.07.80; and Assurity MRI, Version F17.01.49. At this time, the pacemaker company has said it is unaware of any security incidents related to, nor any attacks explicitly targeting, its devices and pacemaker manufactured from August 28th, 2017 on will have this update pre-loaded in the device.

The FDA recommends that patients and their health care providers discuss the risks and benefits of the cyber security vulnerabilities and the associated firmware update designed to address such vulnerabilities at their next regularly scheduled visit. -The FDA

Look back on the initial happenings with St. Jude in this previous edition of ‘UNM4SK3D.’ 

#factbyte

SecurityScorecard analyzed more than 500 federal, state, and local government agencies in the United States, compared this group to 17 other expansive industries and evaluated this group’s security capabilities across 10 categories. A key finding from the report: Government organizations were ranked third from last (16th) in overall cyber security, even when compared to heavily-regulated industries like transportation, finance, energy, and healthcare.

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel