UNM4SK3D: Ads, Email, and Inflight Entertainment

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

UNM4SK3D: Ads, Email, and Inflight Entertainment

Published: December 22, 2016 | By: Olivia | Views: 2027
save

unm4sk3d_holiday

 

#methbot

Slow clap for fraud-prevention firm White Ops who discovered the biggest digital ad fraud ever, lovingly dubbed ‘Methbot.’ 

This may sound like a bad dream, or just another episode of Breaking Bad, but Methbot, a ‘robo-browser that spoofs all the necessary interactions needed to initiate, carry out and complete ad transactions,’ has been making hackers 3-5 million PER DAY since its inception. These alleged Russian hackers, part of the cyber criminal gang dubbed ‘ATF13,’ are pretty sneaky- they pulled off the hack by using Methbot to automatically generate 300 million fraudulent ad impressions daily, impersonating US brands like ESPN and the Huffington Post.

How did they do it? Probably with the help of a lot of vodka. But all jokes aside, this tricky scheme avoided suspicion by using 570,000 bots with forged IP addresses, making the ad views appear to be coming from the United States. To make their bots fly further under the radar, the gang employed methods like automated faked clicks, mouse movements, and social network login information.

Methbot watched as many as 300 million ads per day, with an average payout of $13.04 per 1000 faked views -White Ops

If this headline has you scratching your head over the complexity of bots, take a step back. This post from AlienVault, ‘Botnet Detection and Removal: Methods & Best Practices’ takes readers through Botnet 101.

#hacked (again).

Yahoo! is infamous yet again, and not for the nostalgia of embarrassing first email addresses we typically associate with the site. No, they’ve had another massive data breach.

The latest breach comes after an initial hack compromising 500 million accounts, of which users were notified early this fall. In perfect harmony with the storm of ‘winter is coming memes,’ this season brought with it one of the largest data breaches in Internet history- this time hitting 1 billion of its user accounts. If you’re thinking of ditching your original ‘hotblondiesoccerplayeranimallover562134@yahoo.com’ and opting for ProtonMail, probably a smart idea.

Not only were more accounts targeted, but more sensitive data was taken this time around. According to the Hoo’s CISO, Bob Lord, “Stolen information may include names, email addresses, telephone numbers, dates of birth, hashed passwords using MD5 encryption — and in some cases, encrypted or unencrypted security questions and answers.” So, that means while you can change your password, these hackers still have access to very personal information that you can’t change- like your mother’s maiden name and birth date.

By the end of 2020 the number of email users worldwide will top 3.0 billion. Nearly half of the worldwide population will be using email by year end 2020 -Email Statistics Report, the Radicati Group

To get more in-depth on the topic of email security, checkout this case study, ‘E-Mail Investigation’ which gives a case summary, explores the forensic methodology and provides a summary of the trials and prosecution.

#criticalvulnerabilities

You have more than turbulence to be worried about on your next flight. In a recent report, IOActive revealed that an in-flight entertainment system from Panasonic Avionics could potentially allow access to aircraft control systems.

In a world where free pretzels are a meal and getting an aisle seat is akin to winning the lottery, comes bad news for flyers who binge Friends re-runs from 10,000 feet. Your favorite in-flight feature, the entertainment, is under attack. The critical security vulnerabilities reside in the Panasonic Avionics In-Flight Entertainment (IFE) system used in planes run by 13 major airlines, including American and Emirates and could allow hackers to hijack several flight systems and even take control of the plane. If that made you nauseous, there’s a barf bag in the seat pocket infront of you.

How did this vulnerability get discovered? Well, IOActive’s own Ruben Santamarta was the first to notice the dangerous, gaping whole in the system. What made him test it in the first place, we’ll ask later. He managed to “hijack” in-flight displays to change information like altitude and location, as well as hack into the announcements system and could also access credit card details of passengers stored in the automatic payment system, as if $25 for a checked bag isn’t enough.

There were 37.4 million flights scheduled in 2014, which means an average of 102,465 flights per day- 2014 report from Air Transport Action Group

If you’re still trying to wrap your head around how many daily flights there must be in 2016, focus your energy instead on ‘How to Hunt for Vulnerabilities’ with this video from Breakpoint Labs.

#skillcertspotlight

It turns out, Technical Project Management is one of the most taken skill certification tests to date, with 1,185 total taken since its release. What’s all the hype about? That you’ll have to see for yourself by getting certified. But first, here’s a little background:

Typically, technical project managers assess technical risks, assist with technical problem solving, and cut though the layers of any given project to determine what the core needs and issues are. The Technical Project Management Skill Certification course is for technicians who would like to take the next step and cross the border into management. Though a difficult transition, progressing through the skill course and successfully passing the Technical Project Management Certification test shows that you have both the technical proficiency and management skills to successfully lead technical projects by utilizing well-known tools, techniques, and methodologies. In the Technical Project management Skill Certification course, professionals become familiarized with all stages of project management including initiating, planning, execution, and monitoring/controlling in the context of IT projects.

Here’s the code for your next skill certification test: OBLOG50. If you use it, put in a good word with Santa for me, I’m hoping for a GoPro.

oliviaOlivia Lynch is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Still Reading The 22 Immutable Laws of Marketing: Violate Them at Your Own Risk! By Al Ries & Jack Trout

 

 

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel