Ready to Start Your Career?
May 26, 2017
UNM4SK3D: NSA, China, and Spotify
May 26, 2017
#wannacry (again).Break out the tissues, this report will make you 'WannaCry' some more. Following the most massive ransomware campaign, there were multiple warnings against subsequent attacks and hackers using the NSA exploits to their advantage. Those warnings were correct, but the reality is even more severe.As a refresher, WannaCry "exploited a Windows zero-day SMB (Server Message Block) bug that allowed remote hackers to hijack PCs running on unpatched Windows OS and then spread itself to other unpatched systems using its wormable capability." Security researcher Miroslav Stampar has discovered a new strain of malware, fondly named 'EternalRocks.' Someone must be a geology fan. This strain spreads itself by exploiting flaws in Windows SMB file sharing protocol, but is even more dangerous than WannaCry because it exploits all seven of the leaked NSA hacking tools rather than just two and has no kill switch. It appears to function secretly in order to ensure that it remains undetectable on the affected system. Stampar found that 'EternalRocks' disguises itself as 'WannaCry' to fool security researchers, and instead of dropping ransomware, gains unauthorized control of the affected computer to launch future attacks.'EternalRocks' works by downloading the Tor web browser on affected computers, connecting them to its command-and-control (C&C) server located on the Tor network of the Dark Web, and waiting 24 hours to avoid sandboxing techniques, making the worm infection undetectable. Then, all seven SMB exploits are downloaded to the infected computer. 'EternalRocks' scans the internet for open SMB ports to spread itself to other vulnerable systems as well. If that was not bad enough, the Shadow Broker's have announced that they plan to release exploits for smartphones, routers, web browsers, and Windows operating system, including Windows 10 in the coming months.Microsoft released patches for SMB flaws on supported versions in March and following the WannaCry ransomware, released patches for unsupported versions, however, the company still failed to patch the other three NSA hacking tools, dubbed 'EnglishmanDentist,' 'EsteemAudit,' and 'ExplodingCan.' Perhaps the most dangerous of the three is 'EsteemAudit' which targets RDP service (port 3389) on Microsoft Windows Server 2003 / Windows XP machines. This means that over 24,000 vulnerable systems are still exposed for anyone to hack. Many warn that one infected computer could leave organizations open to serious exploitation. The Hacker News recommends securing your RDP port by disabling it or putting it behind a firewall.
Windows XP-based systems currently account for more than 7% of desktop operating systems still in use today, and the cyber security industry estimates that more than 600,000 web-facing computers, which host upwards of 175 million websites, still run Windows Server 2003 accounting for roughly 18 percent of the global market share. -Security researchersFor a full report on the WannaCry ransomware, read last week's UNM4SK3D: WannaCry, Bell Canada, and CIA.
#cybersecuritylawChanges to the wording of a Chinese cyber security law broadens the scope of businesses involved with strict sanctions. The updated proposal is set to go into effect on June 1st, giving many international business leaders a serious headache. The new measures implemented in the newest draft of this law give the government unprecedented access to foreign technology and allows for the collection and movement of data to be more heavily monitored. For example, rules limiting the transfer of data outside China’s borders originally applied only to 'critical information infrastructure operators.' But that was changed to 'network operators,' which could mean just about any business. Therefore even a small e-business or email system could be considered a network. In addition, "provisions in the law include a more comprehensive security-review process for key hardware and software deployed in China and a requirement to assist authorities conducting security investigations." More than 50 trade associations are seeking a delay, arguing the law could impact billions of dollars of cross-border trade and lock out foreign cloud operators. Chinese leaders have argued that the revised law is necessary to protect national security.In similar, related news, Microsoft announced Windows 10 China Government Edition specifically designed for the Chinese government. The OS is based on Windows 10 Enterprise Edition, which already provides several security, identity, and manageability features, but the customized versional also offers the ability for the country to use the management feature to monitor and deploy updates as needed, manage telemetry, and use its own encrypted algorithms. A release date for the Windows 10 China Government Edition has not been announced, but three Chinese government groups, China Customs, Westone Information Technology and the City of Shanghai, have already announced their plans to adopt Windows 10 China Government Edition.
These measures will add costly burdens, restrict competition and may decrease the security of products and jeopardize the privacy of Chinese citizens. -letter from bodies representing businesses based in the U.S., Europe, Japan, Korea, Australia, and elsewhereRead the original write-up on cyber security laws in China in this December edition of UNM4SK3D: Europol, FCC, and China.
#hackedSpotify is putting to rest previous accusations that they've suffered a security breach this week and assure users that its user records are secure in a statement to International Business Times after a hacking group announced they possessed 9,000 Spotify login credentials. According to the latest update, Spotify did not suffer from a breach per say, however, the alleged Spotify hack is actually a dump of reused passwords, and the lack of complex passwords in the list seems to prove this claim. Having become aware of such a security breach, Spotify's security team identified that some of the leaked user credentials might correspond to Spotify accounts. "We take a proactive approach to security and have reset all of the relevant passwords and sent the customers an email asking them to create a new one."Originally, the claim of the 'hack' was made on Monday by the Leak Boat via Twitter, but further investigation revealed the page that listed all the account details had information of fewer than 6,500 Spotify subscribers. That same night, the Leak Boat also released a few login credentials for wizard101.com, a website to play a wizard game. Continuing in a taunting tone on Twitter, they shared the message, "Don't worry, we're#Comey Approved, lmfao." The group also said it was considering starting a 'Lulzcalypse,' a reference to starting an apocalyptic storm of leaks just because they think it's funny. Later, they called it a Leakocalypse. Will the group continue to wreak havoc on the Twittersphere? Could be a new story for next week. Until them, secure your accounts.
We do however pay attention to breaches of other services, and take steps to help our users secure their Spotify accounts when those occur, because many people use the same login and password combination for multiple services. -Spotify representativeFor tools that will help you perform mobile security testing, read 'Social Media and Apps "Stealing" Your Information.'