attacks
now browsing by tag
Cyber-Security #Attacks Already #Happening in #Business #Aviation
While the commercial aviation industry is struggling to even acknowledge threats to cybersecurity, the business aviation industry has already experienced attacks, according to Josh Wheeler, Satcom Direct director, entry into service.
“The attacks are happening while the aircraft is airborne,” Wheeler explained. “The attacks, just like the ones that corporations like Walmart have experienced, are most likely coming from the ground. The key point to remember is that if you can see the Internet when a passenger connects, then the Internet can see you. It’s not really about the satellite. The satellite is just the means to deliver Internet capabilities to the aircraft. In addition, there are security issues with the flight department, for example, any time an aircraft has an open Wi-Fi network operating in the cabin, there is a risk of hacking.”
Cybersecurity threats challenge one of business aviation’s greatest attributes: security of trade secrets from prying eyes. There is also the risk of hacking aboard commercial aircraft. In an attempt to get ahead of the issue, Satcom Direct (Booth H1214) is offering monitoring systems and classes in cybersecurity literacy.
“We saw a huge gap in security because there are certain assumptions made in aviation that, if you are flying, no one can touch you,” Wheeler told AIN. “We need to change the conversation. An IP is an IP and it is irrelevant where it is. Just because you are at altitude doesn’t mean you are safe. People have this huge disconnect. They don’t understand the components of the aircraft, and that creates the perfect storm. Corporate IT people don’t want to get involved because they think they are secure. Flight crews don’t know anything, so they think there is not a problem.”
DAILY ATTACKS
Wheeler sees threat attempts daily but he said, so far, no one has quantified the threat so there are no statistics on how many attacks there have been or what they were. “Once we started evaluating the traffic we were seeing daily attacks.”
It is not just business aviation passengers who are vulnerable, he added. If someone brings aboard an infected computer on a commercial flight and connects to an airline’s Wi-Fi system, an entire cabin can be compromised.
“So far there has not been a breach in aircraft systems or avionics,” he said. “We see phishing scams all the time where someone calls the flight department [and], in the interest of good customer service, employees reveal a lot of information that can be used to compromise the system. We’ve been pushing for years to develop awareness because a lot of folks don’t understand and that means there is no priority or focus on the problem. We see our courses as ice breakers, raising the issue and saying you need to be aware of the cybersecurity issues surrounding your travel.”
Wheeler went on to describe two inflight incidents aboard a Falcon 7X and a Gulfstream G550.
“One of our clients had a Windows-based maintenance laptop with a number of issues, including viruses,” Wheeler explained. “Likely through a virus, the attacker tried to obtain information such as log-ons to financial sites. Our threat-monitoring system pinpointed and caught the nefarious activity, which allowed us to alert the clent, who removed the compromised machine, and the aircraft retained its integrity. This incident underscores the vigilance required with laptop security and keeping its antivirus up-to-date.”
Another client, after expressing skepticism of Satcom’s threat-monitoring service, was swayed. Within a few days of the customer’s signing up for the service, Satcom Direct “noticed a hack that attempted to exploit a vulnerability in a laptop’s outdated version of Adobe Reader to try and compromise the network,” Wheeler said. “Instantly three active viruses attacked that laptop. Our threat-monitoring system stopped these virus attacks and we let the client know. We were not privy to whether there were any additional consequences.”
In a recent attack on a customer, hackers tried to install a keylogger geared toward ecommerce and banking sites, by capturing passwords and user names. In another incident the guest of a client was connected to the Wi-Fi during a flight, and Satcom Direct’s threat-onitoring system detected malware originating from the guest’s laptop. The client was notified and the laptop was shut down.
He added, “A lot of the hacks have been financially driven, but…others just want to crash the system rather than extract information out of it.” The point, he said, is that users need to take precautions.
IF WE CAN DO IT, ANYONE CAN
Satcom Direct director of training Mark Mata agrees. “Something as innocent as opening an email or clicking on links, or even using an infected USB drive in a network computer can result in a serious breach,” he said, adding that the course offered by Satcom Direct is designed to inform end users about what to do and what not to do. “It’s surprising how little thought many of us give to cyber security in our day-to-day actions, but cyber attacks are on the increase. Human error has been identified as the leading cause of cybersecurity incidents, and end-user education is one of the top ways to prevent network infection.”
Part of the company’s services include penetration testing to see what systems are vulnerable on board aircraft.
“If we can get around their systems then others can too,” said Wheeler. “It is really no different than hacking a neighbor’s network. We identify holes and help the flight department remedy it. In-flight networks are vulnerable to the same network security threats as the home or office network.”
The company does cyber hygiene evaluations along with a security risk assessment and threat analysis and prevention. It also offers its own private network for use by companies that want to secure their communications, avoiding the public Internet and protecting end-user communications.
Wheeler explained what that looks like. “We do on-site risk assessments and address disconnects in understanding between corporate IT and flight departments. We assess the flight department and interview everyone from dispatchers, to pilots, to receptionists and maintenance personnel to teach them how to be aware that what may seem like an innocent phone call asking about their operation actually may be a phishing expedition.”
HOW TO SECURE THE ENVIRONMENT
Business aircraft have higher end equipment and more specialized routers than commercial aircraft. Still, that doesn’t mean they can’t be penetrated, Wheeler noted. So what can passengers do to ensure they are secure on board?
Passengers should have their own preflight checklist, advises Wheeler, including running virus scans and updating software before the flight. He also recommended updating malware and adware programs and seeking recommendations from the corporate IT department.
Then there is the obvious.
“Don’t have an easy password,” he said. “We have seen a lot of people who have 12345678 as their password. And don’t use your tail number as the password. We see that all the time. We’ve also seen people who have had a system they question and they haven’t addressed it and [the problem has] been in there for six months or more.
“Our primary concern is the integrity of our client’s systems. We use fact tactics not scare tactics by raising awareness. One of the biggest questions we ask is whether they use third-party companies and what those companies are doing to secure your information.”
The post Cyber-Security #Attacks Already #Happening in #Business #Aviation appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Coin #mining #hacking attacks #rose 8,500% in #2017
So called criminal ‘coin miners’ are taking control of our computers, mobiles and ‘Internet-of-Things’ devices to turn them into crypto-mining slaves
This is getting scary. Cybersecurity software company Symantec says the use of criminal “coin miners” jumped by 8,500% during 2017. A coin miner is a file or script that unknowingly steals a victim’s computer processing power or cloud CPU usage to mine cryptocurrencies.
Symantec said in its annual Internet Security Threat Report that the meteoric rise in the crypto currency market has “triggered a gold rush for cyber criminals.” Coin mining, says Symantec, slows devices, overheats batteries and, for businesses, can shutdown corporate cloud networks. Symantec says it logged 1.7 million such attacks in December alone.
“The barrier to entry for coin mining is pretty low – potentially only requiring a couple of lines of code to operate – and coin mining can allow criminals to fly under the radar in a way that is not possible with other types of cybercrime,” reports Symantec. “Victims may not even realize a coin miner is slurping their computer’s power as the only impact may be a slowdown of their device that they could easily attribute to something else.”
While malicious coin miners appear to primarily target computers, mobile phones are also vulnerable. But it is with Internet of Things (IoT) devices that Symantec is seeing the largest potential for criminal growth. During 2017, there was a 600% increase in such IoT attacks, but as malicious coin mining evolves, cyber criminals could exploit the connected nature of these devices to mine “en masse.”
Maybe it’s time to take that kettle offline and go back to gas?
The post Coin #mining #hacking attacks #rose 8,500% in #2017 appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Top #cyber-security #official warns of #lackluster #response to #attacks
Source: National Cyber Security News
A second top cyber-security official is sounding the alarm over the US’s inadequate response to Russian and other cyberattacks.
Army Lt. General Paul Nakasone told the Senate Armed Services Committee that adversaries that include Russia, China, North Korea and Iran are not facing retribution for their cyberattacks on the US.
“They do not think that much will happen. They don’t fear us. That is not good,” said Nakasone, Trump’s nominee to direct the US Cyber Command and the National Security Agency.
He said his role would be to present options to Trump, but the strategy “emanates from the executive branch.”
Sen. Ben Sasse (R-Neb.) said Nakasone’s assessment that the US doesn’t retaliate when attacked is the “most important” exchange happening at the Capitol.
Sasse said while 80 percent of congressional hearings are “fake” and 90 percent are “pointless,” this one matters because a sense of urgency is “bubbling up” to counterattack.
“We are not responding in any way that is adequate to the challenge that we face,” Sasse said.
On Tuesday, Adm. Mike Rogers, current head of the NSA and U.S. Cyber Command, warned that Russia is still trying to meddle in American elections and the US hasn’t done enough to dissuade such interference.
View full post on National Cyber Security Ventures
Cybersecurity #pros don’t feel #equipped to stop #insider #attacks
Source: National Cyber Security News
Based on interviews with nearly 1,500 cybersecurity professionals over three years, Haystax Technology released a study that makes it clear that organizations are feeling the pressure from insider threats and are ramping up detection, prevention and remediation.
“One consistent message we heard in all of these interviews was that cybersecurity professionals don’t feel equipped to stop insider attacks, despite an increase in funding for things like better controls and training,” said Haystax CEO Bryan Ware. “I’m not surprised that so many are now using analytics, as they need actionable intelligence to proactively identify and defend against threats from both malicious insiders and negligent users.”
Key findings
In 2017, 90 percent of organizations reported feeling vulnerable to insider attacks, up from 64 percent in 2015. Haystax predicts 99 percent of organizations will feel vulnerable this year as they struggle with excessive access privileges and an increasing number of devices with access to sensitive data.
Privileged users were cited as the biggest insider threat concern for 55 percent of organizations in 2017. Haystax predicts that 2018 will be the year when regular employees surpass trusted insiders as the greater risk.
Just 19 percent of organizations deployed user behavior analytics (UBA) solutions in 2016 to proactively monitor employee populations, a figure that jumped to nearly 30 percent last year.
View full post on National Cyber Security Ventures
Cybersecurity Attacks Don’t Go Away, They Morph
Source: National Cyber Security News
The second day of Mobile World Congress kicked off with talks on three emerging technology areas: 5G, next-gen cybersecurity, and what it means to stay agile and innovative in a rapidly changing world
On stage here, McAfee CEO Christopher Young walked up to an Amazon Echo speaker to debut the McAfee Secure Home Platform Skill with a simple command: “Alexa, launch McAfee.”
The connected device ecosystem has surpassed the world’s population as hard-to-secure devices like smart refrigerators, televisions, and lightbulbs proliferate within the home, Young said. He ran down a greatest hits of recent exploits—from WannaCry and the Mirai botnet to Meltdown and Spectre—and argued that these threats will never truly go away.
“Attacks are increasing in complexity and scale. No attack ever goes away, instead it morphs and evolves over time. WannaCry looked like a ransomware attack, but it was also a worm taking advantage of a specific exploit that drove chaos across the public and private sectors and was eventually attributed to a nation-state,” said Young. “We’ve also already started to see connected devices weaponized out in the ecosystem. 2016 saw Mirai, the largest DDoS attack ever levied against [DNS provider] Dyn. That same botnet is alive and well today, and attacking a new device right now every six minutes, adding to its botnet armies.
View full post on National Cyber Security Ventures
6 ways #hackers will use #machine #learning to #launch #attacks
Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.
Defined as the “ability for (computers) to learn without being explicitly programmed,” machine learning is huge news for the information security industry. It’s a technology that potentially can help security analysts with everything from malware and log analysis to possibly identifying and closing vulnerabilities earlier. Perhaps too, it could improve endpoint security, automate repetitive tasks, and even reduce the likelihood of attacks resulting in data exfiltration.
Naturally, this has led to the belief that these intelligent security solutions will spot – and stop – the next WannaCry attack much faster than traditional, legacy tools. “It’s still a nascent field, but it is clearly the way to go in the future. Artificial intelligence and machine learning will dramatically change how security is done,” said Jack Gold, president and principal analyst at J.Gold Associates, when speaking recently to CSO Online.
“With the fast-moving explosion of data and apps, there is really no other way to do security than through the use of automated systems built on AI to analyze the network traffic and user interactions.”
The problem is, hackers know this and are expected to build their own AI and machine learning tools to launch attacks.
How are cyber-criminals using machine learning?
Criminals – increasing organized and offering wide-ranging services on the dark web – are ultimately innovating faster than security defenses can keep up. This is concerning given the untapped potential of technologies like machine and deep learning.
“We must recognize that although technologies such as machine learning, deep learning, and AI will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them,” said Steve Grobman, chief technology officer at McAfee, in recent comments to the media. “As is so often the case in cybersecurity, human intelligence amplified by technology will be the winning factor in the arms race between attackers and defenders.”
This has naturally led to fears that this is AI vs AI, Terminator style. Nick Savvides, CTO at Symantec, says this is “the first year where we will see AI versus AI in a cybersecurity context,” with attackers more able to effectively explore compromised networks, and this clearly puts the onus on security vendors to build more automated and intelligent solutions.
“Autonomous response is the future of cybersecurity,” stressed Darktrace’s director of technology Dave Palmer in conversation with this writer late last year. “Algorithms that can take intelligent and targeted remedial action, slowing down or even stopping in-progress attacks, while still allowing normal business activity to continue as usual.”
Machine learning-based attacks in the wild may remain largely unheard of at this time, but some techniques are already being leveraged by criminal groups.
1. Increasingly evasive malware
Malware creation is largely a manual process for cyber criminals. They write scripts to make up computer viruses and trojans, and leverage rootkits, password scrapers and other tools to aid distribution and execution.
But what if they could speed up this process? Is there a way machine learning could be help create malware?
The first known example of using machine learning for malware creation was presented in 2017 in a paper entitled “Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN.” In the report, the authors revealed how they built a generative adversarial network (GAN) based algorithm to generate adversarial malware samples that, critically, were able to bypass machine-learning-based detection systems.
In another example, at the 2017 DEFCON conference, security company Endgame revealed how it created customized malware using Elon Musk’s OpenAI framework to create malware that security engines were unable to detect. Endgame’s research was based on taking binaries that appeared to be malicious, and by changing a few parts, that code would appear benign and trustworthy to the antivirus engines.
Other researchers, meanwhile, have predicted machine learning could ultimately be used to “modify code on the fly based on how and what has been detected in the lab,” an extension on polymorphic malware.
2. Smart botnets for scalable attacks
Fortinet believes that 2018 will be the year of self-learning ‘hivenets’ and ‘swarmbots’, in essence marking the belief that ‘intelligent’ IoT devices can be commanded to attack vulnerable systems at scale. “They will be capable of talking to each other and taking action based off of local intelligence that is shared,” said Derek Manky, global security strategist, Fortinet. “In addition, zombies will become smart, acting on commands without the botnet herder instructing them to do so. As a result, hivenets will be able to grow exponentially as swarms, widening their ability to simultaneously attack multiple victims and significantly impede mitigation and response.”
Interestingly, Manky says these attacks are not yet using swarm technology, which could enable these hivenets to self-learn from their past behavior. A subfield of AI, swarm technology is defined as the “collective behavior of decentralized, self-organized systems, natural or artificial” and is today already used in drones and fledgling robotics devices. (Editor’s note: Though futuristic fiction, some can draw conclusions from the criminal possibilities of swarm technology from Black Mirror’s Hated in The Nation, where thousands of automated bees are compromised for surveillance and physical attacks.)
3. Advanced spear phishing emails get smarter
One of the more obvious applications of adversarial machine learning is using algorithms like text-to-speech, speech recognition, and natural language processing (NLP) for smarter social engineering. After all, through recurring neural networks, you can already teach such software writing styles, so in theory phishing emails could become more sophisticated and believable.
In particular, machine learning could facilitate advanced spear phishing emails to be targeted at high-profile figures, while automating the process as a whole. Systems could be trained on genuine emails and learn to make something that looks and read convincing.
In McAfee Labs’ predictions for 2017, the firm said that criminals would increasingly look to use machine learning to analyze massive quantities of stolen records to identify potential victims and build contextually detailed emails that would very effectively target these individuals.
Furthermore, at Black Hat USA 2016, John Seymour and Philip Tully presented a paper titled “Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter,” which presented a recurrent neural network learning to tweet phishing posts to target certain users. In the paper, the pair presented that the SNAP_R neural network, which was trained on spear phishing pentesting data, was dynamically seeded with topics taken from the timeline posts of target users (as well as the users they tweet or follow) to make the click-through more likely.
Subsequently, the system was remarkably effective. In tests involving 90 users, the framework delivered a success rate varying between 30 and 60 percent, a considerable improvement on manual spear phishing and bulk phishing results.
4. Threat intelligence goes haywire
Threat intelligence is arguably a mixed blessing when it comes to machine learning. On the one hand, it is universally accepted that, in an age of false positives, machine learning systems will help analysts to identify the real threats coming from multiple systems. “Applying machine learning delivers two significant gains in the domain of threat intelligence,” said Recorded Future CTO and co-founder Staffan Truvé in a recent whitepaper.
“First, the processing and structuring of such huge volumes of data, including analysis of the complex relationships within it, is a problem almost impossible to address with manpower alone. Augmenting the machine with a reasonably capable human, means you’re more effectively armed than ever to reveal and respond to emerging threats,” Truvé wrote. “The second is automation — taking all these tasks, which we as humans can perform without a problem, and using the technology to scale up to a much larger volume we could ever handle.”
However, there’s the belief, too, that criminals will adapt to simply overload those alerts once more. McAfee’s Grobman previously pointed to a technique known as “raising the noise floor.” A hacker will use this technique to bombard an environment in a way to generate a lot of false positives to common machine learning models. Once a target recalibrates its system to filter out the false alarms, the attacker can launch a real attack that can get by the machine learning system.
5. Unauthorized access
An early example of machine learning for security attacks was published back in 2012, by researchers Claudia Cruz, Fernando Uceda, and Leobardo Reyes. They used support vector machines (SVM) to break a system running on reCAPTCHA images with an accuracy of 82 percent. All captcha mechanisms were subsequently improved, only for the researchers to use deep learning to break the CAPTCHA once more. In 2016, an article was published that detailed how to break simple-captcha with 92 percent accuracy using deep learning.
Separately, the “I am Robot” research at last year’s BlackHat revealed how researchers broke the latest semantic image CAPTCHA and compared various machine learning algorithms. The paper promised a 98 percent accuracy on breaking Google’s reCAPTCHA.
6. Poisoning the machine learning engine
A far simpler, yet effective, technique is that the machine learning engine used to detect malware could be poisoned, rendering it ineffective, much like criminals have done with antivirus engines in the past. It sounds simple enough; the machine learning model learns from input data, if that data pool is poisoned, then the output is also poisoned. Researchers from New York University demonstrated how convolutional neural networks (CNNs) could be backdoored to produce these false (but controlled) results through CNNs like Google, Microsoft, and AWS.
View full post on National Cyber Security Ventures
Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies
Source: National Cyber Security – Produced By Gregory Evans
Officers raid IT worker’s flat on Cheung Chau and also seize two desktop computers, two laptops, one tablet, three hard disks and five mobile phones
A 30-year-old Hong Kong man was arrested in connection with cyberattacks in which the computers of two travel agencies in the city were hacked and their clients’ sensitive personal information held for ransom, with payouts in bitcoin sought last week.
The two travel agencies reported the incidents to police on January 1 and 2.
One bitcoin (HK$123,735 or US$15,819) was demanded as a ransom in each hacking case, according to police.
Officers from the force’s Cyber Security and Technology Crime Bureau raided a flat in the outlying island of Cheung Chau and arrested the man on Saturday.
During the operation, police seized two desktop computers, two laptops, one tablet, three hard disks and five mobile phones in the flat.
At lunchtime on Monday, police escorted the suspect to his workplace on Hoi Yuen Road in the Kwun Tong district of Kowloon to gather evidence.
The Post understands the suspect, a computer technician, hacked into the computers of the agencies on New Year’s Day through security loopholes on their websites hours before the companies were hit with demands for a ransom to be paid in bitcoin.
“An email was sent to the persons in charge of the companies after the personal information of more than 20,000 customers was stolen from the computer servers of the agencies,” a police source said.
“The companies were told to pay in bitcoin in a newly opened account with threats that their customers’ data would be posted on the internet if the firms failed to pay on Saturday.”
The stolen information included customers’ names, identity card numbers and contact numbers but no credit card information was involved.
Officers from the Cyber Security and Technology Crime Bureau were understood to have worked around the clock and checked tens of thousands of log records to the servers to gather information.
“Investigations showed circuitous routes were used to hack into the computer servers, but officers eventually identified the suspect through his IP address,” another source said.
He said the man was nabbed at home on Cheung Chau hours before the payment deadline.
Officers would carry out a forensic examination of the victims’ computers and hard disks to gather information, he said.
At about 5pm on Monday, the suspect was still being held for questioning and had not been charged.
“We believe his motive was to look for money,” said bureau superintendent Swalikh Mohammed said.
Investigations were continuing and he did not rule out the possibility of further arrests.
“The cyber world is not a lawless place where criminals can hide. A majority of the laws applicable to the real world can also be applied to the internet,” he warned.
He said blackmail was a serious offence that carries a maximum penalty of 14 years in prison.
Travel agency Goldjoy Holidays revealed on Thursday that unauthorised parties accessed its customer database containing personal information such as names and identity card numbers, passport details and phone numbers.
The company apologised to customers and promised it was taking steps to tighten cybersecurity.
The other agency, Big Line Holiday, said on Wednesday night that hackers might have broken into its database a day earlier and gained possession of some of its customers’ personal information.
The data was believed to include ID card numbers, home return permit numbers and phone numbers.
In a statement, Big Line said: “Our company attaches great importance to this incident and deeply apologises to the affected clients.”
Big Line, which has 13 branches and organises tours to mainland China and Asia, said it received a letter from perpetrators demanding a sum of money for the release of the information.
In November, one of the city’s largest travel agencies, Hong Kong-listed WWPKG Holdings, revealed that its customer database had also been hacked, putting at risk personal data such as ID card numbers and credit card information of some 200,000 customers.
The culprits had asked for a seven-figure ransom, to be paid in bitcoin, but the firm did not pay and instead called the police, who later managed to decrypt the data. Because of the hacking incident, all four of the agency’s branches -in Tsim Sha Tsui, Mong Kok, Causeway Bay and Sha Tin – were closed for a day.
The force recorded 653 cases of cybercrimes in 2005, the first year it began tracking such offences, and saw the number reach 5,939 in 2016, with financial losses hitting HK$2.3 billion.
The post Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks
Source: National Cyber Security – Produced By Gregory Evans
‘The weakest part of security is us’
This was the message from ethical hacker Mike G.
Speaking at the Irish Independent annual Dublin Information Sec cyber-security event taking place in Dublin today, Mike G, who helps organisations in their fight against cyber security and hacking, said that humans are very easily hacked.
Citing the hacking of US actress Jennifer Lawrence’s Apple iCloud, Mike G said that the hacking was done through the actresses’ password for iCloud being her dog’s name, and the fact that Ms Lawrence had posted a picture of her dog on Instagram – the hacker went from there and leaked photos apparently showing her in the nude on the internet.
In addition, bad systems design and/or insecure security policies can leave people and organisations vulnerable to hacking.
Mike G, who describes himself as a pilot, engineer, and ethical hacker, described the various was in which hackers can gain information about a person or a company, including through social media, certain types of jobs – “sales people often give out everything” – and even job listings.
In a sobering talk, he listed spoofing texts, calls and emails among the ways in which people and companies can get hacked.
In addition he said that anything can get hacked including pins, biometrics, TVs, and even our fitbits.
However when a person’s phone can be taken over, it’s “huge” he said.
In what was a stark message to businesses, Mike G asked those present at the event whether their company would be able to recover if the competition had all of their data?
However, the news from the ethical hacker was not all bad.
Mike G and his team do a lot of forensic planning, providing, among other services, cyber security awareness training, and impact penetrating testing to show companies their weak spots and how these can be overcome.
The post ‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
HACKERS TAKE #AIM AT #SSH KEYS IN NEW #ATTACKS
Source: National Cyber Security – Produced By Gregory Evans
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SSH keys to be used to compromise websites.
“What triggered our concern was a customer who notified us that they have been monitoring their live traffic and seeing scans for SSH keys,” said WordFence CEO Mark Maunder, in an interview with Threatpost. “When we examined our own honeypots we found that this was not an isolated case and that 25,000 scans were taking place in waves each day.”
Those scans began on Monday and are ongoing, Maunder said and reported in a blog post. Adversaries are using terms such as “root,” “ssh,” or “id_rsa” in hopes of finding web directories containing private SSH keys, most likely mistakenly stored on public directories.
SSH (Secure Shell) is a cryptographic network protocol most often used for secure remote logins to remote computer systems. Successful theft of a private key would give a threat actor access to any server or system where that private key is used for authentication. That risk, security experts note, is not just limited to WordPress but also Linux and Unix systems and embedded devices that also rely heavily on SSH for secure logins and connections.
“Scanning for private SSH keys in public directories is not new. But, the type of increase we are seeing is alarming,” said Justin Jett, director of audit and compliance for Plixer.
He said, seldom are good SSH security practices followed. Unlike digital certificates that expire, SSH have no expiration date and passwords are seldom changed.
“What we find is most businesses and enterprises have no idea what SSH keys are or how to manage them,” said Venafi vice president of security strategy Kevin Bocek. “SSH is unfortunately a secret of systems administrators who create them and tend to them.”
Bocek said Venafi has also seen a recent increase in scanning for SSH keys and not only on public directories, but also in Git or SVN, or subversion, repositories.
Private keys should never be stored in publicly accessible directories. However, too often admins lose track of SSH keys and host both the public and private keys online.
“Exposed SSH keys pose a serious threat to organizations. Anyone gaining access to them has the ‘keys’ to the kingdom,” Jett said.
Earlier this week a report by Venafi disclosed that companies lacked sufficient SSH security controls. A study of 410 IT security professionals by the company found 54 percent of respondents said they do not limit the locations from which SSH keys can be used. It also found 61 percent of respondents do not limit or monitor the number of administrators who manage SSH.
The post HACKERS TAKE #AIM AT #SSH KEYS IN NEW #ATTACKS appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
D5 Creation