28.4.16

Malware found at a German nuclear power plant



Malware has been found on a computer at Gundremmingen nuclear power plant in Germany, it has been revealed. Reuters reported that RWE, the electric utilities company responsible for operating the plant, does not consider it a threat as the infected computer is not connected to the internet.
The malware includes Conficker, which has been described as the most virulent malware of the 2000s. At its peak, in 2009, it is thought to have infected over 15 million computers around the world. According to the news provider, malware was found on a computer that “was retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods”.
However, this was not a sole incident, as malware was also discovered on 18 removable disk drives.David Harley, a senior research fellow at ESET, said that given the number of infected removable drives also found at the nuclear plant, “internet disconnection doesn’t in itself guarantee that a system can’t be infected, can’t be the cause of further infections on the site, or that a dangerous payload can’t be executed”. “It’s possible in some circumstances for malware usually considered harmless to be literally dangerous if it finds its way onto a critical system,” the expert concluded.
In an official press release, RWE said that the malware was found during “preparatory testing work”. Research from earlier this year has suggested that countries around the world are underprepared when it comes to cyberattacks.
The third edition of the Nuclear Threat Initiative’s (NIT) Nuclear Security Index revealed that approximately half the countries assessed do not have a single requirement in place to protect their nuclear facilities from this threat. “Like all critical infrastructure, nuclear facilities are not immune to cyberattacks,” the paper highlighted in January. “That reality is particularly worrisome, however, given the potentially catastrophic consequences of a cyberattack on a nuclear facility.”

27.4.16

BeautifulPeople.com experiences data breach: 1m affected



The personal data of around 1.1 million people could be sold off on the black market after it was revealed that the dating website BeautifulPeople.com had experienced a data breach. The company describes its service as “online dating for beautiful people only”, as aspiring members must first win approval from the app’s accepted users before being paired up with like-minded individuals.
The leaked private information could include member’s names, addresses, sexual preference, relationship status, phone numbers, email addresses and even private messages. The sensitive nature of the attack is reminiscent of last year’s disastrous Ashley Madison breach, although on a smaller scale than the 37 million users who were affected last summer.
According to a report by Wired, the flaw was first discovered last December when security researcher Chris Vickery found the information via the database management software MongoDB. Although Mr. Vickery informed Beautiful People that its database was exposed, the information was apparently taken from the database by one or more unknown parties before the company had a chance to make it private.
Beautiful People has described the database containing the information as a “test server”, although it will make little difference to the victims which could include anyone who signed up to the site before mid-July 2015.
Mr. Vickery told Forbes, which originally reported this story, that the database he’d obtained contained over 15 million messages between users. The company has said that all victims were notified of the incident in December, and will be contacted again in light of this latest development.

This incident serves as another reminder to be extra careful when handing over sensitive details. Good looks may get you a long way in life, but they won’t help protect you against cybercriminals. 

Ransomware and the Internet of Things



We all know that ransomware has become a huge problem, hitting businesses and consumers alike as it encrypts valuable data and attempting to extort sometimes large sums of money for safe recovery.
But at least we can console ourselves with one thought: the threat has been confined to encrypting data on computers and web servers, or locking users out of their systems until a ransom has been paid.
But the rise of the Internet of Things (IoT) means that the nature of what we consider to be a computer is constantly widening, and these other devices could be target for ransomware in the future warns a report from the Institute for Critical Infrastructure Technology (ICIT).
The report, rather alarmingly entitled “Combatting the ransomware blitzkreig”, discusses various families of crypto-ransomware and underlines the importance of computer users to be prepared for such attacks with a layered defense.
But the particular part of the report that caught my eye was the section where it described potential future threats:
IoT devices offer a potential growth bed to any ransomware operation because the devices are interconnected by design and many pointedly lack any form of security. A selection of traditional malware will be too large to ever run on a number of IoT devices, but ransomware, predominantly consisting of a few commands and an encryption algorithm, is much lighter.
How much do you predict someone would pay to remove ransomware from a pacemaker? The scenario is not too far-fetched; in fact, it is much more deadly. Many medical devices, such as pacemakers, insulin pumps, and other medication dispersion systems are internet or Bluetooth enabled. Ransomware could utilize that open connection to infect the IoT device.
I feel that the issue the ICIT is raising in this report is not too far fetched.
We know from past experience that many cybercriminals have no qualms about putting lives in danger, and that many IoT devices suffer from weak security compared to regular computers, suffer from hard-coded passwords, may have no simple updating infrastructure, and can be riddled with a wide variety of vulnerabilities.
We have even seen devices such as CCTV cameras and routers, that you wouldn’t naturally consider the typical botnet recruits, being exploited to launch DDoS attacks.
So, what’s so different about such internet-enabled devices being meddled with in ransomware-style attacks, where the hackers demand a Bitcoin payment be made for the device’s return to normal operation? Why couldn’t ransomware target medical devices, for instance?
In 2010, a hacker remotely disabled over 100 cars in Austin Texas by hacking into an online vehicle immobilization service. How easy would it have been to have combined
If criminals believe there is easy money to be made, surely some will be tempted to explore ransomware attacks against IoT devices in future. The report goes on to quote Jon Miller from Cylance, that another form of attack against IoT devices could see attempts to reduce their battery life:
“…even light encryption on a pacemaker could decrease its battery life from about a decade to as little as a few years or even a few months because the device is not designed to sustain those operations. The more resource intensive the encryption, the more dire the situation.” Of course, anyone launching an IoT ransomware attack will need to consider just *how* they will inform the device’s owner of their financial demands. That’s obvious on a laptop, but presents more of a challenge on a pacemaker unless the attacker has also managed to determine, say, their victim’s email address.
Whether ransomware attacks against IoT devices are going to be as regular a part of our future as attacks on traditional computer systems are today, remains to be seen.
But it surely is another reason for us to be even more concerned that security is treated as a priority by all companies manufacturing internet-enabled devices.

24.4.16

SMS phishing attackers continue to pursue Apple users



A week ago I reported on my personal blog how criminals were spamming out SMS messages that claimed to come from Apple, but were actually designed to steal personal information for the purposes of identity theft.
The messages all used a cunning piece of social engineering – posing as a notice from Apple that their Apple ID was due to expire that very day – to get unsuspecting users to click on a link to a phishing website.
The SMS messages were even more convincing because they referred to recipients by name, most likely fooling some into believing that there was a genuine reason to act upon the alert and visit the site pointed to by the criminals.
Although the site the criminals were initially using – appleexpired.co.uk – was quickly blocked by the major web browsers and taken down, that didn’t take the wind out of the criminals’s sails.
In the days since it has become clear that the identity thieves have registered a series of other domains – all claiming to be related to Apple or Apple ID.
Examples have included icloudauth.co.uk, mobileicloud.uk, and icloudmobile.co.uk.
And today I received a message from a reader who has been sent a new version of the scam, pointing to a phishing site that – at the time of writing – remains online.
Read the complete article on: