MORE TO COME? | SWIFT warns banks on cyber heists as hack sophistication grows

SWIFT, the global messaging system used to move trillions of dollars each day, warned banks on Wednesday that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.

Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds. The new warning provided detail on some new techniques being used by the hackers.

“Adversaries have advanced their knowledge,” SWIFT said in a 16-page report co-written with BAE Systems Plc’s cyber security division. “No system can be assumed to be totally infallible, or immune to attack.”

SWIFT has declined to disclose the number of attacks, identify victims or say how much money has been stolen. Still, details on some cases have become public.

Taiwan’s Central News Agency last month reported that Far Eastern International Bank lost $500,000 in a cyber heist. BAE later said that attack was launched by a North Korean hacking group known as Lazarus, which many cyber-security firms believe was behind the Bangladesh case.

Nepal’s NIC Asia Bank lost $580,000 in a cyber heist, two Nepali officials told Reuters earlier this month.

The new report described an attack on an unidentified bank. Hackers spent several months inside the network of one customer, preparing for the eventual attack by stealing user credentials and monitoring the bank’s operations using software that recorded computer keystrokes and screenshots, the report said.

When they launched the attack in the middle of the night, the hackers installed additional malware that let them modify messaging software so they could bypass protocols for confirming the identity of the computer’s operator, according to the report.

The hackers then ordered payments sent to banks in other countries by copying pre-formatted payment requests into the messaging software, according to the report.

After the hackers ended the three-hour operation, they sought to hide their tracks by deleting records of their activity. They also tried to distract the bank’s security team by infecting dozens of other computers with ransomware that locked documents with an encryption key, the report said.

While SWIFT did not say how much money was taken, it said the bank quickly identified the fraudulent payments and arranged for the stolen funds to be frozen.

source: interaksyon.com

ThyssenKrupp secrets stolen in ‘massive’ cyber attack

FRANKFURT — Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.

ThyssenKrupp, one of the world’s largest steel makers, said it had been targeted by attackers located in southeast Asia engaged in what it said were “organized, highly professional hacker activities”.

In breaches discovered by the company’s internal security team in April and traced back to February, hackers stole project data from ThyssenKrupp’s plant engineering division and from other areas yet to be determined.

“ThyssenKrupp has become the target of a massive cyber attack,” the industrial conglomerate said in a statement.

Globally, cyber attacks on banks, retailers and other businesses have led to widespread consumer and financial data losses in recent years. ThyssenKrupp’s disclosure followed last week’s attack on Deutsche Telekom routers that caused outage for nearly 1 million customers.

While revelations of industrial espionage are far rarer, estimates put the costs to businesses in the billions of dollars. China was frequently blamed for such commercial hacking attacks until the United States and China agreed not to hack each other’s businesses (reut.rs/2gewbrH).

German business magazine Wirtschafts Woche reported the attacks hit sites in Europe, India, Argentina and the United States run by the Industrial Solutions division, which builds large production plants. The Hagen Hohenlimburg specialty steel mill in western Germany was also targeted, the report added.

The company declined to identify specific locations which were infected or speculate on likely suspects. It said it could not estimate the scale of the intellectual property losses.

Big-bang counter attack

ThyssenKrupp said it waited to publicize the attack while it identified, then cleansed infected systems in one concerted, global action before implementing new safeguards to monitor its computer systems. “It is important not to let the intruder know that he has been discovered,” a spokesman said.

A criminal complaint was filed with police in the state of North Rhine-Westphalia and an investigation is ongoing, it said. State and federal cyber security and data protection authorities were kept informed at each stage, as well as Thyssen’s board.

Secured systems operating steel blast furnaces and power plants in Duisburg, in Germany’s industrial heartland in the Ruhr Valley, were unaffected, the company said.

No breaches were found at its marine systems unit, which produces military submarines and warships.

A previous cyber attack caused physical damage to an unidentified German steel plant and prevented the mill’s blast furnace from shutting down properly.

The country’s Federal Office for Information Security (BSI) revealed two years ago that the attack caused “massive damage”, but gave no further technical details and the location of the plant has remained shrouded in mystery.

Subsequent media reports identified the target as a ThyssenKrupp facility, but the company has denied it was hit.

The industrial conglomerate, along with Airbus parent EADS, were the targets of major attacks by Chinese hackers in 2012, according to a Der Spiegel report.

The company, a big supplier of steel to Germany’s automotive sector and other manufacturers, is looking to form a joint venture of its European steel operations with India’s Tata Steel to combat over-capacity in the sector.

source: interaksyon.com

Four attack techniques used by hackers

MANILA, Philippines - Security is no longer an afterthought. It’s a major component to the success of a business. This means that the Chief Information Security Officers (CISOs) need a spot at the executive table to ensure the IT security plans align with the business goals and objectives.

We are all connected to the Internet which is great; however being connected also means that we are all in a very large ecosystem.

It’s important to realize that anything happens with one company will often affect many other companies. Direct business partners will be affected and even the most remote company can be affected.

Many of the attack techniques used today are similar to the attack few years ago. However, there are some mounting cyber problems that are enabling the attackers to deliver their exploit more effectively and stealthier.

One of them being social media and on-line services. Everyone today is using some form of social media such as Facebook and LinkedIn, as well as online dating sites.

Because of this, attackers are shifting their entry points into user’s devices via these sites via social engineering, preying on the human emotions side. Social Engineering concepts are the same, but the attack vector or surface has changed. Next is the evasion techniques used by the attackers. The ability for the attacker to conceal themselves continues to advance. Because of this often times just having traditional anti-virus is not enough.


Below are techniques used by hackers, according to Anthony Giandomenico, Senior Security Strategist, FortiGuard Labs, Fortinet

Phishing Attack

Amongst the new hacking techniques, phishing attack is most likely the number one way to gain unauthorized access to company networks. A phishing email will attach a piece of malware or a malicious link, and is created to look legitimate and enticing for users to click the link.

Drive-by Attack

Another technique used by the hackers is the drive-by attack. The attackers will compromise a website and install a malicious java script that will redirect an unsuspecting user to another website containing malicious payload (malware) that will then be downloaded in the background to the user’s device. In a targeted attack, the attackers will spend many months researching websites that companies or industries will frequent and infect those websites.

Malvertising

The next technique used is malvertising. This attack is similar to the drive-by attacks except for the attacker will focus on infecting the advertising sites. An attacker can infect one ad site which in turn could infect 1000s of other websites. More bang for your buck!

Mobile Attack

Last but not least, the mobile attack. Many attacks against mobile devices are similar to the above listed attacks; they are just targeting the mobile device. In addition, malware can be delivered through SMS messages or they mask themselves as other fun applications such as games or even pornography.

Once the attacker has successfully breached a network and is sitting on a user’s device such as a laptop/desktop or mobile devices, the attacker now needs to download more malware and tools to complete their missions. Usually the data they are looking for is not on the workstations; it’s in the servers/databases and such.

As mentioned above, the usual entry point into the network is through users clicking on malicious links. Once the user device is compromised, the attackers will start moving about the network to find the data they are looking for. This is where network segmentation becomes extremely important. One, it helps reduce the impact of the breach since a company can isolate the breach to a specific location while not affecting the rest of the network. Also, it allows for sensitive data to be zoned in a higher security area which will give the bad guys a tougher time to exfiltrate data. Lastly, “You can’t protect and monitor everything within your networks”. The networks are too large and complex; so find the critical data, isolate it and put more granular focus on monitoring the avenues of approach to that data.

source: philstar.com

Mandarin Oriental says hackers stole credit card data

NEW YORK — Hackers broke into the Mandarin Oriental luxury hotel group’s database and stole credit card information from “an isolated number” of its properties in the United States and Europe.

“The incident is a direct result of an unauthorized cyber-attack,” the Hong Kong-based group said in a statement Thursday.

“Unfortunately incidents of this nature are increasingly becoming an industry-wide concern and therefore we have also alerted our technology peers in the hospitality industry.”

The hotel group said the breach came from malicious software that was “undetectable by all anti-viral systems.”

Mandarin said it had removed the malware and was “coordinating with credit card agencies, law enforcement authorities and forensic specialists to ensure that all necessary steps are taken to fully protect our guests and our systems across our portfolio.”

The luxury lodging group did not identify the hotels affected but said none of them were in Asia.

“We can confirm that only an isolated number of hotels in the US and Europe have been affected,” the statement said.

“Moreover, from the information we have to date, the breach has only affected credit card data and not any other personal guest data, and credit card security codes have not been compromised.”

Part of the Jardine Matheson group, Mandarin Oriental operates some 45 hotels in 25 countries.

source: interaksyon.com

OH SNAP! | Hackers expose trove of snagged Snapchat images

SAN FRANCISCO — A huge trove of evidently intercepted Snapchat images and videos were exposed online Friday, raising fears about what may be revealed in messages intended to vanish seconds after beng viewed.

In what was being referred to as “The Snappening,” people who used a third-party program instead of the official Snapchat application had copies of supposedly transient missives squirreled away by hackers who began posting them online late Thursday.

About half of Snapchat users are reported to be 17 years old or younger, raising worries that sexy self-shot images they thought would disappear will be shared on the Internet in what would amount to child pornography.

Snapchat released a statement Friday saying the startup’s servers were not breached, nor were they the source of the leaked images.

The San Francisco-based company maintained that “Snapchatters were victimized” due to the use of outside applications to send or receive “Snaps” in a practice prohibited under the startup’s terms of service.

Outside applications being eyed as sources for purloined Snapchat pictures are designed to let users undermine the intent of the service by keeping copies of self-destructing pictures sent or received.

Malicious apps

Unsanctioned mobile applications that basically hack into Snapchat have apparently been gathering copies of messages for years, storing them at a computer or computers online.

Hackers boasted a 13 gigabyte library of imagery, according to a report at news website Business Insider.

“Anybody who saw all those third-party Snapchat hack apps in the App Store should have seen it coming,” said Nico Sell, founder of encrypted mobile messaging service Wickr and an organizer of the DefCon gathering of hackers annually in Las Vegas.

“You could tell that those were semi-malicious apps.”

That is among reasons Wickr blocks third-party apps from working with the service, and why its messages “see no other computer” than the one they are sent to, according to Sell.

“Technically, it could have been solved,” Sell said of The Snappening.

“It could also be solved by the ecosystem not letting those apps exist.”

Users of anonymity focused online forum 4chan have been downloading the swiped Snapchat messages and are constructing a searchable online archive, Business Insider reported.

The boasted 13 gigabytes of files could equal about a billion low-resolution images, by some estimates.

Snapchat rocketed to popularity, especially among teens, after the initial app was released in September 2011. Created by then Stanford University students, the app allows the sending of messages that disappear shortly after being viewed.

source: interaksyon.com

FBI warns of US government breaches by Anonymous hackers

Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week.

The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, then left “back doors” to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters.

The memo, distributed on Thursday, described the attacks as “a widespread problem that should be addressed.” It said the breach affected the U.S. Army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.

Investigators are still gathering information on the scope of the cyber campaign, which the authorities believe is continuing. The FBI document tells system administrators what to look for to determine if their systems are compromised.

An FBI spokeswoman declined to elaborate.

According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts.

The email, dated October 11, said officials were “very concerned” that loss of the banking information could lead to thieving attempts.

Officials said the hacking was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly hacking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere.

Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe’s ColdFusion software, which is used to build websites.

Adobe spokeswoman Heather Edell said she was not familiar with the FBI report. She added that the company has found that the majority of attacks involving its software have exploited programs that were not updated with the latest security patches.

The Anonymous group is an amorphous collective that conducts multiple hacking campaigns at any time, some with a few participants and some with hundreds. In the past, its members have disrupted eBay’s Inc PayPal after it stopped processing donations to the anti-secrecy site Wikileaks. Anonymous has also launched technically more sophisticated attacks against Sony Corp and security firm HBGary Federal.

Some of the breaches and pilfered data in the latest campaign had previously been publicized by people who identify with Anonymous, as part of what the group dubbed “Operation Last Resort.”

Among other things, the campaigners said the operation was in retaliation for overzealous prosecution of hackers, including the lengthy penalties sought for Aaron Swartz, a well-known computer programmer and Internet activist who killed himself before a trial over charges that he illegally downloaded academic journal articles from a digital library known as JSTOR.

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,” the FBI wrote. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

source: interaksyon.com

US Energy Department hacked, says no classified data was compromised

WASHINGTON — The Department of Energy’s electronics network was attacked by hackers in mid-January but no classified data was compromised, the agency said in a letter to employees.

The attack “resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information,” the Energy Department said in the letter, which was received by employees at its headquarters in Washington late on Friday and obtained by Reuters on Monday.

The department said it was working with federal law enforcement to gather more information on the nature and scope of the attacks and assess the potential impact on staff and contractors. “Based on the findings of this investigation, no classified data was compromised,” the letter said.

Government agencies are required to disclose details when confidential personal data has been hacked. But there are no laws requiring them to disclose information when classified data is raided by hackers.

It was not clear which divisions at the agency’s headquarters were breached in the attack, and it was also uncertain who the hackers were or where they were based.

A department spokesman declined to comment, and a spokesman for the Energy Information Administration, which publishes data that helps keep oil, gas and electricity markets stable, deferred to DOE headquarters.

Government agencies and contractors handling classified information are supposed to use special safeguards to protect classified information from disclosure.

The most highly classified information, such as intelligence information, is supposed to be stored on systems that are completely isolated from the Internet.

Over the years, flaws in the systems for handling classified information have emerged, however. In the past, Energy Department installations that design and build nuclear weapons, including the Los Alamos National Lab in New Mexico, have faced scandals over alleged mishandling of classified information.

In 2006, for example, after raiding a house trailer containing a suspected small methamphetamine lab, local police found three computer memory sticks containing classified information downloaded from the Los Alamos lab’s computers.

One of the largest security scandals in modern U.S. history, the leaking of hundreds of thousands of State Department cables and military reports to the website WikiLeaks, allegedly occurred because, in an effort to share intelligence more widely with operations in the field, agencies sent classified reports electronically to battlefield intelligence units, where data protection measures were lax.

Among the material obtained by WikiLeaks, however, not a single document that has surfaced to date was classified higher than “secret” – a fairly low-grade classification. Intelligence officials were not particularly alarmed by the WikiLeaks leaks because none of their truly sensitive material was leaked.

In late 1999, a Los Alamos nuclear weapons scientist born in Taiwan, Wen Ho Lee, was arrested and indicted for allegedly mishandling classified information from the lab. However, prosecutors ultimately dropped all but one charge against him, to which he pleaded guilty, and the case ended with Lee receiving settlement payments from the government and some news organizations.

The Energy Department said in its letter that it was increasing monitoring across its networks and deploying tools to protect sensitive assets.

source: interaksyon.com

400,000 Yahoo! user names, passwords stolen, published on the Web

BOSTON — More than 400,000 Yahoo Inc user names and passwords were stolen and published on the Web, putting other websites at risk as well, after hackers exploited a vulnerability in Yahoo!’s computer systems.

Some logins for Google Inc, AOL Inc and Microsoft Corp services were among those compromised. The three companies said they required affected users to reset passwords for sites including Gmail, AOL, Hotmail, MSN and Live.com.

Yahoo issued a statement apologizing for the breach, the latest setback for a company that has lost two chief executives in a year and is struggling to revive stalled revenue growth.

Chairman Alfred Amoroso acknowledged that Yahoo had experienced a “tumultuous” year at its annual shareholder meeting on Thursday morning. Interim CEO Ross Levinsohn told attendees he was optimistic about the company’s progress.

The breach prompted criticism from security experts who said that a major Internet firm like Yahoo should do a better job at protecting user data.

“This points to some very lax security practices,” said Rob D’Ovidio, associate professor of criminal justice at Drexel University.

As an example, he noted that the hackers were able to produce more than 400,000 cleartext passwords within a day. That indicates that Yahoo either did not encrypt them at all or used an encryption method that was easy to crack, he said.

The professional networking service LinkedIn recently came under similar criticism. Security experts chided the company for failing to use sophisticated encryption practices to secure its passwords, millions of which were released following a breach last month.

What happened?

Yahoo! spokeswoman Dana Lengkeek said “an older file” had been stolen from Yahoo! Contributor Network, an Internet publishing service that Yahoo! purchased about two years ago. It helps writers, photographers and videographers to sell their work over the Web.

“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users’ accounts may have been compromised,” she said.

AOL said the Yahoo data published on the Web included valid passwords for 1,699 accounts. Microsoft and Google declined to provide similar numbers.

Other firms whose customers were at risk include Comcast Corp, Verizon Communications Inc and AT&T, Rapid7 researcher Marcus Carey said. He estimated that tens of thousands of accounts of users of services other than Yahoo were affected by the breach.

AT&T and Verizon did not have any immediate comment. Officials with Comcast could not be reached.

AOL Senior Vice President David Temkin said spammers typically use credentials like the ones stolen from Yahoo to break into email accounts and use them to send out spam.

“In this case, I think we actually got ahead of it before the people who stole those accounts were able to use them,” Temkin said.

The five most popular passwords in the group were “123456″, “password”, “welcome”, “qwerty” and “ninja”, according to an analysis by anti-virus software maker ESET.

source: interaksyon.com