[Cybersecurity News] 3 Jun - 10 Jun
I started developing a Cybersecurity Newsletter for those around me (parents, colleges, etc.) and was told it would be a good weekly addition here. The notes below each headline are my own and how they are relevant, a brief summary, or quotes from the article as appropriate.
Australian National University Data Breach Results in 19 Years of Visitor Data Being Stolen
https://www.theregister.co.uk/2019/06/04/hackers_slurp_19_years_of_aussie_student_data/
The event was only discovered because of upgrades due to another breach earlier in 2018. Data affected includes “names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details and passport details.”
"GoldBrute" Worm Attempts to Guess RDP Passwords
https://threatpost.com/forget-bluekeep-beware-goldbrute/145482/
https://thehackernews.com/2019/06/windows-rdp-brute-force.html
A new worm making the rounds finds systems with Remote Desktop Protocol open to the internet, and attempts commonly used (or reused) passwords. This is similar to the method used by the Mirai botnet (guessing weak/default credentials) and is one reason you should try to limit services that are directly exposed to the internet.
BlueKeep Threat Continues to Loom
https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/
https://www.exploit-db.com/docs/english/46947-analysis-of-cve-2019-0708-(bluekeep).pdf
A Metasploit (an exploitation framework) module was developed by a security researcher that proves the stability and relative ease of using the BlueKeep vulnerability to take over systems. At this time, the exploit module is being kept private to prevent it from being used by malicious actors. However, it is only a matter of time before attackers develop their own tools to take advantage of this, and scans for the vulnerability have been observed. The second link is another technical dive into how the exploit works for those of you interested in the details.
American Medical Collection Agency (AMCA) Hack Affects 20.1 Million
https://threatpost.com/amca-healthcare-hack-widens-opko/145453/
https://krebsonsecurity.com/2019/06/labcorp-7-7m-consumers-hit-in-collections-firm-breach/
The compromise of a third-party bill collection vendor affects patients of LabCorp, Quest Diagnostics, and OPKO Health. Thankfully, it seems that the information was limited to payment data, and not sensitive medical diagnostics.
Supply Chain Attack Sneaks in Backdoor on Some Android Devices
https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices/
Device manufacturers (Samsung, LG, etc.) have the opportunity to install software and drivers on phones prior to sale. At some point in the supply chain process, malware was introduced to system images built by some of the manufacturers. “Once installed, Triada's chief purpose was to install apps that could be used to send spam and display ads. It employed an impressive kit of tools, including rooting exploits that bypassed security protections built into Android and the means to modify the Android OS' all-powerful Zygote process. That meant the malware could directly tamper with every installed app.”
BGP Event Routes European Traffic Through China
https://arstechnica.com/information-technology/2019/06/the-catch-22-that-broke-the-internet/
BGP (Border Gateway Protocol) is a routing protocol used to move traffic between large internet service providers. This protocol relies primarily on trust with no inherent verification. This allows incidents like this to happen by accident (as is likely the case here) or, potentially, for traffic to be purposefully re-routed for analysis. While re-routed traffic could be monitored or modified if it is in plantext, this isn't the case for properly encrypted traffic, and is one of the reasons it's important to utilize encryption (HTTPS).
Baltimore Continues to Recover from Ransomware Incident
https://arstechnica.com/information-technology/2019/06/baltimores-bill-for-ransomware-over-18-million-so-far/
https://krebsonsecurity.com/2019/06/report-no-eternal-blue-exploit-found-in-baltimore-city-ransomware/
“[…] the city's director of finance has estimated will cost Baltimore $10 million—not including $8 million lost because of deferred or lost revenue while the city was unable to process payments. The recovery remains in its early stages, with less than a third of city employees issued new log-in credentials thus far and many city business functions restricted to paper-based workarounds.”
More “Stories of the Week”
https://blog.talosintelligence.com/2019/06/threat-source-june-6-19.html
https://nakedsecurity.sophos.com/2019/06/10/monday-review-the-hot-21-stories-of-the-week-36/