IEEE Cipher --- Items from security-related news (E157)
Summary:
An examination of a legacy login procedure for Windows domain-controllers
led to the discovery of a vulnerability based on exploitation of
the cryptography in the authentication. Anyone with access to the local
network of the controller could easily reset the admin password to value of
their choice and then login as admin. Although the LAN might itself might
be protected, thus limiting the number of people who could execute the exploit,
it is still a worrisome loophole in security.
Tom Tervoort of Secura has published a whitepaper with a description of the exploit
Summary:
The first ransomware attack was easily countered, but the technique
has evolved into an effective tool for sabotage and extortion.
BitCoin's nearly anonymous nature was a boon to attackers. Victims
were forced to pay and leave identification of the perpetrators to law
enforcement. The international reach of malware makes recovery of the
money highly unlikely, and even when the criminals are identified, their
country of residence may decline to act against them.
Summary:
Ransomware technology is always changing with the times, and each year
brings in new fashions and greater effectivity. One group allegedly
made enough money to retire from the game.
Beyond simply encrypting files, some attackers have noticed that they have access to sensitive material of their victims. Threats to release the data can be more lucrative than the attempt to deny access through encryption. Thus, even if the victim is able to restore the data without paying the ransom, they still have to deal with the loss of data privacy.
Summary:
The University of Utah's College of Social and Behavioral Science had
their computers hacked in mid July. Although they detected the attack
quickly and were able to stop it and restore data, they found
themselves subjected to extortion because the hackers seemed to have
captured sensitive data about students and staff.
The Tribute says:
.. after "careful consideration" - the ransom was paid "as a proactive and preventive step to ensure information was not released on the internet."
Summary:
Garmin may have paid as much as $10M to recover from a ransomware attack that
kept it offline for 3 days. The culprits are suspected to be the highly
effective Russian-base 'Evil Corp' using the WastedLocker software. That
software was first detected in May of this year. The attacks have been
carefully targeted against large businesses and their critical infrastructure
servers. The backup services are also targeted, making independent
recovery difficult or impossible.
The infection may have been initiated by malware stored on corrupted newspaper websites. At least one such site was a US publisher, accoring to Symantec.
Summary:
Recognizing and responding to a cyberattack requires knowledge and skills
that are best learned through training. To get a realistic environment
for this, MITRE is building an open-source, configurable software environment.
Named the Adversary Emulation Library, the project is the work of the
MITRE Engenuity's Center for Threat-Informed Defense.
MITRE Corporation previously released two other emulation plans, the first for APT3 (Chinese state-sponsored hacking group) in 2017, and a second one for APT29 (Russian state-sponsored hacking group) earlier this year in 2020. The first malware system modeled by the Adversary Emulation Library is the FIN6 system that has had success in attacking point-of-sale systems.
Summary:
There are some very clever ways to exploit side effects of CPU
instruction execution, and there are clever ways to abuse
software if there is even a single error that allows "jump random".
These are difficult to eliminate, but modern kernels and loaders
and run-time detection schemes have risen to the occasion with
mitigation methods. Along comes a new technique, Blindside, that
weaves its way unscathed. How? The authors make this important assertion:
"Our results show that it is crucial to consider synergies between different (Spectre vs. code reuse) threatmodels to fully comprehend the attack surface of modern systems."full paper
Summary:
This story is about the increasing cometency of Iranian cyberhacksers and
their ability to infiltrate the devices of their enemies without detection.
The methods themselves are the usual sort of things that prompt users to
download code or grant permissions to untrustworthy apps. Nonetheless,
it shows that governments around the world are increasingly turning to
cyberhacking for maintaining their own interests.