Hacker Sells Stolen U.S. Military Drone Documents on Dark Web
Cybercrime tracker Recorded Future today reported that it discovered a hacker attempting to sell secret documents about the MQ-9 Reaper drone used across federal government agencies for only a few hundred dollars on a Dark Web forum last month.
First introduced in 2001, the MQ-9 Reaper drone is currently used by the U.S. Air Force, the U.S. Navy, U.S. Customs and Border Protection, NASA, the CIA, and the militaries of several other countries.
The tech intelligence’s Insikt Group analysts found the hacker during their regular monitoring of the dark web for criminal activities. They posed as potential buyers and engaged the newly registered hacker before confirming the validity of the compromised documents.
Insikt Group analysts learned that the hacker managed to obtain the sensitive documents by gaining access to a Netgear router located at the Creech Air Force Base that was using the default FTP login settings for file sharing.
After gaining access to the network, “the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU,” the researchers said.
“The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve,” the group said.
The extent of the breaches has yet to be determined.
Gartner Reports: Only 65% of Organisations Globally have Cybersecurity Experts
According to Gartner’s “2018 CIO Agenda Survey”, digital security staffing shortages and skill imbalances continue to be the plague for organizations undergoing digitalization. The states that, only 65 percent of organizations globally have a cybersecurity expert even as 96 percent of Chief Information Officers (CIOs) expect cyber threats to increase over the next three years.
The survey gathered data from 3160 CIO respondents in 98 countries across major industries representing approximately $13 trillion in revenue/public sector budgets and $277 billion in IT spending.
“In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data. CIOs can’t protect their organizations from everything, so they need to create a sustainable set of controls that balance their need to protect their business with their need to run it,” Rob McMillan, Research Director at Gartner, said in a statement.
Gartner also reports that as per the findings, many CIOs consider growth and market share as the top-ranked for business priority and 60 percent of security budgets will be in support of detection and response capabilities by 2020. 35 percent of organizations have already invested in and deployed some aspect of digital security while an additional 36 percent are actively planning to implement one.
“The bad news is that cybersecurity threats will affect more enterprises in more diverse ways that are difficult to anticipate,” McMillan added.
Gartner recommends Chief Information Security Officers (CISOs) to continue to build bench strength through innovative approaches to develop the security team’s capabilities for their organizations.
India to Cooperate with the United Kingdom in Internet Governance, Cyber-Crime, and Cyber-Security
Mr. Ravi Shankar Prasad, India’s minister for Law & Justice and Electronics and Information Technology in his visit to United Kingdom last week signed an MoU to boost bilateral cooperation in the fields of IT and legal affairs that promotes greater co-operation between judicial and legal professionals in both the countries by providing a framework for exchange of expertise and training.
Mr. Ravi Prasad met with Mr. David Gauke, the Secretary of State for Justice, UK and Mr. Jeremy Wright, the Secretary of State for Digital, Culture, Media and Sports and outlined some of the opportunities that have opened up as a result of rapid growth of the digital profile and digital penetration of India. He asked the UK minister to encourage UK Tech Firms to take advantage of these and invest in India.
The National Association of Software and Services Companies (NASSCOM) and its counterpart TechUk jointly organized a Round Table meeting chaired by Mr. Ravi Prasad and hosted many leading Indian and UK IT firms like Wipro, Infosys, TCS, WNS, First Source. BBC, NTT. Here, the Minister appreciated the interested shown out by UK companies in India’s digital story and highlighted some of the key areas like artificial intelligence and cybersecurity as the key areas of growth.
CompTIA to Launch New Training Collaborations Owing to India’s Critical Cybersecurity Threats
CompTIA, global IT certifications leader has entered into commercial training partnerships with four of the most dominant entities in IT skills training space: SpringPeople and Suchi Managed services for pan India, Infosec Train for Delhi, Pune, Bangalore and Chennai and Cybersecurityindia for Mumbai and Pune due to the projections of cybersecurity market in India to grow at a rate of 19% every year.
The demand for cybersecurity professionals is increasing every year and it includes both leadership and lower levels. As per reports, conventional training lacks the skills that the cybersecurity companies look for. Keeping this context in mind CompTIA’s globally recognized and state-of-the-art courses can help to bridge the skill-gap through these authorized training partners to upgrade professional and vocational resumes in the evolving field of cybersecurity. The courses imparted will be: CompTIA Security +, CompTIA CYSA + and CASP, CompTIA Pentest +, CompTIA Cloud + and CompTIA Network+.
“We have focused on cybersecurity because it is one of the biggest imperatives of the today. It is estimated that in the near future, people would be connected to hundreds of billions of smart gadgets and devices. Consider what happens when you lose your phone. You are deprived of your contacts, account numbers and GPS to determine your location. Business organizations could lose significant amounts of data and money in terms of personnel required to collect and analyze them, strategic calculations, intellectual property, financial information that could be used to siphon off millions of rupees and so on. These points of interface add to our dependence and vulnerability. Because human ingenuity is continuously evolving, so are the ways in which sensitive data can be accessed and misused. That is why businesses will have to invest considerably in security risk management and mitigation systems as well as trained professionals”, says Pradipto Chakrabarty, Regional Director, CompTIA India.
Mobile Fitness App Polar Revealed Data on Military, Intelligence Personnel
Mobile fitness app Polar has suspended its location tracking feature after security researchers found it had revealed sensitive data on military and intelligence personnel from 69 countries.
The revelation on the application from Finnish-based app Polar Flow comes months after another health app, Strava, was found to have shown potentially sensitive information about US and allied forces around the world. Security researchers in the Netherlands said Sunday they were able to find data on some 6,000 individuals including military personnel from dozens of countries and employees of the FBI and National Security Agency.
The disclosure illustrates the potential security risks of using fitness apps which can track a person’s location, and which may be “scraped” for espionage.
“With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning,” security researcher Foeke Postma said in a blog post on Sunday after an investigation with the Dutch news organization De Correspondent.
The investigation found detailed personal information, including home addresses, of military personnel, persons serving on submarines, Americans in the Green Zone in Baghdad and Russian soldiers in Crimea, the researchers said.
Polar said in a statement it was suspending the app’s feature that allowed users to share data while noting that any data made public was the result of users who opted into location tracking.
“It is important to understand that Polar has not leaked any data, and there has been no breach of private data,” the statement said.
According to De Correspondent, only about two percent of Polar users chose to share their data, but that nonetheless allowed anyone to discover potentially sensitive data from military or civilian personnel.
In January, the Pentagon said it was reviewing its policies on military personnel use of fitness application after Strava’s map showed a series of military bases in Iraq as well as sites in Afghanistan.
LabCorp System Hacked for Possible Data Breach of Millions of Records
A US-based diagnostic laboratory LabCorp suffered a hacking attempt earlier this week. The hackers possibly hacked the company’s system to gain access to the private records. Upon noticing a suspicious activity, the IT officials shut down the company’s system.
“During the weekend of July 14, 2018, LabCorp detected suspicious activity on its information technology network. LabCorp immediately took certain systems offline as part of its comprehensive response to contain the activity.”
After the system shut down on Sunday morning, the patients could not access their test results and other required details over the weekend. However, the firm assures that the workers are trying their best to restore the system.
“Work has been ongoing to restore full system functionality as quickly as possible, testing operations have substantially resumed today, and we anticipate that additional systems and functions will be restored through the next several days.”
After the incident, the firm took quick actions to stop the suspicious activity. They also began investigations to find out the extent of this cyber-attack. “LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation.”
For now, LabCorp has not released any general explanation about the incident, nor does it currently suspect any data breach.
Cyber Attack on iPhones Using Open Source MDM Solution
As per a report by Talos, recently discovered cyber-attacks targeting iPhone users have been using an open source mobile device management (MDM) system to control enrolled devices.
Enrollment of targeted devices could be performed via physical access or social engineering, but Talos could not determine which method the attackers used. As part of a highly targeted campaign, the attackers went to great lengths in their attempt to replace specific apps and intercept user data.
With the use of the MDM solution, the actor deployed five applications to the 13 targeted devices in India. As a result, they were able to steal SMS messages, view the device location, and exfiltrate data. Apple has been informed of the attack and has already acted against the certificates the attackers used.
Talos security researchers discovered that the attackers added features to legitimate apps (including WhatsApp and Telegram) using the BOptions sideloading technique. Then, the MDM was used to deploy the apps onto targeted devices.
The injected malicious code could gather and steal information such as phone number, serial number, location, contacts, user’s photos, SMS and Telegram and WhatsApp chat messages.
The malware appears to have been in use since August 2015, logs on the MDM server and the command and control (C&C) server reveal. Based on other information found on these servers, Talos believes that the malware author works out of India.
“At the time, it is unclear who the targets of the campaign were, who was the perpetrator, or what the exact purpose was. It’s very likely the vector for this campaign was simply social engineering – in other words asking the user to click “ok”. This type of vector is very difficult to defend against since users can often be tricked into acting against their best interests,” Talos concludes.
Indian Government to Prefer Domestic Firms for Tech Security
The Centre has mandated giving preference in all public procurement to locally produced cybersecurity products where intellectual property rights are owned by companies or start-ups incorporated in India.
The Ministry of Electronics and Information Technology said in an order that it “hereby notifies that Cyber Security being a strategic sector, preference shall be provided by all procuring entities to domestically manufactured/produced Cyber Security Products.”
The notification is based on Public Procurement (Preference to Make in India) Order 2017 which aims to enhance income and employment in the country.
Preference will be granted to a firm incorporated and registered in India or to start-up firms that meet the prescribed definition, provided revenue from the product and intellectual property licensing accrues to the firm in India. Though IP registration is not mandatory in the country, a firm claiming benefit should have the right to use and commercialize the product without third party-consents, distribute and modify it, the order said.
“It is imperative for a country to use and promote indigenous cybersecurity products to protect our information space as well as bring economic prosperity,” Innefu Labs co-founder Tarun Wig said.
As per the order, resellers, dealers, distributors, implementation or support services agencies of products – which may have limited rights to IP to enable transfer of rights to use, distribute and modify – will not be eligible for getting preference under the scheme.
New ActiveX Attacks Launched by North Korean Hackers
North-Korean-linked Andariel group, a known branch of Lazarus Group has been found associated with a new series of reconnaissance attack targeting ActiveX Objects. In May, the group was found exploiting an ActiveX Zero-day vulnerability in a series of attacks on South Korean targets.
Injected scripts into compromised websites would identify the visitors’ operating system and browser, check for ActiveX and run plugins from a specific list of ActiveX components if Internet Explorer is detected.
The attack launched now differs from the previous attacks as the earlier the group collected targeted ActiveX objects on users’ Internet Explorer browser and only launched zero-day exploit after identifying the right targets. But the similarity in scripts has made researchers believe that the same group is behind the campaigns.
The new script was designed to collect information such as browser type, system language, Flash Player version, Silverlight version, and multiple ActiveX objects and also included code to connect web socket to localhost.
Cybersecurity Strategy at Crossroads in White House
Cybersecurity Experts are worried about the lack of unified front by the Trump’s administration in the wake of Russian election-hacking as President Donald Trump attempted to walk back his public dismissal of his intelligence agencies’ findings pointing Russia.
This fallout due to Trump’s apparent disconnect with his intelligence officials and others in the administration is leading to major concern about the cybersecurity strategy is unraveling.
The indictment provided by US Intelligence has the names of Russians, as well as how they led the hacks of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and employees of Democratic presidential candidate Hillary Clinton’s campaign leading to strategic online leaks. In addition to that website of a state election board was infiltrated and information on 500,000 voters was pilfered.
But after the meet with Russian President Vladimir Putin, Trump has disputed the reports of the US Intelligence. “I have full, great faith in US intelligence,” he said at the White House after meeting. “The Russians had no impact at all on the outcome of the election. I accept our intelligence community’s conclusion that Russia’s meddling in the 2016 election took place,” Trump said, adding, “Could be other people also.” After press conference though, Daniel Coats, Trump’s director of national intelligence issued a statement standing by the US intelligence findings.