Tag Archive for cyber attack

| November 10, 2016
Comments Off on Bad Passwords Crippled the Web

Bad Passwords Crippled the Web

Bad Passwords Crippled the WebFollowers of the Bach Seat know that passwords suck and now default passwords really suck. In fact, default passwords seem to be a key part of the massive DDOS attack that disabled large parts of the Internet on October 21, 2016. The cyberattack targeted Internet traffic company DYN. DYN provides DNS services for many high-profile sites. Some of the sites affected by the attack on Dyn included; Amazon (AMZN), Business Insider, New York Times, Reddit, and Twitter (TWTR).

Security researcher Brian Krebs, whose site, krebsonsecurity.com, was one of the first sites hit by a massive 620 GB/s DDoS attack, has reported the Mirai botnet was at the center of the attack on his site. CIO.com reports  ‘Mirai’ can break into a wide range of Internet of Things (IoT) devices from CCTV cameras to DVRs to home networking equipment turning them into ‘bots. CIO reports a single Chinese vendor, Hangzhou Xiongmai Technology made many of the devices used in the Mirai attacks.

Level 3 Communications says there are nearly half a million Mirai-powered bots worldwide. To amass an IoT botnet, a Mirai bot herder scans a broad range of IP addresses, trying to login to devices using a list of default usernames and passwords that are baked into Mirai code, according to US-CERT. The Mirai zombie devices are largely security cameras, DVRs, and home routers. Mr. Krebs identified some of the specific devices.

Mirai Passwords

UsernamePasswordFunction
admin123456
root123456ACTi IP camera
adminpassword
admin1password
rootpassword
admin12345
root12345
guest12345
admin1234
root1234
administrator1234
888888888888
666666666666Dahua IP camera
admin(none)
admin1111Xerox printers, etc.
admin1111111Samsung IP camera
admin54321
admin7ujMko0adminDahua IP camera
adminadmin
adminadmin1234
adminmeinsmMobotix network camera
adminpass
adminsmcadminSMC router
Administratoradmin
guestguest
motherfucker
root(none)Viviotek IP camera
root00000000Panasonic printers
root1111
root54321Packet8 VoIP phone
root666666Dahua DVR
root7ujMko0adminDahua IP camera
root7ujMko0vizxvDahua IP camera
root888888Dahua DVR
rootadminIPX-DDK network camera
rootankoAnko Products DVR
rootdefault
rootdreamboxDreambox TV receiver
roothi3518HiSilicon IP Camera
rootikwbToshiba network camera
rootjuantechGuangzhou Juan Optical
rootjvbzdHiSilicon IP Camera
rootklv123HiSilicon IP Camera
rootklv1234HiSilicon IP Camera
rootpass
rootrealtekRealtek router
rootroot
rootsystemIQinVision camera, etc.
rootuser
rootvizxvDahua camera
rootxc3511H.264 - Chinese DVR
rootxmhdipcSenzhen Anran security camera
rootzlxx.EV ZLX two way speaker
rootZte521ZTE router
serviceservice
supervisorsupervisorVideoIQ
supportsupport
techtech
ubntubntUbiquiti AirOS Router
useruser

US-CERT says the purported author of Mirai claims to have 380,000 IoT devices are under its control. Some estimate the botnet has generated greater than 1Tbps DDoS attacks.

DDOS attackWhen Mirai botnets are called upon to carry out DDoS attacks, they can draw on a range of tools including ACK, DNS, GRE, SYN, UDP and Simple Text Oriented Message Protocol (STOMP) floods, says Josh Shaul, vice president of web security for Akamai.

rb-

Followers of Bach Seat already know that many of the default passwords used by Mirai are among the worst and should have been changed already. They include:

  • Password
  • 123456
  • 12345
  • 1234

While reports say, Chinese vendor, XiongMai Technologies equipment was widely exploited, other notable tech firms are included. The Mirai zombie army includes equipment from Xerox (XRX), Toshiba (TOSBF), Samsung (005930), Panasonic (6752), and ZTE (763).

I wrote about security cameras being compromised as part of botnets back in July here.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| December 15, 2015
Comments Off on Giving Safely

Giving Safely

Giving SafelyIt is the holiday season and most people want to try to be a little nicer. During the giving season, you need to stay vigilant and protect those that are not so tech-savvy from fraudsters who want to rip you off during this season of goodwill. Cyber thieves can use social networking sites and mobile devices to solicit fake donations to take advantage of your charity. Experts recommend that no matter how they reach out to you, post-office, Facebook, email, phone, or text, avoid any charity or fundraiser that:

  • ake advantage of your charityRefuses to share detailed information about its identity, mission, costs, and how the donation will be used.
  • Won’t give proof that a contribution is tax-deductible.
  • Uses a name that closely resembles that of a better-known, reputable organization.
  • Thanks you for a pledge you don’t remember making.
  • Uses high-pressure tactics like trying to get you to donate immediately, without giving you time to think about it and do your research.
  • Asks for donations in cash or asks you to wire money.
  • Offers to send a courier or overnight delivery service to collect the donation immediately.
  • Guarantees sweepstakes winnings in exchange for a contribution. (By law, you never have to give a donation to be eligible to win a sweepstakes.)

To slow down the cyber-thieves, take the following precautions to make sure your donation helps the causes you want to help and not the scammers:

  • Ask for detailed information about the charity, including name, address, and telephone number.
  • Get the exact name of the organization and do some research.
  • Call the charity. Find out if the organization is aware of the solicitation and has authorized the use of its name.
  • Check if the charity is trustworthy by contacting the
  • Keep a record of your donations.
  • Make an annual donation plan. That way, you can decide which causes to support and which reputable charities should receive your donations.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Holidays | Tags: , , , , , , ,
| January 3, 2012
Comments Off on Internet of Things

Internet of Things

Internet of ThingsOnce upon a time, back in 2005, there was a time when “using the Internet” always meant using a computer. Today getting on the Intertubes is an expected feature for many devices. The next digital frontier is the physical world, where the “Internet of Things.” The Internet of Things will bring an online ability to objects.

Twine Sensor Connects Household Objects to the Internet

Twine Sensor Connects Household Objects to the Internet Tested.com notes a Kickstarter project from two MIT Media Lab alums who developed a way to make the Internet of Things more available. A small, durable “Twine” sensor listens to its environment and reports back over Wi-Fi. The creators hope their new product will let regular users, even those without programming knowledge, digitally manage their surroundings.

A basic Twine unit senses temperature and motion, but other options like moisture detection, a magnetic switch, and more can be added using a breakout board. The various sensors and built-in Wi-Fi can be powered by either a mini-USB connection or two AAA batteries, which will keep it running for months. Twine readings get wirelessly loaded into the appropriately named Spool web app, where users can set simple if-then triggers that create SMS messages, tweets, emails, or specially configured HTTP requests.

For a donation of $99 or more will get you a basic unit when they ship in March.

Related articles

THE SMART FRRRIDGE. Chilly Forecast for Internet Frrridge

Internet FridgeThe Smart Frrridge is a new version of the familiar kitchen apparatus. According to Medienturn the new fridge comes with a built-in computer that can be connected to the internet. It is one of a growing class known as “Internet appliances” that include not only smartphones but also web-enabled versions of typical household appliances.

The refrigerator keeps an eye on the food in it by using RFID technology, a digital camera, and image processing. These technologies allow the fridge to keep track of what’s in it, how long has this been there, should it be trashed?

To keep in contact with the Smart Frrridge all you have to do is to pick up your mobile phone and call. It will be able to suggest a menu that uses the foods inside and generate a shopping list of the missing ingredients and place the order online.

The Smart Frrridge cab also be used to watch television, listen to music, to take a photograph, save it to an album, or post it to a website, or send it to an email recipient. The comes with a docking station you can just dock in your Apple (AAPL) iPod or iPhone and start using all your favorite cooking apps.

Related articles

SCADA: How Big a Threat?

Cyber attackerThere are reports of two recent cyber attacks on critical infrastructure in the US. Threatpost says the hacker who compromised the water infrastructure for South Houston, TX, said the district used a three-letter password, making it easy to break in.

There are also reports that a cyberattack destroyed a water pump belonging to a Springfield, IL water utility. There are mixed reports that an attacker gained unauthorized access to that company’s industrial control system.

According to DailyWireless, Supervisory Control And Data Acquisition (SCADA) software monitors and controls various industrial processes, some of which are considered critical infrastructure.

Researchers have warned about attacks on critical infrastructure for some time, but warnings became reality after a highly complicated computer worm, Stuxnet, attacked and destroyed centrifuges at a uranium enrichment facility in Iran.

German cybersecurity expert Ralph Langner found Stuxnet, the most advanced worm he had ever seen. The cybersecurity expert warns that U.S. utility companies are not ready to deal with the threat.

In a TED Talk Langner stated that “The leading force behind Stuxnet is the cyber superpower – there is only one, and that’s the United States.”

In a recent speech at the Brookings Institution, he also made the bigger point that having developed Stuxnet as a computer weapon, the United States has in effect introduced it into the world’s cyber-arsenal.

Related articles

New NIST Report Sheds Some Light On Security Of The Smart Grid

NISTDarkReading reports the National Institute of Standards and Technology (NIST) released a report (PDF) by the Cyber Security Coordination Task Group. The report from the Task Group which heads up the security strategy and architecture for the nation’s smart power grid includes risk assessment, security priorities, as well as privacy issues.

The smart grid makes the electrical power grid a two-way flow of data and electricity allows consumers to remotely monitor their power usage in real-time to help conserve energy and save money. DarkReading says researchers have raised red flags about the security of the smart grid. Some have already poked holes in the grid, including IOActive researcher Mike Davis, who found multiple vulnerabilities in smart meters, including devices that don’t use encryption nor do they authenticate users when updating software. He was able to execute buffer overflow attacks and unleash rootkits on smart meters.

Tony Flick, a smart grid expert with FYRM Associates, at Black Hat USA talked (PDF) about his worries over utilities “self-policing” their implementations of the security framework. “This is history repeating itself,” Mr. Flick said in an interview with DarkReading.

According to DarkReading, the report recommends smart grid vendors carry out some pretty basic security practices:

  • Audit personally identifiable information (PII) data access and changes;
  • Specify the purpose for collecting, using, retaining, and sharing PII;
  • Collect only PII data that’s needed;
  • Anonymize PII data where possible and keep it only as long as necessary;
  • Advanced Metering Infrastructure (AMI) must set up protections against denial-of-service (DoS) attacks;
  • Network perimeter devices should filter certain types of packets to protect devices on an organization’s internal network from being directly affected by denial-of-service attacks;
  • The AMI system should use redundancy or excess capacity to reduce the impact of a DoS;
  • AMI components accessible to the public must be in separate subnetworks with separate physical network interfaces;
  • The AMI system shall deny network traffic by default and allows network traffic by exception;
  • Consumers’ access to smart grid meters be limited. Authorization and access levels need to be carefully considered.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| April 2, 2011
Comments Off on Adobe Notes

Adobe Notes

Malicious PDF Files Becoming the Attack Vector of Choice

Adobe PDF ZDNet points out a report from Symantec’s MessageLabs that malicious PDF files outpace other malicious attachments used in targeted attacks and now represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.

The report says that office-based file formats are a popular and effective choice used in some targeted attacks. Cybercriminals attempt to bypass spam and email filters by distributing the ubiquitous PDF that is often allow to pass through these layers of protection. In 2009, about 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010, an increase of 12.4%. MessageLabs Intelligence Senior Analyst, Paul Wood says,

PDF-based targeted attacks are here to stay, and are predicted to worsen as malware authors continue to innovate in the delivery, construction and obfuscation of the techniques necessary for this type of malware

Adobe Posts Its First Billion-Dollar Quarter

The New York Times reports that the software maker Adobe posted its first $1 billion quarter in Q4-2010. Revenue rose 33 percent to $1.01 billion from $757 million last year. Adobe, which is based in San José, CA makes Photoshop, Acrobat, and Flash software.

Targeted attacks exploiting PDF bugs are soaring

Help Net Security reports that Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Help Net Security references a report from F-Secure’s Lab which says that Adobe Reader exploits are becoming the weapon of choice for many cybercriminals.

F-Secure

This makes patching and updating eminently important. As an example the latest critical vulnerability (CVE-2010-0188) which Adobe warned users to update the software to the latest version. Users who missed the memo are vulnerable, F-Secure (FSC1V) warns it is being exploited in the wild.

Upon loading the PDF file, an embedded executable is dropped on the victim’s hard disc and it immediately tries to connect with tiantian (.) ninth (.) biz to download other files.

F-Secure has warned long ago about security problems plaguing Adobe’s most famous software. The security firm has even advised users to start using an alternative PDF reader. According to Help Net Security Adobe’s, decision to schedule their updates to follow Microsoft’s Patch Tuesday is a step in the right direction.

Malicious PDF spam with Sality virus

Help Net Security highlights a Sophos warning that a malicious email containing the following text has been dropped into inboxes around the world:

Hey man..
Remember all those long distance phone calls we made.
Well I got my telephone bill and WOW.
Please help me and look at the bill see which calls where yours ok..

Sophos logoYou surely don’t remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls(.)pdf attachment, but don’t let your innate curiosity get the better of you.

The attached file can exploit a vulnerability in how Adobe Reader handles TIFF images and proceeds to download and execute a Trojan that loads the Sality virus into your system’s memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit, and kills anti-virus applications.

Sophos reminds everyone that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette – the odds are stacked heavily against you.

Adobe, The New King Of Security Holes

Information WeekAdobe reports that Microsoft (MSFT) has spent more than a decade improving its secure software development and its response to security exploits. As a result, Microsoft is losing the lead in security vulnerabilities and being replaced by Adobe (ADBE).

With Microsoft’s improved response to security holes, the pickings in Windows itself are getting slimmer. Attackers don’t have brand loyalty, so they’ve moved on to another company with lots of PC installed base: Adobe. Security holes are being exploited in Adobe Reader and Illustrator. Adobe makes this problem worse because it has bundled unwanted applications and their AIR software platform with their free applications like Adobe Reader. Adobe is looking to create an attractive installed base for their developers, but they are also creating an attractive attack surface for the bad guys.

Protecting yourself from Adobe’s security holes can be difficult.  There are non-Adobe solutions such as Foxit Reader, which is much faster and lighter than Adobe Reader but has had problems with  PDF documents with editable fields. InfoWeek provided some specific tips that may help avoid security problems.

  • Uninstall any Adobe Reader version earlier than 9,  and install version 9.
  • With ver. 9 go to the Edit/Preferences menu. Make sure that Security(Enhanced) is turned on; (Adobe ships it turned off).
  • Launch the Updater and be sure you’re checking for updates, install updates ASAP.
  • Go to Trust Manager and uncheck the option for “Allow opening of non-PDF file attachments.”
  • Finally, unless you know you need JavaScript in your Acrobat documents, disable JavaScript.
  • RB- Don’t go to ver. 10, I hate it.
Related articles
  • Iranian Nuclear Program Used as Lure in Flash-based Targeted Attacks (pcworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| November 8, 2007
Comments Off on IT Security Statistics

IT Security Statistics

IT Security Statistics

CompTIA has recently reported new IT security statistics. They say that the number of IT security breaches is down but the level of severity is up. In their survey, CompTIA found that the average cost of a security breach across all companies surveyed was $368,288. This number was driven by a number of firms that estimated their costs over $10 million. Approximately half of the respondents estimated that the cost of an IT security breach was $10,000 or less.

These firms broke down their costs of security breaches:

  • Employee productivity affected – 35%
  • Server or network downtime – 21%
  • Revenue-generating activities changed – 20%
  • Physical assets impacted – 17%
  • Legal fees and/or fines – 8%

(Wireless Week, October 15, 2007, p. 38)

 

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,