Recent Cryptologic Bytes

Cybersecurity News: Korean Olympics targeted by malware, Microprocessor updates, Russian interference in Mexican elections - and more.

Cybersecurity News Bytes for the Week Ending 12 January 2018

U.S. Raises Possibility of Russian Interference in Mexican Elections

A Mexican newspaper has reported U.S. concerns that Russia is engaging in a disinformation campaign to influence Mexico’s presidential election to be held in July. The information came from a video clip of National Security Advisor H. R. McMaster who told participants at a conference of the Jamestown Foundation in December that there are signs of Russian efforts to influence the Mexican election as part of the broader Russian campaign to “polarize democratic societies and pit communities within those societies against each other.” McMaster’s comments were previously unreported in the U.S. Reuters, 7 Jan 2018

Microsoft Issues Patch for Microprocessor Bugs and Microsoft Office

Microsoft’s “Patch Tuesday” fixes on 9 January included 14 security updates that included patches for the Meltdown and Spectre microprocessor flaws reported last week. The updates included a fix for a zero-day vulnerability in Microsoft Office. Separately, Adobe pushed out a patch for its Flash Player software. Krebson Security, 10 Jan 2018

Microprocessor Fixes on the Way

Intel and Microsoft, among others, are working to patch the problems caused by the Spectre and Meltdown. The performance hit with the patches is less severe than first thought. AMD announced that Spectre had a more severe effect than first thought. AMD promises to get a patch out as soon as possible. Separately, the EU said that U.S. companies would have been fined under the new General Data Protection Regulation (GDPR) if the malware had been announced after GDPR becomes effective in May. (TheCyberWire, 12 Jan 2018)

Fake Mobile Apps Identified on Google Play

Cybersecurity firm Trend Micro identified 36 fake apps on Google Play. These apps “secretly harvested user information, tracked user information, and aggressively pushed advertisements,” according to Trend Micro. All the fake apps targeted Android phones. British researchers report that mobile malware has increased over 400% year-over-year with no signs of slowing down. They also theorize that Android phones are more susceptible to fake apps while IOS (Apple) phone users are more prone to phishing attacks. (Sky News (UK) 6 Jan 2018)

ICS/SCADA Mobile App Vulnerabilities Cause Alarm

New research in 2017 updated a Black Hat presentation from 2015 concerning the vulnerabilities of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) components of critical infrastructure systems. Mobile apps have proliferated as energy and elet companies and others who rely on SCADA systems as a way to reduce manpower and increase efficiency. The problem is that most mobile ICS/SCADA apps are rife with vulnerabilities. Of the 34 apps in the study, downloaded from Google Play Store, researchers discovered more than 140 vulnerabilities. Problems discovered included code tampering, insecure authorization, reverse engineering, insecure data storage, and insecure communications.

Amazon Turns Over Large Amount of Customer Data to Law Enforcement

Amazon released its fifth transparency report on December 29, stating that the company had responded to over 1,900 requests from U.S. law enforcement in the first half of 2017. This number is an increase from the previous report. Subpoenas accounted for 1,618 requests (Amazon fully complied with 42%), search warrants for 229 (Amazon fully complied with 44%), and 89 other court orders (Amazon fully complied with 52%). In addition, 75 requests were received from international law enforcement sources. Amazon rejected most of these, partially complying with just two. This is the fifth transparency report by the company and focuses exclusively on Amazon’s cloud services. Zdnet article or See the full report.

Korean Olympics Targeted by Malware

Cybersecurity firm McAfee issued a report on 6 January 2018 citing incidents of malware infection against organizations participating in the Pyeongchang Olympics. Victims received what looked like an email from the South Korean National Counter-Terrorism Center (NCTC), but in fact was from an IP address in Singapore. A Word attachment in Korean contained malware that was activated when the recipient followed instructions to “enable content” to make it readable. This action launches a PowerShell script that was hidden in the message using steganography, and likely creates an encrypted command and control link to the source, allowing access to the victim’s machine and data. McAfee notes an increase in the use of weaponized Word documents in South Korea and postulates this threat will increase between now and the Olympics. SecuringTomorrow

Russian Military Intelligence Targets the IOC and WADA

On 10 January, Wired reported doxing efforts by Fancy Bear, a cyber operations team associated with the GRU, the intelligence directorate of the Russian military, against the International Olympic Committee (IOC) and the World Anti-Doping Association (WADA). Fancy Bear posted stolen emails from IOC and WADA officials concerning the doping among Russian Olympic athletes. The apparent purpose of Fancy Bear’s actions was to stir up controversy in the run-up to next month’s Olympics at which only a few Russian athletes will be allowed to compete. Wired, 10 Jan 2018

Canadian App Helps Iranians Bypass Government Filters

Psiphon is a VPN-like app developed at the University of Toronto that allows users to evade internet filtering and evade firewall detection. The app has been used extensively in Iran since protests began in

December; as many as 700,000 uses per day were noted between 31 December and 3 January. There may be as many as 10 million total users in Iran, many of whom use Psiphon to circumvent regime internet controls and filtering designed to inhibit communications internally and with the outside world. Iranians use other tools to circumvent government filtering, but are not publicizing the names of those apps for security reasons. Motherboard, 9 Jan 2018

Hackers Surreptitiously Mining Digital Currency

Ars Technica reported on 8 January that hackers are developing sophisticated attacks on a digital currency by taking advantage of unpatched Oracle WebLogic and Apache Struts software vulnerabilities. As many as 450 compromised computers have been used to generate digital coins worth $6,000 of “AEON” digital currency in less than one month. And as much as $8,500 in MONERO digital currency was mined in December. This attack took advantage of the DotNetNuke content management system and Apache Struts 2, the same vulnerability that was used in the Equifax hack last Spring. Ars Technica, 8 Jan 2018

Insurance Industry Coming to Grips with Mobile Malware

The increased use of malware in mobile devices has the insurance industry trying to determine how to evaluate the boundaries of cyber insurance. A 10 January article in Advisen’s “Front Page News” cites the fact that more than two million mobile apps are now available. In 2016, mobile phone users downloaded an estimated 90 billion apps and spent something like 900 billion hours using them. Much of the time spent on social media is via mobile devices, and many companies have a social media presence for transactions and customer service. Reputational damage can occur if a company’s social media site is hacked, and companies face a stiff challenge in trying to maintain secure websites with a constantly increasing amount of mobile malware. Google has already been cited in lawsuits for alleged inadequate privacy protections in Google Wallet. Insurance companies are inconsistent dealing with the growing threat. Some policies exclude coverage when a breach occurs via a mobile device; others refuse to pay when the policyholder does not follow minimum security standards. Companies are advised to look carefully at wording about mobile devices in any cyber insurance policy they are considering. Advisen Front Page News, 10 Jan 2018

Return to our HOME PAGE