Next Generation of Hackers
Take a glance at the most discussed cybersecurity topics of the week.
Hacking the US voting systems is a child’s play
BBC News on August 11, 2018
Modern children have a variety of hobbies nowadays starting from video games, fencing… to hacking. “I’m going to try and change the votes for Donald Trump,” says Bianca Lewis, 11. The girl still likes Barbie, singing, and other things that normally interest children of her age. However, now, she is participating in a competition organized by R00tz Asylum, a non-profit organization promoting “hacking for good”. As part of the contest, Bianca is hacking a replica of Donald Trump’s website: “I’m going to try to give him less votes. Maybe even delete him off of the whole thing.”
One of the organization’s aim is to state a warning: the voting systems that will be used across America in November are insecure so that a child may learn to attack them.
The competition was organized in terms of the kids’ zone at Def Con, the annual hacking conference in Las Vegas. Over 300 eager children took place in it this year and tried everything from lock picking to soldering.
“We should have it way [more] secure,” commented young Bianca Lewis. “Russians are out there, people.”
Hackers can infiltrate your network by sending a Fax
The Hacker News on August 12, 2018
If you think that all actions of an attacker are built around the targeted computer system itself, you may be a little wrong. You may be surprised, but a fax number is enough for an attacker to get control over a victim’s printer and this way compromise the rest of the network connected to it.
Check Point researchers discovered two critical remote code execution (RCE) vulnerabilities in the communication protocols used in tens of millions of fax machines all over the world. If you still think that fax machines are a survival of times past, you are mistaken for the second time. More than 300 million fax numbers and 45 million fax machines are popular globally and Fax is still widely used by a number of business organizations, regulators, lawyers, bankers, and real estate firms. The only difference that nowadays puts at risk fax machined is that most of them are integrated into all-in-one printers that have WiFi-connection to a network and PSTN phone line, which makes it quite easy for a remote attacker to send a specially-crafted image file via fax to exploit the discovered vulnerabilities. In this case, the only thing that an attacker needs is a fax number, which can be found simply by, for example, browsing a corporate website.
Check Point researchers shared their findings with Hewlett Packard, which quickly fixed the flaws in its printers. The patch is also available on HP’s support page. The researchers also noted that while the disclosed loopholes are no more dangerous for the manufacturer, the same vulnerabilities may also affect most fax-based all-in-one printers.
FBI warns of cyber extortion scam
Dark Reading on August 13, 2018
As the time passes, extortion, being ones of the oldest crime types, also changes. In a recent public service announcement, the FBI warned stated that users had to be on the lookout for threats that use stolen information to tailor extortion demands. In fact, extortionists’ jobs are much easier in practice than they seem: stolen email addresses, names, and other personally identifiable information (PII) help perform manipulations easier. In this case, criminals send a victim an email with personal data and threaten with exposure to pornography sites, marital infidelity, or other potentially embarrassing behavior unless a ransom is paid.
In 2018, the fee is usually paid in Bitcoin within a 48-hour window. The FBI does not recommend to do this leaning toward declining to pay the requested sum and notifying the local law enforcement and the IC3 (Internet Crime Complaint Center) about the incident.
How to recognize social engineering tricks and “phishy” behavior?
Dark Reading on August 13, 2018
Although well-known ways of social engineering and phishing remain successful, cyber attackers keep finding new and more sophisticated methods of manipulating users. Cybersecurity experts presented tricks and shared their skills at Black Hat and DEF CON 2018.
Attackers can persuade employees to send data and aid in corporate hacking. Each attack is designed for a specific person depending on personality, upbringing, and other factors. For that, perpetrators conduct in-depth analysis to get to know victims. This includes personal information, online activity, their communications, responses to different news, linguistic styles, and their motivations.
How to stay safe? Limit the amount of available information online and conduct reverse image searches on new contact requests.
We lie all the time. Everyone lies to each other, all day, every day. The challenge for businesses is determining where the malicious intent is.
Matt Wixey, technical research leader for PwC’s UK cybersecurity practice