{"id":3627,"date":"2015-02-18T16:00:06","date_gmt":"2015-02-18T16:00:06","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=3627"},"modified":"2020-02-26T11:00:11","modified_gmt":"2020-02-26T16:00:11","slug":"non-conventional-top-security-news-stories-january-2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/non-conventional-top-security-news-stories-january-2015\/3627\/","title":{"rendered":"Non-conventional top security news stories: January 2015"},"content":{"rendered":"

Hi all! After a successful news digest covering the entire 2014 year<\/a>, we decided to make this kind of column regular \u2013 or, rather, monthly. Today we discuss the most important news on information security from January. The method by which these were picked is a bit different this time. We still take the most viewed news stories from Threatpost.com and try to comprehend how and why they have drawn that much attention. But in the monthly digest there will be just five news stories. Let me first remind you that Threatpost accumulates all IT security industry news, while Kaspersky Lab\u2019s own research is published on Securelist<\/a>.<\/p>\n

Summary: GLIBC flaw, physics don\u2019t get along well with lyrists, North Korea browser, keylogging charger and keyboard vulnerabilities, Cryptowall ransomware and cracking WiFi. Alright, let\u2019s go.<\/p>\n

5. Wifiphisher: WiFi cracking under the thick layer of social engineering<\/strong><\/p>\n

The story<\/a>. A discussion<\/a> on Stackexchange, where the problem had been highlighted as far back as three years ago.<\/p>\n

In a previous post, we told you that the Internet was broken<\/a>. Of all that is \u2018broken\u2019 in computer networks, wireless is broken most severely. We\u2019ve survived the \u2018prelapsarian naivety\u2019 of WEP protocol, been convinced a few times that unprotected public wireless networks are bad<\/a> and gazed<\/a> into the security abyss named WPS. Now there is a tsunami of bugs in routers\u2019 firmware \u2013 default passwords embedded into the firmware (or something like this<\/a>), miscoded<\/a> NAT or something else. As if social engineering was all that we wanted.<\/p>\n

Non-conventional top #security news stories: January 2015<\/div>\n

You want it? You got it. It\u2019s easy: all that it takes is to create a new hotspot with the same SSID as the legitimate one within the victim\u2019s acceptance area. As soon as the victim tries to access it, we request the password to the \u2018real\u2019 hotspot and secure it for ourselves. That\u2019s all it takes, now we can do a MITM attack. Ah, maybe not yet. First we need to talk the victim\u2019s PC or mobile device into accessing \u2018our\u2019 hotspot. This we\u2019ll do by spamming the area with de-authentication packets. They disconnect the legitimate clients so that they can connect to the fake hotspot.<\/p>\n

Yet another thread on Stackexchange implies<\/a> that the problem is long-known about and that it is either barely treatable (as with deauth packets) or unfixable completely. So what\u2019s the news? \u2013 This method of stealing passwords has been just automated, with a utility named Wifiphisher, made available on Github. The first moral of the story: if someone is asking you for your password, no matter where, think twice before entering it. The second moral of the story: there\u2019s no way to get protected from man-in-the-middle attacks by excluding the very possibility that they happen. There\u2019s no way to exclude it, not in this state of the Internet.<\/p>\n

By the way, Marriott Hotels\u2019 networks dallied<\/a> with deauth packets, using them to block out the visitors\u2019 own hotspots. The FCC fined Marriott hard for this.<\/p>\n

4. Cryptolockers. How is the phantom menace different from the apparent one?<\/strong><\/p>\n

The story<\/a>. One more story<\/a>. \u00a0Detailed research on cryptolockers<\/a> as a malware species.<\/p>\n

Earlier I wrote that if we poll companies on the cyberthreats that they encounter the most often, that spam would most likely be in first place. But spam is something that doesn\u2019t inflict any apparent damage. It does exist, but it\u2019s hard to calculate. And if it\u2019s hard to calculate, it\u2019s not easy to evaluate how sensible the expenses are to fight it either. Besides, antispam technologies are mature, widely available and affordable.<\/p>\n

Cryptolockers are a different story. The damage they inflict is rather easy to calculate: your company is attacked, important data is encrypted and becomes inaccessible and then the ransom is demanded. You lose money. You lose time. A single incident can bury your business completely (here\u2019s an example<\/a>). It\u2019s clear that protection from cryptolockers is necessary.<\/p>\n

\"2\"<\/a><\/p>\n

For criminals, cryptolockers are easy money. It\u2019s not a botnet that should be built first and then sold to someone. That\u2019s why cryptolockers, unfortunately, are actively developed, and continue to grow in number and distribution.<\/p>\n

So what\u2019s the news? Ah, nothing peculiar! We\u2019ve described<\/a> the main trends of cryptolockers\u2019 evolution during the summer of last year (and we keep researching them). Next to all security vendors are doing the same, including Microsoft and Cisco, for instance. The job is large enough for everyone. For instance, ransomware comprises all modern technologies for concealing the criminal conduct: Bitcoin payment, Tor and I2P communications, obfuscations, etc.<\/p>\n

ut that\u2019s not the main point. Most interesting are the technologies used by malware to get onto the victim\u2019s PC. Cisco\u2019s research in February shows that creators of one of the Cryptowall variants bet on exploit-kits. For businesses, this means that the weakest point of the infrastructure is vulnerable software. This may not be the discovery of the ages, but it is an important topic, nevertheless, and the fact that almost every news story on cryptolockers draws an immense interest, proves it.<\/p>\n

3. USB wall charger with a built-in keylogger <\/strong><\/p>\n

The story<\/a><\/p>\n

Here is yet another story on how difficult it is to control wireless communications. It began with the work of three researchers who decided to analyze the security of Microsoft\u2019s wireless keyboards. In the marketing materials for these keyboards there are likely a few lines on how securely encrypted the data exchange is between the device and USB-receiver. It is indeed encrypted, but there are doubts on how \u201csecurely\u201d it is actually done.<\/p>\n

In a nutshell, the MAC-address of the keyboard serves as the key to the encrypted symbols; it can be \u2018snooped\u2019, first, and second it can be used to steal remotely, using some peculiarities of the chip used for data transmission (also in quite a few devices, including some medical equipment \u2013 oops!). Then again, stealing it isn\u2019t even necessary: the first byte of the MAC-address is the same for all keyboards which makes bruteforcing a cakewalk.<\/p>\n

The only problem left is how to get close enough to the keyboard to continuously keylog it. Here comes Sami Kamkar, offering an original proof of concept. Take a common USB wall charger used for smartphones and tablets, beef it up with Arduino, a specifically crafted firmware, and get an electric Trojan horse. Which, by the way, remains operational even if the charger isn\u2019t plugged into the AC outlet, a small rechargeable battery is there as well. The device itself costs $10; it\u2019s very good that this is just a proof of concept (for now).<\/p>\n