14 Ağustos 2017 Pazartesi

Incident Respone Plan


It should be noted: if an Incident Response plan is not already in place, do not attempt to create one during an infection. Rather, remove the infected server from the network. Create a plan to systematically return the infected server to its pre-infected production condition before beginning the recovery process. Incident response is not a responsibility that a single person can handle. Recovering a compromised server in a haphazardly fashion can create more system issues and do more damage then the initial compromise.
 
...
...Incident Response Plans should not be created during a security incident nor should one person be assigned to develop an Incident Response Plan. Incident response should be the responsibility of different members from different groups in an organization...
...
 
...During an incident, panic will often set in. Do not let this happen...

----
Source:
SANS Institute InfoSec Reading Room
Source: Malware Analysis: An Introduction
 
 
 
 
 

9 Ağustos 2017 Çarşamba

Automotive Cyber Flaws

30 years ago, it could sound like a science fiction scenario but today we are moving slowly towards that point. Today automotive cyber flaw concept is a threat. It is only not that much widdespread.
 
Anything which has an IP address (IoT) is a target candidate of hackers. Naturally the "connected cars" aren't exception for this concept. A car which is connected to internet or to an intranet is defined as "connected car".
Think of that you are the main character of the following scenario: You own a connected car. It's a brand new, smart car. You paid a lot of bucks to buy it.
 
One day in the morning you got into your car and turned the car key as usual. But... Hey! It's not working. You tried it a couple of times but the engine couldn't be started. During that confusion and anger suddenly you noticed a message on the screen of your car. "Your car is compromised. Don't go to the police. The data in your car is encrypted. If you pay us blah blah..."
 
"What? What the hell does it mean now?" After a couple of phone calls you solved the puzzle. Gosh! Yeah! It was your turn to become a carsomware (car + ransomware) victim. The hackers requested 1,000USD to unlock your car. You called your contracted car service and they told you that they have to change the "brain unit" of your car and it will cost you about 2,000USD.
 
Now... The question is: Which choice would you prefer? Hackers' bid or your car service's offer?
This seems to be like a movie scenario today but we are getting closer to such troubles day after day.
 
There can be much more dangerous scenarios in car hacking than not being able to start the engine. Think of what can happen if the brakes of your car suddenly malfunctioned while you were driving with a speed of 120km/h (~75mph) in a crowded traffic.
 
DHS (Department of Homeland Security) warned the automotive industry against the automotive cyber flaws: https://fcw.com/articles/2017/08/03/auto-cyber-cert-rockwell.aspx
 
In one of the conferences In DEFCON 2017 (August 2nd) researchers presented a paper on "automobile system vulnerabilities": https://securingtomorrow.mcafee.com/mcafee-labs/defcon-connected-car-security/
Remarkable lines:
 
"According to Intel however, the 'connected car is already the third-fastest growing technological device after phones and tablets.' "
 
"Our connected cars today generate up to 4,000GB of data per 50Kb every second and using on-board cameras generates 20MB to 40MB per second."
 
"Fundamentally, a car is like a jigsaw puzzle with multiple components, so applying patches to cars the way we would a phone, for example, is not feasible."
 
If you want a cyber threats free car then I would recommend the following one. =))

8 Ağustos 2017 Salı

Linux-based Malwares

 
Remarkable expressions about Linıx-based malwares from SANS Institute Infosec Reading Room:
 
5. Conclusions
Despite popular perception, Linux can be vulnerable to a variety of malware. Existing host-based defense such as antivirus software is marginal at detecting or preventing Linux malware threats. Based on organizational risk tolerance additional security controls may be required to prevent or identify Linux malware infections. Utilizing a combination of system hardening techniques and network based controls can provide an additional layer of security. Incident response capabilities may also require adjustment to detect and respond to the growing threat of Linux malware.
 

2 Ağustos 2017 Çarşamba

Wind Farms and Ransomware?

Well yes. They are not only composed of three rotating propellers and a very long white body as seen from outside. It can sound weird but they have also operating systems and they are connected to a central management system via a software. Oh! I am talking about wind farms.
 
Wind farms can be handled as IoT devices but because they generate electricity they can be also handled as critical infrastructure. These farms can be defined the less critical part of critical infrastructure concept.
20th of Blackhat conferences was held on 26th-27th July 2017 in Las Vegas this year. In one of the sessions, cybersecurity of the wind farms are asessed according to ransomware attacks: https://www.pcmag.com/news/355223/wind-farms-are-not-ready-for-ransomware
 
It seems that wind farms are not so resistant against cyber attacks and which makes them vulnerable to ransomware attacks. They can be used as a part of DDoS attacks as poorly configured IoT devices or they can be shut down to prevent generating electricity which will cause critical financial loss. Their most important advantage against the cyber attacks is that most of the wind famrs are not connected to internet but there are ways to breach such systems.
Underlined exprerssios from the article above:
 
His team found that these massive devices run a variety of operating systems, some wildly out of date and susceptible to known vulnerabilities. This includes everything from embedded Windows CE, Windows 95, various flavors of Linux, and some real-time OSes.
 
"If you can own one of them you can own them all," said Staggs.
 
Staggs outlined not just a method for attack, but a monetization plan as well. Taking inspiration from ransomware attacks, he imagined a scenario whereby attackers shut down a wind farm and demand payment in order to return it to normal operation. At the current price of electricity, a wind farm loses $10,000 to $30,000 for every hour it's not in operation, he said.
 
Second, simple security measures would completely mitigate the attacks. "If you have something in place where you could VPN traffic between turbine and the substations, it prevents everything I just outlined," said Staggs."

26 Temmuz 2017 Çarşamba

Too Many Deutsche Telekom Routers Are Hacked

About 900,000 Deutsche Telekom routers are hacked by an English man in November 2016. (A really huge and embarrassing number.)
 
This poor English man has been caught in Luton (England) and he is now in front of the Cologne court (Germany). He faces a prison sentence between six months and 10 years.
 
 
 
According to the articles the security of the routers seems to be very very awful and manufacturers of these routers doesn't seem to be concerned about the vulnerabilities of their routers. This unconcerned behaviour and slow response to the vulnerabilities can trigger new DDoS attacks all around the World.
Underlined expressions from the articles:
 
"The November attack hijacked about 900,000 routers and briefly stopped their owners getting online, affecting about 1.25 million Deutsche Telekom customers."
 
"The man, who goes under the online pseudonym “Spiderman”, said he had taken on the commission for a fee of $10,000 (£7,700) because he wanted to marry his fiancee and needed money for a “good start into married life”."
 
"The man claimed he had only found out via the media that routers in Germany had switched themselves off after the attack."
 
"The 29-year-old, who grew up and went to high school in Israel, said he had merely done “a couple of programming courses” but not completed a degree on the subject."
 
Note: Market of lemons: In American slang, a lemon is a car that is found to be defective only after it has been bought.