Epilepsy Foundation Says Hackers Posted Seizure-Causing GIF’s To Twitter Account

By Anthony Berrios

Blog Post #17

Researchers have recently discovered a database that shared an underground forum containing more than 2,300 compromised Zoom credentials. This includes both usernames and passwords for Zoom account. These accounts included corporate accounts belonging to banks, consults, educational facilities, healthcare providers, and software vendors. Some of the accounts included meeting IDs, names and host keys in addition to credentials. Researchers said that they were surprised at the amount of conversation about vulnerabilities and exploits pertaining to video conferencing collaboration tools in the deep web forums. Now that the workforce has transitioned to remote work from their homes, cyber criminals are looking for ways to gain access to communication companies like Zoom.

This is not a good look for Zoom who’s stock has recently soared as the corona virus has successfully shutdown schools and businesses across the country, making means of online communication via companies like Zoom became in high demand. The lack of security features from Zoom’s side is alarming, but hopefully with their increased stock value they will have plenty of money and resources to work out these vulnerabilities so that they can no longer be exploited.

Zoom’s vulnerabilities as of late has been a real issue for not only companies but mainly educational system like Universities. A lot of of the time hackers don’t even have to hack into these meetings as a lot of people have been flat out giving away their meeting information for the world (and hackers) to see. Although some content creators have been “crashing” Zoom meeting for funny YouTube content, more serious and less laughing-minded hackers have caused real havoc.

By Anthony Berrios

Blog Post #20

BitSight recently conducted research on home office networks compared to corporate office networks and compared there percentages of malware infected. The result? Not good.

They recently released a report on their findings titled “Identifying Unique Risks of Work From Home Remote Office Networks,” that determined that 45% of companies had malware on their corporate-associated home networks, whereas only 13.3% of companies had malware on their corporate networks. Although this may not be surprising, the vast difference is. Nearly 50% of home networks are infected. This is a staggering number. As for scope the study looked at over 40,000 organizations and studied WFH-RO or the “work from home-remote office.” BitSight created a data map of all the WFH-RO IP addresses within each organization to compare.

They came to the conclusion that WFH-RO’s were 3.5 times more likely to be infected with malware than corporate networks.

This is very relevant now as many companies are having their employees work from home and access their companies network remotely. All it takes is one infected employee computer to corrupt a whole network. During this corona virus pandemic it is more important than ever to vigorously check for malware on on both corporate networks and home networks and their associated computers.

By Anthony Berrios

Blog Post #19

Zoom is in the news again today as hackers have recently claimed that they have discovered two zero-day vulnerabilities for the Zoom video conferencing platform that would allow threat actors to spy on people’s private video conferences and further exploit a target’s system.

Vice Motherboard recently reported that the flaws target the Zoom clients for both Windows and MacOS. Hackers are asking for $500,000 for the Windows exploit as per the report. Two cyber security day brokers who the report did not name came forward saying they were approached to sell the zero day code.

The biggest thing as of right now is that this code seems to be circumstantial, at least for now. None of the cyber security brokers have seen any of the code the hackers were claiming to be selling, but this doesn’t mean that these vulnerabilities are made up. Especially with Zoom being in the news so much recently it only makes sense that hackers had shifted their attention to the virtual meeting platform. Motherboard even stated that they could not find any substantial evidence to back these claims from the hacker but again, this doesn’t mean the claims don’t have any truth to them.

By Anthony Berrios

Blog Post #18

Apparently “zoom bombing” isn’t considered quality YouTube content for the millennial masses anymore as the FBI hasn’t found it as comical. Recently the FBI has stated that they are cracking down on the issue and warned that web conference hijackers could face jail time.

According to the authorities, “anyone who hacks into a teleconference meeting can be charged at the state and federal level. Charges can include the disruption of a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud or transmitting a threatening communications. There are punishable by fines and even imprisonment, according to the FBI.”

“You think Zoom bombing is funny?  Let’s see how funny it is after you get arrested,” stated Matthew Schneider, United States Attorney for Eastern Michigan in a Friday public statement.  “If you interfere with a teleconference or public meeting… you could have federal, state, or local law enforcement knocking at your door.”

So obviously the FBI is getting sick of having to deal with these Zoom issues. Although a lot of Zoom bombings can be considered funny there are plenty of instances where this may not be the case. There is currently a real problem with people giving away meeting information, Zoom accounts being hacked, and credentials being shared on the dark web (see post #17). This can be a real problem for major companies and schools across the country.

By Anthony Berrios

Blog Post #16

The battle against routing attacks has come to the forefront recently as huge names join sides to fight a common internet enemy. Massive tech companies like Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft, and Netflix are all banding together to stop route hijacking, route leaks and IP address-spoofing attacks targeting internet users.

The program that has joined them all together that was recently introduced is the Mutually Agreed Norms for Routing Security (MANRS) globally initiative. MANRS over the past six years has worked to build up a team of 300 network operators, internet exchange points (IXPs) and other companies to provide “crucial fixes to reduce the most common threats.” Each company is asked to take specific steps to improve the resilience and security of the routing infrastructure. The steps that each company is asked to take within their corporation to provide better security for their customers and in turn, the world are as follows;

• Prevent propagation of incorrect routing information, which can be done by defining a clear network routing policy
• Prevent traffic of illegitimate source IP addresses, by implementing anti-spoofing controls to prevent packets with illegitimate source IP address from leaving the network
• Facilitate global operational communication and coordination, by maintaining globally accessible up-to-date contact information in PeeringDB (a freely available web-based database of networks that are interested in peering) and relevant databases
• Facilitate validation of routing information on a global scale, by publicly documenting prefixes that are intended to be advertised to external parties
• Encouraging adoption “good practices on routing security” encouraged by MANRS

(bullet points provided by MANRS & article)

The MANRS overall seems like a solid program that is doing a great job thus far putting customer first in an attempt to make the internet a safer place. As of right now, I don’t believe that it is possible to make the internet 100% safe for all users. However, this new program is a step in the right directions that will now force companies to demand better internet safety practices from their customers.

By Anthony Berrios

Blog Post #15

Yet another corona-virus inspired attack has been discovered recently, this time a phishing attack. This attack was spreading a Lokibot trojan. It was a newly created spearphishing email that was COVID-19 themed and made to look like it was coming from WHO, the World Health Organization. The cyber criminals even managed to use the WHO trademark in their emails scam to make the emails look more authentic.

The attack was first found at FortiGuard Labs on March 27th. The email scam was said to claim to be from WHO and attempts to misinform readers related to the pandemic to convince users it’s legitimate. Instead it sends an attachment that unleashes the infostealer LokiBot if downloaded and executed, according to a blog post published Thursday by threat analyst Val Saengphailbul.

Val then goes and points out how much of the COVID-19 information in the email has real characteristics, however it was apparent from the grammar of the email that English was not the scammers first language.

This is just another example of internet scams that are taking full advantage of the COVID-19 pandemic. This article is interesting because of its significance and relevance to the pandemic that we are all currently facing. This article and many of the others recently on my blog that refer to the corona-virus pandemic should be a reminder to be careful on the internet even more so now than ever.

By Anthony Berrios

Blog Post #14

This article, brought to you all by Wired, is an article about an infamous hotel hacker/thief by the name of Aaron Cashatt. It all started when Cashatt was able to exploit a software bug in one ultra-common model of hotel keycard lock to break into a hotel he was at. His success lead to him going on a mass theft spree, hacking and stealing form over 100 hotels across the country. Cashatt was able to successfully steal anything from T.V’s to the guests luggage from the room he broke into.

Police had little to no idea how these crimes were being done. At first they suspected maybe a maid stole form the hotels, but as the cases piled up they realized it was a serial act. “Everything’s gone, No prints, No forced entry,” recalls Tyler Watkins, a detective for the Tempe, Arizona, police department who tracked those first few cases. “It was like a ghost had slipped in and slipped out.”

The questions is, what was this flaw that Cashatt was able to take advantage of? Well a researcher by the name of Cody Brocious had discovered that a security vulnerability he’d found in key card locks that could unlock 10 million hotel rooms around the world. The faw was that each of the Onity locks had a port on its underside into which hotel staff could insert a device the company called a portable programmer. the device could read which keys had recently opened which doors or set which doors could be opened with which master keys. And since the portable programmers also functioned as master keys themselves, they were carefully guarded by hotel owners. Brocious decided to reverse engineer the Onity lock so that he could create a competing system. This company of his never took off but what Brocious realized is that the cryptographic key that triggered the unlock command on the Onity lock wasn’t stored in the portable programmer but the lock itself. This meant that the lock was vulnerable to easily being hacked.

This was an interesting story that I had come across because it incorporates physical hacking (lock picking) instead of your typical software and internet based hacking. I thought that this would be a nice change of pace topic that anyone reading can feel free to look into more from the link I’ve provided below.

By Anthony Berrios

Blog Post #13

A group of hackers were recently found promoting a fake antivirus software to distribute a malware payload which could infect the systems with BlackNET RAT, while adding it to a botnet. The two sites that security experts were able to find were  antivirus-covid19[.]site and corona-antivirus[.]com. Experts managed to get the first website removed, however the second site remained running as the owners removed all traces of the malicious links on the page. The second page that still remains reads the following paragraph on its website: “Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus. Our scientists from Harvard University have been working on a special AI development to combat the virus using a mobile phone app.”

Anyone users that would fall for this scheme would end up downloading an installer form antivirus-covid19[.]site/update.exe (which is now down) that will deploy the BlackNET malware onto their systems if launched. This essentially serves as a botnet for the cyber criminals that they can uses to remotely access and control the infected user’s computer to do as much as the hacker desires. Typically these botnets are then used for organized attacks like DDoS attacks.

This is obviously a problem because it is another example of cyber criminals taking advantage of the corona virus pandemic across the world. It surely won’t be the last we here of this epidemic being taken advantage of which is why it is more important than ever to stay safe while on the internet and make sure you trust and scan with antivirus any downloads going onto your computer.

By Anthony Berrios

Blog Post #12

With the spread of COVID-19 across the planet, people worldwide have stayed indoors as much as possible. Citizens of Germany are not exception. Because of this new more sedentary lifestyle with people staying indoors and even working from home in some instances, delivery services have seen a large increase in activity. One of these delivery services is a food delivery company called Liefernado.de. Germany has imposed strict rules and regulations upon the restaurant industry that include a limited number of guest, farther distance between each table, and must refrain from being open from 6pm to 6am. Because of these limitations German citizens order food through food delivery services like Lieferando.de (Takeaway.com in English) to safely get food for themselves and their family. Cyber criminals saw this as an opportunity to attack the ever increasing in popularity food delivery service. Once the DDoS attack was in full effect the CEO of Lieferando.de Jitse Groen received an email from the hacker requesting 2 bitcoin (about $11,000) to have the attack stopped. Groen then tweeted out about the attack and ransom email to let customers know what was going on. This attack was significant because of the fact that Groen’s food delivery company delivered food for over 15,000 restaurants in Germany and was frequently used by German citizens. While the attack was going on however the app still accepted orders and payments from customers. Groen had to address this in another tweet in which customer had to email the company to claim their refund. Looks like the ransom must have been paid because the website is currently up and running as we speak.

By Anthony Berrios

Blog Post #11

With the newly introduced pandemic around the world that is the coronavirus a.k.a COVID-19, people across the world have gone into hiding watching the news unfold from their couches. Grocery stores began to get flooded with customers buying as much as the could as the infected counts rose as the days passed. The virus has impacted much more than just peoples health, the stock market, and businesses across the world to name a few. Coronavirus has also be “weaponized” by Chinese hackers to send out malicious attacks in the form of disguised Coronavirus information messages and apps. According to Check Point, their research team had managed to intercept a target cyber attack by an Chinese APT Group on a public sector entity of Mongolia. It was found out that the attack had leveraged the corornavirus pandemic. The APT supposedly sent out two documents in which one was COVID-19 related and the other was an impersonation of the Mongolian Ministry of Foreign Affairs in the form of press briefings. Those documents contained unique remote access malware. A reporter for Forbes by the name of Thomas Brewster also found that cyber criminals have been “rapidly registering vast numbers of potentially malicious websites and sending out masses of scam emails as they try to make money from the pandemic. This situation is rather alarming but unfortunately not surprising. In times of crisis, all current and potential criminals see these types of situation as an opportunity to make money illegally by taking advantage of the situation. Not only do people around the world need to be careful of who they come in contact with in person, but also be mindful of the increased cyber risks that could be faced online during this worldwide epidemic.