Author: DN

Criminal Stole “a Significant Amount of Data” in Airport Hacking Attack

A criminal stole “a significant amount of data” in a hacking attack that targeted one of the busiest airports in Australia.According to The West Australian, the breach occurred in March 2016 when a Vietnamese man named Le Duc Hoang Hai abused a third-party contractor’s credentials to access the systems at Perth Airport, the fourth busiest airport in Australia. Kevin Brown, chief executive of the airport, says Perth’s IT team ultimately detected the breach and notified both the Australian Cyber Security Centre and the Australian Federal Police. As quoted in a statement provided to 9News Australia:The assistance and hard work of these two agencies has resulted in the successful identification and prosecution of the individual responsible for the cyber intrusion. Based on evidence gathered by the Australian Federal Police, it appears that credit card theft was the motivation for the illegal accessing of our system. No personal data of members of the public, such as details of credit card numbers, was accessed but other Perth Airport documents were taken.Those documents included building schematics and details of physical security measures that staff had implemented at the airport.

Perth Airport. (Source: Wikipedia)Upon hearing from Perth Airport, the Australian Cyber Security Centre and the Australian Federal Police traced the attack back to Vietnam and tipped off local authorities. Vietnamese law enforcement subsequently began looking into the matter. Their investigation identified 31-year-old Hai as the culprit responsible for hacking not only Perth but also additional targets in Vietnam including banks and an online military newspaper.Perth was Hai’s only Australian target.Vietnamese police thereafter arrested Hai. In early December 2017, a military court ordered him to serve four years in prison for his digital offenses.Prime Minister Malcolm Turnbull’s digital security adviser Alastair MacGibbon hasn’t found any evidence that Hai was working as part of a larger group or sold the stolen information. Even so, the hack to him constitutes “a sign of the type of work we are going to be doing a lot more of in the future.” That includes improving the security measures at Perth and other airports regarding what types of information third-party contractors can access.This isn’t the first security incident to expose an airport’s sensitive data. News of this attack comes less than two months after Britain’s largest and busiest airport launched an investigation to determine how someone found a USB containing 2.5GB of its data on the street. That data included maps of CCTV cameras and other security measures.

New Pluralsight Play by Play: What You Need to Know About HTTPS Today

Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Contact us for a demo today.

As many followers know, I run a workshop titled Hack Yourself First where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it’s a pretty well-known quantity, but there’s one module more than any other that changes at a fierce rate – HTTPS.

I was thinking about it just now when considering how to approach this post launching the new course because let’s face it, I’ve got a lot of material focusing on the topic already. But then I started thinking about the rate of change; just since the beginning of last year, here’s a bunch of really major HTTPS stuff that’s happened (and this is just the ones that spring immediately to mind):

  1. Apr 2016: Let’s Encrypt officially launched
  2. Oct 2016: WoSign and StartCom certs started being distrusted (looks like StartCom finally died just this month)
  3. Oct 2016: We passed the halfway mark with more than 50% of page loads occurring over HTTPS according to Mozilla
  4. Jan 2017: Chrome removes support for SHA-1 certificates
  5. Jan 2017: Chrome and Firefox started showing warnings when logins forms were loaded over HTTP
  6. Oct 2017: Chrome started showing warnings when anything was entered into an input field loaded over HTTP
  7. Nov 2017: Some sites got desperate to suppress browser security warnings about a lack of HTTPS
  8. Dec 2017: Let’s Encrypt became the largest issuing CA in the Alexa Top 1 million

There’s plenty of other stuff coming too, for example Chrome’s certificate transparency requirement hitting in April next year and I suspect in the not too distant future, a change to the way DV and EV certs are indicated in the browser (this is actually an enormously contentious issue, read more). Anyway, the point is that things are rapidly changing and there’s always new things to talk about.

So that’s what we’ve done – Lars Klint and I teamed up again and recorded another Pluralsight “Play by Play”, so this is where we both have an on-camera discussion that’s complimented with screen recordings. It’s not a deep discussion and it’s perfect for consumption by people at all levels of technical competency that have an interest in delivering secure applications via the web. We talk a lot about the changes (some of which I mentioned above), new approaches to easing the burden of HTTPS adoption and how many people think the padlock icon is really a handbag. True story.

This course actually went out a few weeks ago but as some of you know, I’ve been kinda busy. But that’s given me a bit of time to see how it’s performed and it’s done surprisingly well. I actually have a more formal HTTPS course that goes deep titled What Every Developer Must Know About HTTPS and that’s been enormously popular this year (also rating 4.9 stars 😎), but over December, the new Play by Play has actually outdone that one to become my third most popular course in the library! Apparently, a bunch of people really do think HTTPS is worth paying some attention to.

Play by Play: What You Need to Know About HTTPS Today is now live on Pluralsight!

Over 25,000 ransomware infected Windows daily in Q3: Report

The ‘Quarterly Threat Report’ from IT security solutions provider Quick Heal Security Labs states that during Q3 2017, Microsoft Windows recorded over 25,000 ransomware infections daily while suffering 199 million malware detections. In the third quarter, malware detections continued to decline compared to the last quarter- a drop of 11 percent.
The researchers warned that newer and advanced variants of “Locky” ransomware families are expected to rise with attackers increasingly using ransomware-as-a-service due to its user-friendliness and high return on investments.
“Our threat reports are an attempt to provide insights on the threat landscape with the objective of facilitating a safe and secure digital journey of our customers,” Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal, said on Thursday.
In the third quarter, malware detections continued to decline compared to the last quarter. “However, this should not be taken lightly by any means as cybercriminals are increasingly working on attacks that have higher returns through ransomware campaigns and well-planned systematic targeted attacks,” Katkar added. The report also predicted an upsurge in targeted attacks where invaders work with the motive of keeping their identity hidden while stealing as much data as possible which goes unnoticed for several months and sometimes even for years.
According to the report, nine new families of ransomware emerged on Windows in the third quarter.
Trojans continued to lead with the highest detection count, followed by infectors, worms and adware. “Email attachments will be used largely to deliver malware to targeted users. These emails might use new file types for their attachments to avoid detection by security software,” the report noted. Malware authors can access a user’s device to gain almost anything they want by misusing critical vulnerabilities that are unpatched, it added.

Hacker from Samara city sentenced for Creating and Selling Malware

Sergei Materov, a 42-year old hacker from Samara, the sixth largest city in Russia, has been sentenced at the Prikubansky District Court of Krasnodar for creating and distributing malicious computer programs , under part 2 of article 273 of the Criminal Code of Russian Federation.

According to the local news report, the malware created by him were capable of neutralizing security solutions installed and steal, modify, block and destroy information on the infected computer.

The convict came to Kuban to earn money. He started to do freelance software development from home. He also posted advertisements on the Internet in which he offered software development for computers.

An unnamed person responded to his ads and paid him 6800 Rubles for developing two malicious programs.

Materov was detained by the FSB officers and later sentenced to one year and three months imprisonment.

– Christina