Cybersecurity News Update 6/15/2017
A lot has happened in the past week, so here’s a quick rundown of the highlights.
Should Kaspersky Testify?
Representative Clay Higgins suggested to two separate Senate subcommittees that the controversial malware specialist Kaspersky should be called to testify. The Department of Homeland Security has issued guidance that vendors and the federal government should avoid contacting Kaspersky or using Kaspersky products and services. This is due to their alleged ties to Russia, founder Eugene Kaspersky was trained in a KGB-sponsored university and served with Russian military intelligence. Higgins stated that “The CIA, FBI, and NSA advise this body not to trust this person. I suggest we take him up on his offer.” Kaspersky’s offer is to testify before the Senate to clear his name, and to dispute what federal agencies have said about him.
Source: GOP Rep: Let’s call controversial antivirus expert Kaspersky to testify
Bitcoin Exchanges Hit by Cyberattacks
A myriad of cyberattacks hit several Bitcoin exchanges, the majority of which were DDoS attacks. This followed up on a resurgence in interest in the cryptocurrency after it rallied last week. The risks of running a Bitcoin exchange is that a successful hack, rather than a denial of service, could lead to people losing their money. With the value of Bitcoin being what it is, that could be a very large liability for the exchanges. Several other digital currencies saw their values surge as investors flooded the market with money. Etherium saw it’s price increase several thousand percent, as well as Bancor and IOTA. Exchanges are now facing the issue of increased traffic overrunning their capacity to serve their customers, which makes them more vulnerable to DDoS attacks or hacking attempts.
Source: Major bitcoin exchanges hit by cyberattacks as record rally makes them a target
North Korea Believed to be Responsible for WannaCry Attacks
North Korea has a long history of criminal activity as a source of income. Their diplomats have been known to smuggle drugs into countries they’re visiting, with orders to sell it. North Korea’s kidnapping and ransoming of people near their border is also well known, especially in the cases of the Western tourists they have taken. North Korea is also active in cyberspace though, using hacks and schemes to raise tens of millions of dollars, safe within the borders of their country. The FBI released an alert earlier this week about the threat of “Hidden Cobra” a North Korean unit of hackers and extortionists who were targeting US infrastructure and manufacturing. Cyberwarfare makes sense for North Korea, as it allows the small country to hit above its weight. An effective cyberattack could cripple swathes of the United States, or any other country, just like the WannaCry virus. If North Korea could hold the manufacturing of a major country hostage, they could go from making millions to billions of dollars. Hidden Cobra, potentially believed to be “Lazarus” (another NK cyber group) has used its prowess to steal money straight from the bank accounts of vulnerable countries.
The CIA Can Hack Your Router, According to New WikiLeaks Documents
Routers are a vulnerability in any secure system. They get updated infrequently by the vendor, and if one gets infected it spreads to the rest of your network. They make inciting targets for hackers and government agencies alike, 24/7 access to all the traffic running through them is attractive to an intelligence agency. In another release from their Vault 7 archives, WikiLeaks released the toolkit the CIA uses to break into vulnerable routers. These routers include those produce by Linksys and D-Link, using a wide variety of exploits, hacks, remote monitoring and overrides. The CIA program Claymore gives looks for vulnerabilities that are then exploited by Tomato and Surfside, both which exploit known weaknesses to gain access to your router. From there FlyTrap is installed, a program that sends your traffic to the CIA while removing all encryption and secure connections. This also allows the CIA access to any connected devices, including mobile devices like tablets and phones. CherryTree is implanted as well, allowing your router to be controlled remotely, and potentially be used to infect other routers on your network.