ISSSource White Papers

Posts Tagged ‘hack’

Wednesday, March 12, 2014 @ 01:03 PM gHale

The Bitcoin exchange service Bitstamp suffered from a hack, but it remains unclear as to what the attackers stole, other than customer email addresses.

A Bitstamp user reported receiving a malicious email that attempted to trick him into installing malware disguised as a PDF document.

SMS Phishing Attack on Rise
Attackers Eye Online Banking
Router Fixed after Holes Found
Mobile Woes: Modems Expose Control Panels

Eleuthria, the operator of BTC Guild, said the Bitcoin exchange’s mailing list ended up stolen. Apparently, attackers stole the email addresses around two weeks ago and they ended up used to send out fake BTC Guild support emails informing recipients about a 3.201 Bitcoin transfer.

“I informed Bitstamp that they had at least a breach on their email list, if not the rest of their system. At first they denied it, but in a follow up they eventually admitted to it. They then sent out a little security update email mentioning 2FA/password security,” Eleuthria said.

Bitstamp then posted a tweet to warn customers about new phishing emails carrying the subject line “Bitstamp trading will be suspended for 24 hours.”

Later, they introduced two-factor authentication for Bitcoin and Ripple withdrawals.

On February 11, Bitstamp suspended Bitcoin withdrawal processing due to a denial-of-service (DoS) attack. Automated processing for withdrawals resumed February 15.

Wednesday, October 30, 2013 @ 03:10 PM gHale

The attack against Adobe earlier this month was larger than the company originally let on.

As the investigation started up, indications showed attackers made off earlier this month with personal, account, and encrypted financial information of nearly 3 million Adobe customers, as well as the source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products.

Adobe Hacked, Source Code Leaked
Too Small for an Attack? Think Again
2 Teens Busted in Separate DDoS Attacks
Two Busted in Ransomware Plot

But the latest report by security journalist Brian Krebs shows a copy of a file containing Adobe user account that he and researcher Alex Holden discovered on the attackers’ server linked to over the weekend, and was discovered to contain more than 150 million user names and corresponding hashed passwords.

Adobe said of that number only 38 million pairs belong to active users, and the company got in touch with them and immediately informed them of the theft and requested they change their passwords. Whether the attackers have misused that information is still unknown, but Adobe has reset the passwords for all Adobe IDs with valid, encrypted passwords they believe ended up involved in the incident, regardless of whether those users are active or not.

Krebs and Holden found another file linked to this weekend from the attackers’ servers, but they were unable to crack the encryption. One published version of the files contained source code for Adobe’s Photoshop software.

Adobe confirmed “a portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on Oct. 3.” They have asked the site hosting the file (to which linked to) to take down the files and the site administrators agreed to the request.

Tuesday, October 8, 2013 @ 04:10 PM gHale

Two antivirus firms and one mobile messaging service had their websites attacked by Palestinian hackers of KDSM Team.

The defaced websites include AVG, Avira and WhatsApp. Avira officials confirmed they suffered a DNS hijacking.

Adobe Hacked, Source Code Leaked
Too Small for an Attack? Think Again
2 Teens Busted in Separate DDoS Attacks
Two Busted in Ransomware Plot

“It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider (ISP) ‘Network Solutions’,” Avira Security Expert and Product Manager Sorin Mustaca said.

Mustaca said the DNS records of the websites changed to point to arbitrary domains.

“It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira,” Mustaca said.

“Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers,” he said.

Avira went on to say their internal networks did not suffer compromise. Until all DNS entries are back in their possession, the company has shut down all external services.

“We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services. At this point we are not aware of any effect to our customers,” Mustaca said.

Monday, March 4, 2013 @ 07:03 PM gHale

An online service that enables users to store and sync all kinds of data across multiple devices, Evernote, suffered an attack.

Attackers compromised user information, including email addresses and hashed passwords, Evernote officials said.

Poughkeepsie, NY, Utility Hacked
Malware on Oil Rigs
FL Utility Suffers DDoS
Hacks Hit Big Firms
Data Breaches Take Months to Find

Evernote officials said they did not think the attackers were able to gain access to any of the data that users store on the service. However, the company said it was requiring that all users change their passwords immediately.

“In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed,” Dave Engberg, the Evernote CTO, said in a blog post.

“The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption.”

Although the company does not say what hash algorithm it uses to protect passwords, it uses 64-bit RC2 to encrypt data within users’ notes.

“For Evernote’s consumer product, the current encryption algorithms are chosen more for exportability under the Commerce Department rather than strength, since our software permits the encryption of arbitrary user data with no escrow,” Evernote said.

Evernote users have the ability to store just about any kind of data on the service, including text, video and other information. Users can encrypt data within specific notes, and the company doesn’t have a copy of users’ keys, so if the passphrase if lost or compromised, there’s no way for the company to recover that data.

Evernote sent all of its users an email detailing the incident and informing them they need to change their passwords before logging in the next time.

Monday, February 25, 2013 @ 03:02 PM gHale

Two fairly big hacks occurred last week as and customer service software provider Zendesk were victims of separate attacks.

“We’ve become aware that a hacker accessed our system this week,” said Zendesk Chief Executive Mikkel Svane on the company blog. “As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had.”

Worm Elevates Detection Techniques
Data Breaches Take Months to Find
Security Firm Hacked
New Attacks from ‘Gameover’ Gang

“Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.”

He didn’t name the three customers.

Meanwhile, the website of, suffered a hack job and the computers of visitors to the site ended up infected with malware. An NBC spokeswoman confirmed the incident. According to researchers, a hacker had gained access to the site and then embedded malicious iFrames into the pages. On unprotected systems, a variant of the Citadel Trojan, used for banking fraud and espionage, the malware would then end up installed.

The NBC spokeswoman said the site is now free and clear and user information suffered a compromise and that “users who go on there now are safe.”

Sunday, October 14, 2012 @ 01:10 PM gHale

By Gregory Hale
Technology is vital and so are policies and procedures, but the true backbone behind a solid cyber security profile is the people making sure everything is running as scheduled.

“People are the most important factor in security,” said Paul Forney, chief technologist at Invensys’ R&D security team during Invensys Operations Management’s User Group Series in Anaheim, CA, Thursday. “It takes people. If you don’t change the culture; it is the most important thing. You have policies and procedures; you have technology, but you need the people.”

Invensys: Security ‘Imperative’
Invensys: Alarm Mgt Success
Invensys: Virtualization in Control
Invensys: Security Plan in Action

There are three pillars to ensure true cyber security and they all carry a percentage of importance, Forney said. They are people at 65 percent, policies and procedures at 15 percent and technology at 20 percent.

“It is all about the ROI all wrapped around operational excellence,” Forney said. “Somebody can come in and hack you; it is all about operational excellence. There are some smart hackers out there and if there is one little hole in a firewall, they will find it and exploit it. You can’t put in a solution and then walk away. Security is something you start and keep going. ”

Even in today’s environment where a new attack is just around the corner, there are some organizations that just don’t want to move forward with a comprehensive security program.

“Industrial environments are dangerous; there is some powerful stuff that can happen at a plant,” Forney said. “People say they are air gapped, but 99.9 percent of control systems are connected to the business system, which is connected to the Internet.”

An attacker, he said, has three challenges:
• Gain access to the control system LAN
• Through discovery, gain understanding of the process
• Gain control of the process

Obviously, the security professional’s goal is to hold the attackers at bay and ensure the system stays up and running. But the attack vectors are ever increasing with so many potential types of assaults.

Cyber warfare is just one newer attack, with individual countries firing cyber shots across each others’ bows.

“We now have the Army, Air Force, Navy and Cyber Ninjas,” Forney said.

In addition to cyber warfare, there are plenty of threats out there facing manufacturers from terrorism, disgruntled employees, to extortion and stealing private company assets.

While those issues are very similar to the woes IT professionals deal with on the business enterprise, those looking over the industrial control systems (ICS) need to keep a sharp eye out because the consequences can be much greater.

“We are exposed to the same issues IT has, but we do have different needs,” Forney said. “We don’t use all of IT’s best practices because we do have different needs, like our end points are machines. In the IT world, if there is a problem you lose something on your hard drive. In ICS, you have people hurt. Security has to have specialized equipment, but it can’t slow down the process.”

Forney then showed some objectives security professionals should watch for:
• Prevent unauthorized changes to values in a controller, PLC
• Prevent misrepresentation of process values on the HMI
• Reduce the possibility of a production slowdown due to ICS software
• Protect integrity of process
• Prevent loss of genealogy
• Provide availability and safety

One of the most important things — if not the most important — a security professional should do is to clamp down the network and understand what programs you should run and then turn off everything else, Forney said. No unnecessary programs.

He then added some best ICS practices:
• Maintain the latest patches
• Test every patch
• Always use current antivirus definitions
• Verify update was successfully installed
• Update authorized application software
• Enable network antivirus intrusion protection system
• Enable system policies on all capable network appliances

One other item is to not use or limit the usage of USB devices, unless they have undergone a scanning process that ensures they are virus free. Also, designate a specific machine to use the USB device.

“You should know about everything on your network,” Forney said.

Wednesday, September 5, 2012 @ 10:09 AM gHale

Sony seems to have fallen into the grips of a group of hackers as they said they took control of eight Sony servers because of the firm’s lax security.

The group called Null Crew made the claim on Twitter and via a Pastebin release.

Sony Hack: LulzSec Suspect Busted
Toyota Sues Programmer for Sabotage
Attacker Faces Fed Charges for DoS
Busted after Bragging about Attack

The release shows a list of usernames and passwords that apparently relate to, and a message to Sony that accuses the firm of not having strong enough security credentials. This is not the first time that Sony suffered a hack attack.

“Sony, we are dearly dissapointed in your security. This is just one of eight sony servers that we hve control of. Maybe, just maybe considering IP addresses are available,” said a message posted to Pastebin.

“Maybe, just maybe it’s the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not do anything correct technologically.”

A heavy hack attack earlier saw 77 million users’ details exposed and lead to Sony shutting down a range of its networks.

Null Crew said it had access to a range of other websites too, and on Twitter said it had attacked Cambodian government websites in retaliation over the arrest of one of The Pirate Bay’s cofounders.

Tuesday, August 14, 2012 @ 06:08 AM gHale

Blizzard’s internal network suffered a breach, but the “unauthorized and illegal access” is now closed off, and an investigation started.

While Blizzard is not a manufacturing automation company, it is just another example of attackers targeting a specific company and then getting into a system and attempting to garner as much information as possible. This time, it seems the company was able to catch the foes before losing too much data.

SQL Injection Moves Up a Notch
SQL Attacks Take Big Jump
VW: Espionage Victim
Black Hat: Persistent Threat Plan

“Some data was illegally accessed, including a list of email addresses for global users, outside of China,” said Blizzard’s Chief Executive Mike Morhaime. “For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to accounts.”

Cryptographically scrambled versions of passwords for players on North American servers also ended up stolen, so players should change their password.

They will also get a prompt to change their secret questions and answers, as well as to update the software for the authentication if they use one.

Wednesday, April 25, 2012 @ 11:04 PM gHale

Nissan Motor Co.’s information systems suffered from a hack attack.

So far, the company doesn’t know who the hackers were, or where they struck from and it’s unclear what data suffered a compromise.

Malware Beat Down: Flashback on Wane
Attack Vector: Phishing Real or Phony?
Tool to Counter Cyber Threats
Utilities Under Daily Attack

Nissan believes the hackers were looking for intellectual property related to its EV drivetrains.

Nissan maintains it quickly secured its system and issued a statement alerting customers and employees its data systems suffered a breach. Nissan said they discovered the infiltration April 13.

Nissan issued a statement, saying:

“We have detected an intrusion into our company’s global information systems network.

“On April 13, 2012, our information security team confirmed the presence of a computer virus on our network and immediately took aggressive actions to protect the company’s systems and data. This included actions to protect information related to customers, employees and other partners worldwide. This incident initially involved the malicious placement of malware within our IS network, which then allowed transfer from a data store, housing employee user account credentials.

“As a result of our swift and deliberate actions we believe that our systems are secure and that no customer, employee or program data has been compromised. However, we believe that user IDs and hashed passwords were transmitted. We have no indication that any personal information and emails have been compromised. Regardless, we are continuing to take appropriate precautionary measures.

“Due to the ever-evolving sophistication and tenacity of hackers targeting corporations and governments on a daily basis, we continue to vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats. Our focus remains on safeguarding the integrity of employee, consumer and corporate information.”

Nissan said it opted to keep the hack secret for the last 10 days until it had a better idea what was going on, a spokesman said.

Archived Entries