Tag Archive for: compromises

Expel Report Reveals Hackers Focusing On Business Email And Application Compromises

/in


Security News


Rachael Espaillat


‘More than 50 percent of the incidents, we detect, it‘s not malware. It’s not I‘m trying to deploy a backdoor on your computer. It’s, ‘I just want your identity so I can use that identity to do something,’” Expel’s Jon Hencinski says.


Cybersecurity vendor Expel traded its monthly attack vector reports for quarterly reports to give customers a better scope of current dangers. The report also provides ways to stay guarded against cyberattacks.

In the first Expel quarterly threat report, the Herndon, Va.-based startup discovered hackers are targeting Microsoft Office 365.

“When these attackers are trying to break into these organizations, they’re not exploiting vulnerabilities in these applications. They’re taking advantage of features in these products to get an employee to open a document and execute malicious code and embedded macro or take advantage of a feature,” said Jon Hencinski, director of threat detection and response at Expel.

Within Microsoft Office 365, the report found more than half the incidents reported revolved around business email compromise (BEC).

“More than 50 percent of the incidents we detect, it’s not malware. It’s not, ‘I’m trying to deploy a backdoor on your computer.’ It’s: ‘I just want your identity so I can use that identity to do something.’

Nearly a quarter of Expel customers faced a BEC attempt at least once and 8 percent of customers were targeted more than three times also within Microsoft Office 365.

“Organizations are likely a very viable target, given the fact that there‘s so many payments that they’re processing every single day,” Hencinski said.

While security awareness training may help, Hencinski said it isn’t enough.

“If an attacker can get an employee to submit their username and password, they can add a third field and say,…

Source…

Bluetooth hack compromises Teslas, digital locks, and more

/in


A group of security researchers has found a way to circumvent digital locks and other security systems that rely on the proximity of a Bluetooth fob or smartphone for authentication.

Using what’s known as a “link layer relay attack,” security consulting firm NCC Group was able to unlock, start, and drive vehicles and unlock and open certain residential smart locks without the Bluetooth-based key anywhere in the vicinity.

Tesla Model 3 keycard.

Sultan Qasim Khan, the principal security consultant and researcher with NCC Group, demonstrated the attack on a Tesla Model 3, although he notes that the problem isn’t specific to Tesla. Any vehicle that uses Bluetooth Low Energy (BLE) for its keyless entry system would be vulnerable to this attack.

Many smart locks are also vulnerable, Khan adds. His firm specifically called out the Kwikset/Weiser Kevo models since these use a touch-to-open feature that relies on passive detection of a Bluetooth fob or smartphone nearby. Since the lock’s owner doesn’t need to interact with the Bluetooth device to confirm they want to unlock the door, a hacker can relay the key’s Bluetooth credentials from a remote location and open someone’s door even if the homeowner is thousands of miles away.

How it works

This exploit still requires that the attacker have access to the owner’s actual Bluetooth device or key fob. However, what makes it potentially dangerous is that the real Bluetooth key doesn’t need to be anywhere near the vehicle, lock, or other secured devices.

Instead, Bluetooth signals are relayed between the lock and key through a pair of intermediate Bluetooth devices connected using another method — typically over a regular internet link. The result is that the lock treats the hacker’s nearby Bluetooth device as if it’s the valid key.

As Khan explains, “we can convince a Bluetooth device that we are near it — even from hundreds of miles away […] even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance.”

The exploit bypasses the usual relay attack protections as it works at a very low level of the Bluetooth stack, so it doesn’t…

Source…

Massive Android hack compromises device cameras and microphones

/in


Android users should update their software immediately to protect themselves

Phone hack concept with hacker
Photo (c) D-Keine – Getty Images

Android users around the world are facing the threat of being attacked after a security issue was uncovered that leaves a device’s microphone and camera vulnerable to remote access.

Writing about its discovery, Check Point Software Technologies said hackers could leverage the vulnerability to snoop on users’ audio/video media and even listen in on phone calls.

The phones that are most prone to danger are ones that have Qualcomm or MediaTek chips. Unfortunately, 98% of Android devices are powered by those two processors, so the impact could be enormous.

Closing the vulnerability

The Check Point researchers stated that they disclosed their findings to both chipmakers, and each company has apparently patched the security issue. However, anyone who has an Android device will need to update their system software to keep their device secure.

Failing to apply the update could be especially dangerous since all it would take is for a hacker to send someone a doctored audio file to compromise their device.

“The…issues our researchers found could be used by an attacker for remote code execution attack (RCE) on a mobile device through a malformed audio file,” the researchers explained. “RCE attacks allow an attacker to remotely execute malicious code on a computer. The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.

“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”

Source…

St. Clair County, Ill., Ransomware Attack Compromises Data

/in


(TNS) — St. Clair County has completed an eight-month review of a ransomware attack on its computer system last spring, prompting the release of more details about what happened.

More than 600 people will receive letters in the mail this week, informing them that the breach may have allowed hackers to view or acquire their personal or medical information.

“Individuals are encouraged to remain vigilant against events of identity theft by reviewing account statements (and explanations) of benefits and monitoring free credit reports for suspicious activity and to detect errors,” according to a county statement.


“Any suspicious activity should be reported to the appropriate insurance company, health care provider or financial institution.”

The letters were reportedly mailed Monday by Kroll, a private New York-based firm specializing in data protection that is working with the county and its cyber insurance company.

An analysis by Kroll’s experts found no evidence that any of the information accessed by the hackers had been misused or caused problems, according to Jeff Sandusky, the county’s information technology director.

“The predominance of the data was fairly old — 15 years plus — so it’s not relatively recent data,” he said Tuesday.

The 600 people include both St. Clair County residents and non-residents who have received services or done business with various departments or offices. Sandusky called the focus “random.”

Illegally accessed information could include names, addresses and dates of birth; Social Security numbers; driver’s license or state identification numbers; medical diagnoses and treatments; health care and insurance providers.

A “malware infection” prompted Sandusky to shut down the county’s computer system and website for several days, beginning May 30, 2021.

“The amount of time we were down was self-imposed,” he said last month. “We had to verify our data integrity, as well as implement some security measures to protect the system.”

The county released few details on the breach last spring. On Tuesday, Sandusky confirmed for the first time that a ransomware group had asked St. Clair County for…

Source…