Tag Archive for: hackers

Florida Water Plant Hackers Exploited Old Software And Poor Password Habits

/in


The world took notice when a cyber attacker breached a Florida city’s water treatment plant and tried to poison the water supply. New details about the incident reveal serious cyber security shortcomings at the plant.

As reported by Ars Technica, a Private Industry Notification (PIN) from the FBI noted two major issues. One was that the compromised computer at the Oldsmar water treatment facility was running an “outdated Windows 7 operating system.”

That statement applies to pretty much any computer running Windows 7 at this point. As of January 14 last year Microsoft had stopped offering software updates, security updates or fixes and technical support for Windows 7. Ahead of that date Microsoft had warned that “While you could continue to use your PC running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware.”

Microsoft had already extended support for Windows 7 on a couple of occasions and the company provides plenty of notice when it’s ending support. Nevertheless it’s not uncommon for organizations to continue using an operating system beyond its end-of-support date.

Specialized applications — like those that control the water treatment system at the Florida plant — may not be compatible with a newer OS. Faced with the possibility of a broken piece of critical software, many organizations choose to continue running the outdated OS. This incident once again underscored just how risky that practice can be.

Another failing revealed in the Bureau’s notification is that staff all utilized the same password for remote access via the Teamviewer application. That same password was used on all of the plant’s computers and it’s believed that the attacker(s) used that password to break in.

That’s two very big cyber security strikes already. The third? The plant’s computers “appeared to be connected directly to the Internet without any type of firewall protection installed.”

Firewalls provide a first line of defense against unauthorized access. They’re an important part network security in any situation. In a case where the…

Source…

How Hackers Tried to Add Dangerous Lye into a City’s Water Supply

/in


On February 5, an unknown cyberattacker tried to poison the water supply of Oldsmar, Fla. City officials say the targeted water-treatment facility had a software remote-access system that let staff control the plant’s computers from a distance. The hacker entered the system and set it to massively increase sodium hydroxide levels in the water. This chemical (better known as lye) was originally set at 100 parts per million, an innocuous amount that helps control the water’s pH levels. The attacker tried to boost that to 11,100 ppm, high enough to damage skin and cause hair loss if the water contacts the body—or, if it is ingested, to cause potentially deadly gastrointestinal symptoms. Fortunately, a staff member noticed the attack as it was happening and restored the correct settings before anything changed.

How much of a broader threat might attacks like this pose to public facilities, and what can be done to protect them? Scientific American asked Ben Buchanan, a professor specializing in cybersecurity and statecraft at Georgetown University’s School of Foreign Service.

[An edited transcript of the interview follows.]

What might make city infrastructure like a water treatment plant vulnerable to hackers?

Speaking generally, the challenge with a lot of these facilities is oftentimes that they are older, or they just don’t have the security infrastructure that we would want to guard against hackers. So, if the systems are not as secure as we would like, but their internet is accessible, that is a recipe for trouble.

Who might have been responsible for the attack?

Oftentimes the thing about targeting an industrial control system is that, in order to have the effect you want as an attacker, you need to understand the system reasonably well. If you’re truly a foreign attacker, you want to do a lot of reconnaissance on the system. If you’re an insider, you already have that kind of knowledge. A lot of times the people who carry out cases like this—of which there are not that many—were disgruntled employees who already knew the system and how to manipulate it. [But in this case] it is too soon to say, ‘This is a disgruntled employee,’ and it’s definitely…

Source…

Cybersecurity experts warn hackers may try to disrupt vaccine distribution systems

/in


by: Tom Negovan, Nexstar Media Wire

Posted: / Updated:

NEW YORK (NewsNation Now) — As the government prepares to distribute COVID-19 vaccines to U.S. retailers and pharmacies, cybersecurity experts are warning hackers will instantly get more chances to disrupt the vaccine distribution system.

Retailers and pharmacies nationwide say they’re preparing for a fresh round of “bot” attacks expected to target the COVID-19 vaccine supply chain.

These so-called “scalper bots” are automated programs know for cutting digital lines. They stockpile limited-supplies of high-demand items within milliseconds of their release.

It’s the same technology that was used to stockpile Sony PlayStation consoles during the holiday shopping season. This made them nearly impossible to find. The electronics then made their way to online auction sites with higher markups.

Now, the stakes are infinitely higher. The bots would specifically target appointments for the COVID-19 vaccines, with the goal of undermining national security, the health of Americans, and their confidence in the system.

Cybersecurity expert Carlos Perez says the attacks feed on existing paranoia.

“Right now, there’s certain groups of people that are worried about the vaccine. You know, like, ’It hasn’t been tested, we don’t know if it’s secure,’ and all of a sudden you go into the systems and you alter the information— you create chaos,” Perez explained.

CVS said its program could thwart bot attacks. “Our online vaccination appointment site has a layered defense that includes capabilities to detect automated cyberattacks, such as botnets. Those capabilities, together with our application design and user input validation, enable us to validate legitimate users,” the company said in a statement.

Experts stress the goal isn’t to get the appointments but to wreak havoc on vaccine distribution, the U.S. economy and the nation’s ability to recover from the pandemic. They point to…

Source…

What Is SIM-Swapping? Hackers Allegedly Stole $100m in Cryptocurrency From Celebrities

/in


Eight men suspected of stealing over $100 million worth of cryptocurrencies from internet influencers, sport stars and musicians were arrested on Tuesday following a year-long investigation by multiple policing authorities.



a group of items on a table: A picture taken on Februrary 27 ,2015 in Lille, northern France, shows cellphone sim cards.

© PHILIPPE HUGUEN/AFP/Getty
A picture taken on Februrary 27 ,2015 in Lille, northern France, shows cellphone sim cards.

The cybercriminal gang was dismantled this week after members targeted “thousands” of victims in the U.S. last year via “SIM-swapping” attacks, which are used to infiltrate mobile apps or online accounts by abusing a smartphone’s phone number.

Loading...

Load Error

The European law enforcement agency Europol said a probe was launched last spring and uncovered a network of around a dozen coordinated criminals.

In a “SIM-swap” scheme, criminals can intercept sensitive information by taking over a victim’s phone number associated with their device’s SIM card. They deactivate the SIM card and port its number to a new one controlled by a member of the gang.

Experts say the swapping process is often done by a hacker impersonating the owner and contacting the phone service provider to request the change. It is also aided by phishing attacks to obtain personal information, or corrupt insiders.

Broadly, after gaining control over the number, hackers can change passwords of apps and be sent codes needed to reset account credentials. After changing the codes, the criminals have access to online banking, email and social media profiles.

“This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim,” Europol said.

The identities of the victims were not released. Europol said additional members of the gang were recently detained in Malta and Belgium. The policing agency urged anyone concerned about the hack not to link their phone number to online accounts.

The National Crime Agency (NCA), which led the U.K.-side investigation into the attacks, said the arrested men were aged between 18 and 26 and had been detained in England and Scotland. Like Europol, it did not reveal the…

Source…