Tag Archives: malware

CyberSecurity: A contractor planned logic bombs to keep his services going.

Very interesting story about a contractor who planned logic bombs in company spreadsheet so that company keeps calling the same contractor every time spreadsheet crashed.

Logic Bomb: Logic bombs, unlike viruses & Trojans are a type of malware that deliberately installed, generally by an authorized user. A logic bomb is a piece of code that sits dormant for a period of time until some event or date invokes it’s malicious payload. For example, Logic bomb could be a simple program which checks your payroll regularly, tracking different things regularly. Read in for more about malware

Abstract

LOGIC BOMBS WENT UNDETECTED FOR TWO YEARS

According to court documents, Tinley provided software services for Siemens’ Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders.

The spreadsheets included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management.

According to a report from Law360, the scheme fell apart when Tinley(Contractor) was out of town, and had to hand over an administrative password for the spreadsheets to Siemens’ IT staff, so they could fix the buggy scripts and fill in an urgent order.

Siemens IT employees found the logic bomb, and it all went downhill from there. Tinley was charged this May, and pled guilty last week, on July 19. The contractor’s sentencing hearing is scheduled for November 8.

Advertisement

CyberSecurity: What is the Malware and Types of malware?

Malware refers to software that has been designed for some nefarious purpose. Such piece of software is design to target & invade in the target system or devices. The purpose of these malicious software could be anything: from deleting files, steal private information, spying & access un-authorized systems.

There are multiple types of malicious softwares & all of them fall in the malware category such as Viruses, Trojan horses, Logic Bombs, spyware & worms.

Polymorphic Malware: The detection of malware is anti-malware programs is primarily done through the user of a signature. Files are scanned for sections of code in the executable the act as markers, unique patterns of code that enable detection. Just a human body creates antigens that match marker proteins, anti-malware programs detect malware through unique markers present in the code of the malware. Polymorphic malware is the software which changes signature on regular basis to avoid detection.

Viruses: The best-known type of malicious code is the virus. A virus is a piece of malicious code that replicates by attaching itself to another piece of executable code. When the other executable code is run, the virus also executes and has the ability to infect other files.

Armored Virus: When a new form of malware/virus is discovered, antivirus/researchers will try to find out functioning of malware. Armoring malware can make the process of determining internal working of malware more difficult, if not impossible.

Crypto Malware: Crypto-malware is a malware that encrypts files on a system and then leaves them or unusable either permanently, acting as denial of service or temporarily until a ransom is paid.

Crypto-malware is typically completely automated. Ransomware malware are crypto-malware. Ransomware is encrypt files of the users & keep as deadline to pay ransom. Most of the ransomware uses RSA Public key encryption & it is not easy to decrypt user data.

Keylogger: As the same suggests, a keylogger is a piece of software that logs all of the keystrokes that a user enters. Keyloggers in their won respect are not necessarily evil, for you could consider MS Word to be a key logger. What makes a key logger a malicious piece of software is when its operations is unknown to the user, not under the user’s control.

Keylogger malware are used to target specific user to get critical information such as password, network id’s & banking information etc.

Adware: The business needs revenue steam to support development & marketing and advertising is one form of revenue stream. Software that is supported by advertising is called adware. In general, User/Business agrees to show legitimate ads but some ads could be shown by the adware.

If you keep getting unwanted pop-up windows in your computer without even visiting some sites or application, You can be sure that your computer is infected by the adware.

Spyware: As name suggests, Spyware is a software that spies on users, recording & tracking user activities without user knowledge. Most of the apps are not less spyware than actual spyware. Like Google, Facebook etc. They do track every one of us.

Worm: Worms are piece of code that attempt to penetrate networks and computer systems. Once a penetration occurs, the worm will create a new copy of itself on the penetrated system. Virus needs another file or code. Worms are self replicable malware & network based. Some of the examples of Worms malware: SQL Slammer of 2003, Zotob worm 2005 took down CNN LIVE

Logic Bomb: Logic bombs, unlike viruses & Trojans are a type of malware that deliberately installed, generally by an authorized user. A logic bomb is a piece of code that sits dormant for a period of time until some event or date invokes it’s malicious payload. For example, Logic bomb could be a simple program which checks your payroll regularly, tracking different things regularly.

Trojan: A Trojan horse, or simply Trojan, is a piece of software that appears to do one thing but hides real functionality of it. The perfect example is Troy Movie last scene.

Trojan malware works pretty same as it is seen in the movie. Trojan horse is outside the wall and does not harm until it is within the walls. First, Trojan malware must be brought inside the system, networks. Generally, Trojans are stand-alone program that must be copied & executed by the user.

RootKit: Rootkits are a form of malware that is specifically designed to modify the operation of the operating system in some fashion to facilitate nonstandard functionality. A rootkit can do many things- in fact, it can do virtually anything that the OS does.

CyberSecurity: Triton is the world’s most murderous malware & It’s spreading.

Abstract

The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.

How dangerous it is?

The malware made it possible to take over these industrial systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm.

Read more in

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

Steganography: A Safe Haven for Malware

Abstract

Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network attacks containing cryptocurrency CPU-mining tools hidden within fake image files.

Terrorist uses Steganography:

When a suspected al-Qaeda member was arrested in Berlin in May of 2011, he was found with a memory card with a password-protected folder—and the files within it were hidden. But, as the German newspaper Die Zeit reports, computer forensics experts from the German Federal Criminal Police (BKA) claim to have eventually uncovered its contents—what appeared to be a pornographic video called “KickAss.”

Wonderful articles written on Steganography

https://arstechnica.com/information-technology/2014/05/how-to-stash-secret-messages-in-tweets-using-point-and-click-steganography/

https://arstechnica.com/information-technology/2012/05/steganography-how-al-qaeda-hid-secret-documents-in-a-porn-video/

CyberSecurity News: Top week’s news (Dec 14, 2018)

US Legislators Can Spend Surplus Campaign Funds on Cybersecurity(December 13, 2018)
  The US Federal Elections Commission says that federal legislators may use surplus campaign funds to bolster cybersecurity for their personal devices and online accounts. The decision came in response to an advisory opinion request from Senator Ron Wyden (D-Oregon).
Read more in:
– www.theregister.co.uk
: US elections watchdog says it’s OK to spend surplus campaign cash

Italy’s Saipem Hit with Shamoon Data-Wiping Malware(December 12 & 13, 2018)
  A new version of the Shamoon data-wiping malware has been used to target computers that belong to Italy’s Saipem, an oil and gas contractor, which does the majority of its business in the Middle East. About 10 percent of the company’s PCs were affected by the malware. Saipem is a contractor for Saudi Aramco, which was the target of earlier, highly-destructive Shamoon attacks. The newest version of Shamoon overwrites files with junk data.
Read more in:
– threatpost.com
: Shamoon Reappears, Poised for a New Wiper Attack

Read more in:
– threatpost.com
: Shamoon Reappears, Poised for a New Wiper Attack

Maritime Cybersecurity Guidance(December 12, 2018)
  Shipping associations and industry groups have published the third edition of the “Guidelines on Cyber Security Onboard Ships,” which offers guidance for securing ships’ IT systems. The document also includes examples of cybersecurity and IT failure incidents, including a virus infection found on a ship’s Electronic Chart Display and Information System (ECDIS) that delayed the vessel’s departure. In other cases, systems failed due to outdated operating systems, thumb drives infected systems with malware, and ransomware infected onboard IT systems as well as shipping company backend systems. Perhaps the most well-known incident involved systems at the Maersk cargo shipping line, which became infected with the NotPetya malware. The company had to reinstall more than 4,000 servers, more than 45,000 PCs, and incurred costs of more than US $300 million.
Read more in:
– www.zdnet.com
: Ships infected with ransomware, USB malware, worms

Operation Sharpshooter(December 12, 2018)
  The Operation Sharpshooter phishing campaign uses phony job recruitment documents to place backdoors on computers at nuclear, defence, energy, and financial companies. The backdoor malware, dubbed Rising Sun, has been detected on systems at least 87 organizations, according to McAfee Labs. The campaign uses source code that was used in the Lazarus Group’s 2015 Trojan Duzer backdoor. While this could suggest that the Lazarus Group is behind Sharpshooter, McAfee cautions that “numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags.”
Read more in:
– www.mcafee.com
: Operation Sharpshooter (PDF)

China Cyberespionage Threat(December 11 & 12, 2018)
  In a US Senate Judiciary Committee hearing, Assistant Director of the FBI’s Counterintelligence Division Bill Priestap called China “the most severe counterintelligence threat facing our country today.” Officials from the Department of Justice (DOJ) and the Department of Homeland Security (DHS) concurred. Recent news stories suggest that the Marriott breach was allegedly the work of Chinese hackers gathering intelligence.

Read more in:
– www.washingtonpost.com
: Top FBI official warns of strategic threat from China through economic and other forms of espionage

Third-Party Investigation Finds No Evidence of Spy Chips on Super Micro Motherboards(December 11, 2018)
  In a letter to customers, Super Micro President and CEO Charles Liang and other executives wrote that “after thorough examination and a range of functional tests, the [third-party] investigations firm found absolutely no evidence of malicious hardware on out motherboards.” A Bloomberg news story in early October 2018 alleged that Chinese spies had placed “spy chips” on Super Micro motherboards. The allegations have also been refuted by Amazon and Apple, companies that use Super Micro motherboards in their data centers.

Read more in:
– www.supermicro.com
: Letter to Customers