A recap of the past week's security news includes the Night Dragon attack campaign and more news of retaliation by Anonymous.
Security researchers' revelations that hackers have targeted oil companies
around the world lead this past week's IT security news.
According to McAfee, a coordinated attack campaign it has
dubbed
"Night Dragon" has been under way since at least 2009 and
impacted oil, energy and petrochemical companies in Kazakhstan,
Taiwan, Greece
and the United States. Circumstantial
evidence found by McAfee points to attackers based in China, who relied on a
mix of spear-phishing, social engineering, Windows bugs and remote
administration tools (RATs) for success.
"The attacks were not very sophisticated and did not use any zero-day
exploits," Dmitri Alperovitch, vice president of threat research at McAfee
Labs, told eWEEK. "They were, however, very successful, and information
that [has] been [exfiltrated] has enormous potential value to competitors."
Speaking of exfiltrated information,
hacktivists
in Anonymous struck back at HBGary Federal after CEO
Aaron Barr claimed to have infiltrated the group. In their attack, the hackers
swiped e-mails that uncovered a plan by HBGary Federal, Berico Technologies and
Palantir Technologies to use a disinformation campaign and other tactics
against WikiLeaks and its supporters, including columnist Glenn Greenwald of
Salon.com.
The
proposal
was prepared (PDF) for the law firm Hunton & Williams, which represents
Bank of America-a
suspected target of an upcoming WikiLeaks leak. Bank of America has denied
having ever seen or evaluated the presentation, and said HBGary Federal was not
hired on its behalf. Palantir Technologies and Berico Technologies have
publicly
severed ties (PDF) with HBGary Federal as well.
Elsewhere in the world of security, two German
researchers
uncovered a hack for the Apple iPhone that allowed them to bypass the
device's password protection and steal information from the Keychain, the iOS
password management system. The researchers exploited the fact that the
underlying secret the password's encryption is based on is stored in the device's
operating system. As a result, the required key material can be created
from data available within the device and therefore in possession of
the attacker.
To launch the attack, the researchers used a jail-breaking tool and
installed an SSH (Secure Shell) server on the device so that software could be
run on the phone unrestricted. After that, the researchers ran a small script
to access and decrypt the passwords found in the Keychain. The attack requires
access to the phone, meaning it could pose a threat to devices that are lost or
stolen.
Security researchers also discussed with eWEEK the growing presence of
development kits for
rogue
Facebook applications. One such kit, known as Tinie App, was responsible
for the spread of an application called "Facebook Profile Creeper Tracker
Pro" and cost $25, according to Websense. Other kits such as NeoApp are
available on in the cyber-underground as well.
"What's new is the fact that these toolkits are getting more
sophisticated and easier to use," said Vikram Thakur, principal security
response manager at Symantec.
In the area of defense, Microsoft issued fixes for 22 vulnerabilities as
part of this month's Patch Tuesday. The company also made an update to Windows
to end support for the AutoRun feature when it comes to nonoptical media
available through Windows Server Update Services. The move was made to limit
the
spread
of AutoRun worms, which have taken advantage of the feature to propagate.
In the coming week, researchers, vendors and customers will turn their
attention to the annual
RSA
Conference taking place in San Francisco.
The conference will run from Feb. 14 to Feb. 18, and features a new session
track focused on cloud computing security.
Email
Print
