Friday Five: 12/15 Edition
Catch up on all the week's InfoSec news with this roundup!
It’s been difficult, especially in a security sense, to defend being an Apple user these past few months. Macs aren't invincible. They haven't been for a long time. Malware like MacDefender, Dok, which used a legitimate developer's certificate, WireLurker, and the KeRanger ransomware have all plagued Apple machines at some point over the past 10 years. Wired took a look at the company's recent foibles on Wednesday, including a vulnerability in HomeKit that could have allowed an attacker to unlock IoT devices like garage doors and smart locks - and even more damning - a flaw in macOS that allowed anyone to login to a machine running High Sierra by typing "root." Some fine insight in the article by way of researchers at Duo Security and MalwareBytes.
Speaking of MalwareBytes: Christopher Boyd, the firm's Lead Malware Intelligence Analyst sounded the alarm this week over multiple scams aiming to take advantage of would-be Bitcoin investors. If you've been sleeping under a rock the last few weeks the cybercurrency has enjoyed a 270 percent increase over the past three months and 230 percent rise in the last two months. According to Boyd the scams run the gamut, from phony surveys, fake games, and tech support scams. Even if you're not planning on becoming a Bitcoin millionaire anytime soon it's worth a read.
FCW's Mark Rockwell recapped some fascinating research on Thursday via FireEye, who uncovered a new strain of malware that interacts with autonomous critical infrastructure safety systems. Researchers with the firm declined to attribute the incident to a threat actor but said it was consistent with a nation state preparing for an attack. The malware, TRITON, was found at an ICS organization its Mandiant subsidiary recently responded to and “could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.
4. BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices by Catalin Cimpanu
The author behind BrickerBot, a destructive malware family that bricked vulnerable IoT devices running telnet exposed to the internet with default passwords has apparently retired. Calling the project a "technical success" the author told Bleeping Computer's Catalin Cimpanu this week he was beginning to worry the malware was having a "deleterious effect on the public's perception of the overall IoT threat." That said he still boasted to have caused quite the damage: bricking over 10 million devices.
Interesting read here via ZDNET on a flaw, ROBOT, originally discovered by Daniel Bleichenbacher 20 years ago, back in the days of Packard Bell machines and 3.5 inch floppy disks. It’s a bit heady but the gist is that because of a weakness found in the transport layer security protocol used for Web encryption attackers could record passive traffic streams from sites to decrypt later on. Sites like Facebook and PayPal were called out by researchers Hanno Böck, Juraj Somorovsky, Craig Young in a paper published by the Cryptology ePrint Archive this week. “When the 19-year-old vulnerability was first uncovered, the developers of TLS implemented countermeasures. However, these protections are incredibly complex to implement and it appears that due to implementation complications, they have not been implemented correctly,” ZDNet’s Osborne wrote.