Netizen Cybersecurity Bulletin: 25 July 2018 Edition
In this issue:
In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.
- Is Your Bluetooth Device Secure?
- Malware Hidden in Images
- A Banking Trojan is reborn.
- How can Netizen Help?
Is Your Bluetooth Device Secure?
This week there was a security bulletin announcing a vulnerability in Bluetooth devices. Should an adversary be in the right place at the right time, it is possible for that person to intercept the communication between you and your cell phone, laptop, media player, heart-rate monitor, mice or keyboard. (Carnegie Mellon’s CERT Bulletin: https://www.kb.cert.org/vuls/id/304725 )
Interfering with your media player seems harmless enough, but this Man in The Middle (MiTM) attack could capture keyboard data and reveal any passwords you type. The interference would occur when the devices are about to pair with each other, at which time the attacker would be able to read and write data.
The Bluetooth protocol was designed to make the pairing of devices effortlessly, which unintentionally raises the potential for abuse such as the security bulleting describes. Fortunately, any such attack as this requires the attacker to be in close proximity to you and your devices, which limits the potential impact overall. Furthermore, this particular attack has to happen as the devices connect, meaning if you pair your earpiece with your smartphone in your home, you are safe as you leave your home (unless a family member is trying to exploit the vulnerability).
The Good News; Despite this bulletin being released this week, the vendors have already addressed the issue. According to Carnegie Mellon, the Bluetooth code from Apple, Microsoft, and Android is either already updated or was never affected by this vulnerability.
- If you are using an Android device, be certain your phone vendor or mobile carrier has pushed the patches from the Android Open Source Project to your handset.
- Best Practice: if you are not using Bluetooth, you should turn it off on your devices. This will conserve your battery, and avoid broadcasting your Bluetooth hardware address, which makes it less likely an adversary could track you.
Malware Hidden in Images
Threat actors are now lacing vulnerable images with malware. These images are being uploaded on trusted GoogleUserContent sites including several blogs, and even the famous Google+. This is making websites stealthily malicious while remaining undetected. The malware uses Exchangeable Image File Format (EXIF) to hide, and it hides well as images are rarely ever scanned for malware.
Within the embedded images are scripts made by the threat actors that can upload a predefined web shell, arbitrary files, defacement pages, and backdoors just to name a few. More importantly, the exploitation of a site would allow the attacker to siphon important information, like that of email addresses. Unfortunately, Google inadvertently exacerbates the problem, as Google sites and their known affiliates are unequivocally trusted.
Threat actors will either utilize their own images or gain access to popular ones that are “weaponized” and publicly distributed on trusted sites. They will sit, wait, and if any user happens to download the malicious image, the attacker will be notified, and the user can then be compromised.
Until Google develops better anti-malware techniques, especially in areas of content analysis, the best defense is vigilance and prevention. We recommend:
- Keep up-to-date with security patches
- Utilize strong passwords
- Utilize application firewalls
- Monitor the integrity of files on your servers
- Trust no file or image. Do not download from unknown sources, sites, or senders.
A Banking Trojan is Reborn.
Recently a new variant of an old-time banking trojan called Kronos is making rounds across networks and targeting victims in Germany, Japan, and Poland. The new variant dubbed Osiris has been upgraded to include new command-and-control features that work with anonymized networks such as Tor.
Kronos was originally discovered in 2014 where it was found to be capable of stealing credentials and using web injection techniques on banking websites. Along with these capabilities it included a rootkit to help avoid detection and removal. Kronos eventually faded away about two years later in 2016.
- Ensure Anti-Virus and Malware software is up to date.
- Ensure Operating System and Applications software are running on the latest update patches.
- Be vigilant during web browsing in order to avoid clicking on malicious links.
- Continue to stay informed of new phishing techniques to avoid opening malicious attachments.
- Do not download files from unknown sources, sites, or senders.
How can Netizen help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company.