Home » Cybersecurity » Malware » US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns

US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns

by Tom Eston on July 1, 2019

This is your Shared Security Weekly Blaze for July 1st 2019 with your host, Tom Eston. In this week’s episode: The US cyber-attack on Iran, the sad state of cybersecurity in the US government, and what you need to know about malvertising campaigns.

Don’t you hate air travel? I know I do! Rude people, crowds, the TSA searching you and your bags because of a toothbrush that for some reason looks like a weapon, and on top of that your flight has a very high chance of being delayed or cancelled! This is the unfortunate reality the minute you get to the airport. While you’re dealing with the stress related to all that, the last thing you need to worry about is your digital privacy while you’re at the airport. That’s why I recommend Silent Pocket’s product line of Faraday bags and wallets which block all wireless signals keeping your devices secure and completely off the grid. As a listener of this podcast you get 15% off your order by using discount code, “sharedsecurity” at checkout. Visit SilentPocket.com to check out their great line of products to make your air travel experience a little less stressful.

Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.

Last week the United States launched a cyberattack directed towards Iran which disabled Iranian computer systems that controlled its rocket and missile launchers. This was a response to an escalation by Iran when they shot down a unarmed US drone apparently conducting surveillance in international airspace. Iran denies those claims and states the drone was violating their airspace. The attack was carried out by the US Cyber Command acting upon orders from US President Donald Trump. This was actually the second option to strike back at Iran as the first one was to launch a missile strike against Iranian radar bases which would have resulted in human casualties. According to cybersecurity firms FireEye and Crowdstrike, there has been a recent rise in Iranian attacks on US companies and government agencies as well as critical infrastructure such as the power grid which also prompted for the US government response. This is not the first cyberattack on Iran either. You may remember back in the late 2000’s it’s believed that the US and Israel targeted the Iranian nuclear program with the Stuxnet virus which essentially disabled most of their nuclear program at the time.

I find this retaliation interesting as it seems that in more cases traditional warfare, like missile strikes, may start to be a thing of the past when cyberattacks may actually do more damage to critical infrastructure and send a more impactful message than just destroying buildings and killing a bunch of people. Of course, cyberattacks could potentially be used to kill people too. Especially ones that may be targeted towards hospitals or nuclear facilities which could malfunction due to a cyberattack. On the flip side, you may remember back in May Israel bombed a Palestinian Hamas military intelligence headquarters in retaliation for an attempted cyber-attack directed towards Israeli targets. This was the first time a nation state conducted a military strike in response to a cyber-attack. I guess it could go both ways and with the increase in cyber-attacks and capabilities that all nation states now have, it will be interesting to see how the future “cyber-war” may begin to play out.

Sponsorships Available

In other US government news, a new report published by the US Senate last week showed that eight government agencies have failed to follow basic cybersecurity protocols and have exposed US citizens private data for over a decade. The investigation itself took about ten months and reviewed the past ten years of compliance reports regarding federal information security standards that these agencies were supposed to follow. One of the eight agencies even included, guess who, the Department of Homeland Security.

The biggest issue found was at the Department of Education where it was discovered that anyone could access and maintain a connection to the network for up to 90 seconds which is enough time to launch attacks against servers and systems. In addition to that, five of the eight agencies had not maintained current and complete IT asset inventories. This is a huge problem because if an agency doesn’t know what systems they have on their network, how can they patch, update and protect them? Because of poor asset inventory, six out of eight agencies were unable to deploy security patches or other critical updates.

So why is basic network security and asset management so difficult for the government? Well for starters, there is a lot of politics and bureaucracy that takes place in these agencies. First, the people in charge, like the CIO’s don’t have authority to make decisions in many cases and that many of the systems and applications being used are so outdated that they are no longer supported by the vendors. This means that even if they wanted to secure them, there are no patches, updates, or vendor guidance to do so. This of course, is just the tip of the iceberg so if you want to read all the gory details you can check out our show notes to read the full stimulating 99-page government report.

And now a word from our sponsor, Edgewise Networks.

The biggest problem in security that remains unsolved is unprotected attack paths that allow threats to compromise vulnerable targets in the cloud and data center.

But traditional microsegmentation is too complex and time consuming, and offers limited value that’s hard to measure.

But there’s a better approach… Edgewise “Zero Trust Auto-Segmentation.”

Edgewise is impossibly simple microsegmentation … delivering results immediately, with a security outcome that’s provable, and management that’s zero touch.

At the core of Edgewise Auto-Segmentation is Zero Trust Identity, which automatically builds unique identities for all communicating software and devices by combining cryptographic properties of the workload with risk classifications.

Edgewise protects any application, in any environment, without any architectural changes. Edgewise provides measurable improvement by quantifying attack path risk reduction and demonstrates isolation between critical services—so that your applications can’t be breached.

Visit edgewise.net to find out more about how Edgewise can help stop data breaches.

There has been a recent rise in a well-known technique called Malvertising which involves attackers leveraging legitimate domains and services to serve up drive by downloads of ransomware and other types of malicious files. The way it works is that malicious code is embedded in advertisements which get shown to web site visitors. If a user clicks the ad, they get directed to a compromised site serving malware which then gets downloaded and executed on the victims system. The big issue here is that most web site owners have no idea that the ad networks they may be using have been compromised and they have unwillingly become malware distributors. In the past, there have been several large successful Malvertising campaigns that targeted legitimate sites such as the New York Times, the BBC, and MSN.

Just recently, researchers found a new form of exploit kit called GreenFlash Sundown that started in Asia but appears to be spreading across the world. This exploit kit was delivered via an ad that was spread through a site called onlinevideoconverter[.]com which is used by 200 million users a month to convert YouTube videos to different audio formats. The payload executed some JavaScript and then ran an Adobe Flash object. Once the exploit kit goes through a series of checks, it will install a form of ransomware called “Seon”. Seon works like most ransomware by encrypting all your files and then demanding you pay a ransom in bitcoin to get your data back. What makes this particular malware a little more devious is that on top of the ransom it also installed a cryptocurrency miner and what appears to be a type of remote access trojan called “Pony”.

So how do you protect yourself from Malvertising? First, keep your web browser and plugins up-to-date and ensure that you enable “click-to-play” in your web browser settings. What this setting does is it only allows plugins like Flash to run only when you allow it to. Next, use a decent ad blocker like uBlock in your browser to help prevent ads from showing up in the first place. Lastly, the other common advise still applies. Keep your systems fully patched, updated, use and enable the built in Windows defender anti-virus if you’re on Windows, and always be security aware and vigilant while you use the web.

That’s a wrap for this week’s show. Visit our website, SharedSecurity.net for previous episodes, links to our social media feeds, our YouTube channel, and to sign-up for our email newsletter. First time listener to the podcast? Please subscribe where ever you like to listen to podcasts and if you like this episode please it share with friends and colleagues. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.

The post US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns appeared first on Shared Security Podcast.