Breaking News »

Latest Hacking News

The rising menace of botnet malware

Malware or malicious computer code has been around in some form or other for over 40 years, but the use of malware to take control of a group of computers that are then organized into something called a botnet is more a twenty-first century phenomenon.

The word botnet is made up of two words: bot and net. Bot is short for robot, a name we sometimes give to a computer that is infected by malicious software. Net comes from network, a group of systems that are linked together. People who write and operate malware cannot manually log onto every computer they have infected, instead they use botnets to manage a large number of infected systems, and do it automatically. A botnet is a network of infected computers, where the network is used by the malware to spread.

Botnets have been responsible for some of the most costly security incidents experienced during the last 10 years, so a lot of effort goes into defeating botnet malware and, when possible, shutting botnets down.

In a very short time, new rapidly expanding Internet of Things  (IoT) botnet malware, more complex and dangerous than the 2016 malicious Mirai bot that caused widespread outages in the US and beyond, has already compromised over a million devices.

In 2016, IoT worm named Mirai infected some 2.5 million gadgets worldwide, building botnets that sent unstoppable floods of junk traffic and took down major internet services including Spotify, Paypal and Reddit.

Mirai impacted IP cameras and internet routers by simply trying default login and password combinations on them. But the new and recently-discovered botnet, known as IoT Troop or, more commonly, Reaper, has evolved beyond that simple tactic — not just exploiting weak or default passwords on devices it infects — but using more sophisticated software-hacking techniques to break into insecure gadgets even after passwords have been changed.

According to Check Point, millions of IoT devices have already beeen enslaved, including routers and IP cameras manufactured by GoAhead, D-Link, TP-Link, Avtech, and others, and the bot continues to rapidly spread.

The device owners should check IoT manufacturer lists of affected gadgets and perform a factory reset on its firmware, if required.

Cyber-attack hits Czech Parliament Election

A number of websites of Czech statistical office (CZSO) have reportedly subjected to DDoS (Distributed Denial of Service) attacks during the counting process of recent parliamentary elections.

The CZSO spokeswoman, Petra Bacova, told Sputnik Sunday, "The websites related to the parliamentary elections — and — have temporarily failed to function due to DDoS attacks [Distributed Denial of Service] during the vote count on Saturday. These attacks have not affected the overall progress of the election."

The Czech National Cyber cell along with the police and Information Security Agency has already launched an investigation to look into the attacks.

"Thanks for the rapid response, the attacks on both aforementioned servers have been neutralized, while the work of the websites has been resumed," Bacova said.

The country held an election for their lower house of the parliament on Friday-Saturday. The election was won by centrist ANO political party with 29.64 percent of votes.

Most of the organised cyber crime originates in Russia

The infrastructure of Northern Ireland has been suffered a "significant" number of online attacks for quite some time by hostile nations, UK's top cyber security agency has revealed.

CEO of National Cyber Security Centre (NCSC), Ciaran Martin, revealed on his two-day visit to Belfast, during his speech at Queen's University he briefed the permanent secretaries of Stormont departments.

During his interview with the Belfast Telegraph, he agreed that most of the cyberattacks cannot be stopped or are inevitable, but we can control the damage.

However, an Oxford University graduate explained: "We believe the aim is that they'll want to pre-position for times of tension, or they'll want to find out how systems work so that potentially they can compromise them in future. Attacks on critical infrastructure are going to happen - what's important is that they can't do as much harm as they might otherwise do."

Martin said: "The risk is there, I don't want to over-hype the risk, but in a digital economy like NI there are critical systems - the NHS, there will be power grids and so forth - so part of our job is to help the owners of those networks and make sure that if there is a large-scale very serious attack that it can only do a certain amount of damage and it can't paralyse the system. Part of the NCSC's job is, over time, to build in that resilience into the system so that large-scale damage is less likely.

"So a very serious attack is possible. I wouldn't say it's statistically more probable or less probable that it would happen in Northern Ireland than England or the Republic or somewhere else. What I would say with high confidence is that there is an everyday risk to the economy here from that sort of low sophistication, but highly prolific, set of attacks. There is always the potential for a very serious attack, and certainly, at a UK-wide level I think we expect a 'significant scale attack' in the next few years."

According to the agency, most of the organised cybercrime originates in eastern Europe, particularly Russia.

He continued: "Mostly you're just talking about low-level prolific tech where someone wants to steal a few hundred pounds, someone wants to hold a business to ransom, someone wants to steal a data set. It's just that corrosive, low-level damage where each individual attack is of no particular strategic significance, you add them all up and you've got a big problem and that's what we're trying to fix.

"The main source of cyber attacks are hostile foreign states and international criminal groups, they're not terrorist groups or paramilitary groups whether here in Northern Ireland or elsewhere. Paramilitary and terrorist groups across the world tend not to have very sophisticated cyber attack capabilities. It's mostly an organised criminal network, it may be under the sponsorship of the state, but it's a bunch of people sitting in cubicles looking at screens trying to do a large-scale attack."

Vulnerabilities in Wifi security protocol

Security experts at Belgian University KU Leuven have discovered a weakness in WPA2, a wireless security protocol that is being used worldwide for internet connection over Wifi network.

The researchers have broken WPA2 protocol and have highlighted the potential for internet traffic to be exposed which can be manipulated by the hackers.

Mathy Vanhoef, a security expert at Belgian University published the details of security threats regarding WPA2 on Monday morning. “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

Vanhoef emphasized that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

According to the report, various devices and operating systems will be affected by the vulnerability including  Android, Apple, Linux, Windows, OpenBSD, MediaTek, Linksys.

“If your device supports wifi, it is most likely affected,” Vanhoef further added. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device
being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”

 Britain's National Cyber Security Centre  issued a statement saying they are examining the vulnerability .“Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.

“We are examining the research and will be providing guidance if required. Internet security is a key
NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”

The United States Computer Emergency Readiness Team(CERT) have issued warning after the release of information regarding vulnerabilities in WPA2.

“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection
hijacking, HTTP content injection and others,” the alert further added “most or all correct implementations of the standard will be affected”.

Most of the connections use WPA2 security protocol as it is the safest, the older security protocols have been broken in the past and this was the most widespread means for encrypting wifi data. However Secure websites, Virtual Private networks and other secured connections will remain unaffected by these vulnerabilities as a added layer of security is provided in this communication.
The chief technical officer of subscription service Iron, Alex Hudson said that it is important to"keep calm" “There is a limited amount of physical security already on offer by wifi: an attack needs to be in proximity,”, “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

“Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an HTTPS site … your browser is negotiating a separate layer of encryption. Accessing secure websites over wifi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.”

The international Cert group has informed various Technology companies regarding vulnerabilities.