With Christmas but a few days away, we now welcome the holiday’s arrival with our third and final part in our 12 Hacks of Christmas series.
Hack #9: Yahoo Christmas Eve Attack (2013)
Between December 27th, 2013 and January 3, 2014, Yahoo unknowingly distributed malware via ads placed on its homepage.
Yahoo confirmed as much in a statement it released to its users: “We served some advertisements that did not meet our editorial guidelines – specifically, they spread malware. We will continue to monitor and block any advertisements being used for this activity. We will post more information for our users shortly.”
The incident began when a hacker exploited certain vulnerabilities in the company’s ad network, which is based on Java. The attackers then laced Yahoo’s ads with Bitcoin mining malware, as well as ZeuS and Andromeda variants.
It is estimated that 2 million users were infected, with as many as 27,000 infections occurring per hour over the course of the attack.
Only Windows users were affected by the incident, so Yahoo urged anyone compromised by the attack to install the latest Windows patches and to update their Java and Adobe versions.
Hack #10: Target Breach (2013)
In mid-December, Target confirmed a security breach that affected most of the customers who shopped at its stores between November 27th and December 15th, 2013.
In total, the attackers compromised the debit and credit card information of over 40 million customers, with an additional 70 million patrons whose names, emails, and addresses were stolen.
As a result of a joint investigation with the U.S. Secret Service (USSS) and US-CERT, security firm Fox-IT determined that the attackers had used a new Trojan, dubbed, “Trojan.POSRAM,” to compromise the PoS machines used at thousands of Target locations.
Beyond losing a CEO and consumers’ trust, Target has so far been forced to pay an estimated $148 million in legal fees and expenses. However, with a judge’s ruling that shoppers whose personal information was compromised can now sue the retailer, those costs are likely to increase.
A year later, the Target breach is widely accepted as one of the worst security hacks on record.
Hack #11: BBC File Server Hack (2013)
On December 25th, Hold Security, a security firm based in Milwaukee, observed a Russian hacker, who goes by the names “HASH” and “Rev0lver,” trying to sell access to one of BBC’s servers on underground markets.
“HASH” allegedly compromised the server via BBC’s file transfer site ftp.bbc.co.uk, with some experts worrying that the hacker might use that access to infiltrate other parts of BBC’s network.
Alex Holden, founder of Hold Security, also expressed his concerns regarding the value of the hacking incident: “I doubt that the BBC stored 40m credit cards, but they have something just as valuable. Theoretically speaking, a hacker who is able to manipulate or fabricate a news story may crash financial markets, make millions, and cause billions in losses.”
According to Tyler Reguly, Manager of Security Research and Development of Tripwire, the attack against BBC should make others wary about using FTP: “What is known is that old, unpatched, open FTP servers are a bad idea. FTP is a very old, rather outdated file transfer protocol that has been replaced by a number of more modern alternatives. Yet, for a number of unknown reasons, FTP access is still popular with many enterprises and end users.”
Reguly goes on to recommend that users turn off any external FTP servers and closely monitor internal servers.
Tripwire to the Rescue
A few days after the attack, it was reported that the BBC was running an outdated version of ProFTPD that was vulnerable to two-year-old attacks.
Tripwire’s products could have helped spot these vulnerabilities and avoid the hack altogether. Reguly explains: “Tripwire IP360 focuses on finding outdated software and reporting the vulnerabilities that it contains. Had IP360 or the cloud-based alternative PureCloud scanned the external network, these issues would have been discovered and reported.”
Additionally, had BBC employed Tripwire File Integrity Monitoring (FIM), sysadmins would have been able to have more quickly identified any changes made to the server by HASH.
Ultimately, the BBC hack illustrates how up-to-date intelligence is crucial with respect to network security. Reguly couldn’t agree more: “Knowing what is on your network, how it is configured, and if it is vulnerable are key components to good security hygiene.”
Hack #12: Sony Hack (2014)
Last month, a hacker collective known as the Guardians of Peace (#GOP) targeted and shut down Sony Picture Entertainment’s computer systems.
The hackers have since compromised Sony’s intellectual property by releasing a large quantity of materials online. This has included executives’ personal information as well as five movies that the entertainment company planned to release.
In the middle of this month, the hackers then changed their tactics by threatening 9/11 type attacks against U.S. movie theaters if Sony released the film “The Interview,” a comedy in which a talk show host and his producer are asked to assassinate Kim Jong-Un, the Supreme Leader of North Korea.
The Department of Homeland Security found no evidence that the threats were credible. However, they were serious enough that a number of major movie distributors decided to not show the film, which in turn drove Sony to cancel the movie’s release altogether.
Contrary to the views of some security experts, the FBI has determined that the North Korean government is directly responsible for the initial hack against Sony.
President Obama has denounced the incident. As of this writing, he is looking for a “proportionate” response to be used against North Korea.
Cybercrime, Cybercrime, Hacking All the Way!
Our 12 Hacks of Christmas blog series has reminded us of the fact that cyber criminals are more than willing to exploit our holiday cheer in an attempt to steal our money, our information, and our peace of mind. It is Tripwire’s hope that we as information security professionals will keep this in mind as we go forward and enjoy the remainder of 2014.
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Image header courtesy of ShutterStock.com.