Hackers in China target the country's wealthiest
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
September 5, 2014
It would appear that China's state-supported hackers are being overshadowed by the black hat scene as the latter appears to have doubled in size, with some individulas turning to carding the nation's wealthiest.
A new Trend Micro report identified as 'The Chinese Underground in 2013' issued this week reveals the black hat hacking landscape has rapidly grown since 2011 with the number of bad guys doubling by 2013 and the estimates say it would more than triple by the end of 2014.
Chief security officer Tom Kellerman say that the kackers were targeting the nations' "bourgeois, nouveau-riche Chinese elite who have profited from capitalism" as well as those in other countries.
"Beijing has been focused externally on information dominance and espionage," Kellerman told the publication. "The black hats who are not beholden to the regime believe that money is God and believe that crime has evolved with technology."
Trend Micro's overall metrics are based on about 1.4 million public messages supposedly sent by criminals over the Chinese messaging service QQ.
That volume of messages is said to represent a doubling in hacker chatter in the last ten months of 2013 compared with the same period in 2012, threat researcher Lion Gu said.
"The Chinese underground has continued to grow and is still highly profitable, the cost of connectivity and hardware continues to fall, and there are more and more users with poor security precautions in place," Gu said.
"In short, it's a good time to be a cyber criminal in China. So long as there is money to be made, more people may be tempted to become online crooks themselves."
The report also found that malware was being increasingly targeted at mobile users in keeping with the global migration from desktops to smartphones and iPads.
To be sure, Trend Micro maintains a keen interest in the Chinese and Russian criminal underground markets. Earlier this year, the company issued a new report examining several attempts by the Middle Kingdom's cyber criminals to pawn the mobile market by stating it was full of dirt cheap attack tools used to defraud victims.
In 2012, the firm reported on the size and structure of the nation's cyber underworld, stating it affected about a quarter of the country's internet users.
The company's next target is Brazil, which it will probe for the first time later this year in the hope of examining its digital criminal underground.
In other internet security news
Apple and the FBI said this morning that they are investigating the theft of a large trove of naked celebrity photos that were hacked from their smartphones.
The photos depict Jennifer Lawrence, Kate Upton and around one-hundred others that are thought to have been stolen from Apple iCloud accounts.
FBI spokeswoman Laura Eimiller said in a statement that the Bureau was aware of the hack of "high profile individuals" and was "addressing the matter", but said that "any further comment would be inappropriate for now".
Apple spokeswoman Natalie Kerris said the company was "actively investigating" the hacks.
Some speculation on the picture-pinching pirates' methods has supposed that the newly-released iBrute force password-guessing tool may have been used to break into the celebs' iCloud accounts.
The tool's authors hackappcom wrote that the tool used the Find My iPhone service API, which is not protected against brute force attacks.
Attackers may have used a list of 500 popular passwords that meet Apple requirements, however.
But as Hackappcom pointed out already, the tool was published one day before the hack took place, making the crime "very difficult" to pull off using the tool in such a tight timeframe.
"iBrute was published a day before the incident. It's very difficult to perform this kind of targeted attack in one day, so it's very unlikely that iBrute was used for this attack, but maybe some evil guys found the same bug and used it," the authors wrote in a blog post.
"Anyway, if your accounts were hacked by @hackappcom's method it also means that your passwords are useless but it's not your fault if you are using bad passwords because you are celebrities, not nerds."
As we pointed out in May after an entity called "Oleg Pliss" harvested antipodean iThing credentials, Apple does not limit the number of password entry attempts users could make when attempting to access their iCloud accounts.
Pliss or these new attackers could therefore have worked from a list of iCloud user names and set a script to brute force its way into Apple accounts.
Once Apple applied rate limiters, any "Oleg bot" would be hindered or, with a little more security smarts, struck dead.
We inquired about whether any brute force attempts against any affected celebrity account was detected in logs.
Other rumors suggest that the nude photos may have been stolen from an existing cache of photos acquired over time by other hackers.
Security expert Dan Kaminsky guessed that the photos may have been compiled from hacked computers and collected until a large cache was ready for its release.
Then again, these theories were in part based on an examination of EXIF metadata contained in the photos that suggested many were taken in 2011, while others were captured as recently as last month.
In other internet security news
Over the past several months, NIST (National Institute of Standards and Technology) has taken a long and objective look at how companies use Secure Shell (SSH) and it doesn't like what it sees at all.
In spite of the sheer depth of access generally handed SSH Unix and Linux implementations for a host of different activities (root server management, file transfers, back-ups, software/patch management, disaster recovery, provisioning and database updates) system admins aren't working hard enough to protect those activities, and a lot can be done to change that.
The NIST report says-- “As a whole, management of automated access requires proper provisioning, termination, and monitoring processes, just as interactive access by normal users does. However, the security of SSH-based automated access has been largely ignored to date, even though it is encrypted”.
The report adds, an SSH process running under a patch management system will be given root access to accounts or administrator-level access to Oracle databases, for example. Security is, therefore, critical and needs to be addressed as such.
As always, the most important security considerations fall under the heading of “normal security practice”. NIST points to the security vulnerabilities in older versions of SSH to recommend proper patch management.
User accounts need to be managed and deleted if they're not required. SSH client/server configurations need to be watched, and keys need to be continually monitored and audited.
To be sure, several of the NIST recommendations echo the various concerns expressed last year by the protocol's author Tatu Ylonen when he called for a new version of SSH.
In other internet security news
One of the biggest private parcel carrier and freight forwarder in the U.S., United Parcel Service has discovered a serious computer security breach at 51 of its stores, making the company the latest retailer to lose sensitive customer information.
With annual sales totalling several billions, UPS said that the hacking had escaped detection at stores in 24 U.S. states, or around 1 percent of its locations.
At most stores, the malware attack occurred after March 26, and was eliminated by August 11.
Customer names, postal addresses, email addresses and payment card information were compromised. Tim Davis, president of The UPS Store, apologized in a statement for any anxiety the theft may have caused customers.
He added that UPS had deployed "extensive resources to quickly address and eliminate this issue."
Each UPS Store is franchised and runs separate computer systems, which may have helped limit the extent of the attack.
UPS said the malware was not found at any of its other businesses, however. The UPS security breach is the latest in a long string of incidents in which hackers and miscreants have made off with retail consumer data and sensitive credit card information.
Just last week, Albertson's and SuperValu announced that hackers broke into their credit and debit card payment networks.
Additionally, in December 2013, Target has been hit and hackers stole 40 million credit cards, along with Adobe, Snapchat, Michaels, Neiman Marcus, AOL, and eBay.
All in all, independent research reveal that about half of all American adults were hacked in a recent 12-month period, in one form or another.
In other internet security news
Community Health Systems, which operates 206 hospitals across the United States, confirms that hackers recently broke into its server network and stole sensitive personal data on over 4.5 million patients.
Miscreants managed to gain full access to patients' names, social security numbers, physical addresses, zip codes, birthdays and telephone numbers.
Any patient who received treatment from a network-owned hospital in the last five years or was merely referred there by an outside doctor is directly affected.
The large data breach places these people at heightened risk of identity fraud, among other risks. That allows criminals to easily open bank accounts and credit cards on their behalf, take out loans and ruin personal credit history.
The company's hospitals operate in 28 states but have their most significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas.
Community Health Systems (CHS) hired cybersecurity experts at Mandiant to consult on the security breach. They have determined that the hackers were located in China and used high-end, sophisticated malware to launch the attacks sometime between April and June of this year.
The FBI said that it's working closely with the hospital network and committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators.
Federal investigators and Mandiant told the hospital network those hackers have previously been spotted conducting corporate espionage and targeting valuable information about various medical devices.
But this time, the hackers stole patient data instead. Hackers did not manage to steal information related to patients' medical histories, clinical operations or credit cards, however.
Nevertheless, the lost personal information is protected by the Health Insurance Portability and Accountability Act, the federal health records protection law.
That means that patients could sue the hospital network for damages and financial compensation.
As for exposed victims protecting themselves? There's little they can do, at least for now anyway. Making matters worse, Community Health Systems said it will provide notification to the 4.5 million patients "as required by federal and state law," which is inconsistent and can vary by region.
There is no federal data breach law that requires timely and transparent disclosure that sensitive personal information was lost.
CHS tried to stem worries about the damages in a filing Monday with the Securities and Exchange Commission, saying that it "carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature."
The hospital network said that just before Monday's announcement, it managed to wipe the hackers' malware from its computer systems and implemented protections to prevent similar break-ins in the future.
Furthermore, the company plans to offer identity theft protection to the 4.5 million victims of the data breach.Tweet Share on Twitter.
Source: Trend Micro.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
You can link to the Internet Security web site as much as you like.