Technology

Threat: Skimmers Hijack ATM Network Cables
Solution: Don’t use machines that look like they may have been tampered with. ATM manufacturers need to enable encryption of all data from these machines.
URL: http://krebsonsecurity.com/2016/02/skimmers-hijack-atm-network-cables/

Many of us know someone that has had their account compromised. In a blink of an eye their bank account has been emptied by an attacker. In some of these cases you or your friends data may have been stolen using an ATM machine that has been modified to transmit your data like in the article linked to above. Instead of skimming the magnetic strip directly, like some attackers do, these attackers use a device to perform a man-in-the-middle attack.

Unfortunately, these machines normally only encrypt part of your data but leave things like your account number vulnerable. The attacker combines the use of camera for your PIN and they gain access to your account. The best way to avoid these forms of attacks is to not use a machine that looks like it may have been compromised anyway. In addition using indoor machines and not ones that are vulnerable to attack outdoors is advisable.

Threat: OSX Sparkle Updater Vulnerability
Solution: Update OSX impacted software on a secure network until applicable software patches have been made.
URL: https://vulnsec.com/2016/osx-apps-vulnerabilities/ and https://www.evilsocket.net/2016/01/30/osx-mass-pwning-using-bettercap-and-the-sparkle-updater-vulnerability/

This is a pretty recent vulnerability that was found last Friday. Radek (a security researcher) found the vulnerability (or feature?) in the OSX Sparkle Updater that allowed it to use HTTP instead of HTTPS to receive updates. The use of HTTP makes all of the applications that depend on the Sparkle updater and HTTP vulnerable to man in the middle attacks (MITM). In addition Simone Margaritelli (another security researcher) developed a module for Bettercap to exploit the vulnerability. To bring things back to our chapter readings, I think Simone’s post is pretty squarely in the black hat hacker arena and Radek’s post tells enough about the exploit to bring it into the grey hat hacker realm.

At any rate, while this exploit can be used to severely compromise a system, it has severe limitations on availability to do so. The best protection from this vulnerability is to only update software on a secure network, where a MITM attack is unlikely to take place. In addition, with the smaller market share of OSX, it is less likely to be attacked except in target rich environments or for high value targets.

Threat: Customer support leaking customer data in social engineering attacks.
Solution: Reduce digital footprint of public personal information to limit access to information which can used with customer service.
URL: http://arstechnica.com/security/2016/01/how-amazon-customer-service-was-the-weak-link-that-spilled-my-data/

This is an interesting article on how customer service can be targeted in social engineering attacks to give out your personal and financial information. In this case the individual was targeted multiple times through Amazon customer support. The attacker used information obtained about the individual online and after a series of online chats and phone calls built up more personal information about the victim and ultimately obtained his financial information.

This is a difficult attack to defend against. The first best defense is limiting the amount of online information available about yourself and your employees. As this victim did, it’s also important to follow up on any clues to potential breaches of your information. When a service allows it, using some form of two factor authentication is also highly advisable.