Top threats November 2017

Taking a look at articles and information from open sources, our own Cyber Defense Center and the media, the following list is what we see as the events with the most impact, risk and press from the last few weeks. There are wildly different types of events in this list, such as vulnerabilities, malware and hacks. They aim to give a high-level overview of the threat landscape. If you only have time to digest one item on this list: remember ROCA.

#1. Top threat: ROCA vulnerability allows recovery of RSA private keys

What: ROCA is a vulnerability in Infineon TPM chips. With it, private keys could be recovered.

Where: Global

How: With knowledge of the public key, and without hardware access, one could theoretically recover private keys.

When: ROCA was explained in depth at the ACM conference on November 2nd.

Impact: Infineon TPM chips which are present in most devices made by the big WIFI network companies. You are likely to be affected. ROCA was announced on the same day as KRACK, and many said this was bigger than KRACK. The vulnerability is in the hardware. This is why the full extent of the impact is difficult to oversee. Major vendors, including InfineonMicrosoftGoogleHPLenovo, and Fujitsu have addressed the ROCA vulnerability with software updates.

Although the #2 threat definitely won by buzz in the community, we place ROCA at #1.

More reading:

#2. BadRabbit crypto ransomware

What: Crypto ransomware. About 2/3rd of the code of BadRabbit is (Not)Petya). The creators, in contrast with Wannacry / Notpetya, took the time to create a process for returning keys to paying victims.

Where: It started in Russia, Ukraine and Bulgaria. However, SecureLink has spotted infections in Belgium, and possibly in Sweden and the Netherlands too. Reports from the US have come in too.

How: It initially used a watering hole attack, faking a Flash Player update. Both the user and the sysadmin managing the network would have to make unwise decisions in order for the infection to succeed. A crude lateral movement system with hardcoded passwords was observed, but later researchers found there was likely a Notpetya style exploit in the malware too.

When: October 25, 2017 (CEST) – now

Impact: Seemingly very high, BadRabbit is the top discussed threat. It’s likely neither risk or impact are as high as publicity would make it seem, since infection is only possible if [A] the user gets social engineered and [B] the user is allowed to “run as Administrator”, which is a bad practice in most enterprises.

More reading:

#3. Vulnerability: KRACK breaking WPA2 protection

What: A vulnerability in WPA2, which secures pretty much all home and business Wi-Fi. Could allow an attacker to listen in on you.

Where: Global

How: By manipulating the key exchange process.

When: First published on October 27, 2017 (CEST)

Impact: While the impact is global, many vendors like Microsoft and Apple have released patches. The risk is in (obscure) IoT devices, like home routers, which might never get a firmware upgrade. That said, the research is academic, and while writing this there is no proof of concept exploit available.

More reading:

#4. Deloitte hack

What: Deloitte was hit by a major cyber-attack that compromised its email system and certain client records.

Where: Deloitte, UK

When: The news came out late September 2017, with reports mentioning the actual hack taking place months earlier.

Impact: Reportedly, confidential e-mail and plans from blue chip customers were stolen. Hacks happen all the time, and serve as a reminder: 100% protection is impossible, but we need to continuously reassess if we can do better.

More reading:

2017-11-21T00:40:48+00:00 November 7th, 2017|

Leave A Comment

SecureLink