FBI Tip: Reboot Your Router and Stay Safe Against Russian Malware

Last April, U.S. and U.K. officials issued a warning that Russians were behind a major threat to security through business or home smart devices. While the cyber threat was directed initially towards home and business routers running IoT devices, the attack would eventually move on to a massive scale involving water filtration systems and power lines. Sounding like a page from a spy novel, it sounds unlikely in the post-Cold War era but the FBI followed this up with another warning in late May.

According to Reuters, Russian hackers had breached thousands of home routers in the U.S. and could gather information or even shut down traffic. Some quarters considered this to be another witch hunt, just like what happened with Huawei and ZTE in previous years. In an effort to stem the threat, the FBI shut down a website that would ostensibly be used by the Russian hacker group named Sofacy to beam malicious information affecting about 700,000 routers in homes and businesses across 50 countries. According to FBI most of the susceptible devices were bought online. Cisco Systems Inc. claimed that the targeted routers were from Asus, D-Link, Huawei, Ubiquiti, Upvel, ZTE Linksys, MicroTik, Netgear Inc., TP-link, and QNAP; brands that are extremely popular among home users and favored by Internet providers. Sofacy (aka APT28 and Fancy Bear) was also implicated in hacking the Democratic National Committee in the most recent U.S. Presidential campaign.

According to CISCO, the U.S. is not yet under major attack but that it was the Ukraine that was the ultimate target. In a document shared to both the U.S. and Ukraine governments, it outlined how the malware caused millions in damages in the Ukraine and was behind a major power outage.

“The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyberattack operations.” —  Cisco

This particular VPNFilter malware is hard to detect due to encryption so it is best to be cautious. It has 3 stages and persisting to subsequent stages after a reboot at Stage 1 is possible. This is so different from other malware infecting smart devices which seldom survive a reboot. The FBI suggests rebooting your router and downloading updates to disrupt the malware’s action. Though that cut-off communication, there were still infected routers to deal with. It is strongly advised that remote management settings be disabled and passwords changed regularly.

The size and scope of the infrastructure by VPNFilter malware is significant…capable of rendering peoples’ routers inoperable. – FBI

Experts further recommend resetting of SOHO (small home and office) routers and NAS (network-attached storage) devices to factory defaults aside from simply rebooting. Users should also coordinate with their Internet Providers who can reboot SOHO routers and manufacturers to ensure that the most recent patches are installed.

Is this a modern-day “Hunt for Red October”?

Smart Teddy Bear (and Other Toys): Eavesdropper or BFF?

The Norman Rockwell Christmas scene of the past was never without a huggable Teddy Bear. It was the depository of children’s secrets, and like a true friend kept mum. Fast-forward to 2017 and fluffy BFF is actually an interactive toy connected to smartphones through Bluetooth, wifi, and camera; fully capable of voice-recognition and geo-location. It could see you, talk to you, listen to you – and tell all.

My Friend Cayla, a very popular interactive doll has been outlawed in Germany because it was potentially hackable. There was a concern about where the recorded conversations are stored and how these are used. In the U.S., the FBI issued a consumer advisory on how “Internet-connected toys could present privacy and contact concerns for children”.

Connected Toys: Growth and Trends

Toys do more than just keep the child entertained. These are important learning tools that challenge a child’s creativity and develop problem-solving skills. However, with the developments in IoT, AR, and robotics, traditional toymakers like Hasbro and Mattel continuously struggle with coming up with toys that won’t be discarded barely after being unwrapped. Today’s children are so tech-savvy that passive playthings are almost a thing of the past, having been replaced by consoles, bots, apps, games, and the very popular smart toys. Some of today’s toys like Furby had earlier talking versions that were considered safer because the collection of information was limited and nothing was beamed externally via the Internet.

Smart toys or connected toys connect to the Internet through Wi-fi or Ethernet. However, they can also connect through Bluetooth, Android or iOS devices which is potentially dangerous since children are usually off-guard and not mindful of security when at play. The recorded conversation may inadvertently include sensitive personal information – like location and who the child is with. The most popular ones simulate life and are very “intelligent” and responsive. Talking toys, in particular, are equipped with microphones, sensors, and cameras which in a non-play situation could even be considered sinister.

Parental Guidance: Safety of Connected Toys

In 2015, Statista studied the concerns of French parents about smart toys. A whopping 57% feared that increased play time would erode school performance. 22% believed that their kids were constantly asked to purchase add-ons and apps online while 20% were apprehensive about the health effects of staying up late playing games. Still, connected toys enjoy a steady growth of over 10% annually since 2016 with no signs of slowing down until 2020 – despite fears of security and invasion of privacy.

“Voice recordings, toy Web application (parent app) passwords, home addresses, Wi-Fi information, or sensitive personal data could be exposed if the security of the data is not sufficiently protected”                                                               – FBI, July 17, 2017

According to the FBI, Internet-Connected toys are vulnerable because conversations stored either on servers or the cloud which makes it susceptible to hacking. In fact, the video below shows how these toys could be hacked!

Parents can keep well-loved toys safe by researching on updates, hacks, and known security issues. Allow playing only in areas that have secured Wi-fi access and always update software. PINs, passwords, and pairings should be kept secure and monitor the child at play. Always make sure that microphones and cameras are turned off when not in use and create strong passwords. Bear in mind that the information, when used by dubious entities, can turn your innocent Teddy into an eavesdropper.


Bust leads to hacker’s bust

How dumb can you be when law enforcers are chasing you and you give them a clue as to where your whereabouts are?

Well, Higinio O. Ochoa III was being searched by the FBI after he posted the name and home addresses of police officers on a website last February.

The 30 year old hacker linked to the site from the Twitter handle @Anonw0rmer. The bottom of the site featured a fairly gifted lady with a sign that says, “PwNd by w0rmer & CabinCr3w <3 u B—s !”

Courts documents showed that encrypted GPS date from the smartphone it was taken indicated that it was taken by an iPhone in Australia.

After the feds saw this, they got access to his Facebook page and found photos of the well-endowed lady where they suggested that this was his girlfriend and that it was the same woman in the photo.

The feds then stormed Ochoa’s apartment on March 20 and arrested him.

He was able to post bail by paying $50,000. He is due in court next week to face charges that were filed against him.

Well, I guess if you’re being chased by law enforcement officers, it would be better if you’d keep your identity a secret and avoid social media.

Image Source: Afterdawn.com

Zeus identity-theft Trojan is back, FBI warns

A new strain of the infamous Zeus Trojan is again wrecking havoc in cyberspace and the Federal Bureau of Investigation (FBI) said that it can defeat security measures of top financial institutions.

The latest ID-theft malware known as Gameover, starts via spam e-mails also known as phishing schemes supposed to come from the National Automated Clearing House Association or the NACHA, the Federal Reserve Bank, or the FDIC also known as Federal Deposit Insurance Corporation.

This was the warning issued by the FBI:

The malware is appropriately called “Gameover” because once it’s on your ocmputer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, ti’s definitely “game over”.

Gamover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.

The scheme usually has a link in the e-mail that if clicked would redirect you to a website. According to the FBI, “once you’re there, you inadvertently download the Gameover amlware, which promptly infects your computer and steals your banking information.”

Image source: adsh2007.com

One hundred phishers charged

Following a multi-national investigation into a phishing scheme that covered the United States and Egypt, the Federal Bureau of Investigation (FBI) announced today that it had charged 53 defendants in the U.S, thirty-three of which were already arrested while the others are still being sought.

Authorities in Egypt on the other hand have charged 47 defendants who are also linked to the phishing operation, taking the total to 100, the largest number ever charged in a cybercrime case.

The investigation, which was dubbed “Operation Phish Phry”, begun in 2007.

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity  is now committed,” Keith Bolcar, acting assistant director of the FBI in Los Angeles, said in a statement.

“Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans.”

The 53 defendants in the U.S. face charges of conspiracy to commit bank and wire fraud that could cost them a maximum of 20 years in prison. Hmmn, let’s see if they can hack they’re way of out that.

Source: http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301571

Exit mobile version