Other issues in this category (35)
Monday, November 20, 2017
When we hear news of some resource getting compromised, we think the hackers involved must have spent many hours guessing passwords, investigating the website’s software or using NLP techniques on the staff.
The hacker group APT ALF cracked the network of an Australian military contractor and stole 30 gigabytes of secret military documentation about combat planes, munitions and naval vessels. The public became aware of the data theft from a report put out by the Australian Cyber Security Center (ACSC).
The technical data, which included information on the F-35—military fighters; the P-8 Poseidon—a maritime patrol plane; the C-130—a cargo plane; Joint Direct Attack Munition (JDAM)—a set of smart bombs; and "a few Australian naval vessels", was stolen from a small Australian defence company. One document was a wireframe diagram of "one of the navy's new ships”.
Good catch! However, the ALF APT hacker group is not widely known on the Internet, and a quick search doesn't give any information about it. But let's downplay that fact. It's a good thing there’s no mention of anonymous "Russian hackers".
So, how was the website compromised?
Access was initially gained by exploiting a 12-year-old vulnerability in the company's IT Helpdesk Portal that served as the company's file server. The attackers managed to get access to the domain administrator account, which allowed them to access the domain controller, the remote desktop server, email, and other sensitive information.
A loophole that hadn’t been closed in 12 years! Just imagine—since 2005. In this context, it’s no longer surprising that the technical support computers and the wireframe diagrams of the new ships were accessed.
Only one employee was responsible for all IT issues. And that person had worked for the company for just nine months. The company's systems had no DMZ protective network, a regular mode for fixing vulnerabilities. In addition, all the servers had the same administrator account password
A single password for all the servers! Perhaps this fact is worth being recorded in the book of dubious distinctions.
But if the administrator of the compromised network had followed our recommendations, it’s unlikely such problems would have occurred.
Let’s be honest, to a large extent, hackers are successful because users are reckless. For instance, consider this set of Terror exploits (malicious code designed to exploit vulnerabilities):
According to Trustwave, Terror originally consisted of eight exploits that were used simultaneously:
- CVE-2014-6332 — Internet Explorer
- CVE-2016-0189 — Internet Explorer
- CVE-2015-5119 — Adobe Flash
- CVE-2015-5122 — Adobe Flash
- CVE-2013-1670/CVE-2013-1710 — Firefox
- CVE-2014-1510/CVE-2014-1511 — Firefox
- CVE-2014-8636 — Firefox
- CVE-2015-4495 — Firefox
At the beginning of January 2017, many experts mistook Terror for a new version of Sundown since Terror’s author copied a fair amount of code from his competitors. In addition, the developer forgot to conduct obfuscation, which confused the researchers; and after that, they discovered another four exploits.
- CVE-2013-2551 — Internet Explorer
- CVE-2014-6332 — Internet Explorer
- CVE-2015-7645 — Adobe Flash
- CVE-2016-4117 — Adobe Flash
Vulnerabilities dated 2013 and 2014. It becomes apparent unclosed vulnerabilities are a mass phenomenon.#exploit #vulnerability #hacker #cybercrime #security
The Anti-virus Times recommends
Our recommendations are not empty words. They contain all of our accumulated experience—more specifically, the sad experience of users who’ve been affected by cybercriminals, often because they were overconfident or ignored the simplest of rules.
So, this time, we won't give any recommendations. We hope they’re already embedded in your memory. Right?