shadow_brokers.jpg

This week an apparent hacking group released NSA tools that prove that the agency hoarded 0-days in security products, 20 HEI Hotel properties were hacked, and WikiLeaks has reportedly been hosting malware in some of their files that have been overlooked prior to publishing. 

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Nation-Sponsored Attacks

The so-called NSA hacking group "Equation Group", was apparently hacked by a group calling themselves "The Shadow Brokers".

why is this signficant?

  • The Shadow Brokers released exploits and software implants that are said to run in line with previous ties to the Equation Group.  These tools are apparently old tools with the newest dating back to 2013.  It's unclear if these exploits are still executable, however, some of the 0-day vulnerabilities have still not been closed.
  • "The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers including, Cisco, Juniper, and Fortinet."
  • It’s still unclear how the data was exfiltrated. It could be that The Shadow Brokers broke into a C&C server belonging to the Equation Group or it was the act of an insider.
  • The Shadow Brokers are also auctioning off a password to a second encrypted file that could possibly be a Pandora's Box of more interesting tools.

/** Gaining access to security products is an attacker’s dream come true. See how attackers leverage security products and what can be done against such attacks **/

Read the full story on Data Breach Today

Breaches

20 HEI Hotel properties were infected with a PoS malware attack.

why is this signficant?

  • A payment card processor notified HEI Hotels of a potential breach last year.   This affects anyone who used their payment cards at the HEI food and beverage outlets via point-of-sale terminals. 
  • The breach dates back nearly 1.5 years, to March 2015 while the majority of the hotels were compromised after December 2015.
  • Last week's breach at Oracle’s MICROS Point-of-Sale Division shows that attacking a PoS terminal is not a singular event, but profitable and efficient placing these systems high on the attacker’s target list.

Read the full story on Softpedia

Malware Distribution

WikiLeaks has been reported to have been hosting at least 300 malware samples.

why is this signficant?

  • VirusTotal scanned and detected more than 300 malware files in WikiLeaks.  It seems as though the malware files are embedded within the email files of the Turkish party AKP dump. 
  • The Turkish party AKP files were posted after the failed attempt of the failed military coup that occurred last month.  Apparently, now it is reported safe to open the files, just not the attachments.  
  • It's not the first time that malware has been found within files posted on WikiLeaks.  In 2015, an email dump containing 5 million emails, from intelligence biz, Statfor was infested with malware, even a spyware was detected. Evidently, no one had the time to scan all 5 million files before releasing on WikiLeaks and WikiLeaks chose not to address the malware matter back then and even today in the more recent malware discovery.  Now some are saying that WikiLeaks is more of a "malware hub"

Read the full story on The Register