Jakkals – 2019_01_25

– InfoSec stories scavenged for you from across the internet –


Three stories this week (again):

  • DDoS-ing a Country (Guy who took Liberia offline is jailed)
  • Lazarus at the Waterhole (Company breached in nifty attack)
  • Incoming! (Hijacked camera sends false ‘Incoming Missile’ warning)


1_ DDoS-ing a Country

(Guy who used the Mirai botnet against Liberia gets jail time in the UK)

In 2016, researchers detected one of the largest publicly recorded Distributed Denial of Service attacks (DDoS). The attack made use of hijacked webcams part of the Mirai botnet and generated traffic up to 500 Gbps. This traffic was directed at the internet infrastructure of the West African nation of Liberia. See 2016 article from Threatpost detailing the attack.

Fast forward 3 years later and one Daniel Kaye has been sentenced to 32 months in the slammer for this DDoS attack. Turns out an employee of the Liberian telecoms company Cellcom (now rebranded as Orange Liberia) hired Mr Kaye to launch the attack on their competitor, Lonestar Cell MTN. Not only did it successfully disrupt Lonestar’s network, it also took down the entire country’s internet!

After the Liberian attacks, Mr Kaye attempted to take control of some of Deutchse Telekom’s routers for more attacks, but this ended up taking about 900,000 routers offline. A week later he again fumbled and inadvertently took down 100,000 UK based routers from three separate ISPs. In the end this was what got the fuzz to hunt him down.

Turns out your actions was not O-Kaye, Daniel.

Links:
https://www.zdnet.com/article/hacker-bestbuy-sentenced-to-prison-for-operating-mirai-ddos-botnet/
https://www.bbc.com/news/uk-46840461


2_ Finding Lazarus at the Watering Hole

(For a quirky video about a ‘actual’ watering hole, check this)

Attackers, allegedly linked to North Korea’s Lazarus group, have been fingered for an attack on a Chilean networking company. This company, Redbanc, is basically responsible for all of Chile’s ATM networks.

What makes this attack notable is the method in which Redbanc was compromised – a watering hole attack. Attackers put an advertisement up on LinkedIn, to which a Redbanc employee responded. This then led to a phony Skype interview with a Spanish speaking ‘recruiter’. During the ‘interview’ the employee was tricked into downloading what appeared to be an application form. The application form however turned out to be malware which subsequently infected his work computer.

Luckily the introduced malware was picked up by Redbanc before too much snooping could be done on their network…

Links:
https://nakedsecurity.sophos.com/2019/01/21/attackers-used-a-linkedin-job-ad-and-skype-call-to-breach-banks-defences/
https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/


3_ Incoming!

(Hijacked Nest camera sends false ‘Incoming Missile’ warnings)

Laura was cooking up a storm in her California kitchen, when the loud noise of an emergency broadcast interrupted the bubbling sounds from her simmering chicken broth:

You have three hours to evacuate! North Korea has launched a missile attack on the United States. Move!

Ok, she was probably not making a chicken broth, but you get the idea. Needless to say, panic ensued after the family heard the announcement, thinking it came from their television. It turned out that an attacker managed to hack into their internet connected (IoT) Nest Security Camera and play the fake alert. Luckily, sanity prevailed after an excruciating 30 minutes of trying to figure out which of your favorite cast iron frying pans to take along in the evacuation.

Reminds me of the saying: “The S in IoT stands for Security”.

Links:
https://www.csoonline.com/article/3335637/security/hijacked-nest-camera-blares-warning-about-north-korean-missiles-headed-to-us.html
https://nakedsecurity.sophos.com/2019/01/23/hijacked-nest-cam-broadcasts-bogus-warning-about-incoming-missiles/

Leave a Reply

Your email address will not be published. Required fields are marked *