November 15, 2018
Official Google Twitter account hacked in Bitcoin scam
By Danny Bradbury
The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts. Criminals sent posts from both Google’s G Suite account and Target’s official Twitter account.
Cryptocurrency giveaway scams work by offering money to victims. There’s a catch, of course: They must first send a small amount of money to ‘verify their address’. The money in return never shows up and the attacker’s cash out.
Authenticity is a key factor in these scams. Accounts with verified status shown by a blue tick carry more of that. So it makes sense for attackers to hack verified accounts and then use them to impersonate very high profile people with lots of followers. Elon Musk and Ethereum founder Vitalik Buterin have both been targets for imposters.
On Tuesday, criminals went one better, managing to compromise the official account of Google’s G Suite. This gave them an authentic platform to address the account’s 822,000 followers as Google itself, rather than impersonating it with another hacked account.
The Bitcoin giveaway scam quickly followed, claiming that G Suite was now accepting cryptocurrency payments and offering a total of 10,000 Bitcoins (BTC) to “all community”. The scammers asked for between 0.1 and 2 BTC, and promised to return ten times the amount sent. They also added a bonus: send 1 BTC or more and get an additional 200% back.
Read more at https://nakedsecurity.sophos.com/2018/11/15/official-google-twitter-account-hacked-in-bitcoin-scam/
DARPA uses a remote island to stage a cyberattack on the US power grid
By Lisa Vaas
There was the sound of breakers tripping in all seven of the grid’s low-voltage substation, and then, the station was plunged into darkness. It was the worst possible scenario: swaths of the country’s grid had already been offline for a month, exhausting battery backups at power plants and substations alike.
What would you do if you were in that utility command center? Turn up everything all at once? Turn up smaller pieces of the grid and put them into a protected environment to run cyberforensics and thus keep them from potentially spreading whatever malware was used in the attack?
Those are the kinds of questions that are typically confined to a lab setting. But earlier this month, on a small island 1.5 miles off the shore of Long Island, the Defense Advanced Research Projects Agency (DARPA) brought the dreaded scenario to life.
Plum Island – at 840 acres, it’s about the same size as Central Park, in Manhattan – is officially called the Plum Island Animal Disease Center. Currently run by the Department for Homeland Security (DHS), the federal facility comprises 70 mostly decrepit buildings.
The island has its own fire department, power plant, water treatment plant and security. The center was originally created in 1954, in response to outbreaks of foot-and-mouth disease in cattle. DHS took over control of Plum Island in 2003, due to the research center’s critical role in protecting the nation’s livestock from infectious animal diseases.
Read more at https://nakedsecurity.sophos.com/2018/11/15/darpa-uses-a-remote-island-to-stage-a-cyberattack-on-the-us-power-grid/
France: Let’s make the internet safer! US: ‘How about NO?!’
By Lisa Vaas
The US, China and Russia are some of the big names that are missing from the list of signees of the Paris Call for Trust and Security in Cyberspace: an initiative designed to establish international etiquette with regards to the internet, including coordinating disclosure of technical vulnerabilities.
French President Emmanuel Macron announced the agreement on Monday at the annual UNESCO Internet Governance Forum in Paris.
The document proposes rules of engagement for a slew of internet-related challenges, including cooperating to fend off interference in elections, online censorship and hate speech, intellectual property theft, malware proliferation and cyberattacks, and the use of cyberweapons to hack back… or, in the parlance of the US military, “offensive hacking,” as in, what the Department of Defense gave itself the power to do in the new military strategy it set forth in September.
The document has been endorsed by more than 50 nations, 90 nonprofits and universities, and 130 private corporations and groups.
You can see why the accord’s attitude about cyberwarfare wouldn’t fly with a lot of countries. Besides the US, some of the nations that abstained from signing on, including China and Iran, have active cyberwar programs. As we reported last week, Iran unravelled the CIA’s secret online network years ago with simple online searches, leading to informants being left vulnerable to exposure and execution worldwide.
Read more at https://nakedsecurity.sophos.com/2018/11/15/france-lets-make-the-internet-safer-us-how-about-no/
Targeted ransomware attacks – SophosLabs 2019 Threat Report
By John E Dunn
Cybercriminals have returned to old-school manual hacking tactics to boost the efficiency of targeted extortion, according to research conducted for the SophosLabs 2019 Threat Report.
Ransomware attacks are nothing new, but well known examples like CryptoLocker or WannaCry have tended to be opportunistic and indiscriminate. To penetrate their targets they rely on simple automation, such as boobytrapped attachments sent to a large number of prospective victims via email.
However, the most eye-catching innovation seen by Sophos during 2018 looks more like the opposite of automation – manual control.
Deploying an attack by hand takes time and doesn’t scale well, but it is hard to detect – because it doesn’t necessarily follow a predictable pattern – and hard to stop – because an attacker can adapt as they go.
SophosLabs sums up the advantages of the hands-on approach:
With targeted attacks, the behavior is inherently unpredictable, and the attackers can respond reactively to defense measures that, at first, thwart them from accomplishing their goal.
The perfect case study in how successful this modus operandi can be is the SamSam ransomware, whose evolution Sophos has been tracking since 2015.
Earlier this year, Sophos researchers discovered that a group or individual has used SamSam to successfully extort $6 million (£4.6 million) out of victims in the two and a half years to June 2018.
Read more at https://nakedsecurity.sophos.com/2018/11/14/targeted-ransomware-attacks-sophoslabs-2019-threat-report/
HTTP/3: Come for the speed, stay for the security
By Danny Bradbury
Google’s campaign to nudge the web towards faster performance took a big step last month. Key personnel at the Internet Engineering Task Force (IETF) suggested basing the next version of a core protocol on technology that originated with the search giant.
The IETF is responsible for signing off many of the key standards underpinning the internet and the web. One of them is the hypertext transport protocol (HTTP), which is how browsers fetch web pages.
In 2013, Google introduced a new experimental protocol called Quick UDP Internet Connections (QUIC), that would make HTTP requests faster and more secure.
Google proposed the idea of running HTTP requests using QUIC in 2016. The IETF evolved the protocol, producing what amounts to its own version (sometimes called iQUIC, in contrast to Google’s gQUIC).
The IETF has been working on running HTTP over QUIC for a while. On 18 October, Mark Nottingham, chair of the HTTP and QUIC working groups, suggested that it was time to call that specification HTTP/3. This would, effectively, make it the next major version of HTTP, and it represents a significant change.
Read more at https://nakedsecurity.sophos.com/2018/11/14/http-3-come-for-the-speed-stay-for-the-security/