Mystery hackers warn Iran and Russia: ‘Don’t mess with our elections’

9 Apr 2018

Azadi Tower in the Iranian capital of Tehran. Image: Milosz Maslanka/Shutterstock

A Cisco vulnerability allowed mysterious hackers to target machines around the globe.

Commercial airline Delta was hit by a major data breach last week, alongside US retail chains Sears and Best Buy, exposing thousands of payment card details for potentially nefarious use.

Meanwhile, as the Cambridge Analytica affair raged on, Facebook announced an array of new privacy restrictions on its APIs, meaning apps can no longer access the same quantity of data about users.

Future Human

On Irish soil, an alleged data breach involving thousands of INM emails raised questions about surveillance of the free press.

Read on for this week’s pick of enterprise stories.

A Cisco exploit and a mysterious message

Last Friday (6 April), a collective of vigilante hackers set its sights on computer infrastructure in Iran and Russia, hitting data centres, ISPs and some websites.

An image of the US flag was displayed on a selection of affected screens, along with a message: ‘Don’t mess with our elections.’ The people responsible told Motherboard they were “tired of attacks from government-backed hackers on the United States and other countries”.

The group carried out the attack by exploiting a software protocol in Cisco Smart Install Client. Talos, the Cisco cybersecurity arm, said it found 168,000 systems potentially exposed. Hackers had been using the vulnerability to target critical infrastructure, and some of the attacks are believed to be the responsibility of nation state actors. The US Computer Emergency Readiness Team (CERT) had put out an alert in March about critical infrastructure sectors.

Iran said it tackled the flaw within hours and suffered no data loss, but questions remain around the reach of the attack that also hit China, the US and Russia. Kaspersky said the attack targeted the Russian-speaking part of the internet, and Cisco encouraged its users to review their architecture.

‘Ghost users’ are haunting organisations and helping attackers

Security firm Varonis found that stale or inactive ‘ghost user’ accounts on internal systems can allow attackers to move laterally and find what they’re looking for much faster. 34pc of all users fall into the ‘ghost’ category and almost half of all companies have more than 100 ghost accounts.

Varonis also found that 54pc of company data is stale, taking up valuable storage space and putting organisations at risk of breaches and exploitation. Scanning and monitoring for sensitive data is recommended, as well as mapping access controls.

Crypto-mining malware skyrockets in Q1 2018

Malwarebytes reported a 4,000pc increase in Android crypto-miners in the first three months of 2018. Cyber-criminals seem to be moving away from ransomware as the more common attack method, with customer-focused malware attacks down 35pc from the previous quarter.

The number-one attack method for consumers is still adware, while businesses and organisations need to keep a close eye out for spyware lurking in their systems. “From drive-by mining attacks via browser, to scams meant to drain users’ cryptowallets, cyber-criminals are taking every opportunity to exploit the rising value and popularity of bitcoin and other cryptocurrencies.”

GDPR compliance still a distant dream for some

According to a report from VpnMentor, just 34pc of websites that it surveyed in the EU are currently compliant with GDPR. The company ran a test on more than 2,500 websites and found many out-of-date privacy policies still live or, in some cases, none at all.

In Ireland, only 38pc of surveyed websites were compliant while Germany came out on top at 67pc. Portuguese websites skidded into last place, with just 17pc in a position to comply with the stringent rules coming into effect on 25 May.

US Homeland Security suspects mobile spying devices are all over Washington DC

In a letter to Ron Wyden, an Oregon senator, the US Department of Homeland Security finally publicly admitted that it found suspected “unauthorised cell-site simulators” in Washington DC in 2017.

Known popularly as ‘stingrays’, the devices work by tricking mobile devices into locking on to them instead of legitimate cellular towers. More-refined versions can eavesdrop on calls by forcing them to step down to unencrypted 2G technology.

While members of the CIA, NSA and FBI would hopefully have the savvy to encrypt their communications, the same can’t be said for the average DC citizen going about their day.

Azadi Tower in the Iranian capital of Tehran. Image: Milosz Maslanka/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects