The latest News

Vulnerabilities and exploits in the media

Immoral hackers endeavour to obtain Covid-19 vaccine research data

Paul Herring 30/12/2020

2020 saw the onset of the Covid-19 crisis that caused human and financial disasters for every society in the world. The impact of the crisis totally changed the way in which people work, shop, and socialise with a greater emphasis on homeworking, online shopping, and social media. Unfortunately, these changes have resulted in a greater increase in cyber attacks on organisations, businesses and individuals by cyber criminals and Advanced Persistent Threat (APT) groups using Covid-19 related phishing emails and scams as the workforce becomes more distributed (NCSC, 2020).

Hospitals continue to be targeted with ransomware

Ransomware attacks have also continued to target hospitals responsible for the welfare of people suffering from covid-19. The BBC has said that US hospitals have been worst hit by ransomware attacks with demands from threat actors of $1 Million to decrypt their data. Although there is no confirmation whether the ransoms were paid it has been reported that cancer treatments were cancelled because of these attacks (BBC, 2020)

Covid-19 Vaccine has become the main focus

The development and production of vaccines have drawn the attention of threat actors. In July, National Cyber Security Centre (NCSC) in the UK stated that a group called APT29 which is widely believed to be part of the Russian Intelligence Agency had attempted to illegally obtain vaccine data. However, UK Government sources said these attacks have not been successful (Guardian, 2020). The attacks used Phishing emails targeting organisations involved in the Cold Chain Equipment Optimisation Platform (CCEOP) used to supply Covid-19 vaccines. IBM believe that a nation-state mission to understand the “cold-chain” distribution method in the transportation and distribution of vaccines began in September this year using phishing emails that included malicious code and requests for user login details were used (Corera, 2020).

What does this mean for Cyber Security going forward?

Covid-19 has undoubtedly changed the way in which we live and work. It has accelerated the inevitable move to a more distributed workforce and the demise of shopping centre shops for online purchases. These changes in such a brief time potentially have consequences if a secure approach to data sharing and distribution is not included in the rollout of services.

As we move forward with the “new normal” it is important that cyber security is a primary factor in every development and every deployment of any service, rather than an afterthought. Further, the design and ongoing support and maintenance of these services must take into account all aspects of the environment and those who use them.

______________________________________________________________________________

Weakness in Linux platforms implementation of Pseudo random number generator (PRNG) could allow DNS cache poisoning

Paul Herring 27/12/2020

Weaknesses in entropy and seeding used in Linux pseudo random number generation (PRNG) could allow attackers to predict the output keys and break into the encryption process by using a forward attack method (see Gutterman, 2020). Cross-layer attacks where an attacker launches coordinate simultaneous attacks at different network layers has also been linked to weaknesses in PRNG making it possible for the attacker to predict random number values from different OSI layers, effectively breaking encryption associated with the data in transit.

Amit Klein (see Klein, 2020) recently investigated the PRNG issue associated with the Linux and Android kernels and found that it was possible to successfully mount a DNS cache poisoning attack against Linux platforms. Klein states that his attack method allowed the team at Cornell University to collect TCP/IPv6 flow label values and TCP/IPv4 ID values. By doing so Klien was able to reconstruct the internal PRNG state being used by the Linux OS and predict the outbound DNS query.

Klein’s findings are very worrying, but disclosure of his findings to Linux OS providers in March 2020 has at least resulted in the issuance of a back-porting PRNG patch for the latest Linux distributions (see Larabel, 2020). However, it is still possible that Internet users browsing can be attacked using a DNS poisoning attack if Internet facing services still have not been patched. So it is advised that this patch is applied as soon as possible.