UNM4SK3D: Ethereum, CIA, and IoT

#heist

Hide yo kids, hide yo cryptocurrency. It’s been 2 weeks since we last reported on the Bithumb hack where over $1M USD in Bitcoin and Ethereum were stolen, but since that initial heist, there are two additional hacks to report.

A hacker who remains unknown has stolen over $32M in USD worth of Ethereum from a recent hack of the company Parity, exploiting a vulnerability in the company’s Ethereum Wallet software, which is described as “the fastest and most secure way of interacting with the Ethereum network.” As a refresher, Ethereum is an open software platform based on blockchain technology that enables developers to build and deploy decentralized applications. After the initial hack of Bithumb, unknown hackers also hacked CoinDash, stealing $7.4M USD worth of Ether.

The latest attack began on 7/18 and by 7/19, Parity released a security alert warning of the vulnerability. Unfortunately, 3 accounts fell victim: Swarm City, æternity blockchain, and Edgeless Casino. According to Parity, “the vulnerability affected the contract used to create multi-signature Ethereum wallets in Parity version 1.5 or later.” They warned users to move their Ether from their in-browser wallets to more secure accounts immediately. In the mean time, a group of white hat hackers collected approximately 377,000 Ether from other vulnerable wallets and placed it into holding accounts in order to protect them from black hat hackers, reports Coindesk. An update to the Parity software has already been released, but these heists bring light to the uncertainty of cryptocurrency.

The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. -White Hat reports on Reddit

A previous Ethereum hack? Read the full details in ‘$60M Heist- The DAO Hack.’

#wikileaks

Wikileaks is certainly delivering on its initial promise to continue leaking CIA trade secrets week by week. The latest Vault7 leak details the CIA contractor responsible for analyzing malware and hacking techniques in the wild.

According to Wikileaks, Raytheon Blackbird Technologies is the CIA contractor in question. As a part of UMBRAGE Component Library (UCL) project between November 2014 and September 2015, Raytheon submitted an alleged 5 reports to the CIA containing proof of concept ideas and malware attack vectors. This leak also revealed in previous Vault 7 documents that the CIA’s UMBRAGE malware development teams borrow code from publicly available malware samples to build their own spyware tools.

The report is broken down as follows:

  1. Variant of the HTTPBrowser Remote Access Tool (RAT), estimated to have been developed in 2015.
  2. Variant of the NfLog Remote Access Tool (RAT) known as IsSpace. Believed to be used by Samurai Panda, Chinese hacking group.
  3. Details of ‘Regin,’ a sophisticated malware sample in the wild since 2013.It is designed for surveillance and data collection.
  4. Details of ‘HammerToss,’ a Russian State-sponsored malware sample discovered in early 2015 and suspected of being operational since late 2014.
  5. Details of ‘Gamker,’ information stealing Trojan which allows self-code injection and API hooking methods.
Raytheon Blackbird Technologies acted as a kind of ‘technology scout’ for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects. -Wikileaks

Want to learn more about Raytheon Blackbird Technologies? Visit their page for a Company Overview.

#vulnerability

I-ut-oh-T. Researchers at the IoT-focused security firm Senrio have recently discovered a remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices.

The vulnerability (CVE-2017–9765), dubbed ‘Devil’s Ivy,’ was initially found on high-end security cameras manufactured by Axis Communications, but further investigation by Senrio revealed that tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable, according to a ThreatPost report. It appears the vulnerability resides in the software development library called gSOAP toolkit (Simple Object Access Protocol). Using Devil’s Ivy, hackers have the ability to crash the SOAP WebServices daemon and devices could further be exploited to execute arbitrary code on vulnerable devices.

It appears 34 companies use the same flawed software including Microsoft, IBM, Xerox, Canon, Siemens, Cisco, Hitachi, and Adobe, who are a part of the ONVIF Forum, an unofficial international consortium of hardware vendors. Researchers have traced the source of the vulnerability back to a bug that originated from the ONVIF Forum, which is responsible for maintaining software and networking protocols used by members. Once the attacker executes code on the device, they have the ability to reset the firmware back to device’s factory defaults. From there, they can change the passwords or network settings.

Devil’s Ivy highlights the industry’s growing concern with the security of IoT. We forget or don’t realize that many of the devices we use everyday are computers — from the stoplight at your street corner to the Fitbit you wear on your wrist — and therefore are just as, if not more, vulnerable as the PC you sit in front of everyday. -Senrio researchers

Dig deeper. Read ‘Examining the IoT from a Cyber Security Point of View.’

#factbyte

Lloyd’s of London has warned that a serious cyber attack could cost the global economy more than $120 billion, as much as catastrophic natural disasters such as Hurricanes Katrina and Sandy.

This issue of UNM4SK3D was originally posted on the Cybrary.it and has be republished with permission. To access the original version, click here.

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Like what you read? Give Olivia Lynch a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.