Recent DDoS in New Zealand

Webinar about DDos

If you were not able to attend the webinar about the recent DDoS in New Zealand mentioned in the previous post about the recent high profile DDoS attacks in New Zealand, you will not be able to view the recording unless you belong to the ITP. The recording is located here.

Another recent and interesting webinar organised by TUANZ took place on 15th September: 20Sep15 Cyber Security Briefing with KPMG. See note below about privacy

“DDoS
NZX page on 16/09/2020

Privacy note

If you care about your privacy, you can open the link in a browser private windows (but not Google Chrome which apparently still tracks you in private mode). Ideally, you should also be using a VPN and not log into any YouTube account.

Live Webinar: Cybersecurity and the recent attacks

The ITP New Zealand is hosting this week a live webinar about cybersecurity and the recent cyber attacks.

The Background

Last year CertNZ issued an alert that emails were being sent to financial firms threatening DDoS attacks unless a ransom was paid.

The emails claimed to be from a well known Russian hacking group called Fancy Bear that appears to be liked to the GRU.

This is not a new problem, and cyber-attacks have been taking place for a long time.

The Webinar

From the ITP: Cybersecurity has always been important, but never more important than right now. So how do we protect ourselves when the wolves come knocking?

While some have criticised some of the victims for not being able to repel a significant DDOS attack, the reality is that what we’ve seen in the last week or so are the largest DDOS attacks in New Zealand’s history. While many of the sites and services were behind DDOS shields, the attackers were able to overwhelm other upstream pipes, diversify the attacks, and continually bring services down.

While protecting your organisation from such a significantly large and complex attack requires very specialised skills, there are some core things we should all be doing as a starting point. Join senior security expert Andy Prow from RedShield as he talks through recent patterns of attacks (ransomware, DDOS, etc) and the foundational things that can be done to best protect you and your clients.

There’ll also be plenty of time for Q&A, with ITP CEO Paul Matthews putting your questions to Andy.

Register

Registration is opened on the ITP site

ZOOM.US

Zoom has been heralded as the solution to use for online meetings during the COVID19 lockdown, but When looking more in depth, Zoom presents multiple security risks.

Its use has been approved for use by government and business. Cabinet meetings are using this tool at least in the UK and New Zealand.

Security issues

However the use of Zoom services seem to expose users to many security issues:

How Zoom.us is organised
How Zoom is working
source: https://theintercept.imgix.net/wp-uploads/sites/1/2020/04/zoom-enc.jpg

Precautions

Zoom is exceptionally usable and a very convenient way to hold meetings. However the participants need to be aware that their privacy is likely to be compromised, and that the content of the meeting is probably accessible by other people.

More information

CitizenLab has conducted an in-depth analysis of the service, advising not to use the services of Zoom if you need privacy and confidentiality, especially for

Governments worried about espionage

Businesses concerned about cybercrime and industrial espionage

Healthcare providers handling sensitive patient information

Activists, lawyers, and journalists working on sensitive topics

Alternative Solutions

There are alternative solutions available, and you might be interest at the analysis conducted by Computerworld.

Found on Twitter: a UK cabinet meeting on Zoom
UK Cabinet meeting on Zoom
source: https://pbs.twimg.com/media/EUcf6P7WkAETelu?

VPN Vulnerabilities

NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities

The National Security Agency (NSA) has released an advisory on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review NSA’s Cybersecurity Advisory and CISA’s Current Activity on Vulnerabilities in Multiple VPN Applications for more information and apply the necessary updates or mitigations.

Source

What are ATPs?

ATP are stealthy cyber attacks where a person or a group gains unauthorised access to a network and remains undetected.

In most cases, these attacks are conducted by nation-state, or criminal organisations (see article there). Their purposes are to extract information, intellectual property, financial data and can be used to steal cask when banks are attacked.

The Al-Gebra Movement

Friday Humour

At Auckland airport today, an individual was arrested trying to board a flight while in possession of a ruler, a protractor, a set square, and a calculator. He was later discovered to be a school teacher attempting to leave the country as unable to survive financially in the city.

The public prosecutor believes the man is a member of the notorious Al-Gebra movement. The potential terrorist is being charged with carrying weapons of math instruction.

Al-Gebra is a very fearsome cult, indeed. The members of this dangerous organisation desire average solutions by means and extremes, and sometimes go off on a tangent in a search of absolute value.

They consist of quite shadowy figures, with names like “x” and “y”, and, although they are frequently referred to as “unknowns”, we know they really belong to a common denominator and are part of the axis of medieval with coordinates in every country.

As the great Greek mathematician Isosceles used to say,

there are 3 sides to every triangle, and if God had wanted us to have better weapons of math instruction, he would have given us more fingers and toes.

Therefore, I am extremely grateful that our government has given us a sine that it is intent on protracting us from these math-dogs who are so willing to disintegrate us with calculus disregard.

These statistic scumbags love to inflict plane on every sphere of influence.

Under the circumferences, it’s time we differentiate their root, make our point, and draw the line. These weapons of math instruction have the potential to decimate everything in their math on a scale never before seen. We therefore need to become exponents of a Higher Power and begin to factor-in random facts of vertex.

However the members of Al-Gebra continue to multiply. We can only hope that their days are numbered and the hypotenuse will tighten around their necks.

Original story here

The USB scam is back

Infected USB devices

This has reappeared recently in New Zealand. If, when checking your mail box, you find a brand new USB stick, just throw it in  the bin immediately.

Scammers are placing these USBs in mailboxes pre-loaded with malicious software.  They are even going to the trouble of repacking them so they look factory fresh.  They are banking on the recipients being thankful for a free USB or being curious as to what might be on them.

If you receive one it is part of a recurring scam and most likely not spearphishing. Spearphishing means that someone is targeting you as a member of an organisation . 

If you make the mistake of connecting it to one of your devices such as a phone or a computer, it is likely that viewing the content (on a computer) will lead to a malware infection. Usually, it takes the opening of a file on a computer to activate the malware. It should not activate by connecting the device alone.

USB Drive

Simply throw the USB stick away without connecting it to any computer.

Be vigilant.

You can find more information on the Sophos blog (2016)

Magic Weapons: China’s political influence….

At a time when there is controversy about the rejection by various countries of Huawey equipment, it is interesting to find more about hacks attributed to sources within China. It is also interesting to read the report by professor Anne-Marie Brady about the influence of that country in New Zealand. For memory, her office and home were burglared following the publication of the report, and the breaks on her car were sabotaged. Probably a coincidence, as the police found nothing to incriminate anyone.

The report is very interesting, and worth the effort to read to the end. It is available on the Wilson Center web site and can also be directly downloaded from here.

I do not believe that the attacks are one way in any case.

Wanted Chinese Hackers

Opportunistic online scams and attacks : the scavengers are out!

There have been reports of opportunistic online scams and attacks after the terrorist attack in Christchurch last week. The vector used are online donation fraud, malicious video files, defacement of NZ websites, and website disruption.

The scammers and attackers use the following:

  • Phishing emails containing links to fake online banking logins, as well as fraudulent bank accounts where people can make donations for the victims of the Christchurch tragedy.
    • A phishing email is an email which is sent to a wide range of people in the hope that a few will follow the instruction to make the exercise worthy of the effort. They usually contain links to website containing malicious content
  • Sharing malicious video files on compromised websites or on social media. A shared on-line video file containing footage related to the attack can have malware embedded in it.
  • Some attackers are changing New Zealand websites to spread political messages about the Christchurch tragedy
  • Some New Zealand websites are receiving threats of denial-of-service attacks, which would take them offline.

There are official channels to donate money, please use them should you wish to make a donation.

What to do

If you receive a phishing email or have found a website hosting political messages, report it to CERT NZ.

If your website has been taken over with political content relating to the tragic events in Christchurch, report it to CERT NZ.

CERT NZ recommend you consent to share your report with the NZ Police.

More information

This is not something new: online scams and attacks frequently use disasters and tragedies as opportunities for “business”

If any of the terminology used is confusing you, feel free to comment and I will make the confusing part the subject of a subsequent posting.

scammers are about!
Mind the Scammers!

Google Chrome Security Advisory

As reported by CERT New Zealand, attackers might be able to attack and take control of your computer if you do not have the latest version of Chrome.
You need to check the version of Chrome used. Anything earlier than 72.0.3626.121 is vulnerable.

How do you check if you are at  risk?

The instructions from CERT are:

“If you are on a laptop or desktop computer, open Chrome and visit chrome://settings/help. If you are not up-to-date, visiting the page should automatically update your browser.

If you are on a mobile device, like a mobile phone or tablet, open Chrome and visit chrome://version. If you are not up-to-date, visit your app store and download the update.”

Don’t take a chance. Check if you need to update, or use the latest version of Firefox.

As a general advice, you always need to update promptly any software installed on any of you devices to minimize exposure. An attacker would try to identify what you are running, then exploit whatever unpatched vulnerability encountered, as in this example.

 

Image

Guide to good passwords

Guide to good password by CERTNZ
Guide to good password by CERTNZ