Tech Friday


  • Millions at risk from "Believable" Instagram Phishing attack:
    • Sophos researchers raised alarms about a new phishing campaign targeting Instagram users
    • The phishing emails include what appears to be a two factor authentication (2FA) code
    • The premise of the email is that there has been an unauthorized login and the recipient is instructed to enter the code upon logging in
    • The 2FA code is just a clever guise to appear more authentic
    • Like any Phishing attack, this is nothing more than an attempt to steal users' login credentials
    • The email link directs users to spoofed Instagram login page that Sophos described as "much more believable" than most spoofed phishing campaign pages
    • Sophos said "The phishing page itself is a perfectly believable facsimile of the real thing, and comes complete with a valid HTTPS certificate"
    • If you get an email like this, remember that you can just go to the website and login without using any links in the email
    • You can see screenshots of the emails and the spoofed site here:https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
  • US election officials raise ransomware attack concerns for the 2020 election:
    • The US government will launch a program next month that will focuses on protecting voter registration databases and systems for the looming 2020 election
    • The systems are used validate the eligibility of voters
    • During the 2016 election, Russian hackers attempted to infiltrate some of these systems
    • Intelligence officials expressed concern that foreign hackers will attempt to manipulate destroy election data which could have a devastating impact on the election
    • A senior US official said "We assess these systems as high risk" because they are regularly connected to the Internet
    • The Cybersecurity Infrastructure Security Agency (CISA), a division of DHS, indicated that a ransomware attack could cripple these systems
    • "Recent history has shown that state and county governments and those who support them are targets for ransomware attacks" said Christopher Krebs, CISA’s director. "That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks"
    • Ransomware encrypts the data of a system and holds it hostage until an ransom is paid
    • "A pre-election undetected attack could tamper with voter lists, creating huge confusion and delays, disenfranchisement, and at large enough scale could compromise the validity of the election" - John Sebes, CTO of the OSET Institute
    • "It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited" the FBI wrote in a statement
    • The CISA program will help state election officials prepare for a ransomware scenario and will include educational material, penetration testing, vulnerability scans, and recommendations on how to prevent and recover from ransomware
    • There is also an effort by the larger intelligence community to determine the most likely attack vectors for the November 2020 election
    • State election officials told Reuters they have improved their cyber defenses since 2016
    • "We have to remember that this threat to our democracy will not go away, and concern about ransomware attacks on voter registration databases is one clear example" said Vermont Secretary of State Jim Condos
  • Medical device security has a long way to go:
    • The US Food and Drug Administration (FDA) has been issuing cybersecurity guidelines for medical devices several years and other government agencies such as Australia's Therapeutic Goods Administration (TGA) have joined in over the last few years
    • "Everything with a power point is probably connected, or will be shortly," said Christopher Neal, chief information security officer (CISO) of Ramsay Health Care
    • Ramsay is Australia's largest private hospital operator
    • While all these "smart" medical devices are incredibly powerful, they can also be vulnerable. There are many past stories about vulnerable medical devices
    • Neal said "Anything you're buying today has not been built secure-by-design, most likely. This is a problem that's going to live in healthcare for another 15 to 20 years"
    • Neal was able to witness this first hand at the "medical village" at DEFCON 27
    • Hackers were able to attempt to hack the medical devices you would find in a hospital
    • Neal said "The most fun I saw was [when] a guy sat down at an ultrasound machine" and was able to gain unrestricted Powershell access through a vulnerability in the file manager
    • In regards to the new guidelines, Neal said, "There's good guidance, but any systems built with that guidance are probably three to four years away from market, and most of this gear's built to last 10 to 15 years"
    • Learn more about the DEFCON 27 "Medical Village" which was in the BioHacking Village here:https://defcon.org/html/defcon-27/dc-27-villages.html#biohack