Search This Blog

Showing posts with label USB. Show all posts

Hackers can Overcome Air-Gapped Systems to Steal Data


What are air gaped systems?

An air gap is a safety feature that isolates a computer or network and prevents it from connecting to the outside world. A computer that is physically isolated and air-gapped is unable to communicate wirelessly or physically with some other computers or network components. 

Data must first be copied on a removable media device, like a USB drive, and then physically transported to the air-gapped system from the computer or network. Only a select group of trusted users should be able to access the air-gapped system in situations where security is of the utmost importance.

New Technique 

Researchers at Ben-Gurion University of the Negev's Department of Software and Information Systems Engineering have developed a novel method for breaching air-gapped systems that takes advantage of the computer's low-frequency electromagnetic radiation.

According to Mordechai Guri, director of research and development at the Cyber Security Research Center at Ben Gurion University, "the attack is very evasive because it executes from a regular user-level process, does not require root capabilities, and is successful even within a Virtual Machine."

The COVID-bit technique makes use of on-device malware to produce electromagnetic radiation in the 0–60 kHz frequency region, which is then transmitted and detected by a covert receiving device in close vicinity.

After SATAn, GAIROSCOPE, and ETHERLED, which are intended to hop across air-gaps and extract private data, COVID-bit is the most recent method developed by Dr. Guri this year.

By utilizing electromagnetic emissions from a component known as a switched-mode power supply (SMPS) and encoding the binary data using a technique known as frequency-shift keying (FSK), the virus uses the COVID-bit, one of these covert channels, to communicate information.

The research article advises employing antivirus software that can recognize strange CPU patterns in addition to limiting the frequencies that some CPUs can use in order to protect air-gapped computers from this kind of attack.

Retail Cybersecurity Threats Analysis

 

Cybercriminals are increasingly focusing their attention on thriving markets and enterprises, and the retail industry is no exception. Retail is a common target for hackers who want to steal both money and client information.

Customers are directly responsible for the success of any retail firm, and every incident that negatively impacts customers will have an impact on business. Financial stability is a key component of any business's success, and one of the worst effects of cyberattacks is the unpredictability of financial losses. Retailers have unique financial risks, such as the possibility that an attacker will lower the price of pricey items in an online store. The retailer will lose money if the attack is undetected and the products are sold and shipped at a discounted price.

Card skimmers, unprotected point-of-sale (PoS) systems, unprotected or public Wi-Fi networks, USB drives or other physical hacking equipment, unprotected Internet of Things (IoT) devices, social engineering, and insider threats are all ways that threat actors can access companies after physically being present there.

Threat actors can also steal or hack susceptible IoT devices using the default technical information or credentials. Last but not least, there are still more potential entry points for cyber infiltration, including inexperienced staff, social engineering, and insider threats.

Potential Threats

Unsecured Point-of-Sale (PoS) Systems and Card Skimmers: It is possible to physically plant fake card readers, or 'skimmers,' inside a store to copy or skim card data. These can also be used for other smart cards, such as ID cards, although they are frequently used to steal credit card information. In places with poor security, like ATMs or petrol pumps, legitimate card readers might have skimmer attachments. Skimmers are simple to install and use Bluetooth to send the data they collect.

Public or insecure Wi-Fi Networks: Backdoors into a company's systems can be created using rogue networks or access points, which can be put on a network's wired infrastructure without the administrator's knowledge. In order to deceive users into connecting to them and aiding man-in-the-middle attacks, they seem to be legal Wi-Fi networks. Hackers can view all file sharing and traffic sent between a user and a server on a public Wi-Fi network if the facility has an encryption-free connection.

Virus-Carrying USB Devices: Once a USB drive is plugged into a target computer, an attacker can utilize it to deliver and run malware directly on business computers. This can be done manually or automatically. Additionally, malicious USB charging stations and cables have been reported in the past. In one example, a USB charging cable for an electronic cigarette contained a tiny chip that was secretly encased in malware.

Untrained Employees, Social Engineering, & Cyberespionage: Threat actors might work out of physical places to use inexperienced workers to get access to company systems. Employees are frequently duped into giving login passwords, account information, or access to company resources through social engineering.

The transition to e-commerce is generally a positive development for retailers. However, this change of direction also poses a threat to e-commerce cybersecurity.


FDA Issues Cybersecurity Alert on Medtronic Insulin Pumps

The U.S. Food and Drug Administration issued a warning on Tuesday regarding the vulnerability of some insulin pump devices made by Medtronic. The flaw makes the devices vulnerable to cyberattacks while presenting a possibility for hackers to interfere with insulin delivery by gaining access to the device.

The FDA, a U.S. government organization, has issued an advisory regarding the MiniMed 600 Series Insulin Pump System from Medtronic, which includes the MiniMed 630G and MiniMed 670G devices.

The Department of Health and Human Services safeguards the public's health by ensuring the efficacy, security, and safety of pharmaceuticals for use in humans and animals, medical devices, and vaccinations. The agency is in charge of regulating tobacco products as well as the safety and security of our country's food supply, cosmetics, nutritional supplements, and devices that emit electronic radiation.

The FDA pointed out that many parts, including the insulin pump, constant glucose monitoring (CGM) transmitter, blood glucose meter, and CareLink USB device, connect wirelessly. A technical malfunction could make it possible for someone to break in and trigger the pump to administer the patient with either too much or too little insulin.

The insulin pumps are offered by Medtronic's diabetes division, which generated $2.41 billion in sales in 2021, or 8% of the business's overall revenue.

In the aftermath of the security incident, Medtronic cautioned users about the dangers and offered suggestions, such as advising them to permanently disable the 'Remote Bolus' function on the pump, refrain from disclosing the serial number of the device to unauthorized individuals, and avoid connecting or linking devices in public.

The business warned that patients should never accept remote connection requests and other remote activities unless patients or support persons initiated them and should always detach the USB device from their laptop while it is not being used to download pump data.

Although medical equipment is frequently connected to the internet, hospital networks, and other devices, the FDA warned that these same characteristics may pose cybersecurity threats.

According to the FDA advisory, "Medical devices, like other computer systems, might be subject to security breaches, possibly affecting the device's safety and effectiveness."

The MiniMed 508 and Paradigm insulin pumps have security flaws that Medtronic is unable to fully fix with software updates or patches. The FDA said that it was working with Medtronic to identify, discuss, and anticipate the negative consequences of this risk.


Japanese City Worker Loses USB Containing Resident's Personal Data

 

A Japanese city has been compelled to apologise after a contractor admitted to losing a USB memory stick holding the personal data of over 500,000 inhabitants following an alcohol-fueled night out. 

Amagasaki, western Japan, officials claimed the man – an unidentified employee of a private contractor hired to administer Covid-19 compensation payments to local homes – had taken the flash drive from the city's offices to transfer the data to a contact centre in neighbouring Osaka. 

After spending Tuesday evening drinking at a restaurant, he realised on his way home that the bag holding the drive, as well as the personal information of all 460,000 Amagasaki residents, had gone missing. The next morning, he reported the loss to the police. 

According to the Asahi Shimbun, the information contained the residents' names, residences, and dates of birth, as well as data on their residence tax payments and the bank account numbers of those receiving child benefits and other welfare payments. There have been no complaints of data leaks because all of the information is encrypted and password secured. 

“We deeply regret that we have profoundly harmed the public’s trust in the administration of the city,” an Amagasaki official told reporters. The city told in a statement that it would “ensure security management when handling electronic data. We will work to regain our residents’ trust by heightening awareness of the importance of protecting personal information.” 

Not a new affair 

Last month, a man in Abu was handed £279,000/US$343,000 in Covid-19 relief payments meant for 463 low-income people. Local officials said this week that they had recovered all of the money via internet payment services after the individual claimed he had gambled it all away. 

The Amagasaki event highlights worries about some Japanese organisations' ongoing usage of obsolete technologies. According to media reports last week, dozens of businesses and government agencies were rushing to transition away from Internet Explorer before Microsoft retired the browser at midnight on Wednesday. 

According to Nikkei Asia, a sense of "panic" seized businesses and government organisations who were slow to abandon their dependency on IE before Microsoft formally ceased support services, leaving surviving users susceptible to flaws and hacks.

Microsoft Launches New Privacy Features for Windows 11

 

Microsoft is developing a new privacy dashboard to patch its vulnerabilities for Windows 11 that will allow users to view which apps and tools have access to sensitive hardware components such as the camera, microphone, location, phone calls, messages, and screenshots. It's included in one of June Windows 11 Preview Builds and now is ready for testing in the Dev Channel for Windows Insiders.

Users will be able to view the newly implemented tool in the Privacy & Security > App Permissions section, where a "Recent activity" option will be available, as per Microsoft. Users will be able to locate the monitored category of information in this section. "Once clicked, it will show every instance of one of the programs installed on a user's machine that has recently accessed sensitive devices and information," says the next step. Even though the list contains information about the most recent time the program accessed the service, clicking on any of the entries yields no additional information.

Several users would be able to proactively protect themselves from ransomware and phishing attacks that are unwittingly deployed by malicious actors due to this additional layer of privacy. Malware or malicious software may obtain access to a user's privacy in some cases via spying on its camera or microphone, or by reading file paths, process IDs, or process names.

If Windows Hello is turned off, your PC will be unable to access your camera. Some apps use the Camera app to capture pictures, by the Camera app's camera access setting. No images will be taken and sent to the app that accessed them unless you manually select the capture button in the Camera app.

Desktop apps can be downloaded from the internet, stored on a USB drive, or installed by your IT administrator. Microsoft has not yet officially launched this new privacy option, according to its Windows Insider Blog. This information comes from Microsoft's Vice President of Enterprise and OS Security, David Weston, in a tweet on Thursday. 

Windows has never had a privacy feature as useful as this, but it appears that Microsoft is working to strengthen the operating system's privacy controls. With Android version 12, Google provided a similar capability, although its execution is far from satisfactory.

Alert! USB Flash Drive Malware: Threats Decoded!


The cybercriminals have gotten all the savvier when it comes to finding out new ways of administering malware into the victims’ devices.

The next in the list happens to be “Malicious USB sticks”. These are employed whenever an attacker needs a “physical” entrance to a computer or any device for that matter.

The first related incident goes back a decade when the highly malicious, “Stuxnet” worm was disseminated to attack Iranian networks by means of USB sticks.

An “unattended” USB flash drive might as well cause an equally malicious problem if plugged into a host network or system. These drives could be carrying viruses or even ransomware.

The ultimate motive of these drives could range from easy-going hacking into systems to disrupting major businesses and their operations.

These USB sticks are extremely malicious and could lead to major setbacks and cyber harm for victim organizations and their clients and other individuals at large.

Reportedly, there are several other malware that are carried and transmitted through USB flash drives and per sources they encompass of:

1. The “Flame” modular computer malware
2. The “Duqu” collection of computer malware


There are numerous things, threats, and risks that a malicious USB flash drive poses to its users. Backdoors, Trojans, ransomware attacks and information stealing are common endeavors.


As per sources, browser hijackers could also be installed to mislead the users to the hackers’ website where adware, grey ware, malware or spyware could be injected in the device.

The users could follow the following safety and protection mechanisms to steer clear of the contingencies of the aforementioned attacks:

1. Updating the computer and other device software on a regular basis is a must. All the essential patches must be downloaded to clear the vulnerabilities.
2. Enable all the security features on the devices. Fingerprint authentication is a good option in such cases.
3. Keep all your USB flash drives absolutely secure and safe and prepared against hackers.
4. Never plug in unauthorized or unknown USB flash drives in your business devices especially those at your workplace.
5. Keep separate drives for work and home devices.

Indian Pleads Guilty To Destroying University Computers via USB Killer Drive



An Indian national in the US 'pleaded guilty' for this week to pulverizing 59 computers at the College of St. Rose, in New York, through a weaponized USB thumb drive named "USB Killer" that he bought on the web.

The gadget empowered the 27-year old Vishwanath Akuthota to effectively damage gear and equipment worth $51,109, roughly accounting for Rs. 35, 46,700 alongside $7,362 approximately Rs. 5, 10,900 in employee time for exploring and supplanting pulverized hardware.

The incident occurred on February 14, as indicated by court documents acquired by ZDNet, and the suspect recorded himself while pulverizing some of the computers. In the recording, the he was seen saying, "I'm going to kill this guy,", and once he was finished with the procedure, he was seen saying things like, "it's dead" and "it's gone. Boom."


The explanation behind the crime anyway isn't known as of yet.

Surprisingly the weaponized thumb drive known as USB Killer is effectively accessible on the web and he had bought it from a rather well-known online store that sells these kinds of gadgets.

USB Killer devices work by quickly charging thumb drive capacitors from the USB control supply, and after that releasing the electrical current again into the USB slot - all in mere seconds- - successfully frying the computer to which the USB Killer device is connected to.

Akuthota was arrested on February 22 and will be condemned not long from now, on August 12. He faces up to ten years in prison, a fine of up to $250,000, and a term of post-imprisonment supervised release of up to 3 years.