If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.
Our good friends at CSI Tech just put their RAM ANALYSIS COURSE ONLINE – FINALLY.
The course is designed for Hi-Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk. The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply.
October revealed two major global cyber security issues, which were Krack (affecting Wi-Fi) and Bad Rabbit (ransomware). Let’s break these two incidents down, and what you can do to stay safe and unaffected.
Krack (Key Reinstallation Attack) affects all modern Wi-Fi networks that are secured with the WPA2 protocol. While you’re probably reading this on a device connected to one of these networks, don’t panic just yet. In this vulnerability, the attacker has to be within range of your wireless network in order to perform any actions (this cannot be performed remotely).
In a nutshell, Krack exploits the four-way handshake used when a device joins the WPA2 network. In the third step of this handshake, the attacker is able to grab and reuse the encryption key sent by the access point. This key can then be reused to decrypt data transmitted by the device. The researchers showed that utilizing HTTPS sites adds another layer of protection, however data is still vulnerable in some cases.
The best mitigation of this threat is to make sure your devices and access points are patched. If you’re a business running Wi-Fi, perform an assessment to ensure your signal isn’t reachable in public places like the lobby or parking lot. Also make sure that employees are vigilant against tailgaters slipping in to unauthorized areas that would put them in range of your network. While the network password isn’t exposed in this attack, this serves as a good reminder to be alert to vishing and phishing attacks trying to obtain this information.
Bad Rabbit (a Petya variant) is a ransomware virus that rapidly spread mostly through Russia and Eastern Europe recently. Several large corporations, airports, and metro systems were severely impacted in a short period of time. Users visited infected sites that prompted them to perform an update to their Flash software. Once they agreed to the update, the malware installed itself and encrypted the machine; and were then left with a screen that demanded payment to unlock the data. Early reports show this malware also contained tools that allowed it to spread through the network, potentially infecting other systems.
While no known users in the US were affected, this highlights how ransomware is growing as a popular attack vector globally. Most ransomware is spread via phishing emails prompting users to visit bad sites and/or download malware. This highlights the need to be vigilant about navigating to known good sites, not clicking on unverified links, and being wary of any pop-up asking you to update/download software.
At The End of The Day
Threats and security measures are constantly changing, and it’s important to try and keep abreast of the changes. Most new threats that appear potentially open a new pretext for a social engineering attack to occur. It could be phishing prompting you to “install a critical update”; vishing to gain system access to “fix the problem”; or someone tailgating or impersonating employees to gain access to unauthorized areas. Please remember one of your strongest defenses is to have good policies and training in place to prevent these vectors from being utilized. At the end of the day the Human Factor can be your biggest weakness, or your best offense when trained properly.