The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
HACKERS TARGET INTERNET ADDRESS BUG TO DISRUPT SITES
FROM THE MEDIA
A recently identified flaw in BIND, a common variety of Domain Name System (DNS) software, is allowing actors to execute a denial-of-service (DoS) attack on websites. The flaw allows attackers to crash the affected servers’ software, and thus create a DoS condition; this may render certain websites inaccessible to some users. A patch for the flaw has been issued, however, many systems are yet to be patched and real attacks using the flaw have been observed.
Read the Story: BBC
iSIGHT PARTNERS ANALYST COMMENT
CVE-2015-5477 is an unspecified vulnerability that exists because of the incorrect handling of TKEY queries in the Internet Systems Consortium (ISC) BIND versions 9.10.2-P2 and earlier that can allow a remote attacker to create a sustained DoS condition. We believe this represents a high-risk vulnerability due to its sustained nature and the availability of exploit code in the wild. However, the flaw does not represent a direct risk of code execution and is not as significant a concern to the average user or enterprise as other high-risk vulnerabilities may be.
RELATED iSIGHT PARTNERS REPORTS
15-00007430 (CVE-2015-5477), 4 Aug. 2015
Intel-1243080 (DNS Security Highlights), 25 Sept. 2014
DONALD TRUMP’S WEBSITE DEFACED BY JON STEWART FANS
FROM THE MEDIA
Hackers belonging to Telecomix Canada, a smaller branch of Anonymous, have hacked and defaced Donald Trump’s website. The hackers posted a farewell note to Jon Stewart, the host of the television show “The Daily Show.” Analysis of Trump’s website indicates that the hack was likely due to the compromise of the website’s content management system.
Read the Story: Softpedia
iSIGHT PARTNERS ANALYST COMMENT
The attack was motivated by the public feud between Trump and Stewart. Trump’s Presidential campaign has been controversial due to comments about Hispanic immigrants, questions surrounding the authenticity of his interest in the Presidency and his colorful background. He may be subject to additional targeting by other hacktivist actors seeking to embarrass him if he is perceived as criticizing groups that hacktivist actors consider marginalized, such as Hispanic immigrants.
RELATED iSIGHT PARTNERS REPORTS
15-00007606 (Hacktivist Operations Report for Aug. 3, 2015), 3 Aug. 2015
Intel-616725 (Actor Threatening Olympics-Related Sites Associated with Telecomix), 30 July 2012
Intel-423585 (Telecomix Builds Communication Pathways for Egyptian Dissidents), 29 June 2011
INTERNET EXPERTS SUBMIT PLAN FOR US TO CEDE CONTROL OF ICANN
FROM THE MEDIA
Internet experts have released a proposal showing how the United States can cede oversight of ICANN to the organization itself and a consortium of interested non-government parties. The proposal recommends establishing a separate subsidiary to operate the technical functions of managing the internet’s name and address system. The proposal further recommends that no government or inter-government organizations fall into the oversight committee.
Read the Story: The Guardian
iSIGHT PARTNERS ANALYST COMMENT
The United States has planned to give up control of ICANN, in part due to international complaints about US internet surveillance in 2014. We expect plans for ICANN’s control and processes will be heavily debated as the change to multi-stakeholder oversight represents an opportunity for nations to increase their influence over Internet management.
RELATED iSIGHT PARTNERS REPORTS
14-00000216 (SEA Possibly Responsible for Recent Spear-Phishing Campaign against ICANN), 29 Dec. 2014
Intel-1078858 (Overview: Global Internet Governance), 25 April 2014
Intel-1064288 (US Plans to Relinquish ICANN Oversight to International Entity), 28 March 2014
CHINESE VPN HACKS INTO WINDOWS SERVERS ADDING THEM TO ITS NETWORK
FROM THE MEDIA
A commercial VPN located in China allegedly hijacks legitimate servers and includes them in its own network. Experts from RSA have published a report detailing the VPN, dubbed Terracotta VPN. The VPN allegedly hacks into Windows-based servers mostly located in China, South Korea and the US. According to the report, the majority of servers belong to universities, hotels and various US government departments.
Read the Story: Softpedia
iSIGHT PARTNERS ANALYST COMMENT
Untrusted third party VPN services may not provide ethical or legal products and, in this case, may be doing so to provide infrastructure for cyber espionage actors. By leveraging unauthorized access to provide a pseudo-legitimate service, financially motivated attackers generate a monetization pathway that allows them to profit from the successful compromise of servers. Based on this report, use of the Terracotta VPN may present a risk greater than other VPN services.
RELATED iSIGHT PARTNERS REPORTS
ThreatScape Media Highlights (You Joined a Botnet if You Use Hola’s VPN Service), 1 June 2015
15-00003244 (Discussion of Threat Posed By Third-Party Software Providers), 21 April 2015
The post ThreatScape Media Highlights Update – Week Of August 5th appeared first on iSIGHT Partners.
