FBI Cyber Research revealed

Become a Patron!
True Information is the most valuable resource and we ask you to give back.

The FBI identified incidents over the past few months in which cyber actors scanned for and sought to exploit audio and visual communication devices on networks to identify vulnerabilities which could later be used to gain access and unlawfully acquire information about the organization. In addition to targeting corporate information, vulnerable devices may be targeted for compromise for use in botnets or other criminal activities. The types of devices targeted include: Voice over Internet Protocol (VoIP) phones, video conferencing equipment, conference phones, VoIP routers, and cloud-based communication systems. While cyber actors have targeted VoIP and other communication devices in the past, the FBI continues to see these devices scanned by cyber actors for vulnerabilities.

Threat

Specifically, the FBI observed cyber actors identifying and probing communication devices by issuing HTTP GET requestsa to a business server or network to retrieve device configuration files. Information contained in configuration files often reveals IP addresses, usernames, passwords, system management URLs, and assigned phone numbers – all of which could be used by cyber actors for malicious purposes. Many of the requests are specific to particular brands of devices. Victims will often receive several GET requests in succession with the actors scanning for multiple brands of devices.

In addition, cyber actors retrieve IP addresses for further exploitation by using businesses’ customer service VoIP hyperlinks, which are traditionally made available for customers to use in contacting the business. Once those hyperlinked calls are answered, the actor retrieves the IP address belonging to the phone which answered the call. Once the IP address is retrieved, an actor could send a large volume of packets to the IP address, overloading it and taking the service offline for the targeted business and its legitimate customers.

In addition to the above techniques, cyber actors target devices with brute-force attacks, attempting unauthorized access through the use of common usernames and passwords. Open source scanning tools can also be used to identify vulnerable communication devices and any associated ports.

All of the information obtained through scans and other methods are likely used for specific targeting efforts by cyber actors. This includes leveraging access to compromised audio and video devices to eavesdrop on meetings or conference calls, placing fraudulent international phone calls, leveraging the compromised device for use in botnets, and conducting man-in-the-middle attacks to redirect corporate network traffic.

Recommendations

The following recommendations may limit the success of these types of attacks:

Conduct daily server log reviews to identify unusual activity, including GET and POST requests from external IP addresses.

Work with the communication device/system providers to ensure servers are patched and updated regularly.

Consider restricting access to configuration files or configuring firewalls to block traffic from unauthorized IP addresses.

Restrict communication devices/systems to only non-sensitive business networks.

Conduct regular penetration testing exercises on communication devices to identify and address vulnerabilities in a timely matter.

Enable encryption on teleconference programs and applications and consider disabling auto-answer capabilities.

Password protect configuration files, if possible.

Regularly review and update users with access to administrative accounts.

Segment configuration files on the network. Be sure to protect configuration and other device-related files after getting the device out of the box. Don’t just plug and play.

 

DHS Reveals – Unmanned Aircrafts Systems Endanger Cybersecurity

Become a Patron!
True Information is the most valuable resource and we ask you to give back.

Image result for cybersecurity

The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.

 

UAS FACILITATE PHYSICAL ACCESS TO UNSECURED SYSTEMS

UASs provide malicious actors an additional method of gaining proximity to networks and equipment within critical infrastructure sectors. Malicious actors could then use the proximity provided by a UAS to wirelessly exploit unsecured systems and extract information from systems they cannot otherwise access remotely or may not be able to access due to range limitations. This includes networks and devices within secured buildings, as well as networks and devices behind fencing and walls.

UASs can also allow a malicious actor to wirelessly exploit vulnerabilities from a distance (figure 1). The prevalent ownership and operation of UASs by the general public, the distance from which UAS can be operated, and a lack of tracking data can also provide malicious actors a level of anonymity that otherwise may not be available. UASs, in particular UASs, are typically more difficult to detect than a malicious actor attempting to trespass beyond physical barriers.

UAS FOR WIRELESS SYSTEM EXPLOITATION

Malicious actors could utilize UASs in order to wirelessly exploit access points and unsecured networks and devices. This can include using UASs in order to inject malware, execute malicious code, and perform man-in-the-middle attacks. UASs can also deliver hardware for exploiting unsecured wireless systems, allowing malicious actors persistent access to the wireless system until the hardware is detected or runs out of power. While OCIA does not know of a confirmed incident utilizing UASs to exploit wireless systems, researchers have demonstrated this capability.

MALICIOUS ACTORS CAN EXPLOIT COMPROMISED UAS

While UASs can be used as a tool for an attacker, they are also vulnerable to exploitation. Many commercial UAS variations, for example, currently communicate with ground stations and operators using unencrypted feeds. This can allow a malicious actor to intercept and review data sent to and from the UAS.

 

SECRECY NEWS – THE REAL MINIMUM WAGE, CYBERSECURITY, AND MORE FROM CRS

The hourly minimum wage reached its peak value in 1968, when it was worth
$10.57 in real terms, the Congressional Research Service calculated in a
new report.  But although the nominal value of the minimum wage has
increased over the years, it has not kept pace with the increase in
consumer prices, and so its real value has fallen.  See Inflation and the
Real Minimum Wage: A Fact Sheet, February 26, 2013:

    http://www.fas.org/sgp/crs/misc/R42973.pdf

The recent executive order 13636 on cybersecurity was discussed in another
new CRS report, which reviewed the order's provisions, compared it to
pending legislation, and discussed the authority of the President to act
unilaterally in this area.  See "The 2013 Cybersecurity Executive Order:
Overview and Considerations for Congress," March 1, 2013:

    http://www.fas.org/sgp/crs/misc/R42984.pdf

A 1999 provision to provide public access to scientific data used in
federally funded research (known as the Shelby Amendment) has rarely been
invoked in Freedom of Information Act requests, and so neither the benefits
promised by its advocates nor the concerns of its critics have been
realized to any significant extent, a CRS study found.  See Public Access
to Data from Federally Funded Research: Provisions in OMB Circular A-110,
March 1, 2013:

    http://www.fas.org/sgp/crs/secrecy/R42983.pdf

The prospects for current negotiations between the government of Colombia
and the insurgent Revolutionary Armed Forces of Colombia (FARC) were
assessed in a new CRS report, which also provided background on the
conflict in that country.  See Peace Talks in Colombia, March 1, 2013:

    http://www.fas.org/sgp/crs/row/R42982.pdf

The U.S. Supreme Court has agreed to hear challenges to two state laws
that impose restrictions on same-sex marriage. The two pending cases were
discussed by CRS in Same-Sex Marriage and Supreme Court: United States v.
Windsor and Hollingsworth v. Perry, February 20, 2013:

    http://www.fas.org/sgp/crs/misc/R42976.pdf

The Equal Rights Amendment that was proposed in 1972 to prohibit
discrimination "on account of sex" was eventually ratified by 35 states,
three short of the 38 states required for adoption.  Those ratifications
have formally expired, but some supporters contend controversially that it
would possible "to restart the clock on ratification at the current level
of 35 states."  The issues were discussed by CRS in The Proposed Equal
Rights Amendment: Contemporary Ratification Issues, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42979.pdf

The adequacy of official reporting of government expenditures is a
continuing concern among policy advocates.  "Two agencies -- the Department
of Homeland Security (DHS) and the Department of Defense (DOD) -- have
never received unqualified audit opinions, which signifies the persistence
of financial problems at these agencies," a new CRS report said.  See
Federal Financial Reporting: An Overview, February 27, 2013:

    http://www.fas.org/sgp/crs/misc/R42975.pdf

Other noteworthy new and updated CRS products that Congress has directed
CRS not to release to the public include the following.

Issues in Homeland Security Policy for the 113th Congress, February 27,
2013:

    http://www.fas.org/sgp/crs/homesec/R42985.pdf

Comparison of Rights in Military Commission Trials and Trials in Federal
Criminal Court, February 28, 2013:

    http://www.fas.org/sgp/crs/natsec/R40932.pdf

International Law and Agreements: Their Effect Upon U.S. Law, March 1,
2013:

    http://www.fas.org/sgp/crs/misc/RL32528.pdf

Cybersecurity: Authoritative Reports and Resources, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42507.pdf

U.S. Crude Oil and Natural Gas Production in Federal and Non-Federal
Areas, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42432.pdf

Securing America's Borders: The Role of the Military, February 25, 2013:

    http://www.fas.org/sgp/crs/homesec/R41286.pdf

Army Drawdown and Restructuring: Background and Issues for Congress, March
5, 2013:

    http://www.fas.org/sgp/crs/natsec/R42493.pdf

U.S. Trade and Investment in the Middle East and North Africa: Overview
and Issues for Congress, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42153.pdf

Southwest Border Violence: Issues in Identifying and Measuring Spillover
Violence, February 28, 2013:

    http://www.fas.org/sgp/crs/homesec/R41075.pdf

Base Realignment and Closure (BRAC): Transfer and Disposal of Military
Property, February 28, 2013:

    http://www.fas.org/sgp/crs/natsec/R40476.pdf

Department of Defense Trends in Overseas Contract Obligations, March 1,
2013:

    http://www.fas.org/sgp/crs/natsec/R41820.pdf

Sequestration as a Budget Enforcement Process: Frequently Asked Questions,
February 27, 2013:

    http://www.fas.org/sgp/crs/misc/R42972.pdf

Sessions, Adjournments, and Recesses of Congress, February 27, 2013:

    http://www.fas.org/sgp/crs/misc/R42977.pdf

Kenya: Current Issues and U.S. Policy, February 26, 2013:

    http://www.fas.org/sgp/crs/row/R42967.pdf

Comparing Medicaid and Exchanges: Benefits and Costs for Individuals and
Families, February 28, 2013:

    http://www.fas.org/sgp/crs/misc/R42978.pdf

Brief History of Comprehensive Immigration Reform Efforts in the 109th and
110th Congresses to Inform Policy Discussions in the 113th Congress,
February 27, 2013:

    http://www.fas.org/sgp/crs/homesec/R42980.pdf

U.S. Trade and Investment in the Middle East and North Africa: Overview
and Issues for Congress, February 28, 2013:

        http://www.fas.org/sgp/crs/misc/R42153.pdf

China's Economic Conditions, March 4, 2013:

    http://www.fas.org/sgp/crs/row/RL33534.pdf

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@fas.org
voice:  (202) 454-4691
twitter: @saftergood