Search the Community
Showing results for tags 'weak passwords'.
Found 2 results
steven36 posted a topic in Security & Privacy NewsFruitFly, a piece of Mac malware that infected thousands of machines over the course of more than 13 years, was being distributed via poorly protected external services. First detailed in early 2017, FruitFly (also known as Quimitchin) targeted individuals, companies, schools, a police department, and the U.S. government, including a computer owned by a subsidiary of the Department of Energy. In January this year, the U.S. Department of Justice indicted Phillip R. Durachinsky, an Ohio resident, for using the malware for more than 13 years for nefarious purposes. The man would abuse FruitFly to steal personal data of unknowing victims and spy on them, and even to produce child pornography. Durachinsky allegedly leveraged the malware to control the infected machines “by accessing stored data, uploading files, taking and downloading screenshots, logging a user’s keystrokes, and turning on the camera and microphone to surreptitiously record images and audio,” the DoJ said in January. While the threat’s capabilities were clear to the researchers who analyzed it, the only thing they couldn’t explain was the infection vector. A newly discovered “flash alert” (PDF) that the Federal Bureau of Investigation (FBI) sent in March last year, however, solves the mystery: Durachinsky targeted poorly protected external services to install the malware onto his victims’ machines. “The attack vector included the scanning and identification of externally facing Mac services to include the Apple Filing Protocol (AFP, port 548), RDP, VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from 3rd party data breaches,” the alert reads. Discovered by Patrick Wardle, co-founder and chief research officer of enterprise macOS security company Digita Security, the document reveals that, in addition to using the malware to spy on victims, Durachinsky was leveraging the infection to target additional systems. Basically, he scanned the Internet for Macs with exposed ports that he could exploit and then attempted to connect to these systems using weak, known credentials. Once a system was compromised, he then attempted to persistently install the malware. The targeting of poorly protected remote access protocols for malware installation isn’t a new technique. In fact, there are millions of endpoints exposing ports associated with the Remote Desktop Protocol (RDP) and this type of attack even surpassed spam in popularity among ransomware operators. Source
steven36 posted a topic in Security & Privacy NewsHackers are behind bars for stealing $30,000 from accounts, but Vodafone wants their victims to pay the tab. If you use a simple, easy-to-guess password such as "QWERTY" or "1234," you might pay for your mistake by having someone access your online accounts without permission -- and you may also find yourself paying out for subsequent damages and lost funds. That is, if Vodafone reportedly has its way. Recently, a court in Teplice, Czech Republic, sentenced two individuals to jail for compromising the accounts of Vodafone customers in order to make fraudulent mobile payments. According to local media idnes.cz, two men were able to access customer accounts by testing out "1234" as a password, enabling them to order new SIM cards without permission which were picked up at local branches. These SIM cards were activated and used in mobile phones without any further authentication, as the attackers already knew the phone number and name associated with each compromised account. Once active, the SIMs were used to send premium SMS messages to gambling services. The publication says that 667,000 crowns were stolen through the scheme, which began in April 2017. This equates to roughly $30,000. Some customers impacted by the breach say that the "1234" password was set by default by Vodafone. It appears that access to the online self-service shop which the attackers exploited is automatic, but customers may not have been aware of the service at all at sign-up. The men have been sentenced to three and two years in jail, respectively. Vodafone, however, is reportedly refusing to pay up and wants the victims to cover the damages. According to idnes.cz, Vodafone has argued the customers are at fault as they are responsible for the strength of their password. A Vodafone spokesperson told the publication that the default, weak password was not an automatic element; but rather, employees were able to set up an account with "1234" if customers could not decide on their password choice in-store -- but they would have been warned to change it to something stronger later. A number of victims have denied knowing the supermarket existed at all until the time of the theft. The publication reports that some account holders impacted by the scheme have received debt collectors at their door to recoup lost funds. "If the account was misused by an unknown offender, the correct procedure is that the customer will report the situation to the Czech police and file a criminal complaint," the Vodafone spokesperson said. "Unfortunately, we cannot compensate for the charged amount." Jiri Kropac, the head of Threat Detection Labs at ESET, tested the portal on behalf of Bleeping Computer and confirmed that the portal's inherent security is poor as a password can only consist of four to six numbers. This is not difficult to brute-force attack. Vodafone's apparent stance on the robbery is a dangerous one -- but it is not a mindset which hasn't been raised before. Former UK Met Police chief Sir Bernard Hogan-Howe, when he was in his previous role, said that customers who become victims of financial fraud should not be compensated by banks. Some banks argue that if a payment is made voluntarily, they should not be held responsible for such losses. In 2015, Vodafone experienced a data breach which led to the theft of sensitive information belonging to 1,827 UK customers. The telecoms giant said the cyberattack was not due to vulnerable company systems, but rather, email address and password credentials were taken "from an unknown source" outside of Vodafone. ZDNet has reached out to Vodafone and will update if we hear back. Source