Netizen Threat Brief: 30 May 2018 Edition

Threats:

Listed below is information regarding this week’s most critical threats and preventative measures to lessen the chances of a breach:

  1. BackSwap Trojan
  2. Z-Shave

1. BackSwap Trojan

Overview

A stealthy banking malware known as the BackSwap Trojan is being utilized to empty victims bank accounts, right from their web browser. The success of this malware relies on its ability to remain undetected by security solutions. BackSwap uses abstains from the usual process injection for monitoring browser activity, and instead handles its malware processes by working with the Windows GUI elements and simulates user input.

BackSwap monitors the use of URLs and once it detects bank-specific activity, the malware then injects the malicious code; in this case, JavaScript. The code is either entered in the JavaScript console or right in the address bar. BackSwap is also able to circumnavigate several defenses and counters that are often implemented in browsers to prevent exploitation.

Recommendations

The injected JavaScript replaces the victims bank account number with one of a false account created by the hackers. If the victim does not notice the swap, and authorizes the transaction, the attack is then successful.  BackSwap is attainted through spam, malicious attachments, and phishing emails. We recommend the following:

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments

Be wary of poor spelling, grammar, and formatting. As can be seen with the Dropbox phishing email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

2. Z-Shave

Overview

The wireless communications protocol known as Z-Wave has been discovered to be vulnerable to a downgrade attack. This type of attack will allow an attack to intercept and tamper traffic in transit between smart devices. The attack known as Z-Shave operates by tricking two of these smart devices that are currently paring to one another into thinking that one of them does not support the newer S-Wave S2 security features, forcing the two smart devices to use the older, more vulnerable security standard. The exploitation can be a gateway for attackers into the organizations larger network.

Z-Wave is very popular among Internet of Things (IoT) devices as its blows Bluetooth out of the water with its superior range of up to 100 meters. It is currently estimated that Z-Wave operates on over 100 million IoT devices.

Recommendations

The most prominent recommendation we can provide, if utilizing Z-Wave on your IoT devices, is to upgrade and switch to the newest and most secure version of the protocol. We also recommend the following mitigations and strategies for securing IoT devices:

  • Identify all IoT devices on the network, no matter how long it has been there. You cannot protect what you don’t know is there.
  • Data flows should be documented to ascertain what is needed and what is unnecessary and does not add value. With this knowledge, the network can be segmented appropriately—firewalling off any unneeded traffic.
  • Control the acquisition and implementation process—smart tv’s, fridges, etc. could open subtle channels for attackers to use to gain entry inside of the network. This happened in the well-known Target breach several years ago where a smart refrigerator was used to inject malware into the network and steal credit card numbers.
  • Perform regular vulnerability assessments on internal and external networks to reveal any hidden weaknesses or openings into environment. These risks should then be reviewed at regular intervals, implementing mitigation strategies as feasible.
  • Have a structured plan for the organization. Identify key stakeholders, establish security objectives, and coordinate actions to implement controls across the IoT spectrum.

How can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s