Today on Episode 3 of 2 Dropped Tables we discuss the latest wikileaks Vault7 release ‘Pandemic’ and how this recently leaked CIA tool spreads infected files across an organization’s network.
Cloud based single sign on service OneLogin suffered a breach where user passwords and decryption keys were stolen. We discuss how businesses can improve the vetting of their cloud partners and weather it is a good idea to put all of your eggs in a cloud authentication basket.
Lastly each of our hosts provide their top 3 things that home computer users can do to better secure their environment and their private information.
Topic 1 – “Pandemic” Vault7 Leak
“Pandemic” project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. “Pandemic” targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user.
As the name suggests, a single computer on a local network with shared drives that is infected with the “Pandemic” implant will act like a “Patient Zero” in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server.
Topic 2 – OneLogin Breach
OneLogin provides Single Sign On (SSO) and cloud identity management
OneLogin states that hackers breached its US datacenter and had access to “database tables that contain information about users, apps, various types of keys”. OneLogin later added that hackers could possibly have decrypted sensitive data during the seven hours they were in OneLogin’s systems.
Are businesses doing enough to vet their cloud providers?
Are my passwords safe using other cloud services?
Do we recommend any cloud based password managers?
Topic 3 – What should regular consumers do to secure their stuff?
- The most common attacks on end user/consumer devices are:
- — phishing
- — malvertising
- — unpatched vulnerabilities
- — physical possession
- What do we suggest that end users do, what is your top 3 things that a person should do?
- Don’t overshare on Social Media
- Use a Password Manager
- Only connect to trusted WiFi networks
- Keep systems up to date with updates and patches
- Install a secondary malware scanning tool such as malwarebytes: https://www.malwarebytes.com/
- Disable uPnP on your router
- Scan your open ports with a tool like SheildsUp! https://www.grc.com/x/ne.dll?bh0bkyd2
- Don’t open email attachments that you are not expecting
SMS phishing scams – Many people are getting SMS messages purporting to be from their wireless carrier encouraging users to click a link to retrieve an overpayment.
This is a scam, please don’t click that link!