Top 3 Security & Privacy threats of October 20172 min read

KRACK – A fundamental flaw in Wi-Fi security

Security researchers from Belgium have found that the majority of Wi-Fi connections are potentially vulnerable to exploitation because of a fundamental weakness in the wireless security protocol – WPA2. The exploit is called “KRACK”, which is short for Key Reinstallation Attack. Reports suggest that at most risk are Linux operating systems, Internet of Things (IoT) devices and 41% of Android devices. However, many of these, especially IoT devices, may never get patched.

Once again the answer is to apply security patches, in this case to all wireless devices. Similar to the earlier WannaCry ransomware attacks that spread like wildfire across the Internet and around enterprise networks, WannaCry didn’t infect systems that had already been patched that month, and patching was the most effective mitigation against that ransomware.

DUHK – A flaw with hard coded encryption keys

DUHK (Don’t Use Hard-coded Keys) is a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key. The ANSI X9.31 RNG is an algorithm that until recently was commonly used to generate cryptographic keys that secure VPN connections and web browsing sessions, preventing third parties from reading intercepted communications.

DUHK allows attackers to recover secret encryption keys from vulnerable implementations and decrypt and read communications passing over VPN connections or encrypted web sessions. The encrypted data could include sensitive business data, login credentials, credit card data and other confidential content.

The affected implementations were all historically compliant with FIPS, the Federal Information Processing Standards.

Bad Rabbit ransomware – A new form of ransomware

First spotted on October 24^th, the bad rabbit ransomware is a form of ransomware that was spread through “drive-by attacks” where insecure websites are compromised. A “drive-by attack” is conducted silently while the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure, for Bad Rabbit this was disguised as a flash player update.

Once installed, the ransom notification and payment page demands around $280 in Bitcoin and gives a 40-hour deadline for payments to be made. Upon analysis it has been found the DiskCryptor software is being used to encrypt the victim’s hard-drives.

Author: Taran Ranger, CyNation