What a year 2018 has been for Cyber Security professionals. The year started with the disclosure of the Spectre and Meltdown CPU vulnerabilities that affected just about every CPU built in the last 20 years. It ends with the biggest data breach ever with the Marriot data breach where 500m people had information disclosed.
There were a lot more incidents including:
- Emergence of botnets co-opting both domestic and business routers including the re-emergence of the Mirai botnet
- US Department of Justice indicting a number of Russian hackers for hacking the 2016 presidential elections
- Emergence of a new malware variant mining Crypto Currency
- Various vulnerabilities in Windows 10 and Android
- The Facebook/Cambridge Analytica scandal
- Emergence of implied hardware implants in the supply chain (not fully corroborated).
This is only a few of the more public incidents that have been reported in 2018. There have been a larger number of more technical incidents and vulnerabilities reported throughout the year which I won’t list here.
Something that I will be writing about in more detail is the vulnerability of routers, and in particular SMB/Home routers once I have brought the research together in an easily digestible form, together with what you can do to protect yourself.
Spectre and Meltdown
The Spectre and Meltdown vulnerabilities emerged in January 2018. They were discovered by Google (Project Zero) security analysts in the summer of 2017, but because of the catastrophic nature of these vulnerabilities Google allowed more than the usual 90 days to fix them. The impact of these vulnerabilities is that an attacker using carefully crafted malware could exfiltrate information from shared memory within the CPU itself (called the cache). Meltdown could be patched in the operating system, and all the major players responded quickly. However the Spectre vulnerability was more deep rooted in the CPU and required software updates on the chip itself (called microcode updates). Depending on which CPU you had, you could see significant performance hits. It should be noted that as of this date, these vulnerabilities have not been exploited as they are not easy to exploit. Since then a group of academics have discovered a very large collection of similar vulnerabilities, some of which are at this point theoretical and some have been demonstrated. These vulnerabilities have been rooted in some very technical computer science, which I don’t intend to go into here, that allowed the CPU engineers to extract more performance out of the same silicon. The down side is that these optimisations were executed in an insecure way. Hopefully the likes of Intel, AMD, Qualcom, etal have learned their lessons (but don’t hold your breath).
Crypto Currency (like BitCoin) requires a process that verifies transactions by independent parties. The whole process is quite complex and maybe a subject for its own posting in the future. However, this verification is typically called mining and for every transaction you verify you get paid a fraction of a bitcoin (or whatever crypto currency is being mined). There is a legitimate business model for people to set up servers to provide this service and is a multi-million dollar business worldwide. However, hackers have, using other software vulnerabilities in industrial strength servers, managed to implant malware to use the resources of the hijacked server to mine bitcoin and other crypto currencies. These servers are typically used to run businesses and will have a negative impact on their abilities to perform their business activities. So far the hackers have only been interested in mining crypto currencies, and not looking inwards to make additional mischief. That is now changing and we can expect to see more disastrous attacks in 2019.
This doesn’t just affect ‘big iron’ servers. Consumers are increasingly being infected with malware that mines crypto currency on their PC’s, Phones, tablets, etc. If you leave your PC switched on and then while not using it the fan turn on at full speed, and then calms down when you return, then it is likely that you have been infected with malware that ismining crypto currency. These malware can also hide from anti-virus software, and in some cases disable it, once it gets in. I can also see this becoming more prevalent in 2019.
I will be posting on this in the future.
Facebook and Cambridge Analytica
I think we all know about the Cambridge Analytica scandal where the company managed to extract millions of Facebook users details and use then to drive the Donald Trump US presidential campaign in 2016. We are still seeing the fallout from this with UK parliamentary committees still investigating the company and Facebook. Indeed, Mark Zuckerberg (CEO of Facebook) is still being asked to testify in Europe and the UK before government committees on the privacy issues this has raised. This will roll on in 2019, and probably give rise to GDPR type legislation in other countries in coming years.
This year has also seen the emergence of a number of additional hardware based vulnerabilities. Bloomberg reported that Super Micro had shipped mother boards destined for big name companies like Amazon and Apple with implants in the fabric of the motherboard that provided a backdoor to Chinese hackers. I should point out that in this instance Bloomberg failed to name their sources or corroborating evidence. Super Micro have conducted an internal investigation and denied this ever happened, as have Apple and Amazon. I don’t know if this ever happened, but it is definitely possible with a lot of our consumer and professional technology being manufactured in China.
Huawei, a very large Chinese technology company who manufacture a lot of telecoms equipment have been banned from selling their 5G cellular equipment to US based telecoms companies, as well as other countries, because they believe they have manufactured backdoors in their products that allow the Chinese government/hackers to eavesdrop on communications. Again, I have not seen the evidence and this may be a smoke and mirrors act, but I won’t knowingly buy anything manufactured by Huawei.
We have also seen a massive rise in the use of Ransom Ware attacks(malware that encrypts your devices and expects you to pay a ransom in bitcoin to have them de-crypted). I will be writing soon about what this means and how you can defend yourself.
Looking forward to 2019
So, it’s all doom and gloom for 2018. However, 2019 probably won’t be much better and I think Security Researchers are just going to have to up their game to combat the criminal element. In the coming years 5G mobile telecoms will be widely deployed and that will lead to an explosion of Internet of Things (IOT) devices which are a massive attack surface for hackers (I will be writing about this in a later post). We can expect more of the same along the same lines as 2018 as well. Also with Artificial Intelligence (AI) and Machine Learning (ML) becoming more widespread, it can only be a matter of time before malware starts using AI to improve its effectiveness. If todays malware is equivalent to conventional weapons, AI enabled malware promises to be the nuclear option.
Keep an eye on this website (and Twitter @JMBusSec) for more posts on how you can defend yourself against these malware attacks and what you can do to prevent being affected in the first place. These posts will be coming in 2019 as and when I finalise the research on them.
All I want to do now is wish everyone a Cyber Aware and safe New Year in 2019.
Headline image provided by WordPress