Bulletin de sécurité

Security Bulletin #44

  • Text Hover
2017 - 31 - 01

  • Text Hover
  • Text Hover
Austrian hotel hit by ‘Ransomware of Things’ (RoT) attack

RoT / Jackware / Elecronic system
In a previous bulletin, the term RoT was mentioned where a researcher mentioned that cybercriminals will encrypt IoT devices and ask for a ransom (jackware). The first month of 2017 is not over yet and we can already witness the first example of Jackware. A four star Austrian hotel was victim of RoT attack where cybercriminals were able to compromise the hotel’s electronic key system and computers. The hotel was incapable of issuing new cards to new guests after the attack and the owner had no choice of paying $1,603 in bitcoin to recover its services. After the incident, the owner had updated all existing security system and wants to revert back to the old fashioned security methods of using normal keys. The researcher concluded that there are many vulnerabilities out there waiting to be exploited! Link: http://www.welivesecurity.com/2017/01/30/austrian-hotel-experiences-ransomware-things-attack/

OpenSSL’s patches for trio of denial-of-service bugs

Bugs / Patches / Ransomware
Patches for OpenSSL bugs have been released where the first bug (CVE-2017-3731) was affecting SSL/TLS servers running on 32-bits hosts. A packet would crash the system by starting an out-of-bounds read and this depends on the cipher the host uses. In (CVE-2017-3700) clients can be crashed if a malicious server supplies bad Diffie Hellman parameters in DGE/ECDHE mode. The last one (CVE-2017-3732) had a propagating bug in the x86_64 Montgomery squaring procedure which has been fixed and the notes also states that it would be difficult to exploit. Link: http://www.theregister.co.uk/2017/01/31/openssl_patches/

70% 0f Washington DC’s CCTV were attacked by Ransomware A

CCTV / Ransomware
A ransomware infected 70% of storage devices used by the Washington DC CCTV systems 8 days before the inauguration of President Donald Trump. The ransomware infected 123 network video recorders each controlling up to four CCTVs. IT staff was forced to wipe the infected systems and luckily the ransomware didn’t affect other parts of the network. No ransom was paid as all devices were taken offline, removed all software and had the system restarted at each site. The intrusion was limited to the police CCTV cameras that monitor public areas. There are still some information missing on this attack such as the loss of information, which tools were used for decryption, who is behind the attack. When city officials were interrogated they refused to comment on it. Link: http://securityaffairs.co/wordpress/55810/malware/washington-dc-cctv-ransomware.html

CERT-FR Alerts & Vulnerabilities

CERTFR-2017-ALE-001 : Vulnérabilité dans Cisco WebEx (25 janvier 2017) Link: http://cert.ssi.gouv.fr/site/CERTFR-2017-ALE-001.pdf CERTFR-2016-ALE-007 : Vulnérabilité dans Cisco IOS, IOS XE et IOS XR (19 septembre 2016) Link: http://cert.ssi.gouv.fr/site/CERTFR-2016-ALE-007.pdf