For week 6 I have two
items to discuss. The first is the IHG or InterContinental Hotel Group data
breach and the second is how the leaked NSA tools are being used to attack
Windows PC’s. IHG had a breach back in
December of 2016 and IHG said the data breach only affect a few of its
properties. Now in April 2017, IHG has released data showing that more than
1,000 IHG properties were affected by the data breach. IHG properties computer
systems were compromised with malicious software designed to siphon customer
debit and credit card data just let Target and Home Depot (Krebs, 2017). IHG
has been in the process of implementing a secure payment solution that will
encrypt customer's data end to end.
Unfortunately, IHG only had a few sites done at the time on the data
breach and they were not affected. PCI has a requirement for point-to-point encryption,
so it seems IHG is behind on their PCI requirements. At the following site, a
person can look up what IHG properties were affected by the data breach and the
dates https://www.ihg.com/content/us/en/customer-care/protecting-our-guests/property-listing.
The site can be used by a person to see if their credit or debit card was
affected and if they need to be on the lookout for fraudulent charges. Below is
a screenshot of an email sent to franchise hotel’s offering a forensic
investigation to be paid by IHG (Krebs, 2017).
The leaked NSA
hacking tools are being used in the wild. A hacker group called Shadow Brokers
has leaked hacking tools that supposedly belonged to the NSA’s Equation Group (Khandelwal,
2017). A piece of malware designed by
the NSA called DoublePulsar was one of the tools released by Shadow Brokers. DoublePulsar
is being used as a spying tool and it is installed because of vulnerable SMB
and RDP versions. DoublePulsar does not write any files to the computer to
remain stealthy and DoublePulsar acts a remote access Trojan. A person has
released a python script to test IP addresses to see if they have the
DoublePulsar infection. The python
script is located at https://github.com/countercept/doublepulsar-detection-script.
Below is a screenshot of someone who ran the python script and found computer
infected with DoublePulsar.
The numbers of how
many machines are affected have been varying, but it seems to be at least
30,000 machines are infected. Microsoft has released patches to fix SMB and RDP
vulnerabilities. If people are still using an end of life software such as
Windows XP and Windows Server 2003 they are vulnerable and will remain
vulnerable because they will not receive security patches (Khandelwal, 2017). Script
kiddies and other hackers will be able to freely use DoublePulsar to infect
machines and make them zombies until the patch from Microsoft has been applied.
With hotels and
businesses not encrypting credit card data end to end data breaches will
continue to happen. One item that will not show up in the news articles is how
the malware got install on the machines. Some organizations do not have a good
security and I know for a fact at one hotel computers are not locked down at
all. It seems organizations would rather have a data breach then pay for
security because it is cheaper. People have the stigma that if a company has a
data breach it is bad, but because, so many are happening it is just another
day. Look at Target and Home Depot; people still shop there after they have had
a massive data breach. People will continue to stay at IHG properties and if they
have stock there may be a blip in it, but it will come back. At the end of the
day, security needs to be a priority for businesses that store or transport
customers data.
References
Krebs, B. (2017,
April 18). Krebs on Security. Retrieved April 23, 2017, from https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/
Khandelwal, S. (2017,
April 22). Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable
Windows PCs. Retrieved April 23, 2017, from http://thehackernews.com/2017/04/windows-hacking-tools.html
No comments:
Post a Comment