The document discusses several cybersecurity issues: KRACK, a vulnerability that allows hackers to decrypt WiFi network data without knowing the password; Bad Rabbit ransomware that infected over 200 organizations in Europe; malware that exploits the Dynamic Data Exchange feature in Microsoft Office to distribute ransomware and banking trojans; ready-made ATM malware that is being sold online for $5,000 to steal cash from ATMs; and a cross-site scripting vulnerability found in the KeystoneJS web framework. It provides details on how these attacks work and recommendations for preventing or mitigating the risks.
2. Overview
Key Reinstallation Attack (KRACK)
Dynamic Data Exchange (DDE)
Exploit
Dangerous Malware Allows to Empty
ATMs
Bad Rabbit :Ransomware Attack
XSS vulnerability found in keystoneJS
3.
4. Hacking Wi-Fi :Key Reinstallation
attack (KRACK)
• WPA2 is a secure Wi-Fi connections .
• Wi-Fi Protected Access II (WPA2) protocol could allow an
attacker to hack into your Wi-Fi network
• Android, Linux, Apple, Windows, OpenBSD, MediaTek,
Linksys, and others, are all affected.
5. This attack is local and active in nature.
active MiTM is required and can only be done
in physical proximity
6. KRACK—Key Reinstallation Attack—Team of
researchers works against all modern protected
Wi-Fi networks and can be abused to steal
sensitive information like credit card numbers,
passwords, chat messages, emails, and photos.
The KRACK attack works by exploiting a 4-way
handshake of the WPA2 protocol for encrypting traffic.
7. KRACK attack does not help attackers recover the
targeted Wi-Fi's password
It allows them to decrypt Wi-Fi users' data without
cracking or knowing the actual password.
Attacker needs to trick a victim into re-installing an
already-in-use key.
The impact of exploiting these vulnerabilities includes
decryption, packet replay, TCP connection hijacking,
HTTP content injection.
8. The communication over HTTPS is secure (But not
100% secure) and can’t be decrypted using the KRACK
attack.
Use a secure VPN service—which encrypts all your
Internet traffic whether it’s HTTPS or HTTP.
Key Reinstallation attack could be exceptionally
devastating against Linux and Android 6.0 or higher.
9. KRACK Attack Protection and
Prevention
Update the firmware of all of your Wi-Fi devices with
official fixes.
Update the passwords and firmware of all of your Wi-
Fi access points and routers.
Browse secure HTTPS websites which leverage
encryption
Disable Temporal Key Integrity Protocol (TKIP).
11. Bad Rabbit: New Ransomware
Attack
It is spreading like wildfire around Europe
It affected over 200 major organisations, primarily
in Russia, Ukraine, Turkey and Germany, in the
past few days
Demanding 0.05 bitcoin (~ $285) as ransom from
victims to unlock their systems.
Distributed via drive-by download attacks, using
fake Adobe Flash players.
No exploits were used.
Bad Rabbit ransomware uses DiskCryptor.
12.
13. In some of the companies, the work has been
completely paralysed - servers and workstations
are encrypted,head of Russian cyber-security
Two of the affected sites are Interfax and
Fontanka.ru.
It affected systems at three Russian websites, an
airport in Ukraine and an underground railway in
the capital city, Kiev.
14.
15.
16. How to Protect Yourself from Ransomware Attacks?
oDisable WMI(Windows Management Instrumentation)
service to prevent.
oMost ransomware spread through phishing emails,
malicious adverts on websites, and third-party apps and
programs.
oAlways exercise caution when opening uninvited
documents
oNever download any app from third-party sources
o Keep a good backup routine.
o Run a good and effective anti-virus security suite on
your system, and keep it up-to-date.
17. Unpatched Microsoft Word
Dynamic Data Exchange (DDE )
Exploit
Unpatched attacking method that exploits a built-in
feature of Microsoft Office is currently being used in
various widespread malware attack campaigns.
DDE protocol ,allow two running applications to
share the same data.
18.
19. The protocol is being used by thousands of apps,
including MS Excel, MS Word, Quattro Pro, and Visual
Basic .
One-time data transfers and for continuous exchanges
for sending updates to one another.
The DDE exploitation technique displays no
"security" warnings to victims,
over 6 million infected computers worldwide and
sends millions of emails—to distribute Locky
ransomware and TrickBot banking trojan using Word
documents that leverage the newly discovered DDE
attack technique
20. How to Protect Yourself From Word DDE Attacks?
Open Word
→ Select File
→ Options
→ Advanced
and scroll
down to
General and
then
uncheck "Up
date
Automatic
links at
Open."
23. •Hacking ATM is now easier than ever before.
•Anyone can simply buy a malware to steal millions in
cash from ATMs.
•Hackers are selling ready-made ATM malware, anybody
can simply buy for around $5000
•Advertising the malware, as Cutlet Maker.
24. The list of crimeware contains in the toolkit
includes:
Cutlet Maker—ATM malware which is the
primary element of the toolkit
Stimulator—an application to gather cash cassette
statuses of a targeted ATM
codecalc—a simple terminal-based application to
generate a password for the malware.
25. •Either network or physical access to an ATM is
required to enter the code in the application text area
and also to interact with the user interface.
•The advertisement was initially published on
the AlphaBay Darknet marketplace, which was recently
taken down by the FBI.
26.
27. Cross-Site Scripting(XSS) found in
KeystoneJS
How to perform this attack:
1. Navigate to Contact Us page
2. Fill in the details needed and enter the below payload in
message field
and send
<a onmouseover=alert(document.cookie)>XSS link</a>
3. Now login as admin and navigate to the above new record
created in the enquiries.
4. Move the cursor on the text “XSS link”
28. Solution:
• The issues have been fixed and the vendor has
released the patches
Mitigation:
• The application accepts input from normal user
without any validation and renders it without output
encoding.
• Therefore it is recommended to perform input
validation or html output encoding to avoid such
kind of attacks.