by: Stacey Petrov
Marriott International, a large American hotel chain, recently has had one of the largest breaches in history. This breach may have been prevented with a proper implementation of a cybersecurity system. Cybersecurity defenses protect against major attacks, ensuring no data loss. Implementing a cybersecurity system isn’t free, but the price of handling an attack is much greater.
Friends and Colleagues,
It is critical that at this time, the Digital Edge Security Team sends an urgent warning about a wide-spread email phishing campaign aiming at Microsoft Office 365 users. The emails have subject similar to this: “View your Office 365 Business billing statement for…”.
The email looks very real and our Security Team is urging what users should pay attention to when analyzing such email for authenticity.
Multiple clients have notified us about receiving said emails and some people were getting trapped by this campaign.
Click here to read more about this incident of email phishing and possible remediation for this and further attack involving setting up spying rules in your Office 365 account.
Digital Edge has decided to simply classified types of attacks, so that when we discuss tools and vectors we will refer this document.
1. Frontal Assault
1.a - Code Tampering: This type of attacks are conducted from outside of a client's, by probing open ports and trying to force the code behind those ports to do unwanted actions, allowing hackers either remote execution, illegal upload with further execution, or system crash.
1.b - Brute Force: An attacker uses techniques that are trying multiple combinations of passwords and keys trying to pick correct combination.
1.c - Denial Attack: When an attacker creates either a large number of requests or specifically crafted requests or both at the same time to cause a client's system to stop responding.
1.d - Floods: An attacker creates large amount of traffic, produced by hacker's controlled infected machines - "bots or zombies" to simply overflow capacities of the client networks or their ISPs.
2. Internal Assaults
2.a - Browser Scripting Attacks: During this attack, a hacker is convincing a user to go to a malicious website. Such website has a java or other scripting code that cause client's browser to perform unwanted actions, infect the computer, download unwanted software, etc.
2.b - Email Attacks: During this attack, a hacker tricks a user to open an attachment that has a code that causes the opening program such as MS Office, Adobe PDF viewer, etc. to perform unwanted actions, such as infect the computer, download unwanted software etc.
2.c - Removable Media Attacks: This attack is conducted through an infected removable media. A USB memory card may have a malicious software that is executed when the storage is attached to the client's computer.
2.d - BOYD Device Attack: A hacker would be able to infect client's personal desktop or personal phone and wait for when the user will bring it to the office. The infected "own" device can spread infection inside the local network.
In the future, the Digital Edge Security Team will publish Security Solutions Reviews which will always refer to this classification, specifying which security challenge the solution is supposed to solve.
This vulnerability is more historical rather than practical, but it caught attention of the Digital Edge security team as we think it is the first hypervisor vulnerability allowing a guest to attack hypervisor host.
The virtualization idea is that virtual instances should be running in their own jail and would not be able to communicate with other virtual instances or the physical host itself. This isolation technique makes people confident going into the “cloud” as in theory that nobody can break the jail. Your “neighbors” cannot damage you.
If the isolation concept fails, a criminal can purchase a virtual machine “next” to you and hack into your machine. Hypervisor software is doing everything to block visibility from one virtual instance to another or to the physical host.
New vulnerability - CVE-2015-7835 was logged today simply stating:
“The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.”
What this actually means is that a hacker can purchase a VM and get control over its physical host and then over VMs running on that physical host. In our opinion it is the worst bug we have seen.
Please click here for more information.
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.