BF-SIRT Newsletter 2018-32

A new method has been found to make cracking WPA/WPA2 easier

The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.

The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.

Top 5 Security links

 

Faster time to market with automated workflow

In order to improve your innovation speed, you have to be willing to jump on concepts faster than you have done before.

Malware is so 2017: five security trends to watch out for

Remember when several massive ransomware attacks went global and hit many big businesses? Fredrik Svantes, Senior Information Security Manager at Basefarm, discussed with us the latest developments that keep the cybersecurity community busy.

Hybrid cloud for peak loads at Gotland Ferry Service

Destination Gotland is a wholly owned subsidiary of Rederi AB Gotland. On behalf of the Swedish government, they operate the ferry services between Visby, Nynäshamn and Oskarshamn.

How does digital transformation actually work?

To master digital transformation in your business and put data-driven business models into practice, a digital mindset and comprehensive empowerment originating with corporate management is required.

IBM PowerAI

By Trond Bjerkvold.

BF-SIRT Newsletter 2018-31

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker.

A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability.

So far, Censys.io has reported more than 170,000 active MikroTik devices infected with the CoinHive site-key used in this campaign (the site-key is the same across infections, indicating a single entity behind the attacks). The campaign is mainly targeting Brazil – but infections are growing internationally, according to Trustwave’s Secure Web Gateway (SWG) team, indicating much larger ambitions.

“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote a posting today. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”

 

Top 5 Security Links

How to defend yourself against SamSam ransomware

Backdoors keep appearing in Cisco’s routers

Reddit breach highlights limits of sms-based authentication

Attacks on industrial enterprises using RMS and Teamviewer

Amnesty International targeted by Nation-state spyware

When business continuity is key

Semantix, Scandinavia’s largest language company, has chosen Basefarm as their supplier of its business critical operations. High availability, security expertise and flexible solutions were on the wish list during the procurement process.

Are you prepared for DDoS attacks?

How can you protect yourself from hackers and more specifically, DDOS attacks?

Introducing Nordkap – a Swedish success story.

In a short timeframe, Nordkap has established themselves as the leading web-based treasury system in Sweden and Norway. Their focus now is to continue to improve and develop the system in order to continue their growth – both in the Nordic region and Europe.