Basefarm SIRT Newsletter 2013-03-08

Year – Week: 2013 – 10

Weekly summary
Evernote was the highest profile victim of an attack this week. The attack on their systems meant that 50 million account names and encrypted passwords were stolen.
USA has also become the world’s leading spam-relayer. This most likely doesn’t mean that there is a kingpin spammer in USA, but what it does show is that there is a large amount of hijacked computers being used for this. USA it’s not the number one malware infected country (China was 2012 according to PandaLabs), but there are reasons such as IPs from USA is less likely to be blacklisted as easily as well as speeds between email providers are likely to be higher from USA than China.
More information about the zero-day-exploiting malware MiniDuke has also surfaced. It appears that MiniDuke has been running its cyber-espionage campaign around since mid 2011, and appears to have targeting governments in countries such as Belgium, Unites States and Ireland.
The Dubai Police made arrests this with in regards to a cyber crime gang who were able to transfer more than $2m from Dubai Exchange companies’ accounts, while Bank Muscat in Oman was hit by $39m ATM cash-out heist which most likely happened due to the hackers being able to duplicate a set of pre-paid Travel Cards.
The first couple of days of the Pwn2Own has also taken place. Pwn2Own, which is being co-sponsored by HP this year, is a yealy competition where security researchers attempt to be the first to exploit software, with resulting prize money for doing so. So far, over $270K has been given out to people who managed to exploit IE10, Chrome 25, Firefox 19, and Java 7.


Important Software Security updates

Security tips
We’d like to remind everyone of the importance of not reusing any of your passwords. Doing so could mean that you end up losing a great deal of things.
Let’s say I’m using X and I have the same password on my email account Z and Website X.
I signed up to Website X with my email account, which means that if Website X is hacked and my password decrypted (it’s not even certain they will have encrypted my password) then that means that they will be able to access my email account as well from there.
By having access to my email account they could for example gain further access to other services by doing password resets or pretend to be me and send out malware.

This is one of the reasons why we suggest that you create complex and unique passwords for every site you use.
It’s understandable that you can’t remember these kind of passwords, but don’t worry – there are tools for this which means you only have to remember one single passphrase in order to gain access to your password vault.

My personal preference is 1Password Pro which has got a stand-alone client as well as a web interface. It also got plugins for IE, Chrome and Firefox which makes signing into accounts a breeze.
Those who prefer to use free and open source can use KeePass Password Safe. I believe it lacks a bit of functionality, but it’s got a lot of plugins/extensions that you can use to further its use.

More information:

Security links
16-28 February 2013 Cyber Attacks Timeline

Hacking the Mind: How & Why Social Engineering Works

The web won’t be safe or secure until we Break it

Jailed cybercriminal hacked into his own prison’s computer system after being put in IT class

The Life Cycle of Web Server Botnet Recruitment

Security Blogger Award Winners 2013

Fifty million Evernote usernames out in the wild

Evernote has discovered and blocked attackers who gained access to their systems, but not before said attackers gained access to around 50 million usernames and passwords (encrypted).
While the passwords were encrypted (hashed and salted), it doesn’t mean they’re safe…
It’s vital to not reuse passwords, and especially important to not have the same password as you have on the email account you sign to a service with. Having the same password would mean that an attacker will be able to gain access to your email account if the password is cracked.
Should you have signed up with the same password on Facebook, Google+, Skype or other services then those are of course also likely to be tried directly, and after that having searches done on google for your email address to see what other services you might have signed up on.

Signing in to will force you to set a new password, so your other devices will also require the password to be changed.
We advice that you do this as soon as possible, as waiting to do so might leave your notes to be accessed by an unauthorized party.

More information: