Week in review 3 October 2014
This week, MailShark made an announcement about our latest customer. You can read the full text of the announcement in our news section.
It was probably to be expected that Shellshock would be the main news this week. Whilst at MailShark we have a focus on email borne threats, Shellshock took precedence this week, due to its wide ranging nature. There is also the possibility that the exploit could lead to hijacking of servers, and the possibility of spam email attacks in the future.
The publishing of the Shellshock vulnerability led quickly to exploits. One aspect of this bug was the length of time it existed; it appears to hold the record at 22 years. Spare a thought for the people that had to trawl through 22 year old code. Coding in 1992 was distinctly different from coding in 2014, as some may well know. Given the age of the code, it was satisfying to see the speed that patches were released to resolve the bug. Apple OS X was not immune to the bug, and released updates this week to close off the flaw. Apple did state that most Mac OS X users were protected from the flaw, according to information received by the ThreatPost site. Irrespective, Apple did release a patch for the vulnerability this week. Embedded devices were one area that we at MailShark immediately thought of when we heard of Shellshock.
Various routers and Network Attached Storage (NAS) devices use embedded versions of Linux, and also use web based interfaces to manage the devices. As CERT noted, the main issues with Shellshock are around exploits using web based attacks. It was no surprise when we heard that QNAP NAS devices were being targeted by attackers. To date, the attacks have mostly been on devices located in Korea and Japan, with one device in the US. FireEye published an excellent piece on the QNAP NAS exploit, setting out how the attack worked, but also explaining how to detect if a NAS has been hacked. The attack is a serious breach, as an attacker can easily gain access to the files on the NAS. QNAP have issued a press release advising users to disable web based applications. Moving on from Shellshock, Snapchat users started getting messages from friends about weight loss pills.
The messages were spam messages, and were sent from compromised Snapchat accounts. It doesn’t appear that Snapchat was hacked however. Rather, the account details and passwords look to have been obtained from other breaches. Point of Sale and malware has been in the news in the USA, where several breaches leading to credit and debit card number theft have taken place. One of the recent breaches was caused when an attacker obtained access to a username and password used by the POS vendor.
The result was a large data breach; the POS vendor admitted their liability in this case. Although Australia has moved faster than the US in adoption of EMV, it should not be seen as a silver bullet to solve POS fraud. EMV is not foolproof, as a presentation by Lucas Zaichkowsky at Black Hat 2014 showed.