Weekend Cybersecurity Review: New Intel Security Flaw, Hackers Targeting U.S. Senate
Even as the cycle of weekend and work week continues, neither hackers nor InfoSec professionals sleep. Here are the top headlines from the weekend and late last week that continue to make waves today:
U.S. Senate Targeted by Russian Hackers
Endpoint security vendor Trend Micro warned that Fancy Bear—the hacker group allegedly affiliated with Russian military intelligence—is now laying the groundwork for a hacking campaign against the U.S. Senate.
“They’re still very active — in making preparations at least — to influence public opinion again. They are looking for information they might leak later,” said Trend Micro researcher Feike Hacquebord. The hacker group is also responsible for the hack against the Democratic Party in 2016 and has been recently connected to malwareless attacks against Olympic organizations preceding the 2018 Winter games in South Korea.
Cybersecurity for the Senate falls under the jurisdiction of the Senate Sergeant at Arms Office; representatives from that office declined to comment to reporters. According to Trend Micro, the current wave of attacks utilize spear phishing techniques on Senate staffers to gain their credentials, with hackers setting up spoofed Senate email systems.
Takeaway: Once again spear phishing proves to be a danger to even the higher echelons of the social order. More proactive training against such tactics will help companies save valuable time, money, and peace of mind. The article also speaks to how major hacking campaigns may be at the behest of national governments—which makes hacking not only a economic danger but a political one.
F-Secure Discovers Another Intel Hardware Security Flaw
The InfoSec world continues to reel from the revelation of deep-seated security flaws in Intel, AMD, and ARM microprocessors; their speculative execution operations leave backdoors open to normally secure memory banks, allowing hackers easy entry. Now adding to this atmosphere of anxiety and panic, endpoint security vendor F-Secure announced they had discover a brand new flaw in Intel’s chips.
The newly discovered flaw, which F-Secure firmly contends is unconnected to the previously discovered Meltdown and Spectre vulnerabilities, allows hacker to remotely access corporate endpoints through the Intel Active Management Technology (AMT), the vendor said in an official statement; AMT is found in most corporate laptops.
F-Secure did note that the flaw would require initial physical contact between hacker and endpoint. Afterwards, through established backdoors hackers, could access the endpoint’s server or bring the endpoint onto the attacker’s network server in under 30 seconds.
According to F-Secure consultant Harry Sintonen: “By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely [been] changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cybercriminal has effectively compromised the machine. Now the attacker can gain access to the system remotely.” The backdoor would let the hacker have virtually unlimited access to the victim’s data and endpoint, allowing the modification to theft of data and documents, the installation of rootkits or malware, and anything in between.
At time of writing,no anti-malware, firewall, or encryption that can stop this exploit. The only known effective methods are to set a stronger AMT password or completely disable AMT if possible.
Takeaway: Normally we would put some sort of best practice here, but this headlines proves tricky. If you have not done so already, change your AMT password or disable AMT, if possible. Stay tuned for updates on patches, and never leave your corporate endpoints unsupervised with unknown or outside actors.