“Anonymous’ failed attack against Israeli websites last month has left security experts cautiously optimistic that the hacktivist group will be unsuccessful in its plans to disrupt U.S. government and banking sites.
Anonymous plans to launch distributed denial of service (DDoS) attacks on May 7 against nine government sites and more than 130 financial institutions….”
Experts hope for another failure in next Anonymous attack.
Networkworld (ShareThis)
Secure your devices. Bottom-line, there are malicious users on the web that can find your device (webcams, IP cameras, routers, SCADA and other devices). Change the default passwords and update software/firmware when it is available. Disable UPNP and look for vulnerabilities that may affect your device.
CNN’s Money on “Hacking anything connected to the internet“
Mickey found a great site that gives the approximate time it will take to break your password. The site, howsecureismypassword.net gives the approximate time and a background color that indicates how secure your password is. There are other things to worry about. One of the things people don’t realize is that the code in your website may reveal even the most complex passwords. It is up to the webmaster of your site to keep you secure.
The website sicherheitstacho.edu shows cyber attacks as they happen. Currently with 97 sensors, the site gives information about malicious activities on the web.
This post is for educational purposes and any use of these tools against a network without explicit permission could be illegal. Metasploit is designed to identify weaknesses in networks and hardware/software on a network. Do NOT use metasploit for other reasons.
Want to protect your network and the computers in your network? You can get updates for your operating systems (Linux, Mac, iOS, Android, Windows or whatever) along with updates for third party programs yet you can still be unsecure. When updating these products, you also have to remember firmware and updates for wireless devices, access points, bridges, firewalls, routers, switches, SCADA devices, robots, mobile devices, printers and any device on your network.
Metasploit
http://www.metasploit.com/download/
Metasploit Community is free and allows for a free scan of your network or server. Although limited (Try Pro for details and Brute Force), Metasploit Community is a first step in finding open services and ports on your operating system, hardware devices such as routers and other devices. The trick to installing Metasploit is to disable your antivirus or make exceptions to what your antivirus finds. You should truly install the software inside of a VM (Virtual Machine) so that your computer remains protected.
You can use Metasploit to protect your network by ‘seeing’ what a hacker or malicious person would see. Truly for network professionals and auditors, this software can help you identify services, ports and weaknesses in your network.
There are several versions of Metasploit – Community, Pro, Express and Framework (Compare Editions)
The above scan was in a controlled lab. Malicious scanning of networks may be illegal. Read Penetration Basics on Metasploit’s website.
Tutorials (Videos)
2013 Predictions – Cyber Threats
Steve
Have a prediction? Let us know. We’ll post it.
Manufacturers should have a quality team to insure that devices are up-to-date and business and home owners need policies (rules) on internet usage. Consumers need to be educated on products and safe internet usage.
China-backed hackers’ tactics are continuing and evolving, U.S. Defense Secretary Leon Panetta says, and are expanding and focusing more intently on critical American oil, gas and other energy companies. Chinese officials have steadfastly denied the cyberattacks, saying they also are victims of computer hackers and breaches. Read more: Panetta: Chinese Cyberattacks Unabated | CIO Today.
“If IT security departments want to truly meet the risks posed by today’s advanced threats, they need to get more scientific with how they develop their strategies. Because based on the breach statistics and malware infection rates, the old methods aren’t even close to adequate, security experts warn.”4 Reasons Why IT Security Needs Risk Management – Dark Reading.
Other good reads on Dark Reading
Will Advanced Attackers Laugh At Your WAF?
Companies should not trust vendors’ claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses.
There complete Black Hat USA coverage.
From Help Net Security
47 individuals were arrested on Wednesday by the officers of the Royal Canadian Mounted Police following an investigation of a highly organized and disciplined criminal ring that has managed to steal at least $7 million via cloned bank cards…read more
Please tweet, share or reblog this post. With this problem coming up, get the word out. See how to check your computer at the end of this article.
In July thousands of computers will be without internet. Over 300,000 users still infected! DNS Changer is a piece of malware that could possibly affect thousands of computers that are currently running through FBI computers. This Malware redirected you to malicious DNS servers.
What is DNS? DNS is a form of services all computers, notebooks, tablets, netbooks and phones run through in order to use the internet. When you type a url such as http://www.wordpress.com your computer goes to a DNS server and the name is converted to an IP address so that your information can be routed to the webserver you are trying to view.
Scan your computer for viruses, malware and spyware. Use your anti-virus program (Download AVG free or Microsoft Security Essentials) and scan with Malwarebytes or SuperAntispyware portable edition. Check your computer by using the information found below.
Want to learn about malicious activities and the internet? Be sure to visit each of the links below.
Fortunately, the FBI intercepted these (all known) malicious DNS servers in order for users to travel to legitimate sites. However the intercepted DNS servers and redirects by the FBI will be turned off in July. It is estimated over 300,000 people are infected. Be sure to check your network and computers for these infections.
DCWG gives information on Detect, Fix and Protecting your computer.
FBI – Check to see if your computer is using a rogue DNS server – Link
Operation Ghost Click Information
Dark Readings Article on Teaming Up to Take Down Threats
Team Cymru Information (Security)
Team Cymru helps organizations identify and eradicate problems in their networks, providing insight that improves lives.
Check out their movie on one day of malicious activities
Team Cymru Battle Project
Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays IRC and HTTP botnet, crimeware, and phishing data on an interactive world map in near real time. It is intended to provide enough information to enable law enforcment to identify botnets and attacks that are of interest to them. On the right-hand side of this page you can see an example screen shot of the BATTLE interface.
Security professionals are leery of one-way public-private partnerships, but Operation Ghost Click shows that the model is necessary to take on international threats
Advanced IT Professionals – Information on Servers
Advanced IT Professionals can see DNS server status here.
Sample Status for IT Professionals – below (use the link above to check DNS status)
Sandia National Laboratories gives an analysis of your domain here
Sample Status of DNS/Domain information
(provides DNSSEC, Responses, Servers and the ability to Analyze domains)
Thanks to Dawn Babian our Network Admin, Mickey Chilton and Virginia Dennis for links and information.
And RSA official responds to Gen. Keith Alexander’s telling Congress this week that Chinese attackers were behind the SecurID breach last year
Continuous surveillance, informants, trap-and-trace gear the FBI spared no effort to track down a 27 year old dreadlocked anarchist from the South Side of Chicago after he was linked to various Anonymous hacking schemes.
via Stakeout: how the FBI tracked and busted a Chicago Anon.
Read the chat information at the above link.
Share/Email
