US-CERT issues warning on North Korean Cyber attacks

The US has issued an unusually​ public warning to businesses  both in and outside the United states about the threat posed by North Korean cyberattacks and the urgent need to patch old software to defend against them.

This alert is coming from the Department of Homeland Security (DHS) and the FBI through US-CERT, usually taken as a sign of imminent trouble.
No surprise in this, you might say, after all the US has been accusing the Democratic People’s Republic of Korea (DPRK) of causing trouble in cyberspace as far back as the high profile attacks l on Sony in 2014.

The advisory’s first message is that anyone detecting activities by the DPRK, codenamed “Hidden Cobra” (aka the Lazarus Group or Guardians of Peace), should report activity through the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch).


Indicators of Compromise (IOCs) cover a gamut of DDoS botnet activity, keylogging, remote access tools (RATs), and disk wiping malware, as well as SMB worm malware of the sort blamed for the recent WannaCry attacks.


It also refers to IP address ranges used for DDoS attacks, dubbed “DeltaCharlie”, and describes some of the tools employed by Hidden Cobra:

…DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Wild Positron/Duuzer, and Hangman. DHS has previously released Alert TA14-353A, which contains additional details on the use of a server message block (SMB) worm tool employed by these actors.

The takeaway for Naked Security readers is to patch the older applications alleged North Korean cyberattacks like to prey on, particularly the following CVEs:


CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability


CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability


CVE-2016-1019: Adobe Flash Player  21.0.0.197 Vulnerability


CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability


Interestingly, although these emerged as zero- vulnerabilities, it’s likely that Hidden Cobra exploited them after patches appeared. This suggests a crude but well proven MO in which vulnerabilities are targeted to catch out anyone who hasn’t applied updates.

In order to avoid this attacks computer systems that contains softwares such as Adobe flash & Microsoft silverlight should be updated to the recent version and always make sure your Antivirus is updated regularly.

For more information on this head on to the guys at  Sophos

If Countries Were Computer Software --By Dr. Chao

Here is a great piece from an accomplished computer scientist DR CHAO (Phd).
You can follow her up on twitter @evangelinechao


Kenya.
Loads in micro seconds. Comes with 37 folders to install. Some may be corrupt but you have to open all to find out which one.

Tanzania.
Recently received an upgrade and now runs 50% faster. You need an encryption key to install. Pirating it lands people in jail.

Uganda.
Has had the same version for 30 years. Its loyal users have been reported to still punch holes on cards in order to process info.

Rwanda.
Most shops showcase it as a 'model secure package'. That's because the programmer has refused to open-source the source code.

Ethiopia.
People buy it because it creates beautiful pictures.
That's it.

Ghana.
Currently being given out as a free software to 'enhance computer performance'.

Nigeria.
Everyone tells everyone installing it will crash your computer.

South Africa.
Advertised as the best software in the market. But only 50% of its packages actually work properly.

Lesotho & Swaziland.
You have to install and unzip South Africa to get them. Swaziland often automatically fails to download.

Zimbabwe.
You can only buy it in dollars. Installation takes 16 hours because each package needs approval by a remotely-based admin.

Britain.
Contains patches for most other software. Only available on request. Limited stock.

Germany.
You need a 128-character key to unlock installation folder. Then you only have 6 days to use it. 100% performance.

France.
Most pirated software.

USA.
Recently uninstalled by 60% of its users.

Canada.
Out of stock.
Buyers have to wait for 2 years for manufacturers to produce the next batch.


Botswana.
Most upgraded software in recent years. Performs superbly. Automatically creates shortcut on desktop.

Zanzibar.
Everyone goes to the shop to see it. Few buy the full product. Contains the highest number of users on  'Trial version'.

UAE.
People buy it only for that one package called Dubai that has been installed so many times, manufactures couldn't keep up.

THE END....

How Safe Are You?

I woke up this morning with one simple question. And since then I have been trying to figure it all out and why on earth would such thought come to my mind when they are myriad of issues affecting the world especially Nigeria.

The issues with Nigeria cannot be over emphasized but like many other nations no one is free from one catastrophic situation or the other. Either from terrorism to corruption or cyber attacks to identity theft,  there seems to be something affecting different countries either developing or developed. Is anyone really 100% safe? Do we know what the next attack will be? Well the truth is you can't answer all these questions except you are some kind of supernatural being.

Today, everything is connected to the internet. We even do have self driving cars. From light bulbs to refrigerators everything can be connected to the internet and be remotely controlled from afar.  So back to the question i woke up with. "How safe are we?" This came to me out of the blue but in reality this is the situation we are faced with in our everyday lives.

Today we have billions of devices connected to the internet and these devices are what we use on our day to day activities. With hackers roaming about the internet, working on developing tools and ways to exploit weakness on our network systems and devices we are all left with this simple question.

The statements come hot on the heels of the "WannaCry" virus attack which left critical organisations in over 150 countries reeling from the effects of the malicious "ransomware".

Targeting Microsoft Windows operating systems, the software blocked access to computer systems and demanded that victims pay money via the crypto currency bitcoin in return for full use of their own computers once again. 

The attack left many wondering how vulnerable our systems are to similar attacks and whether this would lead to a rise in the importance of cyber insurance and security.

The answer is we are not completely safe. But we can protect ourselves from hackers by being security concious from using strong passwords in all our online accounts, logging out after usage, defending ourselves with antivirus and Anti-malware and always making sure all our apps and systems are updated to the recent version. This can give us a sense of security.
Kindly share your thoughts in the comment section below.