exfil   20

Reddit Hacked – Emails, Passwords, Private Messages Stolen
Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data, including their current email addresses and an old 2007 database backup containing usernames and hashed passwords

June 19 and said that the attacker compromised a few of the Reddit employees' accounts with its cloud and source code hosting providers between June 14 and June 18.
The hack was accomplished by intercepting SMS messages that were meant to reach Reddit employees with one-time passcodes, eventually circumventing the two-factor authentication (2FA) Reddit had in place attacks.
reddit  databreach  exfil  cybersecurity 
august 2018 by bwiese
China Escalates Hacks Against the US as Trade Tensions Rise | WIRED
In recent weeks, Chinese hackers have reportedly breached a US Navy contractor that works for the Naval Undersea Warfare Center, stealing 614 GB of data about submarine and undersea weapons technology. Attacks in the last few months originating from China have also targeted US satellite and geospatial imaging firms, and an array of telecoms. The incidents highlight the clandestine but incessant hacking campaigns that continue reliably between the US and China.

David Kennedy, CEO of the threat tracking firm Binary Defense Systems, who formerly worked at the NSA and with the Marine Corps

Symantec also published research on a series of attacks in the same category from November 2017 to April from a hacking group dubbed Thrip
china  cybersecurity  apt  satellite  navy  exfil  thrip 
july 2018 by bwiese
DNS Query Length... Because Size Does Matter - SANS Internet Storm Center
DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on "TXT" records used to deliver the encoded payload. "TXT" records are also used for good reasons, like delivering SPF records but, too many TXT DNS request could mean that something weird is happening on your network.
dns  exfil  cybersecurity  threathunting  sans  bash 
july 2018 by bwiese
InfoSec Handlers Diary Blog - Command and Control Channels Using "AAAA" DNS Records
Data exfiltration and command and control channels via DNS are nothing new exactly. In many ways, DNS is an ideal covert channel.
dfir  sans  c2  bash  python  dns  exfil  covertchannel 
july 2018 by bwiese
How to Steal Bitcoin Wallet Keys (Cold Storage) from Air-Gapped PCs
Dr. Mordechai Guri, the head of R&D team at Israel's Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research named "BeatCoin."
BeatCoin is not a new hacking technique; instead, it's an experiment wherein the researcher demonstrates how all previously discovered out-of-band communication methods can be used to steal private keys for a cryptocurrency wallet installed on cold storage, preferably an air-gapped computer or Raspberry Pi
airgap  cybersecurity  exfil  cryptocurrency  bitcoin  attack 
april 2018 by bwiese
Malicious Network Traffic From /bin/bash - SANS Internet Storm Center
The script itself is not new, it was already spotted in July 2017 but it looks to be slightly modified and was uploaded recently to VT[2] (current score is 9/59). The most interesting part of the script is the ability to run a simple IRC bot in using Bash commands.

Bash can use /dev/tcp or /dev/udp to generate network flow. The syntax is /dev/<proto>/>host>/>port>.

Example to grab data from a remote server without external tools:

exec 5<> /dev/tcp/blog.rootshell.be/80
printf "GET / HTTP/1.0\nHost: blog.rootshell.be\n" >&5
cat <&5
exec 5>&-
sans  bash  networking  script  irc  c2  cybersecurity  exfil 
april 2018 by bwiese
Data exfiltrators send info over PCs' power supply cables • The Register
data exfiltration vector, defending yourself requires hermit-like separation from the world: you have to do without wireless connections, use a fanless computer, block the USB ports, install machines in a windowless room with any LEDs covered by black tape, make sure nobody can sense a PC's magnetic fields, and disconnect the speakers.
cybersecurity  israel  exfil  airgap 
april 2018 by bwiese
Data Exfiltrators Send Info Over PCs' Power Supply Cables - Slashdot
PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

data could be exfiltrated at between 10 (building's electrical services panel) and 1,000 bits-per-second (power cable to computer) -- different classified systems in same power outlet?

The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.
cybersecurity  israel  exfil  airgap 
april 2018 by bwiese
Hackers once stole casino database through lobby fish tank thermometer - Business Insider
"The attackers used that to get a foothold in the network," she said. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."
iot  cybersecurity  darktrace  exfil  vegas  casino 
april 2018 by bwiese
Criminals Hacked A Fish Tank To Steal Data From A Casino
fish tank monitor - hackers to swipe 10 gigabytes of data from the North American casino that just installed it, according to a report from the threat intelligence experts at Darktrace.

only casino system that ever sent data to the remote server in Finland that it was communicating with. It also did so using protocols that are normally used for streaming audio or video.
vegas  casino  cybersecurity  exfil  darktrace 
april 2018 by bwiese
Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers
Dubbed MAGNETO [pdf] and ODINI [pdf], both the techniques make use of proof-of-concept (PoC) malware installed on an air-gapped computer inside the Faraday cage to control the "magnetic fields emanating from the computer by regulating workloads on the CPU cores" and use it to transmit data stealthily.

aIR-Jumper attack that steals sensitive information from air-gapped computers with the help of infrared-equipped CCTV cameras that are used for night vision.
USBee attack that can be used steal data from air-gapped computers using radio frequency transmissions from USB connectors.
DiskFiltration attack that can steal data using sound signals emitted from the hard disk drive (HDD) of the targeted air-gapped computer;
BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
Fansmitter technique that uses noise emitted by a computer fan to transmit data; and
GSMem attack that relies on cellular frequencies.
airgap  cybersecurity  hack  israel  faradaycage  exfil 
march 2018 by bwiese
Tech Insight: Cutting-Edge Techniques For Data Exfiltration -- Dark
exfil ideas: social media dropbox, wiki talk pages, printer print out / encoded can scan, VOIP and voicemail systems
hacking  security  exfil 
november 2013 by bwiese

related tags

airgap  analytic  apt  attack  bash  bitcoin  c2  casino  china  covertchannel  cryptocurrency  csp  cybersecurity  darktrace  databreach  dfir  dns  faradaycage  google  hack  hacking  infoleak  infosec  iot  irc  israel  javascript  navy  networking  node  npm  pcr  pentest  power  python  reddit  sans  satellite  script  security  ssrf  steganography  threathunting  thrip  tools  vegas  vulnerability  web  write-up 

Copy this bookmark: