Tag: Hack

  • 5 Things You Should (and Shouldn’t) Take Away from the Starlink Hack

    “As a professional, ethical hacker, I’ve gotten questions from family, friends, and neighbors about what this means – from its impact on the cost of the service to the future of humanity, depending on the paranoia level of the person asking.”

    Scottie Cole, Lead Penetration Tester

    The big news from this year’s Blackhat and DEF CON 30 hacker conventions came from a presentation by an engineer from Belgium, Lennert Wouters, detailing how he successfully hacked the entire Starlink ground network using one of the company’s own Dishy McFlatface® receivers. The way oversimplified summary is that he built a circuit board that allowed him to introduce a fault into Starlink’s security, which he then exploited to run custom code on the device.

    After seeing some of the headlines, I now understand why some people are a little freaked out. So, as a public service, what follows is my opinion of what the non-hacker public should (and should not) take away from this news.

    1. Yes, it’s a big deal (but maybe not for the reason you think). Let me be clear from the start, Lennert Wouters is a genius who deserves great respect for both the creative thinking and tenacity it took to accomplish this feat. This was a very complex hack that required a lot of hardware and software expertise, as well as a great deal of time to complete. That’s why . . .
    2. The media’s “$25 in off-the-shelf components” is highly misleading. Scalpels are cheap, but you still don’t see a lot of DIY brain surgery. Expense usually isn’t a barrier to hackers, but expertise, time, and motivation frequently are. Wouters conceived of and executed the brilliant hack, but he was working on it because . . .
    3. It was part of Starlink’s bug bounty program, designed to engage and reward super smart white hat hackers for finding problems first. In that sense, Wouters didn’t defeat Starlink’s cybersecurity but rather was an integral part of it. Other bounty hunters are still busy working on other exploits that could prove more significant – as are the bad guys. In fact . . .
    4. The Russians (and likely others) have been trying to take down Starlink because the Ukrainian government now relies on the satellite network so heavily. State-sponsored hackers reportedly took down the Ukrainian government’s internet service early in the war. According to Starlink founder Elon Musk, however, the Russians have not been able to disrupt Ukraine’s access to the service or breach its network. Taken together, what all this means is that . . .
    5. The Starlink hack, though impressive, likely does not represent a significant threat to the company or its users. On the one hand, I think this is a great story because I’m an electronics and “gadget” guy. As a penetration tester, however, I worry when business owners place a lot of focus on high-risk, low-probability hacks simply because they make the news. Over the course of thousands of penetration tests, the most common vulnerabilities Raxis finds are ones that are much simpler to exploit. Weak passwords, missing software patches, insufficient network segmentation, and a host of other, more pedestrian problems. The vulnerabilities might not make news, but the successful attack that follows – on a business, a hospital, or a school – many times does.

    Wouters used a Starlink setup much like this one, plus “$25 in off-the-shelf materials” to carry out his hack. It’s a fascinating story, but there are much bigger threats facing businesses today.

    Wouters used a Starlink setup much like this one, plus “$25 in off-the-shelf materials” to carry out his hack. It’s a fascinating story, but there are much bigger threats facing businesses today.

    The most important takeaways are that the biggest corporate networks on Earth (and beyond) can be hacked. The most secure networks are those that have an effective testing protocol that identifies vulnerabilities before they become breaches.

     

  • Petya Ransomware Strikes Businesses Globally

    Petya, the next major security malware since Wannacry is specifically targeting companies across the globe.  Originating from the Ukraine, the Petya ransomware uses the same Eternalblue/MS17-010 vulnerability that was used with Wannacry.  The difference this time is there is no kill switch that we know of.  It’s getting some significant traction, infecting systems everywhere.  In the US, it’s hit a major pharmaceuticals company and a food services company.  Petya has also hit Danish, French, and Russian companies.Similar to Wannacry, the malware virus is encrypting systems and demanding a ransom to get access to the data.  Our research has not found a way to bypass this ransom at this time.  Fortunately, it seems that working decryption keys are being provided once paid.

    It’s not just ransomware

    Unfortunately, there’s much more to this variant.  Once the ransomware gains a foothold, it has worm capabilities and is breaching other systems using a variety of exploitation methods.  It appears to be focused on critical infrastructure across the world, but is not limiting devices it infects by any means.  Various news sources have reported that power plants in the US and other countries have been breached. If this turns out to be a successful attack, it is quite scary to think about the damage that could occur.For those who don’t remember, you can thank the NSA for this. The NSA had developed a tool that could breach Windows systems remotely using an exploit that was previously undisclosed.  The Shadow Brokers hacker group obtained the source to the NSA tool and leaked it on April 14, 2017.

    Stop PETYA with a penetration test

    When it comes to ransomware, we haven’t found a good way to retroactively deal with the damage.  Even once the ransom is paid, it is very likely that the attackers will return again in the future.  Particularly if they know that they’ve received payment in the past.  The only real way to defend against Petya is to eliminate the vulnerability from the beginning, and a penetration test from a trusted third party might be the only real way to know you’re protected. Petya (and Wannacry) uses the Eternalblue vulnerability in SMB, fixed by MS17-010.  Systems are still falling victim, even when the organization has a patch management program.  Mistakes with configuring the vulnerability scanning tool, or unknown systems to the patch management tool will cause a few systems to remain vulnerable and outside of the view of the security administrators. A penetration test can find these gaps in process before malware can exploit these systems.  In addition, the penetration test will attempt to exploit any issues found as a proof of concept – providing you and your security organization proof that a potentially significant security event was avoided. Schedule a penetration test with Raxis before the next malware variant hits.