North Korea hackers could 'paralyse' US Pacific Command control centre – report

Add caption

A full-scale targeted cyberattack launched by North Korea hackers could potentially "paralyse" the US Pacific Command (US PACOM) control centre, warned a report issued out by a South Korean state-run agency. South Korea defence experts reportedly believe that rival North's alleged growing cyber capabilities could potentially cause widespread damage to the US military and key critical infrastructure.

According to a report by the South Korean Defence Agency for Technology and Quality (DATQ), a recent simulation conducted by the Pentagon revealed that a targeted and large-scale cyberattack by North Korea state-sponsored hackers had the ability to cripple the US PACOM, while simultaneously causing extensive damage to the American power grid.

news

it's once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you'll not be able to log into the online gaming console, just like what happens on every Christmas holidays.

On 2014 Christmas holidays, the notorious hacker group Lizard Squad knocked the PlayStation Network and Xbox Live offline for many gamers by launching massive DDoS attacks against the gaming networks.

This time a new hacking group, who managed to take down Tumblr this week for almost two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks.

Calling itself R.I.U. Star Patrol, the hacking group, posted a video on YouTube, announcing that they’re planning to take down Sony’s PSN and Microsoft’s Xbox Live on Christmas Day by launching coordinated DDoS attacks.

"We do it because we can," the group said. "We have not been paid a single dollar for what we do."

On Wednesday, when R.I.U. Star Patrol took down Tumblr, the group contacted Mashable and explained its reason for attacking: "There is no sinister motive. It’s all for light hearted fun."

Neither Sony nor Microsoft has yet responded to the hackers' warning.

However, both Sony and Microsoft previously promised to enhance the protection of their systems to block any attack disrupting their networks, but downtime and short outages happened almost every Christmas time.

Knowing the current abilities of hackers to launch DDoS attack that can reach 1 Tbps, it goes without saying that both the companies should be prepared to see DDoS attacks targeting its servers on this Christmas that can go beyond their expectations.

We saw coordinated DDoS attacks against DNS hosting provider Dyn last fall that broke large portions of the Internet, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

The massive DDoS attack was launched just by a botnet of an estimated 100,000 so-called Internet of Things (IoT) – everyday devices and appliances that are connected to the web – that closed down the Internet for millions of users.

So, it remains to be seen if gamers would be able to enjoy this Christmas or not.

police ask for Amazon Echo data to help solve a murder case

Add caption

Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things.

Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home automation hubs. It can do tasks like play music, make to-do lists, set alarms, and also provide real-time information such as weather and traffic.

As first reported by The Information, authorities in Bentonville have issued a warrant for Amazon to hand over audio or records from an Echo device belonging to James Andrew Bates in the hope that they'll aid in uncovering additional details about the murder of Victor Collins.

Just like Apple refused the FBI to help them unlock iPhone belonging to one of the San Bernardino terrorists, Amazon also declined to give police any of the information that the Echo logged on its servers.

Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder.

As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system.

News android malwere Hijacks Router DNS from smartphone

Another day, another creepy malware for Android users!

Security Researchers have uncovered a new Android malware targeting your devices, but this time instead of attacking the device directly, the malware takes control over the WiFi router to which your device is connected to and then hijacks the web traffic passing through it.

Dubbed "Switcher," the new Android malware, discovered by researchers at Kaspersky Lab, hacks the wireless routers and changes their DNS settings to redirect traffic to malicious websites.

Over a week ago, Proofpoint researchers discovered similar attack targeting PCs, but instead of infecting the target's machines, the Stegano exploit kit takes control over the local WiFi routers the infected device is connected to.

Switcher Malware carries out Brute-Force attack against Routers

Hackers are currently distributing the Switcher trojan by disguising itself as an Android app for the Chinese search engine Baidu (com.baidu.com), and as a Chinese app for sharing public and private Wi-Fi network details (com.snda.wifilocating).

Once victim installs one of these malicious apps, the Switcher malware attempts to log in to the WiFi router the victim's Android device is connected to by carrying out a brute-force attack on the router's admin web interface with a set of a predefined dictionary (list) of usernames and passwords.

"With the help of JavaScript [Switcher] tries to login using different combinations of logins and passwords," mobile security expert Nikita Buchka of Kaspersky Lab says in a blog post published today. 

"Judging by the hard coded names of input fields and the structures of the HTML documents that the trojan tries to access, the JavaScript code used will work only on web interfaces of TP-LINK Wi-Fi routers."

Switcher Malware Infects Routers via DNS Hijacking

Once accessed web administration interface, the Switcher trojan replaces the router's primary and secondary DNS servers with IP addresses pointing to malicious DNS servers controlled by the attackers.

Researchers said Switcher had used three different IP addresses – 101.200.147.153, 112.33.13.11 and 120.76.249.59 – as the primary DNS record, one is the default one while the other two are set for specific internet service providers.

Due to change in router's DNS settings, all the traffic gets redirected to malicious websites hosted on attackers own servers, instead of the legitimate site the victim is trying to access.

"The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection," the post reads.

"A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on."

Researchers were able to access the attacker’s command and control servers and found that the Switcher malware Trojan has compromised almost 1,300 routers, mainly in China and hijacked traffic within those networks.

The Bottom Line

Android users are required to download applications only from official Google's Play Store.

While downloading apps from third parties do not always end up with malware or viruses, it certainly ups the risk. So, it is the best way to avoid any malware compromising your device and the networks it accesses.

You can also go to Settings → Security and make sure "Unknown sources" option is turned off.

Moreover, Android users should also change their router's default login and passwords so that nasty malware like Switcher or Mirai, can not compromise their routers using a brute-force attack.