How to Stay Safe From the Massive Google Docs Phishing Scam

Article from International Business Times (May 3, 2017)

A massive phishing scam hit Google account holders last Wednesday (May 3).  The first wave of attacks reportedly hit journalists, businesses and universities before spreading to other users.

The attack reportedly involved victims receiving an email from a friend or someone they know, which came with a malicious Google docs attachment. When clicked on, the link redirected victims to a Google docs fake app, which was designed to hijack accounts.  According to reports, the fake Google docs app requested users to authorize it to access shared documents.  However, in reality, the fake malicious app sought access to victims’ Gmail inbox and contacts list.  Motherboard reported that the fake app came with self-propagating capabilities and automatically sent out more emails to other users.  The self-propagating feature ensured that the attacks spread like wildfire in a very short time. Reports indicated that the attack, which was first reported in a Reddit thread, was highly sophisticated.  The fake Google docs app had been designed to accurately replicate an authentic one.  ArsTechnica reported that the only way to figure out that the email was part of a scam campaign was to click on the down arrow next to the Google docs name.  Clicking on this revealed that the developer was a random individual using the email “eugene.pupov@gmail.com.”

Motherboard reported that Google Drive was also down at the time of the attacks, but it is unclear if the outage was related to the attack in any way.  However, it took Google a mere hour after users began reporting the attacks on social media, to pull up their sleeves and get cracking on fixing the issue. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” Google said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

In case you already clicked on the malicious link, fret not, there is a way to fix the issue. Go to the permissions page in your Google account and revoke access to Google Docs by locating the fake Google Docs app.  The fake app should have a recent “Authorization Time”.  Click on the app and then click on “Remove.”  This process ensures that infected victims can manually remove the malicious app.

Factory Robots Are Easy to Hack, Researchers Show

Article from Softpedia (May 3, 2017)

In perhaps one of the scariest findings in recent months, researchers have discovered that factory robots can easily be hacked.  This, of course, could have grave effects on entire industries and pose safety issues.

Cybersecurity firm Trend Micro has found that numerous factory robots have a weak network security, using simple combinations of username and passwords that couldn’t even be changed; others didn’t even need a password.  Imagine having an email account that doesn’t need a password and then expand the implications of that to your personal security to robots that build cars and bikes and so on.  Trend Micro looked at robots from several firms: ABB, Fanuc, Mitsubishi, Kawasaki, and Yaskawa.  The research paper indicates that not only do these have poor network security but they aren’t faring much better when it comes to software protection either.  Some, the researchers said, even ran on outdated software.

Tens of thousands of robots using public IP addresses were discovered, which means they were extremely easy to hack.  Some of these industrial machines can receive commands from operators from afar, from a computer or phone.  If the connection linking the two is not secure, hackers could use this vulnerability to hijack the machines.  They even went as far as to film a test on an ABB robot programmed to draw a straight line.  Researchers reverse engineered the RobotWare control program and the connected software and had the machine draw a line that was 2 millimeters off.  That may seem like a small deed, but when applied to certain products these robots are built to create, the slightest miscalculation can translate into a catastrophe.

One of the most alarming findings in the Trend Micro report on vulnerable robots used in manufacturing was how easily it is for hackers, although in this case “researchers,” to discover exposed industrial devices online.  The report goes as far as implying that there is a vast map available, where all roads lead to the industrial IoT,” notes Mocana CTO Dean Weber, a 30-year security industry veteran. “The ease by which attackers can make their way into industrial systems underscores the need to secure devices at their core, by embedding defense in the hardware and firmware used to operate things like robotic arms. There is simply no way, as this report shows, to stop cybercriminals from finding ways into manufacturing plants and other industrial facilities via the Internet.”

Shodan Gets New Tool, Can Now Find Malware Command and Control Servers

Article from Softpedia (May 3, 2017)

Shodan has been updated with a new feature that can find malware command and control servers.  The search engine for open portals and databases has been of great help since it was introduced.  Now, however, it is making it so much easier for everyone to find the servers that control botnets, which is expected to result in law enforcement cracking down on them.

The new search engine was introduced earlier this week and it can be used to find the servers that control the malware that plagues our computers.  Security firm Recorded Future helped create this new tool that digs around the Internet for command and control servers of remote access trojans (RATs).  These often infect computers with malware that allows the attackers to record from the device’s microphone, webcam, and even keystrokes.  Finding the command and control centers can be difficult since they can be anywhere in the world and law enforcement has been having a hard time with this – until now.

In order to succeed, Shodan’s crawler pretends to be an infected client reporting back to the C2 server. In order to figure out which server is controlling malware, the crawler pings every IP address on the Internet. If it gets a working response, it knows that’s the server it needs.  Thus far, Shodan has found over 3,000 command and control servers operating 10 different kinds of trojans.

People who want to play around with Shodan’s Malware Hunter can do so, but they might encounter some security software alerts as they do so.  “Malware Hunter doesn’t perform any attacks and the requests it sends don’t contain any malicious content. The reason your security product raised an alert is because it is using a signature that should only be used for traffic leaving the network (egress) but is incorrectly being applied to incoming traffic (ingress),” they explain.  A free Shodan account is needed to view the results.