Security News

This week in cybersecurity: Fighting hackers with missiles

Avast Security News Team, 10 May 2019

Israel responded to a Hamas cyberattack by bombing the enemy’s HQ, Baltimore grapples with ransomware, and the surprisingly small Dark Web

On Saturday, Israel Defense Forces (IDF) bombed a building in the Gaza Strip that they say housed Hamas hackers attacking Israel. The airstrike decimated the alleged hacker headquarters, marking the first time military force has been used as a direct response to a cyberattack. NATO declared “cyber” an official warfare domain in 2016, adding it to “land, sea, and air” in terms of where battles can be waged and fought. Israeli authorities claim an attack against the nation’s “cyberspace” led the IDF first to deal with the problem in the digital dimension, using cybersecurity to shut down the cyberattack, then deal with it in the physical dimension using the air strike.

Quote of the week

“After dealing with the cyber dimension, the Air Force dealt with it in the physical dimension.” – Israeli Defense Force spokesperson Brig. Gen. Ronen Manlis, on the IDF military response to a cyberattack.

It should be noted that the IDF and Hamas were already engaged in warfare in the Gaza Strip at the time, causing perhaps a stronger retaliation to a cyberattack than if a conflict had not been present. US Secretary of State Mike Pompeo condoned the retaliation, commenting, “The Israelis have every right to defend themselves.” In 2015, the US itself launched a drone strike to kill Junaid Hussain, an Islamic State hacker who had compromised US military intelligence. But while that strike took planning and recon first, the IDF airstrike on Hamas was immediate.

RobbinHood holds Baltimore ransom

The city of Baltimore was hit Tuesday with the aggressive ransomware known as “RobbinHood.” The cyberattack locked up most of the city’s municipal servers, causing chaos and confusion amidst residents trying to pay utility bills, city taxes, and property debts. City emergency services such as 911 are still in operation, but city hall and the police station have been digitally frozen and forced to rely on pencil, paper, and old-fashioned phone calls to keep the city running.

Avast Security Analyst Luis Corrons says the attack was systematic and devastating. “This is not the typical random attack that can affect anyone. We are talking here about a targeted attack where the attackers gain access to the victims’ network and after some reconnaissance move laterally through the network to identify and access all systems they want to compromise. Once there they launch a full-scale attack against them – in this case using ransomware.”

The mayor’s office firmly stated that it would not be paying the hackers’ $76,000 demand in return for unlocking the city’s files. Instead, city cybersecurity officials continue looking into decryption methods while also working with the FBI to identify the attackers. The city of Greenville, N.C., suffered a RobbinHood attack last month, and authorities want to discern if the attacks are related.

Fact of the week

The amount of live, reachable Dark Web sites makes up less than 0.005% of about 200 million surface Web domains.

The little Dark Web

Cybersecurity researchers report that out of 200 million surface websites, the “Dark Web” sites comprise less than 0.005%. As part of an ongoing effort to demystify the Dark Web — nomenclature for any site that requires specific software, settings, or authorization to access — experts have studied 260,000 “onion pages,” or sites hosted on the Tor network. The privacy and anonymity of Tor websites, as well as their lack of widespread use by the masses, make onion sites the preferred venue for cybercriminal activity.

Users might imagine the Dark Web to be a vast terrain of illicit sites where hundreds of thousands of cybercriminals plot to destroy the world like a Legion of Doom. They would be surprised to learn that, in truth, it’s much smaller than that. By their very illegal nature, criminal websites are unreliable and active only for a limited time. Authorities have been cracking down on cybercriminal operations on the Dark Web this year, dismantling the identity theft website xDedic in January and taking down the illegal marketplace “Wall Street Market” just last week. While the Dark Web does consist largely of criminal elements, it is not the sole domain of cybercrime. As authorities continue to investigate and thwart Dark Web operations, cybercriminals are forced to find other methods of communication to perform their dirty dealings.

A breach of Freedom

The fourth-largest Canadian telecommunications enterprise, Freedom Mobile, revealed that a data breach this week exposed the sensitive info of 15,000 customers. The breach was first reported by cybersecurity experts who stumbled upon an unprotected database online containing 1.5 million lines of information. Personal data such as email addresses, phone numbers, birthdates, IP addresses, and credit card numbers including the security codes were found among the exposed info.

The Calgary-based telco states that the breach was caused by Apptium Technologies, a third-party company recently brought in to streamline the retail systems. The only customers affected, the company claims, are those who visited one of 17 specific retail stores to adjust an existing account or open a new one. There is no evidence that the info has been accessed or compromised. “We are currently contacting affected customers, and we will provide them with a solution that best suits their needs,” the company wrote in a statement to ZDNet. “Freedom Mobile has filed a report with the Office of the Privacy Commissioner of Canada and we are continuing our investigation into the matter.”

This week on the Avast Blog

The Avast Blog team reached out to the US Federal Communications Commission about its recently released first report on robocalls. Check out the FCC’s latest tips and tools for fighting back against the scammers that ring you day and night.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.