Google is everyone's favorite search engine and it seems hackers love it, too! An article from Network World informed us that Google's many free services have recently been discovered to have been used by hackers to disguise data that was stolen from corporations and government computers. This form of attack has been deemed the Poisoned Hurricane. It uses a remote access tool known as Kaba, to infect systems and steal data.
The unfortunate victims of this attack are US and Asian based companies and governments. The hackers used spear phishing attacks to compromise various systems, then installed malware to steal information and send it to remote servers. This type of attack is very unique according to Network World's Gonsavles because it "disguised traffic between the malware and command-and-control servers using Google developers and the public Domain Name System (DNS) service of Fremont, Calif. based, Hurricane Electric."
This is used as a sort of transfer station where traffic could be redirected and seemed to be headed toward legitimate domains such as adobe.com, update.adobe.com and outlook.com.
These tactics are "clever enough to trick a network administrator into believing the traffic was heading to a legitimate site" claims Gonsalves. Hackers used forged HTTP's that identified with 21 legitimate domain names, and then would sign the Kaba malware up with a certificate from an expired organization.
The hackers used both a Google Developer Platform along with Hurricane Electrics Platform to transfer the stolen data. Through the Google Developers platform, developers can use the site to share code. This is where the attackers used the service to host code that would decode the malware traffic and determine the IP address for the real destination, and then redirect the traffic to that location.
With Hurricane Electric, the hackers took advantage of the fact that anyone can register for an account hosted DNS service, and this service allowed the hackers to "create A records for the zone and point them to any IP address" (Gonsalves). Google and Hurricane Electric have since removed the mechanisms that the hackers used.
Hackers are becoming very creative in their means of attacks and have proven to use common resources to do so. Be very aware of these new tactics in order to know how to protect yourself from these data breaches.
To learn how TCG can help protect your business from data breaches and other attacks, visit our Business Continuity Page!
Gonsalves, Antone. “How hackers used Google in stealing corporate data.” Network World. 8 August, 2014. Online.
No comments:
Post a Comment