InvestorsHub Logo
Followers 5
Posts 3006
Boards Moderated 0
Alias Born 09/06/2006

Re: None

Saturday, 04/06/2019 10:26:58 AM

Saturday, April 06, 2019 10:26:58 AM

Post# of 249568
Ongoing DNS Hijacking Campaign Targets Gmail, PayPal, Netflix Users

https://www.securityweek.com/ongoing-dns-hijacking-campaign-targets-gmail-paypal-netflix-users

A DNS hijacking campaign that has been ongoing for the past three months is targeting the users of popular online services, including Gmail, PayPal, and Netflix.

As part of the campaign, the attackers compromised consumer routers to modify their DNS settings and redirect users to rogue websites to steal their login credentials.

Bad Packets security researchers, who have been following the attacks since December, have identified four distinct rogue DNS servers being used to redirect web traffic for malicious purposes.

“All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169),” the researchers reveal.

The first DNS hijacking exploit targeted D-Link DSL modems such as D-Link DSL-2640B, DSL-2740R, DSL-2780B, and DSL-526B. The rogue DNS server used in this attack was hosted by OVH Canada (IP address 66.70.173.48).

A second wave targeted the same types of D-Link modems, but the rogue DNS server had a different IP address, 144.217.191.145 (also hosted by OVH Canada).

Most of the “DNS requests were being redirected to two IPs allocated to a crime-friendly hosting provider (AS206349) and another pointing to a service that monetizes parked domain names (AS395082),” the security researchers say.

A third wave of attacks targeted a larger number of consumer router models, including ARG-W4 ADSL routers, DSLink 260E routers, Secutech routers, and TOTOLINK routers.

The attacks came from three distinct Google Cloud Platform hosts and two rogue DNS servers were used, both hosted in Russia by Inoventica Services (195.128.126.165 and 195.128.124.131).

In all attacks, the operators performed an initial recon scan using Masscan to check for active hosts on port 81/TCP, and only then launched the DNS hijacking exploits.

The campaign was meant to take the users of Gmail, PayPal, Netflix, Uber, and several Brazilian banks to rogue domains and trick them into revealing their usernames and passwords, Stefan Tanase, Principal Security Researcher at Ixia, says.

The security researchers found over 16,500 vulnerable routers potentially exposed to this DNS hijacking campaign.

“Establishing a definitive total of vulnerable devices would require us to employ the same tactics used by the threat actors in this campaign,” Bad Packets says.

The attackers abused Google’s Cloud platform for these attacks mainly because it is easy for everyone with a Google account to access a “Google Cloud Shell,” a service that provides users “with the equivalent of a Linux VPS with root privileges directly in a web browser,” the researchers explain.

UPDATE. A Google Cloud spokesperson has provided SecurityWeek the following statement: We have suspended the fraudulent accounts in question and are working through established protocols to identify any new ones that emerge. We have processes in place to detect and remove accounts that violate our terms of service and acceptable use policy, and we take action on accounts when we detect abuse, including suspending the accounts in question. These incidents highlight the importance of practicing good security hygiene, including patching router firmware once a fix becomes available.
==================================================================
Device authentication worked for cell phones and the cable industry. Why can't it work for Netflix, Gmail and Paypal?? Wave Knowd (currently in retirement) could have a big positive impact for users who use these services, and the companies that use the services. With all the damage done to these companies, one would think that paying for a great service like Wave Knowd would be natural for consumers and companies!!! Consumers pay for Whatsapp after a year, and not having Wave Knowd is far more dangerous for their digital well being!!
==================================================================
Wave Knowd Introduces New Model for Internet Authentication Without Passwords

https://www.wavesys.com/buzz/pr/wave-knowd-introduces-new-model-internet-authentication-without-passwords

Knowd ‘Trust Score’ Assures User Identity when Accessing Web Services

Lee, MA -

May 9, 2013

Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, today announced Wave Knowd, a new web service available for preview that significantly reduces the vulnerability and use of passwords by leveraging the unique identity of computing devices. With a simple integration of Wave Knowd, any website can establish reliable and consistent identity relationships with the devices its customers use most often for Internet services. Wave Knowd, which signifies “Known Devices,” is being tested by partners to provide the backbone for general purpose machine identity.

“The maturation of the web mandates a change in how we, and our computing devices, connect to the web,” said Steven Sprague, Wave CEO. “With cable television, satellite radio, bank kiosks and mobile phones, the service relationship is tied to the endpoint device. The web needs the security and simplicity of this same model, where our computing devices themselves play an added role in authentication. I access dozens of web services every day from the computer in my home office, and want those sites to know and trust my PC so they’ll stop continually asking me to log in. Wave Knowd enables that trust.”

To make web authentication stronger and simpler, Wave Knowd provides a new approach to signing on and accessing Cloud and Internet services. From online banking to business services and even consumer gaming, passwords are failing to provide a level of security that either service providers or users can trust. Knowd is built upon the concept that only known devices should ever access a protected network. Knowd incorporates all of your access and identity solutions together to establish a relationship of trust between users’ computing devices, and the web services they access.

“We interact online using so many devices now, but from a security perspective those devices aren’t all equal. Accessing medical records or confidential business files from my kid’s smartphone is certainly not as trustworthy as connecting from my business PC with an encrypted drive,” continued Mr. Sprague. “Wave Knowd is all about making the Web simpler and safer, and that new foundation of trust begins with known devices, and known capabilities.”

Once machine identity is established, any web site—from gaming, social networking or shopping; to banking, business and financial services—can use Wave Knowd to create a reliable and persistent identity for the connecting device. Knowd allows Web sites to streamline access for users who repeatedly log on from trusted devices, while bolstering security. Initial authentication creates a unique and anonymous relationship between each computing device and each web service accessed, and then the level of trust between the two grows over time. Knowing the device can also help the site prevent fraud and phishing, or simply provide quicker no-password access. Wave is the partner helping to create and manage these relationships.

“Wave Systems was the obvious choice to provide ID Dataweb’s attribute exchange with device identity services,” said David Coxe, CEO at ID Dataweb. “In Knowd, Wave has provided a system that is rooted in state of the art device security technologies such as the Trusted Platform Module and other secure elements, while also offering a simple web based integration. It’s easy to identify if a connecting device is highly trusted, or whether it requires added screening and security.”

ID Dataweb uses Wave’s Knowd solution as part of the Identity Ecosystem supported through a grant from the U.S. Department of Commerce’s National Institute of Standards and Technology’s NSTIC initiative (National Strategy for Trusted Identities in Cyberspace). ID Dataweb has created a standards-based platform to simplify online identity verification using OpenID credentials.

Providing the Tools to Manage Trust in the Cloud: What’s Your Trust Score?

Wave Knowd is a powerful enhancement for any website. The endpoint identity service links an individual users’ unique device identity, with the Internet services that are typically protected only by username and password access. Users are prompted by their cloud service provider to register their primary computing devices to create a unique and persistent device identity relationship with their Internet services and service providers. No personal ID information is obtained by Wave, as Knowd works purely as a machine identity service. Furthermore, registered devices are given a unique ID for every service provider, establishing a separate trust relationship with each service.

Wave Knowd asserts a Trust Score that helps both consumers and cloud services or relying parties to determine the level of trust granted to each specific computing device. For example, a home PC that is used regularly for banking will quickly build a high Trust Score. Users can achieve a higher Trust Score by installing a small software application (Wave Knowd currently supports Windows 7 and 8, with Apple and Android to follow later this year). Business-class PCs containing a standard Trusted Platform Module (TPM) can establish even greater trust by leveraging the TPM security chip to create and securely store a unique device ID

Knowd provides a web service with a new capability to enable or disable features based on the device that the user is actively using, providing a new security option for the end user. Perhaps an account password can only be reset from the user’s registered home computer and not from anywhere in the world, thereby linking in all of the user’s investment in the security of their home, from their alarm system to the doorman. Every web service can benefit from integrating Wave Knowd as part of the user’s experience.

Wave Knowd is free to consumers, and reduces the authentication cost to providers. Knowd is available to relying parties using the standard OpenID protocol, and also offers a simple web API. For more information visit: ID.Wave.com























Join InvestorsHub

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.