Week in Review: MICROS, Australian Census, VW & NSA

Media Division | August 26, 2016

Never a dull week in the cyber security world, and we’ve got the latest and greatest on Russian cyber gangs, remotely hijacked cars, NSA-level hacking tools on the black market and more.  Whether out of self-preservation or simple curiosity, here are four of the hottest cyber threats to read about in the August heat.

1. MICROS Hack, AKA Why You Might Want to Pay for Dinner with Cash

Approximately 1 million POS (point of sale) systems globally appear to have been hacked by a Russian cyber-crime gang known as Carbanak. MICROS Systems, an Oracle-owned company, accounts for a tremendous market share.  Other potentially compromised systems include Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell.

The malicious code, which Oracle says has been addressed, stole the usernames and passwords of anyone who logged onto the legacy support website where the malicious code was housed.  Users have been told to change passwords.

As of this reporting, it doesn’t appear that any credit card or payment data has been compromised.  Still, given the frequency with which card data is stolen, and the unprotected nature of many debit card transactions, you may want to pay with cash.  (Just keep an eye out for fake ATMs.)

2.   The Australian Census Problem OR The Future of Online Government

The Australian government created a streamlined census approach, possibly saving hundreds (even thousands!) of man-hours.  That was, until the site received a series of DDoS attacks, slowing and ultimately stopping the function of the website.

The media quickly reported the “hack” incorrectly, causing some widespread panic.  While hackers might be to blame for the attack, there is no evidence to suggest that any data was stolen or compromised.

Considering the billions of dollars lost in the United States over largely internet-based tax refund fraud and the UK government agency scams, people worldwide might find themselves questioning the safety and security of online government functions and transactions.

3. Volkswagen Keyless Entry Hack OR How a Car Get be Had for Around 30£

If you are a fan of Mr. Robot you witnessed the fsociety team “borrow” a minivan in Season 1.  Turns out, such technology does indeed exist.  The good news is the thief would need to be nearby to successfully duplicate the keyless entry signal and hijack your vehicle.  The bad news is the research suggests that the remote keyless entry systems of many auto manufacturers can be replicated for a measly 30£.  Automobile brands reported to have the system flaw (some as far back as 1995) include:

• Volkswagen
• Audi
• Seat
• Skoda
• Alfa Romeo
• Citroen
• Fiat
• Ford
• Mitsubishi
• Nissan
• Opel and
• Peugeot

Several connected luxury brands such as Porsche, Bentley, Lamborghini and Bugatti may also be affected.  Speak with your local dealership or auto-authority to see if your keyless entry system needs upgrading to thwart such attack.

4.    NSA-Grade Cyber Attack Tools for Sale

Speaking of Lamborghini-grade devices stolen by hackers, news this week suggests the NSA (US-based National Security Agency) may have been hacked.  Up for auction on the cyber black market: government-grade cyber weapons for controlling routers and firewalls, such as the code for implants, exploits and other tools.

The hacker group known as the Shadow Brokers claim to have stolen the weapons from the Equation Group, an agency credited with the creation of some of the most advanced malware.

The sale could be a scam, but the hackers have released files which various entities have stated contain legitimate code, including an exploit with an IP address linked to the U.S. Department of Defense. While the NSA has not admitted to working with Equation Group, such connections have the interweb a-buzz with the impending sale.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.