What’s HOT in Application Security Vol #30

Hackers breach major Canadian based control system technology supplier

Hackers have within the last few days managed to hack a major Calgary based technology company, Telvent Canada, known to be major suppliers of control systems for electrical grids, public water systems, public transport functions and most of Canada’s oil and pipelines. Insiders say the hacking was substantial enough to warrant the intervention of the Canadian spy service, the RCMP and the federal government’s special cyber response agency.

An even greater threat is the potential of hackers remote control over major utilities that could potentially be extremely damaging to public services. This is a growing fear of many governments and governmental institutions.

As of yet it is not clear as to where this latest cyber-attack may have come from. The company did reveal that the corporate network breach did affect ‘some customer files’. The company however, is keeping quiet about the importance of the stolen data and whether it was significant enough to cause another potentially very damaging attack.

For more information please go to:

http://www.cbc.ca/news/canada/story/2012/09/28/cyber-attacks-canada-infrastructure.html?cmp=rss

Arab hackers attack western sites over anti-Islamic American film

An anti-Islamic film American film called ‘Innocence of Muslims’ has wrought outrage in the Middle East due to the films heavy insults on the Islamic prophet Mohammad. The hacking group who call themselves the Arab Electronic Army have already attacked several western sites and claimed that they would continue targeting more.
In an email sent to the Al Arabiya News Channel, the group claimed that the so called ‘campaign to defend Allah’s prophet’ had participants from Saudi Arabia, Morocco and Syria.

Cyber-attacks from the Middle East have recently become much more prevalent. According to Reuters, this year alone Iranian hackers have reportedly attacked important American financial institutions such as, Bank of America, JPMrgan Chasse & Co. and Citigroup. Most of the attacks were denial of service attacks that are believed to be in retaliation for western sanctions against the pariah state.

For more information please go to:

http://www.csoonline.com/article/717130/arab-hackers-attack-western-websites-over-film

Web applications, still third most common attack vector

Hacking as a whole is on the increase, with web applications being the third most popular attack vector. Hackers aren’t always your typical cyber criminals, looking to make easy, illegal money. Often hackers are political activists, amateurs, organized crime groups or even government agencies.

The migration to complex technology, the growing adoption of web 2.0 functionality and powerful features of HTML5 has actually enabled the hackers in exploiting holes in web application security. The consequences of these breaches are well documented and go way beyond the compromised data. Many high profile attacks have caused millions of dollars in loses.

Recently, it transpired that a civilian was able to gain access to the Bank Of France internal data by using the password ‘123456’, which shows exactly how seriously even the largest corporations see this risk.  However, generally speaking it is the complexity of the attack itself, combined with the type of data which determines exactly how much damage a hacker can do.

It can be seen, however, that an organization with zero vulnerabilities, is an organization that has taken care during development, but even this is not enough, the code must then be examined after compilation, to test for vulnerabilities which may not have been known at the time of development. Using this method, ensures a safer web application, and less embarrassment on the part of the organization. However, if your internal password is ‘123456’ and you’re one of the largest financial institutions in Europe- perhaps it’s better for you to learn from the school of hard knocks!

For more information please go to:
http://www.net-security.org/secworld.php?id=13534

The following two tabs change content below.

asaphs

Jump to Category