Posts

TARGET: Technical Documents for U.S. Air Force Drone Leaked through Router Vulnerability

July 11th – In June 2018, Recorded Future observed a hacker on the Dark Web selling the technical plans and training manual of the MQ-9 Reaper UAV (unmanned aerial vehicle) for $150 to $200. The MQ-9 Reaper was introduced in 2001 by General Atomics and is currently in use by the U.S. Air Force, the U.S. Navy, the CIA, and U.S. Customs and Border Protection.

The hacker was English speaking and appeared to disclose the method of how he or she was able to obtain the sensitive documents from a computer of a captain at 432d Aircraft Maintenance Squadron Reaper stationed at the Creech Airforce Base in Nevada.

In early 2016, security researchers published findings regarding Netgear routers with remote access capabilities were vulnerable if the default FTP credentials were not changed out. Additionally, NetGear routers have a “ReadySHARE Storage” feature that allows individuals on the router’s network to connect USB storage and share the contents of the USB. If an attacker is able to access certain NetGear routers with this feature remotely via FTP, they can access the data stored on the router via the USB share feature. It was disclosed that the attacker was able to obtain a collection of sensitive files from a U.S. Airforce Captain’s computer via FTP remote access.

Beyond the documents stolen, the hacker also has disclosed that he or she is also able to access footage from U.S. border surveillance and can watch footage of certain predator drones flying over the Gulf of Mexico. The individual also disclosed that he or she was not targeting the U.S. Airforce when obtaining the plans for the Reaper, but rather came across information about the vulnerability through doing a search in Shodan (Shodan is a search engine platform used by hackers to identify vulnerabilities and configurations that are internet facing and susceptible for attack). The identity of the hacker has not been disclosed at this time from the sources researched.

Proficio Threat Intelligence Recommendations:

  • Inspect SOHO equipment that might be at remote sites for vulnerabilities or unsafe configurations.
  • Assess blocking well-known social networks that do not have business use to potentially reduce future channels of command and control.
  • Disable USB storage sharing over Wi-Fi if this feature is currently used in the environment.
  • Put security controls in place to guard against unauthorized access of the organization’s sensitive data.

Recorded Future Investigation – Click Here

Veterans: A Good Bet to Fill the Cybersecurity Skills Gap

There’s a talent shortage for trained cybersecurity pros, but fertile hunting grounds can be found among veterans preparing to leave military service.

Organizations as diverse as the U.S. Chamber of Commerce, the Department of Homeland Security and the National Initiative for Cybersecurity Careers and Studies promote hiring veterans for jobs in the private sector.

The cybersecurity industry is projecting a staffing shortage of 1.8 million unfilled jobs globally by 2022, according to Forrester Research. And research from Enterprise Strategy Group and the Information Systems Security Association indicates that 45 percent of organizations claim to have a problematic shortage of cybersecurity skills…

Read More

Companies ramp up recruiting veterans as cybersecurity urgency grows

Managed security services provider Proficio, Inc., plans to grow its cybersecurity team from about 100 employees today to more than 450 people by the end of 2018.  It may seem like a daunting task for most companies given the shortage of workers with cybersecurity skills, but Proficio executives believe they have tapped into a goldmine of potential cybersecurity talent – the veterans coming out of San Diego’s military bases near the company’s headquarters…

Read More