This Week in CyberSec Headlines, 02 March 2018

German Defence and Interior Ministries Networks Breached, Russian threatgroups suspected

BBC, Fancy Bear: Germany investigates cyber-attack ‘by Russians’

“Germany is investigating a security breach of its defence and interior ministries’ private networks, a government spokesman has confirmed. A notorious Russian hacking group known as Fancy Bear, or APT28, is being widely blamed in German media. They are thought to be behind a number of cyber-attacks on the West, including breaches in the 2016 US election.

The hack was first realised in December and may have lasted up to a year, the DPA news agency reported. The group is reported to have targeted the federal government’s internal communications network with malware.

Washington Post, Apparent attack by Russian hackers penetrated Germany’s foreign ministry

“German officials said Wednesday that the government’s information technology networks had been infiltrated and that evidence pointed toward a Russian hacking group that’s been implicated in high-profile cyberattacks worldwide.

The breach, acknowledged by the interior ministry in a statement, had been known since December, when security experts discovered malware in the secure computer networks of the foreign ministry”

New York Times, Germany Says Hackers Infiltrated Main Government Network

“Hackers using highly sophisticated software penetrated the German government’s main data network, a system that was supposed to be particularly secure and is used by the chancellor’s office, ministries and the Parliament, government officials have said.

German news outlets, citing security sources, have widely blamed a Russian hacking group backed by the Russian government — either one called Snake, or another known as APT28, or Fancy Bear. But Berlin has not publicly said who was behind the attack.

The attack was narrowly targeted, apparently seeking specific information, said Patrick Sensburg, a lawmaker with the governing Conservative Party. Officials would not say how successful the intrusion was, or what data the hackers may have taken.”

Cellebrite & Unlocked iPhones

Forbes, The Feds Can Now (Probably) Unlock Every iPhone Model In Existence — UPDATED

“In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 (right up to 11.2.6). That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.”

ArsTechnica, Cellebrite can unlock any iPhone (for some values of “any”)

“Cellebrite—the Israel-based forensics company that has been a key source for law enforcement in efforts to crack the security of mobile devices to recover evidence—has reportedly found a way to unlock Apple devices using all versions of the iOS operating system up to version 11.2.6, the most recent update pushed out to customers by Apple. The capability is part of Cellebrite’s Advanced Unlocking and Extraction Services, a lab-based service the company provides to law enforcement agencies—not a software product.

But security experts are dubious of any claim that Cellebrite can defeat the encryption used by iOS to protect the contents of Apple devices. Rather, they suggest Cellebrite’s “Advanced Unlocking Services” may have found a way to bypass the limits on PIN or password entry enforced by interfering with the code that counts the number of failed attempts—allowing the company’s lab to launch a brute-force attack to try to discover the passcode without fear of the device erasing its cryptographic key and rendering the phone unreadable. With a sufficiently secure password, it would be nearly impossible for the technique to recover the contents of the device.”

Other News

Bleeping Computer, Virus Knocks Out Cash Registers at Tim Hortons Franchisees

“A computer virus is suspected of crashing cash registers this week at over 1,000 Tim Hortons coffee and donuts fast food restaurants. The problem is not yet fully resolved, and some stores are still experiencing problems.

The problems appeared earlier this week when XP-based cash registers began crashing.

Outages initially affected at under 100 locations, but as the week progressed, news outlets reported that over 1,000 stores were affected, almost a quarter of Tim Hortons locations across Canada.

Some stores had to shut down for small amounts of time while they tried to fix their Point of Sale (PoS) systems, but others had to close for good.”

[Remotely wiped]