Jul 23 2022

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Category: Hacking,Information SecurityDISC @ 2:14 pm
insider threat
Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.

A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns.

Dubbed Atlas Intelligence Group (A.I.G.), the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. A.I.G., also known as Atlantis Cyber-Army, functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaksdistributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint.

“[A.I.G.] has introduced us to out-of-the-box thinking,” Cyberint’s Shmuel Gihon wrote in the report.

[FREE On-demand Event: Join Keeper Security’s Zane Bond in a Threatpost roundtable and learn how to securely access your machines from anywhere and share sensitive documents from your home office. WATCH HERE.]

A.I.G., according to researchers, is unique in its outsourcing approach to committing cybercrimes. Organized threat groups tend to recruit individuals with certain capabilities that they can reuse and incent them with profit sharing. For example, Ransomware-as-a-Service organized crime campaigns can involve multiple threat actors – each getting a cut of any extorted lucre or digital assets stolen. What makes A.I.G. different is it outsources specific aspects of an attack to “mercenaries” who have no further involvement in an attack.

The report’s author, Gihon, said only A.I.G. administrators and the group’s leader—dubbed Mr. Eagle—know fully what the campaign will be and outsource isolated tasks to hired guns based on their skillsets.

Unique Business Model

This uncommon business model also allows the group, which has been operating since the beginning of May, to offer a range of cybercriminal services instead of a single core competency, he said.

“While many groups are focusing on one, maybe two, services that they offer, Atlas seems to grow rapidly and expand its operations in an efficient way which allows them to offer many services,” Gihon wrote.

A.I.G. tends to target government and state assets in countries all over the world, including the United States, Pakistan, Israel, Colombia and United Arab Emirates, researchers found.

Mr. Eagle not only leads the campaigns but also doubles as a chief marketing officer of sorts, putting a significant effort into advertising A.I.G.’s various cybercriminal services, he said.

Anatomy of a Threat Group

Cyber Mercenaries: The State, Hackers, and Power

Tags: Cyber mercenaries, Hackers for Hire

Jul 18 2022

Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks

Category: CISO,Information Security,vCISODISC @ 11:17 am
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.
CISO

The cybersecurity challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmaneuver security controls effortlessly.

As technology races forward, companies without a full-time CISO are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.

How a vCISO Works
Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.

The best vCISO engagements are long-term contracts, such as 12 to 24 months. Typically, there’s an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.

What to Expect From a vCISO
When bringing a vCISO on board, it’s important that person has three key attributes: broad and extensive experience in addressing cybersecurity challenges across many industries; business acumen and the ability to rapidly absorb complex business models and strategies; and knowledge of technology solutions and dynamics that can be explored to meet specific organizational needs.

The first thing a vCISO will focus on is prioritization, beginning with understanding a company’s risks. They will then organize actions that provide the greatest positive influence on mitigating these risks while ensuring sustainability in the program. The goal is to establish a security approach that addresses the greatest risks to the business in a way that has staying power and can provide inherent value to additional downstream controls.

Having extensive experience in the technical space, a vCISO can take into consideration the full spectrum of options — those existing within the business environment, established products and services in the marketplace, and new solutions entering the market. Just within that context, a vCISO can collaborate with the technical team to take advantage of existing solutions and identify enhancements that can further capabilities in a cost-efficient manner.

The Value of a vCISO
One of the most common findings is that companies often have a large portfolio of cybersecurity technology, but very little is fully deployed. Additionally, most tech teams are not leveraging all of the capabilities, much less integrating with other systems to get greater value. Virtual CISOs help companies save money by exploiting existing technical investments that dramatically improve security. And, since the improvement is focused on existing tools, the transition for the IT and security staff is virtually eliminated due to established familiarity with the environment.

Another essential value point of a vCISO is access to an informed and well-balanced view on risk and compliance. While cybersecurity is dominated by technical moving parts, the reality is the board, executive leadership, and management team needs to incorporate cyber-risks and related liabilities into the overall scope of risk across the business at an executive level. In this sense, leadership has a vast array of competing challenges, demands, and risks and some can be even more impactful than cybersecurity.

How to Convince the Executive Team
A CEO is under a constant barrage of challenges, problems, risks, and opportunities. Cybersecurity needs to be part of that formula. If one of the core values of having a vCISO is getting meaningful cyber-risk insights, then trust and confidence in that person is paramount and needs to be established from the beginning.

Another challenge is the team dynamic — at the heart of being a CEO is their success as a leader. Introducing what is essentially a consultant can be an adjustment for the team. It’s important that the vCISO hire fits the culture and can easily integrate with everyone on the team including the CIO, CTO, CPO, CRO, etc.

The conversation with the CFO will understandably have a heavy financial tone. For companies debating between a full-time CISO or a vCISO, it’s clear a poor permanent hire can be a very expensive error, whereas a mis-hire on a vCISO can be rapidly corrected.

As organizations continue to come to grips with the byproducts of digitization and new security challenges that often seem insurmountable, a vCISO can be an enormous value. Beyond offering an efficient and cost-effective model, they bring many advantages to businesses with fewer risks than a dedicated resource.

Source: https://www.darkreading.com/careers-and-people/virtual-cisos-are-the-best-defense-against-accelerating-cyber-risks

Ransomware’s Silver Bullet – The Virtual CISO Publication Series: Cybersecurity

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Ask DISC an InfoSec & compliance related question

Tags: CISO, vCISO, Virtual CISOs

Jul 14 2022

Vendor Security Assessment

Category: Information Security,Vendor AssessmentDISC @ 8:43 am

Assessing the security of network equipment.

decorative image

This document provides guidance on how operators should assess the security of vendor’s security processes and vendor equipment and is referenced in the Telecom Security Act Code of Practice.

The purpose of the guidance is to allow operators to objectively assess the cyber risk due to use of the vendor’s equipment. This is performed by gathering objective, repeatable evidence on the security of the vendor’s processes and network equipment.

https://www.ncsc.gov.uk/report/vendor-security-assessment

Cybersecurity and Third-Party Risk: Third Party Threat Hunting

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Ask DISC an InfoSec & compliance related question

Tags: supply chain, Third-party risk management, third-party vendor program, Vendor Security Assessment

Jul 11 2022

The impact of DNS attacks on global organizations

Category: DNS Attacks,Information SecurityDISC @ 9:32 am
The impact of DNS attacks on global organizations

Often we see stories about cyber attacks that breached an organisations’ security parameters, and advice on how we can protect against future threats. However, what is often missed, is just how these threat actors managed to breach a system, and as such, the fact that the Domain Name System (DNS) probably played a very large role in the attacker’s entry point.

In this Help Net Security video, Chris Buijs, Chief Evangelist at EfficientIP, talks about the importance of making the DNS as part of an organisation’s security strategy.

Internet

DNSSEC Mastery

Tags: DNS attacks, DNSSEC

Jun 28 2022

Latest OpenSSL version is affected by a remote memory corruption flaw

Category: Information Security,Linux Security,Open NetworkDISC @ 7:50 am
Latest OpenSSL version is affected by a remote memory corruption flaw

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library.

Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set.

“OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are not affected. Furthermore, only x64 systems with AVX512 support are affected. The bug is fixed in the repository but a new release is still pending.” reads the post published by Vranken.

The issue can be easily exploited by threat actors and it will be addressed with the next release.

Google researcher David Benjamin that has analyzed the vulnerability argues that the bug does not constitute a security risk. Benjamin also found an apparent bug in the paper by Shay Gueron upon which the RSAZ code is based.

OpenSSL CVE-2021-3711

A Concise Guide to SSL/TLS for DevOps

Tags: OpenSSL

Jun 24 2022

How companies are prioritizing infosec and compliance

Category: Information Security,Security ComplianceDISC @ 8:35 am
How companies are prioritizing infosec and compliance

Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: infosec and compliance

Jun 09 2022

Secure email that protects your privacy

Category: Email Security,Information SecurityDISC @ 8:19 am

Keep your conversations private. Proton Mail is an encrypted email service based in Switzerland.

Images of the end to end encrypted and zero access encrypted Proton Mail inbox and message composer.

Proton Mail protects your communication and has everything you need to easily manage your inbox – Proton email top priority is keeping your data safe.

Create a free account

#protonemail


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Proton email, ProtonMail

Jun 02 2022

How to support women in cybersecurity

Category: cyber security,Information Security,InfoSec jobsDISC @ 8:48 am
How to support women in cybersecurity

Cybersecurity is required to be a dynamic industry because cybercriminals don’t take days off. Cybersecurity professionals must be innovative, creative, and attentive to keep gaining the upper hand on cybercriminals. Unfortunately, there are millions of unfilled cybersecurity job openings around the globe.

The gender divide

The problem of not enough cybersecurity professionals is exacerbated by a lack of diversity in the sector. There is a disproportionately low ratio of women to men within the entire technology industry. In the science, technology, engineering and math (STEM) industries, women make up only 24% of the workforce, and while this has increased from just 11% in 2017, there is clearly still a sizeable disparity.

The cybersecurity industry is performing only marginally better than STEM, with women making up roughly 24% of cybersecurity jobs globally, according to (ISC)².

There is also a parallel trend here: women have superior qualifications in cybersecurity than their male counterparts. Over half of women – 52% – have postgraduate degrees, compared to just 44% of men. More importantly, 28% of women have cybersecurity-related qualifications, while only 20% of men do. This raises one important point, which is that women feel that they must be more qualified than men to compete for and hold the same cybersecurity roles. The industry is, therefore, losing a significant pool of talent because of this perception. Untapped talent means less innovation and dynamism in the products and services businesses offer.

Unfortunately, the challenges for women do not appear to stop once they enter the cybersecurity workforce. Pay disparity continues to blight the industry. Women reported being on smaller salaries at a higher proportion than men. 17% of women reported earning between $50,000 and $99,000 compared to 29% of men. However, there are signs that this disparity in pay is closing. For those in cybersecurity who earned over $100,000, the difference in percentage between men and women was much closer. This is encouraging and shows that once women are in the industry, they can enjoy as much success as men.

Nevertheless, reaching these higher levels of the cybersecurity industry is far from straightforward for women at present. It is an unavoidable fact that women still struggle to progress as easily compared to male counterparts. A key reason for this is cultural: women are disinclined to shout about their achievements, as such they regularly go unnoticed when promotions and other opportunities come round.

The cybersecurity industry is starting to embrace diversity in the workforce, but there is a long way to go before women are as valued in cybersecurity as men. With the current skills deficit hampering the growth of cybersecurity providers, this is a perfect opportunity for the industry and individual providers to break the bias and turn to women to speed up innovation and improve defense against cybercriminals.

Why women are essential for success

woman

Women Know Cyber: 100 Fascinating Females Fighting Cybercrime

Tags: women in cybersecurity

Jun 01 2022

List of data breaches and cyber attacks in May 2022 – 49.8 million records breached

Category: Cyber Attack,Data Breach,Information SecurityDISC @ 3:41 pm

Welcome to our May 2022 review of data breaches and cyber attacks. We identified 77 security incidents during the month, resulting in 49,782,129 compromised records.

You can find the full list below, with incidents affecting UK organisations listed in bold.

Contents

cyber attacks in May 2022

source: List of data breaches and cyber attacks in May 2022

Tags: data breaches

May 23 2022

Many security engineers are already one foot out the door

Category: Cyber career,Information SecurityDISC @ 8:36 am
Many security engineers are already one foot out the door. Why?

Many security engineers are already one foot out the door. Why?

The position of security engineer has become a pivotal role for modern security teams. Practitioners are responsible for critical monitoring of networks and systems to identify threats or intrusions that could cause immense harm to an organization.

They must analyze troves of security-related data, detect immediate threats as early as possible on the cyber kill chain. From their vantage point, they are often best positioned to evaluate security monitoring solutions and recommend security operations improvement to management.

In this video for Help Net Security, Jack Naglieri, CEO of Panther Labs, discusses a recent report which found that 80% of security engineers are experiencing burnout.

professional

Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career

Tags: security engineer

May 17 2022

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

Category: Bluetooth,Information SecurityDISC @ 8:27 am
New Bluetooth attack lets hackers drive away with your Tesla

https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices.

BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y.

Pushing out fixes for this security problem is complicated, and even if the response is immediate and coordinated, it would still take a long time for the updates to trickle to impacted products.

How the attack works

In this type of relay attacks, an adversary intercepts and can manipulate the communication between two parties, such as the key fob that unlocks and operates the car and the vehicle itself.

This places the attacker in the middle of the two ends of the communication, allowing them to relay the signal as if they were standing right next to the car.

Products that rely on BLE for proximity-based authentication protect against known relay attack methods by introducing checks based on precise amounts of latency and also link-layer encryption.

NCC Group has developed a tool that operates at the link layer and with a latency of 8ms that is within the accepted 30ms range of the GATT (Generic ATTribute Profile) response.

“Since this relay attack operates at the link layer, it can forward encrypted link layer PDUs. It is also capable of detecting encrypted changes to connection parameters (such as connection interval, WinOffset, PHY mode, and channel map) and continuing to relay connections through parameter changes. Thus, neither link layer encryption nor encrypted connection parameter changes are defences against this type of relay attack.” – NCC Group

According to Sultan Qasim Khan, a senior security consultant at NCC Group, it takes about ten seconds to run the attack and it can be repeated endlessly.

Both the Tesla Model 3 and Model Y use a BLE-based entry system, so NCC’s attack could be used to unlock and start the cars.

While technical details behind this new BLE relay attack have not been published, the researchers say that they tested the method on a Tesla Model 3 from 2020 using an iPhone 13 mini running version 4.6.1-891 of the Tesla app.

“NCC Group was able to use this newly developed relay attack tool to unlock and operate the vehicle while the iPhone was outside the BLE range of the vehicle” – NCC Group

During the experiment, they were able to deliver to the car the communication from the iPhone via two relay devices, one placed seven meters away from the phone, the other sitting three meters from the car. The distance between the phone and the car was 25 meters.

The experiment was also replicated successfully on a Tesla Model Y from 2021, since it uses similar technologies. Below is a demonstration of the attack:

These findings were reported to Tesla on April 21st. A week later, the company responded by saying “that relay attacks are a known limitation of the passive entry system.”

The researchers also notified Spectrum Brands, the parent company behind Kwikset (makers of the Kevo line of smart locks).

What can be done

NCC Group’s research on this new proximity attack is available in three separate advisories, for BLE in general, one for Tesla cars, and another for Kwikset/Weiser smart locks, each illustrating the issue on the tested devices and how it affects a larger set of products from other vendors.

The Bluetooth Core Specification warns device makers about relay attacks and notes that proximity-based authentication shouldn’t be used for valuable assets.

This leaves users with few possibilities, one being to disable it, if possible, and switch to an alternative authentication method that requires user interaction.

Another solution would be for makers to adopt a distance bounding solution such as UWB (ultra-wideband) radio technology instead of Bluetooth.

Tesla owners are encouraged to use the ‘PIN to Drive’ feature, so even if their car is unlocked, at least the attacker won’t be able to drive away with it.

Additionally, disabling the passive entry functionality in the mobile app when the phone is stationary would make the relay attack impossible to carry out.

If none of the above is possible on your device, keep in mind the possibility of relay attacks and implement additional protection measures accordingly.

Bluetooth Security Attacks: Comparative Analysis, Attacks, and Countermeasures

Tags: Bluetooth attack, Tesla Model 3

May 15 2022

Undetectable Backdoors in Machine-Learning Models

Category: Backdoor,Information SecurityDISC @ 12:11 pm
Machine-learning models vulnerable to undetectable backdoors • The Register

https://www.schneier.com/crypto-gram/archives/2022/0515.html#cg1

New paper: “Planting Undetectable Backdoors in Machine Learning Models“:

Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.

First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees that given black-box access to the original model and the backdoored version, it is computationally infeasible to find even a single input where they differ. This property implies that the backdoored model has generalization error comparable with the original model. Second, we demonstrate how to insert undetectable backdoors in models trained using the Random Fourier Features (RFF) learning paradigm or in Random ReLU networks. In this construction, undetectability holds against powerful white-box distinguishers: given a complete description of the network and the training data, no efficient distinguisher can guess whether the model is “clean” or contains a backdoor.

Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial examples. In particular, our construction can produce a classifier that is indistinguishable from an “adversarially robust” classifier, but where every input has an adversarial example! In summary, the existence of undetectable backdoors represent a significant theoretical roadblock to certifying adversarial robustness.

May 06 2022

Zero-day bug in uClibc library could leave IoT devices vulnerable to DNS poisoning attacks

Category: Information Security,Security vulnerabilities,Zero dayDISC @ 10:10 am

A zero-day vulnerability in uClibc and uClibc-ng, a popular C standard library, could enable a malicious actor to launch DNS poisoning attacks on vulnerable IoT devices.

The bug, tracked as ICS-VU-638779, which has yet to be patched, could leave users exposed to attack, researchers have warned.

DNS poisoning

In a DNS poisoning attack, the target domain name is resolved to the IP address of a server that’s under an attacker’s control.

This means at if a malicious actor were to send a ‘forgotten password’ request, they could direct it to their own email address and intercept it – allowing them to change the victim’s password and access their account.

For an IoT device, this attack could potentially be used to intercept a firmware update request and instead directing it to download malware.

The DNS poisoning vulnerability was discovered by researchers at Nozomi Networks, who revealed that the issue remains unpatched, potentially exposing multiple users to attack.

Nozomi Networks states that uClibc is known to be used by major vendors such as Linksys, Netgear, and Axis, or Linux distributions such as Embedded Gentoo. uClibc-ng is a fork specifically designed for OpenWRT, a common operating system for web routers.

The library maintainer was unable to provide a fix, according to Nozomi. The researchers said they would refrain from sharing technical details or listing vulnerable devices until a patch is available.

“It’s important to note that a vulnerability affecting a C standard library can be a bit complex,” the team wrote in a blog post this week.

“Not only would there be hundreds or thousands of calls to the vulnerable function in multiple points of a single program, but the vulnerability would affect an indefinite number of other programs from multiple vendors configured to use that library.”

Source: https://portswigger.net/daily-swig/zero-day-bug-in-uclibc-library-could-leave-iot-devices-vulnerable-to-dns-poisoning-attacks

Managing Mission – Critical Domains and DNS: Demystifying nameservers, DNS, and domain names

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: DNS poisoning attacks

Apr 26 2022

Nation-state Hackers Target Journalists with Goldbackdoor Malware

Category: Hacking,Information Security,MalwareDISC @ 10:20 pm
Nation-state Hackers Target Journalists with Goldbackdoor Malware

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight.

Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believed to have started in March and is ongoing, researchers have found.

Researchers at Stairwell followed up on an initial report from South Korea’s NK News, which revealed that a North Korean APT known as APT37 had stolen info from the private computer of a former South Korean intelligence official. The threat actor–also known as Ricochet Collima, InkySquid, Reaper or ScarCruft—attempted to impersonate NK News and distributed what appeared to be a novel malware in an attempt to target journalists who were using the official as a source, according to the report.

NK News passed details to Stairwell for further investigation. Researchers from the cybersecurity firm uncovered specific details of the malware, called Goldbackdoor. The malware is likely a successor of the Bluelight malware, according to a report they published late last week.

“The Goldbackdoor malware shares strong technical overlaps with the Bluelight malware,” researchers wrote. “These overlaps, along with the suspected shared development resource and impersonation of NK News, support our attribution of Goldbackdoor to APT37.”

APT37 was previously seen using Bluelight as a secondary payload last August in a series of watering hole attacks against a South Korean newspaper that used known Internet Explorer vulnerabilities.

As Stairwell researchers noted, journalists are “high-value targets for hostile governments,” and often the target of cyber-espionage attacks. In fact, one of the biggest security stories of last year was various governments’ use of the NGO Group’s Pegasus spyware against journalists, among other targets.

“[Journalists] often are aggregators of stories from many individuals–sometimes including those with sensitive access,” Stairwell researchers wrote. “Compromising a journalist can provide access to highly-sensitive information and enable additional attacks against their sources.”

Multi-Stage Malware

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics 

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Goldbackdoor Malware

Apr 22 2022

Hackers Are Getting Caught Exploiting New Bugs

Category: Hacking,Information SecurityDISC @ 9:12 am

Tags: hackers

Apr 19 2022

Free Infographic: What is ransomware and how can I protect my business?

Category: Information SecurityDISC @ 9:10 am

Ransomware is a type of malicious program that demands payment after launching a cyber attack on a computer system. This type of malware has become increasingly popular among criminals, costing organizations millions each year.

Security experts recognise that ransomware is one of the fastest-growing forms of cyber attack. Its prevalence and reach was emphasised when WannaCry, and more recently, NotPetya, exploited a flaw in Microsoft’s SMB software and spread rapidly across networks, locking away files. 

For a quick guide to ransomware and what you can do to protect your business, download our free infographic.
 

Download now

What is ransomware and how can I protect my business?

Apr 15 2022

How vx-underground is building a hacker’s dream library

Category: Cyber Attack,Cyber crime,Dark Web,Information SecurityDISC @ 12:59 pm
How vx-underground is building a hacker’s dream library

Editor’s Note: When malware repository vx-underground launched in 2019, it hardly made a splash in the hacking world. “I had no success really,” said its founder, who goes by the online moniker smelly_vx.

But over the last couple of years, the site’s popularity has soared thanks in part to its robust Twitter presence that mixes breaking cybersecurity news with memes. The site now bills itself as “the largest collection of malware source code, samples, and papers on the internet,” with about 35 million samples overall.

vx-undergound operator smelly_vx recently talked to Recorded Future analyst and product manager Dmitry Smilyanets about the site’s goals, finances, and plans for the future. The interview, which was conducted over email in English, has been lightly edited for clarity.

Dmitry Smilyanets: I would like to start from the very beginning — please introduce yourself.

smelly_vx: Hi. I am “smelly__vx“. I am the creator of vx-underground and the guy who runs/maintains a good portion of vx-underground’s website and the vx-underground Twitter account.

I am in my early 30s. I have a wife. I have a dog. I don’t think I can say anything else which is interesting or important.

DSTell me about the site’s background — how did it start, how did you build it into what it is today?

VX: About vx-underground — it was created to act as the successor to the legendary vxHeaven (created by the Ukrainian dude herm1t). When I was a teenager I discovered vxHeaven and learned tons from it. It was an invaluable asset. Around 2017 or so, when I was a software engineer, I got tired of writing malware (as a hobbyist) by myself.

I began looking for vxHeaven, or whatever it had become. I was unable to find anything, to my disappointment, and one day on some random IRC server I discovered, I was conveying my disappointment to a guy named Phaith and he said to me, “Well, if you miss it so much, why don’t you make your own?” I thought this was a good idea — why not make my own? And that is precisely what I decided to do. The issue I faced was that my background was in low-level development, I primarily did C/C++ development on the Windows platform. I did not have any skills in web development, web security, system administration, etc. I also did not have any contacts, I had been a “lone wolf” for nearly a decade at this point — I was a “nobody.” However, I decided this shouldn’t be a restraining factor so I bought some random bullshit hosting, purchased the domain name ‘vx-underground’ and got to work.

I officially made vx-underground in May 2019. I had no success really, I did not have a Twitter account or any contacts or any relationships in the information security industry. I made the vx-underground Twitter account in August 2019 and, interestingly, shortly after I made the account I was contacted by a guy named Bane. Bane was a member of a group called ThugCrowd. They had a large follower base on Twitter (20,000+), they had connections, they knew their way around things, blah blah blah. ThugCrowd was very kind to me and supported the idea of a new vxHeaven. They introduced me to some people who also liked the idea of a new vxHeaven.

Unsurprisingly, in October 2019, vx-underground was banned from a lot of web hosts. I had places which housed neo-Nazis, pornography, and gambling, deny my hosting.

Nobody wanted to house malware samples, the only way I was going to get the ability to house malware samples was if I had become a company, and did paperwork and all sorts of bullshit. I did not like this idea. Luckily, and to my surprise, the people over at ThugCrowd introduced me to a group of people behind TCP.DIRECT. They also liked the idea of a new vxHeaven, as the main group of people behind it also had been on the vxHeaven forums ages ago. They assisted me with hosting, handling the web security, etc. This was very beneficial for me because, as TCP.DIRECT will confirm, I am a complete idiot with anything system administrative/web security related.

Following this introduction to TCP.DIRECT, vx-underground had essentially zero restraint. I was able to upload malware samples, malware papers, malware source code, etc. as much as I liked. The only thing I had to do then was add content and be consistent. Along the way I met a guy from the [Commonwealth of Independent States], Neogram, who assisted me with Russian translations and giving me a (metaphorical) tour of the CIS malware scene. This expanded my horizon and gave vx-underground better insight into current malware trends.

All of this happened very quickly, this ‘story’ encapsulates what happened between August 2019 and December 2019.

DSWhat are your mission and goals?

VX: I don’t know. vx-underground is a library, our goal is basically to
 collect malware samples, papers, and code? It exists and that is it. The closest thing to a ‘goal’ we have is simple: “more papers, more samples, more code.” It is as simple as that.

DS: Are you financially motivated? How do you monetize your work? Is it lucrative?

VX: No, we are not financially motivated. vx-underground is fueled by passion and love for the ‘game.’ In 2021 vx-underground made $13,000 all from donations. Every time I tell people vx-underground does not make money I am always greeted with shock and surprise. It appears people are unable to comprehend someone would do something for passion rather than financial gain. This is disappointing.

More on this article “vx-underground” – building a hacker’s dream library

DS: One may say you are a threat actor group. Are you?

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Hacker library

Apr 12 2022

The importance of understanding cloud native security risks

Category: Cloud computing,Information SecurityDISC @ 10:26 am
The importance of understanding cloud native security risks

In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem with the lack of understanding of risks to this environment.

A recent survey of over 100 cloud professionals revealed that often businesses lead the charge in cloud, they see the opportunity, they move forward, but more and more critical compute finds its way into these cloud environments, and the security teams start to take notice. Often too late, though.

The survey shows that the awareness is starting to become a problem, and the risks are not fully understood. Organizations need to get ahead of these things. To be able to apply a good cloud native security strategy, understanding the risks is imperative.

cloud

Securing DevOps: Security in the Cloud

Tags: cloud native security risks

Mar 27 2022

Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Category: Information SecurityDISC @ 12:28 pm

Morgan-Stanley-Client-Accounts-Breached-in-Social-Engineering-Attacks-1Download
The F&G Group | New York, NY | Miami, FL | Morgan Stanley Private Wealth Management

Mar 26 2022

FCC adds Kaspersky to Covered List due to unacceptable risks to national security

Category: Antivirus,Information Security,Information WarfareDISC @ 9:53 pm
FCC adds Kaspersky to Covered List due to unacceptable risks to national security

The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security.

The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered List saying that they pose unacceptable risks to U.S. national security.

“The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added equipment and services from three entities – AO Kaspersky Lab, China Telecom (Americas) Corp, and China Mobile International USA Inc. – to its list of communications equipment and services that have been deemed a threat to national security, consistent with requirements in the Secure and Trusted Communications Networks Act of 2019.” reads the FCC’s press release.

The Covered List, published by Public Safety and Homeland Security Bureau published, included products and services that could pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.

The US commission also added Chinese state-owned mobile service providers China Mobile International USA and China Telecom Americas to the list. Below is the list of Covered Equipment or Services added on March 25, 2022:

  • Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates.
  • International telecommunications services provided by China Mobile International USA Inc. subject to section 214 of the Communications Act of 1934.
  • Telecommunications services provided by China Telecom (Americas) Corp. subject to section 214 of the Communications Act of 1934.

FCC banned Kaspersky security solutions and services supplied by Kaspersky or any linked companies.

“The FCC’s decision to add these three entities to our Covered List is welcome news. The FCC plays a critical role in securing our nation’s communications networks, and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests.” said FCC Commissioner Brendan Carr. “I applaud Chairwoman Rosenworcel for working closely with our partners in the Executive Branch on these updates. As we continue our work to secure America’s communications networks, I am confident that we will have more entities to add to our Covered List.”

In Mid March, the German Federal Office for Information Security agency, aka BSI, recommended consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine.

According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors.

Tags: FCC, kaspersky, National security

« Previous PageNext Page »