Tag Archive for: Anatomy

Demystifying Botnets: Understanding the Anatomy of a Cyber Threat | by Dwayne Wong (Omowale) | Jul, 2023

/in


Botnets are networks of computers that are controlled by a central server. The computers in a botnet are called bots, and they can be infected with malware without the user’s knowledge. Once a bot is infected, it becomes part of the botnet and can be used for various malicious activities. The central server that controls the botnet is called the Command and Control (C&C) server. The C&C server sends instructions to the bots, which then carry out the commands.

Botnets are used for a variety of malicious purposes, including launching DDoS attacks, sending spam, spreading malware, and stealing sensitive information. DDoS attacks are one of the most common uses of botnets. In a DDoS attack, the bots in the botnet send a flood of traffic to a target server, which overwhelms the server and causes it to crash. This can result in significant downtime and financial losses for the victim.

Botnets work by infecting computers with malware, which then allows the central server to control the infected computers. The malware used to infect the computers can be delivered in various ways, including through email attachments, malicious websites, and software vulnerabilities. Once a computer is infected, it becomes a bot and can be controlled by the C&C server.

The C&C server sends instructions to the bots, which can include launching DDoS attacks, stealing sensitive information, or spreading malware. The bots receive their instructions through a command protocol, which can be encrypted to make it difficult to detect. The bots can also communicate with each other, which allows them to coordinate their attacks.

There are several types of botnets, each with its unique characteristics and methods of operation. Some of the most common types of botnets include:

IRC botnets are one of the oldest types of botnets and are still in use today. They use Internet Relay Chat (IRC) channels for communication between the bots and the C&C server. The bots connect to the IRC channel and wait for instructions from the C&C server.

Source…

Exploring The Anatomy Of A Linux Kernel Exploit

/in


A lot of talk and discussion happens anytime a hardware manufacturer releases a new line of faster, more powerful, or more efficient computers. It’s easy to see better and better specifications and assume that’s where all the progress is made. But without improved software and algorithms, often the full potential of the hardware can’t be realized. That’s the reason for the creation of io_uring, an improved system call interface in the Linux kernel. It’s also where [chompie] went to look for exploits.

The reason for looking here, in a part of the kernel [chompie] had only recently learned about, was twofold. First, because it’s a place where user space applications interact with the kernel, and second because it’s relatively new and that means more opportunities to find bugs. The exploit involves taking advantage of a complicated asynchronous buffer system, specifically at a location where the code confuses a memory location being used by the kernel with one which is supposed to be used for user space.

To actually get this to work as an exploit, though, a much more involved process is needed to make sure the manipulation of these memory addresses results in something actually useful, but it is eventually used to gain local privilege escalation. More about it can be found in this bug report as well. Thanks to the fact that Linux is open-source, this bug can quickly be fixed and the patch rolled out to prevent malicious attackers from exploiting it. Open-source software has plenty of other benefits besides being inherently more secure, though.


Source…

BSides Greenville / BSidesGVL 2021 – Chris Furtick’s ‘Anatomy Of A Ransomware Attack’ – Security Boulevard

/in



BSides Greenville / BSidesGVL 2021 – Chris Furtick’s ‘Anatomy Of A Ransomware Attack’  Security Boulevard

Source…

The anatomy of a modern day ransomware conglomerate

/in


Written by Jeff Stone
Jan 4, 2021 | CYBERSCOOP

If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need. 

What makes the pain even worse is that the group is using an innovative structure that’s becoming more common in the cybercrime underworld.

This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy. 

Rather than relying on lone hackers who mastermind massive data breaches, or dark web forums frequented only by Russian scammers, today’s cybercriminals function as part of a kind of cooperative shadow industry that rewards innovation and reputation. It’s like an informal professional network in Silicon Valley, only based on extorting schools rather than generating engagement.

“We’re seeing some of the same individuals who were active years ago still active now,” said Jason Passwaters, chief operating officer at the threat intelligence firm Intel 471. “They’re providing the same services they provided back then, it’s just that everybody is interdependent on each other.” 

Just as hundreds of people may be involved in the transportation of a Chiquita banana from its origin to a grocery store, security researchers suggest that dozens of individuals might be involved in a given data breach or digital extortion attempt. It’s not unique to the Egregor group. Hackers using the malware strains known as Conti, Thanos and SunCrypt, among others, also have deployed similarly cooperative techniques. 

It’s a style with roots in the mid-2000s when a hacker using the name “slavik” released the Zeus malware, a hacking tool…

Source…