Tag Archive for: APTs

APTs, botnets combated by new AWS system


Nation state-sponsored advanced persistent threats Sandworm and Volt Typhoon and various distributed denial-of-service botnets were noted by Amazon Web Services to have been thwarted using its new MadPot internal threat intelligence decoy system, reports SecurityWeek.

Over 100 million possible threats are being tracked by MadPot using sensors and automotive response functionality, with nearly half a million of which being categorized as malicious, according to AWS.

Russian APT operation Sandworm was discovered by MadPot after attempted exploitation of a WatchGuard network security appliance vulnerability, with further examination of the payload yielding unique threat actor attributes and IP addresses.

On the other hand, MadPot was able to avert Chinese APT Volt Typhoon following an attack against U.S. territory Guam.

“Through our investigation inside MadPot, we identified a payload submitted by the threat actor that contained a unique signature, which allowed identification and attribution of activities by Volt Typhoon that would otherwise appear to be unrelated,” said AWS, which added that data and findings from the MadPot system have been leveraged to strengthen its security offerings.

Source…

Go malware is now common, having been adopted by both APTs and e-crime groups


go-lang.png

The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week.

The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away from C and C++ to Go, a programming language developed and launched by Google in 2007.

Intezer: Go malware, now a daily occurrence

While the first Go-based malware was detected in 2012, it took, however, a few years for Golang to catch on with the malware scene.

“Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence,” Intezer said in its report.

But today, Golang (as it’s often also referred to instead of Go) has broken through and has been widely adopted.

It is used by nation-state hacking groups (also known as APTs), cybercrime operators, and even security teams alike, who often used it to create penetration-testing toolkits.

There are three main reasons why Golang has seen this sudden sharp rise in popularity. The first is that Go supports an easy process for cross-platform compilation. This allows malware developers to write code once and compile binaries from the same codebase for multiple platforms, allowing them to target Windows, Mac, and Linux from the same codebase, a versatility that they don’t usually have with many other programming languages.

The second reason is that Go-based binaries are still hard to analyze and reverse engineer by security researchers, which has kept detection rates for Go-based malware very low.

The third reason is related to Go’s support for working with network packets and requests. Intezer explains:

“Go has a very well-written networking stack that is easy to to work with. Go has become one of the programming languages for the cloud with many cloud-native applications written in it. For example, Docker, Kubernetes, InfluxDB, Traefik, Terraform, CockroachDB, Prometheus and Consul are all written in Go. This makes sense given that one of the reasons behind the creation of Go…

Source…

Taiwan blames Chinese APTs for hacking campaign. GoldenSpy’s operators are trying to cover their tracks. Vishing attacks spike following Twitter hack. – The CyberWire

Taiwan blames Chinese APTs for hacking campaign. GoldenSpy’s operators are trying to cover their tracks. Vishing attacks spike following Twitter hack.  The CyberWire
“cyber warfare news” – read more

Download AV-Comparatives real-world test into how well different security products defend against APTs

Download AV-Comparatives’ real-world test which reports on how well different security products defend against the increasing number of APT attacks.

Graham Cluley