Tag: Attack | Page 181

Copycat researchers imitate supply chain attack that hit tech giants

February 12, 2021/in Computer Security

npm supply chain attack

This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.

Within 48 hours of Birsan’s disclosure going public, copycat actors began pushing similar packages to npm, likely in a quest to earn bug bounties.

Birsan has confirmed to BleepingComputer that he is not behind these imitation packages and that these are different actors following in his footsteps.

Researcher breaches 35 tech firms in a novel supply chain attack

Recently, BleepingComputer had first reported on a supply chain attack that hit over 35 tech firms, namely Microsoft, Apple, PayPal, Tesla, Uber, Yelp, Shopify, among others.

The researcher, Alex Birsan, had taken advantage of an inherent design flaw of open-source development tools called “dependency confusion” or “namespace confusion” to squat names of private dependencies used by major companies on public open-source repos including npm, PyPI, and RubyGems.

Today, a report from Sonatype reveals, other copycat actors are now imitating Birsan’s research by flooding the npm repository with copycat packages marked “for security research purposes only.”

npm copycat packages birsan — **npm copycat packages created in the style of Birsan, with the disclaimer**
Source: BleepingComputer

Copycat actors flood npm with identical packages

Within the last 48 hours, the Sonatype Security Research team, of which I am a part, noticed a sudden spike in the volume of suspicious packages caught by our automated malware detection systems and began analyzing these packages.

And then it made sense. The vast majority of 150+ components that were flagged and are continuing to come in at the time of writing, are lookalikes of Birsan’s PoC packages that let him breach over 35-tech companies as a part of his ethical research.

But Birsan tells BleepingComputer he is not behind these copycat “research” packages, although he did admit to uploading a few more packages today under his…

Source…

These are the people most likely to fall victim to a phishing attack

February 9, 2021/in Computer Security

As cybercriminals leveraged the pandemic to send out 18m daily malware and phishing emails at its peak, Google was busy trying to protect Gmail users from cyber threats over the course of last year.

In an effort to better understand why some users are more heavily targeted by phishing emails and malware, the search giant teamed up with researchers at Stanford University to study over a billion malicious emails and their intended targets.

By aggregating and analyzing all of the malicious campaigns blocked by Gmail over a five-month period, Google found that users in the US were the most popular targets (42%), followed by the Untied Kingdom (10%) and Japan (5%). The study also revealed that most cybercriminals don’t localize their efforts and instead use the same English email templates for users in multiple countries.

At the same time, Google and Stanford University found that the attackers and botnets distributing phishing and malware emails rely on fast campaigns that last from just one day to three days on average. In a single week, these small-scale campaigns accounted for over 100m phishing and malware emails in aggregate which targeted Gmail users worldwide.

Heightened risk

In addition to analyzing how the cybercriminals behind phishing and malware campaigns operate, Google also analyzed what factors put a user at higher risk of an attack.

To do this, the company created a model that used an anonymization technique called “k-anonymity” to ensure any risk trends identified applied to a broad group of similar users. The likelihood of receiving a phishing or malware email in a given week was modeled as a function of geographic location, demographics, security posture, device access and prior security incidents.

The model found that users whose emails or personal details were exposed in a previous third-party data breach were five times more likely to be targeted by phishing or malware. Where you live also affects risk though and Australian users were two times more likely to be targeted when compared to users in the US despite the fact that the US is the most popular target by volume and not per capita. Age plays a role as well and users between 55 and 64 are 1.64 times more…

Source…

DPRK hackers used an unknown Internet Explorer bug to attack security analysts

February 8, 2021/in Internet Security

News Highlights: DPRK hackers used an unknown Internet Explorer bug to attack security analysts

.

Days after Google disclosed a cyber campaign, South Korean company finds criminals who used zero-day in Internet Explorer

Hackers previously linked to North Korea by Google researchers used an unknown vulnerability in Internet Explorer to target cybersecurity experts, a South Korean company said.

Two weeks ago, Google’s Threat Analysis Group (TAG) shocked the cybersecurity community by revealing a month-long social engineering campaign in which hackers posed as fellow security researchers, tricking targets into collaborating on projects and viewing their blog. When researchers visited the website, a previously undiscovered zero-day vulnerability in Chrome infected some users with malware.

The same hackers Google attributed to the Lazarus Group linked to North Korea, too

Read more from Source
Copyright @ www.nknews.org

Check the latest Hacking news updates and information.
Please share this news DPRK hackers used an unknown Internet Explorer bug to attack security analysts with your friends and family to support us your one share helps us a lot.
Follow us on Facebook and Twitter if you need more updates like this.

Compsmag is supported by its audience. When you buy through links on our website, we may earn an affiliate commission fee. Learn more

Source…

Ransom-related DDoS attacks rise from the dead as attack vectors diversify

February 8, 2021/in Internet Security

DDoS extortion is back…

Ransom-related denial of service attacks are on the rise

ANALYSIS A growth in ransom-related DDoS (RDDoS) attacks has accompanied a growing sophistication and diversity in attack vectors over the last year, according to a range of security vendors quizzed by The Daily Swig.

Types of distributed denial-of-service (DDoS) attacks can include volumetric, protocol-based, and application-based assaults. Many are slung from so-called botnets of compromised computers, mobiles, or IoT devices.

Means, motive, and opportunity

The most common motives for launching a DDoS and jamming an adversary/competitor’s web performance include extorting victims for financial gain or to serve as a decoy tactic for another cyber-attack.

Bindu Sundaresan, director at AT&T Cybersecurity, told The Daily Swig: “Motives today can include an interest in obtaining a financial reward, making an ideological statement, creating a geopolitical advantage, or exacting revenge for particular government action, corporate campaign, or policy stance.”

Pay up or say goodbye to your network resources

David Elmaleh, senior product manager of edge services at cloud and network appliance security vendor Imperva, told The Daily Swig that RDDoS campaigns motivated by financial gain saw a considerable increase in 2020.

“We saw RDDoS threats targeting thousands of large commercial organizations globally, not least the financial services industry,” Elmaleh explained.

“Of the RDDoS we’ve monitored, the extortionists leverage the names of well-known threat actor groups in their ransom messages to demand payment in bitcoin currency to prevent a DDoS attack on their target’s network.”

Read more of the latest DDoS attack news

For example, Imperva reports that one group using the name ‘Lazarus’ threatened to launch a DDoS attack against an entire network if a ransom was not paid within six days.

“Once the attack has started, a payment of 30 bitcoin (approximately $328,000) will stop it, with an additional 10 bitcoin ($110,000) demanded for each day the ransom remains unpaid,” according to Imperva’s Elmaleh.

“The extortionist also threatened to begin a small DDoS attack on the company’s main IP…

Source…

Tag Archive for: Attack

Researcher breaches 35 tech firms in a novel supply chain attack

Copycat actors flood npm with identical packages

News Highlights: DPRK hackers used an unknown Internet Explorer bug to attack security analysts

Means, motive, and opportunity

Pay up or say goodbye to your network resources