Tag Archive for: computers

Researchers watched 100 hours of hackers hacking honeypot computers

/in


Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it.

That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers.

The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around.

Thanks to these honeypots, the researchers were able to record 190 million events and 100 hours of video footage of hackers taking control of the servers and performing a series of actions on them, including reconnaissance, installing malware that mines cryptocurrencies, using Android emulators to conduct click fraud, brute-forcing passwords for other computers, hiding the hackers’ identities by using the honeypot as a starting point for another attack, and even watching porn. The researchers said a hacker successfully logging into its honeypot can generate “tens of events” alone.

“It’s basically like a surveillance camera for RDP system because we see everything,” Andréanne Bergeron, who has a Ph.D. in criminology from the University of Montreal, told TechCrunch.

Bergeron, who also works for cybersecurity firm GoSecure, worked with her colleague Olivier Bilodeau on this research. The two presented their findings on Wednesday at the Black Hat cybersecurity conference in Las Vegas.

The two researchers classified the type of hackers based on Dungeons and Dragons character types.

The “Rangers,” according to the two, carefully explored the hacked computers, doing reconnaissance, sometimes changing passwords, and mostly leaving it at that. “Our hypothesis is that they are evaluating the system they compromised so that another profile of attacker can come back later,” the researchers wrote in a blog post published on Wednesday to accompany their talk.

The “Barbarians” use the compromised honeypot computers to try and bruteforce into other computers using known lists of hacked usernames and passwords, sometimes using tools such as Masscan, a legitimate tool that…

Source…

How to stop quantum computers from breaking the internet’s encryption

/in


Keeping secrets is hard. Kids know it. Celebrities know it. National security experts know it, too.

And it’s about to get even harder.

There’s always someone who wants to get at the juicy details we’d rather keep hidden. Yet at every moment, untold volumes of private information are zipping along internet cables and optical fibers. That information’s privacy relies on encryption, a way to mathematically scramble data to prevent any snoops from deciphering it — even with the help of powerful computers.

But the mathematical basis of these techniques is under threat from a foe that has, until recently, seemed hypothetical: quantum computers.

In the 1990s, scientists realized that these computers could exploit the weird physics of the minuscule realm of atoms and electrons to perform certain types of calculations out of reach for standard computers. That means that once the quantum machines are powerful enough, they could crack the mathematical padlocks on encrypted data, laying bare the world’s secrets.

Today’s quantum computers are far too puny to defeat current security measures. But with more powerful quantum machines being regularly rolled out by the likes of IBM and Google, scientists, governments and others are beginning to take action. Experts are spreading the word that it’s time to prepare for a milestone some are calling Y2Q. That’s the year that quantum computers will gain the ability to crack the encoding schemes that keep electronic communications secure.

“If that encryption is ever broken,” says mathematician Michele Mosca, “it would be a systemic catastrophe.”

Y2Q is coming. What does it mean?

Encryption pervades digital life — safeguarding emails, financial and medical data, online shopping transactions and more. Encryption is also woven into a plethora of physical devices that transmit information, from cars to robot vacuums to baby monitors. Encryption even secures infrastructure such as power grids. The tools Y2Q threatens are everywhere. “The stakes are just astronomically high,” says Mosca, of the University of Waterloo in Canada, who is also CEO of the cybersecurity company evolutionQ.

The…

Source…

IMEI | 🔍📱| #viral #shorts #technology #learning #knowledge

/in



BlackCat ransomware takes control of protected computers via new kernel driver

/in


A new kernel driver was discovered from a February 2023 BlackCat ransomware incident that leverages a separate user client executable as a way to control, pause and kill various processes on target endpoints of security agents deployed on protected computers.

In a May 22 blog post, Trend Micro researchers said they believe that the new kernel driver was an updated version that inherited the main functionality from samples disclosed in previous research in December 2022 by Mandiant, Sophos, and Sentinel One.

The three companies published a coordinated disclosure that malicious kernel drivers were being signed through several Microsoft hardware developer accounts. The joint researchers said these profiles had been used in a number of cyberattacks that included ransomware incidents. Microsoft subsequently revoked several Microsoft hardware developer accounts that were abused in these attacks.

Trend Micro’s researchers explained that malicious actors use different approaches to sign their malicious kernel drivers. In this case, the attackers tried to deploy the old driver disclosed by Mandiant, but because this driver had already been known and detected, the threat actors deployed another kernel driver signed by a stolen or leaked cross-signing certificate. The kernel driver typically gets used during the evasion phase, say the Trend researchers.

The recent activity of the BlackCat ransomware group signals a disturbing escalation in the cyber threat landscape, said Craig Jones, vice president of security operations at Ontinue. Jones said by exploiting signed kernel drivers, this raises the stakes in an ongoing high-stakes game of “digital cat and mouse” between cyber criminals and those tasked with thwarting their attempts.

“One of the intriguing aspects of this incident is the fact that the ransomware operators are using malicious kernel drivers signed through Microsoft’s portals or using stolen certificates,” said Jones. “This offers them privileged-level access to the systems they attack and lets them bypass security protocols. It also indicates a high level of sophistication and a solid understanding of Windows system operations. They are essentially used to manipulate and…

Source…