Tag Archive for: entire

This popular game gives hackers access to your entire PC


Hackers have been abusing the anti-cheat system in a massively popular game, and you don’t even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game’s anti-cheat measures in order to disable antivirus programs on the target machine. From there, they’re free to conduct ransomware attacks and take control of the device.

An overview of the Genshin Impact hack.
Trend Micro

Trend Micro prepared a lengthy report about this new hack, describing the way it works in great detail. The attack can be carried out using a Genshin Impact driver called “mhypro2.sys.” As mentioned above, the game doesn’t need to be installed on the targeted device. The module can operate independently and doesn’t need the game in order to run.

Researchers have found proof of threat actors using this vulnerability to conduct ransomware attacks since July 2022. While it’s unclear how the hackers are initially able to gain access to their target, once they’re in, they’re able to use the Genshin Impact driver in order to access the computer’s kernel. A kernel generally has full control over everything that happens in your system, so for threat actors to be able to access it is disastrous.

The hackers used “secretsdump,” which helped them snatch admin credentials, and “wmiexec,” which executed their commands remotely through Windows’ own Management Instrumentation tool. These are free and open-source tools from Impacket that anyone could get their hands on if they wanted to.

With that out of the way, the threat actors were able to connect to the domain controller and implant malicious files onto the machine. One of these files was an executable called “kill_svc.exe” and it was used to install the Genshin Impact driver. After dropping “avg.msi” onto the desktop of the affected computer, four files were transferred and executed. In the end, the attacker was able to completely kill the computer’s antivirus software and transfer the ransomware payload.

After some hiccups, the adversaries were able to fully load the driver and the ransomware onto a network share with the goal of mass deployment,…

Source…

An Internet of Things Future Means Securing Entire Supply-Chains


By Nils Gerhardt, Chief Technology Officer for Utimaco

The ‘Internet of Things’ (or IoT) is far more than smart speakers and app-connected lightbulbs: in less than a decade it has gone from a buzzword to a vital part of tens of thousands of businesses, and by 2030 the industry could be worth $12.6 globally.

Its value proposition is clear: ‘data’ is being created everywhere, whether it is traffic and footfall flows or CO2 emissions, and a vast network of sensors can capture that data. Once collected it can be analysed – something that is much easier now that cloud computing gives anyone access to the capabilities of a supercomputer. Devices can then make changes as needed.

This is already powering ‘smart cities’, though we are only just beginning to utilise its full potential, and is a key component in Industry 4.0, a term for the ‘fourth industrial revolution’ in manufacturing in which every component in a production line exists as much in the digital as the physical world, with 5G networks constantly exchanging data to make factories more efficient and proactively address maintenance problems. Combined with robotics, autonomous systems and 3D printing, a factory or warehouse could potentially run without the need for humans.

Of course, anywhere that data is being exchanged through internet-connected components is a potential vector for attack. We have already seen how ransomware can have devastating consequences in industrial settings, but imagine what could be done if bad actors gained access to a factory, oil refinery or energy production facility’s IoT network. By just increasing the amount of torque a robotic screwdriver uses they could ruin whole batches of products, or by turning off heatsinks they could start a fire. More worrying, IoT systems have already been hijacked and turned into huge botnets. This could mean that tens of thousands of smart devices could be turned into spam email servers, or they could flood targets with traffic in Distributed Denial of Service (DDoS) attacks.

Does network always mean vulnerability?

In a business ‘campus’ in which everything is connected to everything else, one wireless thermostat with an unpatched…

Source…

This security flaw could impact the entire internet. Here’s what you should know


A critical flaw in widely used software has cybersecurity experts raising alarms and big companies racing to fix the issue.The vulnerability, which was reported late last week, is in Java-based software known as “Log4j” that large organizations use to configure their applications — and it poses potential risks for much of the internet.Related video above: Parents are concerned about their child’s safety on the internetApple’s cloud computing service, security firm Cloudflare, and one of the world’s most popular video games, Minecraft, are among the many services that run Log4j, according to security researchers.Jen Easterly, head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), called it “one of the most serious flaws” seen in her career. In a statement on Saturday, Easterly said “a growing set” of hackers are actively attempting to exploit the vulnerability.As of Tuesday, more than 100 hacking attempts were occurring per minute, according to data this week from cybersecurity firm Check Point. “It will take years to address this while attackers will be looking… on a daily basis ,” said David Kennedy, CEO of cybersecurity firm TrustedSec. “This is a ticking time bomb for companies.”Here’s what you should know:What is Log4j and why does it matter?Log4j is one of the most popular logging libraries used online, according to cybersecurity experts. Log4j gives software developers a way to build a record of activity to be used for a variety of purposes, such as troubleshooting, auditing and data tracking. Because it is both open-source and free, the library essentially touches every part of the internet. “It’s ubiquitous. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open source libraries you use depends on Log4j,” Chris Eng, chief research officer at cybersecurity firm Veracode, told CNN Business. “This is the nature of software: It turtles all the way down.”Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon, all run the software. It could present in popular apps and websites, and hundreds of millions of devices around the world that…

Source…