Tag Archive for: Groups

At least 10 hacking groups using Microsoft software flaw: researchers

/in


By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – At least 10 different hacking groups are using a recently discovered flaw in Microsoft Corp’s mail server software to break in to targets around the world, according to researchers at cybersecurity company ESET.

The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software. [L1N2L50GR]

The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will. Tens of thousands of organizations have already been compromised, Reuters reported last week.

While Microsoft has issued fixes, the sluggish pace of many customers’ updates – which experts attribute in part to the complexity of Exchange’s architecture – means the field remains at least partially open to hackers of all stripes. Experts are particularly concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.

Slovakia-based ESET said in a blog post issued on Wednesday there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to vulnerable Exchange servers to spread its malicious software.

ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks – several of which other researchers have tied to China. Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.

ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.

He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.

(Reporting by Raphael Satter and Christopher Bing in Washington; Editing by Matthew Lewis)

Source…

Go malware is now common, having been adopted by both APTs and e-crime groups

/in


go-lang.png

The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week.

The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away from C and C++ to Go, a programming language developed and launched by Google in 2007.

Intezer: Go malware, now a daily occurrence

While the first Go-based malware was detected in 2012, it took, however, a few years for Golang to catch on with the malware scene.

“Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence,” Intezer said in its report.

But today, Golang (as it’s often also referred to instead of Go) has broken through and has been widely adopted.

It is used by nation-state hacking groups (also known as APTs), cybercrime operators, and even security teams alike, who often used it to create penetration-testing toolkits.

There are three main reasons why Golang has seen this sudden sharp rise in popularity. The first is that Go supports an easy process for cross-platform compilation. This allows malware developers to write code once and compile binaries from the same codebase for multiple platforms, allowing them to target Windows, Mac, and Linux from the same codebase, a versatility that they don’t usually have with many other programming languages.

The second reason is that Go-based binaries are still hard to analyze and reverse engineer by security researchers, which has kept detection rates for Go-based malware very low.

The third reason is related to Go’s support for working with network packets and requests. Intezer explains:

“Go has a very well-written networking stack that is easy to to work with. Go has become one of the programming languages for the cloud with many cloud-native applications written in it. For example, Docker, Kubernetes, InfluxDB, Traefik, Terraform, CockroachDB, Prometheus and Consul are all written in Go. This makes sense given that one of the reasons behind the creation of Go…

Source…

Emotet reemerges and becomes one of most prolific threat groups out there.

/in


Deep Instinct’s Shimon Oren joins us to talk about his team’s research on “Why Emotet’s latest wave is harder to catch than ever before – Part 2.” Emotet appears to have reemerged more evasive than before, this time with a payload delivered from a loader that security tools aren’t equipped to handle.

Emotet, the largest malware botnet today, started in 2014 and continues to be one of the most challenging threats in today’s landscape. This botnet causes huge damage by spreading ransomware and info stealers to its infected systems. Recently, a rise in the number of Emotet infections was observed in France, Japan, and New Zealand. The high number of infections shows the effectiveness of the Emotet malware at staying undetected.

Shimon joins us to discuss how Deep Instinct investigated the payload that was encrypted inside the loader, analyzes the next steps in the infection process, and discovers the techniques used to make this malware difficult to analyze.

The original blog post and updated post on the research can be found here:

Source…

As security forces tighten noose, Pak-based terror groups resort to cyber recruitment in J-K: Officials

/in


SRINAGAR :
Pakistan’s intelligence agency and terror groups are now carrying out recruitment in Jammu and Kashmir using applications in cyber and mobile space as direct physical interactions have become difficult due to the security forces’ hawk-eyed vigil, officials said on Sunday.

Fake videos of alleged atrocities committed by the security forces and building a false narrative are now often used by the ISI handlers from Pakistan to whip up emotions among the new recruits, they said, citing intelligence reports and technical surveillance.

Earlier, terrorist sympathisers used to establish physical contact with the prospective recruits to bring them into a terror group’s rank and files. However, after security agencies cracked down on such sympathisers, they changed their modus operandi.

In 2020, over two dozen terror modules were busted by security agencies leading to the arrest of over 40 such sympathisers.

Two surrendered terrorists, Tawar Waghey and Amir Ahmed Mir, who laid down their arms before 34 Rashtriya Rifles of the Army late last month, had given an insight into their joining of terror modules that showed that cyber recruitment was being carried out on a large scale.

Both the terrorists had come in contact with a Pakistan-based handler via Facebook who indoctrinated them before handing them over to a recruiter code-named Khalid and Mohammed Abbas Sheikh.

The two terrorists were provided training online using various links available on public platforms like YouTube and both of them had met their local contact only once in Shopian in south Kashmir, the officials said.

This, according to the officials, is done to avoid exposure of sleeper cells created by Pakistan’s ISI within the valley. Security agencies have busted several modules following intelligence inputs provided by local residents.

The two terrorists, after being recruited into The Resistance Front (TRF), which is believed to be a shadow outfit of banned terror group Lashkar-e-Taiba, were receiving orders as well as religious teachings from Pakistan-based Burhan Hamza.

The officials said there were around 40 such cases…

Source…