Tag Archive for: harden

Price of zero-day exploits rises as companies harden products against hackers

/in


Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as these products get harder to hack.

On Monday, startup Crowdfense published its updated price list for these hacking tools, which are commonly known as “zero-days,” because they rely on unpatched vulnerabilities in software that are unknown to the makers of that software. Companies like Crowdfense and one of its competitors Zerodium claim to acquire these zero-days with the goal of re-selling them to other organizations, usually government agencies or government contractors, which claim they need the hacking tools to track or spy on criminals.

Crowdfense is now offering between $5 and $7 million for zero-days to break into iPhones, up to $5 million for zero-days to break into Android phones, up to $3 million and $3.5 million for Chrome and Safari zero-days respectively, and $3 to $5 million for WhatsApp and iMessage zero-days.

In its previous price list, published in 2019, the highest payouts that Crowdfense was offering were $3 million for Android and iOS zero-days.

The increase in prices comes as companies like Apple, Google, and Microsoft are making it harder to hack their devices and apps, which means their users are better protected.

“It should be harder year over year to exploit whatever software we’re using, whatever devices we’re using,” said Dustin Childs, who is the head of threat awareness at Trend Micro ZDI. Unlike CrowdFense and Zerodium, ZDI pays researchers to acquire zero-days, then reports them to the companies affected with the goal of getting the vulnerabilities fixed.

“As more zero-day vulnerabilities are discovered by threat intelligence teams like Google’s, and platform protections continue to improve, the time and effort required from attackers increases, resulting in an increase in cost for their findings,” said Shane Huntley, the head of Google’s Threat Analysis Group, which tracks hackers and the use of zero-days.

In a report last month, Google said it saw hackers use 97 zero-day…

Source…

Google Revealed Kernel Address Sanitizer To Harden Android Firmware

/in


Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.

However, it has a big attack surface with over 2.5 billion active Android devices all over the world.

It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.

Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.

Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.

Android Firmware And Beyond

KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

  • Understand the importance of a zero trust strategy
  • Complete Network security Checklist
  • See why relying on a legacy VPN is no longer a viable security strategy
  • Get suggestions on how to present the move to a cloud-based network security solution
  • Explore the advantages of converged network security over legacy approaches
  • Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.

Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime. 

For user-space targets, enabling ASan is…

Source…

Understanding these nine ransomware stages can help harden cyber defenses

/in


Ransomware payouts are on track to make 2023 another banner year for criminals, netting more than $440 million since January, according to a recent analysis by Chainalysis. But there are ways for organizations to blunt the impact.

First, some background: One of the reasons for ransomware’s continuing success, according to Chainalysis, is the success of what is popularly called “big-game hunting,” or going after large enterprises with deep pockets and the promise of big ransom rewards. Witness the reach of the Clop gang with exploits of Progress Software Corp.’s MOVEit file transfer software. Chainalysis estimates an average payout of $1.7 million per victim.

But the trend has other contributing factors, such as an increased number of successful attacks on smaller targets. Also, as more victims refuse to pay some security analysts think this has motivated attackers to ask for higher ransoms across the board or use more extortion techniques to convince victims to pay. Ransomware continues to be a growth business opportunity for criminals, whether or not victims pay up, because stolen data carries a certain value on the dark web, the shady corner of the internet reachable with special software.

To bring more clarity to the rise in ransom payments, we examined reports by six security firms that tried to categorize the various steps involved in a typical ransomware attack:

  • EJ2 Communications Inc. Flashpoint’s Anatomy of a Ransomware attack (seven stages, July 2023)
  • Google LLC Mandiant’s m-Trends June 2023 report (which breaks down the recent Ukrainian cyberattacks into five stages)
  • Palo Alto Networks Inc. Unit 42’s Stages of a Ransomware attack (five stages, February 2023)
  • Blackberry Ltd.’s Anatomy of a Ransomware attack (eight stages, October 2022)
  • JP Morgan Chase & Co.’s Anatomy of a Ransomware attack (five stages, September 2022)
  • Darktrace PLC’s Nine Stages of Ransomware (it is really six discrete stages, December 2021)

Many of these companies have ulterior motives in laying out their ransomware models, in that they sell research based on their own telemetry (such as Palo Alto Networks and Mandiant) or products that can help find or mitigate malware…

Source…

Edelman: Nothing is safe from cyberattacks, we must harden our security and hold Russia accountable | COMMENTARY

/in


Last year, Russian government hackers succeeded in planting spyware in more than 18,000 government and business systems through what’s known as a “supply chain attack.” The infected sites use software from a company named SolarWinds to monitor and manage their computer systems. The hackers planted malware in a SolarWinds update that allowed them to access virtually all the data on the infected machines. The Russian government could and did read anything and everything from government sites including the departments of Homeland Security, State, Commerce and Treasury. After the attack had been exposed in November, House Intelligence chair Adam Schiff described the attack as “devastating.” Senate Republicans said, “We should make it clear that there will be consequences.” Even now, six months after the intrusion was detected, we don’t know the extent of the breach.

Source…