Tag: Hidden | Page 5

More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic

September 30, 2021/in Computer Security

Organizations that have not implemented controls for detecting malware hidden in encrypted network traffic are at risk of having a vast majority of malicious tools being distributed in the wild, hitting their endpoint devices.

A study of threat activity conducted by WatchGuard Technologies using anonymized data gathered from customer networks showed 91.5% of malware detections in the second quarter of 2021 involved malware arriving over HTTPS-encrypted connections. Only 20% of organizations currently have mechanisms for decrypting and scanning HTTPS traffic for malware, meaning the remaining 80% are at risk of missing nine-tenths of the malware hitting their networks daily, WatchGuard said.

Corey Nachreiner, chief security officer at WatchGuard, says one reason why more organizations have not enabled network-based HTTPS decryption controls is because of both the perceived and somewhat real complexity of this setup.

“[For] man-in-the-middle decryption to work without messing up the sanctity of the HTTPS certificates that secure that traffic, you have to set up an intermediate or root CA certificate that is part of the official certificate verification process,” he says.

There are multiple ways to do this, some of which are tricky and others not as complicated.

“In short, it does take some work to do this the first time — and create exceptions so it starts working well — which is why some don’t make the effort,” Nachreiner says. “But we firmly believe it is worth the effort because otherwise your network security will miss a lot.”

The data point on encrypted malware is one among several in a report WatchGuard released this week that highlighted troubling trends for organizations on the malware front.

WatchGuard’s analysis, for instance, showed the number of script-based, or fileless, attacks in the first six months of this year alone had already reached 80% of the total for all of 2020. Data from last quarter suggested that fileless malware is on track to double in volume this year compared with 2020.

Like encrypted malware, fileless attacks, such as those involving the use of JavaScript, PowerShell, and Visual Basic, are another threat not easily detected by some…

Source…

Hidden Botnet C&C on Legitimate Infrastructure? The Case of 000webhostapp[.]com

May 11, 2021/in Internet Security

Note: Thanks to Dancho Danchev, WhoisXML API’s DNS Threat Researcher, for the initial investigation available here, which led to the creation of this post.

Threats can come from anywhere, even from legitimate hosting infrastructure. In fact, many cybercriminals often host their command-and-control (C&C) servers in known hosting providers’ networks, sometimes those that offer bulletproof hosting services, to evade detection and consequent blocking.

We found that one service provider that has been recently abused by cyber attackers is Hostinger. Two WhoisXML API studies specified 93 IP addresses, 119 subdomains of the domain 000webhostapp[.]com, and four name servers, all part of Hostinger’s infrastructure, that have played a part in botnet operations.

We used a variety of domain and IP intelligence tools to obtain as much information as possible on these to help cybersecurity teams better protect their networks.

IP Address Resolutions

We subjected the 93 IP addresses to reverse IP/DNS lookups to determine how many and what domains they resolved to over time according to passive Domain Name System (DNS) data.

The 93 IP addresses resolved to at least 300 domains each, amounting to a total of at least 27,900 domains. Note that the results of the reverse IP/DNS lookups we did listed only up to 300 domains per IP address queried even if there could be more resolutions.

After removing duplicate domains, we ended up with a list of 8,416. Of these, 48% (totaling 4,015 domains) use the .com top-level domain. In second and third place are .xyz (6% or 520) and .online (5% or 393) domains, respectively. The top 20 TLDs are shown in Chart 1 below.

Chart 1: Top 20 TLDs used by the domains connected to the Hostinger-hosted botnet C&C servers

Based on the data shown in Chart 1, it may be best for organizations that don’t want to employ IP-level blocking of the Hostinger IP addresses related to the campaign, to instead be especially wary of connected domains sporting the top 20 TLDs mentioned above. Companies that use Hostinger or have partners and customers that do may be among those who wouldn’t want to block the IP addresses. Some of these could have been hijacked by the…

Source…

Security Researchers Band Together To Expose Hidden Flaws In Zoom & Microsoft Teams / Digital Information World

April 10, 2021/in Computer Security

Vulnerabilities in the software makeup of popular video-conferencing apps Zoom and Microsoft Teams have been revealed by teams of hackers. For once, however, such an attack may not be as uninvited as usual considering all of these individuals were participating in a competition.

As part of the annual Pwn2Own competition, individuals proficient in coding and other computer security skills were put to the task of identifying potential weak points and design flaws in Zoom and Teams, as a prophylactic measure to prevent future mass hacking attacks from taking place. And what is Pwn2Own, one might venture to ask? Well, as can be surmised from the previous sentence, it’s a convention housing cybersecurity researchers and experts from across the globe, that mainly serves to address security concerns in popular applications by banding together and looking for them. Active since 2007, the Pwn2Own initiative started out in Vancouver as a response to the lack of initiative companies such as Apple were taking in beefing up their own security measures. From there on, the conference and competition has bloomed to involve a multinational audience, and has even been sponsored by the likes of Microsoft.

The sponsorships themselves are particularly of note due to the exorbitant amount of money participants win if they successfully expose weaknesses and deficits in the software presented. This year’s contestants were awarded a total sum of USD $40,000, even if it came at the expense of inciting minor paranoia in users of Zoom and Microsoft Teams. Then again, one must ponder, what were the weak links? What oversights did developers make in this process? Well, let’s get around to addressing them.

Without delving too much into technical jargon, Zoom’s safety boundaries were overcome via a third-party software developed by the participants themselves. Instead of relying on malware, however, all it took was a software appearing as a calculator to breach security. This bizarre act of ingenuity was achieved by two developers from the Netherlands-based cybersecurity firm Computest. Microsoft Teams also received sufficient attention, as multiple individuals (both independent workers and firm…

Source…

Screen recording, Smart Lock and Android’s other best hidden features

March 9, 2021/in Mobile Security

Google Pixel 5 smartphone — Your Android phone has a treasure trove of hidden features.

Stephen Shankland/CNET

Part of the appeal of using an Android phone is the wide variety of hardware and software options. For instance, the experience you get from a Google Pixel phone is very different from what a Galaxy S21 offers, and then you add OnePlus into the mix and the experience diverges even more. That said, the core Android experience remains nearly the same. All three manufacturers use Android, sharing the same features — some of which are hidden.

And now that Google has released the first developer beta of Android 12 (which you can install if you like living on the edge), the staple Android features are only getting better, and there are sure to be more hidden features.

Take screen recording as an example. It’s a feature that you may not even realize Google added with the rollout of Android 11, but it’s there, just waiting to help you show off your gaming skills. Also, the ability to use two apps at the same time is not only something iPhone users can only dream about but it’s also downright useful and built into your Android phone (this feature isn’t new, at least for Pixel phones) — you just have to know where to look. One of my favorite hidden features is called Smart Lock, a tool that keeps my phone unlocked when I’m at home, then reverts back to requiring my fingerprint or PIN code when I leave. It’s convenient and it allows me to keep my phone secure when I’m not at home.

Keep in mind, the features below may not look or work exactly the same on every phone, and that’s because different Android device manufacturers like to use unique interfaces. My…

Source…

Tag Archive for: Hidden

IP Address Resolutions

Get more out of your tech