Tag Archive for: Kind

A whole new kind of Linux malware has been found in the wild

/in


A new type of Linux malware has been identified after going unnoticed for two years thanks to work by cybersecurity researchers from Group-IB.

The newly uncovered Linux Remote Access Trojan (RAT), Krasue, was first registered on Virustotal, and has since been targeting primarily telecommunications companies in Thailand.

Source…

Microsoft reveals how hackers stole its email signing key… kind of

/in


A series of unfortunate and cascading mistakes allowed a China-backed hacking group to steal one of the keys to Microsoft’s email kingdom that granted near unfettered access to U.S. government inboxes. Microsoft explained in a long-awaited blog post this week how the hackers pulled off the heist. But while one mystery was solved, several important details remain unknown.

To recap, Microsoft disclosed in July that hackers it calls Storm-0558, which it believes are backed by China, “acquired” an email signing key that Microsoft uses to secure consumer email accounts like Outlook.com. The hackers used that digital skeleton key to break into both the personal and enterprise email accounts of government officials hosted by Microsoft. The hack is seen as a targeted espionage campaign aimed at snooping on the unclassified emails of U.S. government officials and diplomats, reportedly including U.S. Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns.

How the hackers obtained that consumer email signing key was a mystery — even to Microsoft — until this week when the technology giant belatedly laid out the five separate issues that led to the eventual leak of the key.

Microsoft said in its blog post that in April 2021, a system used as part of the consumer key signing process crashed. The crash produced a snapshot image of the system for later analysis. This consumer key signing system is kept in a “highly isolated and restricted” environment where internet access is blocked to defend against a range of cyberattacks. Unbeknownst to Microsoft, when the system crashed, the snapshot image inadvertently included a copy of the consumer signing key 1️⃣ but Microsoft’s systems failed to detect the key in the snapshot 2️⃣.

The snapshot image was “subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network” to understand why the system crashed. Microsoft said this was consistent with its standard debugging process, but that the company’s credential scanning methods also did not detect the key’s presence in the snapshot image 3️⃣.

Then, at some point after the snapshot image was moved to…

Source…

Virginia Tech, international partners debut first-of-its kind test bed for resiliency, security in space-based internet networks | VTx

/in


The soaring goal of Elon Musk’s Starlink and other satellite internet projects is to provide high-speed, low-latency broadband internet across the globe. But there are still some big questions that need to be answered — including how to build a resilient, secure network in space.

To examine such questions, Commonwealth Cyber Initiative (CCI) researchers at Virginia Tech have partnered with the University of Surrey in the United Kingdom to build the world’s first hardware-in-the-loop test bed that emulates the changing connectivity of a mega satellite constellation at scale. The researchers introduced the test bed at an intercontinental workshop July 12-13.

“We wanted to establish a shared community vision and brainstorm about what would be possible and what would be most useful in a space networking infrastructure,” said CCI researcher Jonathan Black, professor of aerospace engineering.

Besides uniting researchers and funding agencies on both sides of the Atlantic, the interdisciplinary workshop involved members of the satellite and aerospace community as well as the computer networking and communication communities, including researchers from Wireless@VT in the Bradley Department of Electrical and Computer Engineering and the Center for Space Science and Engineering Research (Space@VT).

Workshop speakers included representatives from NASA Goddard Space Flight Center and the National Science Foundation as well as Ella Atkins, Fred D. Durham Chair and incoming department head for the Kevin T. Crofton Department of Aerospace and Ocean Engineering.

“In order to repair, upgrade, and refuel in space, we need to build for efficiency and disruption,” said Atkins, who called into the workshop from her rural home via Starlink. “By grounding communications and networking in long-term space robotics, our researchers are building the future of space engineering.”

According to Atkins and Black, the future of space engineering requires effective communication — and the next step is connecting satellite networks.

Breaking out of space siloes

On the ground, network internet service providers are interconnected. A Verizon network user can talk with someone on an AT&T network,…

Source…

In Israel, ransomware attacks against private companies pose a new kind of national security threat

/in


Every week approximately a thousand institutions in Israel are hit with a cyberattack. It is a constant barrage of computer infiltrations. Most are ransomware attacks, and the motive was money.

Until recently. 

In 2021, several incidents featured attackers demanding ransom, but their behavior ran counter to typical ransomware heists and suggested that lurking beneath the surface, they had different goals. They made their demands with extroverted gusto, like they intended their crime to be a public act. The targets were mainly mid-sized companies such as dating apps and insurance companies, large enough to cause public concern but not large enough to spark action from the Israeli state. Most telling, the groups behind the attacks have been linked to Iran to varying degrees. 

“I call this a hybrid threat. There are attacks that are considered political-cyber-offensive, which are by states or by non-state actors but with a political agenda,” said Gabi Siboni, the head of the cyber security program at The Jerusalem Institute for Strategy and Security. “And there are cyber criminals. But what you can see is that it’s getting mixed.”

This new generation of ransomware attacks underscores how a new front in the conflict between Iran and Israel is developing. Ostensibly financial crimes, ransomware has become a tool of statecraft with the geopolitical aim to damage the social bonds of Israeli society and public trust in the country’s institutions, rather than to damage infrastructure or extract a financial bounty.

While the Israeli Cyber Directorate has issued multiple recommendations and warnings about this new “wave of attacks,” the responsibility to protect private computer systems still rests with companies. The advent of geopolitical ransomware exploits a structural vulnerability: a route to damage the social cohesion of a country via geopolitical attacks that bypass state defenses.

Last October, in what is called the “Atraf” hack, Black Shadow, a group with links to Iran, hacked into the servers of CyberServe, an Israeli hosting company, accessing websites and applications of the company’s customers.

Among its customers was…

Source…