Have you ever wondered about the invisible dangers that exist in the digital world, waiting to compromise your device and personal information?
Malware, a portmanteau of malicious software, is a broad term encompassing various types of harmful programs designed to infiltrate, damage, or disrupt computer systems. In this article, we’ll delve into different malware types, demystifying these digital threats with real-world examples.
https://spinsafe.com/wp-content/uploads/2023/12/1JCmR6KvuqbtueNl8LWs5YA.jpeg415739SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-12-10 08:00:082023-12-10 08:00:08Revealing Malware Secrets in a Digital World #POST 47 | by Monty Excel | Dec, 2023
In a Black Hat exclusive interview with Cybernews, two Radware threat researchers turned ‘undercover hacktivists’ pose as pro-Russian sympathizers, revealing new insights into the inner workings of the cyberterrorist gang NoName057(16).
“The importance of NoName for us, if you look at the number of attacks that their doing, it’s much bigger than, for example, Anonymous Sudan or even Killnet,” said the Radware researchers, who asked to remain anonymous for security reasons.
Calling Killnet media savvy, the researchers pointed out that “Killnet makes it a lot into the news, but actually, in terms of attacks and targeting, they don’t do that much anymore.”
Anonymous Sudan and Killnet, whose self-proclaimed leader is known as Killmilk, are just two of the well-known pro-Russian hacktivist groups that have been actively targeting Ukraine and the West since the Russian invasion last spring – but more on that later.
The two unnamed insiders sat down with me to tell their tale on the last day of the Black Hat USA convention, settling in at a random table on the floor of the swag-filled Business Hall, away from the commotion.
Cybernews readers will get to see the visuals accompanying their research – For Intel and Profit: Exploring the Russian Hacktivist Community – here for the first time.
From insights into the ever-evolving Russian hacktivist landscape to documenting NoName’s steady stream of persistent attacks, these security gurus have proven firsthand that the gang’s crowdsourced “DDoSia” platform is providing a steady stream of crypto payouts to otherwise ordinary citizens whose only commonality is that they despise Ukraine and any of its Western supporters.
Furthermore, according to the duo, it’s not going to stop anytime soon.
Image by Radware
Who is NoName057(16)?
Before we dive right into the gang’s newly discovered operations, let’s briefly profile this steadfast group of attackers and find out what they’ve been up to since they first entered the scene back in March of 2022, and more recently.
To begin with, Radware’s research shows that NoName dominated the pro-Russian hacktivist landscape in the first half of 2023, carrying out a whopping 1174…
Plenty of people tried to access the system. Over the past three years, it has captured 21 million login attempts, with more than 2,600 successful logins by attackers brute-forcing the weak password they purposefully used on the system. They recorded 2,300 of these successful logins, gathered 470 files that were uploaded, and analyzed 339 of the videos with useful footage. (Some recordings were just a couple of seconds long, and proved less useful.) “We cataloged the techniques, the tooling, everything done on these systems,” Bilodeau says.
Bergeron and Bilodeau have grouped the attackers into five broad categories based on character types from the role-playing game Dungeons and Dragons. Most common were the rangers: once these attackers were inside the trap RDP session, they would immediately start exploring the system, removing Windows antivirus tools, delving into folders, looking at the network it was on and other elements of the machine. Rangers wouldn’t take any action, Bergeron says. “It’s basic recon,” she says, suggesting they may be evaluating the system for others to enter it.
Barbarians were the next most frequent kind of attackers. These use multiple hacking tools, such as Masscan and NLBrute, to brute-force their way into other computers, the researchers say. They work through a list of IP addresses, usernames, and passwords, trying to break into the machines. Similarly, the group they call wizards use their access to the RDP to launch attacks against other insecure RDPs—potentially masking their identity across many layers. “They use the RDP access as a portal to connect to other computers,” Bergeron says.
The thieves, meanwhile, do what their name implies. They try to make money out of the RDP access in any way possible. They use traffic monetization websites and install crypto miners, the researchers say. They might not earn a lot in one go, but multiple compromises can add up.
The final group Bergeron and Bilodeau observed is the most haphazard: the bards. These people, the researchers say, may have purchased access to the RDP and are using it for a variety of reasons. One person the researchers watched Googled the “strongest virus ever,”…
A chain of recent, devastating hacks is exposing some of the Internet’s most fiercely guarded secrets, stepping up a guerrilla struggle between tech firms and anonymous hackers and raising fears that everyday Internet users could get caught in the crossfire.
Hackers this week dumped a colossal haul of data stolen from Twitch, the Amazon-owned streaming site, revealing what they said was not just the million-dollar payouts for its most popular video game streamers but the site’s entire source code — the DNA, written over a decade, central to keeping the company alive.
Load Error
That followed the hack by the group Anonymous that exposed the most crucial inner workings of Epik, an Internet services company popular with the far right, and triggered firings and other consequences for some of the company’s clients whose identities had previously been undisclosed.
The Epik hack also made way for breaches into the websites of the Texas GOP, one of America’s biggest state party affiliates, and the Oath Keepers, a far-right militia group that contributed to the storming of the U.S. Capitol on Jan. 6. A California sheriff faced calls for his resignation this week after the hack showed evidence that he had been a member of the group in 2014.
The perpetrators of these hacks are distancing themselves from financially driven cybercriminals and ransomware gangs by portraying their attacks as moral crusades against what they said were the companies’ sins. In celebratory notes released alongside their data dumps, the Epik hackers said they were sick of the company serving hateful websites, while the Twitch hackers used a hashtag criticizing company efforts to confront harassment and said the site had become a “disgusting cesspool.”
“Jeff Bezos paid $970 million for this,” the hackers wrote, referring to the price Amazon paid to buy the company in 2014. “We’re giving it away FOR FREE.” (Bezos, Amazon’s founder, owns The Washington…
https://spinsafe.com/wp-content/uploads/2021/10/AAPfCx7.img.jpeg6301200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-10-07 22:30:052021-10-07 22:30:05Hackers are waging a guerrilla war on tech companies, revealing secrets and raising fears of collateral damage
![An advertising board for Twitch during the 2016 Electronic Entertainment Expo video game conference in Los Angeles. (Photo by Frederic J. Brown / AFP via Getty Images)](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"50","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAPfCx7.img?h=497&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"39","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAPfCx7.img?h=389&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"39","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAPfCx7.img?h=389&w=624&m=6&q=60&o=f&l=f"}})
