Tag Archive for: tool

This dangerous hacking tool is now on the loose

/in


A dangerous post-exploitation toolkit, first used for cybersecurity purposes, has now been cracked and leaked to hacking communities.

The toolkit is being shared across many different websites, and the potential repercussions could be huge now that it can fall into the hands of various threat actors.

Brute Ratel logo.
Bleeping Computer

This could be bad. The post-exploitation toolkit in question, called Brute Ratel C4, was initially created by Chetan Nayak. Nayak is an ex-red teamer, meaning that his job included attempting to breach the securities of a given network, which was being actively defended by those on the blue team. Afterward, both teams discuss how it went and whether there are some security flaws to improve upon.

Brute Ratel was created for that exact purpose. It was made for “red teamers” to use, with the ultimate purpose of being able to execute commands remotely on a compromised network. This would then grant the attacker access to the rest of the network in an easier way.

Cobalt Strike is seen as a similar tool to Brute Ratel, and that tool has been heavily abused by ransomware gangs, which is why it’s fairly easy to detect. Brute Ratel has not been quite as widely spread up until now, and it has a licensing verification system that mostly kept the hackers at bay. Nayak is able to revoke the license of any company found to be fake or misusing the tool.

Unfortunately, that’s now a thing of the past, because a cracked version of the tool started to circulate. It was first uploaded to VirusTotal in its uncracked state, but a Russian group called Molecules was able to crack it and entirely remove the licensing requirement from it. This means that now, any potential hacker can get their hands on it if they know where to look.

Will Thomas, a cyber threat intelligence researcher, published a report on the cracked version of the tool. It has already spread to many English and Russian-speaking communities, including CryptBB, RAMP, BreachForums, Exploit[.]in, Xss[.]is, and Telegram and Discord groups.

Person typing on a computer keyboard.

“There are now multiple posts on multiple of the most populated cybercrime forums where data brokers, malware developers, initial access brokers, and ransomware affiliates all hang…

Source…

Investigating NATO-Themed Phishing Lures With EclecticIQ Intelligence Center and Endpoint Response Tool

/in


tool-stix-icon

Synopsis

With cyberattacks such a common occurrence, analysts must be able to stay ahead of the curve by investigating files and indicators of compromise quickly and efficiently. The EclecticIQ Intelligence Center (IC) is the perfect tool to facilitate investigations like these. This post will describe how EclecticIQ’s Intelligence & Research analysts used the IC to investigate the potential maliciousness of files leveraging NATO-themed phishing lures, and how they operationalized this intelligence by feeding it into the EclecticIQ Endpoint Response (ER) security tool.

The Need for Targeted Collection: The Benelux Region’s Unique Concerns About Cyber Threats

If past attacks are any indicator of future risk, Belgium, the Netherlands, and Luxembourg (collectively Benelux) region of Europe is an attractive target for cyber threat actors. A review of past cyberattacks targeting Benelux shows that the number of attacks targeting this region has grown in a way that is typical for what one might expect in a relatively connected, business-intense region. (1, 2) It is difficult to know the exact number of cyberattacks since many go unreported, but based on those that are reported, analysts note a few patterns. Most Belgium, Luxembourg, and The Netherlands-focused cyberattacks remain localized; they are severe enough to make news and to be disruptive by reducing or suspending services, but generally, the damage from attacks is contained. Often, individuals or assets in the region may be caught up in wide-reaching software vulnerabilities or supply chain issues, simply because they are part of an international network of users. Judging from news and press, cyberattacks were also typical in that they appear opportunistic with attackers pursuing any vulnerable target they find, regardless of industry; schools and universities, businesses, and government entities have been victimized in recent years. (3, 4, 5, 6, 7, 8, 9)

DevOps Experience 2022

Defining Initial Collection Requirements: Identify and Sample Benelux-Based Potential Targets

To dig deeper into the Benelux cyber threat landscape, analysts developed a list of possible high-profile targets in those three countries; the list included government and…

Source…

Security researchers successfully hijack Windows 11’s Power Automate tool

/in


In a nutshell: Windows 11 includes tools to automate repetitive tasks, saving users a lot of time. However, one security researcher says it can also save hackers a lot of time. Microsoft questions the vulnerability of its automation tools, but as usual regarding cybersecurity, human complacency may be the weakest link.

A research firm recently published methods for attackers to hijack automation tools that ship with Windows 11 to distribute malware and steal data across networks. The process comes with some caveats but marks another area of concern for IT security.

The vulnerability centers on Power Automate, a tool Microsoft packages with Windows 11 that lets users automate tedious or repetitive asks across various programs. Users can automatically backup files, convert batches of files, move data between programs, and more, optionally automating actions across groups through a cloud.

Power Automate comes with many pre-made functions, but users can create new ones by recording their actions, which the tool can later repeat. The program could gain widespread use because it requires little-to-no coding knowledge.

Michael Bargury, CTO of security company Zenity, thinks attackers can use Power Automate to more quickly spread malware payloads, explaining how in a June Defcon presentation. He released the code for the attack, called Power Pwn, in August.

Image credit: Windows Report

The biggest obstacle to hacking with Power Automate is the fact that an attacker needs to already have access to someone’s computer or have penetrated a network through other nefarious methods. Bargury told Wired that if an attacker then creates a Microsoft cloud account with administrative privileges, they can use automated processes to push ransomware or steal authentication tokens. Attacks using Power Automate could be harder to detect because it technically isn’t malware and carries an official Microsoft signature.

Microsoft wrote about a 2020 incident in which attackers used a company’s automation tools against it. Windows 11 and Power Automate weren’t around back then, but the case provides a real-world example of the same fundamental technique.

Microsoft claims any fully…

Source…

Passwords Are Here To Stay and There’s a Tool You Need To Know About

/in


* This is a contributed article. The IBTimes news staff was not involved in the creation of this article and this content does not necessarily represent the views of IBTimes. When you buy through links on our site, we may earn an affiliate commission. Here are our T&C. For licensing please click here.

Why Is the Password Sticking Around?

It’s clear that a lot has changed over the past two decades when it comes to Internet security. For example, WPA Wifi protection, released in the year 2000, is now considered hazardous by today’s standards. Something that hasn’t changed however, is the fact that alphanumeric passwords still remain the dominant force when it comes to internet authentication.

Passwords Are Here To Stay and There's
Passwords Are Here To Stay and There’s a Tool You Need To Know About | Introducing Passwork
Pixabay

This is peculiar on the one hand, as passwords are easily lost, forgotten, compromised and ‘found’ by the wrong people. On the other hand, they are much more convenient than biometrics and multi-factor authentication; perhaps it’s just a force of habit, or perhaps they are truly the perfect method of authentication, and there’s simply no better way to authenticate someone than probing their brain for a string of neural connections that create a personalised word and/or numerical combination.

Regardless of the reasoning, the fact remains true – Passwords are here to stay. For most people, this isn’t much of a problem, but when it comes to business, where passwords are shared, frequently compromised in data-breaches, taken with employees who leave the company and changed all the time – it can be a real headache. And it gets worse; according to a survey by Slack, 72% of post-pandemic employees now report that they prefer a hybrid remote-office model. This means that a company in today’s world not only has to manage passwords in the office, but out of the office too, on work computers, devices, sometimes even on an international stage.

With this in mind, for the modern business, that headache is being turned into a nightmare.

So, what can businesses do, in a post-pandemic, password-preferring world? The short answer would be to get a password manager. The longer, better answer would be to book a demo…

Source…