Tag Archive for: tools

CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation

/in


A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.

RMM software is typically used by the IT departments of most large organizations around the world as a way to get remote access to a computer to help with software installations or other services needed by employees.

In recent years hackers have increasingly exploited these tools – particularly in government networks – as an easy way to circumvent security systems and establish longstanding access to victim networks. In January, for example, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency said at least two federal civilian agencies were exploited by cybercriminals as part of a refund scam campaign perpetrated through the use of RMM software.

In an announcement Wednesday, CISA said it worked with industry partners as part of the Joint Cyber Defense Collaborative (JCDC) to create a “clear roadmap to advance security and resilience of the RMM ecosystem.”

Eric Goldstein, CISA executive assistant director for cybersecurity, said the organization worked with other U.S. agencies as well as RMM companies to develop a plan focusing on four main tasks: vulnerability information sharing, industry coordination, end-user education and advisory amplification.

“The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem,” Goldstein said in a statement. “As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

RMM software allows hackers to establish local user access without the need for higher administrative privileges, “effectively bypassing common software controls and risk management assumptions,” CISA and the NSA said in their January announcement.

The agencies warned that threat actors could sell access to an exploited victim to government-backed hacking groups – noting that both cybercriminals and nation-states use RMM…

Source…

FBI admits it accidentally used NSO Group tools

/in


NSO Group, makers of spying tool Pegasus

The U.S. Federal Bureau of Investigation has admitted it has used software by iPhone hacking tool maker NSO Group, after an investigation discovered it was unwittingly doing so.

In April, a report from the New York Times determined that a contractor had bought and used a spying tool produced by NSO Group, specifically for use by the U.S. government. At the time, the White House claimed it didn’t know of a contract, and tasked the FBI to find out who was using it.

It turns out the FBI’s answer after the investigation was itself.

Contractor Riva Networks signed a deal in November 2021, reported The New York Times on Monday, days after the White House placed NSO Group on the Commerce Department blacklist. The tools from the Israeli security firm were effectively blocked from purchase by US businesses at that point.

However, the FBI contracted Riva networks, which in turn led to the use of an NSO tool as part of an investigation, which the FBI said occurred unwittingly.

FBI director Christopher Wray terminated the contract with the contractor in April after the discovery was made.

Contractor to blame

The FBI hasn’t explained why this situation occurred, but the tool in use was not the infamous Pegasus, but one called “Landmark.” Rather than hacking phones directly, Landmark instead is able to narrow down and track the location of a device.

In 2021, a senior FBI official provided numbers based in Mexico for Riva to search for, under a fugitive apprehension program. The FBI allegedly thought that Riva was using an in-house geolocation tool, rather than NSO software.

A later investigation found that Riva started using Landmark in 2021 without telling the FBI, and withheld the detail in its November 2021 contract renewal. This despite the FBI telling Riva and other contractors in 2021 that NSO products were off-limits.

In a statement, the FBI says it is tasked with locating fugitives around the world who are charged in U.S. courts, and that the FBI regularly contracts with companies for…

Source…

Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack

/in


Microsoft said it plans to offer free some tools that can spot cyberattacks following last week’s disclosure of a major security breach linked to Chinese hackers that was undetectable for some customers.

The decision to open up access to its back-end systems that log activity on the cloud came after Microsoft’s tiered payment system attracted criticism in the wake of an alleged Chinese cyber-espionage campaign, which the company said infiltrated its cloud-based email system and compromised inboxes at about two dozen organizations globally. The federal government, including officials at the State Department and Commerce Secretary Gina Raimondo, was among the victims of the attack, U.S. officials said.

Beginning in September, the technology company will make 31 critically important security logs available free to licensees of the company’s lower-cost cloud services, including the type of email log that was used to identify the China-linked attack, said Vasu Jakkal, a vice president of security at Microsoft. The company will also increase the duration of retention for security logs from 90 to 180 days, Jakkal said.

While logs don’t prevent cyberattacks, companies use them to detect and investigate hacks because the logs keep track of activity on Microsoft’s servers. In the recent China-linked breach, key logging information required to detect the attack was only available to purchasers of Microsoft’s top-tier Microsoft 365 cloud service, known as E5, officials said last week. That left some customers with cheaper plans no way of figuring out whether they had been hacked.

“This is a significant step forward to ensuring that every Microsoft customer has the right visibility to detect other threats that we know are targeting American organizations every day,” said Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency.

Jakkal and Goldstein said the effort to identify valuable security logs and provide them free to Microsoft customers had been continuing for…

Source…

Easy and cheap hacking tools are available online for anyone

/in


Phishing attacks, ransomware and data breaches have been ramping up over the last few years and threatening our digital lives more than ever before.

You don’t need to be a professional hacker living off the grid in a remote location guzzling energy drinks while you ply your crooked trade. Hacker toolkits are available online for anyone to purchase and they’re shockingly cheap and easy to use.

A dark marketplace

The Dark Web keeps internet activity private and anonymous. Dark Web content isn’t indexed by search engines, and you need special software to access it. You can imagine the applications for this, such as avoiding government censorship and keeping identities private.

The Dark Web is a hotbed for illegal activity, such as selling drugs and firearms. You can also find financial and personal information up for sale. Here’s to learn how much your stolen credit card is worth on the Dark Web.

Unsurprisingly, hacking tools known as Crimeware-as-a-Service (CaaS) or Malware-as-a-Service (Maas) are also on sale for as little as $40. Crooks who purchase these programs don’t need much know-how to deploy them. Last year phishing software purchased online targeted some of the biggest banks in the country.

Some malware is available as a subscription service. Fast Company reports that Eternity Stealer, which steals usernames, emails, and credit card numbers, goes for $260 per year.

Everything you do is at risk

Whether you’re buying something online or checking your email, you’re always a potential target for hacks and scams. With CaaS, the risk goes up even higher because the crooked tools are more readily available.

And as in any market, competition breeds innovation — hackers will compete with each other to make more sophisticated and user-friendly tools to get a leg up in the business. And that spells bad news for us all.

RELATED: Operation Cookie Monster brought down a massive hacker marketplace – See if your info was there

Now more than ever it’s important to protect…

Source…