Tag Archive for: Wild

Does AI-powered malware exist in the wild? Not yet

/in


AI is making its mark on the cybersecurity world.

For defenders, AI can help security teams detect and mitigate threats more quickly. For attackers, weaponized AI can assist with a number of attacks, such as deepfakes, data poisoning and reverse-engineering.

But, lately, it’s AI-powered­ malware that has come into the spotlight — and had its existence questioned.

AI-enabled attacks vs. AI-powered malware

AI-enabled attacks occur when a threat actor uses AI to assist in an attack. Deepfake technology, a type of AI used to create false but convincing images, audio and videos, may be used, for example, during social engineering attacks. In these situations, AI is a tool to conduct an attack, not create it.

AI-powered malware, on the other hand, is trained via machine learning to be slyer, faster and more effective than traditional malware. Unlike malware that targets a large number of people with the intention of successfully attacking a small percentage of them, AI-powered malware is trained to think for itself, update its actions based on the scenario, and specifically target its victims and their systems.

IBM researchers presented the proof-of-concept AI-powered malware DeepLocker at the 2018 Black Hat Conference to demonstrate this new breed of threat. WannaCry ransomware was hidden in a video conferencing application and remained dormant until a specific face was identified using AI facial recognition software.

Does AI-powered malware exist in the wild?

The quick answer is no. AI-powered malware has yet to be seen in the wild — but don’t rule out the possibility.

“Nobody has been hit with or successfully uncovered a truly AI-powered piece of offense,” said Justin Fier, vice president of tactical risk and response at Darktrace. “It doesn’t mean it’s not out there; we just haven’t seen it yet.”

Pieter Arntz, malware analyst at Malwarebytes, agreed AI-malware has yet to be seen. “To my knowledge, so far, AI is only used at scale in malware circles to improve the effectiveness of existing malware campaigns,” he said in an email to SearchSecurity. He predicted that cybercriminals will continue to use AI to enhance operations, such as targeted spam, deepfakes and social…

Source…

“The Lazarus Heist” explains North Korea’s wild hacking spree

/in


The Lazarus Heist. By Geoff White. Penguin Business; 304 pages; $29.95 and £20

The “hermit kingdom” of North Korea is so technologically backward that it is visible—or rather invisible—from space. Photographs taken at night show a country covered in darkness, with only a few pinpricks of light around Pyongyang, the capital. China, Japan and South Korea, by contrast, glow with artificial illumination.

But as Geoff White, a bbc journalist, explains in his rollicking new book, that backwardness has helped make a handful of North Koreans very technologically savvy indeed. He tells the story of the Lazarus Group, the name given by security analysts to a collection of North Korean state-sponsored hackers. In a country where access to the internet is a luxury afforded to only a tiny few, they have, over the past decade, become some of the world’s most prolific cybercriminals.

The Lazarus Group is thought to have been responsible for a $100m raid on Bangladesh’s central bank in 2016; the WannaCry malware attack that in 2017 hit organisations around the world, from Maersk, a shipping giant, to Britain’s National Health Service; and a string of more recent hacks and cryptocurrency frauds. The group’s various schemes are thought to have netted billions of dollars of precious foreign currency for the North Korean regime.

“The Lazarus Heist”, which is based on a bbc podcast of the same name, provides both a pacey insight into the cutting edge of modern crime and an equally fascinating portrait of life inside North Korea (gleaned from a mix of official sources and interviews with defectors). In theory, the regime preaches Juche, usually translated as “self-reliance”, deliberately isolating itself from the decadent capitalism that contaminates the rest of the world.

But self-imposed isolation has left North Korea impoverished and underdeveloped. Its pursuit of nuclear weapons has brought sanctions, compounding the problem. With the economy strangled and citizens poor and sometimes starving, Mr White describes a state trying its hand at a variety of criminal schemes, from counterfeiting to smuggling and cooking crystal meth, in an effort to earn foreign currency. Eventually it…

Source…

A New Android Banking Trojan Spotted in the Wild

/in


Android Banking Trojan

A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot.

The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor authentication (MFA) codes, and abuse Android’s Accessibility Service to monitor the victim’s device screen.

MaliBot is known to primarily disguise itself as cryptocurrency mining apps such as Mining X or The CryptoApp that are distributed via fraudulent websites designed to attract potential visitors into downloading them.

CyberSecurity

It also takes another leaf out of the mobile banking trojan playbook in that it employs smishing as a distribution vector to proliferate the malware by accessing an infected smartphone’s contacts and sending SMS messages containing links to the malware.

“MaliBot’s command-and-control (C2) is in Russia and appears to use the same servers that were used to distribute the Sality malware,” F5 Labs researcher Dor Nizar said. “It is a heavily modified re-working of the SOVA malware, with different functionality, targets, C2 servers, domains, and packing schemes.”

Android Banking Trojan

SOVA (meaning “Owl” in Russian), which was first detected in August 2021, is notable for its ability to conduct overlay attacks, which work by displaying a fraudulent page using WebView with a link provided by the C2 server should a victim open a banking app included in its active target list.

Some of the banks targeted by MaliBot using this approach include UniCredit, Santander, CaixaBank, and CartaBCC.

Accessibility Service is a background service running in Android devices to assist users with disabilities. It has long been leveraged by spyware and trojans to capture the device contents and intercept credentials entered by unsuspecting users on other apps.

CyberSecurity

Besides being able to siphon passwords and cookies of the victim’s Google account, the malware is designed to swipe 2FA codes from the Google Authenticator app as well as exfiltrate sensitive information such as total balances and seed phrases from Binance and Trust…

Source…

Karakurt warning. Clipminer in the wild. GootLoader evolves. Cyber ops in Russia’s hybrid war. Russian agencies buy VPNs.

/in


Dateline Moscow, Kyiv, Washington: Gray zone operations.

Ukraine at D+98: Friction in the gray zone. (The CyberWire) Advancing into the rubble it’s created, Russia’s army tries to come to grips with combat refusals. The White House says that the cyber operations NSA Director Nakasone alluded to this week are entirely consistent with the US policy of avoiding direct combat with Russia. Observers work to understand the state of the cyber phase of the hybrid war. And Russian censorship seems to be producing friction in some Russian government operations. (That’s why agencies in Moscow are buying VPNs.)

Russia-Ukraine war: List of key events, day 99 (Al Jazeera) As the Russia-Ukraine war enters its 99th day, we take a look at the main developments.

Exclusive: Ukraine troops retreating in Donbas have a plan, Luhansk governor says (Newsweek) Serhiy Haidai told Newsweek the defenders remain defiant despite the intense Russian attacks, which included a strike on a chemical plant.

Russia-Ukraine latest news: Kyiv may switch off Europe’s largest nuclear powerplant (The Telegraph) Ukraine would consider switching off its Zaporizhzhia nuclear power plant that lies in Russian-occupied territory if Kyiv loses control of operations at the site, an aide to the prime minister has said, Interfax news agency reports.

Documents Reveal Hundreds of Russian Troops Broke Ranks Over Ukraine Orders (Wall Street Journal) Desertions and refusal to engage in the invasion have put Moscow in a bind over how to punish service members without drawing more attention to the problem. “So many people don’t want to fight.”

The Russian Military’s People Problem (Foreign Affairs) It’s hard for Moscow to win while mistreating its soldiers.

Zelensky will be tried as war criminal if Russia captures him (Newsweek) A lawmaker in the self-declared, Russia-backed Donetsk People’s Republic accused Ukraine’s president of sending “neo-Nazis to Donbas to kill civilians.”

Six lessons the Ukraine conflict has taught us about modern warfare (The Telegraph) From drones to the use of tanks, we dissect the masterstrokes and miscalculations of military tactics after three months of fighting

Some see cyberwar in Ukraine. Others see…

Source…