Tag Archives: China

Which Style of Hacker is More Dangerous?

Ransomware hackers are like the smash and grab style of burglar. They don’t care who knows that they are here or what they are doing. Their techniques become quickly known and have to continuously evolve. They sometimes make a quick payday.

Option two is a stealthy hacker who attempts to sneak in undetected, remain inside undetected and slowly trickle out proprietary data for years, undetected.

The FBI says that business email compromise attacks cost victims about $2 billion in 2020. add to that the other categories that the FBI tracks, like romance scams, and you are up to about $3 billion a year. Source: Statista

On the other hand, the Commission on the Theft of American Intellectual Property estimates that China’s IP theft (just China) costs the U.S. between $225 billion and $600 billion each year. Source: CNBC

Which do you think is a bigger problem? $3 billion or $600 billion? Seems pretty obvious.

Researchers have discovered a stealthy espionage group that they are calling Aoqin Dragon that has been conducting espionage since 2013. They use a variety of techniques to infect the targets, in industries such as government, education and telecommunications.

The researchers believe this is a small, Chinese speaking team that continues to operate today and which continues to operate today as it enhances the back doors that it has created.

They think the group used Office bugs in the time period 2012-2015. Since 2018 the group has used a fake removable USB device shortcut as the initial point of infection.

The malware even has built in redundancy – it bundles three different command and control servers.

The fact that it took 9 years to even know that they exist is an indicator of their skill.

Would you even know if they were inside your network?

Credit: ZDNet

Security News for the Week Ending May 27, 2022

Yet Another Russian Military “Asset” Catches Fire

Russian jet engine design hub Central Aerohydrodynamic Institute which is outside Moscow, did a “halt and catch fire” due to a fire at the electrical substation which powered the former design center. Score one for Ukraine, according to Russia. Russia claims it is the world’s largest scientific research center or at least was. It is assisting in the development of next generation jet aircraft. Judging by the photo, it doesn’t look like much survived. Credit: U K Daily Mail

 Central Aerohydrodynamic Institute in Zhukovsky

GM Hit By Credential Stuffing Attack

GM Sent letters to owners of some GM vehicles saying that it appeared that someone redeemed points in their accounts for gift cards, but GM was restoring the points. They say that GM’s systems were not compromised, rather customers reused passwords that were compromised elsewhere, allowing attackers to walk right in and steal the customer’s data. In those cases, GM is not required to make the customer whole, but for PR reasons, it probably makes sense to do that. Credit: Bleeping Computer

Quad Nations Pledge More Collaboration on Cybersecurity Plus

Part of China’s worst nightmare, the leaders of the Quad – Australia, India, Japan and the US – agreed to strengthen collaboration on emerging technologies and cybersecurity with an unspoken subplot of neutralizing China. A few years ago China thought the Quad was a passing fad. With global politics what it is, that turned out to be a miscalculation, one that China is not happy with. Credit: The Register

More and More Ransomware Moves to Extortion

As companies are doing a better job of backups, ransomware isn’t paying as much to get the decryption key. HOWEVER, more ransomware organizations are either selling the stolen data (the Verizon data breach report says that most ransomware attacks now include stealing your data), or extorting the victim by threatening to sell it. If that fails, they just leak the data. The Conti gang leaked all of the data stolen during a January ransomware attack against Linn County Oregon after officials decided not to pay the ransom. They said their backups were good enough and the data stolen wasn’t that sensitive. That will not be the case all of the time. Credit: The Record

CISA Adds 75 More Actively Exploited Bugs to its MUST PATCH List

CISA seems to be pretty serious regarding getting the patching cadence of federal systems up to snuff. This week they added 3 batches of bugs to patch. The first batch included 21 bugs; the second batch included 20 and the third included 34. Some of these bugs are old, including products that are past their expiration date like Microsoft Silverlight and Adobe Flash, but we still see them on systems on a regular basis. Credit: ZDnet

Security News for the Week Ending May 13, 2022

Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years

Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies compromised include some of the largest companies in North America, Europe and Asia. These attacks go back to at least 2019 and they have stolen intellectual property, R&D, diagrams of fighter jets, helicopters, missiles and more. Credit: The Record

Spain’s Spy Chief Fired After News She Hacked Spanish Politicians

I guess they don’t like it when you use the laws they created against them. It doesn’t appear that she did anything illegal. Got a court order and everything. But, it was them she was spying against. The other problem she had was that there were dozens of other government officials who were also spied on, but it is not clear by whom. That includes the PM and Defense Minister. Their phones were declared spyware-free – but were not. Credit: Security Week

EU Proposes to Kill Child Abuse by Killing Privacy

The challenge of curbing kiddie porn, sometimes referred to by the more polite term child sexual abuse material (CSAM), is hard. End-to-end encryption makes that even harder. One current EU proposal would require companies to scan all communications, meaning that end-to-end encryption would be banned. It won’t technically be banned, it would just be impossible to allow and comply with the proposed regulations. The stupid pedophiles might be caught by this, but the smart ones would just encrypt the material before it is uploaded or use other methods. If we have learned one thing over the years is that bad guys adapt much more quickly than the law does. Of course, that material might stand out, but if they intentionally create a lot of chaff to hide what they are doing, it might not. A Botnet could create terabytes of encrypted garbage in no time, making the carriers’ job impossible. It also requires that providers read the text of every message and email, looking for signs of prohibited content. Credit: The Register

Colorado’s CBI Warns of Fraudulent Real Estate Transactions

My guess is that this is not limited to Colorado and this is not really a new scam, but the CBI says it is quickly ramping up. The scam is that a supposed out-of-state seller wants to sell a property, either with a house or vacant land, that currently doesn’t have a mortgage. The fraudster impersonates the owner looking for a buyer that wants a quick close. The whole transaction is being done remotely by mail with a fraudulent deed. Do your due diligence whether you are an agent or a buyer. Credit: CBI and Land Title Association

Mandiant Says Hackers Are Dwelling Inside for Fewer Days

Security firm Mandiant (soon to be part of Google) says that the number of days that hackers are lurking inside your systems continues to decrease. The time now stands at just 21 days. This is likely because hackers are worried about being detected before they can detonate their attack as companies and governments get more serious about fighting crime. That means you don’t have as much time to detect the bad actors. Are you prepared? Credit: Data Breach Today

Security News for the Week Ending April 15, 2022

Cyber Command Says Chip Shortage is a National Security Issue

The head of U.S. Cyber Command, General Paul Nakasone, told Congress that China’s continued progress towards domestic chip production is a problem. If China achieves chip independence, that puts them in a position to do what they want and not worry about sanctions. For example, they could cut off our access to precious metals that we need to produce chips ourselves. Credit: Cyber Scoop

Russian Crooks Worried Sanctions Will Delete Their Ill-Gotten Gains

Russian crooks are nothing if not capitalists. They are worried that sanctions could impact their net worth and they are chattering about that on the underground web. They are worried about funds in Russian banks and how much their Rubles might not be worth in six months. I am so sad for them. Not. Of course, that might mean the Russian mob might do some kinetic adjustments themselves. Credit: Cyber News

CISA Advises D-Link Users to Take Vulnerable Routers Offline

CISA is really rocking when it comes to telling folks about bad stuff. The newest vulnerabilities are a remote code execution on a whole family of D-Link routers. Unfortunately, they have reached their end of support, so D-Link not going to fix them. Users all the time ask why they have to replace working hardware that has reached end of life. The answer is because you want to keep the bad guys out. If you don’t care, keep using them. You can rest easy that the hackers are scanning the Internet looking for these routers – that will never be patched. Credit: Malware Bytes

New Bug in MS RPC Runtime – Zero-Click Remote Code Execution

CVE 2022-26809 has emerged just a couple of days after patch Tuesday. It is a remotely exploitable, unauthenticated, zero-click (no user interaction) remote code execution bug. It doesn’t get much worse than that. The bug is in the Microsoft Remote Procedure Call runtime and affects multiple Windows versions. If you block port 445 at your firewall (both in and out, which you should), that will stop direct external attacks, but it won’t stop attacks from a compromised workstation. Credit: Helpnet Security

Reminder: 3G Cell Networks Shutting Down. Old Devices Will Stop Working

Wireless spectrum is scarce. Buying it from someone else is very expensive. What are the carriers doing? Reusing old spectrum. The carriers have already shut down their 2G networks. Next comes their 3G networks. That means that old cars that talk to the Internet will stop talking. Alarm systems will stop sending alarms if they can only talk 3G (there may be a box that your alarm company can add to your system to fix this). Medical devices may stop talking to your doctor. Depending on the carrier, the shutdown has already begun. AT&T turned theirs off in February. Verizon is at the end of the year. If you have anything that uses the cell network, now is the time to check. Credit: ZDNet

Security News for the Week Ending March 11, 2022

Trump is Not Happy About Launch of Twitter-Like Truth Social

Apparently not happy is a bit of an understatement. He has a lot to lose if this is not successful. As part of the SPAC deal with Digital World, he has a lot of shares. If the stock, which is still going up slowly, tanks, he stands to lose a bunch of dough. Many people who downloaded the app said that they could not create accounts or were waitlisted. The reality is that people use social media to stay connected and if you have a choice between Twitter’s billions of users and Truth Social’s thousands of users, the choice is pretty clear. Analysis suggests that it is doing about the same as or worse than Gab and Gettr, which is also a problem. Twitter won because it was the only player. Now you have 3 players all going after the same highly targeted slice of market. At least it has not been hacked (publicly) since it’s launch which is more than Gab and Gettr can say. Credit: MSN

Hackers Targeted US LNG Producers in Run-Up to Ukraine Invasion

In February hacjkers penetrated computers belonging to current and former employees at nearly two dozen major natural gas suppliers including Chevron and Kinder Morgan.

Security firm Rescurity discovered a small group of hackers including one linked to Strontium, nickname for a hacking group inside Russia’s GRU military intelligence.

The wanted to gain and maintain access into the U.S. energy supply so that they could destabilize the world energy market when Russia invaded Ukraine. Unfortunately for Putin, while these early attacks were successful, they were discovered before they could do any significant damage. Credit: Bloomberg Quint

 Google Acquires Mandiant for $5 Billion in Cash

It is nice to be able to write a check for $5 billion.  Mandiant, best known for its breach response and threat intelligence services, is being acquired by Google.  Depending on what Google does with it, that could be good news for Google cloud services users. Mandiant does have its own cloud security products and together, if Google doesn’t do anything stupid, it will give Mandiant access to a lot of capital.  Credit: CSO Online

Alexa, Go Hack Yourself

The good news is that Amazon patched this feature after researchers demonstrated that they could get an Alexa to unlock your door, set your microwave to run with nothing in it, possibly causing a fire and other cute stuff. The attack is very simple, so it is good that it has been patched now. Aren’t you glad that you don’t have any smart devices in your house? Credit: Ars Technica

Chinese Use Herd Management App to Hack State Networks

Mandiant says that the Chinese hackers APT41 AKA Barium used a bug in an app that many state governments use to track animal diseases in livestock herds called USAHERDS. Mandiant warned the developer of the high severity bug and they have patched it. In the meantime, Mandiant thinks the Chinese have successfully hacked at least 6 state government networks. Maybe as many as 18 states. Think about that before you install that next app. Credit: Wired

Security News for the Week Ending March 4, 2022

Apple Scrambles to Try and Figure Out How to Stop Stalkers From Using AirTags

Their newest idea is, when you initialize a new AirTag, it will tell you that Stalking may be illegal in your country. I really, really, doubt that will have any effect. They are also shortening the time window for notifying you that you are being stalked. Users of newer Apple devices will be able to find out how far away Apple thinks that rogue AirTag is. They are trying, but there is no simple fix. Credit: Yahoo

China Outs NSA Hacking Tool

Just like the U.S. outs foreign hacking tools when it suits our purposes, China is now doing the same thing. Likely this is for internal consumption, but it does give us a little bit of insight into their thinking and for sure, that certain hacking tools are no longer secret. Credit: Vice

Anonymous Hacks High Profile Russian Leaning Websites

First Anonymous hacks the Russian Ministry of Defense and posted the stolen data online for free. The data includes officials passwords, phone numbers and emails (Credit: Cyber News) and then they claim to have broken into Belarusian weapons maker Tetraedr and stole a couple hundred gigabytes. The data stolen included emails and they even, conveniently indexed all of them and handed the data to DDoS Secrets. They call this Operation Cyber Bully Putin. (Credit: Cyber News). It sounds like there will be more web sites hacked. Stay tuned.

Apple Responds to Russian Invasion of Ukraine

Each company is doing its own thing. In Apple’s case, they have paused all product sales in Russia. Apple pay and other services have been limited. Apple maps have stopped live update and Russian propaganda apps have been taken off the Apple store (why were they there in the first place?). Credit ZDNet

FCC to Review Border Gateway Protocol Security

In 1989 an engineer from Cisco and one from IBM wrote down an idea on two napkins (that have been preserved). That was the basis of Border Gateway Protocol or BGP. Needless to say, they did not think about security. BGP has been hacked by China and North Korea, among many others, so many times that we have all lost count. But BGP is a critical part of the Internet’s routing system. Finally, twenty five years too late, the FCC is “looking into” BGP security. We shall see what happens. Change on the Internet goes slowly. IPv6 was approved 10 years ago and still, it is the minority of traffic on the Internet (it is used a LOT on the backbone, just not at the edge). Credit: Data Breach Today