Article Summary : 🔒 Finite State raises $20 million in growth round led by Energy Impact Partners to address cybersecurity challenges and advance innovative solutions for securing connected devices and …
Tag: IOT
93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales.
The number of enterprises experiencing ransomware attacks …
New research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all …
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD.
Hardening with LynisLynis conducts a thorough security examination of the system directly. Its …
The experts emphasized the importance of rigorous cybersecurity risk assessments for airports and proactive threat intelligence in the context of the activity of major ransomware groups and advanced threat actors.…
Geopolitics
Russian hackers have added new capabilities to the malware used to disable satellite modems at the outset of the invasion of Ukraine.
Close up view of internet equipment and…The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.…
SAN FRANCISCO, March 13, 2024 — Nozomi Networks Inc. today announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally. …
The Federal Communications Commission (FCC) will be rolling out a voluntary cybersecurity labeling program for Internet of Things (IoT) products for consumers
At its public meeting today, the Commission unanimously …
Written by World Watch team from CERT Orange Cyberdefense (Marine PICHON, Vincent HINDERER, Maël SARP and Ziad MASLAH) and Sekoia TDR team (Livia TIBIRNA, Amaury G. and Grégoire CLERMONT)
TL;DR…This blog details the requirement for testing Telecom networks and one of the tools developed in house to facilitate this testing.
Why?Telecoms security has always been an afterthought when …
PRESS RELEASE
NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ —Claroty, the cyber-physical systems (CPS) protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning …
PRESS RELEASE
NEW YORK and ORLANDO, Fla. — March 12, 2024 — Claroty, the cyber-physical systems (CPS) protection company, today announced at the annual HIMSS24 conference the release of the…
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes.
After installing this mandatory Windows 10 cumulative update, …
Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service.
Once the end-of-service date is …
Malware dubbed Fakext that uses a malicious Edge extension to perform man-in-the-browser and web-injection attacks.
Here’s what cyber professionals need to know about the Fakext campaign and the different attacks …
Apple has released emergency security updates to fix two critical iOS zero-day vulnerabilities that cyberattackers are actively using to compromise iPhone users at the kernel level.
According to Apple’s security …
Cyber-physical systems security company Claroty on Wednesday announced raising $100 million in strategic growth funding, which brings the total investment secured by the firm to $735 million.
Delta-v Capital, AB …
The US cybersecurity agency CISA on Tuesday added flaws impacting Pixel phones and Sunhillo software to its Known Exploited Vulnerabilities (KEV) catalog.
The exploited Pixel vulnerability is tracked as CVE-2023-21237. …
[This is a Guest Diary by Rafael Larios, an ISC intern as part of the SANS.edu BACS program]
About This Blog Post
This article is about one of the ways …
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of …
If you have anything to do with cyber security, you know it employs its own unique and ever-evolving language. Jargon and acronyms are the enemies of clear writing—and are beloved …
Large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been …
近期,安天CERT捕获到一个Mirai僵尸网络新变种,针对MIPS、ARM和X86等多种架构,利用弱口令感染目标,并等待控制指令进行DDoS攻击。由于该僵尸网络文件名以“Aqua*”命名,我们将其命名为Aquabot。
经分析,Aquabot僵尸网络至少迭代过2个版本。其中v1以Mirai开源框架为基础开发,主要功能为进程管理、弱口令扫描和DDoS攻击。2023年11月捕获的最新v2样本在v1基础上针对进程管理、隐匿和传播等功能进行迭代,同时增加了检测设备进程启动参数,以防止设备重启、关机和断电从而延长其生存时间的功能。
经验证,安天探海威胁检测系统(简称PTD)能够实现对该僵尸网络C2通信的精准检测。
2.安全建议随着安全威胁泛化,物联网僵尸网络得到了快速发展,Aquabot僵尸网络基于Mirai开源框架、模块复用和定制化开发完成了多次迭代。由于IoT设备型号各异、存储空间局限、自身安全防护能力有限,难以“外挂”第三方安全产品,并且需要保持长期联网在线运行,对此,安天建议:
1. 加强关口前移,融合原生安全能力
建议IoT设备生产方在规划、研发、生产制造阶段融入安全基因,预先嵌入安天智能安全内核和威胁检测引擎,面向能源、交通、制造等智能场景,形成出厂即具备原生威胁检测和高水平的初始安全基线,持续保障用户的业务安全、稳定运行,进一步提升品牌竞争力和影响力。
2. 强化网络威胁监测与响应
建议IT运营者部署网络威胁检测与响应系统(NTA或NDR)可以结合Aquabot僵尸网络相关信标进行告警。安天探海威胁检测系统集成了恶意代码检测引擎、网络行为检测引擎、威胁情报检测引擎、威胁检测模型、自定义场景检测引擎等,可有效检测网络扫描探测、远程漏洞利用、攻击载荷投放、僵尸网络活动、病毒扩散传播、木马远程控制、web 攻击等行为。
图2-1使用威胁情报库检出威胁行为
图2-2 使用网络行为特征检出威胁行为
图2-3 使用模型检出僵尸网络漏洞扫描行为、弱密码破解用户口令行为
3.3. 加强IoT设备访问控制和运维
建议IT运营者保持系统和固件均升级为最新版本、优化默认安全配置策略、设置合理的访问控制策略、完善远程运维连接的管控和审计等。
建议IT运营者修改设备出厂默认口令并设置安全口令,建议使用16位或更长的密码,包括大小写字母、数字和符号在内的组合,同时保证不同型号的设备使用不同的安全口令,并定期更换口令,避免长时间使用同一口令。
4. 遭受攻击及时应急处置
若出现网络异常堵塞或其它情况,联系安天应急响应团队(CERT@antiy.cn)处置威胁,或拨打安天7*24小时服务热线400-840-9234寻求帮助。若遭受攻击,建议及时隔离被攻击IoT设备或主机,并保护现场等待安全工程师对IoT设备和计算机进行排查。
3.样本分析本文选取Aquabot X86架构的样本为主要分析对象。Aquabot-v1主体上沿用了Mirai僵尸网络结构框架,主要功能分为初始化、进程管理、弱口令扫描和命令控制四部分。
表3-1 Aquabot-v1样本标签…
[This is a Guest Diary by Elias Bou Zeid, an ISC intern as part of the SANS.edu BACS program]
Introduction
In this digital age, as our dependence on technology grows, …
During an incident response performed by Kaspersky’s Global Emergency Response Team (GERT) and GReAT, we uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange …
The Black Lotus Labs team at Lumen Technologies is tracking a small office/home office (SOHO) router botnet that forms a covert data transfer network for advanced threat actors. …
Figure 1: Hive0133 Email from 10/19/2023 delivering WailingCrab Loader.
Figure 2: Hive0133 Email PDF Attachment with Malicious Link Leading to WailingCrab Loader.
WailingCrab componentsMany of the technical details of …
The FBI today revealed US law enforcement’s dismantlement of a botnet proxy network, along with a guilty plea for the individual responsible …
The hacker collective called GhostSec has unveiled an innovative Ransomware-as-a-Service (RaaS) framework called GhostLocker. They provide comprehensive assistance to customers interested in acquiring this service through a dedicated Telegram channel. …
ESET Research
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
01 Nov 2023 • , 3 …
Threat hunting encompasses a range of techniques and approaches aimed at discovering anomalies, threats, and risks associated with attacker activities. In the early days, log review by diligent system administrators …
Affected Platforms: LinuxImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: Critical
In September 2023, our FortiGuard Labs team observed that the IZ1H9 Mirai-based DDoS campaign …
Recently, Qualys discovered and reported a critical vulnerability affecting the popular GLIBC ecosystem, which is installed by default on most Linux-based operating systems. Specifically, a buffer overflow was found in …
In September 2023, NSFOCUS global threat hunting system monitored several new botnet variant families developed based on Mirai, among which hailBot, kiraiBot and catDDoS are the most active, …
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced …
In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. The campaign leveraged edge routers, …
Cybercriminals can now use a new service called Dark Utilities to build up a command and control (C2) center for their malicious activities.
Dark Utilities was created in 2022 as …
To obtain a better perspective of attacks worldwide, Trustwave has implemented a network of honeypots located in multiple countries across the globe. By distributing honeypots in such a manner, we …
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto | Sysdig
SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. …
Meduza Stealer … Yes, you read it right, I did not misspelled it, is a new stealer that appeared on Russian-speaking forums at the beginning of June 2023. …
Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to …
This post is also available in: 日本語 (Japanese)
Executive SummarySince March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the …
This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able …
AhnLab Security Emergency response Center (ASEC) has recently discovered an attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers. Not only did …