Νέα Ασφάλειας

Cybercrime Directorate (CD), INTERPOL, has identified a massive global cryptojacking campaign conducted by threat actor(s) that exploited a vulnerability in a particular brand of routers (namely, MikroTik). This campaign involved the injection of a mining script into the routers through the known vulnerability. The aforesaid was sometime facilitated with the use of malware.

Based on the data collected during the period 31 January to 5 February 2019, there were 110,532 potential routers being infected in 173 countries. Upon in-depth analysis and data enrichment conducted by the Cyber Fusion Centre (CFC) and private sector partners, Cyber Activity Reports (CAR) were disseminated to 151 member countries concerned.

1. AIM

The aim of the operation is to support member countries to combat “cryptojacking” through the provision of actionable cybercrime information. In particular, the operation will focus on dealing with the threats of illegal access to routers and/or malware distribution that facilitated the infection of vulnerable routers.

2. OBJECTIVES:

The objectives of the Operation are listed as follows:

  • Detect threat actor(s) responsible for the commission of illegal access to routers and/or dissemination of malware for infecting vulnerable routers;

  • Link up law enforcement agencies of member countries for the purpose of conducting joint-investigation;

  • Disrupt the “cryptojacking” network by cleaning up the infected routers with a view to suppressing illegal cryptocurrency mining activities; and/or

  • Raise the overall awareness and understanding of common cryptojacking modus operandi employed.

3. PHASES OF OPERATION

The operation will be carried out in 4 phases, namely:

  • Planning and Analysis Phase;

  • Organizational Phase;

  • Tactical Phase; and

  • Evaluation Phase

4. ELABORATION OF PLAN

Phase I: Planning and Analysis Phase (January to February 2019)

During the captioned period, officers of CFC conducted a series of OSINT investigation and data collation for the purpose of identifying vulnerable and/or infected routers compromised by threat actor(s) for conducting cryptojacking. As a result, a total of 110,532 routers in 173 countries that were vulnerable to this illegal cryptojacking campaign were identified. Furthermore, CFC also retrieved crucial attributions, i.e. “site keys”, which could likely lead to the identification of threat actor(s) behind this illegal cryptojacking campaign.

In addition, with the assistance of INTERPOL’s private sector partner, CFC also retrieved a number of “site keys” from the malware that were used by the threat actor(s) to infect vulnerable routers on the Internet. The domain names that were used to spread the malware were also identified during the reverse engineering process.

CARs to respective member countries were thus compiled for disseminating the abovementioned cybercrime information.

Phase II: Organization Phase (March to July 2019)

The National Central Bureaus (NCBs) of the member countries concerned will consult and engage relevant LEA and national agencies such as Computer Emergency Response Team (CERT) to support the Operation. At least one officer from each member country should be nominated from the relevant LEA as the National Coordinator, whose roles and responsibilities are as follows:

  • Provides information through questionnaire which was sent along with the cyber activity reports to the respective countries;

  • Guides and delegates national actions in line with the country’s priorities and operation plan; and

  • Stimulates the gathering of information and intelligence at national level and generates sharing through INTERPOL channels established in the Operation.

Phase III: Tactical Phase (August to September 2019)

The tactical phase will focus primarily on carrying out the recommended actions detailed in the respective CARs. INTERPOL will ensure coordinated actions from the participating member countries of the Operation. For instances when coordination is required with other member countries that are not part of the Operation, INTERPOL will assist with the liaison.

The tactical phase will be further divided into 2 sub-phases: the first sub-phase will focus on advancing investigations and followed by the second sub-phase on clean-up and patching of the infected routers. All actions shall be documented systematically.

Phase IV: Evaluation (October 2019)

After the tactical phase, participating law enforcement agencies are requested, via the nominated point of contact, to submit an evaluation report and take part in the debriefing session.

Good practices and lessons learned will be shared amongst participating countries. INTERPOL will also provide an overall evaluation report on the Operation, providing feedback and recommendations to all countries that participated in the operation.

The information contained in this website is for general information purposes only. The information is gathered from Cybercrime Directorate (CD), INTERPOL while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

More than 60,000 stolen digital profiles are currently up for sale on Genesis Store, a private and invitation-only online cybercriminal market discovered and exposed by Kaspersky Lab researchers.

“The profiles include: browser fingerprints, website user logins and passwords, cookies, credit card information. The price varies from 5 to 200 dollars per profile – it heavily depends on the value of the stolen information,” said the researchers.

A digital fingerprint is a complex collection of system properties up to 100 attributes, from IP addresses, screen size, device ID, timezone, GPU/CPU info, cookies, and many others—and user behavioral characteristics that can range from the user interests and custom system configuration changes to the time spent on specific websites and mouse movement behavior.

Read more »

FireEye today released Commando VM, a first of its kind Windows-based security distribution for penetration testing and red teaming.

When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and ethical hackers.

However, Kali is a Linux-based distribution, and using Linux without learning some basics is not everyone’s cup of tea as like Windows or macOS operating systems.

Moreover, if you are wondering why there is no popular Windows-based operating system for hackers? First, because Windows is not open-source and second, manually installing penetration testing tools on Windows is pretty problematic for most users.

To help researchers and cyber security enthusiasts, cybersecurity firm FireEye today released virtual machine (VM) based installer for Commando VM—a customized Windows-based distribution that comes pre-installed with useful penetration testing tools, just like Kali Linux.

“Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments,” FireEye says. “Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests.”

The release 1.0 includes two different VM images, one based upon Windows 7 and another Windows 10.

Both Commando VMs include more than 140 tools, including Nmap, Wireshark, Remote Server Administration Tools, Mimikatz, Burp-Suite, x64db, Metasploit, PowerSploit, Hashcat, and Owasp ZAP, pre-configured for a smooth working environment.

 

According to one of the authors of Commando VMs, the following are the top three features of the tool that make it more interesting:

  • Native Windows protocol support (SMB, PowerShell, RSAT, Sysinternals, etc.)
  • Organized toolsets (Tools folder on the desktop with Info Gathering, Exploitation, Password Attacks, etc.)
  • Windows-based C2 frameworks like Covenant (dotnet) and PoshC2 (PowerShell)

 

“With such versatility, Commando VM aims to be the de facto Windows machine for every penetration tester and red teamer,” FireEye says.

“The versatile tool sets included in Commando VM provide blue teams with the tools necessary to audit their networks and improve their detection capabilities. With a library of offensive tools, it makes it easy for blue teams to keep up with offensive tooling and attack trends.”

According to FireEye, Commando VM also uses Boxstarter, Chocolatey, and MyGet packages to install all software packages. Running a single command will automatically update all your installed hacking software on Commando VM.

To use this on your Windows computer, you need at least 60 GB of free hard drive space, 2GB of RAM and a virtual machine software, like VMware or Oracle VirtualBox installed on your system.

Installing Commando VM is pretty easy. Just download the Commando VM, decompress it and then execute the PowerShell script available in the package to complete the installation.

The remaining installation process will be done automatically, which may take between 2 to 3 hours to finish depending upon your Internet speed.

“The VM will reboot multiple times due to the numerous software installation requirements,” FireEye says. “Once the installation completes, the PowerShell prompt remains open waiting for you to hit any key before exiting.”

After the completion of the installation process, you’ll be presented with Commando VM, and all you need to do is reboot your machine to ensure the final configuration changes take effect.

In recent years, we have been asked by a number of our readers to list some of the best Windows-based operating systems for penetration testing. Commando VM is the first, and now I believe we will have more to this list really soon.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Microsoft on Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well and to more platforms soon, like Linux.

As a result, the technology giant renamed its Windows Defender Advanced Threat Protection (ATP) to Microsoft Defender Advanced Threat Protection (ATP) in an attempt to minimize name-confusion and reflect the cross-platform nature of the software suite.

For all those wondering if Mac even gets viruses—macOS is generally more secure than Windows, but in recent years cyber criminals have started paying attention to the Mac platform, making it a new target for viruses, Trojans, spyware, adware, ransomware, backdoors, and other nefarious applications.

Moreover, hackers have been successful many times. Remember the dangerous FruitFly malware that infected thousands of Mac computers, the recently discovered cryptocurrency-stealing malware CookieMiner and DarthMiner.

Microsoft Defender ATP Antivirus for Mac

Microsoft has now come up with a dedicated Defender ATP client for Mac, offering full anti-virus and threat protection with the ability to perform full, quick, and custom scans, giving macOS users “next-generation protection and endpoint detection and response coverage” as its Windows counterpart.

“We’ve been working closely with industry partners to enable Windows Defender Advanced Threat Protection (ATP) customers to protect their non-Windows devices while keeping a centralized “single pane of glass” experience,” Microsoft says in a blog post.

Microsoft also promised to add Endpoint Detection and Response, and Defender ATP’s new Threat and Vulnerability Management (TVM) capabilities in public preview next month.

TVM uses a risk-based approach to help security teams discovery, prioritize, and remediate known vulnerabilities and misconfigurations using a mixture of real-time insights, added context during incident investigations and built-in remediation processes through Microsoft’s Intune and System Center Configuration Manager.

For now, the tech giant has released Microsoft Defender ATP for Mac (compatible with macOS Mojave, macOS High Sierra, or macOS Sierra) in limited preview for businesses that have both Windows and Mac computer systems.

 

//www.youtube.com/watch?v=26z6SwScYx4

Like MS Office for Mac, Defender for Mac will also use Microsoft AutoUpdate software to get the latest features and fixes on time. While Microsoft has announced its plans to launch Defender ATP for more platforms in the future, the company has not explicitly named those platforms.

Also, it is not clear if Microsoft is also planning to launch a consumer version of Microsoft Defender for Mac users in the future. Microsoft’s business customers can sign up here for the limited preview.

In the attempt to make its security software available to more people, Microsoft just last week released Windows Defender extensions for Mozilla Firefox and Google Chrome as well.

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Online Trust Alliance spells out best practices for testing, purchasing, networking and updating IoT devices to make them and the enterprise more secure.

Here’s a handy list of tips that can help you avoid the most common mistakes that business IT pros make when bringing IoT devices onto enterprise networks. The list centers on awareness and minimizing access to less-secure devices. Having a strong understanding of what devices are actually on the network, what they’re allowed to do, and how secure they are at the outset is key to a successful IoT security strategy.

  • Every password on every device should be updated from the default, and any device that has an unchangeable default password shouldn’t be used at all. Permissions need to be as minimal as possible to allow devices to function.
  • Everything that goes on your network, as well as any associated back-end or cloud services that work with it, needs to be carefully researched before it’s put into production.
  • It’s a good idea to have a separate network, behind a firewall and under careful monitoring, for IoT devices whenever possible. This helps keep potentially insecure devices away from core networks and resources.
  • Don’t use features you don’t need – the OTA gives the example of a smart TV used for display only, which means you can definitely deactivate its microphone and even its connectivity.
  • Look for the physical compromise – anything with a hardware “factory reset” switch, open port or default password is vulnerable.
  • Gizmos that connect automatically to open Wi-Fi networks are a bad idea. Make sure they don’t do that.
  • If you can’t block all incoming traffic to your IoT devices, make sure that there aren’t open software ports that a malefactor could use to control them.
  • Encryption is a great thing. If there’s any way you can get your IoT devices to send and receive their data using encryption, do it.
  • Updates are also a good and great thing – whether you’ve got to manually check every month or your devices update on their own, make sure they’re getting patches. Don’t use equipment that can’t get updates.
  • Underlining the above, don’t use products that are no longer supported by their manufacturers or that can no longer be secured.

 

The information contained in this website is for general information purposes only. The information is gathered from Computer World while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.