CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Subscribe

Episode 39 December 19 2022

December 19, 2022 Jim Guckin CyberSecurity News Byte 35:3749.75M Comments Off on Episode 39 December 19 2022

Contents

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks.

Glupteba botnet is back after Google disrupted it.

85% of attacks now use encrypted channels.

InfraGard Hacked/Hacker Halts Sale of FBI’s High-Profile InfraGard Database.

Links

https://www.securityweek.com/cisco-warns-many-old-vulnerabilities-being-exploited-attacks

https://securityaffairs.co/wordpress/125377/malware/glupteba-botnet-take-down.html

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks

  • Cisco Last Week
    • added exploitation warnings to more than 20 advisories detailing security defects in Cisco IOS, NX-OS, and HyperFlex software
    • carry severity ratings of ‘critical’ or ‘high’
    • been addressed 4-5 years ago.
      • execute arbitrary code (RCE)
      • denial-of-service (DoS) condition
      • execute arbitrary commands.
  • CVSS score of 9.8.
    • CVE-2017-12240
    • CVE-2018-0171
    • CVE-2018-0125
    • CVE-2021-1497
    • CVE-2018-0147
  • 15 advisories that deal with high severity.
  • US Cybersecurity and Infrastructure Security Agency (CISA
    • added these vulnerabilities to its Known Exploited Vulnerabilities Catalog
      • months ago

Glupteba botnet is back after Google disrupted it

  • Glupteba
    • blockchain-enabled botnet
    • Active since 3022
    • Composed of more than 1 million Windows PC
      • Dec 2021
    • stealing users’ credentials and data
    • mining cryptocurrencies
    • abusing victims’ machine resources
    • setting up proxies to funnel other people’s internet traffic through infected machines and routers.
    • spread via cracked or pirated software and pay-per-install (PPI) schemes.
  • December 2021
    • Google announced it has taken down the infrastructure
    • sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.
  • I’m Back
    • Nozomi Networks
    • surge in the number of infections worldwide
      • increase of malicious bitcoin addresses
      • increase in TOR hidden service being used as C2 servers
      • at least five different merchants and exchanges were used to fund the Glupteba addresses since 2019
      • identified 15 Glupteba bitcoin addresses.
      • used passive DNS records to uncover Glupteba domains and hosts.
      • analyzed the latest set of TLS certificates used by the bot to figure out the infrastructure.

85% of attacks now use encrypted channels

  • Zscaler
    • manufacturing, education and healthcare being the most commonly targeted.
    • U.S., India and Japan seeing the biggest increases in attacks.
    • Encrypted Channels being used to hide traffic.
      • Variety of attacks
      • malware continues to be the most prevalent.
    • Malicious scripts and payloads made up nearly 90% of the encrypted attack tactics blocked in 2022.
      • Includes ransomware.
        • 80% up this year
  • defenses become more complex.
    • attackers have also continued to evolve their techniques.
    • malware variants that are harder to spot
    • bypass reputation-based technologies

InfraGard Hacked/Hacker Halts Sale of FBI’s High-Profile InfraGard Database

  • Dec 14th, 2022
    • BreachForums
    • USDoD Alias Hacker
    • claimed to obtain the entire database of InfraGard.
      • FBI’s program for protecting U.S. critical infrastructure.
        • Launched in 1996
        • partnership with the private sector
        • 80,000-member database
        • business leaders, government officials, and IT professionals as its members
    • Information Obtained
      • Full names
      • Email addresses
      • Employment details
      • Industry of employment
      • Social media USERIDs.
    • Hacker used contact email address and the impersonated CEO’s real mobile number.
      • a simple software script was leveraged to access the database information
    • selling the entire database for $50,000
  • Conscience?
    • Hackread.com
      • Confirm the hacker backed off
      • Hacker updated their post yesterday stating that the stolen InfraGard database would ‘no longer be posted for sale
        • it would ‘cause more harm to everyone’ than benefiting the hacker themself.
        • they did not want to ‘‘cause any more trouble.’’
      • hacker also stated that all the email addresses present in the database were emailed to Troy Hunt so that he could add them to his website Have I Been Pwned