CyberSecurity News Byte – Weekly

Hosted ByJim Guckin

A new podcast has taken possession of my entire soul, like these sweet mornings of spring which I enjoy with my whole heart with souls like mine.

Episode 39 December 19 2022

Contents

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks.

Glupteba botnet is back after Google disrupted it.

85% of attacks now use encrypted channels.

InfraGard Hacked/Hacker Halts Sale of FBI’s High-Profile InfraGard Database.

Links

https://www.securityweek.com/cisco-warns-many-old-vulnerabilities-being-exploited-attacks

https://securityaffairs.co/wordpress/125377/malware/glupteba-botnet-take-down.html

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks

  • Cisco Last Week
    • added exploitation warnings to more than 20 advisories detailing security defects in Cisco IOS, NX-OS, and HyperFlex software
    • carry severity ratings of ‘critical’ or ‘high’
    • been addressed 4-5 years ago.
      • execute arbitrary code (RCE)
      • denial-of-service (DoS) condition
      • execute arbitrary commands.
  • CVSS score of 9.8.
    • CVE-2017-12240
    • CVE-2018-0171
    • CVE-2018-0125
    • CVE-2021-1497
    • CVE-2018-0147
  • 15 advisories that deal with high severity.
  • US Cybersecurity and Infrastructure Security Agency (CISA
    • added these vulnerabilities to its Known Exploited Vulnerabilities Catalog
      • months ago

Glupteba botnet is back after Google disrupted it

  • Glupteba
    • blockchain-enabled botnet
    • Active since 3022
    • Composed of more than 1 million Windows PC
      • Dec 2021
    • stealing users’ credentials and data
    • mining cryptocurrencies
    • abusing victims’ machine resources
    • setting up proxies to funnel other people’s internet traffic through infected machines and routers.
    • spread via cracked or pirated software and pay-per-install (PPI) schemes.
  • December 2021
    • Google announced it has taken down the infrastructure
    • sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.
  • I’m Back
    • Nozomi Networks
    • surge in the number of infections worldwide
      • increase of malicious bitcoin addresses
      • increase in TOR hidden service being used as C2 servers
      • at least five different merchants and exchanges were used to fund the Glupteba addresses since 2019
      • identified 15 Glupteba bitcoin addresses.
      • used passive DNS records to uncover Glupteba domains and hosts.
      • analyzed the latest set of TLS certificates used by the bot to figure out the infrastructure.

85% of attacks now use encrypted channels

  • Zscaler
    • manufacturing, education and healthcare being the most commonly targeted.
    • U.S., India and Japan seeing the biggest increases in attacks.
    • Encrypted Channels being used to hide traffic.
      • Variety of attacks
      • malware continues to be the most prevalent.
    • Malicious scripts and payloads made up nearly 90% of the encrypted attack tactics blocked in 2022.
      • Includes ransomware.
        • 80% up this year
  • defenses become more complex.
    • attackers have also continued to evolve their techniques.
    • malware variants that are harder to spot
    • bypass reputation-based technologies

InfraGard Hacked/Hacker Halts Sale of FBI’s High-Profile InfraGard Database

  • Dec 14th, 2022
    • BreachForums
    • USDoD Alias Hacker
    • claimed to obtain the entire database of InfraGard.
      • FBI’s program for protecting U.S. critical infrastructure.
        • Launched in 1996
        • partnership with the private sector
        • 80,000-member database
        • business leaders, government officials, and IT professionals as its members
    • Information Obtained
      • Full names
      • Email addresses
      • Employment details
      • Industry of employment
      • Social media USERIDs.
    • Hacker used contact email address and the impersonated CEO’s real mobile number.
      • a simple software script was leveraged to access the database information
    • selling the entire database for $50,000
  • Conscience?
    • Hackread.com
      • Confirm the hacker backed off
      • Hacker updated their post yesterday stating that the stolen InfraGard database would ‘no longer be posted for sale
        • it would ‘cause more harm to everyone’ than benefiting the hacker themself.
        • they did not want to ‘‘cause any more trouble.’’
      • hacker also stated that all the email addresses present in the database were emailed to Troy Hunt so that he could add them to his website Have I Been Pwned

Leave a Reply

Your email address will not be published. Required fields are marked *