iTunes
Spotify
Episode 64: July 17 2023
Links
https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/
https://www.cisa.gov/news-events/directives/binding-operational-directive-23-02
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
https://therecord.media/genesis-market-sold-despite-fbi-operation
https://therecord.media/genesis-market-takedown-cybercrime
SwingVPN Update – https://www.hackread.com/google-removes-swing-vpn-android-ddos-botnet/
JumpCloud Update:
https://jumpcloud.com/support/july-2023-iocs
AVrecon infects 70,000 routers
- Lumen
- Black Lotus Labs
- Identified the RAT
- Remote Access Trojan
- Impacts SOHO routers
- Small Office/Home Office
- Been active for 2+ years
- Built a botnet of 70,000 devices
- In 20 countries
- Warning
- CISA issued a advisory about misconfigured network equipment
- Binding Operational Directive 23-02
- June 13th
- Applies to Government…but you should pay attention to it.
- Attack
- Originally targeting Netgear
- Switched to SOHO
- Attacks
- Used devices for…
- Password sprays
- Fraud
- Proxying
- Reconned the environment
- Fed it back to C2 server
- C2, passed it off to Second Stage Servers
- ~15
- Target other ARM based devices
- Written in C
- You know for ease of porting to new architecture.
- Protection
- Check for password guessing.
- Regularly reboot and update SOHO routers
- Thoughts
- Work from Home
- No perimeter anymore
- Used devices for…
WormGPT for clever phishing
- SlashNext
- new generative AI cybercrime tool
- WormGPT
- Advertised on dark web/telegram
- way for adversaries to launch sophisticated phishing and business email compromise attacks.
- new generative AI cybercrime tool
- Why?
- GPT models have protections built in
- Or being built
- No boundaries in this version
- OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models
- This is designed for hackers by hackers and trained by hackers
- Automation, as in business is everything.
- create highly convincing fake emails
- personalized to the recipient
- thus increasing the chances of success for the attack
- create highly convincing fake emails
- if English is not a first language…this makes it hard to easily identify phishing emails
- GPT models have protections built in
Genesis Market sold despite FBI disruption
- Genesis Market
- cyber fraud platform
- Announcement
- Thursday July 13th
- Deposit was made
- Ownership transferred next month.
- Comes from GenesisStore
- Previous posts associated with the site
- If you had an account
- Not carried over
- Was not part of the sale
- New owner to create new accounts
- Sort through the trust worthiness of users
- What they got
- All developments
- Complete database
- except for some details of the client base
- Source codes, scripts
- Server infrastructure.
- FBI
- Seized some of their domains
- 3 months ago
- Clear web
- Sanctioned the platform.
- 120 people were arrested.
- Identified and located backend servers
- 59,000 user accounts
- Darkweb
- Still mirrored not seized.
- Sister sites up
- Russian Market
- 2easy Shop.
- Seized some of their domains
- Not carried over
Story Updates, not update updates
- Swing VPN
- Ep 62 – June 26
- Recap
- June 4th, 2023, cybersecurity researcher “Lecromee”
- dangerous DDoS botnet, posing significant risks.
- Update
- com was contacted by Google on June 22, confirming the veracity of the claims.
- Limestone Software Solutions
- Hotspot for Swing VPN
- JumpCloud
- Ep63 – July 10
- ReCap
- Cyber Incident without much communication
- Asked users to reset their API keys.
- Update
- Confirmed breach.
- state-backed hacking group breached its systems.
- Target particular customers
- Confirmed breach.
released indicators of compromise (IOCs)