A quick Saturday digest of cybersecurity news articles from other sources.
SocGholish Campaigns and Initial Access Kit
SocGholish AKA FAKEUPDATES was first reported in 2017. While the initial analysis and reporting did not gain much attention, over time the actor(s) behind the activity continued to expand and develop their operations. Partnering with Evil Corp, the FAKEUPDATE / SOCGHOLISH framework has become a major corporate initial access vector. The threat actor(s) behind the framework have strong underground connections, demonstrated through their partnership with Evil Corp and signify thoroughly vetted cyber criminal activity. Threat attackers utilizing the framework represent significant risk to global corporations and have demonstrated top tier penetration testing abilities. According to the FBI, typical losses attributed to their activity span 1 to 40 million dollars per event. More…
Bablosoft; Lowering the Barrier of Entry for Malicious Actors
Free-to-use browser automation framework creates thriving criminal community
Summary
Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities.
The technical entry bar for the framework is purposefully kept low, which has served to create an active community of content developers and contributors, with actors in the underground economy advertising their time for the creation of bespoke tooling.
The framework warranted further research due to the high number of distinct threat groups who include it in their toolkits. More…
The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking
Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes:
The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services. More…
Instead of working from the office or home, why not work from the road?
If you’re going to be a digital nomad who wants to work from anywhere, you will need the right internet connection. Say hello to SpaceX Starlink.
12 most in-demand cybersecurity jobs in 2022
Cybersecurity is becoming an increasingly more important field than ever before, and jobs in this industry will only become more sought after as the years roll by.
Mysterious “Follina” zero-day hole in Office – here’s what to do!
News has emerged of a “feature” in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn’t help!
Also from CISA
Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability
05/31/2022 11:11 AM EDT
CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.
The Limits of Cyber Operations in Wartime
Interesting paper by Lennart Maschmeyer: “The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations“:
Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition. Underlying these expectations are broadly shared assumptions that information technology increases operational effectiveness. But a growing body of research shows how cyber operations tend to fall short of their promise. The reason for this shortfall is their subversive mechanism of action. In theory, subversion provides a way to exert influence at lower risks than force because it is secret and indirect, exploiting systems to use them against adversaries. The mismatch between promise and practice is the consequence of the subversive trilemma of cyber operations, whereby speed, intensity, and control are negatively correlated. These constraints pose a trilemma for actors because a gain in one variable tends to produce losses across the other two variables. A case study of the Russo-Ukrainian conflict provides empirical support for the argument. Qualitative analysis leverages original data from field interviews, leaked documents, forensic evidence, and local media. Findings show that the subversive trilemma limited the strategic utility of all five major disruptive cyber operations in this conflict.
That’s Not Actually Elon Musk
Scammers are using deepfake videos of Elon Musk in an attempt to trick people into handing over cryptocurrency, BleepingComputer reports. The scammers set up a phony cryptocurrency platform called “BitVex” that purports to be owned by Musk. The crooks then used hacked YouTube accounts to spread deepfaked videos of Musk and other people associated with cryptocurrency to promote the platform.
“To use the BitVex platform, users must register an account at bitvex[.]org or bitvex[.]net to access the investment platform,” BleepingComputer says. “Once you log in, the site will display a dashboard where you can deposit various cryptocurrencies, select an investment plan, or withdraw your earnings. Like almost all cryptocurrency scams, the dashboard will display recent withdrawals of various cryptocurrencies to make the site appear legitimate.”
Visually speaking, the deepfake is pretty convincing. However, the voice and script are unusual enough that observant users could recognize that something is wrong. Additionally, BleepingComputer points out that there are other indicators that this is a scam.
“While it is obvious that the interviews have been altered to simulate Elon Musk’s voice to promote the BitVex trading platform, numerous other clues show that this is a scam,” BleepingComputer says.
Blog post with links: https://blog.knowbe4.com/thats-not-actually-elon-musk
The New Verizon 2022 Data Breach Investigation Report Shows Sharp Rise in Ransomware
Verizon has published its 2022 Data Breach Investigation Report, finding that ransomware rose by 13% last year (a greater increase than the previous five years combined). 82% of breaches involved the human element, which encompasses phishing, stolen credentials, misuse or error. The researchers also found that supply chain breaches were behind 62% of intrusions last year.
“There are four key paths leading to your estate,” Verizon writes, and lists them: “Credentials, Phishing, Exploiting vulnerabilities, and Botnets. All four are pervasive in all areas of the DBIR, and no organization is safe without a plan to handle each of them.”
And while the rise in ransomware features prominently in the report, Verizon notes that “ransomware by itself is, at its core, simply a model of monetizing an organization’s access.”
Blog post with links: https://blog.knowbe4.com/ransomware-involved-in-25-percent-of-data-breaches
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com