Search This Blog

Latest News

Trust Wallet & MetaMask Crypto Wallets: Targeted by New Support Scam

  Users of Trust Wallet and MetaMask wallets are the targets of ongoing malicious Twitter phishing attacks aimed at stealing cryptocurrency...

All the recent news you need to know

Information security exercises will be held at five cyber polygons in Russia

Russian President Vladimir Putin has set the task of digital transformation of key sectors of the economy. Therefore, to protect them, the country has created cyber polygons.

According to Russian Deputy Prime Minister Dmitry Chernyshenko, cyber polygons will hone protection against threats to information security in key sectors of the economy.

Mr. Chernyshenko noted that the work of industries, enterprises and even entire cities is being recreated at cyber polygons. They are needed to practice the activities of various bodies to overcome cyber attacks. 

"We need to be in good shape, and to do that we need to practice all the time. And such national training grounds just allow to organize interdepartmental exercises, without endangering the existing work of current industries or executive authorities," said he.

Mr. Chernyshenko added that the practice is mainly carried out to protect the energy, credit and financial sectors and the infrastructure of state bodies. A separate segment that simulates business processes and cyberattack scenarios specific to any sector of the economy is created for each industry. However, in the future, the number of such sectors will be expanded. 

By the end of 2024 sectoral and functional development of cyber polygon infrastructure is planned. In particular, segments of the oil and gas, telecommunications, transport and metallurgy industries will be created.

"The goal of the cyber polygon is to become an effective tool that ensures the country's readiness to respond to cyber threats. Today this task has already acquired strategic importance", said Mikhail Oseevskiy, President of Rostelecom.

It is worth noting that the project to create a national cyber polygon was launched at the end of 2019 to increase the readiness of the state and Russian organizations in key sectors of the economy to repel computer attacks and strengthen state security in the digital space. 

Ransomware Attacks Growing at a Fast Rate

 

Ransomware has become a burning concern to every office in the world which wasn't even existing 30 years before. Probably there was never a danger of this kind. The fact that the ransomware gets stronger day by day, is the most profound concern. 

Current revelations show how diabolical the threat of ransomware is. In 2020, attacks rose by 715%, as opponents rejected the Covid-19 epidemic disruption to trap victims down with their guard. In addition to being more offensive, threat actors were much more reluctant to threaten the following: A patient was killed by a ransomware attack in the equipment gear that kept him alive in a German hospital and a California university was paying over $1 million to get back the IT online. In contrast to the unnamed impact on the country's economy, the Colonial Pipeline attack showed various weaknesses in US energy infrastructure. 

The whole strategy seems to work since the ransomware payments increased by 100% in 2020. There are no signs of ransomware attacks being curbed, as an Apple supplier also became a victim of a $50 million ransom demand. If ransomware was known to be alarming, it now took on a genuinely frightening character. And none of the organizations can find themselves as immune against it. 

This does not imply, that everyone has the same chance of a successful intrusion with ransomware. Indeed, that is what makes businesses most vulnerable – one that sees ransomware as unavoidable and unstoppable, one believes that the situation is bleak, instead of upgrading their security plan to keep up with developments in ransomware. 

At least throughout their early phases, the surge of attacks in 2020 seemed to be more like the attacks in the past years. Attackers would then use a phishing attempt to access an IT network and exploit certain known/unknown vulnerabilities. 

Following this initial violation, the automatic propagation methods were introduced gradually. Currently, however, a single goal is no longer enough. Ultimately, a change to operative human ransomware will occur that does not take small networks into account. 

Today's ransomware attacks travel across organizations by seeking information with high privileges. It aims at hitting the largest number of machines – i.e. maximizing damage. The safety department needs to prioritize the prevention of these lateral movements - and not just to spot them. Any ransomware attack might otherwise be cut so thoroughly that it is difficult to reverse. 

Instead of being dependent on malware to push the attack, ransomware managed by humankind is equipped with an operator to guide it towards the most effective goal possible through resistance mechanisms and protection. These attacks are more persistent, much more powerful, and more damaging. 

Spear phishing attacks are now the preferred method for the distribution of ransomware. Opponents choose a target and then tailor the email to sound as credible as possible. This dramatically contrasts with daily phishing, which means that large-scale e-mails are sent to vast lists of native contacts. Disputed users instead click on a connection or download an accessory that causes the infection of malware. 

Spear phishing operations are also becoming advanced: cybercriminals are sending spear-phishing email addresses that look just like licensed senders with domain spoofing techniques. 

In the face of this challenge, AV and EDR are destined to fail a cybersecurity plan. It may already be too late whenever these defenses kick in. This is the best advice: evolve or die. The only protection that succeeds is prevention. This means that one must follow a proactive cyber safety approach that focuses on zero trusts, reduces the attack surface, and, of course, moves goal protection.

Google and Mozilla Develop an API for HTML Sanitization

 

Google, Mozilla, and Cure53 engineers have collaborated to create an application programming interface (API) that offers a comprehensive solution to HTML sanitization. The API will be used in upcoming versions of the Mozilla Firefox and Google Chrome web browsers. 

HTML sanitization is the process of reviewing an HTML document and creating a new HTML document that only contains the "secure" and desired tags. By sanitizing any HTML code submitted by a user, HTML sanitization can be used to defend against attacks like cross-site scripting (XSS).

Sanitation is usually carried out using either a whitelist or a blacklist strategy. Sanitization can be done further using rules that define which operations should be performed on the subject tags. 

When rendering user-generated content or working with templates, web applications are often expected to manage dynamic HTML content in the browser. Client-side HTML processing often introduces security flaws, which malicious actors exploit to stage XSS attacks, steal user data, or execute web commands on their behalf. 

“Historically, the web has been confronted with XSS issues ever since the inception of JavaScript,” Frederik Braun, security engineer at Mozilla, said. “The web has an increase in browser capabilities with new APIs and can thus be added to the attacker’s toolbox.” 

To protect against XSS attacks, many developers use open-source JavaScript libraries like DOMPurify. DOMPurify takes an HTML string as input and sanitizes it by deleting potentially vulnerable parts and escaping them. 

“The issue with parsing HTML is that it is a living standard and thus a quickly moving target,” Braun said. “To ensure that the HTML sanitizer works correctly on new input, it needs to keep up with this standard. The failure to do so can be catastrophic and lead to sanitizer bypasses.” 

The HTML Sanitizer API incorporates XSS security directly into the browser. The API's sanitizer class can be instantiated and used without the need to import external libraries. 

“This moves the responsibility for correct parsing into a piece of software that is already getting frequent security updates and has proven successful in doing it timely,” Braun said. According to Bentkowski, browsers already have built-in sanitizers for clipboard info, so repurposing the code to extend native sanitization capabilities makes perfect sense.

Beware of Lorenz Ransomware Gang Targeting Organizations with Customized Attacks

 

Security researchers have unearthed a new ransomware operation known as Lorenz targeting organizations worldwide with customized attacks and demanding hundreds of thousands of dollars in ransoms. The Lorenz ransomware gang began operating last month and has since compiled a growing list of victims whose stolen data has been published on a data leak site.

According to Bleeping Computer, Michael Gillespie of ID Ransomware: the Lorenz ransomware encryptor is identical to a previous operation known as ThunderCrypt. However, it remains unclear if Lorenz is of the same group or has purchased the ransomware source code to design its own variant. 

Like other ransomware attacks, Lorenz breaches a network and expands laterally to other devices until it secures access to Windows domain administrator credentials. While expanding throughout the system, it will harvest unencrypted files from victims' servers, which they upload to remote servers under their control. This stolen data is then published on a dedicated data leak site to pressure victims into paying a ransom or to sell the data to other threat actors.

According to security experts, this Lorenz gang operates differently as compared to other ransomware gangs. To pressure victims into paying the ransom, Lorenz first makes the data available for sale to other threat actors or possible competitors. After a while, they start releasing password-protected RAR archives containing the victim's data. Unlike other enterprise-targeting ransomware, the Lorenz sample we looked at did not kill processes or shut down Windows services before encrypting. 

Each folder on the computer will be a ransom note named HELP_SECURITY_EVENT.html that contains information about what happened to a victim's files. It will also include a link to the Lorenz data leak site and a link to a unique Tor payment site where the victim can see their ransom demand.

Finally, if the victim doesn’t fall into the trap of the hackers, Lorenz publishes the password for the data leak archives so that they are publicly available to anyone who downloads the files. From ransom notes seen by BleepingComputer, Lorenz ransom demands range from $500,000 to $700,000. 

Furthermore, the ransomware is currently being analyzed for weaknesses, and paying the ransom never guarantees you actually get your data back, as it might still end up for sale on the Dark Web.