Search This Blog

Showing posts with label Digital Vulnerabilities. Show all posts

New Method to Perform XS-Leak Side Channel Attacks Disclosed

 

Luan Herrera, a cybersecurity expert committed to vulnerability reporting, detailed another approach to performing a side-channel assault variant known as XS-Leak abusing redirect hops to trigger a cross-site leak condition. Herrera's research centers around the XS-Leaks group of side-channel assaults, equipped for abusing a browser to extricate conceivably sensitive data into the exposed system, including administrator credentials. XS-Leak assault strategies depend on measuring network reaction time to gather information about site visitors by abusing communication channels that permit sites to communicate with one another to recreate a client's or system's profile. 

The documents mention a "novel technique" for abusing a limitation in the Fetch specification, a way that permits sites to call resources: “A limit of 20 redirect hops is set before a network error message appears; because of this limit, threat actors could count the number of redirect hops that occur in a cross-origin redirect by activating the redirect before reaching the victim’s endpoint, measuring network responses, and partially exposing the size of the URL list,” the report says. 

The expert additionally detailed a few different ways to detect and forestall these cross-redirects that can prompt a side-channel assault, including the utilization of SameSite cookies, COOP and frame protections. Google is likewise aware of this issue, so measures such as confining some chrome-accessible websites have just been announced to reduce the amount of data exposed in a potential side-channel assault. 

Herrera concurs that this assault can be forestalled in the same way that similar assault variations are forestalled, although he believes that a holistic perspective on the issue is required: “A comprehensive view of the problem is still being discussed on GitHub about whether it is possible to change the Fetch specification and the limit value in order to prevent the appearance of these attack variants,” adds the researcher. 

The report also incorporates the results of a challenge to deploy an XSS assault utilizing JavaScript code. A Google security expert known as "terjanq" also directed an investigation concerning the XS-Leak family of assaults, describing the launch of a cache polling assault against a small group of Google products, which could deploy a leak of sensitive data.

Is North Korea Planning Something Bigger in the Field of Cyber Crime ?

 

North Korea is excelling in a field of cybercrime with each passing day despite the tight economic sanctions levied by the United Nations and the United States of America in 2006 to prevent North Korea of the necessary funds for its nuclear program. North Korea has boosted its cyber capabilities by exploiting digital susceptibilities across the globe.

North Korea’s hacking groups code-named Lazarus Group or Hidden Cobra have launched several cyber-attacks across the globe to extort money for its banned nuclear weapons development program. Lazarus was suspected of being the driving force behind the famous robbery of nearly $80 million from the Bangladeshi Central Bank.

US Department of Homeland and the FBI in 2017 released a cybersecurity bulletin explaining the connection of North Korea to several cyber-attacks on US businesses and critical infrastructure. In May 2020 North Korea recruited nearly 100 science and technology university graduates into its military forces to oversee its tactical planning systems. Approximately 100 hackers graduate from Mirim College, also known as the University of Automation.

As per the reports of defector testimony, North Korea is training graduates from Mirim College to dismantle Microsoft Windows Operating Systems, build destructive computer viruses and write code in various computer programming languages. WannaCry ransomware a North Korean-led cyberattack in 2017, which wrought havoc in more than 300,000 computers in 150 countries by exploiting vulnerabilities in the Microsoft Windows operating system.

According to US Army reports, the alarming thing is that North Korea is not acting alone, North Korea has recruited nearly 6,000 cyber agents across the globe in four intelligence organizations. China is one of the North Korea supporters, it helps North Koreans illicit cyber activities via training and academic intrusion. North Korean students often study at topmost Chinese science and technology universities such as the Harbin Institute of Technology (HIT) where they have access to advanced technology and equipment which are unavailable in their home country due to U.S. and U.N. sanctions.

In November 2019, the North Korean Chairman of the Education and the Chinese Ministry of Education jointly signed the China-North Korea Education and Cooperation Agreement (2020-2030) to reinforce academic partnerships and postgraduate student exchanges. This tie-up was done to increase foreign exchange and higher education training programs which may lead to increased cybercrime, given the nature of these science and technology universities.

The U.S. government continues to expose new and dangerous cyber groups that pose a serious threat to international security and U.S. national interests. However, all is not lost for the United States and its global allies, the U.S. Department of Justice can mandate cybersecurity audits for U.S. banks and financial institutions as part of deferred prosecution agreements to boost compliance with the basic cybersecurity structure described by the Cybersecurity and Infrastructure Security Agency (CISA) and Financial Action Task Force (FATF).