While there’s always a new malware of the moment, Snake Malware, which is associated with Russian hackers affiliated to FSB is one that you might want to be concerned about. The CISA are so concerned about it that they have put out an advisory on this malware. And when you read the technical description on this malware, it should make you re-evaluate your defences.
Kevin Bocek, VP,Ecosystem and Community at Venafi had this comment on Snake:
“According to more information released about the Snake Ransomware uncovered by the U.S. Department of Justice earlier this month, cybercriminals appear to have fallen into a trap. Namely, they have neglected the basics of machine identity management. The CISA Advisory published a report suggesting that the OpenSSL library the group used for the Diffie-Hellman key exchange had a significant vulnerability. Snake’s key set generated during the exchange used a wholly inadequate prime length of only 128 bits. This made this process completely insecure for asymmetric key systems and vulnerable to today’s machine-to-machine operations, whether for malware or transactions. In addition, when Snake was hastily deployed, users failed to remove certain components, inadvertently exposing function names, plaintext strings, and developer comments.”
“This again shows how difficult it is to properly manage machine identities manually – both for developers and security teams. Even experienced attackers obviously make mistakes. In this case, the malware’s developers did not properly configure one. This allowed the machine identities to be exposed, making the communications no longer private or even open to another attacker and revealing who the operators of Snake were. At best, this could have rendered the entire campaign useless; at worst, the Snake developers could have been attacked by other cybercriminals themselves.”
“The lesson is that machine identity management requires developers, operations and security teams to work closely together. In a world where machines transact, protect and attack, machine identity management is increasingly important.”
Well it seems that even the bad guys have issues creating malware that doesn’t give away clues about what it’s all about. Defenders should take that as a hint that they should do better when it comes to ensuring that they are as secure as possible.
Like this:
Like Loading...
Related
This entry was posted on May 25, 2023 at 12:59 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Snake Malware Is Something That You Might Want To Keep An Eye On
While there’s always a new malware of the moment, Snake Malware, which is associated with Russian hackers affiliated to FSB is one that you might want to be concerned about. The CISA are so concerned about it that they have put out an advisory on this malware. And when you read the technical description on this malware, it should make you re-evaluate your defences.
Kevin Bocek, VP,Ecosystem and Community at Venafi had this comment on Snake:
“According to more information released about the Snake Ransomware uncovered by the U.S. Department of Justice earlier this month, cybercriminals appear to have fallen into a trap. Namely, they have neglected the basics of machine identity management. The CISA Advisory published a report suggesting that the OpenSSL library the group used for the Diffie-Hellman key exchange had a significant vulnerability. Snake’s key set generated during the exchange used a wholly inadequate prime length of only 128 bits. This made this process completely insecure for asymmetric key systems and vulnerable to today’s machine-to-machine operations, whether for malware or transactions. In addition, when Snake was hastily deployed, users failed to remove certain components, inadvertently exposing function names, plaintext strings, and developer comments.”
“This again shows how difficult it is to properly manage machine identities manually – both for developers and security teams. Even experienced attackers obviously make mistakes. In this case, the malware’s developers did not properly configure one. This allowed the machine identities to be exposed, making the communications no longer private or even open to another attacker and revealing who the operators of Snake were. At best, this could have rendered the entire campaign useless; at worst, the Snake developers could have been attacked by other cybercriminals themselves.”
“The lesson is that machine identity management requires developers, operations and security teams to work closely together. In a world where machines transact, protect and attack, machine identity management is increasingly important.”
Well it seems that even the bad guys have issues creating malware that doesn’t give away clues about what it’s all about. Defenders should take that as a hint that they should do better when it comes to ensuring that they are as secure as possible.
Share this:
Like this:
Related
This entry was posted on May 25, 2023 at 12:59 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.