Archive for September 5, 2023

Barracuda found a backdoor trigger in their patched systems 

Posted in Commentary with tags , on September 5, 2023 by itnerd

When Barracuda released a patch on May 18th, it thought it had fixed their 0-day malware problem, but the hackers had other ideas. Some Barracuda users that replaced infected appliances, found the malware reappeared in the new devices. According to Mandiant researchers brought in to remove the malware, this was because:

“It was common practice for impacted victims to export their configuration from compromised appliances so it could be restored into a clean one. Therefore, if the DEPTHCHARGE (malware) trigger was present in the exported configuration, it would effectively enable UNC4841 to infect the clean device with the DEPTHCHARGE backdoor through this execution chain, and potentially maintain access even after complete replacement of the appliance.”

Previously, on May 18th, Barracuda had released a patch to remove UNC4841 from customers devices, but unbeknownst to Barracuda or the Mandiant researchers brought in to remove the malware, the attackers anticipated this action and responded by installing new malware families labeled SKIPJACK, DEPTHCHARGE, and FOXTROT / FOXGLOVE. “This second surge represented the highest intensity of UNC4841 activity identified by Mandiant across the entire campaign, demonstrating UNC4841’s determination in preserving access to specific victim environments.” This defensive move on the part of the attackers was only performed on a very limited number of high priority victims, estimated to be hundreds of devices.

Dave Ratner, CEO, HYAS had this to say:

   “Unfortunately, it is far too common for bad actors to leave hidden backdoors or otherwise initiate mechanisms to maintain their hold on a victim, even post cleanup. The only real way to ensure that incident response and system cleanup has been successful is monitoring the communication traffic leaving the organization — remaining backdoors or infections will continue to beacon out to adversary infrastructure, and with the right visibility this can alert you to their remaining footholds and allow you to truly cleanup after an attack.”

Carol Volk, EVP, BullWall follows with this:

   “Backing up infected files definitely happens. In incident response sessions, we always stress recreating infrastructure from the ground up (not using anything that existed previously) as the best practice for exactly this reason. Usual approaches to prevention cannot prevent this because attackers will always find a way in, so containment is critical.”

Clearly the playbook for dealing with threats to Barracuda hardware is to get a new appliance and set it up from scratch which shows you how crafty these threat actors are. Perhaps this should be in the playbook for any intrusion that you might be dealing with? Just a thought.

Elon Musk Goes After The ADL, But Claims He’s Not Antisemitic…. WTF????

Posted in Commentary with tags on September 5, 2023 by itnerd

I’ve been saying for a while now that Twitter is a cesspool of hate under Elon Musk. And this story from Forbes highlights not only how much hate is on the platform, but how that hate is driven by Elon himself. First some background:

In May, the ADL released a report after monitoring 65 previously banned accounts that Musk had welcomed back to the platform. It found that these accounts were posting antisemitic content and were actually having a compound effect by inspiring antisemitic content among their followers. The organization said it found over 5,000 examples from February 2023 of “virulent antisemitism” posted by 2,173 accounts that followed reinstated accounts. In March, the ADL released a different report revealing that X was not enforcing its own content moderation policies. It noted that 72% of antisemitic tweets that ADL reported as a so-called trusted flagger (an organizational partner that can report content and get it prioritized) were not removed or sanctioned in any way.

For those who aren’t aware, the ADL is the Anti Defamation League. This is an organization that has been fighting hate in all its forms for decades. And this is an organization that needs to be applauded for the work that it does to shine a light on hate in all its forms. But Elon doesn’t agree with that:

Musk has previously criticized the ADL, calling them in a tweet “so aggressive in their demands to ban social media accounts for even minor infractions” and “ironically the biggest generators of anti-Semitism on this platform!”

This is one of these moments where you have no words in terms of how to respond to such a statement. For Elon to say that in 2023 shows you what sort of person he really is. But he didn’t stop there. According to this story, he served these statements up:

“To be super clear, I’m pro free speech, but against anti-Semitism of any kind,” Musk said in a post on X, formerly Twitter, on Monday.

Musk added that the ADL has helped to drive advertising revenue on the platform down. Revenue from advertising in the US is down 60%, according to Musk, and advertisers have told Musk that the ADL’s claims against X and Musk are part of the reason why.

Musk then threatened to file a defamation suit against the ADL.

Now Elon is known for saying stuff that he never does. But I can see a scenario where he sues the ADL. The reason why I say that is that a non profit group that called him out for hate speech got sued by Elon. Thus he only seems to sue the groups that that have the audacity to hold him accountable for his actions. Talk about a having a thin skin.

Also, let’s cover the fact that Elon claims to be against antisemitism. I’m going to call BS on that as his actions and behaviour don’t match that statement. An example of what I am talking about is this:

Musk made the comment after the hashtag #BanTheADL started trending on X over the weekend after the organization’s CEO Jonathan Greenblatt shared a post on Wednesday about a positive conversation he had had with X CEO Linda Yaccarino about “what works and what doesn’t” on the platform. 

Greenblatt’s post was swarmed by right-wing users who criticized the ADL CEO for promoting “censorship” on X and used the hashtag #BanTheADL.

Musk himself chimed in on the debate, and mulled starting a poll on banning the organization and liking posts with #BanTheADL.

Also on Monday, Musk accused the ADL of trying to “kill” his platform by accusing him and it of anti-semitism.

“Since the acquisition, the @ADL has been trying to kill this platform by falsely accusing it & me of being anti-Semitic,” Musk said.

Does this sound like someone who is against antisemitism? I say he’s encouraging it and only saying that that he’s against it because of the blow back that he’s getting.

This latest example of hate on Twitter/X highlights the fact that if you’re still on the platform, you need to leave. It’s bad enough that hate on the platform is at an all time high. But when the guy who owns the platform is helping to drive that hate to even higher levels, it becomes clear that anyone who is against hate of any kind needs to be someplace else. And if you’re advertiser who users Twitter/X as part of your marketing strategy, you need to reconsider how you spend your dollars as Twitter/X is not a place where I would want my marketing dollars spent given the level of hate that is present on the platform.