APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit

in #cybersecurity3 years ago

A Brief History of the Cybersecurity Profession

Cybersecurity careers are in high demand, but a closer look at the timeline of network technology and the Internet reveals that this has virtually always been the case. While cybercriminal attacks have become more sophisticated than phone scams and phishing emails, the occasional review of such tactics can shed light on valuable insights that today’s cybersecurity professionals can learn from—and that enterprises hiring for cybersecurity positions can use to inform their candidate selection processes.


Source: https://QUE.com

At the turn of the century when distributed denial-of-service (DDoS) attacks first occurred, network carriers scrambled to train existing staff and recruit as many professionals as possible. The small number of network security professionals struggled to keep up with what was then an unexpected surge in illicit activity, at the worst of all times, just as reliance on network technology was growing exponentially with the promise of the Internet. Network providers had dreamed of the business value of the Internet for marketing and sales, research, and government work, and they were not alone. Criminals with a technical bent seized their own opportunities and cybercrime started a never-ending upward climb.

continue reading: https://www.isaca.org/resources/news-and-trends/industry-news/2022/a-brief-history-of-the-cybersecurity-profession

External Threats Growing Faster Than Response Capabilities
In a new survey, a majority of education organizations reported they have not improved their cybersecurity detection or resolution capabilities — even as attacks against schools have skyrocketed during the pandemic. That’s according to seventh annual Public Sector Cybersecurity Survey Report from SolarWinds, released this morning.

Cybersecurity experts and the U.S. Department of Education have warned in recent months of the marked increase in cyberattacks on schools and universities, and the K–12 Cybersecurity Act of 2021, signed into law in October, directs the Cybersecurity and Infrastructure Security Agency to identify risks and provide resources for schools to better protect their IT security. According to Government Computer News, from Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks, or 63% of all such attacks.

continue reading: https://campustechnology.com/articles/2022/01/11/cybersecurity-survey-external-threats-growing-faster-than-response-capabilities.aspx

Microsoft: powerdir bug gives access to protected macOS user data
Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users’ protected data.

The Microsoft 365 Defender Research Team has reported the vulnerability dubbed powerdir (tracked as CVE-2021-30970) to Apple on July 15, 2021, via the Microsoft Security Vulnerability Research (MSVR).

continue reading: https://www.bleepingcomputer.com/news/microsoft/microsoft-powerdir-bug-gives-access-to-protected-macos-user-data/

Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse
A recent campaign leveraging public cloud infrastructure is deploying not one, but three commercial Remote Access Trojans (RATs).

Nanocore, Netwire, and AsyncRAT payloads are being deployed from public cloud systems in what Cisco Talos suggests is a way for cyberattackers to avoid having to own or manage their own private, paid infrastructure — such as through ‘bulletproof’ hosting which may eventually capture the interest of law enforcement.

continue reading: https://www.zdnet.com/article/remote-access-trojans-spread-through-microsoft-azure-aws-cloud-service-abuse/

APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
With the emergence of the Log4j security vulnerability, we’ve already seen multiple threat actors, mostly financially motivated, immediately add it to their exploitation arsenal. It comes as no surprise that some nation-sponsored actors also saw this new vulnerability as an opportunity to strike before potential targets have identified and patched the affected systems.

APT35 (aka Charming Kitten, TA453, or Phosphorus), which is suspected to be an Iranian nation-state actor, started widespread scanning and attempts to leverage Log4j flaw in publicly facing systems only four days after the vulnerability was disclosed. The actor’s attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous infrastructure, which made the attack easier to detect and attribute.

continue reading: https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/

Hackers take over diplomat’s email, target Russian deputy minister
Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.

One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America.

continue reading: https://www.bleepingcomputer.com/news/security/hackers-take-over-diplomats-email-target-russian-deputy-minister/

Read more Cyber Security News at https://que.com/tag/cybersecurity/

Thank you for reading. Stay safe and stay healthy.
@Yehey [ Witness ]


Posted via Steeming.com