What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-04-12 18:19:00 | APT33 devised a code injection technique dubbed Early Bird to evade detection by anti-malware tools (lien direct) | The Iran-linked APT33 group continues to be very active, security researchers at Cyberbit have discovered an Early Bird code injection technique used by the group. The Early Bird method was used to inject the TurnedUp malware into the infected systems evading security solutions. The technique allows injecting a malicious code into a legitimate process, it allows execution […] | APT33 APT 33 | ||
 |
2018-04-12 14:50:02 | New \'Early Bird\' Code Injection Technique Helps APT33 Evade Detection (lien direct) | Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. | APT33 APT 33 | ||
 |
2018-04-04 14:00:03 | Breaches Increasingly Discovered Internally: Mandiant (lien direct) | >Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant.
The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016.
On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016.
Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days).
Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation.
In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor.
Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region.
When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups.
Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten).
|
Conference | APT33 APT 35 APT 33 APT 32 APT 34 | |
 |
2018-01-23 14:00:00 | OTX Trends Part 2: Malware (lien direct) |
By Javvad Malik and Christopher Doman
This is the second of a three part series on trends identified by AlienVault.
Part 1 focused on the exploits tracked by OTX. This blog will talk about the malware, and Part 3 will discuss trends we’re seeing in threat actors.
Which malware should I be most concerned about?
Most security incidents that a security team will respond to involve malware. We took a look at three sources of malware telemetry to help prioritise popular malware families:
Malware families AlienVault customers detect the most;
Which malware domains are observed the most frequently by Cisco’s Umbrella DNS; and
Malware families with the highest number of individual samples
Which malware families do our customers detect the most?
The following table describes the malware that we detected most frequently on our customers networks:
This table represents malware detected by AlienVault as it communicates across a network, in 2017. This data is biased towards families that we have named network detections for. That means this table is a good representation of malware that is actively running on networks, though it’s important to also review other statistics on malware that has been blocked from running.
The #1 ranked malware, njRat, is particularly popular in the Middle East. It’s a fairly simple .NET backdoor and Youtube is full of videos of how amateur users can deploy it. We often see it packed with a seemingly endless supply of custom packers to evade anti-virus. Whilst the vast bulk of njRat users are low-level criminals, it is also frequently used in targeted political attacks in the Middle East.
A Youtube guide for using njRat
The #2 ranked malware, NetWire, is primarily used by low-end criminals to steal banking details. Again, it is a freely available tool and has also been abused by targeted attackers too.
The top malware we saw for Linux was China ELF DDoS.
We saw little malware for Mac, though the adware MacKeeper was popular.
Which malware domains are observed the most frequently?
We matched known malicious domains from AlienVault OTX against Umbrella DNS’s record of the most visited domains by their customers.
From that we produced this table of the “most popular malicious domains”:
The column |
APT33 Wannacry APT 33 | ||
|
2017-10-20 13:00:00 | Things I Hearted this Week 20th October 2017 (lien direct) |
Another week has passed, and more things continue to catch our attention. So lets just jump right in
Child safety smartwatches
When you’re marketing a ‘smart’ device as a safety device, you better be sure you can secure it.
But it appears that manufacturers of child safety smartwatches didn’t get the memo. The fact that attackers can track, eavesdrop, or communicate with the wearers should be of concern to all parents. The data is also transmitted and stored without encryption – similar to how other toys have stored data in the past, only to be breached.
It’s irresponsible and puts children’s safety directly at risk.
Child safety smartwatches ‘easy’ to hack, watchdog says | BBC
_in_China_(girl).jpg)
Third of business directors have never heard of GDPR
With GDPR around the corner, and the feeling that you cannot escape the acronym wherever you go; it is quite concerning to learn that a third of business directors haven’t heard of it.
While one can understand if the general public is not aware of the upcoming regulation; it is incumbent upon company directors to be aware of increased responsibilities due to GDPR.
GDPR is not just another technical or security requirement, but is based in fundamental privacy rights of citizens and with potentially harsh fines. Despite many months to prepare, it would appear as if GDPR may still catch many companies by surprise.
Third of IoD Members Have Never Heard of GDPR | Infosecurity Magazine
Ghosts of vulnerabilities past
It looks like Microsoft’s bug tracking database was infiltrated back in 2013. The company kept the news quiet and moved on.
It’s pretty worrying what someone with all that information could have / would have done. How many exploits were made possible because some bad guy somewhere found some vulnerabilities they could exploit?
A good reminder that companies should take a hard look at their assets and their value. Not just value in terms of direct business, but the potential impact on customers.
Microsoft responded quietly after detecting secret database hack in 2013 | Reuters
Microsoft never disclosed 2013 hack of secret vulnerability database | ars technica
Microsoft’s bug tracker was hacked in 2013 but it didn’t tell anyone about it | Silicon Angle
Unmasking the ransomware kingpins
This is a great read by Elie Bursztein on exposing the cybercriminal groups that dominate the ransomware underworld. It’s the third party in a trilogy of blogs – I probably can’t do it justice so it’s best you go check it out: Unmasking the ransomware kingpins
A Stick Figure Guide to the Advanced Encryption Standard (AES)
This is an old post – like really old from 2009. But I only came across it recently and found it to be real |
APT33 APT 33 | ||
|
2017-10-17 13:00:00 | Newly Discovered Iranian APT Group Brings State-sponsored Cyber Espionage into Focus (lien direct) | State-sponsored cyber espionage has been rising steadily in recent years. Whether it’s high-profile attacks such as North Korea’s hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, the stories are mounting. Iran has also been in the cyber espionage news, with major suspected attacks ranging from the Las Vegas Sands attack in 2014 to the DDOS attack on numerous US banks in 2016. Beyond these high-profile attacks, there are also countless examples of low-profile attacks. While these attacks don’t make the major headlines, they may actually be more relevant to your organization. In this blog, we zero in on this lesser-publicized activity, focusing on a recently discovered Iranian hacker group, dubbed APT33, the tools they have developed, and how AlienVault can help you detect this activity in your environment. What is state-sponsored cyber espionage and what are the typical goals? First, a quick primer on state-sponsored cyber espionage. State-sponsored cyber espionage is the act of obtaining secrets and information from individuals, competitors, rivals, groups, governments, and enemies, without the permission and knowledge of the holder of the information, usually for economic, political, or military advantage. The goals of these state-sponsored groups or individuals range from basic theft or sabotage to collecting military and diplomatic information to enabling domestic organizations to compete on a global economic level. Why should you care? Should you be concerned about state-sponsored cyber hacks? In a word, yes. And, it’s really the low-profile attacks from state-sponsored hackers that should be most concerning. This is because the tools and methods that these hackers develop and utilize can be leveraged by other nefarious hackers against your organization. You need to be alerted to and protected against these tools. Who is APT33? This leads us to Iranian group Advanced Persistent Threat 33 (APT33), a group recently chronicled by security firm FireEye. FireEye assessed that APT33 works at the behest of the Iranian government, and they attribute to APT33 many breaches of Saudi Arabian, South Korean, and US organizations ranging from the aviation sector to the energy sector. The primary goals of APT33 appear to be to enhance Iran’s domestic aviation capabilities or to support Iran’s military decision making against Saudi Arabia. Notably, FireEye has found signs of APT33 activity in some of its own clients' networks, but suspects the APT33 intrusions have been on a wider scale. APT33 has unveiled new tools, including a new backdoor. APT33 has developed numerous tools, including a new backdoor called TURNEDUP. TURNEDUP is capable of uploading and downloading files, creating a reverse shell, taking screenshots, and gathering system information. FireEye found that APT33 has also leveraged Dropshot, a drop | Guideline | APT33 APT 33 | |
 |
2017-09-24 17:34:21 | Révélation sur le Groupe de Hackers Iranien APT33 (lien direct) | Le groupe APT33 a ciblé les secteurs de l'énergie et de l'aéronautique. Découverte de leurs activités et leurs techniques. La société FireEye vient de publier une étude sur les pirates informatiques d’APT33. Des pirates qui planeraient du côté de l’Iran. Des " black hackers " qui mènent ... | APT33 APT 33 | ||
|
2017-09-22 13:00:00 | Things I hearted this week - September 22 (lien direct) | It’s been another hectic week in the world of Infosec / IT security / Cyber Security (choose as appropriate). So let’s jump straight into it. APT 33 Iran is building up its cyber capabilities and the emergence of a group of hackers, dubbed APT33, has given rise to concerns the nation's cyberwarfare units are looking to launch destructive attacks on critical infrastructure, energy and military bodies. Meet APT33: A Gnarly Iranian Hacker Crew Threatening Destruction |Forbes Threat data, IOCs and information on APT33, aka greenbug | OTX Data breaches and Class action lawsuits Should individuals whose data has been breached have the right to sue companies? It’s a tricky question, and one that the courts are seemingly having trouble on deciding on. Recently, a judge dismissed two consolidated class actions by more than 21m federal employees who had information breached by the Office of Personnel Management (OPM). The Judge concluded that the federal employees could not establish their threshold right to sue in federal court because they had not shown they faced imminent risk of identity theft, even though nearly two dozen of those named in the class actions claimed their confidential information has already been misused. Hopefully things will change going forward. The problem with identity theft is that it’s not time-dependant. An attacker could hoard details for a long period before committing a crime. And even when an identity is stolen, it is difficult to tie back to where the breach occurred. OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal | Dark Reading OPM Says Gov't Workers' Data Breach Suit Fails | Law360 In the long run, class actions may not be the best way to redress data breaches | Reuters Somewhat related, My three years in identity theft hell | Bloomberg The Ghost of Windows XP As the lyrics go, “They stab it with their steely knives, but they just can’t kill the beast.” In this case, the beast seems to be Win XP, which, despite being woefully outdated, continues to make its presence felt. The latest announcement being that a fifth of the Manchester police department are running Win XP. Manchester police still relies on Windows XP | BBC Manchester Police are using Windows XP on one in five computers | V3 When insurance goes too far Melina Efthimiadis along with her husband wanted to add personal umbrella liability insurance to their Nationwide homeowner's policy. She says they have been low risk clients so she didn't think it would be a problem. In the application process for Nationwide, Melina says they had to write down the number of dogs they owned and their breeds, wh | Guideline | CCleaner APT33 APT 33 | |
|
2017-09-21 17:54:36 | Iranian APT33 Targets US Firms with Destructive Malware (lien direct) | APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill. | APT33 APT 33 | ||
 |
2017-09-21 09:31:03 | Iranian hacking group APT33 creators of destructive malware (lien direct) | Advanced Persistent Threat 33, an Iranian hacking group, has been linked to a series of breaches of companies in the aerospace, defense, and petrochemical industries in countries as wide-ranging as Saudi Arabia, South Korea, and the US. View Full Story ORIGINAL SOURCE: Wired | APT33 APT 33 | ★★★★★ | |
 |
2017-09-21 06:57:39 | FireEye révèle les activités du groupe iranien APT33 (lien direct) |  FireEye, le spécialiste de la sécurité des réseaux basée sur l'intelligence, annonce les détails d'un groupe de "hackers" iranien aux capacités potentiellement destructrices, qu'il a baptisé APT33. Ce groupe a déjà ciblé les secteurs de l'énergie et de l'aéronautique. |
APT33 APT 33 | ||
|
2017-09-21 06:25:15 | (Déjà vu) Iranian cyber spies APT33 target aerospace and energy organizations (lien direct) | The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. The APT33 group has […] | APT33 APT 33 | ||
 |
2017-09-20 11:53:19 | APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware (lien direct) | Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea.
According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and
|
APT33 APT 33 | ||
 |
2017-09-20 09:00:00 | Aperçu du cyber-espionnage iranien: APT33 cible les secteurs de l'aérospatiale et de l'énergie et a des liens avec des logiciels malveillants destructeurs Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware (lien direct) |
Lorsque vous discutez des groupes de pirates suspects du Moyen-Orient avec des capacités destructrices, beaucoup pensent automatiquement à la Groupe iranien présumé qui utilisait auparavant Shamoon & # 8211;AKA distrtrack & # 8211;pour cibler les organisations dans le golfe Persique.Cependant, au cours des dernières années, nous avons suivi un groupe iranien suspect séparé et moins largement connu avec des capacités destructrices potentielles, que nous appelons APT33.Notre analyse révèle que l'APT33 est un groupe capable qui a effectué des opérations de cyber-espionnage depuis au moins 2013. Nous évaluons les œuvres APT33 à la demande du gouvernement iranien.
récent
When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with potential destructive capabilities, whom we call APT33. Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government. Recent |
Malware | APT33 APT 33 APT 33 | ★★★★ |
To see everything:
Our RSS (filtrered)
