My takeaways from last week – Nov 15, 2021

What if you get an email (genuinely) from FBI telling you about an ongoing cyber attack? Would you believe it? I think I would! …but shouldn’t. Read on to see why and also to get some quick takeaways from last week.

On Friday, an incident involving the FBI email servers surfaced to the public audience. Tens of thousands of emails were sent from an FBI email server on Nov 12th, warning about a (fake) ongoing attack. It seems that behind the attack is a hacking group named Pompompurin and the main reason was to discredit Vinny Troia, a security researcher who wrote a book revealing information about the hacking group TheDarkOverlord. The story is pretty interesting as Pompumpurin even sent an email from the compromised server to Brian Krebs of Krebs on Security Beyond the incident itself there is something to learn for all of us: nothing should be fully trusted. Everyone, including governments agencies, is at risk of being hacked and thus even communication that originates (genuinely) from official sources should be critically evaluated. Be mindful especially of weird wording and unusual requests.

The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line “Urgent: Threat actor in systems” originating from a legitimate FBI email address “eims@ic.fbi[.]gov” that framed the attack on Vinny Troia, a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, while also claiming him to be affiliated with a hacking outfit named TheDarkOverlord.

No week goes by without something worth noting in the IOT space. BotenaGo, a new malware with the potential of exploiting millions of routers and IOT devices was discovered by AT&T AllienLabs researchers. What caught my eyes is the language used for writing the code: Golang, Google’s open-source programming language. Because the programming language is written to simplify the deployment of apps on various types of systems, Golang raised the interest of malware developers in recent years (by 2000% according to some researchers. Another reason for the accelerated adoption is the difficulty to detect malware written in Go.

BotenaGo has more than 30 different exploit functions to attack a target.The malware creates a backdoor and waits to either receive a target to attack from a remote operator through port 19412 or from another related module running on the same machine. It is yet unclear which threat actor is behind the malware and number of infected devices.

The next takeaway fits into the “what if” category. We are taking many things for granted and miss their true importance. Time synchronization is one of them. We are using Network Time Protocol (NTP) to sync our devices with reference internet clocks. Like any other service, the time infrastructure can be attacked and the consequences would be significant. Everything from financial transactions, industrial systems, forensics to many other services relies on accurate timing. Here is an interesting read on what could happen in case of a major attack on the Internet time infrastructure.

“I was curious if I could spoof the time” synchronization signal, he [Adam Laurie] explained in a keynote on his research. So he built his own simulated time-signal system using an open source tool called txtempus, which simulates signals for syncing the time on clocks and watches, and ran it on Raspberry Pi outfitted with a radio-frequency identification (RFID) antenna.

Not everything was gloomy in my last week’s readings. I’m adding two of the resources that I found valuable. None is groundbreaking in terms of ideas, but I liked the way they are put together.

First is a resource on how to protect our digital life:

Even those who consider themselves well educated about cyber crime and security threats—and who do everything they’ve been taught to do—can (and do!) still end up as victims. The truth is that, with enough time, resources, and skill, everything can be hacked.

Second is a checklist of best practices against ransomware:

Although ransomware can cause serious damage to your business and reputation, it’s not invincible. In fact, it’s only as strong as your organization’s weakest link. The good news is that there are clear steps your organization can take to prevent being a cybercrime target and diminish the likelihood that an attack could take down your business.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s