New version of DarkGate malware hunts like a Duck but bites like a RAT
The WithSecure Detection and Response Team (DRT) received an alert regarding spoofed process injection with abnormal memory characteristics on a host belonging to a WithSecure Countercept MDR customer.
The DRT triaged the host and determined the presence of malware which had not previously been observed on our customer base. Whilst this malware shared similarities with known ‘infostealers’ (showing a similarity to ‘DUCKTAIL’, which WithSecure identified in the latter half of 2021), the sophistication of observed tradecraft in this case was significantly beyond that seen in other examples.
Since this initial case, the DRT has detected numerous additional infection attempts on various customers across multiple verticals (all of whom had been previously targeted by ‘DUCKTAIL’). Upon the reverse engineering of the malware by members of both the DRT and WithSecure Intelligence, it was determined that this malware was a new version of DarkGate, a malware being marketed as of June 2023 on two prolific cybercrime forums known as xss.is and exploit.in.
Read more
Multiple vulnerabilities in eLinkSmart padlocks
Locks serve as our mundane companions, guarding against our shared fear of intrusion. In some places, the humble lock is gradually being replaced by its smart counterpart – one that’s embedded with electronics, wielding the power of keyless entry.
However, with this great power comes great responsibility – one of ensuring that new functionality doesn’t come at the cost of security. This blog post is a deep-dive into the security implications of a series of smart locks popular in the UK and Germany.
The focus of this work was the eLinkSmart range of Bluetooth-enabled locks. This padlock was selected due to the prominence of the brand on the front page of Amazon, with all of the first five results for “Bluetooth padlock” being eLinkSmart products in the UK at the time of writing. Additionally all of these products were highly reviewed, with thousands of reviews between the four to five star range, as well as being quite affordable.
Several vulnerabilities were found between the locks’ implementation of the Bluetooth Low Energy (BLE) communication and eLinkSmart’s back-end API. These enable an attacker to unlock any lock within Bluetooth range and gather unlock history information including times and locations of any lock in the world, even if location tracking was not enabled by the user.
Read more
AnyDesk Incident Response 02/2024
Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike.
The remediation plan has concluded successfully. The relevant authorities have been notified and we are working closely with them. This incident is not related to ransomware.
We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.
Read more
Following our public statement on 02 February 2024 about a cyber incident at AnyDesk, we can assure you that we immediately took all necessary steps to investigate and mitigate the incident and continue to cooperate with all relevant authorities. All AnyDesk versions obtained from our official sources are safe to use. However, we recommend using the latest versions 7.0.15 and 8.0.8. The forced password reset for our customer portal my.anydesk.com was done out of an abundance of caution. We have no evidence that any customer data has been exfiltrated. Again, we also have no evidence that any end-user devices have been affected by this incident.
Read more
The Mother of all Breaches has revealed 26 billion records
Data from numerous previous breaches was contained in the supermassive leak with an astounding 12 terabytes of information that spans over 26 billion records, according to an article by Vilius Petkauskas, depuity editor at CyberNews.
“The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered. There are data leaks, and then there’s this. A supermassive Mother of all Breaches (MOAB for short) includes records from thousands of meticulously compiled and reindexed leaks, breaches, and privately sold databases. The full and searchable list is included at the end of this article. Bob Dyachenko, cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, has discovered billions upon billions of exposed records on an open instance.”
Read more
Cyberattacks on energy infrastructure in South Africa ramped up
Electricity grids have become the prime targets of hackers, terrorists and rival nations with digital technologies inextricably intertwined in the running of critical infrastructure, according to a recent article by Yunus Kemp of ESI Africa.
“Andre Froneman, Industrial Cyber Security Specialist with the Grove Group, said at the recently held Solar Power Africa event in Cape Town that in South Africa we will also see an increase in cyber attacks as more Independent Power Producers enter the market.
He said that in 2022 Eskom fell victim to a ransomware attack. “Crucial” information from the company’s servers was offered up for sale by the hackers on the dark web. And in 2019, a ransomware attack encrypted City Power’s databases, applications and network – customers were unable to buy electricity and City Power was delayed in responding to blackouts. Froneman said nation states also attacked each other’s systems, to gain market advantage. He forecast that this would increase given the shift in recalibrating energy systems and setting up new ones. “
Read more