Exploring 5G implications
The New Yorker had an interesting write up on 5G last week. In the article they made some good points about the security, privacy, and health implications of 5G.
The military implications were also explored in a blog post on the Council on Foreign Relations site.
This highlights a few areas of focus for Baffin Bay Networks.
Significant improvements in connectivity, configuration and identity management problems not being adequately addressed, especially in IoT devices, and an ever increasing landscape of sophisticated adversaries amplifies today's already risky and challenging environment. Some of the key questions we are focused addressing include:
- How do we identify, track, and respond to compromised and vulnerable devices in a complex environment with largely ephemeral devices that change locations and IPs often? To complicate matters these networks are increasingly becoming the primary networks our customer's customers use to access the services we protect.
- How do we reduce the signal to noise ratio enough to give our customers' security analysts the ability to identify and respond to more sophisticated attackers?
- What are the security and privacy implications for our customers as their user base becomes increasingly dependent on technology in their daily lives?
An example of the state of IoT can be found this article, which not only highlights privacy impacting vulnerabilities but also poor vendor response upon discovery. https://www.zdnet.com/article/over-two-million-iot-devices-vulnerable-because-of-p2p-component-flaws/
Jasperloader malware loader target European countries with banking trojan
Cisco Talos identified a malware loader called Jasperloader which is being used in European countries to load banking banking trojan software. in addition to using a loader the campaign they outlined also uses domain shadowing (creation of legit subdomains using stolen creds) similar to the Angler Exploit Kit.
With the emergence of Emotet, and other loaders like this one multi-stage malware appears to be trending upwards in use by less sophisticated attackers. This introduces a number of challenges for us as security professionals. First, it becomes harder to assess intent and or impact if when during response we only find the loader. Second, as techniques like these trickle down it is harder to use these techniques to distinguish between crimes of opportunity and targeted attacks from more sophisticated attackers.
DockerHub database compromise
190,000 usernames and password hashes as well as GitHub and Bitbucket tokens were exposed. I anticipate we will continue to see an increase in attacks that focus on ways to compromise the opens source supply chain. Some other common ways developers are targeted include watering hole attacks and phishing (example: 2017 dimnie attack campaign)
It's also worth noting that hardware supply chain attacks continue.
NSA's tool leaks continues to plague the security industry
While the leak of APT 34's tools received quite a bit of attention over the last couple weeks, leaked NSA tools continue to plague the security industry. Symantec researchers published research on a new cryptojacking malware, Beapy, that leverages DoublePulsar to create a persistent backdoor and EternalBlue to spread laterally.
Over the last week Baffin Bay Network's sensors found that scanning and attacks on port 445 continued to dwarf all other attacks in pure volume. To put the scale in perspective port 445 was attacked about 300% more than the second most attacked attacked port 5060 and about 90000% more than the 10th most attacked port this week.
F5 Labs released second regional threat perspectives report in partnership Baffin Bay Networks
On Wednesday F5 released an article on attacks targeting Australia that is the second article in a series titled Regional Threat Perspectives. These reports are produced in conjunction with Baffin Bay Networks.