Tag: power | SpinSafe

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

April 6, 2024/in Internet Security

Mar 29, 2024NewsroomNetwork Security / IoT Security

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless.

“TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024,” the Black Lotus Labs team at Lumen Technologies said.

Faceless, detailed by security journalist Brian Krebs in April 2023, is a malicious residential proxy service that’s offered its anonymity services to other threat actors for a negligible fee that costs less than a dollar per day.

In doing so, it allows the customers to route their malicious traffic through tens of thousands of compromised systems advertised on the service, effectively concealing their true origins.

The Faceless-backed infrastructure has been assessed to be used by operators of malware such as SolarMarker and IcedID to connect to their command-and-control (C2) servers to obfuscate their IP addresses.

That being said, a majority of the bots are used for password spraying and/or data exfiltration, primarily targeting the financial sector, with more than 80% of the infected hosts located in the U.S.

Lumen said it first observed the malicious activity in late 2023, the goal being to breach EoL SOHO routers and IoT devices and deploy an updated version of TheMoon, and ultimately enroll the botnet into Faceless.

The attacks entail dropping a loader that’s responsible for fetching an ELF executable from a C2 server. This includes a worm module that spreads itself to other vulnerable servers and another file called “.sox” that’s used to proxy traffic from the bot to the internet on behalf of a user.

In addition, the malware configures iptables rules to drop incoming TCP traffic on ports 8080 and 80 and allow traffic from three different IP ranges. It also attempts to contact an NTP server from a list of legitimate NTP servers in a likely effort to determine if the infected device has internet connectivity and it is not being run in a sandbox.

The targeting of EoL appliances to fabricate the botnet is no…

Source…

LockBit ransomware gang’s power diminished but not eradicated

March 19, 2024/in Internet Security

Although action by UK and US authorities against the LockBit ransomware gang is a major setback for its operations – and is likely to inhibit its ability to recruit affiliates – such criminal groupings are notoriously resilient and will probably just emerge under a different banner in the near future.

That’s according to Check Point Software Technologies’ threat intelligence group manager Sergey Shykevich, who was speaking to TechCentral in an interview on Tuesday.

“LockBit will still have data at its disposal and the possibility that it will use it in some way in the future is highly likely,” he said. “The threat from this criminal gang and other ransomware groups will continue.”

Britain’s National Crime Agency, the US’s Federal Bureau of Investigation, Europol and a coalition of international police agencies cooperated in an operation that took down the LockBit ransomware gang on 19 February.

Graeme Biggar, NCA director-general, said last month law enforcement officers had “successfully infiltrated and fundamentally disrupted LockBit”.

Over the past four years, LockBit has been involved in thousands of ransomware attacks on victims around the world, from high-profile corporate targets to hospitals and schools.

One of its most recent attacks was on the South African Government Employees Pension Fund (GEPF), which noted on 12 March that data purportedly from its administrator, the Government Pensions Administration Agency (GPAA), had been released by LockBit.

The fund said the GPAA had confirmed that preventive action was taken when it became aware of the attempted access to its systems. The action included “shutting down” all systems to isolate affected areas.

Prolific

The GEPF’s clients include about 1.265-million active members from more than 325 government departments as well as some 475 000 pensioners and other beneficiaries, but the GPAA said pension payments were not affected.

LockBit was the most prolific ransomware group globally until its operations were disrupted, and was by far the most active ransomware gang in South…

Source…

Decoding the Mystery of Encryption: The Power of Public and Private Keys | by Yash Gupta | Sep, 2023

September 4, 2023/in Internet Security

“In the world of encryption, the key to understanding is just a public and private key away.” — Anonymous

In the digital world, the concept of encryption is as ubiquitous as it is vital. It is the bedrock of internet security, safeguarding our data from prying eyes. Encryption is the process of encoding information in such a way that only authorized parties can access it. It is a complex yet fascinating subject, and understanding it requires a deep dive into the realm of public and private keys.

Public and private keys form the basis of today’s encryption

The world of encryption is a labyrinth of complex algorithms and mathematical equations, but at its core, it is a simple concept. It is a method of transforming plain text into an unreadable format, known as ciphertext, to prevent unauthorized access. The process of converting the ciphertext back into its original form is known as decryption.

The two primary types of encryption are symmetric and asymmetric encryption. Symmetric encryption uses a single key for both encryption and decryption. However, it has a significant drawback: the key must be shared between the sender and receiver. This sharing can lead to potential security risks.

Asymmetric encryption, on the other hand, uses two keys: a public key for encryption and a private key for decryption. This method is also known as Public Key Infrastructure (PKI). The public key is available to everyone, while the private key is kept secret by the owner. This method eliminates the need to share keys, thereby enhancing security.

The concept of public and private keys is akin to a mailbox. Anyone can drop a letter (encrypt data) into the mailbox using the visible slot (public key), but only the person with the key to the mailbox (private key) can open it and read the letters (decrypt the data).

The process of generating these keys involves complex mathematical algorithms. The most common algorithm used is the RSA (Rivest-Shamir-Adleman) algorithm. It generates two large prime numbers and multiplies them. The complexity of factoring large prime numbers ensures the security of RSA encryption.

The beauty of public and private keys lies in their interdependence. The public key is used…

Source…

EV Charger Hacking Could Imperil the Security of the Power Grid – Mother Jones

July 20, 2023/in Computer Security

A man wearing shorts and a t-shirt eating a burrito walks past a white Tesla plugged in to a public charging station

Alexi Rosenfeld/Getty Images/Grist

This story was originally published by Grist and is reproduced here as part of the Climate Desk collaboration. It was co-published with Climate Desk partner Wired.

With his electric Kia EV6 running low on power, Sky Malcolm pulled into a bank of fast-chargers near Terre Haute, Indiana, to plug in. As his car powered up, he peeked at nearby chargers. One in particular stood out.

Instead of the businesslike welcome screen displayed on the other Electrify America units, this one featured a picture of President Biden pointing his finger, with an “I did that!” caption. It was the same meme the president’s critics started slapping on gas pumps as prices soared last year, cloned 20 times across the screen.

“It was, unfortunately, not terribly surprising,” Malcolm said of the hack, which he stumbled upon last fall. Such shenanigans are increasingly common. At the beginning of the war in Ukraine, hackers tweaked charging stations along the Moscow–Saint Petersburg motorway in Russia to greet users with anti-Putin messages. Around the same time, cyber vandals in England programmed public chargers to broadcast pornography. Just this year, the hosts of YouTube channel The Kilowatts tweeted a video showing it was possible to take control of an Electrify America station’s operating system.

While such breaches have so far remained relatively innocuous, cybersecurity experts say the consequences would be far more severe at the hands of truly nefarious miscreants. As companies, governments and consumers sprint to install more chargers, the risks could only grow.

In recent years, security researchers and white-hat hackers have identified sprawling vulnerabilities in internet-connected home and public charging hardware that could expose customer data, compromise Wi-Fi networks, and, in a worst-case scenario, bring down power grids. Given the dangers, everyone from device manufacturers to the Biden administration is rushing to fortify these increasingly common machines and establish security standards.

“This is a major problem,”…

Source…

Tag Archive for: power

Prolific