Domain: recordedfuture.com
Stories and comments across the archive that link to recordedfuture.com.
Stories · 7
-
China Hacked Norway's Visma To Steal Client Secrets, Investigators Say (reuters.com)
A prolific espionage group, which the U.S. government believes is Chinese, compromised billion-dollar business service provider Visma in 2018, according to a report by Recorded Future, a threat intelligence firm. From a report: The attack was part of what Western countries said in December is a global hacking campaign by China's Ministry of State Security to steal intellectual property and corporate secrets, according to Recorded Future. China's Ministry of State Security has no publicly available contacts. The foreign ministry did not respond to a request for comment, but Beijing has repeatedly denied any involvement in cyber-enabled spying. Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients. Cyber security firms and Western governments have warned about Cloudhopper several times since 2017 but have not disclosed the identities of the companies affected. -
75% of Malware Uploaded on 'No-Distribute' Scanners Is Unknown To Researchers (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown, US-based security firm Recorded Future reports, to security firms and researchers for longer periods of time. Although some antivirus products will eventually detect this malware at runtime or at one point or another later in time, this leaves a gap in terms of operational insight for security firms hunting down up-and-coming malware campaigns. -
New Shodan Tool Tracks Down Botnet Command-And-Control Servers (thestack.com)
An anonymous reader quotes The Stack: Search engine Shodan has announced a tool to help businesses hunt out and block traffic from malware command-and-control servers. The new Malware Hunter service, which has been designed in a collaborative project with threat intelligence company Recorded Future, continuously scans the internet to locate control panels for different remote access Trojans, including Gh0st RAT, Dark Comet, njRAT, XtremeRAT, Net Bus and Poison Ivy. The internet crawler identifies botnet C2 servers by connecting to public IP addresses and sending traffic which mimics that of an infected device. If the receiver computer sends back a response, that server is flagged.
The article reports that Shodan's Malware Hunter tool has already traced over 5,700 RAT servers -- more than 4,000 of them based in the United States. -
Election Assistance Commission Hacked Using SQL Injection (reuters.com)
whoever57 writes: The commission that is responsible for ensuring the integrity of voting machines was itself hacked. The hacker gained access to non-public reports on weaknesses in voting machines. The hack occurred after the election, so it is unlikely that this hack resulted in changing the result. However, if one hacker can break in, how does anyone know that there was not a prior hack? The hack used an SQL injection flaw to gain access to usernames and passwords which were then cracked. wiredmikey adds: Researchers have discovered that a Russian-speaking hacker broke into the U.S. Election Assistance Commission (EAC) systems, and has been trying to sell stolen access credentials -- including admin-level -- on the underground. On December 1, researchers with Recorded Future discovered internet chatter that appeared to relate to an EAC breach. A hacker, called "Rasputin" by Recorded Future, was discussing the sale of more than 100 EAC access credentials to a middle-eastern government broker. The hacker claimed to have accessed the systems via an SQLi vulnerability, which Recorded Future was able to locate and report. EAC said Thursday that was aware of the "potential intrusion" and was investigating the incident. -
Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 (onthewire.io)
Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says. -
8 of the 10 Top Security Flaws Used By Cyber-Criminals This Year Were Flash Bugs (recordedfuture.com)
An anonymous reader writes: Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015. Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker. Vulnerabilities in Microsoft's Internet Explorer and Silverlight are also major targets. All of these are the conclusions of a Recorded Future report. -
New IP Address Blacklist Based On Web Chatter
itwbennett writes: A new approach to assembling blacklists analyzes chatter on the dark and open Web and can find malicious IP addresses that would have been missed using honeypots and intrusion detection systems, according to a report by security startup Recorded Future. On traditional blacklists, 99 percent of the addresses are for inbound activity, 'when someone is attacking your system from an external address,' said Staffan Truvé, chief scientist and co-founder at Recorded Future. On Recorded Future's new list, half of the addresses are for outbound activity, 'when an intruder is already in your systems, and is trying to connect to the outside world to exfiltrate data,' said Truvé. For example, Recorded Future identified 476 IP addresses associated with both the Dyreza and the Upatre malware families — only 41 of which were known to existing blacklists.