Hide online hacked4/7/2023 ![]() The attackers aim to push malicious code upstream to a trusted codebase associated with a brand, which then gets distributed downstream to the ultimate target: that brand's partners, customers, or users.Īny system that is open to everyone is also open to adversaries. ![]() Whether in the form of typosquatting, brandjacking or dependency confusion (which initially came to light as a proof-of-concept research but was later abused for malicious purposes), “upstream” attacks exploit trust within known partner ecosystems and capitalize on the popularity or reputation of a brand or software component. Software supply chain security concerns may have gained public attention following the recent SolarWinds breach, but these attacks have been on the rise for some time. Upstream attacks that capitalize on a brand value, reputation or popularity These examples show why attackers find value in targeting legitimate platforms that many firewalls and security monitoring tools may not block. In April, attackers abused GitHub Actions to target hundreds of repositories in an automated attack that used GitHub’s server and resources for cryptocurrency mining. Likewise, automation tools that developers rely on are not immune to being exploited. Cobalt Strike is a popular pen-testing framework to simulate advanced real-world cyberattacks, but like any security software product, it can be misused by adversaries. Recently, crafty attackers abused GitHub and Imgur combined using an open-source PowerShell script that made it possible for them to host a simple script on GitHub that calculates Cobalt Strike payload from a benign Imgur photo. GitHub has also been abused to host malware from Octopus Scanner to Gitpaste-12. In a more recent example, Xavier Mertens at SANS Institute spotted one such malware sample written in Python that contained base64-encoded code to plant a backdoor on the infected system that used Ngrok.īecause Ngrok is widely trusted, the remote attacker could connect to the infected system via an Ngrok tunnel, which will likely bypass corporate firewalls or NAT protections. But malicious actors have abused Ngrok to directly install botnet malware, or connect a legitimate communications service to a malicious server. ![]() Typically, Ngrok is used by ethical hackers interested in collecting data or setting up mock tunnels for inbound connections as a part of bug bounty exercises or pen-testing engagements. This was a common theme seen by security professionals in 2020 that has crept into this year.įrom penetration testing services and tools such as Cobalt Strike and Ngrok, to established open-source code ecosystems like GitHub, to image and text sites like Imgur and Pastebin, attackers have targeted a wide array of trusted platforms in just the past few years. Abusing trusted platforms that won’t raise alarms ![]() Here are five tactics cybercriminals are using to cover their tracks today. This lets them blend in with traffic or activity that may look “clean” to human analysts and machines alike. However, in my own research, I have noticed that in addition to using obfuscation, steganography, and malware packing techniques, threat actors today frequently take advantage of legitimate services, platforms, protocols, and tools to conduct their activities. For example, recently a researcher demonstrated even Twitter wasn’t immune to steganography, and images on the platform could be abused to pack ZIP archives of up to 3MB within them. Older techniques, such as steganography-the art of hiding information including malicious payloads in otherwise benign files, such as images-are evolving, leading to new possibilities. CISOs have an array of ever-improving tools to help spot and stop malicious activity: network monitoring tools, virus scanners, software composition analysis (SCA) tools, digital forensics and incident response (DFIR) solutions, and more.īut of course, cybersecurity is an ongoing battle between attack and defense, and the attackers continue to pose novel challenges.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |