OpenBCM V1.07b11 (WIN32)

Packet Radio Mailbox

DBO595

[LAU JN59RM]

 Login: GAST





  

HB1PMS > TECH     18.02.20 08:34l 83 Lines 3782 Bytes #999 (0) @ WW
BID : 2098HB1PMS
Read: DAE595 GAST
Subj: Ukrainian Blackout Malware Spreads Through Dark We
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200217/1916Z 8397@HB1BBS.ZL.NLD.EU BPQ6.0.19

Van: HB1PMS@HB1BBS.ZL.NLD.EU

Ukrainian Blackout Malware Spreads Through Dark Web Forums
February 13, 2020 | Malware and Vulnerabilities 
shell, ssh, key, prompt, tracert, command, network, windows, secure, remote, 
trace, white, bash, server, line, ssh-keygen, what, malware, route, service, 
port, linux, ping, black, deamon, technology, is, terminal, generate, 
silent, connect, quiet, unix, traceroute, information, application, secret, 
virus, client, hacker, tunnel, putty, config, sshd 
The malware now adds attackers’ SSH keys to a list of authorized key files 
on victim machines.
We’re now seeing a ‘trickle-down’ effect, where SSH capabilities are 
becoming commoditized.
Cyber experts at Venafi have found sophisticated backdoor malware 
techniques, that were used to cripple Ukrainian power stations in 2015, 
being deployed more widely by the black hat community.

The malware behavior

The malware specifically targets SSH keys designed to secure remote commands 
for communications between machines.

A single compromised SSH key could allow attackers to reach mission critical 
systems to spread malware or sabotage processes while staying undetected.
As a recent upgrade, malware can now add attackers’ SSH keys to a list of 
authorized key files on victim machines (added as a trusted key).
The other technique malware uses is brute-forcing weak SSH authentication to 
gain access and move laterally across system networks.
Such techniques have been tested and verified over the past year by 
TrickBot, cryptomining campaign CryptoSink, Linux Worm, and Skidmap, 
security experts noted. However, the backdoor SSH server used by the 
BlackEnergy gang, that attack caused mass power outages in parts of Ukraine, 
had far beyond capabilities.

Commoditization of SSH Keys

SSH keys are one of the most critical components in today’s remote user 
authentication system, hence a potent weapon in the wrong hands.

Yana Blachman, threat intelligence specialist at Venafi told that “Until 
recently, only the most sophisticated, well-financed hacking groups had this 
kind of capability. Now, we’re seeing a ‘trickle-down’ effect, where SSH 
capabilities are becoming commoditized.ö

She further added that, with commoditization of SSH keys, attackers will 
attempt to monetize for the backdoor they accessed by selling it through 
dedicated channels to more sophisticated and sponsored attackers including 
nation state threats.

In a similar case, the TrickBot gang were seen selling “bot-as-a-serviceö to 
North Korean hackers.

Final thoughts

Organizations need to have a clear visibility of how their systems are 
running and provide protection for all authorized SSH keys in the enterprise 
to prevent them being hijacked. Their security infrastructure must withstand 
attempts by attackers to insert their own malicious SSH machine identities 
into systems by blocking those immediately.

73 Henk.

======================================================================
  _    _ ____  __ ____  ____   _____ 
 | |  | |  _ \/_ |  _ \|  _ \ / ____|  SYS: Henk (hb1nos@hb1bbs.com)
 | |__| | |_) || | |_) | |_) | (___    QTH: Ouwerkerk - JO11XO
 |  __  |  _ < | |  _ <|  _ < \___ \   BBS: HB1BBS.ZLD.NLD.EU
 | |  | | |_) || | |_) | |_) |____) |  QRV: 27.235 MHz (FM 1200bps)
 |_|  |_|____/ |_|____/|____/|_____/   WEB: www.hb1bbs.com

======================================================================

** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93  

======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed maandag 17 februari 2020  20:15 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU





Lese vorherige Mail | Lese naechste Mail


 23.11.2024 13:30:11lZurueck Nach oben