DecryptedTech

Saturday03 December 2022

Sean Kalinich

Sean Kalinich

Since the beginning of the Russian invasion of Ukraine we have seen a massive increase in what can only be called cyber warfare. This battle is not just being fought at the state level though. Even APT groups have gotten involved as they take sides in the conflict. One step down from that (and only a very small step) we see the hacktivists jumping into the fray on both sides. Now, we see a new and unexpected form of protest from the open source community.

Multi-Factor Authentication is often seen as an answer to account compromise, or at least a partial answer to this issue. The problem is that MFA is that while it can help with account compromise, it is certainly not the end all of account protection and, like any other software control, it is potentially vulnerable to coding mistakes and other flaws that attackers can leverage. According to a recent FBI report state-backed attackers have found a way to abuse certain default configurations to register their own devices.

Yesterday we reported that insider builds of Microsoft’s Windows 11 were displaying ads for other Microsoft services inside File Explorer. Like most people, we felt this was not a good thing and the news went around the internet at a pace typical of things that are bad. In response to this Microsoft release a statement saying, “This was an experimental banner that was not intended to be published externally and was turned off,” Basically the marketing equivalent of a 5-year-old saying they got the cookie for you.

Ukrainian Security Officials are warning of an active phishing campaign. The campaign involves emails that impersonate government agencies and include links to what appear to be critical security updates. The payload of the campaign delivers Cobalt Strike and a few other things to complete the set and compromise the computer.

Microsoft, famous for bad marketing moves, is looking to make another one. In this case the mistake has not hit the general public but is in a preview build of Windows 11. The mistake is shoveling ads to people for other Microsoft products as part of the Windows File Explorer. To say that this move caused some concern with testers is a bit of an understatement. Some even called it “one of the worst places to show ads”

The internet is a great thing. It has allowed peoples of different nations and geographical locations to meet, talk, share information and ideas. The massively connected world we live thanks to the internet is one where information of all kinds is literally at our fingertips. Hovering over all these good things has always been the shadow of censorship, control and digital spying. It has also given rise to crime on a massive scale, multiple new types of bullying, harassment, and assault. Still the idea of massive censorship and information control is one that most would agree is a bad thing.

The concept of an immersive virtual reality world is one that is often talked and written about. It also has been the subject of several movies. When it is the topic of books and movies, it is rarely a good thing. So, when we hear about the creation of a fully immersive world, we view it with a healthy bit of skepticism. Especially when the person behind it is Mark Zuckerberg and his company, Facebook. You might ask why, and there is an easy answer. Facebook ceased being a communication platform a very, very long time ago and is now nothing more than a way to collect information and push ads.

DuckDuckGo, the privacy-focused search engine and browser company, has come under a lot of negative press recently and now are facing pressure from the US government. They have already been labeled as a search engine for “conspiracy theorists” by many media outlets despite not really catering to any one group of people. The reality of the search engine is that it is attractive to people that are not happy with increased data collection from groups like Google, Facebook, and many, many others. A benefit of this is that, until now, DuckDuckGo has also not altered or censored search results based on current political motivations or narratives.

PatchStack has pushed out a report that shows that a shocking 30% of vulnerabilities in WordPress sites are left unpatched. This is not to say that people are not patching (they are not), but the report illustrates that vendors for plugins are not properly updating their own tools and software to address security issues. WordPress is one of the most popular content management systems available and has a very broad ecosystem of plug-ins, themes, and other bolt-on components to make it even more flexible and usable.

Emotet, (not to be confused with Imhotep the ancient Egyptian Polymath) was originally identified in 2014 and quickly became one of the top threats of the decade. After an early start as a banking trojan, the group amassed a huge number of bots that it was able to leverage to execute attacks on targets. This bot infrastructure was then sold as a service to other groups as part of a malware-as-a-Service model. The prevalence and reach of Emotet was enough that in early 2021 the global law enforcement and cyber security community targeted Emotet’s infrastructure and people that had been identified as part of the group. It was a significant hit to the organization.

Page 5 of 210