Dejkala
No Result
View All Result
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
No Result
View All Result
Dejkala
No Result
View All Result
Home Latest update

This stealthy hacking campaign uses a new trick to deliver its malware- Dejkala

by hasibul
October 31, 2022
in Latest update
0
This stealthy hacking campaign uses a new trick to deliver its malware- Dejkala
0
VIEWS
Share on FacebookShare on Twitter


close-up-shot-of-hacker-hands-typing-on-a-keyboard-under-purple-lighting

Image: Getty/Erikona

Highly skilled cyber attackers are using a never-before-seen technique to stealthily infect victims with malware by abusing legitimate tools. 

The campaign has been detailed by cybersecurity researchers at Symantec, who say that the attackers can spend more than 18 months inside the networks of victims, all while taking steps to ensure their activity stays under the radar to avoid detection in what’s thought to be an intelligence-gathering and espionage operation. 

How the attack begins is still uncertain, but victims become infected with a previously undocumented form of malware dubbed Geppei, which is used to deliver another form of backdoor malware that has been named Danfuan, which provides secret access to compromised machines, along with the ability to snoop on data stored or entered on systems. 

The attackers attempt to stay under the radar by installing backdoors on appliances that didn’t support security tools, such as SANS arrays, load balancers, and wireless access point controllers.

Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

What makes this campaign unique is the way Geppei abuses Internet Information Services (IIS) logs to remain undetected, something which researchers say they’ve not seen used in attacks before. 

IIS logs form part of Windows server services and are commonly used for troubleshooting web applications, along with providing information on how users interact with websites and applications. 

Geppei reads commands from a legitimate IIS log, which are meant to record data from IIS, such as web pages and apps. In this scenario, the attackers can send commands to a compromised web server by disguising them as web access requests and, while IIS logs them as normal, the trojan can read them as commands. The commands read by Geppei contain malicious encoded files that are saved to an arbitrary folder and they run as backdoors.

“The use of IIS logs by the attacker is one of the most interesting things about this campaign. The technique of reading commands from IIS logs is not something Symantec researchers have seen being used to date in real-world attacks,” Brigid O Gorman, senior intelligence analyst at Symantec Threat Hunter Team, told ZDNET. 

The attacks are linked to a group that Symantec calls Cranefly – also known as UNC3524. Researchers suggest that the novel and exceedingly stealthy methods used in this campaign indicate that it’s the work of a “fairly skilled threat actor” who is motivated by intelligence gathering. 

“The development of custom malware and new tools requires a certain level of skills and resources that not all threat actors have, so it implies that those behind Cranefly have a certain level of skills that makes them capable of carrying out stealthy and innovative cyberattacks,” said O Gorman. 

Symantec hasn’t linked the attacks to any particular attacker, but researchers at Mandiant have previously noted that methodologies used in campaigns by Cranefly/UNC3524 “overlapped with techniques used by multiple Russia-based espionage threat actors”. 

The campaign isn’t widespread, but that doesn’t mean it doesn’t pose a danger to organizations – particularly as the campaign remains active and those behind it are adopting new techniques to hide attacks. However, there’s action that can be taken to help prevent this attack and other malicious cyber campaigns. 

“Organizations should adopt a defense in-depth strategy, using multiple detection, protection, and hardening technologies to mitigate risk at each point of a potential attack chain,” recommends O Gorman. 

Techniques that organizations can employ to help prevent or detect attacks include using two-factor authentication on accounts, adopting network segmentation, and avoiding the use of default passwords. 

MORE ON CYBERSECURITY


Related

ShareTweetShare

Related Posts

Solo Stove fire pit bundles are over 45 percent off right now- Dejkala
Latest update

Solo Stove fire pit bundles are over 45 percent off right now- Dejkala

March 31, 2023
This desk add-on fixed my shoulder pain. It might help yours, too- Dejkala
Latest update

This desk add-on fixed my shoulder pain. It might help yours, too- Dejkala

March 31, 2023
Sources: YMTC expects to begin production at a new chip plant in H2 2024 by relying more on domestic suppliers, boosting China's self-sufficiency efforts (Qianer Liu/Financial Times)- Dejkala
Latest update

Sources: YMTC expects to begin production at a new chip plant in H2 2024 by relying more on domestic suppliers, boosting China's self-sufficiency efforts (Qianer Liu/Financial Times)- Dejkala

March 31, 2023
Engadget Podcast: ‘Tetris’ creator chats about the ‘Tetris’ movie- Dejkala
Latest update

Engadget Podcast: ‘Tetris’ creator chats about the ‘Tetris’ movie- Dejkala

March 31, 2023
Rocket Report: ULA Centaur stage has an ‘anomaly,’ Virgin Orbit funding is dire- Dejkala
Latest update

Rocket Report: ULA Centaur stage has an ‘anomaly,’ Virgin Orbit funding is dire- Dejkala

March 31, 2023
Sources: Jack Ma remains active in deciding Alibaba's strategy and engineered the split from overseas by telling executives it would make the company nimble (Wall Street Journal)- Dejkala
Latest update

Sources: Jack Ma remains active in deciding Alibaba's strategy and engineered the split from overseas by telling executives it would make the company nimble (Wall Street Journal)- Dejkala

March 31, 2023
Next Post
An investigation details ongoing plans by the US DHS to police online misinformation on COVID-19, Afghanistan, and more; Meta built a portal to aid reporting (The Intercept)- Dejkala

An investigation details ongoing plans by the US DHS to police online misinformation on COVID-19, Afghanistan, and more; Meta built a portal to aid reporting (The Intercept)- Dejkala

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Recommended

Best early Walmart Black Friday deals 2022: $600 off LG TV, $200 off Acer Chromebook- Dejkala

Best early Walmart Black Friday deals 2022: $600 off LG TV, $200 off Acer Chromebook- Dejkala

November 4, 2022
Prosecutors charge six, seizes 48 domains over DDoS-for-hire services- Dejkala

Prosecutors charge six, seizes 48 domains over DDoS-for-hire services- Dejkala

December 15, 2022
Twitter auction’s highest bid was $100K; it could owe $300M next week- Dejkala

Twitter auction’s highest bid was $100K; it could owe $300M next week- Dejkala

January 19, 2023
Chatting with Bing Chat, codenamed Sydney and sometimes Riley, feels like crossing the Rubicon, showing how AI can "hallucinate" to convey emotions, not facts (Ben Thompson/Stratechery)- Dejkala

Chatting with Bing Chat, codenamed Sydney and sometimes Riley, feels like crossing the Rubicon, showing how AI can "hallucinate" to convey emotions, not facts (Ben Thompson/Stratechery)- Dejkala

February 15, 2023
The company is bringing a new laptop called Realme Book Prime to India

The company is bringing a new laptop called Realme Book Prime to India

February 13, 2022
Did Oregon once host a nesting colony of pterosaurs?- Dejkala

Did Oregon once host a nesting colony of pterosaurs?- Dejkala

March 14, 2023
Solo Stove fire pit bundles are over 45 percent off right now- Dejkala

Solo Stove fire pit bundles are over 45 percent off right now- Dejkala

March 31, 2023
This desk add-on fixed my shoulder pain. It might help yours, too- Dejkala

This desk add-on fixed my shoulder pain. It might help yours, too- Dejkala

March 31, 2023
Sources: YMTC expects to begin production at a new chip plant in H2 2024 by relying more on domestic suppliers, boosting China's self-sufficiency efforts (Qianer Liu/Financial Times)- Dejkala

Sources: YMTC expects to begin production at a new chip plant in H2 2024 by relying more on domestic suppliers, boosting China's self-sufficiency efforts (Qianer Liu/Financial Times)- Dejkala

March 31, 2023

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Pages

  • About Us
  • Banking & loan
  • Car’s & Bike’s
  • Contact Us
  • Games
  • Home
  • Home 2
  • Privacy Policy
  • Tech

© 2022 Dejkala

No Result
View All Result
  • Homepages
    • Home – Layout 1
    • Home – Layout 2

© 2022 Dejkala