Cyberbit Identifies New Code Injection Technique used by Malware

The security company Cyberbit has identified three cases of a new code injection technique, dubbed “Early Bird”. The name of this technique is based on how the different malwares that utilize it operate. The malware will inject malicious code into a legitimate suspended process on the victim’s computer and then make a call for the operating system to run the process, which executes the malicious code. This allows the malware to run it’s commands under the cover of a program the system already trusts.

What makes this technique unique though is that the malware using Early Bird will load it’s malicious code early on in the initialization of a process. Because of this, most anti-malware programs are unable to detect the malicious code in time to prevent it from executing. Because of the API calls the technique makes use of, malware that can take advantage of this code injection is limited to affecting hosts running the Windows operating system.

The Early Bird code injection technique was found in several samples of malware, the most notable of which is a backdoor called “TurnedUp“, accredited to the Iranian hacker group APT33. Other malware discovered to be using this technique include a variant of banking malware known as “Carberp”, and “DorkBot“, a general purpose malware that can download instructions for conducting bot-net style attacks and stealing user passwords.

Sources:

-Alex Noel

Pompeo Discusses Cyber Security at the State Department

Former Secretary of State Rex Tillerson eliminated the cyber security position at the State Department about one month ago. Tillerson eliminated this position in hopes to form “a bureau focused on economic and business affairs.” This act disappointed many members of the US government, and eventually resulted in President Trump replacing Tillerson with the current CIA director Mike Pompeo. John Sullivan will serve as Secretary of State until the US Senate confirms Pompeo’s approval.

Shortly after President Trump fired Tillerson, the CIA began to put more resources into cyber security. Last Thursday, CIA Director Mike Pompeo said, “I can only say that, every element of government has a piece of its cyber duty. It’s one of the challenges that is so deeply divided, that we don’t have a central place to do cyber work.” Many believe the removal of the cyber security position at the State Department foreshadows the US not engaging in foreign affairs with cyber security. Fortunately, numerous state officials have insisted that cyber security remains a top priority at the state department. Pompeo has not given any information to his decision on the cyber security position.

-Spencer Fleming

Source : http://thehill.com/policy/cybersecurity/382882-pompeo-pressed-on-plans-for-cyber-at-state

New Laws for Security in the UK Energy Industry

Due to the rapid development and advancement of technology, laws have had a hard time keeping up with modern practices and problems. Increasingly more industries have started to include some connection to the Internet of Things, thus providing more opportunities for hackers to attack. One such industry is the energy industry. Currently, the UK is in the process of developing laws to ensure a certain amount of security is implemented by energy companies. These laws will require that the energy companies put particular measures in place in order to protect sensitive personal data. One aspect of these laws is that the process for reporting a company’s compliance will be more involved, and require the company to show how they are meeting the requirements, not just say that they are. Consequences of not complying with these regulations will be in the form of fees based on either a flat rate or an amount based off of their global turnover depending on the size of the company.

While this does place more burden on the companies in terms of forcing them to invest in security properly, one aim of these laws is actually beneficial to them. These laws aim to increase public trust in industries using network connections. This past year, the UK has seen a great increase in attacks compared to previous years, which has taken a toll on the confidence the public has in online security. Therefore, this law hopes to help push companies to increase their protection and save them from attacks which will not only lead to stolen customer data but also to a drop in public confidence.

~Rebecca Medina

Source: http://www.powerengineeringint.com/articles/print/volume-26/issue-2/features/the-cybersecurity-laws-you-must-know.html

Firefox Master Password Security Issues

A lot of people use the save password feature in browsers so that they don’t have to be bothered to enter their passwords on websites they visit often. Firefox offered users the option of implementing a master password, so that the user would need to enter that password in order to use their bank of saved passwords.

What was just brought to light is that Firefox uses a very low standard of encryption that can be cracked in just a few seconds if the hash is found. SHA-1 hashes were used, which are very insecure as they are easily broken. Although a salt was used, according to the article, 1 iteration count is considered very low, and makes it easy for hackers to obtain the master password through brute force. For comparison, the article provides information that 10,000 iterations is considered the minimum acceptable value, and other password managers, like LastPass, use 100,000 iterations.

What is strange is that someone reported this bug nine years ago, and the Mozilla team just never fixed the issue. They did not provide a reason that they did not fix it, but used the chance to generate excitement for its upcoming password manager called Lockbox. According to the post on the bug report, a solution of switching to the Argon2 library for hashing passwords would be more secure than SHA-1, but based on the above comments it does not seem like Mozilla wants to invest any resources into fixing this issue. In order to protect themselves, users can stop using the Firefox password saving feature and turn off their master password and store their passwords in a third party password manager, such as KeePass, 1Password, Enpass or LastPass.

– Justin Stein

Source: https://www.bleepingcomputer.com/news/security/firefox-master-password-system-has-been-poorly-secured-for-the-past-9-years/

Iranian Hackers Target US Professors

On March 23rd the Justice Department charged nine Iranians with multiple counts of identity theft and conspiracy to commit computer intrusions.  The main targets of the attack were professors at both US and foreign universities. Also targets were several US and European based private companies as well as multiple government agencies. The hackers were accused of being affiliated with the Mabna Institute and acted under behest of an Iranian intelligence agency. The attorney who brought the case claims that the Mabna Institute may seem legitimate, but that it only exists for the sole reason of stealing scientific resources from around the world. They used phishing emails that appeared to come from other universities to target more than 100,000 accounts belonging to professors worldwide and compromised about 8,000. They also compromised at least 37 US based companies, 11 based in Europe, and at least 5 government agencies including the Labor Department, the Federal Energy Regulatory Commission, and the UN. With this attack dating back to 2013, the hackers were able to steal more than 31 terabytes of information, worth about $3 billion in intellectual property. The justice department has recently said that the nine hackers are still at large.

–  Owen Ryan

Sources:

https://www.cnbc.com/2018/03/23/us-indicts-iranian-nationals-in-iran-government-backed-scheme-on-us-universities.html

https://www.wired.com/story/iran-cyberattacks-us-universities-indictment/