Skip to main content
Tag

Hackers

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

By BlogNo Comments

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Endless bad news typically results in people becoming inured to it. The recent media 24-7 death counts on COVID-19 caused many people to switch off. It was just too much. Rating plummeted at CNN and other networks.

In IT security, there is a danger of the same thing happening with reports of flaws, bugs, zero-day attacks, ransomware heists, and breaches. Hardly a day goes by without a new one. Some are more virulent than others. But all gain some kind of coverage. It quickly becomes too much. People tend to gloss over it and worse, get on with business as usual.

At Syxsense, therefore, as a public-spirited gesture, we will quickly summarize some of the recent carnage into one short report. Yes, it is important to know what is going on and where to be vigilant. But most importantly, it is vital to know that something can always be done about it. Those enterprises that are the least prepared are the ones that suffer the most in dangerous times like these.

Recent Flaws and Breaches
Here is an incomplete list of some recent news on security issues:

JFrog Security Research identified hundreds of malicious packages designed to steal personally identifiable information (PII) in a large-scale typo-squatting attack from Azure users. A similar supply chain attack targeting German industrial companies such as Bertelsmann, Bosch, Stihl, and DB Schenker uses the npm repository to take control over infected machines.

A C programming library for IoT products has been found to be vulnerable to Domain Name System (DNS) cache-poisoning attacks. The bug generates incremental transaction identifiers in DNS response and request network communications. Patches are being developed to resolve these issues.
Google issued a supply chain attack warning about open-source software. Despite being a proponent of open source, Google voiced its support for the Package Analysis Project of the Open Source Security Foundation (OpenSSF). The goal is to automate the detection of malware introduced into popular open source repositories such as npm for JavaScript and PyPl for Python.

Plug-ins and extensions for content management systems (CMSs) are being increasingly used to hijack websites. Sucuri’s 2021 Website Threat Research Report called attention to potential issues with WordPress, Joomla, and Drupal due to vulnerable plugins and extensions.

Hackers are getting more patient. One group stayed inside a network for 18 months before striking – quietly waiting for the right opportunity. The group is known as UNC3524 also installs backdoors so normal security tools can’t completely eliminate it. If IT finds the malware and removes it, the bad guys can reinstall it almost immediately.

Phishing success continues. One criminal set up a website to look like a U.S. Department of Defense site and diverted $23.5 million to his bank account that was supposed to go to a jet fuel supplier. And an owner of a nail salon in California tricked a public school district in Michigan into wiring its monthly health insurance payment of $2.8 million to his bank account. Meanwhile, LinkedIn has emerged as the new favorite of scammers, according to Check Point. Apparently, more than half of all phishing attacks in one month used LinkedIn. The goal is to obtain login credentials and take it from there. And of course, phishing campaigns now seek to capitalize on the latest Ukraine news to tempt people to click on a malicious link or attachment. Finally, Phishing-as-a-Service has emerged to make it easy for non-technical criminals to profit from phishing scams. One group provides phishing services aimed at Coinbase, Netflix, Amazon, and eBay users.

Ransomware claims more victims. NCC Group reported that ransomware attacks increased 53% from the previous month with Industrials (34%), Consumer Cyclicals (21%), and Technology (7%) being the most targeted areas. Examples: Coca-Cola suffered a server breach and a hacking group claims it stole 161 GB of data. The FBI warned that the agriculture sector is suffering ransomware attacks timed to coincide with spring planting or fall harvesting periods.

Industrial control systems (ICS) are a new target. An FBI investigation found that custom tools now exist that can gain access to ICS platforms and supervisory control and data acquisition (SCADA). This particularly applies to programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers. If undetected, hackers could gradually work their way up the food chain and potentially take over control of an energy facility/

A Java vulnerability known as CVE-2022-21449 allows an attacker to intercept communication and messages that should have been encrypted, such as SSL communication and authentication processes. Fixes are now available.

Enhance Your Security Now
Perhaps the worst news among all this is that the above summary represents a small fraction of ongoing hacks, breaches, and vulnerabilities. Now is the time to upgrade your security profile by implementing automated tools. Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Syxsense Shines at the Stevies’ 2022 American Business Awards

By NewsNo Comments

Syxsense Shines at the Stevies’ 2022 American Business Awards

Syxsense has been honored at the Stevies’ 2022 American Business Awards across two categories.

Syxsense Honored at Stevies’ Awards

We’re excited to announce that Syxsense has been honored at the Stevies’ 2022 American Business Awards across two categories, highlighting our unique approach to unified endpoint security and IT management. This prestigious awards program recognizes the achievements and positive contributions of organizations and working professionals worldwide.

Syxsense Secure placed Silver in the Best Endpoint Security Management Solution category, with one judge calling it a “user-friendly solution to IT security management.” Another lauded Secure for its “promising customer reviews and performance metrics.”

Additionally, the Bronze for Best Emerging Technology went to Syxsense Cortex. Several judges praised Cortex, calling it one of the “better products they’d seen,” and shined a spotlight on its various features:

“The videos were beneficial to get a sense of the product. The product reviews are amazing… The workflow building and drag-and-drop UI helps differentiate the solution and move from IT administration to the emerging trend of IT orchestration.”

More than 3,700 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories. Over 230 professionals worldwide participated in the judging process to select this year’s winners.

To learn more details about the Stevies’ American Business Awards and see the complete list of 2022 winners can be found here.

||

President Warns of Russian Cyberattacks and Demands Greater Cybersecurity Preparedness

By Blog, NewsNo Comments

President Warns of Russian Cyberattacks and Demands Greater Cybersecurity Preparedness

President Biden issued a warning this week about the likelihood of attacks on U.S. government and corporate targets emanating from Russia.

Russian Cyberattacks on the Rise

President Biden issued a warning this week about the likelihood of attacks on U.S. government and corporate targets emanating from Russia.

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” he said.

Earlier announcements had mainly been about bolstering the cybersecurity profile of governmental agencies. However, this message took a different tone. It focused on the need for private organizations to increase their level of alertness and cybersecurity preparedness.

“But the Federal Government can’t defend against this threat alone,” said the President. “Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors. If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”

CISA Issues Urgent Cybersecurity Alert

Just before this announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up alert that included mitigation guidance for any suffering an attack, as well as laying the best practices noted by the President.

Such best practices include keeping patches up to date and scanning network and devices regularly for any signs of malicious or anomalous behavior.

As CISA said among its key guidelines:

  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.

Unfortunately, too many businesses either neglect these functions or let them fall behind. In a great many breaches, attackers take advantage of known vulnerabilities that organizations have failed to patch. In many other attacks, the signs of incursion are not difficult to spot. Yet absent or inadequate scanning fails to uncover them.

No one wants to experience a cyberattack. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date. Syxsense is the only product that combines automated patching, vulnerability scanning, and IT management.

||||||

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

By News, Patch TuesdayNo Comments

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

Syxsense's MDM solution broadens the reach of IT managers to mobile devices running iOS, iPadOS, and Android.

Mobile Device Management Added to Syxsense

ALISO VIEJO, Calif., March 29, 2022 /PRNewswire/ –– Syxsense, a global leader in IT and security management solutions, announced today the availability of their solution for Mobile Device Management (MDM).

Available immediately, the MDM solution from Syxsense is the first solution on the market that broadens the reach of IT managers to now include mobile devices running iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments.

The ongoing trend of remote and hybrid work models has increased the criticality of bringing mobile devices under the umbrella of IT managed security, both company issued as well as BYOD (bring your own device.) MDM is now recognized by analyst firm Gartner as a key requirement of an effective Unified Endpoint Management (UEM) strategy, which has seen a surge in investment recently. Gartner writes “UEM investment has grown in response to the greater acceptance of remote working and the requirement to manage, patch and support Windows 10 and macOS PCs as well as mobile devices, regardless of location.”

Syxsense’ MDM offering includes all the tools necessary to apply effective management to mobile endpoints, including Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe, making it possible for IT to wipe sensitive data from lost or stolen devices.

“The Syxsense approach of unifying management of all IT devices into a single console that spans device management, device security and vulnerability remediation, has resonated with our customers, and is the catalyst for our recent explosive growth,” explains Ashley Leonard, founder and CEO of Syxsense. “This industry-first ability to now manage mobile devices within the same platform and methodology as other IT assets has been hugely popular with our early adopters.”

Syxsense Mobile Device Management is available as an add-on module to Syxsense Secure, which already includes management and security tools for servers, desktops, laptops, and virtual machines. It will also be included in an upcoming release of a bundled offering targeted at enterprise customers who wish to manage the broad scope of their IT devices from within a single console.

Other Included Features

Syxsense has also released updates to their existing offerings to now provide integration with Active Directory (AD) allowing IT managers to manage on-premise AD devices from the cloud. Syxsense discovers devices as they are added to OUs (organizational units) and automatically applies the appropriate policies.

This union of Syxsense Cortex™ and AD enables cradle to grave lifecycle management based on OU membership, rather than having to manually apply tasks to new devices and is a huge time saver to the IT team.

Newly updated Syxsense Manage is now also the first patch management product on the market that offers active Patch Tuesday scheduling for phased deployments. The recurring windows are set relative to the moving target of the second Tuesday, making it easy to deploy new content automatically. Missing a deployment of Microsoft’s recommended patches is a major factor in unprotected or under-protected environments and leaves the door open for attack.

Syxsense products support iOS, iPadOS, Android, Windows Servers, Windows Desktop, MacOS devices, and a variety of Linux distributions, now also including the enterprise-friendly Rocky Linux.

Information and pricing on these new Syxsense products is available on the Syxsense website. Qualified customers are also able to schedule a personalized demo of the existing products and the new MDM module, and receive a $100 gift card in return, by registering here.

More Information

|||

WhisperGate and HermeticWiper: Critical Public Aware Vulnerabilities

By BlogNo Comments

WhisperGate and HermeticWiper: Critical Public Aware Vulnerabilities

WhisperGate, a new malware, is being used to target organizations in Ukraine and companies with connections to the country.

WhisperGate Malware Is Targeting Ukraine

The Microsoft Threat Intelligence Center (MSTIC) has disclosed that malware known as WhisperGate is being used to target organizations in Ukraine and companies with connections to the country. According to Microsoft, WhisperGate is intended to be destructive and designed to render targeted devices inoperable.

Additionally, several cybersecurity researchers disclosed that malware known as HermeticWiper was being used against organizations in Ukraine. According to SentinelLabs, the malware targets Windows devices only by manipulating the master boot record resulting in subsequent boot failure.

These attacks are not intended to be used to extract a ransom, but to cause the maximum IT outage possible in an organization, by turning all devices into expensive door stops.

The National Cyber Security Centre in the UK are not aware of any current specific threats to UK organizations in relation to events in and around Ukraine, but there has been a historical pattern of cyberattacks on Ukraine with international consequences.

Threat actors have deployed destructive malware, including both WhisperGate and HermeticWiper against organizations in Ukraine to destroy computer systems and render them inoperable.

A joint Cybersecurity Advisory (CSA) between the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) provided information on WhisperGate and HermeticWiper malware as well as open-source indicators of compromise (IOCs) for organizations to detect and prevent the malware.

This data has been provided to help secure the maximum number of organizations around the world.

Identifying WhisperGate

The following payloads are used to both infect and launch the WhisperGate attack. These are files which have known file hashes.

Even if the file name has changed, Syxsense can still detect this threat and keep your endpoints secure. The infection comes in 2 parts, first a stage file is copied to the PC which then launched stage 2 which causes the end result.

Name File Category File Hash
WhisperGate stage1.exe a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
WhisperGate stage2.exe dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

Identifying HermeticWiper

Any of the following payloads could be used to both infect and launch the HermeticWiper attack. These are files which have known file hashes, even if the file name has changed Syxsense can still detect this threat.

Similar to WhisperGate, these are files delivered initially as a Trojan, and from there it downloads and launches the sophisticated attack.

Name File Category File Hash
Win32/KillDisk.NCV Trojan 912342F1C840A42F6B74132F8A7C4FFE7D40FB77
61B25D11392172E587D8DA3045812A66C3385451
HermeticWiper Win32 EXE 912342f1c840a42f6b74132f8a7c4ffe7d40fb77
HermeticWiper Win32 EXE 61b25d11392172e587d8da3045812a66c3385451
RCDATA_DRV_X64 ms-compressed a952e288a1ead66490b3275a807f52e5
RCDATA_DRV_X86 ms-compressed 231b3385ac17e41c5bb1b1fcb59599c4
RCDATA_DRV_XP_X64 ms-compressed 095a1678021b034903c85dd5acb447ad
RCDATA_DRV_XP_X86 ms-compressed eb845b7a16ed82bd248e395d9852f467
Trojan.Killdisk Trojan.Killdisk 1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591
Trojan.Killdisk Trojan.Killdisk 0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da
Trojan.Killdisk Trojan.Killdisk a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e
Ransomware Trojan.Killdisk 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

Increase Your Endpoint Security with Syxsense

Using the power and intelligence of the vulnerability scanning engine within Syxsense Cortex, you can detect these malicious threats before it damages your devices.

You may configure the actions to keep your environment safe, such as simply deleting the file or to completely isolate the device from the network — this can stop a widespread attack in its tracks.  You decide on the risk you are prepared to take!

These can be found within the extensive library of security scripts under “WhisperGate” and “HermeticWiper.”

||

Why Hackers are Living the American Dream

By NewsNo Comments

Why Hackers are Living the American Dream

It appears that there is a new American Dream — hackers all over the world are enjoying riches by preying on U.S. businesses and consumers.

A New American Dream for Hackers

The American Dream has long been the ideal whereby anyone living in the country would enjoy equality of opportunity. Hard work would pay off in terms of achievement of aspirations and goals.

Before the USA even achieved independence, the promise of freedom lured many to the new world. But after the attainment of independence, the numbers began to rise dramatically.

Perhaps the greatest wave was around the end of the nineteenth and start of the twentieth centuries when approximately 23 million immigrants settled in the United States. Most came from Southern and Eastern Europe, as well as Scandinavia. They fled their homes due to political upheaval, religious persecution, and a lack of economic opportunities.

The USA represented the opposite – religious freedom, political stability, and plenty of opportunities to move up the economic ladder. To this day, people still flock to the country, hoping for a better life.

Attacks on the Rise

But now it appears that there is a new American Dream – hackers all over the world are enjoying riches by preying on U.S. businesses and consumers. According to security firm Surfshark, the U.S. ranks first worldwide in the number of data breach victims.

Hackers are targeting the nation for two reasons:

  1. The riches of the U.S. make it a high-priority target.
  2. Hackers are finding easy pickings among both the business and consumer markets.

The list shows the USA far ahead of other western nations. With 212.4 million reported and confirmed account breaches, it leaves the UK (16.89 million) and Germany (10.3 million) in the dust. However, there are a couple of anomalies on the list. Iran and India placed second and third, respectively. But overall, it is clear that hackers tend to target the nations with the deepest pockets – hence, the position of the U.S.

Over the past year, accounts breached across the world as a whole jumped by 3.4%. One in five people globally were hacked. Yet the number of affected accounts in the U.S. grew by a much higher rate. It surged by 22%, jumping from 174.4 million to 212.4 million. That trend serves to highlight the intention of hackers to encroach the highest value targets. The U.S. now totals almost a quarter of all accounts breached internationally.

Those hacked not only suffered financial damage courtesy of ransomware, and loss of data. They also had to deal with reputational damage due to private data being stolen or leaked.

Securing the Enterprise

With hackers clearly targeting American accounts, both business and personal, security protections need to be stepped up. This means:

  1. Implementing standard security practices and technologies such as firewalls, intrusion prevention/detection, anti-virus, anti-malware, ransomware protection, security information and event management (SIEM), endpoint protection, and more.
  2. Protecting data via backups and disaster recovery systems. The organization must have the ability to retrieve backup files in the event of a breach or recover rapidly from a disaster or other event.
  3. Patching all organizational endpoints, devices, and servers to eliminate weaknesses that can be exploited by hackers.

Syxsense takes care of number 3. It automates the entire patch management process, prioritizing and deploying patches across the enterprise.

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. It also incorporates vulnerability scanning to detect weaknesses that could lead to a ransomware attack if unmitigated.