Friday Five 1/29
Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week's infosec news with the Friday Five!
1. North Korea hackers use social media to target security researchers by Hannah Murphy
Google put out a warning this week that a North Korean hacking group was targeting cybersecurity researchers. The targeting involved hackers reaching out through fake personas on social media or email. The personas would then ask the researcher if they wanted to collaborate on a vulnerability research project. To gain access to researchers’ exploits for vulnerabilities, the projects in question would contain malicious code or the persona would try to steer the researcher to a compromised blog. Researchers should be on the lookout for suspicious messages and investigate whether they may have opened themself up to exploit.
2. 10-year-old Sudo bug lets Linux users gain root-level access by Catalin Cimpanu
A major vulnerability affecting Linux systems has been patched in Sudo, an app that is used to delegate root access to users. The bug allowed attackers to gain root access even through a low-privileged account. To make matters worse, compared to other Sudo bugs, this exploit was relatively simple and could be found in most default Linux and Sudo installs. As well, the bug has existed in Sudo code since July 2011 and thus impacts all Sudo versions from the last ten years. As always, users should patch as soon as possible, as millions of systems could be affected.
3. Emotet botnet disrupted after global takedown operation by Sergiu Gatlan
A joint effort between US and European law enforcement agencies has shut down the infrastructure of the botnet that cybercriminals use to deliver the Emotet malware. The infrastructure in question included hundreds of servers throughout the world, each serving a different function in the chain. With so many servers, some thought that it might be too big to bring down, which is what made this cross-continental effort so impressive. An interesting tangent of the operation is that now individuals can search whether or not their email was compromised and see what information, such as usernames and passwords may have been stolen by the group. Emotet has been a massive problem for years in cybersecurity and this operation is a big win for the industry and data security.
4. EU chief warns over 'unfiltered' hate speech and calls for Biden to back rules for big tech by Natasha Lomas
The European Union this week called on President Biden to draw up new rules to regulate the power of Big Tech and combat the spread of fake news online. The fear is that the unchecked power of Big Tech is hurting competition and encouraging the unrelenting spread of fake news, which is hurting our ability to have a functioning democracy. In the last few years, the EU has already taken the lead on data privacy and now hopes that the US will join. With a new administration in Washington, there may be movement on these issues and the prospect that by working together, the EU and the US can create new data protection and privacy rules to reduce fake news and protect consumers.
5. Arrest, Seizures Tied to Netwalker Ransomware by Brian Krebs
This week, US and Bulgarian authorities seized the dark web site used by the NetWalker ransomware group to publish stolen data. In connection with the operation, a Canadian national was charged with extorting more than $27M dollars through NetWalker. Netwalker operates as a ransomware as a service, which lets individuals use the malicious code as long as they receive a cut of any profit made with stolen information. The ransomware has been prolific over the last year, affecting everyone from hospitals to law enforcement. The news comes in the same week as the crackdown on the Emotet botnet as law enforcement steps up its efforts to fight cyber extortion.