Friday Five 4/2
Hacking team-ups, Turing Award winners, and scammers targeting universities - catch up on all of the week's infosec news with the Friday Five!
1. US to publish details on suspected Russian hacking tools used in SolarWinds espionage by Sean Lyngaas
US officials are expected to release a report detailing the hacking tools used by Russian spies in the campaign that targeted SolarWinds. The “malware analysis report” will spotlight eighteen pieces of malicious code that were used to exploit SolarWinds software in a breach that affected over one hundred companies and nine government agencies. The report will hopefully shed more light on how SolarWinds was breached and comes after President Biden pledged to respond to the hacking campaign. The malicious code disclosed so far runs the gamut, including a backdoor, web shell, and fake Windows software. Ultimately, the report will help organizations remediate malicious artifacts in their network.
2. Turing Award Goes to Creators of Computer Programming Building Blocks by Cade Metz
This week, Alfred Aho and Jeffrey Ullman won the Turing award for their work on the fundamental concepts that underpin computer programing language. Specifically, they helped refine the compiler, a tool that helps translate software into something that computers can understand. Without effective compiling, it would be far more difficult to write computer code. For example, without their work, we would not be able to write an app for our phones or have modern smart technology inside of our cars. The pair have achieved so much in the field and the award, known popularly as the Noble Peace Prize of Mathematics, is more than well deserved.
3. Google: North Korean hackers are targeting researchers through fake offensive security firm by Charlie Osborne
A North Korean hacking group is again targeting security researchers, this time by creating a fake offensive security firm. Google TAG, who specializes in tracking the behavior of APT groups, have been paying special attention to the Lazarus group since they were observed creating fake profile across social media earlier this year. The fake profiles were created to establish credibility when reaching out to security researchers. According to the latest report, this strategy has evolved into creating a fake offensive security company called SecuriElite with matching social media profiles and a PGP key, which likely leads to a page where a browser-based exploit will deploy. Security researchers should be on the lookout for SecuriElite or anything similar as they continue to get targeted by APT groups.
4. Hacker team-ups pose 2021 threat to financial industry, group cautions by Tim Starks
A report this week laid out the scenario that banks could be threatened by the convergence of nation-states and criminal hackers. The report from the Financial Services Information Sharing and Analysis Center (FS-ISAC) also warned of supply chain risks and cross-border attacks. It also expects the technique of ransomware operators leaking partial data to incentivize victim payments to continue. Potential collaboration between criminals and nation-states could come in the form of selling initial access or tools. Finally, the warning anticipates that new attack methods deployed in local targeted ways should be treated by researchers as harbingers for future global attacks.
5. Scammers target universities in ongoing IRS phishing attacks by Sergui Gatlan
The IRS issued a statement this week that cyber criminals are impersonating the IRS in ongoing phishing attacks targeting educational institutions. The attacks are focusing on those with .edu email addresses and use tax refunds as bait. Users should be on the lookout for phishing messages that contain “Tax Refund Payment” or “Recalculation of your tax refund payment” in the subject line. About 5,000 to 50,000 targets have received emails that have slipped through Office 365 security. The phishing email directs users to a page that looks identical to an IRS page where they are asked to put in personal information to claim a refund. The story is a reminder of the importance of staying vigilant and not providing personal information to anyone that you can’t independently verify is legitimate.