al3x@wannaCYbeR(security)~$ echo "Issue \x0E"
Alessandra ?? Perotti
Malware Reverse Engineer + Cyber Threat Intel Analyst @ CVS Health | Threat Researcher | GREM | GCIH | GIAC Advisory Board
Greetings, fellow cyber people, and welcome to the fourteenth issue of wannaCYbeR, a weekly newsletter dedicated to those who are just starting in cybersecurity. This week, we have some news on the ransomware gang front as well as interesting malware twists, so let’s dive in.
Conti “DisCONTInued”?
Based on what was reported by Yelisey Boguslavskiy from Advanced Intel , the Conti ransomware gang shut down its infrastructure last week:
“[FLASH] #Conti Officially DisCONTInued
Today the official website of Conti #Ransomware was shut down, marking the end of this notorious crime group; it is truly a historic day in the #intelligence community,” he tweeted .
It seems like the Tor administrative panels used by the group for news publishing and to conduct negotiations have been turned off, even though the operation’s data leak and ransomware sites are still active.
“While it may seem strange for Conti to shut down in the middle of their information war with Costa Rica, Boguslavskiy tells us that Conti conducted this very public attack to create a facade of a live operation while the Conti members slowly migrated to other, smaller ransomware operations,” BleepingComputer reports.
Moreover, “instead of rebranding as another large ransomware operation, the Conti leadership has instead partnered with other smaller ransomware gangs to conduct attacks,” giving smaller gangs a lot of new power and expertise.
Malware Hiding in Plain Sight
If you are an ethical hacker, do you ever check the code from Proof of Concepts you find online before trying it out? I know it can be tempting to “just run it” to see if it works, but how can you learn if you don’t know how the exploit works? Plus, did you know you could be a target yourself? Last week, researchers reported that a Github repository was hosting pieces of malicious software targeting Windows vulnerabilities that had been disguised as exploits.
“Threat intelligence company Cyble has analyzed the fake PoC exploits and determined that threat actors were likely using them to target members of the infosec community. The company also found posts on cybercrime forums discussing the exploits,” SecurityWeek reported.
Not so Private, DuckDuckGo?
DuckDuckGo, the browser and search engine notorious for its pledge to privacy allows Microsoft to track people’s IP addresses when they click on an ad on third-party websites “ for accounting purposes.” When using the DuckDuckGo app on iOS and Android phones, as reported by the security researcher Zach Edwards, “you'll see that DDG does NOT stop data flows to Microsoft's Linkedin domains or their Bing advertising domains.”
“And you can see proof that the DuckDuckGo team *knows* that Microsoft's domains are crossite tracking vectors @ https://raw.githubusercontent.com/duckduckgo/tracker-radar/main/domains/US/bing.com.json - that's the DDG feedback loop to help them populate blocklists,” he says in the following tweet.
DuckDuckGo’s CEO Gabriel Weinberg responded to the researcher on Twitter confirming everything: “For non-search tracker blocking (eg in our browser), we block most third-party trackers. Unfortunately, our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.”
领英推荐
Bugs Never Get Old: Beware of Malicious PDFs
A recent phishing campaign is leveraging a 22-year-old bug to spread the Snake Ketlogger through a malicious PDF, as researchers with HP Wolf Security have discovered and ThreatPost reported. The malware – an information stealer that saves user credentials, screenshots, keystrokes, and clipboard data – is delivered through a PDF attachment that prompts the user to open a .docx file embedded in the PDF as an object. At that point, a .rtf file containing malicious shellcode is downloaded from a web server and run in the document.
Meme of the Week: Right Meow!
Special of the Week #1: Free SANS ICS Summit + CTF
Whether your goal is to get into ICS security or not, the SANS ICS Summit happening on June 2nd and 3rd will surely be an event full of amazing insights and panelists. Everyone can attend the event virtually for free. “At this year’s ICS Security Summit, you’ll have the chance to learn, connect, and share with thousands of cybersecurity professionals. In-depth talks and interactive panel discussions deliver proven advances and approaches that make a real difference for the individuals leading this fight every day,” we read on the Summit’s website. Keep in mind that, even if you won’t be able to catch all the panels live, by signing up you’ll get access to the full videos on demand, which are usually posted on the SANS website one or two days after the event.
On June 1st, there will also be a free CTF event hosted by SANS and Dragos focused on “analyzing logic files, logs, network traffic, ICS protocols, digital forensic artifacts, and more to analyze attacks against an in-depth ICS range.”
Sign up for the Summit and the CTF
Special of the Week #2: Free Reverse Engineering and Assembly Course
When I started my cybersecurity journey, I’d have never thought to end up here. In fact, it took me a little while to find my place in this slice of the world and understand where I’m headed. When I played for the first time with a piece of malware from an analysis perspective, I knew this would be my path. Because it’s complicated and tricky, and that’s why I like it.
I’m also incredibly lucky to be surrounded by amazing people. People who have been guiding me in this journey with patient advice and long chats: when I asked one of my cyber friends where could I go to learn Assembly and reverse engineering, he didn’t have any doubt and pointed me to the excellent free and comprehensive Reverse Engineering tutorial that includes that covers? x86, x64, 32-bit ARM & 64-bit ARM architectures, put together by Kevin Thomas . The material is available online as well as in downloadable PDF format.
If you’re new to hardcore computer science like I am, you might have to integrate some concepts with other reading or video material, but that’s the beauty of teaching yourself something as complex as reverse engineering: having fun following the white rabbit wherever it leads you!
That's all for this week. If you enjoyed the newsletter, please feel free to share it with your connections. Do you know of a great piece of content I should include? Don’t be shy, reach out!
P.S. In case you were wondering, I don't receive any compensation or sponsorship for the content I share. I do it just because I love to nerd out with other people on topics of common interest.