Millions of routers are at risk of attack, and hackers supported by North Korea are invading the United States and Britain ｜ November 19 global network security hotspot

Safety information report

Hackers deploy on e-commerce servers Linux Malware and web browsers

Security researchers found , The attacker injected a credit card thief into the website of the online store , Also deployed on infected e-commerce servers Linux back door .

PHP Encoded web browser （ A script designed to steal and disclose customer payments and personal information ） Added and disguised as /app/design/frontend/ In folder .JPG image file . The attacker uses this script to download and inject a fake payment form into the checkout page displayed to the customer by the hacked online store .

Attackers start with automated e-commerce attack detection , Test dozens of weaknesses in common online store platforms . In a day and a half , The attacker found a file upload vulnerability in a plug-in in the store . He then uploaded a webshell And modified the server code to intercept customer data .

News source ： 

https://www.bleepingcomputer.com/news/security/hackers-deploy-linux-malware-web-skimmer-on-e-commerce-servers/

come from Netgear、Linksys、D-Link Millions of routers are at risk of malware attacks

A new malware attack targets millions of popular routers . Security researchers have discovered something called BotenaGo Of malware , It has a strong impact .

BotenaGo Malware is designed to exploit up to... Across different router brands and IOT devices 33 A loophole .

The working principle of the malware is to create a back door on the router and wait patiently for an attack . It lurks in the dark alleys , When a device wants to use a port 19412 Crossing the alley , It will attack .BotenaGo Then it is mounted on the device to penetrate the network and steal personal information . If your router or IoT The device is infected BotenaGo, Criminals may use them for botnet attacks against websites or as a delivery system for spam . Cyber criminals behind malware may change payloads , And in the future BotenaGo For other malicious purposes .

Affected routers include ：

• DrayTek Vigor2960
• D-Link DIR-645 The cable / wireless router
• Net piece WN604、WNAP210v2、WNAP320、WNDAP350、WNDAP360 and WNDAP660
• Net piece R6250 and DGN2200
• GPON Home router
• Linksys X3000
• D-Link DIR-610
• Comtrend VR-3033
• AC15 AC1900
• ZTE F460 and F660

AT&T Of Alien Labs explains ,BotenaGo Just a bigger one “ Malware suite ” Part of , Just a module of the infected machine . The best defense against this malware attack is to ensure that your router has been updated with the latest firmware . You should also ensure that the operating system and applications of the device are updated .

News source ： 

https://www.komando.com/security-privacy/router-malware-attack/816140/

Hackers backed by North Korea are said to be modifying malware to invade the United States 、 Britain and other countries

allegedly , A new hacker group backed by North Korea is modifying malware to attack the United States and other countries . Safety company Proofpoint Is the first to recognize the rise of TA406 Companies engaged in malicious activities of cyber criminal groups .

The agency added , The network attacker has connections with other hackers , especially TA406、TA408 and TA427. On the other hand ,Proofpoint The latest security report also provides the difference between these emerging hackers . Malware is being used in different ways to destroy the systems of various government agencies and independent organizations .

according to Bleeping Computer The latest report of , new T406 Malicious attackers are considered to be state supported cyber attackers , It uses custom malware tools against the UK 、 South Africa 、 India 、 France and other countries , Especially in the United States .TA406 Considered to involve various malicious activities , For example, intelligence gathering 、 Blockchain theft 、 Phishing activities and malware distribution .

News source ： 

https://www.techtimes.com/articles/268203/20211118/north-korea-backed-hackers-allegedly-modify-malware-breach-uk-countries.htm

Security vulnerabilities threaten

The United States 、 Cybersecurity agencies in the UK and Australia have urged key infrastructure organizations to patch up Microsoft and Fortinet Vulnerabilities in the product

“ At least since the 2021 year 3 Since the month ,FBI and CISA It has been observed that this is caused by APT Organize the use of Fortinet Vulnerability and at least self 2021 year 10 Since Microsoft Exchange  ProxyShell Loophole , To obtain initial access to the system before subsequent operations , Including the deployment of ransomware ,” The agencies jointly released a consultation report on Wednesday .

before , Iran's network activities are more closely related to regional forces and their geopolitical goals . for example , After the trump administration withdrew, Barack · After President Obama brokered a nuclear deal and assassinated a senior Iranian general , Officials expect espionage , And prepare for retaliatory attacks . But last year 9 month ,FBI and CISA Warning , Iran may begin to use its capabilities to improve its financial situation through blackmail software operations .

With the Biden administration implementing the global inter agency cooperation strategy to combat extortion Software , A new joint consultation will be released soon . And Iran is on the agenda. The last time, Vice Minister of Finance Wally Adeyemo In the course of Israel's efforts to achieve this goal .

“APT The attackers are actively targeting a wide range of victims in several key infrastructure sectors in the United States , Including the transportation department 、 Health care and public health sector , And the Australian organization ,” The consultation said .“ fbi 、 The CIA 、 The Australian cybersecurity centre and the UK National Cybersecurity centre assessment participants focused on exploiting known vulnerabilities rather than targeting specific sectors .”

Marked in the announcement Fortinet and Microsoft Exchange Vulnerabilities are listed in hundreds of directories of known vulnerabilities that are being actively exploited .CISA Just two weeks ago, the catalog was released with binding operating instructions and a deadline to fix them .

The three fixes listed in the catalog Fortinet The deadline for the vulnerability is next year 5 month . repair Microsoft Exchange The deadline for the vulnerability is 11 month 17 Japan .

News source ： 

https://www.nextgov.com/cybersecurity/2021/11/governments-warn-iran-targeting-microsoft-and-fortinet-flaws-plant-ransomware/186917/

APT Organize the use of FatPipe VPN Medium 0Day The vulnerability lasted six months

This vulnerability allows the use of the file upload function in the device firmware and the installation of a device with root Access rights are based on Web Of shell.

The FBI found a APT Organize the use of FatPipe MPVPN Zero Day vulnerability in network devices to destroy the company's computer system and access its internal network .

At least since the 2021 year 5 Since the month , Criminals have been taking advantage of FatPipe MPVPN Loopholes in . This vulnerability allows an unnamed hacker organization to use the file upload function of the device firmware to install a root The powers of the webshell.

Attack only against FatPipe MPVPN equipment , But this vulnerability also affects other products , Include IPVPN and WARP. They are different types VPN The server , Companies are installed on the periphery of their corporate networks , It is used to provide employees with access to Internet Remote access to internal applications , Act as a hybrid between network gateway and firewall .

just as FBI Pointed out , The zero day vulnerability found does not have its own CVE identifier .FatPipe A patch and additional information about the vulnerability have been released . According to experts ,0Day The vulnerability can be used to overwrite the configuration file of the affected device , Enable attackers to take full control of unprotected systems .

There is about 800 platform FatPipe MPVPN The device is connected to the network .

News source ： 

https://www.securitylab.ru/news/526675.php

Manage network security vulnerabilities in artificial intelligence

The vulnerability of artificial intelligence system is obvious ： In the field of speech recognition , Research has shown that it can generate audio that sounds like machine learning algorithms but is not human . There are several examples of using human imperceptible disturbances to trick an image recognition system to incorrectly recognize an object , Including in safety critical environments （ For example, road signs ） in . A team of researchers tricked three different depth neural networks by changing one pixel of each image . Even if the opponent cannot access the model or the data used to train it , An attack can also succeed . Perhaps the most terrible thing is ： In a AI Vulnerabilities developed on the model may apply to multiple models .

With the integration of artificial intelligence into business and government functions , The consequences of the vulnerability of this technology are significant . Just as the US air force is in charge of intelligence 、 monitor 、 Mary, deputy chief of staff for reconnaissance and network effects operations · As Lieutenant General O'Brien recently said ,“ If our adversary injects uncertainty into any part of the AI based process , We are very interested in what we hope AI What we do for us , We were a little overwhelmed .”

therefore , Policies and plans to improve network security should explicitly address the unique vulnerabilities of AI based systems ; The policy and structure of AI governance should clearly include network security components .

First , A set of network security practices related to vulnerability disclosure and management can contribute to artificial intelligence security . Vulnerability disclosure refers to researchers （ Including independent security researchers ） Discover network security vulnerabilities in products and report them to product developers or suppliers, as well as technologies and policies for developers or suppliers to receive reports of such vulnerabilities . Disclosure is the first step in vulnerability management ： Priority analysis 、 The process of verification and remediation or mitigation .

Although initially controversial , But vulnerability disclosure schemes are now common in the private sector ; Within the federal government , Cybersecurity and Infrastructure Security Bureau (CISA) A binding directive was issued , Enforce these instructions . In the whole field of network security , There is a dynamic —— Sometimes it's turbulent —— The ecosystem of white hat and grey hat hackers ; Vulnerability bounty program service provider ; Responsible disclosure frameworks and initiatives ; Software and hardware suppliers ; Academic researchers ; And government initiatives aimed at vulnerability disclosure and management . be based on AI/ML The system should be mainstreamed as part of the ecosystem .

Considering how to AI Security is integrated into vulnerability management and broader network security policies 、 Plans and initiatives , There is a dilemma ： One side ,AI Loopholes should have been incorporated into these practices and policies . just as Grotto、Gregory Falco and Iliana Maifeld-Carucci National Institute of standards and technology (NIST) As argued in the comments on the drafted AI risk management framework , AI issues should not be isolated in a separate vertical policy . Unless otherwise proved , Otherwise, AI risks should be seen as an extension of the risks associated with non AI digital technologies , Measures to address AI related challenges should be seen as an extension of efforts to manage other digital risks .

On the other hand , For a long time , Artificial intelligence has always been considered outside the existing legal framework . If AI is not specifically mentioned in the vulnerability disclosure and management plan and other network security activities , Many people may not realize that it is included .

To overcome this dilemma , We believe that artificial intelligence should be assumed to be included in the existing vulnerability disclosure policies and the development of network security measures , But we also suggest , At least in the short term , Revise or explain the existing network security policies and measures , To explicitly cover vulnerabilities in AI based systems and their components . Final , Policy makers and IT Developers will AI The model is seen as another type of software , Because all software has vulnerabilities , And it deserves equal attention in the network security work . However , Before we get there , It is necessary to explicitly recognize artificial intelligence in cyber security policies and initiatives .

In an urgent federal effort to improve cyber security , There are many moving parts related to artificial intelligence . for example ,CISA It can be declared that its binding instructions on vulnerability disclosure include artificial intelligence based systems . President Biden's executive order on improving national cyber security NIST Develop guidelines for the federal government's software supply chain , In particular, it is pointed out that such guidelines should include standards or standards related to vulnerability disclosure . This guide should also refer to artificial intelligence , And will be in accordance with the government procurement software executive order No 4(n) The language of the contract specified in clause . Again , Strive for software bill of materials (SBOM) Develop basic elements , among NIST stay 7 Month took the first step , Should be developed to solve AI System problems . Office of management and budget (OMB) Former president trump should be implemented 2020 year 12 The executive order on promoting the use of trusted artificial intelligence in the federal government issued in June , The order requires agencies to identify and evaluate their use of AI , And replace 、 Cancel or deactivate any existing unsafe and unreliable AI applications .

AI is late for network security , But I hope I can make up for the lost land quickly .

News source ： 

https://www.lawfareblog.com/managing-cybersecurity-vulnerabilities-artificial-intelligence