VMware report finds more than half of Cobalt Strike users are using the tool illicitly

PALO ALTO, Calif., February 09, 2022--(BUSINESS WIRE)--As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attackers ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads.

Today, VMware, Inc. (NYSE: VMW) released a threat report titled "Exposing Malware in Linux-based Multi-Cloud Environments."(1) Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include:

Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments;

89 percent of cryptojacking attacks use XMRig-related libraries; and

More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly.

"Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible," said Giovanni Vigna, senior director of threat intelligence at VMware. "Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access theyre looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems."

As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools.

Story continues

Ransomware Targets the Cloud to Inflict Maximum Damage

As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipelines networks and caused a nationwide gasoline shortage in the U.S.

Cryptojacking Attacks Use XMRig to Mine Monero

Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect.

Cobalt Strike Is Attackers Remote Access Tool of Choice

In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible.

VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises.

"Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities," said Brian Baskin, manager of threat research at VMware. "The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface."

Download the full report here.

Methodology

The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning.

TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021.

About VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the companys 2030 Agenda. For more information, please visit http://www.vmware.com/company.

Sources & Citations

Exposing Malware in Linux-Based Multi-Cloud Environments, VMware, February 2022

Global Security Insights Report, VMware, June 2021

View source version on businesswire.com: https://www.businesswire.com/news/home/20220209005064/en/

Contacts

Kerry TuttleVMware Global Communicationsktuttle@vmware.com (470) 247-1987

Go here to see the original:
Cybercriminals Target Linux-based Systems With Ransomware and Cryptojacking Attacks - Yahoo Finance

The real estate sector has transformed over the past decade with a younger crowd looking to the internet to make the first step towards buying a home or property. In order to stay competent and relevant, it is important for the real estate sector to adopt new technologies. Cloud technology is the right path for those looking to build an online presence with the help of marketing. Thanks to the pandemic, as per latest research a massive 80% of top real estate companies have switched their operations to Cloud in one form or another. It could be lead management, customer relationship management and more.

Heres how Cloud Computing can help the Real estate Sector:

1. Cost-effective

Real estate sector is depending on IT more day by day. But having an in-house infrastructure can be highly expensive since it will involve hiring resources, maintaining server and infrastructure costs. But migrating to a cloud can keep the costs to a minimum. The infrastructure used for cloud is that of the service provider, it offers pay-as-you-go model.

2. Remote Accessibility

Cloud enables files to be accessible from anywhere and on any device as long as you have a working internet connection. This will certainly help in the real estate sector when you are carrying out a client visit which will help showcase your recent work or upcoming projects as reference. All the necessary information will be at your fingertips. Cloud also enables staff to be more productive by overcoming any disruptions that can happen when physical meet is not possible during the pandemic. In such situations, having cloud accessibility makes it faster to communicate to clients in real time.

3. Increased Security

IT security is a major concern for most businesses. Implementing a robust security can be both expensive and challenging if you have limited budgets. Opting for cloud can help resolve this since cloud service providers utilize most advanced tools to protect data and deploy next-gen firewalls with intrusion and malware protection to keep cybercriminals away from servers and data.

4. Data Insights

Data is an integral part of decision making in providing insights that can help improve productivity, cost effectiveness, marketing, web design and more. Cloud technology helps analyze data and centrally manage data by providing insights needed to drive business forward.

It helps map customer journeys across all touchpoints ensuring that communications are consistent. The data also can help pinpoint poorly performing pages so that quick comebacks can be done such that customers stay on page for longer duration and this in turn helps gain advantage over competitors.

5. Superior Customer Experience

As per latest research, 86% of customers are willing to pay more if they are offered better customer experience. Migrating to the cloud provides an added advantage in providing excellent customer experience not only swiftly but cost effectively too. Using cloud helps businesses provide information to both buyers and sellers without having to visit the premises physically. To take cloud usage to the next level, some of the real estate agents even offer financial calculation tools, virtual tours, online form fills, customer service chatbots, omnichannel messaging etc. This helps buyers and sellers make an informed decision and in the long run foster strong relationships that lead to better reviews and online reputations.

6. Timely Upgrades

With cloud computing, the real estate sector does not have to worry about software upgrades.

The latest updates are generally taken care of by cloud service providers. This definitely leads to saving on investments that needs to be done towards maintaining servers, infrastructure that comes with on-premises servers.

7. Data Recovery

Data loss in the case of cloud is very minimal as cloud service providers store all the data in the cloud. In case of emergencies, there is no threat to data loss. SMEs generally cannot afford to make huge investments in terms of allocating budgets towards expensive disaster recovery systems. Cloud computing has definitely helped these businesses to thrive by providing cloud-based storage solutions that help safeguard their data.

8. Better Control of Data

Before the advent of cloud, employees had to send files back and forth before zeroing in on the final document. This would definitely lead to errors and reduced accuracy. With multiple versions of the file being tossed back and forth, it would be confusing. However, with cloud computing, multiple users can access the same file from different locations and suggest changes in real time leading to reduced error rate.

9. Enhanced Collaboration

Improving collaboration across teams and taking your business on international platforms, overcoming geographical barriers and time zones can be easily handled through cloud computing. Teams from different parts of the world can access the same document form anywhere and collaborate to perform better and in a more time-efficient manner.

10. Disaster Management and Mitigation

Cloud-based technologies are expected to only increase in disaster mitigation and management. The losses incurred by the real estate sector because of natural disasters or other calamities have been an area of concern for quite some time. With cloud-based technologies, disaster management can be handled better and more efficiently not only saving lives but minimizing the cost of repair and maintenance.

The rapid rate at which cloud technology is growing, it has become imperative that all sectors adopt the latest technology to meet the heightened expectations of consumers. Real Estate sector will need more agile environments to function better. To stay competitive and relevant, it is now more than essential to move to faster technology like cloud to achieve business continuity as well as meet customer expectations. Compared to 2020, the use of cloud computing increased by 41% in the real estate industry. The job opportunities are also booming because of the integration of cloud technology making way for new opportunities like Virtual Valuation Advisor, Virtual Leasing Manager which is of great help during the pandemic. Cloud is definitely the way to move forward for any sector, especially in the real-estate sector.

Views expressed above are the author's own.

END OF ARTICLE

See the rest here:
Future of Cloud Computing for Real Estate - The Times of India Blog

Although we highly value the privacy of our personal information, very few of us actually bother to read the terms and conditions or privacy agreements thoroughly when they sign up for cloud storage platforms, such as Microsoft OneDrive or Google Drive. Generally, users tend to trust that tech companies will always be morally upright and respectful of data privacy. Unfortunately, nothing could be further from the truth.

Did you know that terms and conditions often allow such platforms to view, use and sell everything you upload? The gold standard for privacy in cloud storage is zero-knowledge approach, which means that your provider doesnt store a copy of your encryption key, so the cloud storage service cant decrypt your files. However, did you know that neither Microsoft OneDrive nor Google Drive offer this?

Choose the right cloud storage ecosystem for you

Most personal and business data is now stored and accessed through offshore servers located in dedicated data centers connected over the internet. Cloud storage service providers differ in storage space, data encryption and server infrastructure. Google Drive offers the largest free plan and the cheapest paid cloud file storage, while OneDrive offers a secure folder locked by an extra level of two-factor authentication.

However, in comparison, Singapore-based Treasure Clouds technology promises that your privacy is never compromised. You might be pleasantly surprised to know that Treasure Cloud offers up to 800GB of free cloud storage space.

How your personal data is (ab)used in the small print

Googles attitude towards privacy has always raised eyebrows. Google Drives privacy policy states that it will collect the content you create, upload or receive from others when using our services and this includes emails, documents you create and comments you make on Google platforms like YouTube. Google states that it collects this data to provide better services as well as personalized ads, but it doesnt explicitly state that your sensitive data might be available to Google employees and algorithms. Also, its Google, so you just know its most likely tracking everything youre doing.

In comparison, Microsoft OneDrive is a little less intrusive. Its privacy policy states that it doesnt use what you say in email, chat, video calls or voicemail, or your documents, photos or other personal files to target ads to you no doubt to give users a false impression that they have some autonomy over their data. Nonetheless, its lack of zero-knowledge encryption means that Microsoft engineers can access your files whenever they want to.

By default, when signing into Windows with a Microsoft account, Windows has the ability to sync your settings and data with Microsoft servers containing information like your web browser history, favorites and sites you may have opened, along with saved app, website, mobile hotspot and Wi-Fi network names and passwords. However, users can deactivate this transfer to the Microsoft servers by changing their settings.

Microsofts updated terms also state that we collect basic information from you and your devices, including for example app use data for apps that run on Windows and data about the networks you connect to. It would thus seem that Microsoft is basically granting itself the right to collect all the data from your devices and then share it, as necessary.

Microsofts updated privacy policy not only trespasses personal privacy, but can also affect your right to free speech, as the company states: We will access, disclose and preserve personal data, including content of your emails, other private communications or files in private folders, when we have a good faith belief that doing so is necessary to, protect our customers or enforce the terms governing the use of the services. What does that even mean if it doesnt scream data manipulation? So much for transparency.

Your privacy is precious and so are your files

Real transparency starts with straightforward terms and policies that people can clearly understand, so that you and I know whats going on with our data. In a world where data is often used without meaningful consent, platforms like Treasure Cloud give control back to users. Treasure Cloud is designed specifically with such privacy invasion issues in mind. Treasure Cloud promises user privacy upfront and actually works to protect users from data manipulation, as it works seamlessly with other storage platforms you may already be using, as opposed to services like Google Drive and OneDrive that have been known to upload and use your scanned data for their own purposes.

Treasure Cloud offers client-side encryption for all files saved on its platform, so unlike other cloud storage providers, Treasure Cloud cant actually view or even open the data that you store on its platform. You are literally the only person who has access to your data, which might include sensitive recovery passwords.

There is no denying the fact that you have very little (if any) control over what such cloud storage companies can do with your data. With a provider like Treasure Cloud, you can rest assured that your data is completely secure and kept private, thanks to their zero-knowledge cloud storage and complete data encryption. Any data transferred from your existing accounts to your Treasure Cloud server becomes encrypted as well.

And theres more! Earn great incentives on Treasure Clouds referral program, such as an additional 10 GB of storage on top of your existing plan for every person who signs up when you refer friends to sign up for a storage plan too! Click here for more information on the referral program.

Sounds too good to be true? Learn more about internet security and their services on Treasure Clouds website or their blog.

Originally posted here:
What Are You Really Agreeing to in the Terms and Conditions for Google Drive and Microsoft OneDrive? - Coconuts

German enterprise software maker SAP and the US Cybersecurity and Infrastructure Security Agency have issued security advisories on Tuesday to warn SAP customers to install the companys February security patches as soon as possible in order to prevent the exploitation of a major vulnerability in a ubiquitous SAP component.

Tracked asCVE-2022-22536, the vulnerability was discovered by cloud security firm Onapsis and impacts the SAP Internet Communication Manager (ICM).

The main purpose of this component is to provide a working HTTPS web server for all SAP products that need to be connected to the internet or talk to each other via HTTP/S, meaning that if a vulnerability is present in its code, entire SAP products are exposed to attacks 24/7.

In areportpublished yesterday, Onapsis said that CVE-2022-22536 is one of those dangerous bugs, allowing attackers to use malformed packets that trick SAP servers into exposing sensitive data without the attacker needing to authenticate.

The attack, known as HTTP request smuggling, could be used to steal credentials and session information from unpatched SAP servers, even if servers are placed behind proxies, Onapsis said.

What makes these vulnerabilities particularly critical for SAP customers is the fact that the issues are present by default in the ICM component, researchers explained.

A simple HTTP request, indistinguishable from any other valid message and without any kind of authentication, is enough for a successful exploitation.

SAP patched the issueyesterday. CVE-2022-22536 is one of eight vulnerabilities that received a severity rating of 10/10 but is the one that CISA chose to highlight in its ownsecurity advisory, primarily due to its ease of exploitation and its ubiquity in SAP products.

According to SAP, known affected products include SAP WebDispatcher, SAP Content Server, SAP ABAP, and SAP NetWeaverone of SAPs most popular offerings.

According to aShodan search, there are more than 5,000 SAP NetWeaver servers currently connected to the internet and exposed to attacks, lest a patch is installed.

Since the ICM component may be active in other SAP product setups, Onapsis has also released aPython scriptso SAP customers can test their setups and see if they are vulnerable to attacks.

In ablog postyesterday, SAP Director of Security Response Vic Chung confirmed the severity of Onapsis findings and asked customers to apply the patches as soon as possible.

CISA warned that customers who fail to do so will be exposing themselves to ransomware attacks, the theft of sensitive data, financial fraud, and disruption or halt of business operations.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Read more:
CISA and SAP warn about major vulnerability - The Record by Recorded Future

Good morning, and welcome to Protocol Fintech. This Tuesday: crypto aims to self-regulate, Jamie Dimon throws shade, and Tezos teams up with Manchester United.

I dont get Jamie Dimon: The crypto-skeptic schtick (see todays Overheard) was cute a couple of years ago, maybe, but it seems increasingly bizarre that JPMorgan Chase is releasing JPM Coin while its CEO badmouths bitcoin. Wealth managers are giving customers access to crypto funds which Dimon is telling them are worthless. Even if you agree with Dimon, the hypocrisy here is a problem. At some point, something has to give: Either Dimons not really running the company and the board should notice that fact, or JPMorgan Chase doesnt believe in the products its selling. Or maybe all of the above.

Owen Thomas (email | twitter)

The crypto industry has wrestled with the reputation that it operates in a world of shady players. Now it wants the world to know that its going after the bad guys. Cryptos biggest players, including Coinbase, Circle and Anchorage Digital, just launched the Crypto Market Integrity Coalition, which is taking aim at manipulation and abuse.

The timing makes sense, given the drumbeat of news about hacks and scams, but its also bound to raise eyebrows.

Its an about-face on the idea that crypto facilitates crime. For years, crypto companies have downplayed the prevalence of criminal activity on the blockchain even when careful analysis showed billions of dollars in illicit transactions.

Crypto wants to show that it can clean up its own act. If this is going to be mainstream, the sector needs credibility, especially given the popular perception that there is a fair amount of fraud and shadiness going on, Stanford Graduate School of Business lecturer Rob Siegel told Protocol.

This is the thing you do when you see regulation coming around the corner, Alex Johnson, fintech research director at Cornerstone Advisors, told Protocol. Its a very common lobbying move, he said. You try to forestall or soften that regulation by voluntarily pledging to hold yourself to certain standards.

Ben Pimentel (email | twitter)

In the wake of the pandemic, 40% of banks have planned or launched their digital transformation strategy this year. But where to start? Here are 7 steps for financial institutions to begin or accelerate digital transformation.

Learn more

On Protocol: Google Cloud added a new security layer to combat crypto-mining attacks. After noting that cryptojacking has been on the rise for the past few years, the tech giant added a security protocol to detect takeovers of cloud servers by miners in an effort to protect customers.

DriveWealth, a brokerage startup backed by SoftBank, is getting into crypto trading. The company, valued at $2.85 billion, acquired Crypto-Systems, which will allow bitcoin and ether trading for the firms partners.

A Canadian group protesting COVID-19 mandates managed to bypass fundraising restrictions through bitcoin. After GoFundMe froze about $10 million Canadian dollars (about $7.8 million) in donations due to what the fundraising service said were violations of its terms of service, the group started accepting donations in bitcoin, raising about 8.8 BTC.

Cash App is now running on Lightning. Users can send bitcoin payments instantly and for free to anywhere that accepts Lightning. But there are some odd limitations: New York state residents cant use it, Cash App said on Twitter, and users cant receive Lightning payments.

Jamie Dimon still doesnt believe in bitcoin, and continues to throw shade. I dont call them cryptocurrencies, I call them crypto-tokens, because currencies have rules of law behind them, central banks and tax authorities, the JPMorgan Chase CEO said in an interview.

The FDIC is making crypto regulation one of its top five priorities. It is imperative that the federal banking agencies carefully consider the risks posed by these products and determine the extent to which banking organizations can safely engage in crypto-asset-related activities, acting Chairman Martin J. Gruenberg said in a press release.

The NFT market could face a wave of litigation, Jeff Gluck, CEO of CXIP Labs, told Cointelegraph: There are dozens of artists preparing lawsuits against OpenSea for selling infringing NFTs.

The rapid digitization of finance is creating both unprecedented challenges and opportunities for financial services firms. In this whitepaper, we go deep on common digital transformation pitfalls for financial institutions to avoid on the path to creating experiences that customers love.

Learn more

FTX acquired Liquid Group, a digital payments company. The crypto exchange giant will enter the Japanese market through Liquid Groups subsidiary, Quoine Corp., which was among the first crypto exchanges to register with the Japanese Financial Services Agency.

Tezos signed a deal with Manchester United for $27 million. The English football club will have Tezos logo on its training kits and shoot promotional videos for the crypto company.

Baby Doge signed a deal with another soccer team, TSG Hoffenheim. The memecoin has become an official partner of the German professional football club. NFTs are in the cards.

Qredo raised $80 million. The digital asset management firms series A round was led by 10T Goldings, bringing the firms valuation to $460 million.

Cart.com raised $240 million. The ecommerce companys latest funding round was led by Legacy Knight Capital Partners. Cart.com also acquired FB Flurry, a fulfillment and customer-care company, its ninth acquisition since its founding in 2020.

Vivid Money, a bank with a super app, raised $114 million. The challenger banks latest funding round was led by Greenoaks Capital, with participation from Ribbit Capital and SoftBank Vision Fund 2.

Polygon raised $450 million. The maker of technology for scaling Ethereum had Sequoia Capital India lead the round, with investments from SoftBank Vision Fund 2, Galaxy Digital and Tiger Global.

Fiserv acquired Finxact, a cloud technology and banking solutions company. The payments and financial services infrastructure company was an early investor, and will acquire the remaining stake for $650 million to accelerate its digital banking strategy.

Thanks for reading see you tomorrow!

Visit link:
Rug pulls, spoofing and wash trading: The crypto industry is trying to clean up its act - Protocol