Bad apps are found in the PyPI repository, six backdoors are used in a gang’s cyber attacks, a new botnet is found, and more
Welcome to Cyber Security Today. It’s Wednesday, August 10th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Ten malicious software packages have been found in the PyPI repository of applications used by Python language application developers. The discovery was made by researchers at Check Point Software. Open source code repositories like PyPI and NPM are increasingly being targeted by threat actors who want to push their malware into the software supply chain to multiply its impact. Usually the goal of infected code is to steal developers’ data and login credentials, which can be leveraged against the organizations that install the finished software. One problem is that PyPi users often automate the downloading of updates of packages they use without scanning them for malware. Many of the malicious packages found by Check Point spoofed the names of legitimate packages. The discovery is another reminder that developers can’t simply trust code on repositories. And it’s a reminder to those managing open source code repositories to stiffen security so real packages can’t be compromised and phony ones can’t be uploaded. Recently GitHub’s NPM began new user login and publishing controls to enhance security.
A China-based threat group is believed to be tailoring phishing messages to install six different backdoors in government agencies and companies in Russia, Ukraine, Belarus and Afghanistan. Researchers at Kaspersky made the discovery. While the attackers haven’t hit Canada or the U.S., defenders here may be interested in their tactics. The goal seems to be espionage. The attackers appear to have carefully researched target organizations before sending employees emails with infected Microsoft Word attachments. The initial malware gathers general information on the infected computer which leads to the downloading of backdoors. From there the attackers spread malware to other systems, eventually taking control of an organization’s domain controller. That allows them to search for and exfiltrate documents.
A new family of internet-of-things malware and a related botnet have been discovered. Researchers at Fortinet say the malware has the ability to expose login credentials with brute-force attacks on servers using the secure shell protocol. Victim organizations are believed to be in the U.S., Taiwan, South Korea and other countries. The researchers dub this malware family RapperBot. It heavily re-uses parts of the Mirai botnet source code, but with some differences. So far those behind this effort seem interested only in collecting more compromised servers. Since its primary way of spreading is brute forcing SSH credentials, this threat can be mitigated by setting strong passwords for devices or disabling password authentication for SSH where possible.
Last month I reported the FBI warned firms not to fall for realistic deepfake video calls. Threat actors are appearing on online job interviews with faked images of talking people generated by real-time artificial intelligence software. The threat actor answers questions, with the software changing the face of the online image to make it seem like the image is talking. How can you discover a fake? By asking the person to turn sideways. That’s according to an article by researchers at Metaphysic, a software company that sells a platform to create AI-generated content. They say the current generation of facial alignment software can’t accurately create a person’s profile from a straight-on image. That may change with a new generation of applications. But for now, when in doubt ask a person you’re chatting with on a video call to turn completely sideways. The artifacts may give away that the image is fake.
Finally, yesterday was the monthly Patch Tuesday, when Microsoft, Adobe and some other major software companies released application updates. Individuals should have Windows updates installed automatically, but it doesn’t hurt to check your computer. IT departments should prioritize updates based on their environments. The latest Windows updates fix some critical vulnerabilities.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.