Tag: Malware

Posted in Informational, Research, Topic, Vulnerabilities

Case Study: Stuxnet

Posted on by Steph

Enter the CyberWar

(A Day Late during to Travel)

If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.

Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.

Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.

Read more:

Posted in Informational, InfoSec History, Research, Vulnerabilities

There is no Safe Haven: Mac Attacks

Posted on by Steph

I was all set to write about an interesting job in infosec today and then I woke up and saw reports of a new attack: ‘Pacman’, being leveraged against Apple computers. This report got me thinking about a conversation I saw on Social media where a connection was asking about what laptop to buy. One of this person’s friends mentioned getting an Apple because they are ‘safer’ than Windows machines and ‘antivurs wasn’t needed’ (no one but us tech geeks recommend Linux it wasnt even in the running). I recall thinking that laypeople are just really unaware that Apple systems are getting targeted at higher rates in recent years . So here we are talking about Mac Attacks.

As a disclaimer I’ve got no real dog in whatever battle exists between OSes. As a tech-head I have systems that run Windows, MacOS, and several flavors of Linux. The job isn’t to safeguard a specific type of system it’s to safeguard them all.

We can say, oh MacOS and Linux OS distros have less know vulnerabilities or are attacked less often, but to say that one or the other doesn’t have any or doesn’t get attacked is untrue. All systems are opened to be attacked.

Some Recent Apple Malware:

  • Pacman
  • Silver Sparrow
  • XLoader
  • GoSearch22
  • Thiefquest

A more in depth look at some Apple vulnerabilities and malware can be found here or here.

I will always advocate for user to protect themselves. Defense in depth isn’t just for enterprises it also means that users shouldn’t assume that the systems are just inherently ‘safe’. When people say security is everyone’s business I can support that because your end security should be your business which includes setting precautions to overlap where initial software and hardware might fall short.

Posted in Informational, Labs, Simple Malware Analysis

Build a Lab with Me (#1)

Posted on by Steph

Write the Docs…

So, I’m a little bit of a tech hoarder.  I’ve got several raspberry pis, nucs, Mac minis, and a chrome box. I also have a switch to put pfsense on.  I’ve kinda got the hardware part down (tho I am looking for 1 more machine with 16gb or ram to complete my vision).

This being said I have a few things I want out of my lab environment:

  • Malware Analysis machine
  • Security Onion Analyst machine
  • Cyber Threat Intelligence Machine
  • Possible Forensic Analysis Station
  • Also want to have a pihole

I also know I want to mess around with Docker and Python although these don’t need their own environments the other three kinda do. This is especially true for malware Analysis machine which needs to be isolated as much as possible to prevent infection of other systems.

Draft Lab Documentation

The above is the draft documentation I cooked up to kinda of mimic inventory management. I also think if I’m going to have stationary ip addresses that this should be documented as well. I started having this info written out, but have also entered it into note-taking software. This is my attempt to be meticulous and intentional in this endeavor.

Posted in Informational, Simple Malware Analysis

Bazar Call Emails: More than a Scam

Posted on by Steph

This week I learned about Bazar Call /Bazarloader Malware. I had never heard of this malware campaign. Even when it was explained to me I didn’t think that it would have a high success rate, but doing more research it is really successful.

The whole cycle starts with an email one that often talks about the end of a free subscription or being charged for a renewal or the like. This email might not have any links or attachments, but will have a number for the recipient to call.

<sidebar: I’d always thought these types of emails had 1 purpose and that was to scam recipients by getting them to call and then getting them to divulge credit card information or other personal information…my viewpoint was limited .>

When the recipient calls to cancel or dispute the precieved charges they are directed by the ‘call center’ to a website and this website downloads bazarloader malware which can be a carrier for other malicious code like Trojans or Ransomware.

https://unit42.paloaltonetworks.com/bazarloader-malware/

So, I learned something new this week. I’m always amped when I learn something and I usually want to learn more about it. So, I’m doing more deep diving on Bazarloader and to see if there are other similar campaigns.

This whole thing also reinforced thinking outside the box when it comes to attacks. Often times, the simplest objective isn’t the true objective. Why hook a little phish when a marlin is out there like encrypting and ransoming an entire enterprise?

Also long story short, whether it’s a credit card scam or something more malicious, like this: don’t call random numbers in emails.

More readings on Bazar Call: