Cyber Security Today, August 10, 2022 – Bad apps found in PyPI repository, six backdoors used in gang cyberattacks, new botnet found and more
Bad apps are found in the PyPI repository, six backdoors are used in gang cyberattacks, a new botnet is found, and more
Welcome to Cyber Security Today. Today is Wednesday, August 10, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
Ten malicious software packagess were found in the PyPI repository of applications used by Python language application developers. The discovery was made by researchers at Check Point Software. Open source code repositories such as PyPI and NPM are increasingly targeted by threat actors who want to push their malware up the software supply chain to multiply their impact. Usually, the goal of infected code is to steal developers’ data and login credentials, which can be exploited against the organizations that install the finished software. One problem is that PyPi users often automate downloading updates to the packages they use without scanning them for malware. Many malicious packages found by Check Point have spoofed the names of legitimate packages. Discovery is another reminder that developers can’t just trust code on repositories. And it’s a reminder to those who manage open source code repositories to tighten security so that real packages can’t be compromised and fake ones can’t be uploaded. Recently, GitHub’s NPM launched new user login and post controls to improve security.
A threat group based in China is supposed to adapt the phishing messages to install six different backdoors in government agencies and businesses in Russia, Ukraine, Belarus and Afghanistan. Kaspersky researchers made the discovery. Although the attackers haven’t hit Canada or the United States, the defenders here may be interested in their tactics. The purpose seems to be espionage. Attackers appear to have researched target organizations carefully before sending emails to employees with infected Microsoft Word attachments. The initial malware collects general information about the infected computer, which leads to backdoor downloads. From there, attackers spread malware to other systems, eventually taking control of an organization’s domain controller. This allows them to search and exfiltrate documents.
A new family Internet of Things malware and an associated botnet have been discovered. Fortinet researchers claim that the malware has the ability to expose login credentials with brute force attacks on servers using the secure shell protocol. Victim organizations are believed to be in the United States, Taiwan, South Korea and other countries. Researchers call this malware family RapperBot. It heavily reuses parts of the source code from the Mirai botnet, but with some differences. So far, those behind this effort only seem interested in collecting more compromised servers. Since its primary means of spread is through brute forcing of SSH credentials, this threat can be mitigated by setting strong device passwords or disabling password authentication for SSH when possible .
Last month I reported that the FBI warned companies not to fall for realistic fake video calls. Threat actors appear in online job interviews with fake images of people talking generated by real-time artificial intelligence software. The threat actor responds to the questions, with the software modifying the face of the inline image to make it look like the image is talking. How to discover a fake? Asking the person to turn sideways. That’s according to a post from researchers at Metaphysic, a software company that sells a platform for creating AI-generated content. They say the current generation of facial alignment software cannot accurately create a person’s profile from a live image. This may change with a new generation of apps. But for now, when in doubt, ask someone you’re chatting with on a video call to turn completely aside. Artifacts may reveal that the image is fake.
To finish, Yesterday was the monthly Patch Tuesday, when Microsoft, Adobe and other major software vendors released app updates. Individuals should have Windows updates installed automatically, but it doesn’t hurt to check your computer. IT departments should prioritize updates based on their environments. The latest Windows updates fix some critical vulnerabilities.
That’s all for now Remember the links to the podcast story details are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.