Friday, January 26, 2018

It´s time to strength our immune system

In times of temperature change bacteria reproduce and the increase in bacteria can lead to a greater number of infections. Many doctors are very generous when prescribing antibiotics promoting its use. But many of them don´t know nature has an entire arsenal of plants that can help fight bacteria, even cure some minor infections. Acacia, Echinacea, Eucalyptus, Ginger ... are just some of the many examples that Mother Nature offers us. This week, in the cybersecurity world, we would have liked a small dose of an antibiotic to cure us of "cybernetic infections".

Precisely Wordpress, one of the most popular content managers of recent years, is the protagonist of the infection that we have discovered at the beginning of the week. Through a malware campaign called EvilTraffic, the criminals exploited some vulnerabilities of the CMS to load and execute arbitrary PHP pages used to generate revenue through advertising. Until now the number of infected websites reaches 18,100, the good news is that many have already been disinfected.

On the other hand, we know that any organization with a computer connected to the internet is at risk of cyberattacks. Given that the health sector is part of the critical national infrastructure, together with water, electricity and transport, it becomes an attractive target for cybercriminals. Health Southy-East RHF is the jewel in the crown when we talk about the health of Norwegians as it offers medical care to most of the Scandinavian nation. Criminals have seen a gold mine in this institution, which has suffered a massive theft of data that may have affected more than 5.5 million citizens or what is the same half of the Norwegian population. Norwegian health will need the occasional injection of cyber-antibiotics. 

What began as a malware that affected IoT devices earlier in the week has increased its reach and now includes within its focus the systems that run ARC processors. We speak of Satori malware, the authors of this type of malware have increased their bot groups for botnet attacks. The first version emerged in December 2017, we are already on the fourth variant of Satori and it is the first one that is specifically dedicated to the ARC chip sets. DDoS attacks can be used for other purposes such as distributing spam or storing web content for future phishing attacks. As IoT devices begin to age, it will be more and more difficult to protect them.

But when we say that Satori has been giving strong this week we mean that the thing did not end here. In the middle of the week we learned that Masura botnet came from the same creators of the Satori malware. In fact, this new variant comes in two stages, Masuta that affects the standard IoT approach of the tapping devices for the predetermined credentials and "PureMasuta", much more sophisticated that exploits an old network administration error. We must stop this diversified virus in some way.

This other "infection" is called Hide'N Seek (HNS botnet) and, although its name, is anything but friendly. This botnet spreads rapidly between unprotected IoT devices. This undesirable attack made its first appearance on January 10 and, although it disappeared a couple of days, has reappeared during this week. This "bug" uses advanced communication techniques to take advantage of the victim and build their infrastructure. Some good news followed this news, according to experts the HNS botnet is still in development and has not yet developed DDoS attack capabilities. Another positive fact is that once the device reboots, the malware disappears. Will a new strain appear?

Contrary to what happens in the health sector, in cybersecurity there are no natural remedies to combat botnets, malware or DDoS attacks. But something we must learn from natural antibiotics is that many of them strengthen the affected person's immune system. A strengthening of our defense system itself could prevent attacks. Do we start?


Post a Comment