Monthly Archives: April 2020

Add to favorites

Administrators should not assume that a modification is authentic simply because it appears to have occurred during a maintenance period.

As web shell attacks continue to be a persistent threat the U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have released a detailed advisory and a host of detection tools on GitHub.

Web shells are tools that hackers deploy into compromised public-facing or internal server that give them significant access and allow them to remotely execute arbitrary commands. They are a powerful tool in a hackers arsenal, one that can deploy an array of payloads or even move between device within networks.

The NSA warned that: Attackers often create web shells by adding or modifying a file in an existing web application. Web shells provide attackers with persistent access to a compromised network using communication channels disguised to blend in with legitimate traffic. Web shell malware is a long-standing, pervasive threat that continues to evade many security tools

A common misconception they are trying to dispel is that hackers only target internet-facing systems with web shell attacks, but the truth is that attackers are regularly using web shells to compromise internal content management systems or network device management interfaces.

In fact these types of internal systems can be even more susceptible to attack as they may be the last system to be patched.

In order to help IT teams mitigate these types of attacks the NSA and ASD have released a seventeen page advisory with mitigating actions that can help detect and prevent web shell attacks.

Web shell attacks are tricky to detect at first as they designed to appear as normal web files, and hackers obfuscate them further by employing encryption and encoding techniques.

One of the best ways to detect web shell malware is to have a verified version of all web applications in use. These can then be then used to authenticate production applications and can be crucial in routing out any discrepancies.

However the advisory warns that while using this mitigation approach administrators should be wary of trusting times stamps as, some attackers use a technique known as timestomping to alter created and modified times in order to add legitimacy to web shell files.

They added: Administrators should not assume that a modification is authentic simply because it appears to have occurred during a maintenance period.

The joint advisory warns that web shells could be simply part of a larger attack and that organisations need to quickly figure out how the attackers gained access to the network.

Packet capture (PCAP) and network flow data can help to determine if the web shell was being used to pivot within the network, and to where. If such a pivot is cleaned up without discovering the full extent of the intrusion and evicting the attacker, that access may be regained through other channels either immediately or at a later time, they warn.

To further help security teams the NSA has released a dedicated GitHub repository that contains an array of tools that can be used to block and detect web shell attacks.

Originally posted here:
NSA Web Shell Advisory and Mitigation Tools Published on GitHub - Computer Business Review

Bhubanesar: Odisha will invoke the National Security Act (NSA) for attacks against and dishonour of any doctor and healthcare personnel.

Prompted by attacks on health care professionals in Madhya Pradesh and elsewhere and the refusal to allow the burial of two doctors in Tamil Nadu, Chief Minister Naveen Patnaik promised to honour doctors and healthcare professionals who caught the virus and died doing their duty as martyrs.

In a recorded video released to the media, Patnaik also announced that families of any government doctor, healthcare and other personal who succumbed to Covid-19 would receive his or her salary until the date of retirement.

In the absence of any cure or vaccine those fighting the Covid19 war for us, doctors and healthcare professionals are taking a huge risk by putting themselves in the front. We have a rich tradition of honoring our brave hearts who fight for the country and acknowledge their supreme sacrifice. In the same spirit we propose to recognize and honor the valiant work being done by our Covid warriors, said Patnaik.

They will awarded belatedly on national days. A detailed scheme of awards is to follow. The Government of India had already announced Rs 50 lakh insurance cover for all doctors.

Read more:
Odisha to invoke NSA for attacks against doctors and healthcare personnel - Economic Times

Washington: The US Senate Intelligence Committee concurred with spy agencies' findings that Russia sought to boost now-President Donald Trump's 2016 campaign, according to a declassified bipartisan report.

Vladimir Putin tried to help Donald Trump win in 2016.Credit:AP

The report found that the Central Intelligence Agency, National Security Agency and Federal Bureau of Investigation had coherent and well-constructed grounds to conclude that Russian President Vladimir Putin aimed to undercut Trump's 2016 rival, Democrat Hillary Clinton.

Trump, who has consistently bristled at suggestions that foreign interference helped his upset 2016 victory, has sought to discredit the intelligence agencies' findings as the politically charged work of a "deep state." Russia has denied that it was behind any efforts to meddle in US elections.

The Senate report - the fourth of five chapters so far released - found that the CIA and FBI had high confidence in their findings that Russia was trying to boost Trump's chances, while the NSA was only moderately confident on that point.

View post:
CIA, FBI and NSA justified in view Putin aimed to help Trump: report - Sydney Morning Herald

With help from Eric Geller, Martin Matishak and Laurens Cerulus

Editors Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecuritys morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the days biggest stories. Act on the news with POLITICO Pro.

Coronavirus-themed cyberattacks show no sign of slowing, as federal agencies and companies explore whos vulnerable and whos responsible.

MC exclusive: An examination of cyber-related sanctions and indictments showed disparities across U.S. administrations and nations.

The NSA and an Australian spy agency warned about a kind of attack thats on the rise.

A message from Global Strategy Group:

What do Americans expect from corporate leaders as they respond to COVID-19? Who do they trust most? How and whether companies respond will have a lasting impact on their reputationand their bottom line. Download the full report here.

HAPPY THURSDAY and welcome to Morning Cybersecurity! Russian Doll was great but your MC host isnt sure what to make of this. Send your thoughts, feedback and especially tips to [emailprotected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

POLITICO Pro is here to help you navigate these unprecedented times. Check out our new Covid-19 Coverage Roundup, which provides a daily summary of top Covid-19 news coverage from across all 16 federal policy verticals as well as premium content, such as DataPoint graphics. Please sign up at our settings page to receive this unique roundup sent directly to your inbox every weekday afternoon.

Sign up for POLITICO Nightly: Coronavirus Special Edition, your daily update on how the illness is affecting politics, markets, public health and more.

EVER-EXPANDING Months into the Covid-19 crisis, were still learning more each day about the scope and innovation in coronavirus-themed attacks via the government agencies and tech companies fighting off the hackers.

IBM on pace and vulnerabilities: IBM says it has seen a 6,000 percent increase in Covid-19 spam from mid-March to mid-April. It also released a study today that suggests small-business owners and consumers could be the most vulnerable to scams where cyber criminals masquerade as the government. More than a third of those polled by IBM and Morning Consult said they expect emails from the IRS, despite years of the IRS and others warning that the agency wouldnt email anyone about their tax filings; over half said they would click on links or attachments in emails about stimulus checks. And just 14 percent of small-business owners said they felt very knowledgeable about relief loans. Palo Alto Networks also provided some figures on coronavirus-related scams Wednesday.

DOJ on takedowns, Google on nation-state hacking: DOJ said Wednesday that law enforcement, cybersecurity companies and website operators have taken down hundreds of domains that were using the coronavirus crisis for fraud. Not coincidentally, some of the ones identified by the FBI mimicked the IRS relief payment portal. And, according to Google, federal employees have been targets themselves of coronavirus-themed phishing campaigns orchestrated by hackers backed by other nations; in total, more than a dozen such hacking groups have launched attacks that use Covid-19.

FireEye on Vietnam: Hackers linked to the Vietnamese government have been spear-phishing Chinese government agencies in an apparent effort to understand Beijings handling of the coronavirus pandemic, FireEye researchers said Wednesday. The malicious emails went to China's Ministry of Emergency Management and the municipal government in Wuhan, where the virus first emerged, according to FireEye, which attributed the activity to the Vietnam-linked group APT32. While targeting of East Asia is consistent with the activity weve previously reported on APT32, the researchers wrote, this incident, and other publicly reported intrusions, are part of a global increase in cyber espionage related to the crisis, carried out by states desperately seeking solutions and nonpublic information.

The spear-phishing campaign, which seems to have begun in early January, uses virus-related lures to entice victims into opening the infected attachments, which then deploy the Metaljack malware payload. FireEye spotted the same malware and command-and-control server in a phishing campaign in December likely targeting Southeast Asian countries.

The first malicious email that FireEye caught was dated Jan. 6, one week before Thailand reported the first infection outside China. Vietnam was [very] quick to respond to early reports of the disease, Reuters reporter Jack Stubbs pointed out. Maybe now we have an idea why. Vietnam has reported fewer than 300 coronavirus cases and no deaths.

FIRST IN MC: CYBER SANCTIONS AND INDICTMENTS The Trump administration in its first term has been far more aggressive in issuing cyber-related sanctions and indictments against China, Iran, North Korea and Russia than the Obama administration in its second term, according to an analysis and infographic out today from the Foundation for Defense of Democracies. President Donald Trump has issued 106 indictments and 110 sanctions, compared to 28 and five, respectively, from President Barack Obama from 2013 to 2016, the think tank found.

Across both administrations, the number of sanctions and indictments are applied inconsistently across nations. While North Korea is behind larger and more destructive attacks than Iran, North Korea has endured six total indictments and sanctions to Irans 30, the analysis and infographic concluded. Authors Trevor Logan and Pavak Patel explained that might be because North Korean hackers are more closely affiliated with their governments, whereas Iranian hackers arent exclusively loyal and therefore easier to name.

China more often faces indictments than sanctions. Logan and Patel wrote that may indicate that the United States is reluctant to issue sanctions against malicious Chinese actors due to the fear of escalation or economic retaliation against American companies. In contrast, the relative weakness of the Iranian, North Korean, and Russian economies means that Washington can act more freely without fear of blowback.

MALWARE IN A HALF SHELL The NSA and its Australian counterpart on Wednesday issued guidelines for detecting and defending against so-called shell malware, a tactic hackers are increasingly using in their operations. Web shells provide attackers with persistent access to a compromised network using communication channels disguised to blend in with legitimate traffic, the notice from NSA and the Australian Signals Directorate explained. The intelligence organizations suggested a defense-in-depth approach using multiple detection capabilities as the best way to both uncover and prevent the malware from wreaking havoc on systems, as well as tips on how to recover from such an attack. A critical focus once a web shell is discovered should be on how far the attacker penetrated within the network.

A message from Global Strategy Group:

New research from Global Strategy Group reveals the opportunities and risks facing corporate leaders as they respond to COVID-19.

A majority of Americans expect the private sector to play a major role, and people trust corporate leadership more than the White House.

But CEOs need to buck the existing perception that they are too focused on their bottom line and not enough on their employees.

Americans trust corporations in this moment and corporations can and must deliver. Companies will be defined later by what they do now, and the reputational costs could be high.

Download the full report today.

WHOS ZOOMING WHO Zoom announced stronger encryption and an array of additional security measures for version 5.0 of the video conferencing platform it rolled out on Wednesday. From our network to our feature set to our user experience, everything is being put through rigorous scrutiny, said Oded Gal, chief product officer of the company.

CZECHS TO WORLD: STOP ATTACKING HOSPITALS From our friends at POLITICO Europes Cyber Insights: The Czech Republic wants all countries around the world to pledge not to launch cyberattacks on hospitals and medical facilities. Thats according to its written feedback on a draft report on international norms for cybersecurity from the U.N.s Open-ended Working Group.

The rising number of cyberattacks on medical facilities worldwide reinforce the need for coordinated global action to protect [the] public health care sector from malicious ICT activities, the Czech proposal reads. Specifically, it wants the OEWG to endorse the idea to add medical services and medical facilities to a list of things that states are barred from attacking, as laid out in the U.N.s landmark 2015 deal on cyber norms.

Czech hospitals have been the targets of cyberattacks in the past month, and last week its government warned of more attacks, prompting the U.S. to threaten hackers with consequences.

Russias feedback for the draft said the application of international humanitarian law should be applied only in the context of a military conflict while currently the ICTs [information and communications technologies] do not fit the definition of a weapon. Moscow also slammed the mention of political attribution of cyberattacks, adding the report artificially exaggerated the importance of having NGOs and civil rights groups engage with the U.N. OEWG.

Member states feedback on the OEWGs draft report can be found here. Heres security researcher Lukasz Olejniks Twitter thread analyzing the papers.

TWEET OF THE DAY Only sharing this because of the good dog.

Alston & Bird announced a Women in Cyber network co-directed by partners Kim Peretti, co-leader of Alston & Birds cybersecurity preparedness and response team, and Amy Mushahwar, member of the firms privacy and data security and cybersecurity preparedness and response teams. Associates Emily Poole and Alysa Austin will support them.

The networks advisory board includes Jeannie McCarver, senior vice president for cybersecurity at U.S. Bank; Tracey Scraba, chief privacy officer at CVS Health; and Jennifer Martin, global cybersecurity counsel at Verizon Media.

Motherboard: Researchers revealed some iPhone zero day exploits.

ZDNet: Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak.

NBC News: The leaked data on employees of the World Health Organization and others was likely from previous breaches.

Kaspersky released a survey on corporate security and employee privacy.

The Voting Village's Jake Braun and Synack's Mark Kuhr talked election security.

Good news about the number of ransomware attacks on governments, health care providers and educational organizations in the first quarter, via Emsisoft.

Thats all for today.

Stay in touch with the whole team: Eric Geller ([emailprotected], @ericgeller); Bob King ([emailprotected], @bkingdc); Martin Matishak ([emailprotected], @martinmatishak); and Tim Starks ([emailprotected], @timstarks).

Here is the original post:
The reach of cyberattacks related to Covid-19 - Politico

Jabalpur, Apr 24 (PTI)A trainee IPS officer testedpositive in Jabalpur district of Madhya Pradesh on Friday, ahealth official said.

The officer had earlier caught a NSA detainee, aCOVID-19 patient, in neighbouring Narsinghpur district when heescaped from hospital.

The IPS official himself was found to have contractedvirus on Friday, said District Chief Medical and HealthOfficer M K Mishra.

A 25 year-old man and his 58-year-old father werebooked under the National Security Act (NSA) after theyallegedly hurled stones at a policeman in Chandan Nagarlocality in Indore on April 7.

The young man escaped two weeks ago from JabalpurMedical Hospital. The trainee IPS officer had gone tocatch him.

The NSA detainee''s 58-old father who had beenimprisoned at Indore Central Jail tested positive on April 14.

He is being treated in Indore. Indore Central Jailauthorities suspect that because of him a warder and six otherprisoners caught infection. PTI COR LAL MASKRK KRK

Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: PTI

See the rest here:
Trainee IPS officer tests positive for coronavirus in MP - Outlook India

By Sajjad Hussain

Islamabad, Apr 24 (PTI) The Pakistan Army on Friday said it is using all its resources to help combat the coronavirus and also helping in maintaining quarantines on the border with Iran and Afghanistan.

Military spokesman Major General Babar Iftikhar addressed the media after the Armys top brass'' meeting that discussed internal and external security situations in the wake of threat by the virus.

The spokesman said that the coronavirus outbreak in Pakistan was still under control but warned that the epidemic could peak in the coming weeks. He said that the Pakistan Army was using its all resources to help combat the pandemic that has infected over 11,000 people and killed over 230 people.

Iftikhar said that it was decided to implement smart lockdown to target areas which showed maximum cases of virus.

A smart lockdown and testing, tracing and quarantining will drive our efforts against Covid-19. We will have a targeted lockdown only for virus hotspots and clusters, he said.

He said Army troops would provide all help in ensuring the smart lockdown. He said all reservists of the Medical Corps were called on duty to increase the human resource in the fight against the disease.

He said the Army was also helping in maintaining quarantines on the border with Iran and Afghanistan. Both neighbouring countries of Pakistan have reported a number of cases of coronavirus.

The spokesman said that Pakistan Air Force and Navy were also helping the fight against the coronavirus.

He announced that any crew of the Pakistan International Airlines suffering from the coronavirus would be treated at military hospitals to keep the airline operational and expedite the evacuation of stranded Pakistanis globally.

The spokesman also accused India of attempting to link the coronavirus with Muslims and Pakistan.

India on Sunday trashed Pakistan Prime Minister Imran Khan''s comments alleging targeting of Muslims in the country in the backdrop of the coronavirus pandemic.

In New Delhi, External Affairs Ministry said the "bizarre comments" by the Pakistani leadership was an attempt to shift focus from the "abysmal handling" of that country''s internal affairs.

Pakistan''s coronavirus cases on Friday touched 11,155 after the country reported 642 new infections in the last 24 hours. The country has reported 237 deaths so far.

Highlighting the threat of the virus, Iftikhar said that next 15 days were very important and urged people to stay home and also avoid visiting mosques. PTI SH NSA AKJ NSA

Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: PTI

Read more here:
Pak Army says it is using all resources to combat coronavirus - Outlook India