Blog 

Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme

The important things to get out of this:

 

1. Make sure you access RDP login only after passing a VPN credential challenge.

 

2. Make sure to block those SPAM emails from your user community so they don't get sucked in to handing over credentials, or inadvertently running keylogger programs on their workstation.
 

 

3. Although they compromised one big player VPN server appliance there are thousands of others that aren't.
 

-Stu

 

 

The top three most popular intrusion methods include unsecured RDP endpoints, email phishing, and the exploitation of corporate VPN appliances.

 

RDP — number one on the list

 At the top of this list, we have the Remote Desktop Protocol (RDP). Reports from CovewareEmsisoft, and Recorded Future clearly put RDP as the most popular intrusion vector and the source of most ransomware incidents in 2020.

 

"Today, RDP is regarded as the single biggest attack vector for ransomware," cyber-security firm Emsisoft said last month, as part of a guide on securing RDP endpoints against ransomware gangs.

 

Statistics from Coveware, a company that provides ransomware incident response and ransom negotiation services, also sustain this assessment; with the company firmly ranking RDP as the most popular entry point for the ransomware incidents it investigated this year.

 

Further, data from threat intelligence company Recorded Future, also puts RDP firmly at the top.

 

"Remote Desktop Protocol (RDP) is currently by a wide margin, the most common attack vector used by threat actors to gain access to Windows computers and install ransomware and other malware," Recorded Future threat intel analyst Allan Liska wrote in a report published last week about the danger of ransomware to the US election infrastructure.

 

Some might think that RDP is today's top intrusion vector for ransomware gangs because of the current work-from-home setups that many companies have adopted; however, this is wrong and innacurate.

 

RDP has been the top intrusion vector for ransomware gangs since last year when ransomware gangs have stopped targeting home consumers and moved en-masse towards targeting companies instead.

 

RDP is today's top technology for connecting to remote systems and there are millions of computers with RDP ports exposed online, which makes RDP a huge attack vector to all sorts of cyber-criminals, not just ransomware gangs.

 

 

Today, we have cybercrime groups specialized in scanning the internet for RDP endpoints, and then carrying out brute-force attacks against these systems, in attempts to guess their respective credentials.

 

Systems that use weak username and password combos are compromised and then put up for sale on so-called "RDP shops," from where they're bought by various cybercrime groups.

 

RDP shops have been around for years, and they are not something new.

 

However, as ransomware groups migrated from targeting home consumers to enterprises last year, ransomware gangs found a readily available pool of vulnerable RDP systems on these shops -- a match made in heaven.

 

Today, ransomware gangs are the biggest clients of RDP shops, and some shop operators have even shut down their shops to work with ransomware gangs exclusively, or have become customers of Ransomware-as-a-Service (RaaS) portals to monetize their collection of hacked RDP systems themselves.

 


VPN appliances — the new RDPs

 

But 2020 has also seen the rise of another major ransomware intrusion vector, namely the use of VPN and other similar network appliances to enter corporate networks.

 

Since the summer of 2019, multiple severe vulnerabilities have been disclosed in VPN appliances from today's top companies, including Pulse Secure, Palo Alto Networks, Fortinet, Citrix, Secureworks, and F5.

 

Once proof-of-concept exploit code became public for any of these vulnerabilities, hacker groups began exploiting the bugs to gain access to corporate networks. What hackers did with this access varied, depending on each group's specialization.

 

Some groups engaged in nation-level cyber-espionage, some groups engaged in financial crime and IP theft, while other groups took the "RDP shops" approach and re-sold access to other gangs.

 

While some sparse ransomware incidents using this vector were reported last year, it was in 2020 when we've seen an increasing number of ransomware groups use hacked VPN appliances as the entry point into corporate networks.

 

Over the course of 2020, VPNs quickly rose as the hot new attack vector among ransomware gangs, with Citrix network gateways and Pulse Secure VPN servers being their favorite targets, according to a report published last week by SenseCy.

 

Per SenseCy, gangs like REvil (Sodinokibi), Ragnarok, DoppelPaymer, Maze, CLOP, and Nefilim have been seen using Citrix systems vulnerable to bug CVE-2019-19781 as an entry point for their attacks.Similarly, SenseCy says ransomware groups like REvil and Black Kingdom have leveraged Pulse Secure VPNs that have not been patched for bug CVE-2019-11510 to attack their targets.

 

 

Per Recorded Future, the latest entry on this list is the NetWalker gang, which appears to have started targeting Pulse Secure systems to deployt their payloads on corporate or government networks where these systems might be installed.

 

 

With a small cottage industry developing around hacked RDPs and VPNs on the cybercrime underground, and with tens of cyber-security firms and experts constantly reminding everyone about patching and securing these systems, companies have no more excuses about getting hacked via these vectors.

 

It's one thing to have an employee fall victim to a cleverly disguise spear-phishing email, and it's another thing not patching your VPN or networking equipment for more than a year, or using admin/admin as your RDP credentials.

 

 

 

 

 

 

 

 

 

Created byStu Wise · Aug 3, 2022 ·  0 ·  0 · open 

The new silent majority: People who don't tweet

Interesting news.

  • PEW showing the vast majority of people DON'T use Twitter.
  • Nielsen Media Research data showing although Fox News is the top rated news, 99% of people don't watch it.
  • CNN has worse numbers..CNN was in last place in total viewers
  • More people donated to charities than to political parties.

-Stu

 

from https://www.axios.com/political-polarization-twitter-cable-news-ac9699c6-260d-4141-b511-5c7193566ea1.html

Most people you meet in everyday life — at work, in the neighborhood — are decent and normal. Even nice. But hit Twitter or watch the news, and you'd think we were all nuts and nasty. 

 

Why it matters: The rising power and prominence of the nation's loudest, meanest voices obscures what most of us personally experience: Most people are sane and generous — and too busy to tweet. 

 

Reality check: It turns out, you're right. We dug into the data and found that, in fact, most Americans are friendly, donate time or money, and would help you shovel your snow. They are busy, normal and mostly silent.

  • These aren't the people with big Twitter followings or cable-news contracts — and they don't try to pick fights at school board meetings.
  • So the people who get the clicks and the coverage distort our true reality. 

 

Three stats we find reassuring:

  1.  75% of people in the U.S. never tweet.
  2. On an average weeknight in January, just 1% of U.S. adults watched primetime Fox News (2.2 million). 0.5% tuned into MSNBC (1.15 million).
  3. Nearly three times more Americans (56%) donated to charities during the pandemic than typically give money to politicians and parties (21%).
Created byStu Wise · Mar 9, 2022 ·  0 ·  0 · open 

Printers Add Secret Tracking Dots

Looks like only B&W printers might be safe? -Stu

 

Experts discovered something of interest: yellow dots in a roughly rectangular pattern repeated throughout pages printed on color printers. These yellow dots, magnified 60 times, were found on a Xerox printout. (Credit: Electronic Frontier Foundation)

 

 

Here they are on an actual printed document.



They were barely visible to the naked eye, but formed a coded design. They show up better under a blue led light.  After some quick analysis, they seemed to reveal the exact date and time that the pages in question were printed: 06:20 on 9 May, 2017 – at least, this is likely to be the time on the printer’s internal clock at that moment. The dots also encode a serial number for the printer.

The Electronic Frontier Foundation (EFF) maintains a list of colour printers known to use them. The images below, captured by the EFF, demonstrate how to decode them:




A statement from Electronic Freedom Foundation sums it up well:

Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable. Although we still don't know if this is correct, or how subsequent generations of forensic tracking technologies might work, it is probably safest to assume that all modern color laser printers do include some form of tracking information that associates documents with the printer's serial number.

(Added 2017) REMINDER:
IT APPEARS LIKELY THAT ALL RECENT COMMERCIAL COLOR LASER PRINTERS PRINT SOME KIND OF FORENSIC TRACKING CODES, NOT NECESSARILY USING YELLOW DOTS. THIS IS TRUE WHETHER OR NOT THOSE CODES ARE VISIBLE TO THE EYE AND WHETHER OR NOT THE PRINTER MODELS ARE LISTED HERE.


This is a partial list of printers that do this. Is yours on here?

brand       model
Brother    HL-4200CN
Brother    HL-2700CN
Canon    Imageclass MF8170C
Canon    Color Laser Copier 1150
Canon    Color imageRUNNER C3220
Canon    Color imageRUNNER C3200N
Canon    Color imageRUNNER C3200
Canon    Color imageRUNNER C3100CN
Canon    Color imageRUNNER C2570
Canon    CLC-iR 3200-C1
Canon    CLC 5000+
Canon    CLC 4000
Canon    CLC 3002
Canon    CLC 2400
Canon    CLC 1000
Dell    5100CN
Dell    3100CN
Dell    3000CN
Epson    AcuLaser C900
Epson    AcuLaser C4000
Epson    AcuLaser C3000
Epson    AcuLaser C1900
Epson    AcuLaser C1500
Epson    AcuLaser C1100
Hewlett-Packard    Color LaserJET 9500MFP
Hewlett-Packard    Color LaserJET 9500HDN
Hewlett-Packard    Color LaserJET 9500
Hewlett-Packard    Color LaserJET 5550DTN
Hewlett-Packard    Color LaserJET 5550DN
Hewlett-Packard    Color LaserJET 5550
Hewlett-Packard    Color LaserJET 5500HDN
Hewlett-Packard    Color LaserJET 5500DN
Hewlett-Packard    Color LaserJET 5500ATN
Hewlett-Packard    Color LaserJET 5500
Hewlett-Packard    Color LaserJET 5100CN
Hewlett-Packard    Color LaserJET 4700DTN
Hewlett-Packard    Color LaserJET 4700DN
Hewlett-Packard    Color LaserJET 4700
Hewlett-Packard    Color LaserJET 4650DTN
Hewlett-Packard    Color LaserJET 4650DN
Hewlett-Packard    Color LaserJET 4650
Hewlett-Packard    Color LaserJET 4600N
Hewlett-Packard    Color LaserJET 4600HDN
Hewlett-Packard    Color LaserJET 4600DN
Hewlett-Packard    Color LaserJET 4600
Hewlett-Packard    Color LaserJET 3700N
Hewlett-Packard    Color LaserJET 3700DN
Hewlett-Packard    Color LaserJET 3700
Hewlett-Packard    Color LaserJET 3600DN
Hewlett-Packard    Color LaserJET 3550
Hewlett-Packard    Color LaserJET 3500
Hewlett-Packard    Color LaserJET 2840
Hewlett-Packard    Color LaserJET 2700N
Hewlett-Packard    Color LaserJET 2680
Hewlett-Packard    Color LaserJET 2600N
Hewlett-Packard    Color LaserJET 2550N
Hewlett-Packard    Color LaserJET 2550L
Hewlett-Packard    Color LaserJET 2550
Hewlett-Packard    Color LaserJET 2500N
Hewlett-Packard    Color LaserJET 2500L
Hewlett-Packard    Color LaserJET 2500
Hewlett-Packard    Color LaserJET 1600
Hewlett-Packard    Color LaserJET 1550L
IBM    Infoprint Color 1464 PS3
Konica    Magicolor 7300
Konica    Magicolor 5450
Konica    Magicolor 3300
Konica    Magicolor 3100
Konica    Magicolor 2450
Konica    Magicolor 2430 DL
Konica    Magicolor 2400 W
Konica    Magicolor 2350 EN
Konica    Magicolor 2350
Konica    Magicolor 2300 W
Konica    Magicolor 2300 DL
Konica    Magicolor 2210
Konica    Magicolor 2200 DL
Konica    Ikon CPP500E
Konica    Colorforce 8050
Konica    Colorforce 1501
Konica    Bizhub C350
Konica    Bizhub C252
Kyocera    Mita KM-C2230
Kyocera    FS-C8008
Kyocera    FS-C5030N
Kyocera    FS-C5020N
Kyocera    FS-C5016N
Kyocera    C2630D
Lexmark    C912
Lexmark    C910
Lexmark    C760
Lexmark    C752N
Lexmark    C752
Lexmark    C510
Panasonic    Workio KXCL-500
Ricoh    Infotec/Danka ISC 2838
Ricoh    AP 206
Ricoh    Aficio CL 7000
Ricoh    Aficio CL 6010
Ricoh    Aficio CL 3000E
Ricoh    Aficio CL 3000
Ricoh    Aficio CL 2000
Ricoh    Aficio 1232C
Ricoh    Aficio 1224C
Samsung    CLP35
Samsung    C3210
Toshiba    FC70
Toshiba    FC25Pi
Toshiba    FC25P
Toshiba    FC22i
Toshiba    FC22
Toshiba    FC15i
Toshiba    FC15
Toshiba    eStudio 3511
Toshiba    eStudio 311c
Toshiba    eStudio 310c
Toshiba    eStudio 3100c
Toshiba    eStudio 211c
Toshiba    eStudio 210c
Toshiba    eStudio 2100c
Xerox    WorkCentre M24
Xerox    Phaser 790
Xerox    DocuColor 6060
Xerox    DocuColor 5252
Xerox    DocuColor 40
Xerox    DocuColor 3535
Xerox    DocuColor 2240
Xerox    DocuColor 2045
Xerox    DocuColor 2000
Xerox    DocuColor 1632
Xerox    DocuColor 1521
Xerox    DocuColor 12
Xerox    WorkCentre Pro (all
 

Created byStu Wise · Jan 2, 2022 ·  0 ·  0 · open 

What does each messaging app gather about you

Part of managing your private information is not only understanding WHICH messaging apps gather information on you, but WHAT those apps gather.

Here are four of popular messaging apps just to compare them....

Created byStu Wise · Dec 17, 2021 ·  0 ·  0 · open 

Google finally reveals the amount of data Gmail collects on iPhone


Wow! Damn interesting the amount of information Apple and Google are gathering on YOU.

Wouldn't be so bad if only *they* used the information, but under suboena the government can make your life a living hell.


In a nutshell:

  • Your purchases
  • Your travels
  • Your  email, phone numbers, addressess
  • Your friends and other people you have contact with
  • Your documents and spreadsheet content
  • Your searches
  • Your web browsing sites
  • Your usage habits on your phone, pc, and other devices

and something that is only called "OTHER DATA".

There are ways to break the connection with Google on your phone, but so far no way of doing this on Apple devices.

-Stu

 


 

 

Google finally reveals the terrifying amount of data Gmail collects on iPhone
 

  • Google has finally revealed the terrifying amount of data apps like Gmail and YouTube can collect from iPhone and iPad.
  • Google started submitting App Privacy labels for it some of its iOS apps after facing criticism that it delayed app updates to delay implementing the mandatory iOS 14 privacy features.
  • Both Gmail and YouTube collect plenty of user data for different purposes, including information used for third-party advertising purposes.

Apple’s new iOS 14 privacy features sent shockwaves through the advertising industry last fall when they started rolling out. Apple will not stop advertisers from tracking users across the web and services, but it now forces developers to indicate all the personal data an app can collect and the purposes for said data collection. iPhone and iPad will also force developers to ask for permission to track users across apps and services. Facebook’s massive attack on Apple in mid-December is proof that the privacy changes are a big deal for companies that make money off of highly personalized ads. Those ads are based on the data users allow Facebook, Google, and others to collect about them in return for free access to their services. It’s the kind of trade-off that works in the trade industry. But users might not be aware of the scope of the data they give third-parties access to. That’s where Apple’s App Privacy labels in iOS 14 will help.

 

Unlike Facebook, Google did not make a big deal about Apple’s privacy features. But the company did delay updating its iOS apps for well over a month. Those updates are finally coming in, with major iPhone apps like YouTube and Gmail having just received their first major updates in several weeks. Unsurprisingly, there’s a massive amount of information that Google can collect from iPhone users.

 

As with Facebook’s privacy labels, Google’s labels indicate that its apps will collect plenty of user data for several purposes. This includes third-party advertising, analytics, product personalization, app functionality, and — the most annoying one — other purposes. These categories also contain an “other data types” section that suggests the apps can collect even more information than they’re ready to disclose.

Gmail App Privacy Label
An App Store screenshot of Gmail’s summary App Privacy label in iOS 14. Image source: App Store

 

The following comparison shows that Gmail and YouTube do not collect the same information for advertising purposes. YouTube hoards plenty of additional information compared to Gmail. All that data is used for Google to sell better-targeted ads that bring in more revenue. However, Google often says that it doesn’t share any user data with advertisers, and that’s true. Google doesn’t hand others this personal information, but it uses it to allow companies to target specific categories of users with specific types of ads.

 

 
Gmail App Privacy Label
App Privacy labels App Store screenshots show differences between Gmail (left) and YouTube (right) for the “third-party advertising” section. Image source: Chris Smith, BGR

Again, there’s no problem with Google and Facebook collecting all that data, and iOS 14 will not stop any developer from tracking users as long as apps obey its privacy rules. The apps have to list the data they collect, and they’ll have to ask permission for tracking.

 

However, these privacy labels could help users make more informed decisions about what sort of information they’re willing to allow apps to collect.

YouTube App Privacy Label

An App Store screenshot of YouTube’s summary App Privacy label in iOS 14. Image source: App Store

 


 

Created byStu Wise · Feb 24, 2021 ·  0 ·  0 · open