Here is your weekly summary of news and other public coverage relevant to Vercara, the market leader in DNS, DDoS Mitigation, Web Application Firewalls, and Bot Management. Keep reading to learn about the week’s interesting and informative stories. To see all the OSINT reports, click here.
NOTE: Except where indicated, this report is released as TLP: CLEAR and items in it may be shared but not attributed to Vercara. For more information on the Traffic Light Protocol, the definitions and usage are at https://www.first.org/tlp/.
Behind the scenes: A brief overview of the DDoS attack on the Trump-Musk livestream.
(TLP: CLEAR) The blog post from Xlab provides an overview of a Distributed Denial of Service (DDoS) attack that targeted a livestream event involving Donald Trump and Elon Musk. The attack disrupted the broadcast, causing significant delays and interruptions. The post explains that the DDoS attack involved overwhelming the livestream’s servers with a massive amount of traffic, effectively shutting down the stream for viewers.
(TLP: CLEAR) Comments: The article details the technical aspects of the attack, including the methods used to generate the traffic and the challenges faced in mitigating such attacks. It also discusses the implications of the incident for online security and the steps taken to prevent similar disruptions in the future.
(TLP: CLEAR) Recommended best practices/regulations: NIST Cybersecurity Framework (CSF) PR.IR-04: “Adequate resource capacity to ensure availability is maintained.”
Businesses, particularly those located within NATO and allies, should maintain constant vigilance and regularly test and enhance their cybersecurity defensive capabilities, specifically DDoS mitigation strategies, architecture, monitoring, and procedures.
(TLP: CLEAR) Vercara: Vercara UltraDDoS Protect provides flexible, automated, and always-on protection across 15 Points of Presence (PoPs) and >15Tbps of DDoS mitigation capacity to enable customer availability and performance under even the largest and most complex DDoS attacks (layer 3 through layer 7). An automated intelligence feed that is constantly updating mitigation devices allows protection against emerging attack vectors and common attack sources.
Source: https://blog.xlab.qianxin.com/behind-the-scenes-a-brief-overview-of-the-ddos-attack-on-the-trump-musk-livestream-en/
New PEAKLIGHT dropper deployed in attacks targeting windows with malicious movie downloads.
(TLP: CLEAR) The Hacker News article discusses the emergence of a new malware variant known as “Peaklight” that has been observed in recent cyberattacks. Peaklight is a sophisticated dropper designed to deploy and execute additional malicious payloads on compromised systems.
(TLP: CLEAR) Comments: The article describes how Peaklight operates, including its ability to bypass security measures and evade detection. It highlights the tactics used by attackers to distribute Peaklight, which may involve phishing emails or other social engineering techniques. The piece emphasizes the importance of maintaining robust cybersecurity practices and staying vigilant against evolving threats to protect against such advanced malware.
(TLP: CLEAR) Recommended best practices/regulations: NIST SP 800-53 Rev5 SI-3: “MALICIOUS CODE PROTECTION
“Control:
“a. Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code;
“b. Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures;
“c. Configure malicious code protection mechanisms to: 1. Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more): endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and 2. [Selection (one or more): block malicious code; quarantine malicious code; take [Assignment: organization-defined action]]; and send alert to [Assignment: organization defined personnel or roles] in response to malicious code detection; and
“d. Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.”
NIST requires malware detection and prevention solutions. This can be on the device, as with anti-virus agents, but also can be augmented by Protective DNS provided by the network that the device is on or across the Internet. This provides defense-in-depth and support for devices such as Internet of Things (IoT) or some servers that cannot run an endpoint client.
(TLP: CLEAR) Vercara: Vercara’s Protective DNS solution, UltraDDR (DNS Detection and Response), enforces malware filtering as a network service using 4 distinct malware detection engines, including a dynamic decision engine that compares domain details, DNS query details, query answers, and other data points to determine if a domain is malicious before endpoints can be infected by them.
Source: https://thehackernews.com/2024/08/new-peaklight-dropper-deployed-in.html
New Qilin ransomware attack uses VPN credentials, steals Chrome data.
(TLP: CLEAR) The Qilin ransomware has the capability to steal sensitive data from web browsers, specifically Google Chrome. This includes extracting stored credentials, cookies, and browsing history, which can be used for further attacks or to blackmail victims. Once inside the network, the ransomware encrypts files on infected systems, rendering them inaccessible. It may also spread laterally within the network to maximize its impact.
(TLP: CLEAR) Comments: Following encryption, the attackers demand a ransom from the victim to restore access to the encrypted files. The ransom note often includes instructions for payment and threats of data leakage if the demands are not met. To defend against such attacks, the article suggests employing strong password policies, implementing multi-factor authentication (MFA), regularly updating software, and monitoring network activity for unusual behaviours.
(TLP: CLEAR) Recommended best practices/regulations: Cybersecurity & Infrastructure Security Agency #StopRansomware Guide: “Implement Protective Domain Name System (DNS). By blocking malicious internet activity at the source, Protective DNS services can provide high network security for remote workers. These security services analyze DNS queries and take action to mitigate threats—such as malware, ransomware, phishing attacks, viruses, malicious sites, and spyware—leveraging the existing DNS protocol and architecture.”
(TLP: CLEAR) Vercara: Vercara’s Protective DNS solution, UltraDDR (DNS Detection and Response), uses a multi-petabyte data lake filled with DNS query history and indicators of compromise from multiple Cyber Threat Intelligence (CTI) data feeds to correlate an incoming DNS query in realtime with previously-observed malicious activity. This ensures that users and devices only go to safe, policy-compliant Internet locations.
Source: https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html
New macOS malware “Cthulhu Stealer” targets Apple users’ data.
(TLP: CLEAR) The article on The Hacker News reveals the emergence of a new macOS malware called “Cthulhu Stealer.” This sophisticated piece of malware is designed to steal sensitive information from infected Mac computers.
(TLP: CLEAR) Comments: Cthulhu Stealer’s primary function is to exfiltrate various types of sensitive data, including login credentials, personal files, and other confidential information. The malware typically spreads through malicious downloads. These can include fake software updates, compromised apps, or pirated software. Users might unknowingly download and install Cthulhu Stealer by interacting with these malicious files or websites.
(TLP: CLEAR) Recommended best practices/regulations: NIST Cybersecurity Framework (CSF) DE.CM-01: “Networks and network services are monitored to find potentially adverse events”
One of the ways to detect phishing, malware droppers, and command and control (C2) is at the network level. Intrusion Detection Systems (IDS), Intrusion Detection Systems (IPS), and next-generation firewalls can be used with a protective DNS solution to detect these malicious activities as they traverse the network, even if the initial infection occurs via physical media or on another network such as a hotel or airport.
(TLP: CLEAR) Vercara: Vercara’s Protective DNS solution, UltraDDR (DNS Detection and Response), supports 24 distinct detection engines to provide Defense in Depth against malware, phishing, and other abuses:
- The Lists Engine allows UltraDDR customers the ability to bring their own block lists and allow lists for FQDNs, domains, IP addresses, CIDR blocks, and registrars.
- The Categories Engine uses Vercara-provided Cyber Threat Intelligence feeds in 17 categories. Administrators can enable blocking on a category with just one button click.
- The Decision Engine uses a multi-petabyte adversarial infrastructure data lake and artificial intelligence techniques to determine if a previously unseen or recently changed domain is malicious in nature.
- The Ruleset Engine allows administrators the ability to build custom rules to augment and extend the other engines of UltraDDR.
Source: https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html
Chinese hackers exploit zero-day Cisco switch flaw to gain system control.
(TLP: CLEAR) The vulnerability in question is a zero-day flaw in Cisco’s software, which means it was unknown to Cisco and the public until it was exploited. The flaw allows unauthorized access and control over affected systems. This affects Cisco’s Secure Email and Web Manager (SEWM) and Secure Firewall (ASA) platforms, which are critical components in network security infrastructure.
(TLP: CLEAR) Comments: The exploitation of this zero-day could lead to significant data breaches, including access to sensitive information within targeted networks. The potential impacts include loss of data integrity, compromise of confidential communications, and disruption of network operations. Cisco has released a patch to address the vulnerability and mitigate the risk. The company has urged all affected users to apply the security updates immediately to protect against further exploitation.
(TLP: CLEAR) Recommended best practices/regulations: NIST Cybersecurity Framework (CSF) PR.PS-05: “Installation and execution of unauthorized software are prevented”
By enforcing a content filtering policy to block typical software download sites in addition to hacker tools and P2P services, organizations reduce the amount of malware and trojan horses that are introduced into their organization unknowingly by their users. This can be done via a protective DNS or forward web proxy solution with website categories feeds.
(TLP: CLEAR) Vercara: Vercara’s Protective DNS solution, UltraDDR (DNS Detection and Response), supports 2 modes of onboarding DNS queries and protecting endpoints from phishing and malware: forwarding from an on-network resolver such as a firewall or Active Directory domain controller or via an endpoint client that captures and forwards DNS queries to UltraDDR’s servers.
Source: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html
About Vercara.
The world’s top brands depend on Vercara to safeguard their digital infrastructure and online presence. Vercara offers a suite of cloud-delivered services that are always secure, reliable, and available and enable global businesses to thrive online. UltraSecure protects organizations’ networks and applications against risks and downtime, ensuring that businesses and their customers enjoy exceptional and uninterrupted interactions all day, every day. Delivering the industry’s best performance and always-on service, Vercara’s mission-critical security portfolio provides best-in-class DNS, application, and network security, including DDoS, WAF, and Bot management services to its global 5000 customers and beyond.
To learn more about Vercara solutions, please contact us.
