Connect with us

Tech

North Korean hackers return, target infosec researchers in new operation

Published

on

North Korean hackers return, target infosec researchers in new operation

In January, Google and Microsoft outed what they said was North Korean government-sponsored hackers targeting security researchers. The hackers spent weeks using fake Twitter profiles—purportedly belonging to vulnerability researchers—before unleashing an Internet Explorer zero-day and a malicious Visual Studio Project, both of which installed custom malware.

Now, the same hackers are back, a Google researcher said on Wednesday, this time with a new batch of social media profiles and a fake company that claims to offer offensive security services, including penetration testing, software security assessments, and software exploits.

Once more with feeling

The homepage for the fake company is sleek and looks no different from countless real security companies all over the world.

The hackers also cooked up more than a dozen new social media profiles that purported to belong to recruiters for security companies, security researchers, and various employees of SecuriElite, the fake security company. The work that went into creating the profiles was fairly impressive.

Next-level trolling

My favorite is this Twitter profile of @seb_lazar, which presumably corresponds to Sebastian Lazarescue, one of the fake researchers working for the fake SecuriElite.

Security people all know that Lazarus is the name used to identify hackers backed by the North Korean government. Developing detailed Twitter and LinkedIn profiles for a researcher with your fake security company, naming him Sebastian Lazarescue, and having him retweeting lots of top-flight security researchers—some who work for Google—is next-level trolling.

Adam Weidemann, a researcher with Google’s Threat Analysis Group, cautions that the hackers’ past success in luring researchers to websites hosting an IE zero-day means the group should be taken seriously.

“Based on their activity, we continue to believe that these actors are dangerous, and likely have more 0-days,” he wrote.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

US government strikes back at Kremlin for SolarWinds hack campaign

Published

on

US government strikes back at Kremlin for SolarWinds hack campaign

Matt Anderson Photography/Getty Images

US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.

In a joint advisory, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia’s Foreign Intelligence Service, abbreviated as the SVR, carried out the supply-chain attack on customers of the network management software from Austin, Texas-based SolarWinds.

The operation infected SolarWinds’ software build and distribution system and used it to push backdoored updates to about 18,000 customers. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.

After the massive operation came to light, Microsoft President Brad Smith called it an “act of recklessness.” In a call with reporters on Thursday, NSA Director of Cybersecurity Rob Joyce echoed the assessment that the operation went beyond established norms for government spying.

“We observed absolutely espionage,” Joyce said. “But what is concerning is from that platform, from the broad scale of availability of the access they achieved, there’s the opportunity to do other things, and that’s something we can’t tolerate and that’s why the US government is imposing costs and pushing back on these activities.”

Thursday’s joint advisory said that the SVR-backed hackers are behind other recent campaigns targeting COVID-19 research facilities, both by infecting them with malware known as both WellMess and WellMail and by exploiting a critical vulnerability in VMware software.

The advisory went on to say that the Russian intelligence service is continuing its campaign, in part by targeting networks that have yet to patch one of the five following critical vulnerabilities. Including the VMware flaw, they are:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

“Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the advisory stated. It went on to say that the “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

A representative of VPN provider Pulse noted that patches for CVE-2019-11510 were released in April 2019. “Customers who followed the instructions in a Pulse Secure security advisory issued at that time have properly protected their systems and mitigated the threat.” FortiNet in recent weeks has also pointed out it patched CVE-2018-13379 in May 2019. The makers of the other affected hardware and software have also issued fixes.

cves targeted by russia

CISA

The US Treasury Department, meanwhile, imposed sanctions to retaliate for what it said were “aggressive and harmful activities by the Government of the Russian Federation.” The measures include new prohibitions on Russian sovereign debt and sanctions on six Russia-based firms that the Treasury Department said “supported the Russian Intelligence Services’ efforts to carry out malicious cyber activities against the United States.”

The firms are:

  • ERA Technopolis, a research center operated by the Russian Ministry of Defense for transferring the personnel and expertise of the Russian technology sector to the development of technologies used by the country’s military. ERA Technopolis supports Russia’s Main Intelligence Directorate (GRU), a body responsible for offensive cyber and information operations.
  • Pasit, a Russia-based information technology company that has conducted research and development supporting malicious cyber operations by the SVR.
  • SVA, a Russian state-owned research institute specializing in advanced systems for information security located in that country. SVA has done research and development in support of the SVR’s malicious cyber operations.
  • Neobit, a Saint Petersburg, Russia-based IT security firm whose clients include the Russian Ministry of Defense, SVR, and Russia’s Federal Security Service. Neobit conducted research and development in support of the cyber operations conducted by the FSB, GRU, and SVR.
  • AST, a Russian IT security firm whose clients include the Russian Ministry of Defense, SVR, and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU, and SVR.
  • Positive Technologies, a Russian IT security firm that supports Russian Government clients, including the FSB. Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts recruiting events for the FSB and GRU.

“The reason they were called out is because they’re an integral part and participant in the operation that the SVR executes,” Joyce said of the six companies. “Our hope is that by denying the SVR the support of those companies, we’re impacting their ability to project some of this malicious activity around the world and especially into the US.”

Russian government officials have steadfastly denied any involvement in the SolarWinds campaign.

Besides attributing the SolarWinds campaign to the Russian government, Thursday’s release from the Treasury Department also said that the SVR was behind the August 2020 poisoning of Russian opposition leader Aleksey Navalny with a chemical weapon, the targeting of Russian journalists and others who openly criticize the Kremlin, and the theft of “red team tools,” which use exploits and other attack tools to mimic cyber attacks.

The “red team tools” reference was likely related to the offensive tools taken from FireEye, the security firm that first identified the Solar Winds campaign after discovering its network had been breached.
The Treasury department went on to say that the Russian government “cultivates and co-opts criminal hackers” to target US organizations. One group, known as Evil Corp., was sanctioned in 2019. That same year, federal prosecutors indicted the Evil Corp kingpin Maksim V. Yakubets and posted a $5 million bounty for information that leads to his arrest or conviction.

Although overshadowed by the sanctions and the formal attribution to Russia, the most important takeaway from Thursday’s announcements is that the SVR campaign remains ongoing and is currently leveraging the exploits mentioned above. Researchers said on Thursday that they’re seeing Internet scanning that is intended to identify servers that have yet to patch the Fortinet vulnerability, which the company fixed in 2019. Scanning for the other vulnerabilities is also likely ongoing.

People managing networks, particularly any that have yet to patch one of the five vulnerabilities, should read the latest CISA alert, which provides extensive technical details about the ongoing hacking campaign and ways to detect and mitigate compromises.

Continue Reading

Tech

Autonomous trucking company Plus will use AI and billions of miles of data to train self-driving semis

Published

on

Autonomous trucking company Plus will use AI and billions of miles of data to train self-driving semis

This article is part of a VB Lab Insight series paid for by Plus.


The safest drivers are those with the most experience. Studies show it can take years of practice for automobile drivers to become careful and competent road users. Similarly, the more experience a truck driver has the less likely it is that they will cause a serious crash.

What holds true for human drivers holds true for autonomous driving systems — up to a point. The safest self-driving vehicle platforms are those that have accumulated the most experience.

Since driving experience is so important, how can technologists make sure computerized driving systems get the training they need to operate safely on the nation’s roads and highways?

Solving this challenge is the key to unlocking a fully autonomous future.

How computers learn to drive a semi-truck

Thanks to advances in sensor technology and artificial intelligence (AI), an automated truck is capable of analyzing many objects on the road and making a decision about how to respond.

This is accomplished in large part by training so-called “deep learning” algorithms. Repeatedly expose a self-driving system to all kinds of obstacles, from a cut-in vehicle to a construction site, and the system will start to understand how to react when an obstruction appears on the highway.

Here it is important to note that unlike people, machines lack common sense and don’t do well handling novel situations. Human drivers know to slow down in the face of an unexpected obstacle — a bear, say — because we can make decisions based on similar situations we have already encountered or extrapolate from other incidents.

Unlike humans, however, deep neural networks can only learn from data they have been trained on, whether from public roads, closed courses, or computer simulations.

So back to the original question: How do you train the machines so they are exposed to the full range of the driving experience?

Data, data, and more data

Plus’s goal is to help truck drivers on long-haul routes, where they encounter a variety of road and weather conditions. In addition to closed-road testing and computer simulations, the company’s PlusDrive system is learning on the open road, where the trucks can be exposed to real-world obstacles and situations. Junk flying from a pickup bed. Ice slicks. A wind turbine blade. A zigzagging motorcycle.

Plus3

Though these so-called “long tail” phenomena comprise less than 1% of the time behind the wheel, knowing how to safely navigate them is critical for machines. Society expects that a computer-operated machine must be at least an order of magnitude safer than a human driver.

Billions of miles of on-road testing

Starting this summer, Plus will put its supervised automated driving system into factory production. It is also retrofitting existing trucks with the system. By this time next year, hundreds of automated trucks powered by PlusDrive will be on the road, hauling commercial cargo.

Human drivers will be behind the wheel. Like an experienced professional training a new recruit, Plus drivers will monitor the autonomous trucks while teaching them how to handle unexpected obstacles.

Plus estimates that its fleet will accumulate billions of collective miles before the company deploys fully driverless vehicles. Taking an evolutionary approach to full autonomy enables the company to rack up miles more quickly, with the assistance of on-board professional drivers who are training and validating the system.

To support its global deployment in the U.S., China, Europe, and other markets, Plus recently raised $420 million in new funding.

Truck driver retention and low-carbon solution

The drivers benefit too. The Plus supervised autonomous trucking solution elevates the role of the truck driver, upskilling them in preparation for an autonomous future. At the same time a digital co-pilot will ease driver exhaustion on long-haul routes, and fleets will spend less on the hiring process.

The system yields other gains. Fuel comprises about a third of a trucking company’s operating budget, by far the largest cost for heavy trucks. When an automated system understands the road, pulling in GPS and weather data too, they optimize shifting and braking. Plus has run pilot projects showing that  PlusDrive saves 10% of the tank compared to the most efficient drivers, a win for the bottom line and the environment.

The autonomous trucking future, now

Commercial space travel, solar-powered cities, autonomous vehicles — the first two visions of the future depend on specific economic inflection points, while the third is wholly dependent on the amount of data a system has accumulated.

Plus is building the necessary feedback loop of information today. Its trucks are accumulating the data. Its drivers, who are among the safest and most efficient Class A drivers, are training the system with their responses. Its engineers are fine-tuning PlusDrive’s algorithms and decisions. And eventually PlusDrive will be one of the safest and most experienced drivers on the road.

Plus is applying autonomous trucking technology to trucks today. For more information, please visit www.plus.ai.


VB Lab Insights content is created in collaboration with a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact [email protected]

Continue Reading

Tech

Misfits Gaming esports group launches Women of Misfits speaker series

Published

on

Misfits Gaming esports group launches Women of Misfits speaker series

Join Transform 2021 this July 12-16. Register for the AI event of the year.


Esports company Misfits Gaming Group is leaning into female gamers with the launch of its Women of Misfits speaker series, and it will turn into a wider platform over time.

The Boca Raton, Florida-based company will use its fame in esports to elevate issues for women in gaming and esports, and it’s happening at a time when problems such as sexual harassment and under-representation of women at game studios and at esports organizations have been in the headlines.

Women are a prevalent part of the esports and gaming landscape. Nearly 40% of all gamers are female with 80% of them being 18 or older. The Women of Misfits initiative will provide a space for women to discuss ideas and be inspired by influential women both inside and outside the organization in addition to supporting the growth and development of women within MGG. We’ll have a Women in Gaming Breakfast at our GamesBeat Summit 2021 on April 28-29.

The platform will features a series of monthly guest speakers. The first speakers are Chris Evert, 18-time Grand Slam singles champion and tennis legend; GloZell Green, comedian and YouTuber; Bianca Smith, the first Black woman to serve as a professional baseball coach; Angela Ruggiero, CEO Sports Innovation Lab and four-time Olympian and Gold Medalist for the U.S. Hockey team; and Maya Enista Smith,7 am embargo Executive Director of the Born This Way Foundation.

The focus of the Women of Misfits platform will be mentorship, development, network, and advocacy. The platform will be led by female executives within MGG including chief development officer Hillary Matchett; president of media and branding Ella Pravetz; chief revenue officer Lagen Nash; president of Misfits Agency Amy Palmer; vice president of Communications Becca Henry; chief wellness adviser Carolyn Rubenstein; and cofounder Laurie Silvers.

The Women of Misfits platform includes a monthly speaker series with industry leaders and visionaries which will air on MGG’s YouTube channel. The sessions will be moderated by MGG executives and guest speakers will share topics that matter to them and inspire both the gaming community and women to pursue their dreams.

“I am truly inspired and amazed with our women at MGG and their many accomplishments and eager to watch this platform ascend,” said Misfits CEO Ben Spoont, in a statement. “The determination and dedication to push one another to break the boundaries as women within the esports industry is remarkable, and I am confident this platform will resonate not only within MGG but also within our wider community.”

GamesBeat

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it.

How will you do that? Membership includes access to:

  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and “open office” events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties

Become a member

Continue Reading

Trending