Cyber Security
New Electron Bot Distributed Through MS Store, Says Check Point
Check Point Research (CPR) has spotted a new malware that is actively being distributed through gaming applications on Microsoft’s official store. Named Electron-bot, the malware can control the social media accounts of its victims, including Facebook, Google, and Sound Cloud. The malware can register new accounts, log in, comment on, and “like” other posts. CPR counts 5,000 victims in 20 countries so far. CPR urges users to immediately delete applications from a number of publishers.
- Popular games such as “Temple Run” or “Subway Surfer” were found to be malicious
- Attackers can use the installed malware as a backdoor in order to gain full control of the victim’s machine
- Most of the victims are from Sweden, Bermuda, Israel, and Spain
With over 5,000 machines already affected, the malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google, and Sound Cloud. The malware can register new accounts, log in, comment on, and “like” other posts. Dubbed Electron-bot by CPR, the malware’s full capabilities are as follows:
- SEO poisoning, an attack method in which cybercriminals create malicious websites and use search engine optimization tactics to make them show up prominently in search results. This method is also used as a sell-as-a-service to promote other websites’ ranking.
- Ad Clicker, a computer infection that runs in the background and constantly connects to remote websites to generate ‘clicks’ for advertisement, hence profiting financially by the number of times an advertisement is clicked.
- Promote social media accounts, such as YouTube and SoundCloud to direct traffic to specific content and increase views and ad clicking to generate profits.
- Promote online products, to generate profits with ad clicking or increase store rating for higher sales.
In addition, as Electron-bot’s payload is dynamically loaded, the attackers can use the installed malware as a backdoor in order to gain full control of the victim’s machine. There are dozens of infected applications in Microsoft store. Popular games such as “Temple Run” or “Subway Surfer” were found to be malicious. CPR has detected several malicious game publishers, where all the applications under those publishers are related to the malicious campaign:
- Lupy games
- Crazy 4 games
- Jeuxjeuxkeux games
- Akshi games
- Goo Games
- bizon case
So far, CPR counted 5,000 in 20 countries. Most of the victims are from Sweden, Bermuda, Israel, and Spain. The malware campaign works in the following steps:
- The attack starts with the installation of a Microsoft store application pretending to be legitimate
- After the installation, the attacker downloads files and executes scripts
- The malware, which has been downloaded, gains persistence on the victim’s machine, repeatedly executing various commands sent from the attacker C&C
To avoid detection, most of the scripts controlling the malware are loaded dynamically at run time from the attackers’ servers. This enables the attackers to modify the malware’s payload and change the bots’ behavior at any given time. The malware uses the Electron framework to imitate human browsing behavior and evade website protections.
There is evidence that the malware campaign originated in Bulgaria, including:
- All variants between 2019 – 2022 were uploaded to public cloud storage “mediafire.com” from Bulgaria
- The Sound Cloud account and the YouTube channel the bot promotes are under the name “Ivaylo Yordanov,” a popular Bulgarian wrestler\soccer player
- Bulgaria is the most promoted country in the source code
CPR has reported to Microsoft all detected game publishers that are related to this campaign. Maya Horowitz, VP Research at Check Point Software said, “This research analyzed a new malware called Electron-Bot that has attacked more than 5000 victims globally. Electron-Bot is downloaded and easily spread from the official Microsoft store platform. The Electron framework provides Electron apps with access to all of the computer resources, including GPU computing. As the bot’s payload is loaded dynamically at every run time, the attackers can modify the code and change the bot’s behaviour to high risk. For example, they can initialize another second stage and drop a new malware such as ransomware or a RAT. All of this can happen without the victim’s knowledge. Most people think that you can trust application store reviews, and they don’t hesitate to download an application from there. There’s an incredible risk with that, as you never know what malicious items you can be downloading.”
In order to stay safe as much as possible, before downloading an application from the App store:
- Avoid downloading an application with a small amount of reviews
- Look for applications with good, consistent, and reliable reviews
- Pay attention to suspicious application naming which is not identical to the original name
Cyber Security
Check Point Software Technologies to Participate at GISEC 2024
Check Point Software Technologies has announced its participation at the Gulf Information Security Expo & Conference (GISEC) 2024, scheduled from April 23rd to April 25th, 2024, at the Dubai World Trade Centre. As cyber threats continue to evolve rapidly, the need for advanced cybersecurity solutions has never been more pressing. With the United Arab Emirates experiencing an average of 1,207 cyberattacks per organization each week over the last six months—surpassing the global average—Check Point Software is set to showcase its flagship Check Point Infinity Platform at GISEC 2024.
This platform, which is at the forefront of AI-powered, cloud-delivered cybersecurity, has been specifically designed to meet the modern challenges of an evolving threat landscape, providing comprehensive protection, consolidated operations, and collaborative communication capabilities. Visitors can explore these solutions at booth #C39 in Hall 7, where the following highlights will be featured:
- Check Point Infinity Playblocks: Automatically triggers preventive actions upon detecting an attack, swiftly containing threats through a consolidated, cloud-based security platform.
- Check Point Infinity AI Copilot: Enhances the efficiency of security teams by leveraging AI to automate complex tasks and deliver proactive security solutions.
- Check Point UAE Infinity Portal: Tailored to meet the needs of organizations of all sizes while fully adhering to the UAE’s data privacy regulations.
Ram Narayanan, Country Manager at Check Point Software Technologies Middle East, commented, “Our participation at GISEC 2024 underscores our commitment to bolstering cybersecurity defences in the region. The Check Point Infinity Platform, with its AI-powered threat prevention and cloud-delivered threat intelligence, is critical for organizations needing robust solutions to protect their assets. We look forward to engaging with customers and partners to discuss how these innovations can enhance cybersecurity resilience.”
Additionally, at GISEC 2024, Check Point Software will focus on strengthening relationships with customers and partners. This commitment highlights the company’s ongoing effort to provide advanced cybersecurity solutions in the region. Check Point Software is eager to meet with attendees, discuss their security challenges, and explore how it can help organizations enhance their defences, prevent cyber-attacks, and protect their critical assets.
Cyber Security
Milestone Systems Releases Thought Paper on Cybersecurity for Video Technology
Milestone Systems has published a comprehensive thought paper addressing the critical need for robust cybersecurity measures in video technology solutions. The paper titled “Cybersecurity for video technology: Understanding and countering cyber threats” delves into the complexities of cybersecurity in video surveillance, offering invaluable insights and strategies to fortify organisations against cyber threats.
Cyber threats pose a significant risk to video technology solutions in today’s digital age, as evidenced by high-profile breaches.
The thought paper underscores the urgency of prioritising cybersecurity and provides a roadmap for technology decision-makers to navigate this evolving landscape effectively. It also dives into crucial aspects of cybersecurity precautions, providing insights into essential concepts for companies to ensure robust protection against cyber threats.
Below are some key takeaways from the thought paper:
Understanding the Cyber Kill Chain: Identifying the Cyber Kill Chain offers organisations a systematic approach to understanding and mitigating cyber threats. Breaking down attacks into seven stages makes it clear where proactive defences can be deployed to minimise the risk of breaches.
Protecting IP-Network Video Cameras: The paper recognises vulnerabilities in IP-network video cameras and emphasises the importance of implementing strong security measures. Measures such as robust authentication protocols and regular firmware updates are vital in fortifying defences against potential risks.
Securing Video Management Software (VMS): Highlighting the significance of securing Video Management Software (VMS), the paper advocates for proactive strategies like penetration testing and engaging ethical hackers. These measures bolster security and ensure resilience against potential threats.
Responsibility for Cybersecurity: The paper distinguishes between the responsibilities of on-premises and cloud solutions and underscores the necessity of technical proficiency and transparent communication. By understanding their roles, organisations can effectively manage cybersecurity risks.
Openness and Transparency: The paper stresses the importance of openness and transparency in addressing cybersecurity vulnerabilities. By openly acknowledging weaknesses, vendors empower customers to take proactive measures, foster collaboration, and enhance the overall cybersecurity posture.
Addressing the Human Factor: Acknowledging the human element as a potential weak link in security, the paper emphasises the importance of education, training, and balancing security and usability. Prioritising human-centric security practices enhances overall cybersecurity resilience.
Commenting on the release of the thought paper, Jos Beernink, VP of EMEA at Milestone Systems, stated, “In an era where cyber threats loom large, safeguarding your video technology against potential breaches is paramount. Our thought paper is a useful guide for organisations to navigate the complex cybersecurity landscape effectively. By implementing the strategies outlined in the paper, organisations can strengthen their defences and mitigate the risk of cyberattacks.”
Cyber Security
Sophos Partners with Tenable to Launch New Sophos Managed Risk Service
Sophos has announced a strategic partnership with Tenable, to provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service. The new service features a dedicated Sophos team that leverages Tenable’s exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response (MDR) to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation, and proactive notification designed to prevent cyberattacks.
The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under-protected, leaving them vulnerable to cyberattackers. This is evident in the newest Sophos Active Adversary Report, which identifies three tasks that organisations must prioritize to minimize the risk of brazen intrusions that lead to ransomware or other types of attacks. These include closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization and patching vulnerable servers, all of which were top entry points in breaches handled by Sophos Incident Response in 2023. The Sophos Managed Risk service can assess an organization’s external attack surface, prioritize the riskiest exposures, such as open RDP, and provide tailored remediation guidance to help eliminate blind spots and stay ahead of potentially devastating attacks.
“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organisations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. Organisations must manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”
“While the latest zero-day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”
Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.
“Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions. Additionally, organizations can initiate inquiries via the Sophos Central platform, allowing users to directly engage with the Sophos Managed Risk team for tailored support, and reports and to review their latest prioritized alerts,” the company said.
Sophos Managed Risk is available with a term license through Sophos’ global network of channel partners and Managed Service Providers (MSPs). A Sophos MSP Flex version will be available in 2024.
-
Cyber Security6 days ago
Check Point Announces a New Collaboration with Microsoft
-
News6 days ago
Cloudflare Acquires Baselime
-
Cyber Security5 days ago
Sophos Partners with Tenable to Launch New Sophos Managed Risk Service
-
GISEC4 days ago
BotGuard OÜ to Launch ALB for Hosting Providers at GISEC 2024
-
GISEC1 day ago
SANS Institute to Put the Spotlight on AI Security at GISEC 2024
-
GISEC1 day ago
SolarWinds to Showcase Hybrid Cloud Observability at GISEC 2024
-
Cyber Security13 hours ago
Milestone Systems Releases Thought Paper on Cybersecurity for Video Technology
-
GISEC8 hours ago
Sectigo to Focus on Automated CLM Solutions at GISEC 2024