Friday Five: Chevron’s Cyber Implications, the Cobalt Strike Crackdown, & More

CYBERSECURITY REGULATIONS FACE ‘UPHILL BATTLE’ AFTER CHEVRON RULING BY DEREK B. JOHNSON

President Biden’s administration has been proactive in implementing cybersecurity regulations, but a recent Supreme Court ruling overturning the Chevron doctrine may hinder these efforts. The Chevron doctrine allowed federal agencies to interpret ambiguous laws, which the administration used to enhance cybersecurity measures. This new ruling, however, could make current regulations vulnerable to legal challenges, with the withdrawal of the EPA's attempted cyber-focused reinterpretation of the Safe Drinking Water Act serving as a prime example. Experts warn that other Biden-era cyber regulations could face similar challenges, complicating the administration's goal of bolstering cybersecurity across sectors.

Read more

EUROPOL TAKES DOWN 593 COBALT STRIKE SERVERS USED BY CYBERCRIMINALS BY SERGIU GATLAN

Europol, in collaboration with Fortra and other private sector entities, recently coordinated Operation Morpheus, resulting in the takedown of nearly 600 Cobalt Strike servers used by cybercriminals. This coordinated effort involved law enforcement from multiple countries, including the UK, US, Australia, Canada, Germany, and the Netherlands. Officials successfully identified IP addresses and domain names linked to criminal activities and provided this data to online service providers to disable unlicensed Cobalt Strike versions. The operation flagged 690 IP addresses, with 593 taken down. Private industry partners like BAE Systems and Trellix supported the operation, which stemmed from a three-year investigation beginning in 2021. 

Read more

SOFTWARE PRODUCTIVITY TOOLS HIJACKED TO DELIVER INFOSTEALERS BY NATE NELSON

In June, an India-based software company unknowingly distributed malware with its three primary auto-logical software tools. Researchers discovered the installers were Trojanized with a basic infostealing malware named "dllFake," capable of extracting data from cryptocurrency wallets, browsers, and logging keystrokes. Upon notification, the software company quickly replaced the malicious installers with legitimate versions. The method of attack remains unclear but may have involved server vulnerabilities, and users are advised to verify software authenticity through methods like signature validation and file size comparison to avoid such threats.

Read more

PASSKEY REDACTION ATTACKS SUBVERT GITHUB, MICROSOFT AUTHENTICATION BY TARA SEALS

Many online accounts, despite being protected by passkeys, remain vulnerable to adversary-in-the-middle (AitM) attacks, as attackers can manipulate login screens to remove passkey options. Joe Stewart of eSentire's Threat Response Unit highlights that this vulnerability stems from the need for backup authentication methods for account recovery. Attackers can exploit these less-secure methods by intercepting and altering login screens, forcing users to use vulnerable alternatives. Examples from GitHub and Microsoft demonstrate how passkey options can be hidden or bypassed, compromising account security. Improving user awareness, implementing more secure backup methods like magic links, and enhancing enterprise security policies can help mitigate these risks.

Read more

MULTI-MALWARE 'CLUSTER BOMB' CAMPAIGN DROPS WIDESPREAD CYBER HAVOC BY JAI VIJAYAN

The East European threat actor "Unfurling Hemlock" uses a method akin to a cluster bomb to distribute up to 10 unique malware files simultaneously on systems worldwide, including in the US, Germany, and Russia, utilizing compressed Microsoft Cabinet (CAB) files nested within other CAB files to deploy various information stealers and malware loaders. Active since February 2023, Unfurling Hemlock has infected around 50,000 users with malware such as Mystic Stealer, Rise Pro, Redline, SmokeLoader, and Amadey. Their method involves email-based distribution and the execution of "weextract.exe" to unpack and deploy malware. This tactic complicates detection and eradication, posing significant challenges for cybersecurity defenses.

Read more