#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Dead Drop Resolver | Breaking Cybersecurity News | The Hacker News

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

Threat Actors Increasingly Abusing GitHub for Malicious Purposes
Jan 11, 2024 Cybersecurity / Software Security
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as  dead drop resolvers , command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security defenses and making upstream infrastructure tracking and actor attribution more difficult," Recorded Future  said  in a report shared with The Hacker News. The cybersecurity firm described the approach as "living-off-trusted-sites" (LOTS), a spin on the living-off-the-land (LotL) techniques often adopted by threat actors to conceal rogue activity and fly under the radar. Prominent among the methods by which GitHub is  abused   relates  to  payload   delivery , with some actors leveraging its features for command-and-control (C2) obfuscation. Last month, ReversingLabs  detailed  a number of rogue

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant
Dec 10, 2022 Hack-for-Hire / Threat Intelligence
Travel agencies have emerged as the target of a hack-for-hire group dubbed  Evilnum  as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a revamped variant of a malware called Janicab that leverages a number of public services like WordPress and YouTube as  dead drop resolvers , Kaspersky  said  in a technical report published this week. Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group. Also tracked as DeathStalker, the threat actor is known to deploy  backdoors  like Janicab, Evilnum, Powersing, and PowerPepper to exfiltrate confidential corporate information. "Their interest in gathering sensitive business information leads us to believe that Deat

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
Dec 09, 2022 Malware / Iranian Hackers
The subgroup of an Iranian nation-state group known as  Nemesis Kitten  has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling  said . "All the traffic to GitHub is encrypted, meaning defensive technologies can't see what is being passed back and forth. And because GitHub is a legitimate service, it raises fewer questions." The Iranian government-sponsored actor's malicious activities came under the radar earlier in February 2022, when it was  observed  exploiting  Log4Shell flaws  in unpatched VMware Horizon servers to deploy ransomware. Nemesis Kitten is  tracked  by the larger cybersecurity community under various monikers such as TunnelVision, Cobalt Mirage, and UNC2448. It's also a sub-clus

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cybersecurity Resources